[bitnami/harbor] Configure alternate domains for Notary Signer self-signed certificates (#5596)

bitnami/harbor/Chart.yaml

@@ -34,4 +34,4 @@ sources:
   - https://github.com/bitnami/bitnami-docker-harbor-registry
   - https://github.com/bitnami/bitnami-docker-harbor-registryctl
   - https://goharbor.io/
-version: 9.6.0
+version: 9.6.1

bitnami/harbor/templates/ingress/ingress.yaml

@@ -53,19 +53,6 @@ spec:
       hosts:
         - {{ .Values.ingress.hosts.core }}
       {{- end }}
-    {{- if .Values.notary.enabled }}
-    {{- if .Values.service.tls.notaryExistingSecret }}
-    - secretName: {{ .Values.service.tls.notaryExistingSecret | quote }}
-    {{- else if .Values.service.tls.existingSecret }}
-    - secretName: {{ .Values.service.tls.existingSecret | quote }}
-    {{- else }}
-    - secretName: {{ include "harbor.ingress" . | quote }}
-    {{- end }}
-      {{- if .Values.ingress.hosts.notary }}
-      hosts:
-        - {{ .Values.ingress.hosts.notary }}
-      {{- end }}
-    {{- end }}
   {{- end }}
   {{- if eq .Values.ingress.controller "ncp" }}
   backend: {{- include "common.ingress.backend" (dict "serviceName" (include "harbor.portal" .) "servicePort" "http" "context" $) | nindent 4 }}

bitnami/harbor/templates/notary/notary-secret.yaml

@@ -14,8 +14,9 @@ metadata:
 type: Opaque
 data:
   {{- if not .Values.notary.secretName }}
-  {{ $ca := genCA "harbor-notary-ca" 365 }}
+  {{- $ca := genCA "harbor-notary-ca" 365 }}
-  {{ $cert := genSignedCert (include "harbor.notary-signer" .) nil nil 365 $ca }}
+  {{- $altNames := list (printf "%s.%s.svc" (include "harbor.notary-signer" .) .Release.Namespace) (printf "%s.%s" (include "harbor.notary-signer" .) .Release.Namespace) (include "harbor.notary-signer" .) -}}
+  {{- $cert := genSignedCert (include "harbor.notary-signer" .) nil $altNames 365 $ca }}
   notary-signer-ca.crt: {{ $ca.Cert | b64enc | quote }}
   notary-signer.crt: {{ $cert.Cert | b64enc | quote }}
   notary-signer.key: {{ $cert.Key | b64enc | quote }}