Skip to content

Commit 30eef91

Browse files
Melonbun233Melonbun233
authored
generate bootstrap issuer and certificates in ocm controller helm charts (#714)
1 parent cbd1018 commit 30eef91

File tree

2 files changed

+58
-7
lines changed

2 files changed

+58
-7
lines changed

deploy/templates/cert.yaml

Lines changed: 48 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,51 @@
11
{{- if .Values.tlsCert.generateTlsCert }}
2+
3+
---
4+
apiVersion: cert-manager.io/v1
5+
kind: Certificate
6+
metadata:
7+
name: {{ .Values.tlsCert.bootstrap.certificateName }}
8+
namespace: cert-manager
9+
spec:
10+
commonName: {{ .Values.tlsCert.bootstrap.commonName }}
11+
isCA: true
12+
secretName: {{ .Values.tlsCert.bootstrap.secretName }}
13+
subject:
14+
organizations:
15+
- ocm.software
16+
dnsNames:
17+
- registry.{{ .Release.Namespace }}.svc.cluster.local
18+
- localhost
19+
ipAddresses:
20+
- 127.0.0.1
21+
- ::1
22+
privateKey:
23+
algorithm: RSA
24+
encoding: PKCS8
25+
size: 2048
26+
issuerRef:
27+
name: {{ .Values.tlsCert.bootstrap.issuerName }}
28+
kind: ClusterIssuer
29+
group: cert-manager.io
30+
31+
---
32+
33+
apiVersion: cert-manager.io/v1
34+
kind: ClusterIssuer
35+
metadata:
36+
name: {{ .Values.tlsCert.bootstrap.issuerName }}
37+
spec:
38+
selfSigned: {}
39+
40+
---
41+
242
apiVersion: cert-manager.io/v1
343
kind: Certificate
444
metadata:
5-
name: {{ .Values.tlsCert.defaultSecretName }}
45+
name: {{ .Values.tlsCert.certificateName }}
646
namespace: {{ .Release.Namespace }}
747
spec:
8-
secretName: {{ .Values.tlsCert.defaultSecretName }}
48+
secretName: {{ .Values.tlsCert.secretName }}
949
dnsNames:
1050
- registry.{{ .Release.Namespace }}.svc.cluster.local
1151
- localhost
@@ -17,15 +57,18 @@ spec:
1757
encoding: PKCS8
1858
size: 2048
1959
issuerRef:
20-
name: {{ .Values.tlsCert.defaultIssuerName }}
60+
name: {{ .Values.tlsCert.issuerName }}
2161
kind: ClusterIssuer
2262
group: cert-manager.io
63+
2364
---
65+
2466
apiVersion: cert-manager.io/v1
2567
kind: ClusterIssuer
2668
metadata:
27-
name: {{ .Values.tlsCert.defaultIssuerName }}
69+
name: {{ .Values.tlsCert.issuerName }}
2870
spec:
2971
ca:
30-
secretName: {{ .Values.tlsCert.defaultSecretName }}
72+
secretName: {{ .Values.tlsCert.secretName }}
73+
3174
{{- end}}

deploy/values.yaml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,16 @@
22
tlsCert:
33
# If cert-manager is installed, set generateTlsCert to true to generate a cert
44
generateTlsCert: false
5-
defaultSecretName: &tlsSecretName "ocm-registry-tls-certs"
6-
defaultIssuerName: "ocm-certificate-issuer"
5+
6+
bootstrap:
7+
certificateName: "ocm-bootstrap-certificate"
8+
issuerName: "ocm-bootstrap-issuer"
9+
secretName: &tlsSecretName "ocm-registry-tls-certs"
10+
commonName: "cert-manager-ocm-tls"
11+
12+
certificateName: *tlsSecretName
13+
secretName: *tlsSecretName
14+
issuerName: "ocm-certificate-issuer"
715

816
# This is a YAML-formatted file.
917
# Declare variables to be passed into your templates.

0 commit comments

Comments
 (0)