Blame - cluster/kube/lib/pki.libsonnet - hscloud

blob: b9b9df3c4953b40ad60585869d5e57ec4e65d558 [file] [log] [blame]

Sergiusz Bazanski	6f773e0	2019-10-02 20:46:48 +0200	[diff] [blame]	1	local kube = import "../../../kube/kube.libsonnet";
				2
				3	{
				4	Environment(clusterShort, realm): {
				5	local env = self,
				6
				7	realm:: realm,
				8	clusterShort:: clusterShort,
				9	clusterFQDN:: "%s.%s" % [clusterShort, realm],
				10
				11	namespace:: "cert-manager", // https://github.com/jetstack/cert-manager/issues/2130
				12
				13	// An issuer that self-signs certificates, used for the CA certificate.
				14	selfSignedIssuer: kube.Issuer("pki-selfsigned") {
				15	metadata+: {
				16	namespace: env.namespace,
				17	},
				18	spec: {
				19	selfSigned: {},
				20	},
				21	},
				22
				23	// CA keypair, self-signed by the above issuer.
				24	selfSignedCert: kube.Certificate("pki-selfsigned") {
				25	metadata+: {
				26	namespace: env.namespace,
				27	},
				28	spec: {
				29	secretName: "pki-selfsigned-cert",
				30	duration: "43800h0m0s", // 5 years,
				31	isCA: true,
				32	issuerRef: {
				33	name: env.selfSignedIssuer.metadata.name,
				34	},
				35	commonName: "pki-ca",
				36	},
				37	},
				38
				39	// CA issuer, used to issue certificates signed by the CA.
				40	issuer: kube.ClusterIssuer("pki-ca") {
				41	spec: {
				42	ca: {
				43	secretName: env.selfSignedCert.spec.secretName,
				44	},
				45	},
				46	},
				47	},
				48	}