openkruise
/
charts
mirror of https://github.com/openkruise/charts.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add cert-manager manifests 

Signed-off-by: Kagaya <kagaya85@outlook.com>
This commit is contained in:
Kagaya 2025-06-18 18:04:55 +08:00
parent 8551b2a437
commit a5c5255ab6
6 changed files with 111 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
versions/kruise-game/next/templates/cert-manager/okg-issuer.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- if and .Values.certificates.certManager.enabled .Values.certificates.certManager.issuer.generate }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ .Values.kruiseGame.fullname }}-issuer
namespace: {{ .Values.installation.namespace }}
spec:
ca:
secretName: {{ .Values.certificates.certManager.caSecretName }}
{{- end }}

38
versions/kruise-game/next/templates/cert-manager/okg-tls-certificate.yaml Normal file
View File

@ -0,0 +1,38 @@
{{- if .Values.certificates.certManager.enabled }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Values.kruiseGame.fullname }}-tls-certificates
namespace: {{ .Values.installation.namespace }}
spec:
commonName: {{ .Values.kruiseGame.fullname }}
dnsNames:
- {{ ..Values.kruiseGame.webhook.serviceName }}.{{ .Values.installation.namespace }}
- {{ ..Values.kruiseGame.webhook.serviceName }}.{{ .Values.installation.namespace }}.svc
- {{ ..Values.kruiseGame.webhook.serviceName }}.{{ .Values.installation.namespace }}.svc.{{ .Values.clusterDomain }}
secretName: {{ .Values.certificates.secretName }}
usages:
- server auth
- client auth
privateKey:
algorithm: RSA
size: 2048
duration: {{ .Values.certificates.certManager.duration }}
renewBefore: {{ .Values.certificates.certManager.renewBefore }}
issuerRef:
{{- if .Values.certificates.certManager.issuer.generate }}
name: {{ .Values.kruiseGame.fullname }}-issuer
kind: Issuer
group: cert-manager.io
{{- else }}
{{- if .Values.certificates.certManager.issuer.name }}
name: {{ .Values.certificates.certManager.issuer.name }}
{{- end }}
{{- if .Values.certificates.certManager.issuer.kind }}
kind: {{ .Values.certificates.certManager.issuer.kind }}
{{- end }}
{{- if .Values.certificates.certManager.issuer.group }}
group: {{ .Values.certificates.certManager.issuer.group }}
{{- end }}
{{- end }}
{{- end }}

20
versions/kruise-game/next/templates/cert-manager/self-ca.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and .Values.certificates.certManager.enabled .Values.certificates.certManager.generateCA .Values.certificates.certManager.issuer.generate }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Values.kruiseGame.fullname }}-ca
namespace: {{ .Values.installation.namespace }}
spec:
isCA: true
commonName: {{ .Values.kruiseGame.fullname }}
secretName: {{ .Values.certificates.certManager.caSecretName }}
privateKey:
algorithm: RSA
size: 2048
duration: 8760h0m0s # 1 year
renewBefore: 720h0m0s # 1 month
issuerRef:
name: {{ .Values.operator.name }}-selfsigned-issuer
kind: Issuer
group: cert-manager.io
{{- end }}

13
versions/kruise-game/next/templates/cert-manager/self-issuer.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if and .Values.certificates.certManager.enabled .Values.certificates.certManager.generateCA .Values.certificates.certManager.issuer.generate }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
{{- with .Values.additionalAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ .Values.kruiseGame.fullname }}-selfsigned-issuer
namespace: {{ .Values.installation.namespace }}
spec:
selfSigned: {}
{{- end }}

2
versions/kruise-game/next/templates/webhook_service.yaml
View File

@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: kruise-game-webhook-service name: {{ .Values.kruiseGame.webhook.serviceName }}
namespace: {{ .Values.installation.namespace }} namespace: {{ .Values.installation.namespace }}
spec: spec:
ports: ports:

28
versions/kruise-game/next/values.yaml
View File

@ -11,6 +11,7 @@ kruiseGame:
fullname: kruise-game-controller-manager fullname: kruise-game-controller-manager
healthBindPort: "8082" healthBindPort: "8082"
webhook: webhook:
serviceName: kruise-game-webhook-service
port: 443 port: 443
targetPort: 9876 targetPort: 9876
apiServerQps: 5 apiServerQps: 5
@ -28,6 +29,9 @@ serviceAccount:
# Annotations to add to the service account # Annotations to add to the service account
annotations: {} annotations: {}
# Kubernetes cluster domain
clusterDomain: cluster.local
service: service:
port: 8443 port: 8443
@ -53,6 +57,7 @@ prometheus:
enabled: false enabled: false
monitorService: monitorService:
port: 8080 port: 8080
scale: scale:
service: service:
port: 6000 port: 6000
@ -64,3 +69,26 @@ network:
cloudProvider: cloudProvider:
installCRD: true installCRD: true
certificates:
autoGenerated: true
secretName: kruise-game-certs
mountPath: /tmp/webhook-certs/
certManager:
enabled: false
duration: 8760h0m0s # 1 year
renewBefore: 5840h0m0s # 8 months
generateCA: true
caSecretName: "kruise-game-ca"
secretTemplate: {}
# annotations:
# my-secret-annotation-1: "foo"
# my-secret-annotation-2: "bar"
# labels:
# my-secret-label: foo
# -- Reference to custom Issuer. If issuer.generate is false, then issuer.group, issuer.kind and issuer.name are required
issuer:
generate: true
name: kruise-ca
kind: ClusterIssuer
group: cert-manager.io