Skip to content

Commit 1180db4

Browse files
gulecrocGLECROClhotari
authored
add template for ca issuer name and secret name (#565)
* set template for ca issuer name and secret name + geo-replication installation example * remove geo-replication from this PR * use certs template to define ca name and secret name * Handle proxy, toolset and zookeeper in the same way as others * Make the logic more consistent by separating the selfsigning issuer configuration --------- Co-authored-by: GLECROC <guillaume.lecroc@cnp.fr> Co-authored-by: Lari Hotari <lhotari@users.noreply.github.com> Co-authored-by: Lari Hotari <lhotari@apache.org>
1 parent 51a535d commit 1180db4

File tree

11 files changed

+90
-66
lines changed

11 files changed

+90
-66
lines changed

charts/pulsar/templates/_autorecovery.tpl

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -74,12 +74,7 @@ Define autorecovery tls certs volumes
7474
path: tls.key
7575
- name: ca
7676
secret:
77-
{{- if eq .Values.certs.internal_issuer.type "selfsigning" }}
78-
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
79-
{{- end }}
80-
{{- if eq .Values.certs.internal_issuer.type "ca" }}
81-
secretName: "{{ .Values.certs.issuers.ca.secretName }}"
82-
{{- end }}
77+
secretName: "{{ template "pulsar.certs.issuers.ca.secretName" . }}"
8378
items:
8479
- key: ca.crt
8580
path: ca.crt

charts/pulsar/templates/_bookkeeper.tpl

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -75,12 +75,7 @@ Define bookie tls certs volumes
7575
path: tls.key
7676
- name: ca
7777
secret:
78-
{{- if eq .Values.certs.internal_issuer.type "selfsigning" }}
79-
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
80-
{{- end }}
81-
{{- if eq .Values.certs.internal_issuer.type "ca" }}
82-
secretName: "{{ .Values.certs.issuers.ca.secretName }}"
83-
{{- end }}
78+
secretName: "{{ template "pulsar.certs.issuers.ca.secretName" . }}"
8479
items:
8580
- key: ca.crt
8681
path: ca.crt

charts/pulsar/templates/_broker.tpl

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -81,12 +81,7 @@ Define broker tls certs volumes
8181
path: tls.key
8282
- name: ca
8383
secret:
84-
{{- if eq .Values.certs.internal_issuer.type "selfsigning" }}
85-
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
86-
{{- end }}
87-
{{- if eq .Values.certs.internal_issuer.type "ca" }}
88-
secretName: "{{ .Values.certs.issuers.ca.secretName }}"
89-
{{- end }}
84+
secretName: "{{ template "pulsar.certs.issuers.ca.secretName" . }}"
9085
items:
9186
- key: ca.crt
9287
path: ca.crt

charts/pulsar/templates/_certs.tpl

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{{/*
2+
Licensed to the Apache Software Foundation (ASF) under one
3+
or more contributor license agreements. See the NOTICE file
4+
distributed with this work for additional information
5+
regarding copyright ownership. The ASF licenses this file
6+
to you under the Apache License, Version 2.0 (the
7+
"License"); you may not use this file except in compliance
8+
with the License. You may obtain a copy of the License at
9+
10+
http://www.apache.org/licenses/LICENSE-2.0
11+
12+
Unless required by applicable law or agreed to in writing,
13+
software distributed under the License is distributed on an
14+
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15+
KIND, either express or implied. See the License for the
16+
specific language governing permissions and limitations
17+
under the License.
18+
*/}}
19+
20+
{{/*
21+
Define the pulsar certs ca issuer name
22+
*/}}
23+
{{- define "pulsar.certs.issuers.ca.name" -}}
24+
{{- if .Values.certs.internal_issuer.enabled -}}
25+
{{- if and (eq .Values.certs.internal_issuer.type "selfsigning") .Values.certs.issuers.selfsigning.name -}}
26+
{{- .Values.certs.issuers.selfsigning.name -}}
27+
{{- else if and (eq .Values.certs.internal_issuer.type "ca") .Values.certs.issuers.ca.name -}}
28+
{{- .Values.certs.issuers.ca.name -}}
29+
{{- else -}}
30+
{{- template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer
31+
{{- end -}}
32+
{{- else -}}
33+
{{- if .Values.certs.issuers.ca.name -}}
34+
{{- .Values.certs.issuers.ca.name -}}
35+
{{- else -}}
36+
{{- fail "certs.issuers.ca.name is required when TLS is enabled and certs.internal_issuer.enabled is false" -}}
37+
{{- end -}}
38+
{{- end -}}
39+
{{- end -}}
40+
41+
{{/*
42+
Define the pulsar certs ca issuer secret name
43+
*/}}
44+
{{- define "pulsar.certs.issuers.ca.secretName" -}}
45+
{{- if .Values.certs.internal_issuer.enabled -}}
46+
{{- if and (eq .Values.certs.internal_issuer.type "selfsigning") .Values.certs.issuers.selfsigning.secretName -}}
47+
{{- .Values.certs.issuers.selfsigning.secretName -}}
48+
{{- else if and (eq .Values.certs.internal_issuer.type "ca") .Values.certs.issuers.ca.secretName -}}
49+
{{- .Values.certs.issuers.ca.secretName -}}
50+
{{- else -}}
51+
{{- printf "%s-%s" .Release.Name .Values.tls.ca_suffix -}}
52+
{{- end -}}
53+
{{- else -}}
54+
{{- if .Values.certs.issuers.ca.secretName -}}
55+
{{- .Values.certs.issuers.ca.secretName -}}
56+
{{- else -}}
57+
{{- fail "certs.issuers.ca.secretName is required when TLS is enabled and certs.internal_issuer.enabled is false" -}}
58+
{{- end -}}
59+
{{- end -}}
60+
{{- end -}}

