diff --git a/deploy/templates/cert.yaml b/deploy/templates/cert.yaml index 9bbf8d60..8dc111fa 100644 --- a/deploy/templates/cert.yaml +++ b/deploy/templates/cert.yaml @@ -1,11 +1,51 @@ {{- if .Values.tlsCert.generateTlsCert }} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Values.tlsCert.bootstrap.certificateName }} + namespace: cert-manager +spec: + commonName: {{ .Values.tlsCert.bootstrap.commonName }} + isCA: true + secretName: {{ .Values.tlsCert.bootstrap.secretName }} + subject: + organizations: + - ocm.software + dnsNames: + - registry.{{ .Release.Namespace }}.svc.cluster.local + - localhost + ipAddresses: + - 127.0.0.1 + - ::1 + privateKey: + algorithm: RSA + encoding: PKCS8 + size: 2048 + issuerRef: + name: {{ .Values.tlsCert.bootstrap.issuerName }} + kind: ClusterIssuer + group: cert-manager.io + +--- + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.tlsCert.bootstrap.issuerName }} +spec: + selfSigned: {} + +--- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ .Values.tlsCert.defaultSecretName }} + name: {{ .Values.tlsCert.certificateName }} namespace: {{ .Release.Namespace }} spec: - secretName: {{ .Values.tlsCert.defaultSecretName }} + secretName: {{ .Values.tlsCert.secretName }} dnsNames: - registry.{{ .Release.Namespace }}.svc.cluster.local - localhost @@ -17,15 +57,18 @@ spec: encoding: PKCS8 size: 2048 issuerRef: - name: {{ .Values.tlsCert.defaultIssuerName }} + name: {{ .Values.tlsCert.issuerName }} kind: ClusterIssuer group: cert-manager.io + --- + apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: {{ .Values.tlsCert.defaultIssuerName }} + name: {{ .Values.tlsCert.issuerName }} spec: ca: - secretName: {{ .Values.tlsCert.defaultSecretName }} + secretName: {{ .Values.tlsCert.secretName }} + {{- end}} diff --git a/deploy/values.yaml b/deploy/values.yaml index 36f9d641..a5692d74 100644 --- a/deploy/values.yaml +++ b/deploy/values.yaml @@ -2,8 +2,16 @@ tlsCert: # If cert-manager is installed, set generateTlsCert to true to generate a cert generateTlsCert: false - defaultSecretName: &tlsSecretName "ocm-registry-tls-certs" - defaultIssuerName: "ocm-certificate-issuer" + + bootstrap: + certificateName: "ocm-bootstrap-certificate" + issuerName: "ocm-bootstrap-issuer" + secretName: &tlsSecretName "ocm-registry-tls-certs" + commonName: "cert-manager-ocm-tls" + + certificateName: *tlsSecretName + secretName: *tlsSecretName + issuerName: "ocm-certificate-issuer" # This is a YAML-formatted file. # Declare variables to be passed into your templates.