kubernetes/platform/components/oom-cert-service/templates/certificate.yaml - onap/oom - Gitiles

 {{/*
 # Copyright © 2020-2021 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 */}}

 {{- if .Values.global.cmpv2Enabled }}
 {{ include "certManagerCertificate.certificate" . }}
 {{- end -}}

 {{- if (include "common.onServiceMesh" .) }}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: ingress-ca-certificate
   namespace: {{ .Values.tls.issuer.ingressCa.namespace }}
 spec:
   isCA: true
   commonName: "{{ .Values.global.ingress.virtualhost.baseurl }}" #not important as it is self signed
   secretName: {{ .Values.tls.issuer.ingressCa.secret.name }}
   usages:
     - server auth
     - client auth
   privateKey:
     algorithm: ECDSA
     size: 256
   issuerRef:
     name: {{ .Values.tls.issuer.ingressSelfsigned.name }}
     kind: Issuer
     group: cert-manager.io
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: ingress-selfsigned-certificate
   namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }}
 spec:
   secretName: ingress-tls-secret
   privateKey:
     rotationPolicy: Always
     algorithm: RSA
     encoding: PKCS1
     size: 4096
   duration: 9000h0m0s # 1 Year
   renewBefore: 4000h0m0s #9 months
   commonName: "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
 #  usages:
 #    - server auth
 #    - client auth
   dnsNames:
     - {{ .Values.global.ingress.virtualhost.baseurl }}
     - "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
     - "*.*.{{ .Values.global.ingress.virtualhost.baseurl }}"
     - "*.*.*.{{ .Values.global.ingress.virtualhost.baseurl }}"
   issuerRef:
     name: {{ .Values.tls.issuer.ingressCa.name }}
     kind: Issuer
     group: cert-manager.io
 {{- end -}}
	{{/*
	# Copyright © 2020-2021 Nokia
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	*/}}

	{{- if .Values.global.cmpv2Enabled }}
	{{ include "certManagerCertificate.certificate" . }}
	{{- end -}}

	{{- if (include "common.onServiceMesh" .) }}
	---
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: ingress-ca-certificate
	namespace: {{ .Values.tls.issuer.ingressCa.namespace }}
	spec:
	isCA: true
	commonName: "{{ .Values.global.ingress.virtualhost.baseurl }}" #not important as it is self signed
	secretName: {{ .Values.tls.issuer.ingressCa.secret.name }}
	usages:
	- server auth
	- client auth
	privateKey:
	algorithm: ECDSA
	size: 256
	issuerRef:
	name: {{ .Values.tls.issuer.ingressSelfsigned.name }}
	kind: Issuer
	group: cert-manager.io
	---
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: ingress-selfsigned-certificate
	namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }}
	spec:
	secretName: ingress-tls-secret
	privateKey:
	rotationPolicy: Always
	algorithm: RSA
	encoding: PKCS1
	size: 4096
	duration: 9000h0m0s # 1 Year
	renewBefore: 4000h0m0s #9 months
	commonName: "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
	# usages:
	# - server auth
	# - client auth
	dnsNames:
	- {{ .Values.global.ingress.virtualhost.baseurl }}
	- "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
	- "..{{ .Values.global.ingress.virtualhost.baseurl }}"
	- "..*.{{ .Values.global.ingress.virtualhost.baseurl }}"
	issuerRef:
	name: {{ .Values.tls.issuer.ingressCa.name }}
	kind: Issuer
	group: cert-manager.io
	{{- end -}}