-
Notifications
You must be signed in to change notification settings - Fork 5.5k
/
Copy pathcerts.yaml
70 lines (70 loc) · 2.22 KB
/
certs.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
{{- if .Values.certmanager }}
{{- $prefix := (include "certmanager.prefix" .) -}}
{{ $organisation := printf "%s-org" $prefix -}}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ $prefix -}}-certmanager
spec:
# Secret names are always required.
secretName: "{{- $prefix -}}-tls"
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- "{{ .Values.certmanager.org | default $organisation -}}"
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: {{ $prefix }}-primary
isCA: false
privateKey:
algorithm: ECDSA
size: 256
usages:
- digital signature
- key encipherment
# At least one of a DNS Name, URI, or IP address is required.
dnsNames:
- {{ $prefix }}-primary
- {{ $prefix }}-primary.postgres-operator
- {{ $prefix }}-primary.postgres-operator.svc
- {{ $prefix }}-primary.postgres-operator.svc.cluster.local
issuerRef:
name: {{ required ".certmanager.issuerName reqired" .Values.certmanager.issuerName }}
{{ if .Values.certmanager.issuerKind -}} kind: {{ .Values.certmanager.issuerKind }}
{{ end -}}
{{ if .Values.certmanager.issuerGroup -}} group: {{ .Values.certmanager.issuerGroup }}
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ $prefix }}-repl-certmanager
spec:
# Secret names are always required.
secretName: {{ $prefix }}-repl-tls
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- "{{ .Values.certmanager.org | default $organisation -}}"
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: _crunchyrepl
isCA: false
privateKey:
algorithm: ECDSA
size: 256
usages:
- digital signature
- key encipherment
# At least one of a DNS Name, URI, or IP address is required.
dnsNames:
- _crunchyrepl
issuerRef:
name: {{ required ".certmanager.issuerName reqired" .Values.certmanager.issuerName }}
{{ if .Values.certmanager.issuerKind -}} kind: {{ .Values.certmanager.issuerKind }}
{{ end -}}
{{ if .Values.certmanager.issuerGroup -}} group: {{ .Values.certmanager.issuerGroup }}
{{- end }}
{{- end }}