{{- if .Values.tls.certManager }}
{{- if .Values.master.enable }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nfd-master-cert
  namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
  secretName: nfd-master-cert
  subject:
    organizations:
    - node-feature-discovery
  commonName: nfd-master
  dnsNames:
  # must match the service name
  - {{ include "node-feature-discovery.fullname" . }}-master
  # first one is configured for use by the worker; below are for completeness
  - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" .  }}.svc
  - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
  issuerRef:
    name: nfd-ca-issuer
    kind: Issuer
    group: cert-manager.io
{{- end }}
---
{{- if .Values.worker.enable }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nfd-worker-cert
  namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
  secretName: nfd-worker-cert
  subject:
    organizations:
    - node-feature-discovery
  commonName: nfd-worker
  dnsNames:
  - {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
  issuerRef:
    name: nfd-ca-issuer
    kind: Issuer
    group: cert-manager.io
{{- end }}

{{- if .Values.topologyUpdater.enable }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nfd-topology-updater-cert
  namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
  secretName: nfd-topology-updater-cert
  subject:
    organizations:
    - node-feature-discovery
  commonName: nfd-topology-updater
  dnsNames:
  - {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
  issuerRef:
    name: nfd-ca-issuer
    kind: Issuer
    group: cert-manager.io
{{- end }}

{{- end }}