Monitor all certificates with suffix *.crt and *.pem (#1016)

Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>
SUSE · Oct 12, 2020 · 6c227d4 · 6c227d4
1 parent 36acd89
commit 6c227d4
Showing 1 changed file with 62 additions and 8 deletions.
diff --git a/adoc/admin-security-certificates.adoc b/adoc/admin-security-certificates.adoc
@@ -229,11 +229,22 @@ For example:
 [source,bash]
 ----
 helm install suse/cert-exporter \
-    --name ${RELEASE_NAME} \
+    --name <RELEASE_NAME> \
+    --set customSecret.enabled=true \
+    --set customSecret.certs[0].name=cert-manager \
+    --set customSecret.certs[0].namespace=cert-manager-test \
+    --set customSecret.certs[0].includeKeys="{*.crt,*.pem}" \
+    --set customSecret.certs[0].annotationSelector="{cert-manager.io/certificate-name}"
+----
+Or if you have selected the Helm 3 alternative also see <<helm-tiller-install>>:
++
+[source,bash]
+----
+helm install <RELEASE_NAME> suse/cert-exporter \
     --set customSecret.enabled=true \
     --set customSecret.certs[0].name=cert-manager \
     --set customSecret.certs[0].namespace=cert-manager-test \
-    --set customSecret.certs[0].includeKeys="{ca.crt,tls.crt}" \
+    --set customSecret.certs[0].includeKeys="{*.crt,*.pem}" \
     --set customSecret.certs[0].annotationSelector="{cert-manager.io/certificate-name}"
 ----
 . Monitor certificates in all namespaces filtered by label selector.
@@ -244,22 +255,47 @@ helm install suse/cert-exporter \
     --name ${RELEASE_NAME} \
     --set customSecret.enabled=true \
     --set customSecret.certs[0].name=self-signed-cert \
-    --set customSecret.certs[0].includeKeys="{ca.crt,tls.crt}" \
+    --set customSecret.certs[0].includeKeys="{*.crt,*.pem}" \
+    --set customSecret.certs[0].labelSelector="{key=value}"
+----
+Or if you have selected the Helm 3 alternative also see <<helm-tiller-install>>:
++
+[source,bash]
+----
+helm install <RELEASE_NAME> suse/cert-exporter \
+    --set customSecret.enabled=true \
+    --set customSecret.certs[0].name=self-signed-cert \
+    --set customSecret.certs[0].includeKeys="{*.crt,*.pem}" \
     --set customSecret.certs[0].labelSelector="{key=value}"
 ----
+
 . Deploy both 1. and 2. together.
 +
 [source,bash]
 ----
 helm install suse/cert-exporter \
-    --name ${RELEASE_NAME} \
+    --name <RELEASE_NAME> \
     --set customSecret.enabled=true \
     --set customSecret.certs[0].name=cert-manager \
     --set customSecret.certs[0].namespace=cert-manager-test \
-    --set customSecret.certs[0].includeKeys="{ca.crt,tls.crt}" \
+    --set customSecret.certs[0].includeKeys="{*.crt,*.pem}" \
     --set customSecret.certs[0].annotationSelector="{cert-manager.io/certificate-name}" \
     --set customSecret.certs[1].name=self-signed-cert \
-    --set customSecret.certs[1].includeKeys="{ca.crt,tls.crt}" \
+    --set customSecret.certs[1].includeKeys="{*.crt,*.pem}" \
+    --set customSecret.certs[1].labelSelector="{key=value}"
+----
+Or if you have selected the Helm 3 alternative also see <<helm-tiller-install>>:
++
+[source,bash]
+----
+helm install <RELEASE_NAME> suse/cert-exporter \
+    --set customSecret.enabled=true \
+    --set customSecret.certs[0].name=cert-manager \
+    --set customSecret.certs[0].namespace=cert-manager-test \
+    --set customSecret.certs[0].includeKeys="{*.crt,*.pem}" \
+    --set customSecret.certs[0].annotationSelector="{cert-manager.io/certificate-name}" \
+    --set customSecret.certs[1].name=self-signed-cert \
+    --set customSecret.certs[1].includeKeys="{*.crt,*.pem}" \
     --set customSecret.certs[1].labelSelector="{key=value}"
 ----
 . Monitor custom certificates only, disregarding node and addon certificates.
@@ -273,12 +309,30 @@ helm install suse/cert-exporter \
     --set customSecret.enabled=true \
     --set customSecret.certs[0].name=cert-manager \
     --set customSecret.certs[0].namespace=cert-manager-test \
-    --set customSecret.certs[0].includeKeys="{ca.crt,tls.crt}" \
+    --set customSecret.certs[0].includeKeys="{*.crt,*.pem}" \
     --set customSecret.certs[0].annotationSelector="{cert-manager.io/certificate-name}" \
     --set customSecret.certs[1].name=self-signed-cert \
-    --set customSecret.certs[1].includeKeys="{ca.crt,tls.crt}" \
+    --set customSecret.certs[1].includeKeys="{*.crt,*.pem}" \
     --set customSecret.certs[1].labelSelector="{key=value}"
 ----
+Or if you have selected the Helm 3 alternative also see <<helm-tiller-install>>:
++
+[source,bash]
+----
+helm install <RELEASE_NAME> suse/cert-exporter \
+    --set node.enabled=false \
+    --set addon.enabled=false \
+    --set customSecret.enabled=true \
+    --set customSecret.certs[0].name=cert-manager \
+    --set customSecret.certs[0].namespace=cert-manager-test \
+    --set customSecret.certs[0].includeKeys="{*.crt,*.pem}" \
+    --set customSecret.certs[0].annotationSelector="{cert-manager.io/certificate-name}" \
+    --set customSecret.certs[1].name=self-signed-cert \
+    --set customSecret.certs[1].includeKeys="{*.crt,*.pem}" \
+    --set customSecret.certs[1].labelSelector="{key=value}"
+----
+
+== Using Custom Trusted CA Certificates
 
 == Deployment with a Custom CA Certificate