73 lines
2.2 KiB
YAML
73 lines
2.2 KiB
YAML
{{- if .Values.opensearch.nodeSets }}
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: {{ template "kubezero-lib.fullname" . }}-nodes-transport
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "kubezero-lib.labels" . | nindent 4 }}
|
|
spec:
|
|
secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
|
|
issuerRef:
|
|
name: kubezero-local-ca-issuer
|
|
kind: ClusterIssuer
|
|
duration: 8760h0m0s
|
|
privateKey:
|
|
encoding: PKCS8
|
|
usages:
|
|
- "client auth"
|
|
- "server auth"
|
|
commonName: {{ template "kubezero-lib.fullname" . }}-nodes
|
|
dnsNames:
|
|
# <cluster-name>-<nodepool-component>-<index>
|
|
- '{{ template "kubezero-lib.fullname" . }}-nodes'
|
|
- '{{ template "kubezero-lib.fullname" . }}-nodes-*'
|
|
- '{{ template "kubezero-lib.fullname" . }}-bootstrap-0'
|
|
---
|
|
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: {{ template "kubezero-lib.fullname" . }}-nodes-http
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "kubezero-lib.labels" . | nindent 4 }}
|
|
spec:
|
|
secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
|
|
issuerRef:
|
|
name: kubezero-local-ca-issuer
|
|
kind: ClusterIssuer
|
|
duration: 8760h0m0s
|
|
privateKey:
|
|
encoding: PKCS8
|
|
usages:
|
|
- "client auth"
|
|
- "server auth"
|
|
commonName: {{ template "kubezero-lib.fullname" . }}
|
|
dnsNames:
|
|
# <cluster-name>, <cluster-name>.<namespace>, <cluster-name>.<namespace>.svc,<cluster-name>.<namespace>.svc.cluster.local
|
|
- '{{ template "kubezero-lib.fullname" . }}'
|
|
- '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc'
|
|
- '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local'
|
|
---
|
|
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: {{ template "kubezero-lib.fullname" . }}-admin
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "kubezero-lib.labels" . | nindent 4 }}
|
|
spec:
|
|
secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls
|
|
issuerRef:
|
|
name: kubezero-local-ca-issuer
|
|
kind: ClusterIssuer
|
|
duration: 8760h0m0s
|
|
usages:
|
|
- "client auth"
|
|
commonName: {{ template "kubezero-lib.fullname" . }}-admin
|
|
privateKey:
|
|
encoding: PKCS8
|
|
{{- end }}
|