webhook.temp

# @formatter:off
## We generate one root CA and server certificate which are as
  ## by the webhook caBundle and server secrete. We place the both
  ## secret and webhook config files here so they share the same root CA
  ## See https://github.com/helm/helm/issues/6456#issuecomment-701727623
  {{- $duration := .Values.certificateDurationDays | int -}}
  {{- $ca := genCA "webook-root-ca" $duration -}}
  {{ $serviceName := include "operator.webhook-service" . }}
  {{- $altNames := list ( printf "%s" $serviceName) ( printf "%s.%s" $serviceName .Release.Namespace ) ( printf "%s.%s.svc" $serviceName .Release.Namespace ) -}}
  {{- $cert := genSignedCert $serviceName nil $altNames $duration $ca -}}
  {{- $caBundle := b64enc $ca.Cert -}}
---
kind: Secret
apiVersion: v1
type: kubernetes.io/tls
metadata:
  name: {{ template "operator.webhook-secret" . }}
  namespace: {{ .Release.Namespace }}
  labels:
  {{- include "operator.labels" . | nindent 4 }}
data:
  tls.crt: {{ $cert.Cert | b64enc }}
  tls.key: {{ $cert.Key | b64enc }}