andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/mongodb/community-operator/templates/mongodbcommunity_cr_with_tl...

80 lines
2.3 KiB
YAML
Raw Blame History

{{- if and .Values.resource.tls.enabled .Values.resource.tls.useCertManager }}
# cert-manager resources
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: tls-selfsigned-issuer
namespace: {{ .Values.namespace }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: tls-selfsigned-ca
namespace: {{ .Values.namespace }}
spec:
isCA: true
commonName: "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local"
dnsNames:
- "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local"
secretName: {{ .Values.resource.tls.caCertificateSecretRef }}
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: tls-selfsigned-issuer
kind: Issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: tls-ca-issuer
namespace: {{ .Values.namespace }}
spec:
ca:
secretName: {{ .Values.resource.tls.caCertificateSecretRef }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cert-manager-tls-certificate
namespace: {{ .Values.namespace }}
spec:
secretName: {{ .Values.resource.tls.certificateKeySecretRef }}
issuerRef:
name: tls-ca-issuer
kind: Issuer
duration: {{ .Values.resource.tls.certManager.certDuration | default "8760h" }} # default to 365 days
renewBefore: {{ .Values.resource.tls.certManager.renewCertBefore | default "720h" }} # default to 30 days
commonName: "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local"
dnsNames:
- "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local"
{{- end }}
{{- if .Values.createResource }}
# mongodb resources
---
apiVersion: mongodbcommunity.mongodb.com/v1
kind: MongoDBCommunity
metadata:
name: {{ .Values.resource.name }}
namespace: {{ .Values.namespace }}
spec:
members: {{ .Values.resource.members }}
type: ReplicaSet
version: {{ .Values.resource.version }}
security:
tls:
enabled: {{ .Values.resource.tls.enabled }}
{{- if .Values.resource.tls.enabled }}
certificateKeySecretRef:
name: {{ .Values.resource.tls.certificateKeySecretRef }}
caCertificateSecretRef:
name: {{ .Values.resource.tls.caCertificateSecretRef }}
{{- end }}
authentication:
modes: ["SCRAM"]
users: []
{{- end }}
Reference in New Issue View Git Blame Copy Permalink