{{/* # Copyright © 2020-2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. */}} {{- if .Values.global.cmpv2Enabled }} {{ include "certManagerCertificate.certificate" . }} {{- end -}} {{- if (include "common.onServiceMesh" .) }} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: ingress-ca-certificate namespace: {{ .Values.tls.issuer.ingressCa.namespace }} spec: isCA: true commonName: "{{ .Values.global.ingress.virtualhost.baseurl }}" #not important as it is self signed secretName: {{ .Values.tls.issuer.ingressCa.secret.name }} usages: - server auth - client auth privateKey: algorithm: ECDSA size: 256 issuerRef: name: {{ .Values.tls.issuer.ingressSelfsigned.name }} kind: Issuer group: cert-manager.io --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: ingress-selfsigned-certificate namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }} spec: secretName: ingress-tls-secret privateKey: rotationPolicy: Always algorithm: RSA encoding: PKCS1 size: 4096 duration: 9000h0m0s # 1 Year renewBefore: 4000h0m0s #9 months commonName: "*.{{ .Values.global.ingress.virtualhost.baseurl }}" # usages: # - server auth # - client auth dnsNames: - {{ .Values.global.ingress.virtualhost.baseurl }} - "*.{{ .Values.global.ingress.virtualhost.baseurl }}" - "*.*.{{ .Values.global.ingress.virtualhost.baseurl }}" - "*.*.*.{{ .Values.global.ingress.virtualhost.baseurl }}" issuerRef: name: {{ .Values.tls.issuer.ingressCa.name }} kind: Issuer group: cert-manager.io {{- end -}}