andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/cockroach-labs/cockroachdb/13.0.0/templates/cronjob-client-node-certSel...

54 lines
2.4 KiB
YAML
Raw Blame History

{{- if and .Values.tls.certs.selfSigner.enabled .Values.tls.certs.selfSigner.rotateCerts }}
{{- if .Capabilities.APIVersions.Has "batch/v1/CronJob" }}
apiVersion: batch/v1
{{- else }}
apiVersion: batch/v1beta1
{{- end }}
kind: CronJob
metadata:
name: {{ template "rotatecerts.fullname" . }}-client
namespace: {{ .Release.Namespace | quote }}
labels:
helm.sh/chart: {{ template "cockroachdb.chart" . }}
app.kubernetes.io/name: {{ template "cockroachdb.name" . }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
spec:
schedule: {{ template "selfcerts.clientRotateSchedule" . }}
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
restartPolicy: Never
containers:
- name: cert-rotate-job
image: "{{ .Values.tls.selfSigner.image.registry }}/{{ .Values.tls.selfSigner.image.repository }}:{{ .Values.tls.selfSigner.image.tag }}"
imagePullPolicy: "{{ .Values.tls.selfSigner.image.pullPolicy }}"
args:
- rotate
{{- if .Values.tls.certs.selfSigner.caProvided }}
- --ca-secret={{ .Values.tls.certs.selfSigner.caSecret }}
{{- else }}
- --ca-duration={{ .Values.tls.certs.selfSigner.caCertDuration }}
- --ca-expiry={{ .Values.tls.certs.selfSigner.caCertExpiryWindow }}
{{- end }}
- --client
- --client-duration={{ .Values.tls.certs.selfSigner.clientCertDuration }}
- --client-expiry={{ .Values.tls.certs.selfSigner.clientCertExpiryWindow }}
- --node
- --node-duration={{ .Values.tls.certs.selfSigner.nodeCertDuration }}
- --node-expiry={{ .Values.tls.certs.selfSigner.nodeCertExpiryWindow }}
- --node-client-cron={{ template "selfcerts.clientRotateSchedule" . }}
- --readiness-wait={{ .Values.tls.certs.selfSigner.readinessWait }}
- --pod-update-timeout={{ .Values.tls.certs.selfSigner.podUpdateTimeout }}
env:
- name: STATEFULSET_NAME
value: {{ template "cockroachdb.fullname" . }}
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: CLUSTER_DOMAIN
value: {{ .Values.clusterDomain}}
serviceAccountName: {{ template "rotatecerts.fullname" . }}
{{- end}}
Reference in New Issue View Git Blame Copy Permalink