github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml (about)

     1  {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.certManager.enabled -}}
     2  {{- if not .Values.controller.admissionWebhooks.certManager.issuerRef -}}
     3  # Create a selfsigned Issuer, in order to create a root CA certificate for
     4  # signing webhook serving certificates
     5  apiVersion: cert-manager.io/v1
     6  kind: Issuer
     7  metadata:
     8    name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer
     9    namespace: {{ .Release.Namespace }}
    10  spec:
    11    selfSigned: {}
    12  ---
    13  # Generate a CA Certificate used to sign certificates for the webhook
    14  apiVersion: cert-manager.io/v1
    15  kind: Certificate
    16  metadata:
    17    name: {{ include "ingress-nginx.fullname" . }}-root-cert
    18    namespace: {{ .Release.Namespace }}
    19  spec:
    20    secretName: {{ include "ingress-nginx.fullname" . }}-root-cert
    21    duration: {{ .Values.controller.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
    22    issuerRef:
    23      name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer
    24    commonName: "ca.webhook.ingress-nginx"
    25    isCA: true
    26    subject:
    27      organizations:
    28        - ingress-nginx
    29  ---
    30  # Create an Issuer that uses the above generated CA certificate to issue certs
    31  apiVersion: cert-manager.io/v1
    32  kind: Issuer
    33  metadata:
    34    name: {{ include "ingress-nginx.fullname" . }}-root-issuer
    35    namespace: {{ .Release.Namespace }}
    36  spec:
    37    ca:
    38      secretName: {{ include "ingress-nginx.fullname" . }}-root-cert
    39  {{- end }}
    40  ---
    41  # generate a server certificate for the apiservices to use
    42  apiVersion: cert-manager.io/v1
    43  kind: Certificate
    44  metadata:
    45    name: {{ include "ingress-nginx.fullname" . }}-admission
    46    namespace: {{ .Release.Namespace }}
    47  spec:
    48    secretName: {{ include "ingress-nginx.fullname" . }}-admission
    49    duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
    50    issuerRef:
    51      {{- if .Values.controller.admissionWebhooks.certManager.issuerRef }}
    52      {{- toYaml .Values.controller.admissionWebhooks.certManager.issuerRef | nindent 4 }}
    53      {{- else }}
    54      name: {{ include "ingress-nginx.fullname" . }}-root-issuer
    55      {{- end }}
    56    dnsNames:
    57      - {{ include "ingress-nginx.controller.fullname" . }}-admission
    58      - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}
    59      - {{ include "ingress-nginx.controller.fullname" . }}-admission.{{ .Release.Namespace }}.svc
    60    subject:
    61      organizations:
    62        - ingress-nginx-admission
    63  {{- end -}}