31 lines
984 B
YAML
31 lines
984 B
YAML
{{- if and .Values.api7.enabled .Values.api7.tls.enabled .Values.api7.tls.certManager.enabled }}
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: {{ include "api7ee.fullname" . }}-tls
|
|
labels:
|
|
{{- include "api7ee.labels" . | nindent 4 }}
|
|
spec:
|
|
secretName: {{ .Values.api7.tls.secretName | default (printf "%s-tls" (include "api7ee.fullname" .)) }}
|
|
issuerRef:
|
|
name: {{ .Values.api7.tls.certManager.issuer }}
|
|
kind: {{ .Values.api7.tls.certManager.issuerKind | default "ClusterIssuer" }}
|
|
commonName: {{ first .Values.api7.hosts }}
|
|
dnsNames:
|
|
{{- range .Values.api7.hosts }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
privateKey:
|
|
algorithm: RSA
|
|
encoding: PKCS1
|
|
size: 2048
|
|
rotationPolicy: {{ .Values.api7.tls.privateKey.rotationPolicy | default "Always" }}
|
|
usages:
|
|
- digital signature
|
|
- key encipherment
|
|
- server auth
|
|
- client auth
|
|
duration: 2160h # 90 days
|
|
renewBefore: 720h # 30 days before expiry
|
|
{{- end }}
|