volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5c5e5e7e6918c7f5dfb5b504e2ce3dce35f44832
athens-proxy-charts/templates/certificate.yaml
Markus Pesch 5c5e5e7e69
Some checks failed
Helm / helm-lint (push) Successful in 15s
Details
Generate README / generate-parameters (push) Failing after 18s
Details
Helm / helm-unittest (push) Successful in 17s
Details
feat(certificates): support certificates 
The following patch enables you to generate certificates using cert-manager or,
alternatively, to mount a secret with TLS certificates.

The HTTP server is then automatically configured to use the TLS certificates to
encrypt HTTP traffic.

If an ingress controller is also used, such as the nginx-ingress controller, the
necessary annotations must still be set to inform the nginx-ingress controller
that the HTTP upstream server communicates via HTTPS.
2025-10-14 23:00:14 +02:00

87 lines
3.0 KiB
YAML
Raw Blame History

{{- if and .Values.certificate.enabled (not .Values.certificate.existingSecret.enabled) -}}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
{{- with (include "athens-proxy.certificates.server.annotations" . | fromYaml) }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with (include "athens-proxy.certificates.server.labels" . | fromYaml) }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "athens-proxy.certificates.server.name" . }}
namespace: {{ .Release.Namespace }}
spec:
commonName: {{ include "athens-proxy.fullname" . }}
{{- if empty .Values.certificate.new.dnsNames }}
dnsNames:
- {{ include "athens-proxy.fullname" . }}
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc
- {{ include "athens-proxy.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
{{- else }}
dnsNames:
{{- range .Values.certificate.new.dnsNames }}
- {{ . }}
{{- end }}
{{- end }}
duration: {{ .Values.certificate.new.duration }}
{{- if not (empty .Values.certificate.new.ipAddresses) }}
ipAddresses:
{{- range .Values.certificate.new.ipAddresses }}
- {{ . }}
{{- end }}
{{- end }}
isCA: false
issuerRef:
kind: {{ required "No certificate issuer kind defined!" .Values.certificate.new.issuerRef.kind }}
name: {{ required "No certificate issuer name defined!" .Values.certificate.new.issuerRef.name }}
privateKey:
algorithm: {{ .Values.certificate.new.privateKey.algorithm }}
rotationPolicy: {{ .Values.certificate.new.privateKey.rotationPolicy }}
size: {{ .Values.certificate.new.privateKey.size }}
renewBefore: {{ .Values.certificate.new.renewBefore }}
secretName: {{ include "athens-proxy.certificates.server.name" . }}
{{- with .Values.certificate.new.secretTemplate }}
secretTemplate:
{{- toYaml . | nindent 4 }}
{{- end }}
subject:
{{- with .Values.certificate.new.subject.countries }}
countries:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.localities }}
localities:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.organizationalUnits }}
organizationalUnits:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.organizations }}
organizations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.postalCodes }}
postalCodes:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certificate.new.subject.provinces }}
provinces:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.certificate.new.subject.serialNumber }}
serialNumber: {{ .Values.certificate.new.subject.serialNumber }}
{{- end }}
{{- with .Values.certificate.new.subject.streetAddresses }}
streetAddresses:
{{- toYaml . | nindent 4 }}
{{- end }}
usages:
{{- range .Values.certificate.new.usages }}
- {{ . }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink