81 lines
2.4 KiB
YAML
81 lines
2.4 KiB
YAML
|
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
|
||
|
{{- $ca := genCA "harbor-internal-ca" 365 }}
|
||
|
{{- $coreCN := (include "harbor.core" .) }}
|
||
|
{{- $coreCrt := genSignedCert $coreCN (list "127.0.0.1") (list "localhost" $coreCN) 365 $ca }}
|
||
|
{{- $jsCN := (include "harbor.jobservice" .) }}
|
||
|
{{- $jsCrt := genSignedCert $jsCN nil (list $jsCN) 365 $ca }}
|
||
|
{{- $regCN := (include "harbor.registry" .) }}
|
||
|
{{- $regCrt := genSignedCert $regCN nil (list $regCN) 365 $ca }}
|
||
|
{{- $portalCN := (include "harbor.portal" .) }}
|
||
|
{{- $portalCrt := genSignedCert $portalCN nil (list $portalCN) 365 $ca }}
|
||
|
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
name: "{{ template "harbor.internalTLS.core.secretName" . }}"
|
||
|
labels:
|
||
|
{{ include "harbor.labels" . | indent 4 }}
|
||
|
type: kubernetes.io/tls
|
||
|
data:
|
||
|
ca.crt: {{ $ca.Cert | b64enc | quote }}
|
||
|
tls.crt: {{ $coreCrt.Cert | b64enc | quote }}
|
||
|
tls.key: {{ $coreCrt.Key | b64enc | quote }}
|
||
|
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}"
|
||
|
labels:
|
||
|
{{ include "harbor.labels" . | indent 4 }}
|
||
|
type: kubernetes.io/tls
|
||
|
data:
|
||
|
ca.crt: {{ $ca.Cert | b64enc | quote }}
|
||
|
tls.crt: {{ $jsCrt.Cert | b64enc | quote }}
|
||
|
tls.key: {{ $jsCrt.Key | b64enc | quote }}
|
||
|
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
name: "{{ template "harbor.internalTLS.registry.secretName" . }}"
|
||
|
labels:
|
||
|
{{ include "harbor.labels" . | indent 4 }}
|
||
|
type: kubernetes.io/tls
|
||
|
data:
|
||
|
ca.crt: {{ $ca.Cert | b64enc | quote }}
|
||
|
tls.crt: {{ $regCrt.Cert | b64enc | quote }}
|
||
|
tls.key: {{ $regCrt.Key | b64enc | quote }}
|
||
|
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
name: "{{ template "harbor.internalTLS.portal.secretName" . }}"
|
||
|
labels:
|
||
|
{{ include "harbor.labels" . | indent 4 }}
|
||
|
type: kubernetes.io/tls
|
||
|
data:
|
||
|
ca.crt: {{ $ca.Cert | b64enc | quote }}
|
||
|
tls.crt: {{ $portalCrt.Cert | b64enc | quote }}
|
||
|
tls.key: {{ $portalCrt.Key | b64enc | quote }}
|
||
|
|
||
|
{{- if and .Values.trivy.enabled}}
|
||
|
---
|
||
|
{{- $trivyCN := (include "harbor.trivy" .) }}
|
||
|
{{- $trivyCrt := genSignedCert $trivyCN nil (list $trivyCN) 365 $ca }}
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
name: "{{ template "harbor.internalTLS.trivy.secretName" . }}"
|
||
|
labels:
|
||
|
{{ include "harbor.labels" . | indent 4 }}
|
||
|
type: kubernetes.io/tls
|
||
|
data:
|
||
|
ca.crt: {{ $ca.Cert | b64enc | quote }}
|
||
|
tls.crt: {{ $trivyCrt.Cert | b64enc | quote }}
|
||
|
tls.key: {{ $trivyCrt.Key | b64enc | quote }}
|
||
|
{{- end }}
|
||
|
|
||
|
{{- end }}
|