commit 84835c920e2c2fe3370d764b79cc5c730e01e31e
author Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Tue Jun 20 19:00:15 2023 +0400
committer Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Tue Jun 20 19:00:15 2023 +0400
tree bf8aabdb8d8e34d691d20930bd165c75711fecc1
parent 0048a78304b7ea4bbd14230c87d6132825bee8ec

charts: fix cert-manager-webhook-gandi

charts/cert-manager-webhook-gandi/templates/pki.yaml

diff --git a/charts/cert-manager-webhook-gandi/templates/pki.yaml b/charts/cert-manager-webhook-gandi/templates/pki.yaml
new file mode 100644
index 0000000..07e26d0
--- /dev/null
+++ b/charts/cert-manager-webhook-gandi/templates/pki.yaml
@@ -0,0 +1,70 @@
+---
+# Create a selfsigned Issuer, in order to create a root CA certificate for
+# signing webhook serving certificates
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "cert-manager-webhook-gandi.selfSignedIssuer" . }}
+  namespace: {{ .Values.certManager.namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-gandi.name" . }}
+    chart: {{ include "cert-manager-webhook-gandi.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selfSigned: {}
+---
+# Generate a CA Certificate used to sign certificates for the webhook
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "cert-manager-webhook-gandi.rootCACertificate" . }}
+  namespace: {{ .Values.certManager.namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-gandi.name" . }}
+    chart: {{ include "cert-manager-webhook-gandi.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  secretName: {{ include "cert-manager-webhook-gandi.rootCACertificate" . }}
+  duration: 43800h # 5y
+  issuerRef:
+    name: {{ include "cert-manager-webhook-gandi.selfSignedIssuer" . }}
+  commonName: "ca.cert-manager-webhook-gandi.cert-manager"
+  isCA: true
+---
+# Create an Issuer that uses the above generated CA certificate to issue certs
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "cert-manager-webhook-gandi.rootCAIssuer" . }}
+  namespace: {{ .Values.certManager.namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-gandi.name" . }}
+    chart: {{ include "cert-manager-webhook-gandi.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ca:
+    secretName: {{ include "cert-manager-webhook-gandi.rootCACertificate" . }}
+---
+# Finally, generate a serving certificate for the webhook to use
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "cert-manager-webhook-gandi.servingCertificate" . }}
+  namespace: {{ .Values.certManager.namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-gandi.name" . }}
+    chart: {{ include "cert-manager-webhook-gandi.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  secretName: {{ include "cert-manager-webhook-gandi.servingCertificate" . }}
+  duration: 8760h # 1y
+  issuerRef:
+    name: {{ include "cert-manager-webhook-gandi.rootCAIssuer" . }}
+  dnsNames:
+  - {{ include "cert-manager-webhook-gandi.fullname" . }}
+  - {{ include "cert-manager-webhook-gandi.fullname" . }}.{{ .Values.certManager.namespace }}
+  - {{ include "cert-manager-webhook-gandi.fullname" . }}.{{ .Values.certManager.namespace }}.svc
\ No newline at end of file