charts/pulsar/templates/_toolset.tpl

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -74,12 +74,7 @@ Define toolset tls certs volumes
7474
path: tls.key
7575
- name: ca
7676
secret:
77-
{{- if eq .Values.certs.internal_issuer.type "selfsigning" }}
78-
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
79-
{{- end }}
80-
{{- if eq .Values.certs.internal_issuer.type "ca" }}
81-
secretName: "{{ .Values.certs.issuers.ca.secretName }}"
82-
{{- end }}
77+
secretName: "{{ template "pulsar.certs.issuers.ca.secretName" . }}"
8378
items:
8479
- key: ca.crt
8580
path: ca.crt

charts/pulsar/templates/proxy-statefulset.yaml

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -299,12 +299,7 @@ spec:
299299
{{- if .Values.tls.proxy.enabled }}
300300
- name: ca
301301
secret:
302-
{{- if eq .Values.certs.internal_issuer.type "selfsigning" }}
303-
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
304-
{{- end }}
305-
{{- if eq .Values.certs.internal_issuer.type "ca" }}
306-
secretName: "{{ .Values.certs.issuers.ca.secretName }}"
307-
{{- end }}
302+
secretName: "{{ template "pulsar.certs.issuers.ca.secretName" . }}"
308303
items:
309304
- key: ca.crt
310305
path: ca.crt

charts/pulsar/templates/tls-cert-internal-issuer.yaml

Lines changed: 3 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ metadata:
3333
name: "{{ template "pulsar.fullname" . }}-ca"
3434
namespace: {{ template "pulsar.namespace" . }}
3535
spec:
36-
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
36+
secretName: "{{ template "pulsar.certs.issuers.ca.secretName" . }}"
3737
commonName: "{{ template "pulsar.namespace" . }}.svc.{{ .Values.clusterDomain }}"
3838
duration: "{{ .Values.certs.internal_issuer.duration }}"
3939
renewBefore: "{{ .Values.certs.internal_issuer.renewBefore }}"
@@ -50,23 +50,13 @@ spec:
5050
# if you are using an external issuer, change this to that issuer group.
5151
group: cert-manager.io
5252
---
53-
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
54-
kind: Issuer
55-
metadata:
56-
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
57-
namespace: {{ template "pulsar.namespace" . }}
58-
spec:
59-
ca:
60-
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
6153
{{- end }}
62-
{{- if eq .Values.certs.internal_issuer.type "ca" }}
6354
apiVersion: "{{ .Values.certs.internal_issuer.apiVersion }}"
6455
kind: Issuer
6556
metadata:
66-
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
57+
name: "{{ template "pulsar.certs.issuers.ca.name" . }}"
6758
namespace: {{ template "pulsar.namespace" . }}
6859
spec:
6960
ca:
70-
secretName: "{{ .Values.certs.issuers.ca.secretName }}"
71-
{{- end }}
61+
secretName: "{{ template "pulsar.certs.issuers.ca.secretName" . }}"
7262
{{- end }}

charts/pulsar/templates/tls-certs-internal.yaml

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@
1818
#
1919

2020
{{- if .Values.tls.enabled }}
21-
{{- if .Values.certs.internal_issuer.enabled }}
2221

