public/helm-charts
1
0
Fork 0
mirror of https://github.com/bjw-s-labs/helm-charts.git synced 2025-07-04 00:47:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat(k8s-ycl): Add Helm chart (#165)

Browse source
This commit is contained in:
Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs 2023-07-27 19:10:21 +02:00 committed by GitHub
parent 1e238f9ff8
commit 2f5cfc139f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 270 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

67
charts/apps/k8s-ycl/templates/pki.yaml Normal file
View file

@ -0,0 +1,67 @@
{{- include "bjw-s.common.loader.init" . -}}
---
# Create a selfsigned Issuer, in order to create a root CA certificate for
# signing webhook serving certificates
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ include "k8s-ycl.selfSignedIssuer" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "bjw-s.common.lib.metadata.allLabels" . | nindent 4 }}
spec:
selfSigned: {}
---
# Generate a CA Certificate used to sign certificates for the webhook
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "k8s-ycl.rootCACertificate" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "bjw-s.common.lib.metadata.allLabels" . | nindent 4 }}
spec:
secretName: {{ include "k8s-ycl.rootCACertificate" . }}
duration: 43800h # 5y
issuerRef:
name: {{ include "k8s-ycl.selfSignedIssuer" . }}
kind: Issuer
commonName: "ca.k8s-ycl.cert-manager"
isCA: true
---
# Create an Issuer that uses the above generated CA certificate to issue certs
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ include "k8s-ycl.rootCAIssuer" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "bjw-s.common.lib.metadata.allLabels" . | nindent 4 }}
spec:
ca:
secretName: {{ include "k8s-ycl.rootCACertificate" . }}
---
# Finally, generate a serving certificate for the webhook to use
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "k8s-ycl.servingCertificate" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "bjw-s.common.lib.metadata.allLabels" . | nindent 4 }}
spec:
secretName: {{ include "k8s-ycl.servingCertificate" . }}
duration: 8760h # 1y
issuerRef:
name: {{ include "k8s-ycl.rootCAIssuer" . }}
kind: Issuer
dnsNames:
- {{ include "bjw-s.common.lib.chart.names.fullname" . }}-webhook
- {{ include "bjw-s.common.lib.chart.names.fullname" . }}-webhook.{{ .Release.Namespace }}
- {{ include "bjw-s.common.lib.chart.names.fullname" . }}-webhook.{{ .Release.Namespace }}.svc