forked from suse-edge/Factory
72 lines
2.7 KiB
YAML
72 lines
2.7 KiB
YAML
|
{{- if .Values.operator.admissionControllers.enabled }}
|
||
|
{{- if and (.Values.operator.admissionControllers.certificates.certManager.enabled) (.Values.operator.admissionControllers.certificates.certManager.generateSelfSigned) }}
|
||
|
---
|
||
|
apiVersion: cert-manager.io/v1
|
||
|
kind: Certificate
|
||
|
metadata:
|
||
|
name: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
|
||
|
namespace: {{ .Release.Namespace }}
|
||
|
spec:
|
||
|
dnsNames:
|
||
|
- operator-webhook-service.{{ .Release.Namespace }}.svc
|
||
|
- operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
|
||
|
issuerRef:
|
||
|
kind: Issuer
|
||
|
name: operator-webhook-selfsigned-issuer
|
||
|
secretName: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
|
||
|
---
|
||
|
apiVersion: cert-manager.io/v1
|
||
|
kind: Issuer
|
||
|
metadata:
|
||
|
name: operator-webhook-selfsigned-issuer
|
||
|
namespace: {{ .Release.Namespace }}
|
||
|
spec:
|
||
|
selfSigned: {}
|
||
|
---
|
||
|
apiVersion: cert-manager.io/v1
|
||
|
kind: Certificate
|
||
|
metadata:
|
||
|
name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
|
||
|
namespace: {{ .Release.Namespace }}
|
||
|
spec:
|
||
|
dnsNames:
|
||
|
- network-resources-injector-service.{{ .Release.Namespace }}.svc
|
||
|
- network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local
|
||
|
issuerRef:
|
||
|
kind: Issuer
|
||
|
name: network-resources-injector-selfsigned-issuer
|
||
|
secretName: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
|
||
|
---
|
||
|
apiVersion: cert-manager.io/v1
|
||
|
kind: Issuer
|
||
|
metadata:
|
||
|
name: network-resources-injector-selfsigned-issuer
|
||
|
namespace: {{ .Release.Namespace }}
|
||
|
spec:
|
||
|
selfSigned: {}
|
||
|
{{- else if and (not .Values.operator.admissionControllers.certificates.certManager.enabled) (.Values.operator.admissionControllers.certificates.custom.enabled) }}
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
name: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
|
||
|
namespace: {{ .Release.Namespace }}
|
||
|
type: Opaque
|
||
|
data:
|
||
|
ca.crt: {{ .Values.operator.admissionControllers.certificates.custom.operator.caCrt | b64enc | b64enc | quote }}
|
||
|
tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.operator.tlsCrt | b64enc | quote }}
|
||
|
tls.key: {{ .Values.operator.admissionControllers.certificates.custom.operator.tlsKey | b64enc | quote }}
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
|
||
|
namespace: {{ .Release.Namespace }}
|
||
|
type: Opaque
|
||
|
data:
|
||
|
ca.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.caCrt | b64enc | b64enc | quote }}
|
||
|
tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsCrt | b64enc | quote }}
|
||
|
tls.key: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsKey | b64enc | quote }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|