apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: {{ include "nifi.fullname" . }}
  labels:
    {{- include "nifi.labels" . | nindent 4 }}
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: {{ include "nifi.fullname" . }}
  labels:
    {{- include "nifi.labels" . | nindent 4 }}
spec:
  secretName: {{ include "nifi.fullname" . }}-tls
  commonName: {{ include "nifi.fullname" . }}.{{ .Release.Namespace }}
  dnsNames:
    - {{ .Values.ingress.hostName }}
    - {{ include "nifi.siteToSiteHostName" . }}
    - {{ include "nifi.fullname" . }}-http.{{ .Release.Namespace }}
    {{- include "nifi.hostNodeList" . | nindent 4 }}
    {{- include "nifi.ingressNodeList" . | nindent 4 }}
  usages:
    - server auth
    - client auth
  {{- with .Values.global.tls.certificate }}
  duration: {{ .duration }}
  renewBefore: {{ .renewBefore }}
  keystores:
    pkcs12:
      create: true
      passwordSecretRef:
        {{- if .keystorePasswordSecretRef.name }}
        {{- toYaml .keystorePasswordSecretRef | nindent 8 }}
        {{- else }}
        name: {{ printf "%s-keystore-password" (include "nifi.fullname" $) | quote }}
        key: {{ default "password" .keystorePasswordSecretRef.key | quote }}
        {{- end }}
  {{- end }}
  issuerRef:
    name: {{ include "nifi.fullname" . }}
    kind: Issuer