Skip to content

Commit 8159714

Browse files
kvapskvaps
committed
add certnameOverride option
1 parent 2dd42d0 commit 8159714

File tree

6 files changed

+30
-14
lines changed

6 files changed

+30
-14
lines changed

deploy/helm/kubernetes/templates/_helpers.tpl

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,17 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
2323
{{- end -}}
2424
{{- end -}}
2525

26+
{{/*
27+
Create a default certificate name.
28+
*/}}
29+
{{- define "kubernetes.certname" -}}
30+
{{- if .Values.certnameOverride -}}
31+
{{- .Values.certnameOverride | trunc 63 | trimSuffix "-" -}}
32+
{{- else -}}
33+
{{- template "kubernetes.fullname" . -}}
34+
{{- end -}}
35+
{{- end -}}
36+
2637
{{/*
2738
Generate etcd servers list.
2839
*/}}

deploy/helm/kubernetes/templates/apiserver-deployment.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
{{- if .Values.apiServer.enabled }}
22
{{- $fullName := include "kubernetes.fullname" . -}}
3+
{{- $certName := include "kubernetes.certname" . -}}
34
---
45
apiVersion: apps/v1
56
kind: Deployment
@@ -68,7 +69,7 @@ spec:
6869
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
6970
- --proxy-client-cert-file=/pki/front-proxy-client/tls.crt
7071
- --proxy-client-key-file=/pki/front-proxy-client/tls.key
71-
- --requestheader-allowed-names={{ $fullName }}-front-proxy-client
72+
- --requestheader-allowed-names={{ $certName }}-front-proxy-client
7273
- --requestheader-client-ca-file=/pki/front-proxy-client/ca.crt
7374
- --requestheader-extra-headers-prefix=X-Remote-Extra-
7475
- --requestheader-group-headers=X-Remote-Group

deploy/helm/kubernetes/templates/etcd-certs.yaml

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
{{- if .Values.etcd.enabled }}
22
{{- $fullName := include "kubernetes.fullname" . -}}
3+
{{- $certName := include "kubernetes.certname" . -}}
34
---
45
apiVersion: cert-manager.io/v1
56
kind: Certificate
67
metadata:
78
name: "{{ $fullName }}-pki-etcd-ca"
89
spec:
9-
commonName: "{{ $fullName }}-etcd-ca"
10+
commonName: "{{ $certName }}-etcd-ca"
1011
secretName: "{{ $fullName }}-pki-etcd-ca"
1112
duration: 87600h # 3650d
1213
renewBefore: 8760h # 365d
@@ -44,7 +45,7 @@ kind: Certificate
4445
metadata:
4546
name: "{{ $fullName }}-pki-etcd-peer"
4647
spec:
47-
commonName: "{{ $fullName }}-etcd-peer"
48+
commonName: "{{ $certName }}-etcd-peer"
4849
secretName: "{{ $fullName }}-pki-etcd-peer"
4950
duration: 8760h # 365d
5051
renewBefore: 4380h # 178d
@@ -75,7 +76,7 @@ kind: Certificate
7576
metadata:
7677
name: "{{ $fullName }}-pki-etcd-server"
7778
spec:
78-
commonName: "{{ $fullName }}-etcd-server"
79+
commonName: "{{ $certName }}-etcd-server"
7980
secretName: "{{ $fullName }}-pki-etcd-server"
8081
duration: 8760h # 365d
8182
renewBefore: 4380h # 178d
@@ -120,7 +121,7 @@ kind: Certificate
120121
metadata:
121122
name: "{{ $fullName }}-pki-etcd-healthcheck-client"
122123
spec:
123-
commonName: "{{ $fullName }}-etcd-healthcheck-client"
124+
commonName: "{{ $certName }}-etcd-healthcheck-client"
124125
secretName: "{{ $fullName }}-pki-etcd-healthcheck-client"
125126
duration: 8760h # 365d
126127
renewBefore: 4380h # 178d
@@ -140,7 +141,7 @@ kind: Certificate
140141
metadata:
141142
name: "{{ $fullName }}-pki-apiserver-etcd-client"
142143
spec:
143-
commonName: "{{ $fullName }}-apiserver-etcd-client"
144+
commonName: "{{ $certName }}-apiserver-etcd-client"
144145
secretName: "{{ $fullName }}-pki-apiserver-etcd-client"
145146
duration: 8760h # 365d
146147
renewBefore: 4380h # 178d

