Blame - kubernetes/platform/components/oom-cert-service/templates/certificate.yaml - onap/oom

blob: 8f49424b54d63ff1983cca8816cf0489587a7e15 [file] [log] [blame]

Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	1	{{/*
				2	# Copyright © 2020-2021 Nokia
				3	#
				4	# Licensed under the Apache License, Version 2.0 (the "License");
				5	# you may not use this file except in compliance with the License.
				6	# You may obtain a copy of the License at
				7	#
				8	# http://www.apache.org/licenses/LICENSE-2.0
				9	#
				10	# Unless required by applicable law or agreed to in writing, software
				11	# distributed under the License is distributed on an "AS IS" BASIS,
				12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	# See the License for the specific language governing permissions and
				14	# limitations under the License.
				15	*/}}
				16
Andreas Geissler	9794a7b	2022-07-26 13:51:08 +0200	[diff] [blame^]	17	{{- if .Values.global.cmpv2Enabled }}
Piotr Marcinkiewicz	3267293	2021-03-26 13:06:35 +0100	[diff] [blame]	18	{{ include "certManagerCertificate.certificate" . }}
Andreas Geissler	9794a7b	2022-07-26 13:51:08 +0200	[diff] [blame^]	19	{{- end -}}
				20
				21	{{- if (include "common.onServiceMesh" .) }}
				22	---
				23	apiVersion: cert-manager.io/v1
				24	kind: Certificate
				25	metadata:
				26	name: ingress-ca-certificate
				27	namespace: {{ .Values.tls.issuer.ingressCa.namespace }}
				28	spec:
				29	isCA: true
				30	commonName: "{{ .Values.global.ingress.virtualhost.baseurl }}" #not important as it is self signed
				31	secretName: {{ .Values.tls.issuer.ingressCa.secret.name }}
				32	usages:
				33	- server auth
				34	- client auth
				35	privateKey:
				36	algorithm: ECDSA
				37	size: 256
				38	issuerRef:
				39	name: {{ .Values.tls.issuer.ingressSelfsigned.name }}
				40	kind: Issuer
				41	group: cert-manager.io
				42	---
				43	apiVersion: cert-manager.io/v1
				44	kind: Certificate
				45	metadata:
				46	name: ingress-selfsigned-certificate
				47	namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }}
				48	spec:
				49	secretName: ingress-tls-secret
				50	privateKey:
				51	rotationPolicy: Always
				52	algorithm: RSA
				53	encoding: PKCS1
				54	size: 4096
				55	duration: 9000h0m0s # 1 Year
				56	renewBefore: 4000h0m0s #9 months
				57	commonName: "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
				58	# usages:
				59	# - server auth
				60	# - client auth
				61	dnsNames:
				62	- {{ .Values.global.ingress.virtualhost.baseurl }}
				63	- "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
				64	- "..{{ .Values.global.ingress.virtualhost.baseurl }}"
				65	- "..*.{{ .Values.global.ingress.virtualhost.baseurl }}"
				66	issuerRef:
				67	name: {{ .Values.tls.issuer.ingressCa.name }}
				68	kind: Issuer
				69	group: cert-manager.io
				70	{{- end -}}