Skip to content

Commit

Permalink
Merge pull request #53 from ronaldmiranda/helm/add-cert-manager
Browse files Browse the repository at this point in the history 
[Helm] Add Possibility to handle cert-manager certificates
  • Loading branch information
@mlbiam
mlbiam authored Sep 15, 2024
2 parents f1a6c31 + 6b1dd2f commit e24311e
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 2 deletions.
40 changes: 38 additions & 2 deletions deploy/charts/kube-oidc-proxy/templates/secret_tls.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,44 @@
{{- if (not .Values.tls.secretName) }}
{{ $fullname := include "kube-oidc-proxy.fullname" . }}
{{ $ca := genCA (printf "%s-ca" $fullname) 3650 }}
{{ $cn := printf "%s.%s.svc.cluster.local" $fullname .Release.Namespace }}
{{ $server := genSignedCert $cn nil nil 365 $ca }}
{{ $in := printf "%s-issuer" $fullname }}

{{ if .Values.tls.certManager }}
{{ if .Values.tls.selfSigned }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ template "kube-oidc-proxy.fullname" . }}-issuer
spec:
selfSigned: {}
---
{{ end }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kube-oidc-proxy.fullname" . }}-tls
spec:
commonName: {{ template "kube-oidc-proxy.fullname" . }}-tls
dnsNames:
- {{ $cn }}
secretName: {{ template "kube-oidc-proxy.fullname" . }}-tls
issuerRef:
group: cert-manager.io
kind: Issuer
name: {{ .Values.tls.issuerName | default $in }}
{{ if .Values.tls.selfSigned }}
duration: 3650h0m0s
privateKey:
algorithm: RSA
encoding: PKCS8
size: 2048
renewBefore: 24h0m0s
usages:
- server auth
{{ end }}
{{ else }}
{{- if (not .Values.tls.secretName) }}
{{ $server := genSignedCert $cn nil nil 365 $ca }}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
Expand All @@ -15,3 +50,4 @@ data:
tls.crt: {{ b64enc $server.Cert }}
tls.key: {{ b64enc $server.Key }}
{{ end }}
{{ end }}
6 changes: 6 additions & 0 deletions deploy/charts/kube-oidc-proxy/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ tls:
# `secretName` must be a name of Secret of TLS type. If not provided a
# self-signed certificate will get generated.
secretName:
# `certManager` if you have cert-manager in your cluster and dont want to manage manually
certManager: false
# `selfSigned` if you have cert-manager and perfer or not to use use default issuer or generate by using other issuer
selfSigned: true
# `issuerName` if `selfSigned` is false, you should add your own Issuer
issuerName:

# These values needs to be set in overrides in order to get kube-oidc-proxy
# working.
Expand Down

0 comments on commit e24311e

Please sign in to comment.