Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions charts/capsule-proxy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -206,10 +206,15 @@ You can manage the certificate with the help of [cert-manager](https://cert-mana

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| certManager.ca.duration | string | `""` | Duration of validity for the CA certificate (e.g. 2160h for 90 days) |
| certManager.ca.fields | object | `{"privateKey":{"algorithm":"ECDSA","size":256}}` | Additional fields to include in certificate |
| certManager.ca.renewBefore | string | `""` | Renew the CA certificate before its expiration time (e.g. 360h for 15 days) |
| certManager.certificate.dnsNames | list | `[]` | Additional DNS Names to include in certificate |
| certManager.certificate.duration | string | `""` | Duration of validity for the CA certificate (e.g. 2160h for 90 days) |
| certManager.certificate.fields | object | `{"privateKey":{"rotationPolicy":"Always"}}` | Additional fields to include in certificate |
| certManager.certificate.includeInternalServiceNames | bool | `true` | Include internal service names in certificate (disable if you create a public cert) |
| certManager.certificate.ipAddresses | list | `[]` | Additional IP Addresses to include in certificate |
| certManager.certificate.renewBefore | string | `""` | Renew the CA certificate before its expiration time (e.g. 360h for 15 days) |
| certManager.certificate.uris | list | `[]` | Additional URIs to include in certificate |
| certManager.externalCA.enabled | bool | `false` | Set if want cert manager to sign certificates with an external CA |
| certManager.externalCA.secretName | string | `""` | |
Expand Down
22 changes: 17 additions & 5 deletions charts/capsule-proxy/templates/certmanager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,22 @@ metadata:
app.kubernetes.io/component: "proxy"
{{- include "capsule-proxy.labels" . | nindent 4 }}
spec:
{{- with .Values.certManager.ca.fields }}
{{ toYaml . | nindent 2 }}
{{- end }}
isCA: true
commonName: {{ include "capsule-proxy.fullname" . }}-selfsigned-ca
secretName: {{ include "capsule-proxy.caSecretName" . }}
{{- if .Values.certManager.secretTemplate.ca }}
{{- with .Values.certManager.secretTemplate.ca }}
secretTemplate:
{{- toYaml .Values.certManager.secretTemplate.ca | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.certManager.ca.duration }}
duration: {{ . }}
{{- end }}
{{- with .Values.certManager.ca.renewBefore }}
renewBefore: {{ . }}
{{- end }}
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: {{ include "capsule-proxy.fullname" . }}-selfsigned-issuer
kind: Issuer
Expand Down Expand Up @@ -92,6 +98,12 @@ spec:
kind: {{ .Values.certManager.issuer.kind }}
name: {{ include "capsule-proxy.certManager.issuerName" . }}
secretName: {{ include "capsule-proxy.fullname" . }}
{{- with .Values.certManager.certificate.duration }}
duration: {{ . }}
{{- end }}
{{- with .Values.certManager.certificate.renewBefore }}
renewBefore: {{ . }}
{{- end }}
{{- if .Values.certManager.secretTemplate.certificate }}
secretTemplate:
{{- toYaml .Values.certManager.secretTemplate.certificate | nindent 4 }}
Expand Down
93 changes: 75 additions & 18 deletions charts/capsule-proxy/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,48 @@
"certManager": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"properties": {
"duration": {
"description": "Duration of validity for the CA certificate (e.g. 2160h for 90 days)",
"type": "string"
},
"fields": {
"description": "Additional fields to include in certificate",
"type": "object",
"properties": {
"privateKey": {
"type": "object",
"properties": {
"algorithm": {
"type": "string"
},
"size": {
"type": "integer"
}
}
}
},
"additionalProperties": true
},
"renewBefore": {
"description": "Renew the CA certificate before its expiration time (e.g. 360h for 15 days)",
