Yuval Yacoby
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with
12 additions and
7 deletions
-
k8s/charts/seaweedfs/templates/ca-cert.yaml
-
k8s/charts/seaweedfs/templates/cert-caissuer.yaml
-
k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml
-
k8s/charts/seaweedfs/templates/client-cert.yaml
-
k8s/charts/seaweedfs/templates/filer-cert.yaml
-
k8s/charts/seaweedfs/templates/master-cert.yaml
-
k8s/charts/seaweedfs/templates/volume-cert.yaml
-
k8s/charts/seaweedfs/values.yaml
|
@ -1,4 +1,4 @@ |
|
|
{{- if .Values.global.enableSecurity }} |
|
|
|
|
|
|
|
|
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
kind: Certificate |
|
|
kind: Certificate |
|
|
metadata: |
|
|
metadata: |
|
|
|
@ -1,4 +1,4 @@ |
|
|
{{- if .Values.global.enableSecurity }} |
|
|
|
|
|
|
|
|
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
kind: Issuer |
|
|
kind: Issuer |
|
|
metadata: |
|
|
metadata: |
|
|
|
@ -1,4 +1,4 @@ |
|
|
{{- if .Values.global.enableSecurity }} |
|
|
|
|
|
|
|
|
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
kind: ClusterIssuer |
|
|
kind: ClusterIssuer |
|
|
metadata: |
|
|
metadata: |
|
|
|
@ -1,4 +1,4 @@ |
|
|
{{- if .Values.global.enableSecurity }} |
|
|
|
|
|
|
|
|
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
kind: Certificate |
|
|
kind: Certificate |
|
|
metadata: |
|
|
metadata: |
|
|
|
@ -1,4 +1,4 @@ |
|
|
{{- if .Values.global.enableSecurity }} |
|
|
|
|
|
|
|
|
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
kind: Certificate |
|
|
kind: Certificate |
|
|
metadata: |
|
|
metadata: |
|
|
|
@ -1,4 +1,4 @@ |
|
|
{{- if .Values.global.enableSecurity }} |
|
|
|
|
|
|
|
|
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
kind: Certificate |
|
|
kind: Certificate |
|
|
metadata: |
|
|
metadata: |
|
|
|
@ -1,4 +1,4 @@ |
|
|
{{- if .Values.global.enableSecurity }} |
|
|
|
|
|
|
|
|
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} |
|
|
kind: Certificate |
|
|
kind: Certificate |
|
|
metadata: |
|
|
metadata: |
|
|
|
@ -640,3 +640,8 @@ certificates: |
|
|
keySize: 2048 |
|
|
keySize: 2048 |
|
|
duration: 2160h # 90d |
|
|
duration: 2160h # 90d |
|
|
renewBefore: 360h # 15d |
|
|
renewBefore: 360h # 15d |
|
|
|
|
|
externalCertificates: |
|
|
|
|
|
# This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA |
|
|
|
|
|
# you will need to store your provided certificates in the secret read by the different services: |
|
|
|
|
|
# seaweedfs-master-cert, seaweedfs-filer-cert, etc. Can see any statefulset definition to see secret names |
|
|
|
|
|
enabled: false |