charts/bitnami/harbor/templates/notary/notary-secret.yaml

{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}

{{- if .Values.notary.enabled }}
{{- $secretName := printf "%s" (include "harbor.notary-server" .) }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ $secretName }}
  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" . | nindent 4 }}
    {{- if .Values.commonLabels }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    {{- end }}
    app.kubernetes.io/component: notary
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
type: Opaque
data:
  {{- if not .Values.notary.secretName }}
  {{- $ca := genCA "harbor-notary-ca" 365 }}
  {{- $altNames := list (printf "%s.%s.svc" (include "harbor.notary-signer" .) .Release.Namespace | quote) (printf "%s.%s" (include "harbor.notary-signer" .) .Release.Namespace | quote) (include "harbor.notary-signer" .) -}}
  {{- $cert := genSignedCert (include "harbor.notary-signer" .) nil $altNames 365 $ca }}
  notary-signer.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "notary-signer.crt" "defaultValue" $cert.Cert "context" $) }}
  notary-signer.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "notary-signer.key" "defaultValue" $cert.Key "context" $) }}
  notary-signer-ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "notary-signer-ca.crt" "defaultValue" $ca.Cert "context" $) }}
  {{- end }}
  server-config.postgres.json: {{ tpl (.Files.Get "conf/notary-server.json") . | b64enc }}
  signer-config.postgres.json: {{ tpl (.Files.Get "conf/notary-signer.json") . | b64enc }}
{{- end }}