Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / keycloak / templates / tls-secret.yaml
blob: cd90df3754baac3cdd5f86c1f1f7e18c0bb94e87 [file] [log] [blame]
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]1{{- /*
2Copyright VMware, Inc.
3SPDX-License-Identifier: APACHE-2.0
4*/}}
5
6{{- if .Values.ingress.enabled }}
7{{- if .Values.ingress.secrets }}
8{{- range .Values.ingress.secrets }}
9apiVersion: v1
10kind: Secret
11metadata:
12 name: {{ .name }}
13 namespace: {{ include "common.names.namespace" $ | quote }}
14 labels: {{- include "common.labels.standard" $ | nindent 4 }}
15 {{- if $.Values.commonLabels }}
16 {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
17 {{- end }}
18 {{- if $.Values.commonAnnotations }}
19 annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
20 {{- end }}
21type: kubernetes.io/tls
22data:
23 tls.crt: {{ .certificate | b64enc }}
24 tls.key: {{ .key | b64enc }}
25---
26{{- end }}
27{{- end }}
28{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
29{{- $secretName := printf "%s-tls" .Values.ingress.hostname }}
30{{- $ca := genCA "keycloak-ca" 365 }}
31{{- $cert := genSignedCert (tpl .Values.ingress.hostname .) nil (list (tpl .Values.ingress.hostname .)) 365 $ca }}
32apiVersion: v1
33kind: Secret
34metadata:
35 name: {{ $secretName }}
36 namespace: {{ include "common.names.namespace" . | quote }}
37 labels: {{- include "common.labels.standard" . | nindent 4 }}
38 {{- if .Values.commonLabels }}
39 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
40 {{- end }}
41 {{- if .Values.commonAnnotations }}
42 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
43 {{- end }}
44type: kubernetes.io/tls
45data:
46 tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
47 tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
48 ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
49{{- end }}
50{{- end }}
51{{- if (include "keycloak.createTlsSecret" $) }}
52{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
53{{- $ca := genCA "keycloak-ca" 365 }}
54{{- $releaseNamespace := include "common.names.namespace" . }}
55{{- $clusterDomain := .Values.clusterDomain }}
56---
57apiVersion: v1
58kind: Secret
59metadata:
60 name: {{ $secretName }}
61 namespace: {{ include "common.names.namespace" . | quote }}
62 labels: {{- include "common.labels.standard" . | nindent 4 }}
63 app.kubernetes.io/component: keycloak
64 {{- if .Values.commonLabels }}
65 {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
66 {{- end }}
67 {{- if .Values.commonAnnotations }}
68 annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
69 {{- end }}
70type: Opaque
71data:
72 {{- $replicaCount := int .Values.replicaCount }}
73 {{- $svcName := include "common.names.fullname" . }}
74 {{- $altNames := list (printf "%s.%s.svc.%s" $svcName $releaseNamespace $clusterDomain) (printf "%s.%s" $svcName $releaseNamespace) $svcName }}
75 {{- $cert := genSignedCert $svcName nil $altNames 365 $ca }}
76 tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
77 tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
78 ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
79{{- end }}
80