charts/cert-manager-webhook-gandi/templates/pki.yaml - pcloud - Gitiles

 ---
 # Create a selfsigned Issuer, in order to create a root CA certificate for
 # signing webhook serving certificates
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: {{ include "cert-manager-webhook-gandi.selfSignedIssuer" . }}
   namespace: {{ .Values.certManager.namespace | quote }}
   labels:
     app: {{ include "cert-manager-webhook-gandi.name" . }}
     chart: {{ include "cert-manager-webhook-gandi.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
   selfSigned: {}
 ---
 # Generate a CA Certificate used to sign certificates for the webhook
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: {{ include "cert-manager-webhook-gandi.rootCACertificate" . }}
   namespace: {{ .Values.certManager.namespace | quote }}
   labels:
     app: {{ include "cert-manager-webhook-gandi.name" . }}
     chart: {{ include "cert-manager-webhook-gandi.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
   secretName: {{ include "cert-manager-webhook-gandi.rootCACertificate" . }}
   duration: 43800h # 5y
   issuerRef:
     name: {{ include "cert-manager-webhook-gandi.selfSignedIssuer" . }}
   commonName: "ca.cert-manager-webhook-gandi.cert-manager"
   isCA: true
 ---
 # Create an Issuer that uses the above generated CA certificate to issue certs
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: {{ include "cert-manager-webhook-gandi.rootCAIssuer" . }}
   namespace: {{ .Values.certManager.namespace | quote }}
   labels:
     app: {{ include "cert-manager-webhook-gandi.name" . }}
     chart: {{ include "cert-manager-webhook-gandi.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
   ca:
     secretName: {{ include "cert-manager-webhook-gandi.rootCACertificate" . }}
 ---
 # Finally, generate a serving certificate for the webhook to use
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: {{ include "cert-manager-webhook-gandi.servingCertificate" . }}
   namespace: {{ .Values.certManager.namespace | quote }}
   labels:
     app: {{ include "cert-manager-webhook-gandi.name" . }}
     chart: {{ include "cert-manager-webhook-gandi.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
   secretName: {{ include "cert-manager-webhook-gandi.servingCertificate" . }}
   duration: 8760h # 1y
   issuerRef:
     name: {{ include "cert-manager-webhook-gandi.rootCAIssuer" . }}
   dnsNames:
   - {{ include "cert-manager-webhook-gandi.fullname" . }}
   - {{ include "cert-manager-webhook-gandi.fullname" . }}.{{ .Values.certManager.namespace }}
   - {{ include "cert-manager-webhook-gandi.fullname" . }}.{{ .Values.certManager.namespace }}.svc
	---
	# Create a selfsigned Issuer, in order to create a root CA certificate for
	# signing webhook serving certificates
	apiVersion: cert-manager.io/v1
	kind: Issuer
	metadata:
	name: {{ include "cert-manager-webhook-gandi.selfSignedIssuer" . }}
	namespace: {{ .Values.certManager.namespace \| quote }}
	labels:
	app: {{ include "cert-manager-webhook-gandi.name" . }}
	chart: {{ include "cert-manager-webhook-gandi.chart" . }}
	release: {{ .Release.Name }}
	heritage: {{ .Release.Service }}
	spec:
	selfSigned: {}
	---
	# Generate a CA Certificate used to sign certificates for the webhook
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: {{ include "cert-manager-webhook-gandi.rootCACertificate" . }}
	namespace: {{ .Values.certManager.namespace \| quote }}
	labels:
	app: {{ include "cert-manager-webhook-gandi.name" . }}
	chart: {{ include "cert-manager-webhook-gandi.chart" . }}
	release: {{ .Release.Name }}
	heritage: {{ .Release.Service }}
	spec:
	secretName: {{ include "cert-manager-webhook-gandi.rootCACertificate" . }}
	duration: 43800h # 5y
	issuerRef:
	name: {{ include "cert-manager-webhook-gandi.selfSignedIssuer" . }}
	commonName: "ca.cert-manager-webhook-gandi.cert-manager"
	isCA: true
	---
	# Create an Issuer that uses the above generated CA certificate to issue certs
	apiVersion: cert-manager.io/v1
	kind: Issuer
	metadata:
	name: {{ include "cert-manager-webhook-gandi.rootCAIssuer" . }}
	namespace: {{ .Values.certManager.namespace \| quote }}
	labels:
	app: {{ include "cert-manager-webhook-gandi.name" . }}
	chart: {{ include "cert-manager-webhook-gandi.chart" . }}
	release: {{ .Release.Name }}
	heritage: {{ .Release.Service }}
	spec:
	ca:
	secretName: {{ include "cert-manager-webhook-gandi.rootCACertificate" . }}
	---
	# Finally, generate a serving certificate for the webhook to use
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: {{ include "cert-manager-webhook-gandi.servingCertificate" . }}
	namespace: {{ .Values.certManager.namespace \| quote }}
	labels:
	app: {{ include "cert-manager-webhook-gandi.name" . }}
	chart: {{ include "cert-manager-webhook-gandi.chart" . }}
	release: {{ .Release.Name }}
	heritage: {{ .Release.Service }}
	spec:
	secretName: {{ include "cert-manager-webhook-gandi.servingCertificate" . }}
	duration: 8760h # 1y
	issuerRef:
	name: {{ include "cert-manager-webhook-gandi.rootCAIssuer" . }}
	dnsNames:
	- {{ include "cert-manager-webhook-gandi.fullname" . }}
	- {{ include "cert-manager-webhook-gandi.fullname" . }}.{{ .Values.certManager.namespace }}
	- {{ include "cert-manager-webhook-gandi.fullname" . }}.{{ .Values.certManager.namespace }}.svc