charts/templates/tls-secret.yaml
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.secrets }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace | quote }}
labels:
{{- include "backend-java-patterns.labels" . | nindent 4 }}
{{- if .Values.secrets.labels }}
{{- with .Values.secrets.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.secrets.annotations }}
{{- with .Values.secrets.annotations }}
annotations:
{{- toYaml . | indent 4 }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $ca := genCA "ingress-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "backend-java-patterns.labels" . | nindent 4 }}
{{- if .Values.secrets.labels }}
{{- with .Values.secrets.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.secrets.annotations }}
{{- with .Values.secrets.annotations }}
annotations:
{{- toYaml . | indent 4 }}
{{- end }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- end }}
{{- end }}