diff options
| author | Yuval Yacoby <33892515+yuvalyacoby@users.noreply.github.com> | 2023-10-15 19:14:24 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-15 09:14:24 -0700 |
| commit | c6991dfd5fb17326885567501d4ca4f532736aa1 (patch) | |
| tree | 5a02c58378ffbe5af9817aa4a988fb764dfeaac7 | |
| parent | cbc24c7b243282a6d72ac8a948fcc3122ee82ddb (diff) | |
| download | seaweedfs-c6991dfd5fb17326885567501d4ca4f532736aa1.tar.xz seaweedfs-c6991dfd5fb17326885567501d4ca4f532736aa1.zip | |
Helm use external certificates (#4913)
| -rw-r--r-- | k8s/charts/seaweedfs/templates/ca-cert.yaml | 2 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/cert-caissuer.yaml | 2 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml | 2 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/client-cert.yaml | 2 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/filer-cert.yaml | 2 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/master-cert.yaml | 2 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/volume-cert.yaml | 2 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/values.yaml | 5 |
8 files changed, 12 insertions, 7 deletions
diff --git a/k8s/charts/seaweedfs/templates/ca-cert.yaml b/k8s/charts/seaweedfs/templates/ca-cert.yaml index c1d432d31..fc002aebe 100644 --- a/k8s/charts/seaweedfs/templates/ca-cert.yaml +++ b/k8s/charts/seaweedfs/templates/ca-cert.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.enableSecurity }} +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} kind: Certificate metadata: diff --git a/k8s/charts/seaweedfs/templates/cert-caissuer.yaml b/k8s/charts/seaweedfs/templates/cert-caissuer.yaml index 4c2693043..72de126e1 100644 --- a/k8s/charts/seaweedfs/templates/cert-caissuer.yaml +++ b/k8s/charts/seaweedfs/templates/cert-caissuer.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.enableSecurity }} +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} kind: Issuer metadata: diff --git a/k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml b/k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml index c46aa4756..42e080fd6 100644 --- a/k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml +++ b/k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.enableSecurity }} +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} kind: ClusterIssuer metadata: diff --git a/k8s/charts/seaweedfs/templates/client-cert.yaml b/k8s/charts/seaweedfs/templates/client-cert.yaml index 5904a00b6..bda132a02 100644 --- a/k8s/charts/seaweedfs/templates/client-cert.yaml +++ b/k8s/charts/seaweedfs/templates/client-cert.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.enableSecurity }} +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} kind: Certificate metadata: diff --git a/k8s/charts/seaweedfs/templates/filer-cert.yaml b/k8s/charts/seaweedfs/templates/filer-cert.yaml index 8b5dbe257..c17815af2 100644 --- a/k8s/charts/seaweedfs/templates/filer-cert.yaml +++ b/k8s/charts/seaweedfs/templates/filer-cert.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.enableSecurity }} +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} kind: Certificate metadata: diff --git a/k8s/charts/seaweedfs/templates/master-cert.yaml b/k8s/charts/seaweedfs/templates/master-cert.yaml index bb935eedb..47dcaacd3 100644 --- a/k8s/charts/seaweedfs/templates/master-cert.yaml +++ b/k8s/charts/seaweedfs/templates/master-cert.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.enableSecurity }} +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} kind: Certificate metadata: diff --git a/k8s/charts/seaweedfs/templates/volume-cert.yaml b/k8s/charts/seaweedfs/templates/volume-cert.yaml index c6b333f7c..4df63db2c 100644 --- a/k8s/charts/seaweedfs/templates/volume-cert.yaml +++ b/k8s/charts/seaweedfs/templates/volume-cert.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.enableSecurity }} +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} kind: Certificate metadata: diff --git a/k8s/charts/seaweedfs/values.yaml b/k8s/charts/seaweedfs/values.yaml index 9e12a6e05..a83ceac46 100644 --- a/k8s/charts/seaweedfs/values.yaml +++ b/k8s/charts/seaweedfs/values.yaml @@ -640,3 +640,8 @@ certificates: keySize: 2048 duration: 2160h # 90d renewBefore: 360h # 15d + externalCertificates: + # This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA + # you will need to store your provided certificates in the secret read by the different services: + # seaweedfs-master-cert, seaweedfs-filer-cert, etc. Can see any statefulset definition to see secret names + enabled: false |