Last active
November 29, 2022 09:18
-
-
Save mohllal/c0ac1070012c0dfc1a7aa291af34aba5 to your computer and use it in GitHub Desktop.
An example of Helm helper file for generating an x509 certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {{- define "kubernetes-sidecar-injector.service.fullname" -}} | |
| {{- default ( printf "%s.%s.svc" (include "kubernetes-sidecar-injector.serviceName" .) .Release.Namespace ) }} | |
| {{- end }} | |
| {{- define "kubernetes-sidecar-injector.gen-certs" -}} | |
| {{- $expiration := (.Values.admission.ca.expiration | int) -}} | |
| {{- if (or (empty .Values.admission.ca.cert) (empty .Values.admission.ca.key)) -}} | |
| {{- $ca := genCA "kubernetes-sidecar-injector-ca" $expiration -}} | |
| {{- template "kubernetes-sidecar-injector.gen-client-tls" (dict "RootScope" . "CA" $ca) -}} | |
| {{- end -}} | |
| {{- end -}} | |
| {{- define "kubernetes-sidecar-injector.gen-client-tls" -}} | |
| {{- $altNames := list ( include "kubernetes-sidecar-injector.service.fullname" .RootScope) -}} | |
| {{- $expiration := (.RootScope.Values.admission.ca.expiration | int) -}} | |
| {{- $cert := genSignedCert ( include "kubernetes-sidecar-injector.fullname" .RootScope) nil $altNames $expiration .CA -}} | |
| {{- $clientCert := $cert.Cert | b64enc -}} | |
| {{- $clientKey := $cert.Key | b64enc -}} | |
| caCert: {{ .CA.Cert | b64enc }} | |
| clientCert: {{ $clientCert }} | |
| clientKey: {{ $clientKey }} | |
| {{- end -}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment