github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/deployment/sriov-network-operator/templates/certificate.yaml

github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/deployment/sriov-network-operator/templates/certificate.yaml (about)

     1  {{- if .Values.operator.admissionControllers.enabled }}
     2  {{- if and (.Values.operator.admissionControllers.certificates.certManager.enabled) (.Values.operator.admissionControllers.certificates.certManager.generateSelfSigned) }}
     3  ---
     4  apiVersion: cert-manager.io/v1
     5  kind: Certificate
     6  metadata:
     7    name: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
     8    namespace: {{ .Release.Namespace }}
     9  spec:
    10    dnsNames:
    11    - operator-webhook-service.{{ .Release.Namespace }}.svc
    12    - operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
    13    issuerRef:
    14      kind: Issuer
    15      name: operator-webhook-selfsigned-issuer
    16    secretName: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
    17  ---
    18  apiVersion: cert-manager.io/v1
    19  kind: Issuer
    20  metadata:
    21    name: operator-webhook-selfsigned-issuer
    22    namespace: {{ .Release.Namespace }}
    23  spec:
    24    selfSigned: {}
    25  ---
    26  apiVersion: cert-manager.io/v1
    27  kind: Certificate
    28  metadata:
    29    name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
    30    namespace: {{ .Release.Namespace }}
    31  spec:
    32    dnsNames:
    33    - network-resources-injector-service.{{ .Release.Namespace }}.svc
    34    - network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local
    35    issuerRef:
    36      kind: Issuer
    37      name: network-resources-injector-selfsigned-issuer
    38    secretName: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
    39  ---
    40  apiVersion: cert-manager.io/v1
    41  kind: Issuer
    42  metadata:
    43    name: network-resources-injector-selfsigned-issuer
    44    namespace: {{ .Release.Namespace }}
    45  spec:
    46    selfSigned: {}
    47  {{- else if and (not .Values.operator.admissionControllers.certificates.certManager.enabled) (.Values.operator.admissionControllers.certificates.custom.enabled) }}
    48  ---
    49  apiVersion: v1
    50  kind: Secret
    51  metadata:
    52    name: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
    53    namespace: {{ .Release.Namespace }}
    54  type: Opaque
    55  data:
    56    ca.crt: {{ .Values.operator.admissionControllers.certificates.custom.operator.caCrt | b64enc | b64enc | quote }}
    57    tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.operator.tlsCrt | b64enc | quote }}
    58    tls.key: {{ .Values.operator.admissionControllers.certificates.custom.operator.tlsKey | b64enc | quote }}
    59  ---
    60  apiVersion: v1
    61  kind: Secret
    62  metadata:
    63    name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
    64    namespace: {{ .Release.Namespace }}
    65  type: Opaque
    66  data:
    67    ca.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.caCrt | b64enc | b64enc | quote }}
    68    tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsCrt | b64enc | quote }}
    69    tls.key: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsKey | b64enc | quote }}
    70  {{- end }}
    71  {{- end }}