github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager-webhook-oci/templates/pki.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager-webhook-oci/templates/pki.yaml (about)

     1  # Portions of the code in this file are derived from https://github.com/cert-manager/webhook-example/blob/master/deploy/example-webhook/templates/pki.yaml
     2  # Portions of the code in this file are derived from https://gitlab.com/dn13/cert-manager-webhook-oci/-/blob/1.1.0/deploy/cert-manager-webhook-oci/templates/pki.yaml
     3  
     4  ---
     5  # Create a selfsigned Issuer, in order to create a root CA certificate for
     6  # signing webhook serving certificates
     7  apiVersion: cert-manager.io/v1
     8  kind: Issuer
     9  metadata:
    10    name: {{ include "cert-manager-webhook-oci.selfSignedIssuer" . }}
    11    namespace: {{ .Release.Namespace | quote }}
    12    labels:
    13      app: {{ include "cert-manager-webhook-oci.name" . }}
    14      chart: {{ include "cert-manager-webhook-oci.chart" . }}
    15      release: {{ .Release.Name }}
    16      heritage: {{ .Release.Service }}
    17  spec:
    18    selfSigned: {}
    19  
    20  ---
    21  
    22  # Generate a CA Certificate used to sign certificates for the webhook
    23  apiVersion: cert-manager.io/v1
    24  kind: Certificate
    25  metadata:
    26    name: {{ include "cert-manager-webhook-oci.rootCACertificate" . }}
    27    namespace: {{ .Release.Namespace | quote }}
    28    labels:
    29      app: {{ include "cert-manager-webhook-oci.name" . }}
    30      chart: {{ include "cert-manager-webhook-oci.chart" . }}
    31      release: {{ .Release.Name }}
    32      heritage: {{ .Release.Service }}
    33  spec:
    34    secretName: {{ include "cert-manager-webhook-oci.rootCACertificate" . }}
    35    duration: 43800h # 5y
    36    issuerRef:
    37      name: {{ include "cert-manager-webhook-oci.selfSignedIssuer" . }}
    38    commonName: "ca.cert-manager-webhook-oci.cert-manager"
    39    isCA: true
    40  
    41  ---
    42  
    43  # Create an Issuer that uses the above generated CA certificate to issue certs
    44  apiVersion: cert-manager.io/v1
    45  kind: Issuer
    46  metadata:
    47    name: {{ include "cert-manager-webhook-oci.rootCAIssuer" . }}
    48    namespace: {{ .Release.Namespace | quote }}
    49    labels:
    50      app: {{ include "cert-manager-webhook-oci.name" . }}
    51      chart: {{ include "cert-manager-webhook-oci.chart" . }}
    52      release: {{ .Release.Name }}
    53      heritage: {{ .Release.Service }}
    54  spec:
    55    ca:
    56      secretName: {{ include "cert-manager-webhook-oci.rootCACertificate" . }}
    57  
    58  ---
    59  
    60  # Finally, generate a serving certificate for the webhook to use
    61  apiVersion: cert-manager.io/v1
    62  kind: Certificate
    63  metadata:
    64    name: {{ include "cert-manager-webhook-oci.servingCertificate" . }}
    65    namespace: {{ .Release.Namespace | quote }}
    66    labels:
    67      app: {{ include "cert-manager-webhook-oci.name" . }}
    68      chart: {{ include "cert-manager-webhook-oci.chart" . }}
    69      release: {{ .Release.Name }}
    70      heritage: {{ .Release.Service }}
    71  spec:
    72    secretName: {{ include "cert-manager-webhook-oci.servingCertificate" . }}
    73    duration: 8760h # 1y
    74    issuerRef:
    75      name: {{ include "cert-manager-webhook-oci.rootCAIssuer" . }}
    76    dnsNames:
    77    - {{ include "cert-manager-webhook-oci.fullname" . }}
    78    - {{ include "cert-manager-webhook-oci.fullname" . }}.{{ .Release.Namespace }}
    79    - {{ include "cert-manager-webhook-oci.fullname" . }}.{{ .Release.Namespace }}.svc