diff --git a/deploy/templates/cert.yaml b/deploy/templates/cert.yaml new file mode 100644 index 00000000..9bbf8d60 --- /dev/null +++ b/deploy/templates/cert.yaml @@ -0,0 +1,31 @@ +{{- if .Values.tlsCert.generateTlsCert }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Values.tlsCert.defaultSecretName }} + namespace: {{ .Release.Namespace }} +spec: + secretName: {{ .Values.tlsCert.defaultSecretName }} + dnsNames: + - registry.{{ .Release.Namespace }}.svc.cluster.local + - localhost + ipAddresses: + - 127.0.0.1 + - ::1 + privateKey: + algorithm: RSA + encoding: PKCS8 + size: 2048 + issuerRef: + name: {{ .Values.tlsCert.defaultIssuerName }} + kind: ClusterIssuer + group: cert-manager.io +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.tlsCert.defaultIssuerName }} +spec: + ca: + secretName: {{ .Values.tlsCert.defaultSecretName }} +{{- end}} diff --git a/deploy/templates/deployment_manager.yaml b/deploy/templates/deployment_manager.yaml index f15ca506..1f0a68fa 100644 --- a/deploy/templates/deployment_manager.yaml +++ b/deploy/templates/deployment_manager.yaml @@ -58,11 +58,7 @@ spec: initialDelaySeconds: 5 periodSeconds: 10 resources: - limits: - memory: 1024Mi - requests: - cpu: 200m - memory: 512Mi + {{- toYaml .Values.manager.resources | nindent 10 }} serviceAccountName: ocm-controller terminationGracePeriodSeconds: 10 {{- if .Values.registry.tls.enabled }} diff --git a/deploy/templates/deployment_registry.yaml b/deploy/templates/deployment_registry.yaml index 2ec4d609..2c3a7eb5 100644 --- a/deploy/templates/deployment_registry.yaml +++ b/deploy/templates/deployment_registry.yaml @@ -49,6 +49,8 @@ spec: periodSeconds: 20 successThreshold: 1 failureThreshold: 3 + resources: + {{- toYaml .Values.registry.resources | nindent 10 }} volumes: - name: registry emptyDir: {} diff --git a/deploy/values.yaml b/deploy/values.yaml index a05ee58c..36f9d641 100644 --- a/deploy/values.yaml +++ b/deploy/values.yaml @@ -1,3 +1,10 @@ +# Generate TLS Certificate for registry and manager +tlsCert: + # If cert-manager is installed, set generateTlsCert to true to generate a cert + generateTlsCert: false + defaultSecretName: &tlsSecretName "ocm-registry-tls-certs" + defaultIssuerName: "ocm-certificate-issuer" + # This is a YAML-formatted file. # Declare variables to be passed into your templates. registry: @@ -16,11 +23,11 @@ registry: value: "/certs/key.pem" volumeMounts: - mountPath: "/certs" - name: "ocm-registry-tls-certs" + name: *tlsSecretName volumes: - - name: "ocm-registry-tls-certs" + - name: *tlsSecretName secret: - secretName: "ocm-registry-tls-certs" + secretName: *tlsSecretName items: - key: "tls.crt" path: "cert.pem" @@ -28,6 +35,12 @@ registry: path: "key.pem" - key: "ca.crt" path: "ca.pem" + resources: + limits: + memory: 1024Mi + requests: + cpu: 200m + memory: 512Mi nodeSelector: {} manager: @@ -46,16 +59,16 @@ manager: volumes: - name: "certificates" secret: - secretName: "ocm-registry-tls-certs" # must match with ocm-controller's certificate-secret-name argument + secretName: *tlsSecretName # must match with ocm-controller's certificate-secret-name argument items: - key: "ca.crt" path: "registry-root.pem" resources: limits: - memory: 2048Mi - requests: - cpu: 300m memory: 1024Mi + requests: + cpu: 200m + memory: 512Mi # optional values defined by the user nodeSelector: {} tolerations: []