feat: generate certificates for registry

Signed-off-by: Guilhem Barthés <[email protected]>
Substra · Apr 16, 2024 · 35249f3 · 35249f3
1 parent f14fa43
commit 35249f3
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/examples/secrets/secret-harbor-tls.yaml b/examples/secrets/secret-harbor-tls.yaml
@@ -0,0 +1,25 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: harbor
+  namespace: harbor
+spec:
+  secretName: harbor-registry-tls
+  duration: 2160h
+  renewBefore: 360h # 15 days
+  subject:
+    organizations:
+      - MyOrg2MSP
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+    - registry.org-2.com
+  issuerRef:
+    name: substra-issuer
+    kind: ClusterIssuer
diff --git a/examples/secrets/skaffold.yaml b/examples/secrets/skaffold.yaml
@@ -25,6 +25,9 @@ profiles:
       - op: add
         path: /deploy/kubectl/manifests/-
         value: "./secret-harbor-dockerconfig.yaml"
+      - op: add
+        path: /deploy/kubectl/manifests/-
+        value: "./secret-harbor-tls.yaml"
       - op: add
         path: /deploy/kubectl/manifests/-
         value: "../values/coredns-custom-harbor.yaml"

diff --git a/examples/values/harbor.yaml b/examples/values/harbor.yaml
@@ -18,4 +18,5 @@ nginx:
     http: 30000
     https: 30046
   tls:
-    commonName: registry.org-2.com
+    commonName: registry.org-2.com
+    existingSecret:  harbor-registry-tls