github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/thanos/templates/receive/grpc-server-tls-secrets.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/thanos/templates/receive/grpc-server-tls-secrets.yaml (about)

     1  
     2  {{- if and .Values.receive.enabled .Values.receive.grpc.server.tls.enabled (not .Values.receive.grpc.server.tls.existingSecret) }}
     3  {{- $secretName := printf "%s-receive-grpc-server" (include "common.names.fullname" .) }}
     4  apiVersion: v1
     5  kind: Secret
     6  metadata:
     7    name: {{ $secretName }}
     8    namespace: {{ .Release.Namespace | quote }}
     9    labels: {{- include "common.labels.standard" . | nindent 4 }}
    10      app.kubernetes.io/component: receive
    11      {{- if .Values.commonLabels }}
    12      {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    13      {{- end }}
    14    {{- if .Values.commonAnnotations }}
    15    annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
    16    {{- end }}
    17  type: Opaque
    18  data:
    19    {{- if .Values.receive.grpc.server.tls.autoGenerated }}
    20    {{- $ca := genCA "thanos-receive-grpc-server-ca" 365 }}
    21    {{- $hostname := printf "%s-receive-grpc-server" (include "common.names.fullname" .) }}
    22    {{- $cert := genSignedCert $hostname nil (list $hostname) 365 $ca }}
    23    tls-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-cert" "defaultValue" $cert.Cert "context" $) }}
    24    tls-key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-key" "defaultValue" $cert.Key "context" $) }}
    25    ca-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca-cert" "defaultValue" $ca.Cert "context" $) }}
    26    {{- else }}
    27    tls-cert: {{ required "'receive.grpc.server.tls.cert' is required when 'receive.grpc.server.tls.enabled=true'" .Values.receive.grpc.server.tls.cert | b64enc | quote }}
    28    tls-key: {{ required "'receive.grpc.server.tls.key' is required when 'receive.grpc.server.tls.enabled=true'" .Values.receive.grpc.server.tls.key | b64enc | quote }}
    29    ca-cert: {{ required "'receive.grpc.server.tls.ca' is required when 'receive.grpc.server.tls.enabled=true'" .Values.receive.grpc.server.tls.ca | b64enc | quote }}
    30    {{- end }}
    31  {{ end }}