github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml (about)

     1  {{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}}
     2  {{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}}
     3  # Create a selfsigned Issuer, in order to create a root CA certificate for
     4  # signing webhook serving certificates
     5  apiVersion: cert-manager.io/v1
     6  kind: Issuer
     7  metadata:
     8    name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
     9    namespace: {{ template "kube-prometheus-stack.namespace" . }}
    10  spec:
    11    selfSigned: {}
    12  ---
    13  # Generate a CA Certificate used to sign certificates for the webhook
    14  apiVersion: cert-manager.io/v1
    15  kind: Certificate
    16  metadata:
    17    name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
    18    namespace: {{ template "kube-prometheus-stack.namespace" . }}
    19  spec:
    20    secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
    21    duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
    22    issuerRef:
    23      name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
    24    commonName: "ca.webhook.kube-prometheus-stack"
    25    isCA: true
    26  ---
    27  # Create an Issuer that uses the above generated CA certificate to issue certs
    28  apiVersion: cert-manager.io/v1
    29  kind: Issuer
    30  metadata:
    31    name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
    32    namespace: {{ template "kube-prometheus-stack.namespace" . }}
    33  spec:
    34    ca:
    35      secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
    36  {{- end }}
    37  ---
    38  # generate a server certificate for the apiservices to use
    39  apiVersion: cert-manager.io/v1
    40  kind: Certificate
    41  metadata:
    42    name: {{ template "kube-prometheus-stack.fullname" . }}-admission
    43    namespace: {{ template "kube-prometheus-stack.namespace" . }}
    44  spec:
    45    secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
    46    duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
    47    issuerRef:
    48      {{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }}
    49      {{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }}
    50      {{- else }}
    51      name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
    52      {{- end }}
    53    dnsNames:
    54    - {{ template "kube-prometheus-stack.operator.fullname" . }}
    55    - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}
    56    - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
    57  {{- end -}}