2322
{{- if .Values.tls.proxy.enabled }}
2423
{{- if .Values.tls.proxy.createCert }}
@@ -66,7 +65,7 @@ spec:
6665
- "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}"
6766
# Issuer references are always required.
6867
issuerRef:
69-
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
68+
name: "{{ template "pulsar.certs.issuers.ca.name" . }}"
7069
# We can reference ClusterIssuers by changing the kind here.
7170
# The default value is Issuer (i.e. a locally namespaced Issuer)
7271
kind: Issuer
@@ -122,7 +121,7 @@ spec:
122121
- "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}"
123122
# Issuer references are always required.
124123
issuerRef:
125-
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
124+
name: "{{ template "pulsar.certs.issuers.ca.name" . }}"
126125
# We can reference ClusterIssuers by changing the kind here.
127126
# The default value is Issuer (i.e. a locally namespaced Issuer)
128127
kind: Issuer
@@ -176,7 +175,7 @@ spec:
176175
- "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}"
177176
# Issuer references are always required.
178177
issuerRef:
179-
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
178+
name: "{{ template "pulsar.certs.issuers.ca.name" . }}"
180179
# We can reference ClusterIssuers by changing the kind here.
181180
# The default value is Issuer (i.e. a locally namespaced Issuer)
182181
kind: Issuer
@@ -230,7 +229,7 @@ spec:
230229
- "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}"
231230
# Issuer references are always required.
232231
issuerRef:
233-
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
232+
name: "{{ template "pulsar.certs.issuers.ca.name" . }}"
234233
# We can reference ClusterIssuers by changing the kind here.
235234
# The default value is Issuer (i.e. a locally namespaced Issuer)
236235
kind: Issuer
@@ -281,7 +280,7 @@ spec:
281280
- "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
282281
# Issuer references are always required.
283282
issuerRef:
284-
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
283+
name: "{{ template "pulsar.certs.issuers.ca.name" . }}"
285284
# We can reference ClusterIssuers by changing the kind here.
286285
# The default value is Issuer (i.e. a locally namespaced Issuer)
287286
kind: Issuer
@@ -332,7 +331,7 @@ spec:
332331
- "{{ template "pulsar.fullname" . }}-{{ .Values.zookeeper.component }}"
333332
# Issuer references are always required.
334333
issuerRef:
335-
name: "{{ template "pulsar.fullname" . }}-{{ .Values.certs.internal_issuer.component }}-ca-issuer"
334+
name: "{{ template "pulsar.certs.issuers.ca.name" . }}"
336335
# We can reference ClusterIssuers by changing the kind here.
337336
# The default value is Issuer (i.e. a locally namespaced Issuer)
338337
kind: Issuer
@@ -342,4 +341,3 @@ spec:
342341
{{- end }}
343342

344343
{{- end }}
345-
{{- end }}

charts/pulsar/templates/toolset-statefulset.yaml

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -125,12 +125,7 @@ spec:
125125
{{- if and .Values.tls.enabled (or .Values.tls.broker.enabled .Values.tls.proxy.enabled) }}
126126
- name: proxy-ca
127127
secret:
128-
{{- if eq .Values.certs.internal_issuer.type "selfsigning" }}
129-
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
130-
{{- end }}
131-
{{- if eq .Values.certs.internal_issuer.type "ca" }}
132-
secretName: "{{ .Values.certs.issuers.ca.secretName }}"
133-
{{- end }}
128+
secretName: "{{ template "pulsar.certs.issuers.ca.secretName" . }}"
134129
items:
135130
- key: ca.crt
136131
path: ca.crt

charts/pulsar/templates/zookeeper-statefulset.yaml

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -253,12 +253,7 @@ spec:
253253
path: tls.key
254254
- name: ca
255255
secret:
256-
{{- if eq .Values.certs.internal_issuer.type "selfsigning" }}
257-
secretName: "{{ .Release.Name }}-{{ .Values.tls.ca_suffix }}"
258-
{{- end }}
259-
{{- if eq .Values.certs.internal_issuer.type "ca" }}
260-
secretName: "{{ .Values.certs.issuers.ca.secretName }}"
261-
{{- end }}
256+
secretName: "{{ template "pulsar.certs.issuers.ca.secretName" . }}"
262257
items:
263258
- key: ca.crt
264259
path: ca.crt

0 commit comments

Comments
 (0)