"type": "string"
}
}
},
"certificate": {
"type": "object",
"properties": {
"dnsNames": {
"description": "Additional DNS Names to include in certificate",
"type": "array"
},
"duration": {
"description": "Duration of validity for the CA certificate (e.g. 2160h for 90 days)",
"type": "string"
},
"fields": {
"description": "Additional fields to include in certificate",
"type": "object",
Expand All @@ -69,7 +104,8 @@
}
}
}
}
},
"additionalProperties": true
},
"includeInternalServiceNames": {
"description": "Include internal service names in certificate (disable if you create a public cert)",
Expand All @@ -79,6 +115,10 @@
"description": "Additional IP Addresses to include in certificate",
"type": "array"
},
"renewBefore": {
"description": "Renew the CA certificate before its expiration time (e.g. 360h for 15 days)",
"type": "string"
},
"uris": {
"description": "Additional URIs to include in certificate",
"type": "array"
Expand Down Expand Up @@ -119,11 +159,13 @@
"properties": {
"ca": {
"description": "Labels and annotations added to the self-signed CA certificate secret",
"type": "object"
"type": "object",
"additionalProperties": true
},
"certificate": {
"description": "Labels and annotations added to the certificate secret",
"type": "object"
"type": "object",
"additionalProperties": true
}
}
}
Expand Down Expand Up @@ -203,7 +245,8 @@
"tokenURL": {
"type": "string"
}
}
},
"additionalProperties": true
},
"enabled": {
"description": "Enable Gangplank",
Expand Down Expand Up @@ -294,7 +337,8 @@
}
}
}
}
},
"additionalProperties": true
},
"nodeSelector": {
"description": "Set the node selector",
Expand All @@ -320,7 +364,8 @@
}
}
}
}
},
"additionalProperties": true
},
"priorityClassName": {
"description": "Set a pod priorityClassName",
Expand All @@ -341,7 +386,8 @@
}
}
}
}
},
"additionalProperties": true
},
"replicaCount": {
"description": "Set the replica count",
Expand Down Expand Up @@ -384,7 +430,8 @@
"runAsUser": {
"type": "integer"
}
}
},
"additionalProperties": true
},
"sensitiveEnvs": {
"description": "Environment variables (Secret)",
Expand All @@ -393,7 +440,8 @@
"GANGPLANK_CONFIG_SESSION_SECURITY_KEY": {
"type": "string"
}
}
},
"additionalProperties": true
},
"service": {
"type": "object",
Expand Down Expand Up @@ -511,7 +559,8 @@
}
}
}
}
},
"additionalProperties": true
},
"priorityClassName": {
"description": "Set a pod priorityClassName",
Expand Down Expand Up @@ -558,7 +607,8 @@
"runAsUser": {
"type": "integer"
}
}
},
"additionalProperties": true
},
"tolerations": {
"description": "Set list of tolerations",
Expand Down Expand Up @@ -637,7 +687,8 @@
}
}
}
}
},
"additionalProperties": true
},
"priorityClassName": {
"description": "Set a pod priorityClassName",
Expand Down Expand Up @@ -684,7 +735,8 @@
"runAsUser": {
"type": "integer"
}
}
},
"additionalProperties": true
},
"tolerations": {
"description": "Set list of tolerations",
Expand Down Expand Up @@ -785,7 +837,8 @@
"type": "object",
"properties": {
"certs": {
"type": "object"
"type": "object",
"additionalProperties": true
}
}
},
Expand Down Expand Up @@ -817,7 +870,8 @@
"initialDelaySeconds": {
"type": "integer"
}
}
},
"additionalProperties": true
},
"nodeSelector": {
"description": "Set the node selector for the capsule-proxy pod.",
Expand Down Expand Up @@ -947,7 +1001,8 @@
}
}
}
}
},
"additionalProperties": true
},
"priorityClassName": {
"description": "Specifies PriorityClass of the capsule-proxy pod.",
Expand Down Expand Up @@ -990,7 +1045,8 @@
"initialDelaySeconds": {
"type": "integer"
}
}
},
"additionalProperties": true
},
"replicaCount": {
"description": "Set the replica count for capsule-proxy pod.",
Expand Down Expand Up @@ -1064,7 +1120,8 @@
"runAsUser": {
"type": "integer"
}
}
},
"additionalProperties": true
},
"service": {
"type": "object",
Expand Down
Loading
Loading