Browse Source

Helm use external certificates (#4913)

pull/4914/head
Yuval Yacoby 1 year ago
committed by GitHub
parent
commit
c6991dfd5f
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      k8s/charts/seaweedfs/templates/ca-cert.yaml
  2. 2
      k8s/charts/seaweedfs/templates/cert-caissuer.yaml
  3. 2
      k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml
  4. 2
      k8s/charts/seaweedfs/templates/client-cert.yaml
  5. 2
      k8s/charts/seaweedfs/templates/filer-cert.yaml
  6. 2
      k8s/charts/seaweedfs/templates/master-cert.yaml
  7. 2
      k8s/charts/seaweedfs/templates/volume-cert.yaml
  8. 5
      k8s/charts/seaweedfs/values.yaml

2
k8s/charts/seaweedfs/templates/ca-cert.yaml

@ -1,4 +1,4 @@
{{- if .Values.global.enableSecurity }}
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
kind: Certificate kind: Certificate
metadata: metadata:

2
k8s/charts/seaweedfs/templates/cert-caissuer.yaml

@ -1,4 +1,4 @@
{{- if .Values.global.enableSecurity }}
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
kind: Issuer kind: Issuer
metadata: metadata:

2
k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml

@ -1,4 +1,4 @@
{{- if .Values.global.enableSecurity }}
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:

2
k8s/charts/seaweedfs/templates/client-cert.yaml

@ -1,4 +1,4 @@
{{- if .Values.global.enableSecurity }}
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
kind: Certificate kind: Certificate
metadata: metadata:

2
k8s/charts/seaweedfs/templates/filer-cert.yaml

@ -1,4 +1,4 @@
{{- if .Values.global.enableSecurity }}
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
kind: Certificate kind: Certificate
metadata: metadata:

2
k8s/charts/seaweedfs/templates/master-cert.yaml

@ -1,4 +1,4 @@
{{- if .Values.global.enableSecurity }}
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
kind: Certificate kind: Certificate
metadata: metadata:

2
k8s/charts/seaweedfs/templates/volume-cert.yaml

@ -1,4 +1,4 @@
{{- if .Values.global.enableSecurity }}
{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
kind: Certificate kind: Certificate
metadata: metadata:

5
k8s/charts/seaweedfs/values.yaml

@ -640,3 +640,8 @@ certificates:
keySize: 2048 keySize: 2048
duration: 2160h # 90d duration: 2160h # 90d
renewBefore: 360h # 15d renewBefore: 360h # 15d
externalCertificates:
# This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA
# you will need to store your provided certificates in the secret read by the different services:
# seaweedfs-master-cert, seaweedfs-filer-cert, etc. Can see any statefulset definition to see secret names
enabled: false
Loading…
Cancel
Save