41 lines
1.6 KiB
YAML
41 lines
1.6 KiB
YAML
{{- if not .Values.pxc.disableTLS }}
|
|
{{- if not .Values.pxc.certManager }}
|
|
{{- $nameDB := printf "%s" (include "pxc-database.fullname" .) }}
|
|
{{ $ca := genCA (printf "%s-ca" $nameDB ) 365 }}
|
|
{{- if not (hasKey .Values.secrets.tls "cluster") }}
|
|
---
|
|
{{- $name := printf "%s-proxysql" $nameDB }}
|
|
{{- $altNames := list ( printf "%s-pxc" $nameDB ) ( printf "*.%s-pxc" $nameDB ) ( printf "*.%s-proxysql" $nameDB ) -}}
|
|
{{ $cert := genSignedCert $name nil $altNames 365 $ca }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ $nameDB }}-ssl
|
|
labels:
|
|
{{ include "pxc-database.labels" . | indent 4 }}
|
|
type: kubernetes.io/tls
|
|
data:
|
|
ca.crt: {{ $ca.Cert | b64enc }}
|
|
tls.crt: {{ $cert.Cert | b64enc }}
|
|
tls.key: {{ $cert.Key | b64enc }}
|
|
{{- end }}
|
|
{{- if not (hasKey .Values.secrets.tls "internal") }}
|
|
---
|
|
{{- $name := printf "%s-pxc" $nameDB }}
|
|
{{- $altNames := list ( printf "%s" $name ) ( printf "*.%s" $name ) ( printf "%s-haproxy-replicas.%s.svc.cluster.local" $nameDB .Release.Namespace ) ( printf "%s-haproxy-replicas.%s" $nameDB .Release.Namespace ) ( printf "%s-haproxy-replicas" $nameDB ) ( printf "%s-haproxy.%s.svc.cluster.local" $nameDB .Release.Namespace ) ( printf "%s-haproxy.%s" $nameDB .Release.Namespace ) ( printf "%s-haproxy" $nameDB ) -}}
|
|
{{ $cert := genSignedCert $name nil $altNames 365 $ca }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ $nameDB }}-ssl-internal
|
|
labels:
|
|
{{ include "pxc-database.labels" . | indent 4 }}
|
|
type: kubernetes.io/tls
|
|
data:
|
|
ca.crt: {{ $ca.Cert | b64enc }}
|
|
tls.crt: {{ $cert.Cert | b64enc }}
|
|
tls.key: {{ $cert.Key | b64enc }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|