Add certificate generation to Helm charts (#286)

Signed-off-by: Jeremy Rickard <jeremy.rickard@microsoft.com>

charts/virtual-kubelet-for-aks/templates/NOTES.txt

@@ -2,4 +2,11 @@ The virtual kubelet is getting deployed on your cluster.
 
 To verify that virtual kubelet has started, run:
 
-  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "fullname" . }}"
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "fullname" . }}"
+
+{{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
+
+Note: 
+TLS key pair not provided for VK HTTP listener. A key pair was generated for you. This generated key pair is not suitable for production use.
+
+{{- end }}

charts/virtual-kubelet-for-aks/templates/secrets.yaml

@@ -4,6 +4,16 @@ metadata:
   name: {{ template "fullname" . }}
 type: Opaque
 data:
-  cert.pem: {{ (default "TUlTU0lORw==" .Values.env.apiserverCert) | quote }}
-  key.pem: {{ (default "TUlTU0lORw==" .Values.env.apiserverKey) | quote }}
-  clientSecret: {{ default "" .Values.env.azureClientKey | b64enc | quote }}
+  {{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
+  {{- $ca := genCA "virtual-kubelet-ca" 3650 }}
+  {{- $cn := printf "%s-virtual-kubelet-apiserver" .Release.Name }}
+  {{- $altName1 := printf "%s-virtual-kubelet-apiserver.%s" .Release.Name .Release.Namespace }}
+  {{- $altName2 := printf "%s-virtual-kubelet-apiserver.%s.svc" .Release.Name .Release.Namespace }}
+  {{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
+  cert.pem: {{ b64enc $cert.Cert }}
+  key.pem: {{ b64enc $cert.Key }}
+  {{ else }}
+  cert.pem: {{ quote .Values.env.apiserverCert }}
+  key.pem: {{ quote .Values.env.apiserverKey }}
+  {{ end}}
+  clientSecret: {{ default "" .Values.env.azureClientKey | b64enc | quote }}