mello/Monitoring
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Monitoring/helm/uptime-karma/templates/certificate.yaml
James Mellors 66542d819d setting up tls
2025-04-21 17:10:06 +01:00

78 lines
3.1 KiB
YAML
Raw Blame History

{{- /* ================================================================== */ -}}
{{- /* Cert-Manager Certificate Configuration */ -}}
{{- /* ================================================================== */ -}}
{{- /*
Creates a Certificate resource for cert-manager.
Prerequisites:
- cert-manager must be installed in the cluster.
- An Issuer or ClusterIssuer (referenced in values.yaml) must exist.
- ingress.enabled must be true.
- certManager.enabled must be true.
- At least one entry must exist in ingress.tls.
*/}}
{{- if and .Values.ingress.enabled .Values.certManager.enabled .Values.ingress.tls }}
{{- $namespace := include "uptime-kuma.namespace" . -}}
{{- $issuerName := .Values.certManager.issuer.name -}}
{{- $issuerKind := .Values.certManager.issuer.kind -}}
{{- if not $issuerName }}
{{- fail "ERROR: certManager.enabled is true but certManager.issuer.name is not set!" }}
{{- end }}
{{- if not $issuerKind }}
{{- fail "ERROR: certManager.enabled is true but certManager.issuer.kind is not set!" }}
{{- end }}
{{- /* Loop through each TLS entry defined in ingress.tls */}}
{{- range .Values.ingress.tls }}
{{- $secretName := .secretName }}
{{- $hosts := .hosts }}
{{- if not $secretName }}
{{- fail "ERROR: certManager.enabled is true but ingress.tls contains an entry without a 'secretName'." }}
{{- end }}
{{- if not $hosts }}
{{- fail (printf "ERROR: certManager.enabled is true but ingress.tls entry for secret '%s' contains no 'hosts'." $secretName) }}
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
# The name of the Certificate resource itself. Often matches the secretName for clarity.
name: {{ $secretName }}
namespace: istio-system # Change to the namespace where the Istio Gateway is deployed
labels:
{{- include "uptime-kuma.labels" $ | nindent 4 }}
{{- with $.Values.certManager.certificate.extraLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $.Values.certManager.certificate.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
# secretName: The name of the Kubernetes Secret resource where the certificate
# and key will be stored by cert-manager. This MUST match the
# secretName used by the Istio Gateway's credentialName.
secretName: {{ $secretName }}
# issuerRef: Reference to the Issuer or ClusterIssuer that will sign the certificate.
issuerRef:
name: {{ $issuerName }}
kind: {{ $issuerKind }}
# group: cert-manager.io # group is usually implicit for core issuers
# List of DNS names the certificate will be valid for.
dnsNames:
{{- range $hosts }}
- {{ . | quote }}
{{- end }}
# Optional: Define Common Name (CN). Often derived from the first DNS name.
{{- $firstHost := first $hosts -}}
{{- if $firstHost }}
commonName: {{ $firstHost | quote }}
{{- end }}
# Optional: Add other cert-manager spec fields like duration, renewBefore, privateKey, usages etc.
# duration: 2160h # 90d
# renewBefore: 360h # 15d
{{- end }} {{/* end range .Values.ingress.tls */}}
{{- end }} {{/* end if certManager.enabled */}}
Reference in New Issue View Git Blame Copy Permalink