ekuiper-new/deploy/chart/ekuiper/templates/tls-secrets.yaml

{{- if .Values.tls.enabled }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "neuron.fullname" . }}-certs
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "neuron.labels" . | nindent 4 }}
type: kubernetes.io/tls
data:
  {{- if or (not .Values.tls.autoGenerated ) (and .Values.tls.caCertificate .Values.tls.serverCertificate .Values.tls.serverKey) }}
  ca.crt: {{ required "A valid .Values.tls.caCertificate entry required!" .Values.tls.caCertificate | b64enc | quote }}
  tls.crt: {{ required "A valid .Values.tls.serverCertificate entry required!" .Values.tls.serverCertificate| b64enc | quote }}
  tls.key: {{ required "A valid .Values.tls.serverKey entry required!" .Values.tls.serverKey | b64enc | quote }}
  {{- else }}
  {{- $ca := genCA "neuron-ca" 365 }}
  {{- $fullname := include "neuron.fullname" . }}
  {{- $releaseNamespace := .Release.Namespace }}
  {{- $clusterDomain := .Values.clusterDomain }}
  {{- $serviceName := include "neuron.fullname" . }}
  {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }}
  {{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
  ca.crt: {{ $ca.Cert | b64enc | quote }}
  tls.crt: {{ $crt.Cert | b64enc | quote }}
  tls.key: {{ $crt.Key | b64enc | quote }}
  {{- end }}
{{- end }}