{{- if .Values.tls.enabled }} apiVersion: v1 kind: Secret metadata: name: {{ include "neuron.fullname" . }}-certs namespace: {{ .Release.Namespace }} labels: {{- include "neuron.labels" . | nindent 4 }} type: kubernetes.io/tls data: {{- if or (not .Values.tls.autoGenerated ) (and .Values.tls.caCertificate .Values.tls.serverCertificate .Values.tls.serverKey) }} ca.crt: {{ required "A valid .Values.tls.caCertificate entry required!" .Values.tls.caCertificate | b64enc | quote }} tls.crt: {{ required "A valid .Values.tls.serverCertificate entry required!" .Values.tls.serverCertificate| b64enc | quote }} tls.key: {{ required "A valid .Values.tls.serverKey entry required!" .Values.tls.serverKey | b64enc | quote }} {{- else }} {{- $ca := genCA "neuron-ca" 365 }} {{- $fullname := include "neuron.fullname" . }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} {{- $serviceName := include "neuron.fullname" . }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }} {{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} ca.crt: {{ $ca.Cert | b64enc | quote }} tls.crt: {{ $crt.Cert | b64enc | quote }} tls.key: {{ $crt.Key | b64enc | quote }} {{- end }} {{- end }}