deploy/helm/kubernetes/templates/konnectivity-certs.yaml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
{{- if and .Values.konnectivityServer.enabled }}
22
{{- $fullName := include "kubernetes.fullname" . -}}
3+
{{- $certName := include "kubernetes.certname" . -}}
34
---
45
apiVersion: cert-manager.io/v1
56
kind: Certificate
67
metadata:
78
name: "{{ $fullName }}-pki-konnectivity-ca"
89
spec:
9-
commonName: "{{ $fullName }}-konnectivity-ca"
10+
commonName: "{{ $certName }}-konnectivity-ca"
1011
secretName: "{{ $fullName }}-pki-konnectivity-ca"
1112
duration: 87600h # 3650d
1213
renewBefore: 8760h # 365d
@@ -41,7 +42,7 @@ kind: Certificate
4142
metadata:
4243
name: "{{ $fullName }}-pki-konnectivity-server"
4344
spec:
44-
commonName: "{{ $fullName }}-konnectivity-server"
45+
commonName: "{{ $certName }}-konnectivity-server"
4546
secretName: "{{ $fullName }}-pki-konnectivity-server"
4647
duration: 8760h # 365d
4748
renewBefore: 4380h # 178d
@@ -71,7 +72,7 @@ kind: Certificate
7172
metadata:
7273
name: "{{ $fullName }}-pki-konnectivity-client"
7374
spec:
74-
commonName: "{{ $fullName }}-konnectivity-client"
75+
commonName: "{{ $certName }}-konnectivity-client"
7576
secretName: "{{ $fullName }}-pki-konnectivity-client"
7677
duration: 8760h # 365d
7778
renewBefore: 4380h # 178d

deploy/helm/kubernetes/templates/kubernetes-certs.yaml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{{- $fullName := include "kubernetes.fullname" . -}}
2+
{{- $certName := include "kubernetes.certname" . -}}
23
---
34
apiVersion: cert-manager.io/v1
45
kind: Certificate
56
metadata:
67
name: "{{ $fullName }}-pki-ca"
78
spec:
8-
commonName: "{{ $fullName }}-ca"
9+
commonName: "{{ $certName }}-ca"
910
secretName: "{{ $fullName }}-pki-ca"
1011
duration: 87600h # 3650d
1112
renewBefore: 8760h # 365d
@@ -40,7 +41,7 @@ kind: Certificate
4041
metadata:
4142
name: "{{ $fullName }}-pki-apiserver"
4243
spec:
43-
commonName: "{{ $fullName }}-apiserver"
44+
commonName: "{{ $certName }}-apiserver"
4445
secretName: "{{ $fullName }}-pki-apiserver"
4546
duration: 8760h # 365d
4647
renewBefore: 4380h # 178d
@@ -82,7 +83,7 @@ kind: Certificate
8283
metadata:
8384
name: "{{ $fullName }}-pki-apiserver-kubelet-client"
8485
spec:
85-
commonName: "{{ $fullName }}-apiserver-kubelet-client"
86+
commonName: "{{ $certName }}-apiserver-kubelet-client"
8687
secretName: "{{ $fullName }}-pki-apiserver-kubelet-client"
8788
duration: 8760h # 365d
8889
renewBefore: 4380h # 178d

deploy/helm/kubernetes/templates/kubernetes-front-proxy-certs.yaml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
{{- if and .Values.apiServer.enabled }}
22
{{- $fullName := include "kubernetes.fullname" . -}}
3+
{{- $certName := include "kubernetes.certname" . -}}
34
---
45
apiVersion: cert-manager.io/v1
56
kind: Certificate
67
metadata:
78
name: "{{ $fullName }}-pki-front-proxy-ca"
89
spec:
9-
commonName: "{{ $fullName }}-front-proxy-ca"
10+
commonName: "{{ $certName }}-front-proxy-ca"
1011
secretName: "{{ $fullName }}-pki-front-proxy-ca"
1112
duration: 87600h # 3650d
1213
renewBefore: 8760h # 365d
@@ -35,7 +36,7 @@ kind: Certificate
3536
metadata:
3637
name: "{{ $fullName }}-pki-front-proxy-client"
3738
spec:
38-
commonName: "{{ $fullName }}-front-proxy-client"
39+
commonName: "{{ $certName }}-front-proxy-client"
3940
secretName: "{{ $fullName }}-pki-front-proxy-client"
4041
duration: 8760h # 365d
4142
renewBefore: 4380h # 178d

0 commit comments

Comments
 (0)