mirror of
https://github.com/simstudioai/sim.git
synced 2026-04-28 03:00:29 -04:00
6814f33243
* fix(helm): move rotationPolicy under privateKey for cert-manager compatibility * docs(helm): add reclaimPolicy Retain guidance for production database storage * fix(helm): prevent empty branding ConfigMap creation
36 lines
1.4 KiB
YAML
36 lines
1.4 KiB
YAML
{{- if and .Values.postgresql.enabled .Values.postgresql.tls.enabled }}
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: {{ include "sim.fullname" . }}-postgresql-tls-certificate
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "sim.postgresql.labels" . | nindent 4 }}
|
|
spec:
|
|
secretName: {{ .Values.postgresql.tls.certificatesSecret }}
|
|
duration: {{ .Values.postgresql.tls.duration | default "87600h" }} # Default: 10 years
|
|
renewBefore: {{ .Values.postgresql.tls.renewBefore | default "2160h" }} # Default: 90 days before expiry
|
|
isCA: false
|
|
privateKey:
|
|
algorithm: {{ .Values.postgresql.tls.privateKey.algorithm | default "RSA" }}
|
|
size: {{ .Values.postgresql.tls.privateKey.size | default 4096 }}
|
|
{{- if .Values.postgresql.tls.rotationPolicy }}
|
|
rotationPolicy: {{ .Values.postgresql.tls.rotationPolicy }}
|
|
{{- end }}
|
|
usages:
|
|
- server auth
|
|
- client auth
|
|
dnsNames:
|
|
- {{ include "sim.fullname" . }}-postgresql
|
|
- {{ include "sim.fullname" . }}-postgresql.{{ .Release.Namespace }}.svc.cluster.local
|
|
{{- with .Values.postgresql.tls.additionalDnsNames }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
issuerRef:
|
|
name: {{ .Values.postgresql.tls.issuerRef.name }}
|
|
kind: {{ .Values.postgresql.tls.issuerRef.kind | default "ClusterIssuer" }}
|
|
{{- if .Values.postgresql.tls.issuerRef.group }}
|
|
group: {{ .Values.postgresql.tls.issuerRef.group }}
|
|
{{- end }}
|
|
{{- end }}
|