rancher-charts/charts/epinio/101.0.0+up1.4.0/templates/certificate.yaml

51 lines
1.2 KiB
YAML

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: epinio
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- epinio.{{ .Values.global.domain }}
issuerRef:
kind: ClusterIssuer
name: {{ default .Values.global.tlsIssuer .Values.global.customTlsIssuer | quote }}
secretName: epinio-tls
{{- if .Values.minio.enabled }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: minio-cert
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- {{ include "epinio.minio-hostname" . }}
issuerRef:
kind: ClusterIssuer
# We always trust the CA for minio so we can always use selfsigned certs
# Because Letsencrypt doesn't create certs for non public domains
name: epinio-ca
secretName: minio-tls
secretTemplate:
annotations:
kubed.appscode.com/sync: "kubed-s3-tls-from={{ .Release.Namespace }}"
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: epinio-ca
namespace: {{ .Values.certManagerNamespace }}
spec:
commonName: epinio-ca
isCA: true
issuerRef:
kind: ClusterIssuer
name: selfsigned-issuer
privateKey:
algorithm: ECDSA
size: 256
secretName: epinio-ca-root