Code Review / ric-plt / ric-dep.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
J release changes
[ric-plt/ric-dep.git] / helm / infrastructure / subcharts / kong / templates / certificate.yaml
diff --git a/helm/infrastructure/subcharts/kong/templates/certificate.yaml b/helm/infrastructure/subcharts/kong/templates/certificate.yaml
new file mode 100644 (file)
index 0000000..a7079cd
--- /dev/null
+++ b/helm/infrastructure/subcharts/kong/templates/certificate.yaml
@@ -0,0 +1,89 @@
+{{- if and ( .Capabilities.APIVersions.Has "cert-manager.io/v1" ) .Values.certificates.enabled -}}
+
+{{- $genericCertificateConfig := dict -}}
+{{- $_ := set $genericCertificateConfig "fullName" (include "kong.fullname" .) -}}
+{{- $_ := set $genericCertificateConfig "namespace" (include "kong.namespace" .) -}}
+{{- $_ := set $genericCertificateConfig "metaLabels" (include "kong.metaLabels" .) -}}
+{{- $_ := set $genericCertificateConfig "globalIssuer" .Values.certificates.issuer -}}
+{{- $_ := set $genericCertificateConfig "globalClusterIssuer" .Values.certificates.clusterIssuer -}}
+{{- $_ := set $genericCertificateConfig "globalSubject" .Values.certificates.subject -}}
+{{- $_ := set $genericCertificateConfig "globalPrivateKey" .Values.certificates.privateKey -}}
+{{- $_ := set $genericCertificateConfig "defaultIssuer" (printf "%s-%s-%s" .Release.Name .Chart.Name "selfsigned-issuer") -}}
+
+{{- if .Values.certificates.admin.enabled }}
+{{- $certificateConfig := mustMerge (mustDeepCopy $genericCertificateConfig) .Values.certificates.admin -}}
+{{- $_ := set $certificateConfig "serviceName" "admin" -}}
+{{- include "kong.certificate" $certificateConfig -}}
+{{- end }}
+
+{{- if (and .Values.certificates.portal.enabled .Values.enterprise.enabled) }}
+{{- $certificateConfig := mustMerge (mustDeepCopy $genericCertificateConfig) .Values.certificates.portal -}}
+{{- $_ := set $certificateConfig "serviceName" "portal" -}}
+{{- include "kong.certificate" $certificateConfig -}}
+{{- end }}
+
+{{- if .Values.certificates.proxy.enabled }}
+{{- $certificateConfig := mustMerge (mustDeepCopy $genericCertificateConfig) .Values.certificates.proxy -}}
+{{- $_ := set $certificateConfig "serviceName" "proxy" -}}
+{{- include "kong.certificate" $certificateConfig -}}
+{{- end }}
+
+{{- if .Values.certificates.cluster.enabled }}
+{{- $certificateConfig := dict -}}
+{{- $certificateConfig = mustMerge (mustDeepCopy $genericCertificateConfig) .Values.certificates.cluster -}}
+{{- $_ := set $certificateConfig "serviceName" "cluster" -}}
+{{- include "kong.certificate" $certificateConfig -}}
+{{- end }}
+
+{{- end }}
+
+{{- define "kong.certificate" }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .fullName }}-{{ .serviceName }}
+  namespace:  {{ .namespace }}
+  labels:
+    {{- .metaLabels | nindent 4 }}
+spec:
+  secretName: {{ .fullName }}-{{ .serviceName }}-cert
+  commonName: {{ .commonName }}
+  dnsNames:
+  {{- range (append .dnsNames .commonName) }}
+  - {{ . | quote }}
+  {{- end }}
+  renewBefore: 360h0m0s
+  duration: 2160h0m0s
+  {{ if .subject -}}
+  subject:
+    {{- toYaml .subject | nindent 4 }}
+  {{ else if .globalSubject -}}
+  subject:
+    {{- toYaml .globalSubject | nindent 4 }}
+  {{- end }}
+  {{ if .privateKey -}}
+  privateKey:
+    {{- toYaml .privateKey | nindent 4 }}
+  {{ else if .globalPrivateKey -}}
+  privateKey:
+    {{- toYaml .globalPrivateKey | nindent 4 }}
+  {{- end }}
+  {{ if .clusterIssuer -}}
+  issuerRef:
+    name: {{ .clusterIssuer }}
+    kind: ClusterIssuer
+  {{ else if .issuer -}}
+  issuerRef:
+    name: {{ .issuer }}
+    kind: Issuer
+  {{ else if .globalClusterIssuer -}}
+  issuerRef:
+    name: {{ .globalClusterIssuer}}
+    kind: ClusterIssuer
+  {{ else if .globalIssuer -}}
+  issuerRef:
+    name: {{ .globalIssuer }}
+    kind: Issuer
+  {{- end -}}
+{{- end }}