Move cert-manager related templates into Che repository (#16144)

Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
2020-02-26 17:28:40 +02:00 · 2020-02-26 17:28:40 +02:00 · 98b36c7f1e
parent 2d418666a5
commit 98b36c7f1e
4 changed files with 52 additions and 0 deletions
--- a/deploy/cert-manager/ca-cert-generator-role-binding.yml
+++ b/deploy/cert-manager/ca-cert-generator-role-binding.yml
@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ca-cert-generator-role-binding
+  namespace: cert-manager
+subjects:
+- kind: ServiceAccount
+  name: ca-cert-generator
+  apiGroup: ''
+roleRef:
+  kind: Role
+  name: ca-cert-generator-role
+  apiGroup: ''
--- a/deploy/cert-manager/ca-cert-generator-role.yml
+++ b/deploy/cert-manager/ca-cert-generator-role.yml
@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ca-cert-generator-role
+  namespace: cert-manager
+rules:
+- apiGroups:
+    - ''
+  resources:
+    - secrets
+  verbs:
+    - create
--- a/deploy/cert-manager/che-certificate.yml
+++ b/deploy/cert-manager/che-certificate.yml
@ -0,0 +1,16 @@
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: che-certificate
+  namespace: che
+spec:
+  secretName: che-tls
+  issuerRef:
+    name: che-cluster-issuer
+    kind: ClusterIssuer
+  # This is a template and it will be set from --domain parameter
+  # For example: '*.192.168.99.100.nip.io'
+  commonName: '*.<domain>'
+  dnsNames:
+    - '*.<domain>'
--- a/deploy/cert-manager/che-cluster-issuer.yml
+++ b/deploy/cert-manager/che-cluster-issuer.yml
@ -0,0 +1,9 @@
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: che-cluster-issuer
+  namespace: cert-manager
+spec:
+  ca:
+    secretName: ca