platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
75cd0ad022fc3fa11529bda72a7da1314dd48ffb
manifests/apps/templates/resources/pre-linkerd.yaml
T
juselius 7de100a4d4 wip: unify sys and apps
2025-05-06 16:00:57 +02:00

207 lines
4.1 KiB
YAML
Raw Blame History

{{ if .Values.linkerd.enabled }}
---
apiVersion: v1
kind: Namespace
metadata:
labels:
linkerd.io/control-plane-ns: linkerd
linkerd.io/is-control-plane: 'true'
config.linkerd.io/admission-webhooks: disabled
annotations:
linkerd.io/inject: disabled
argocd.argoproj.io/sync-wave: "-1"
name: linkerd
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: linkerd-trust-anchor
namespace: linkerd
spec:
ca:
secretName: linkerd-trust-anchor
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: linkerd-identity-issuer
namespace: linkerd
spec:
revisionHistoryLimit: 5
secretName: linkerd-identity-issuer
duration: 48h0m0s
renewBefore: 25h0m0s
issuerRef:
name: linkerd-trust-anchor
kind: Issuer
dnsNames:
- identity.linkerd.cluster.local
isCA: true
privateKey:
algorithm: ECDSA
usages:
- cert sign
- crl sign
- server auth
- client auth
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: webhook-issuer
namespace: linkerd
spec:
ca:
secretName: webhook-issuer-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: linkerd-policy-validator
namespace: linkerd
spec:
revisionHistoryLimit: 5
secretName: linkerd-policy-validator-k8s-tls
duration: 24h0m0s
renewBefore: 1h0m0s
issuerRef:
name: webhook-issuer
kind: Issuer
commonName: linkerd-policy-validator.linkerd.svc
dnsNames:
- linkerd-policy-validator.linkerd.svc
privateKey:
algorithm: ECDSA
encoding: PKCS8
usages:
- server auth
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: linkerd-proxy-injector
namespace: linkerd
spec:
revisionHistoryLimit: 5
secretName: linkerd-proxy-injector-k8s-tls
duration: 24h0m0s
renewBefore: 1h0m0s
issuerRef:
name: webhook-issuer
kind: Issuer
commonName: linkerd-proxy-injector.linkerd.svc
dnsNames:
- linkerd-proxy-injector.linkerd.svc
privateKey:
algorithm: ECDSA
usages:
- server auth
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: linkerd-sp-validator
namespace: linkerd
spec:
revisionHistoryLimit: 5
secretName: linkerd-sp-validator-k8s-tls
duration: 24h0m0s
renewBefore: 1h0m0s
issuerRef:
name: webhook-issuer
kind: Issuer
commonName: linkerd-sp-validator.linkerd.svc
dnsNames:
- linkerd-sp-validator.linkerd.svc
privateKey:
algorithm: ECDSA
usages:
- server auth
---
{{ if .Values.linkerd.viz.enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: webhook-issuer
namespace: linkerd-viz
spec:
ca:
secretName: webhook-issuer-tls
# ignore if not using the viz extension
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: tap
namespace: linkerd-viz
spec:
revisionHistoryLimit: 5
secretName: tap-k8s-tls
duration: 24h0m0s
renewBefore: 1h0m0s
issuerRef:
name: webhook-issuer
kind: Issuer
commonName: tap.linkerd-viz.svc
dnsNames:
- tap.linkerd-viz.svc
isCA: false
privateKey:
algorithm: ECDSA
usages:
- server auth
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: linkerd-tap-injector
namespace: linkerd-viz
spec:
revisionHistoryLimit: 5
secretName: tap-injector-k8s-tls
duration: 24h0m0s
renewBefore: 1h0m0s
issuerRef:
name: webhook-issuer
kind: Issuer
commonName: tap-injector.linkerd-viz.svc
dnsNames:
- tap-injector.linkerd-viz.svc
privateKey:
algorithm: ECDSA
usages:
- server auth
---
{{ end }}
{{ if .Values.linkerd.jaeger.enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: webhook-issuer
namespace: linkerd-jaeger
spec:
ca:
secretName: webhook-issuer-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: jaeger-injector
namespace: linkerd-jaeger
spec:
revisionHistoryLimit: 5
secretName: jaeger-injector-k8s-tls
duration: 24h0m0s
renewBefore: 1h0m0s
issuerRef:
name: webhook-issuer
kind: Issuer
commonName: jaeger-injector.linkerd-jaeger.svc
dnsNames:
- jaeger-injector.linkerd-jaeger.svc
privateKey:
algorithm: ECDSA
usages:
- server auth
{{ end }}
{{ end }}
Reference in New Issue View Git Blame Copy Permalink