first commit

2026-01-21 17:37:42 +11:00
commit bd1ed71ac4
142 changed files with 18994 additions and 0 deletions
--- a/templates/common/certificate.yaml
+++ b/templates/common/certificate.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.common.certificate.enabled -}}
+{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace "domain-certificate" ).metadata | required "Secret 'domain-certificate' containing p12 certificate is required. Create it external to helm chart or set common.certificate.enabled to true, to autogenerate cert using cert-manager" }}
+{{- else }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: domain-certificate
+spec:
+  # Secret names are always required.
+  secretName: domain-certificate
+  duration: {{ .Values.common.certificate.generate.duration }}
+  renewBefore: {{ .Values.common.certificate.generate.renewBefore }}
+  subject: {{- toYaml .Values.common.certificate.generate.subject | nindent 4 }}
+  {{- if eq  (include "parent.dataplaneMode" . ) "shared" }}
+  commonName: "*.{{ .Values.global.external_domain }}"
+  {{- else if .Values.global.multihost.enabled }}
+  commonName: "*.{{ .Values.global.external_domain }}"
+  {{- else }}
+  commonName: "{{ .Values.global.external_domain }}"
+  {{- end }}
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS8
+    size: 2048
+  dnsNames:
+    {{- if eq  (include "parent.dataplaneMode" . ) "shared" }}
+    - "*.{{ .Values.global.external_domain }}"
+    {{- else if .Values.global.multihost.enabled }}
+    - "*.{{ .Values.global.external_domain }}"
+    {{- end }}
+    - {{ .Values.global.external_domain }}
+  issuerRef: {{- toYaml .Values.common.certificate.generate.issuerRef | nindent 4 }}
+  keystores:
+    pkcs12:
+      create: true
+      profile: LegacyDES
+      passwordSecretRef:
+        name: certificate-password
+        key: password
+{{- end -}}