mirror of
https://github.com/fatedier/frp.git
synced 2025-06-17 17:18:21 +00:00
41 lines
1.1 KiB
YAML
41 lines
1.1 KiB
YAML
{{- if and .Values.mTLS.enabled (eq .Values.mTLS.existingSecret "") }}
|
|
{{- if eq .Values.mTLS.certificatePEM "" }}
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: {{ printf "%s-client" (include "frpc.fullname" .) }}
|
|
spec:
|
|
commonName: {{ .Values.mTLS.commonName }}
|
|
issuerRef:
|
|
{{- .Values.mTLS.issuerRef | toYaml | nindent 4 }}
|
|
{{- with .Values.mTLS.subject }}
|
|
subject:
|
|
{{- . | toYaml | nindent 4 }}
|
|
{{- end }}
|
|
privateKey:
|
|
algorithm: ECDSA
|
|
size: 256
|
|
usages:
|
|
- client auth
|
|
secretName: {{ printf "%s-client" (include "frpc.fullname" .) }}
|
|
---
|
|
{{- else }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ printf "%s-client-ca" (include "frpc.fullname" .) }}
|
|
type: kubernetes.io/tls
|
|
data:
|
|
tls.crt: {{ .Values.mTLS.certificatePEM | b64enc | quote }}
|
|
tls.key: {{ required "Both PEM and KEY are required" .Values.mTLS.certificateKEY | b64enc | quote }}
|
|
---
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if ne .Values.mTLS.trustedCA "" }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ printf "%s-ca" (include "frpc.fullname" .) }}
|
|
data:
|
|
ca.crt: {{ .Values.mTLS.trustedCA | b64enc | quote }}
|
|
{{- end}} |