From 98b36c7f1e8c83f7109f999991fef47d757e2dc2 Mon Sep 17 00:00:00 2001
From: Mykola Morhun <mmorhun@redhat.com>
Date: Wed, 26 Feb 2020 17:28:40 +0200
Subject: [PATCH] Move cert-manager related templates into Che repository
 (#16144)

Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
---
 .../ca-cert-generator-role-binding.yml           | 14 ++++++++++++++
 deploy/cert-manager/ca-cert-generator-role.yml   | 13 +++++++++++++
 deploy/cert-manager/che-certificate.yml          | 16 ++++++++++++++++
 deploy/cert-manager/che-cluster-issuer.yml       |  9 +++++++++
 4 files changed, 52 insertions(+)
 create mode 100644 deploy/cert-manager/ca-cert-generator-role-binding.yml
 create mode 100644 deploy/cert-manager/ca-cert-generator-role.yml
 create mode 100644 deploy/cert-manager/che-certificate.yml
 create mode 100644 deploy/cert-manager/che-cluster-issuer.yml

diff --git a/deploy/cert-manager/ca-cert-generator-role-binding.yml b/deploy/cert-manager/ca-cert-generator-role-binding.yml
new file mode 100644
index 0000000000..34f3a72fc7
--- /dev/null
+++ b/deploy/cert-manager/ca-cert-generator-role-binding.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ca-cert-generator-role-binding
+  namespace: cert-manager
+subjects:
+- kind: ServiceAccount
+  name: ca-cert-generator
+  apiGroup: ''
+roleRef:
+  kind: Role
+  name: ca-cert-generator-role
+  apiGroup: ''
diff --git a/deploy/cert-manager/ca-cert-generator-role.yml b/deploy/cert-manager/ca-cert-generator-role.yml
new file mode 100644
index 0000000000..b4fda8e4c1
--- /dev/null
+++ b/deploy/cert-manager/ca-cert-generator-role.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ca-cert-generator-role
+  namespace: cert-manager
+rules:
+- apiGroups:
+    - ''
+  resources:
+    - secrets
+  verbs:
+    - create
diff --git a/deploy/cert-manager/che-certificate.yml b/deploy/cert-manager/che-certificate.yml
new file mode 100644
index 0000000000..e624ff4f12
--- /dev/null
+++ b/deploy/cert-manager/che-certificate.yml
@@ -0,0 +1,16 @@
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: che-certificate
+  namespace: che
+spec:
+  secretName: che-tls
+  issuerRef:
+    name: che-cluster-issuer
+    kind: ClusterIssuer
+  # This is a template and it will be set from --domain parameter
+  # For example: '*.192.168.99.100.nip.io'
+  commonName: '*.<domain>'
+  dnsNames:
+    - '*.<domain>'
diff --git a/deploy/cert-manager/che-cluster-issuer.yml b/deploy/cert-manager/che-cluster-issuer.yml
new file mode 100644
index 0000000000..488fdb0821
--- /dev/null
+++ b/deploy/cert-manager/che-cluster-issuer.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: che-cluster-issuer
+  namespace: cert-manager
+spec:
+  ca:
+    secretName: ca