Helm use external certificates (#4913)

2024-01-19 02:48:24 +00:00 · 2023-10-15 19:14:24 +03:00 · 2023-10-15 19:14:24 +03:00 · c6991dfd5f
parent cbc24c7b24
commit c6991dfd5f
8 changed files with 12 additions and 7 deletions
--- a/k8s/charts/seaweedfs/templates/ca-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/ca-cert.yaml
@ -1,4 +1,4 @@
-{{- if .Values.global.enableSecurity }}
+{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
--- a/k8s/charts/seaweedfs/templates/cert-caissuer.yaml
+++ b/k8s/charts/seaweedfs/templates/cert-caissuer.yaml
@ -1,4 +1,4 @@
-{{- if .Values.global.enableSecurity }}
+{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Issuer
 metadata:
--- a/k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml
+++ b/k8s/charts/seaweedfs/templates/cert-clusterissuer.yaml
@ -1,4 +1,4 @@
-{{- if .Values.global.enableSecurity }}
+{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: ClusterIssuer
 metadata:
--- a/k8s/charts/seaweedfs/templates/client-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/client-cert.yaml
@ -1,4 +1,4 @@
-{{- if .Values.global.enableSecurity }}
+{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
--- a/k8s/charts/seaweedfs/templates/filer-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/filer-cert.yaml
@ -1,4 +1,4 @@
-{{- if .Values.global.enableSecurity }}
+{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
--- a/k8s/charts/seaweedfs/templates/master-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/master-cert.yaml
@ -1,4 +1,4 @@
-{{- if .Values.global.enableSecurity }}
+{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
--- a/k8s/charts/seaweedfs/templates/volume-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/volume-cert.yaml
@ -1,4 +1,4 @@
-{{- if .Values.global.enableSecurity }}
+{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}}
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
--- a/k8s/charts/seaweedfs/values.yaml
+++ b/k8s/charts/seaweedfs/values.yaml
@ -640,3 +640,8 @@ certificates:
  keySize: 2048
  duration: 2160h  # 90d
  renewBefore: 360h  # 15d
  externalCertificates:
    # This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA
    # you will need to store your provided certificates in the secret read by the different services:
    # seaweedfs-master-cert, seaweedfs-filer-cert, etc. Can see any statefulset definition to see secret names
    enabled: false