apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ template "kubezero-lib.fullname" . }}-nodes-transport namespace: {{ .Release.Namespace }} labels: {{ include "kubezero-lib.labels" . | nindent 4 }} spec: secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls issuerRef: name: kubezero-local-ca-issuer kind: ClusterIssuer duration: 8760h0m0s privateKey: encoding: PKCS8 usages: - "client auth" - "server auth" commonName: {{ template "kubezero-lib.fullname" . }}-nodes dnsNames: # -- - '{{ template "kubezero-lib.fullname" . }}-nodes' - '{{ template "kubezero-lib.fullname" . }}-nodes-*' - '{{ template "kubezero-lib.fullname" . }}-bootstrap-0' --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ template "kubezero-lib.fullname" . }}-nodes-http namespace: {{ .Release.Namespace }} labels: {{ include "kubezero-lib.labels" . | nindent 4 }} spec: secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls issuerRef: name: kubezero-local-ca-issuer kind: ClusterIssuer duration: 8760h0m0s privateKey: encoding: PKCS8 usages: - "client auth" - "server auth" commonName: {{ template "kubezero-lib.fullname" . }} dnsNames: # , ., ..svc,..svc.cluster.local - '{{ template "kubezero-lib.fullname" . }}' - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc' - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local' --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ template "kubezero-lib.fullname" . }}-admin namespace: {{ .Release.Namespace }} labels: {{ include "kubezero-lib.labels" . | nindent 4 }} spec: secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls issuerRef: name: kubezero-local-ca-issuer kind: ClusterIssuer duration: 8760h0m0s usages: - "client auth" commonName: {{ template "kubezero-lib.fullname" . }}-admin privateKey: encoding: PKCS8