commit ae1a4a47226f02c0f2ffc3edd9e5e68d49f861e5
author Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Thu Dec 07 13:23:17 2023 +0400
committer Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Thu Dec 07 13:23:17 2023 +0400
tree 5f56c7169e6678f36deeb449fe73ecc973f63278
parent e71e8143cdac0fc89bb3a90fc8c90e6c7c8946fb

cert-manager dns-challenge-solver

charts/cert-manager-webhook-pcloud/templates/pki.yaml

diff --git a/charts/cert-manager-webhook-pcloud/templates/pki.yaml b/charts/cert-manager-webhook-pcloud/templates/pki.yaml
new file mode 100644
index 0000000..59caf22
--- /dev/null
+++ b/charts/cert-manager-webhook-pcloud/templates/pki.yaml
@@ -0,0 +1,70 @@
+---
+# Create a selfsigned Issuer, in order to create a root CA certificate for
+# signing webhook serving certificates
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "cert-manager-webhook-pcloud.selfSignedIssuer" . }}
+  namespace: {{ .Values.certManager.namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-pcloud.name" . }}
+    chart: {{ include "cert-manager-webhook-pcloud.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selfSigned: {}
+---
+# Generate a CA Certificate used to sign certificates for the webhook
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "cert-manager-webhook-pcloud.rootCACertificate" . }}
+  namespace: {{ .Values.certManager.namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-pcloud.name" . }}
+    chart: {{ include "cert-manager-webhook-pcloud.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  secretName: {{ include "cert-manager-webhook-pcloud.rootCACertificate" . }}
+  duration: 43800h # 5y
+  issuerRef:
+    name: {{ include "cert-manager-webhook-pcloud.selfSignedIssuer" . }}
+  commonName: "ca.cert-manager-webhook-pcloud.cert-manager"
+  isCA: true
+---
+# Create an Issuer that uses the above generated CA certificate to issue certs
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "cert-manager-webhook-pcloud.rootCAIssuer" . }}
+  namespace: {{ .Values.certManager.namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-pcloud.name" . }}
+    chart: {{ include "cert-manager-webhook-pcloud.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ca:
+    secretName: {{ include "cert-manager-webhook-pcloud.rootCACertificate" . }}
+---
+# Finally, generate a serving certificate for the webhook to use
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "cert-manager-webhook-pcloud.servingCertificate" . }}
+  namespace: {{ .Values.certManager.namespace | quote }}
+  labels:
+    app: {{ include "cert-manager-webhook-pcloud.name" . }}
+    chart: {{ include "cert-manager-webhook-pcloud.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  secretName: {{ include "cert-manager-webhook-pcloud.servingCertificate" . }}
+  duration: 8760h # 1y
+  issuerRef:
+    name: {{ include "cert-manager-webhook-pcloud.rootCAIssuer" . }}
+  dnsNames:
+  - {{ include "cert-manager-webhook-pcloud.fullname" . }}
+  - {{ include "cert-manager-webhook-pcloud.fullname" . }}.{{ .Values.certManager.namespace }}
+  - {{ include "cert-manager-webhook-pcloud.fullname" . }}.{{ .Values.certManager.namespace }}.svc
\ No newline at end of file