fix: certificate namespaces in helm

lukas-reining · lukas-reining · commit c520b3170c65 · 2025-01-30T18:01:02.000+01:00
Signed-off-by: Lukas Reining &lt;lukas.reining@codecentric.de&gt;
diff --git a/.github/scripts/strip-kustomize-helm.sh b/.github/scripts/strip-kustomize-helm.sh
@@ -8,6 +8,7 @@
 
 echo 'Running strip-kustomize-helm.sh script'
 CHARTS_DIR='./chart/open-feature-operator/templates'
+
 # Careful! Ordering of these expressions matter!
 sed_expressions=(
     "s/___newline___/\\n/g"
@@ -17,9 +18,16 @@ sed_expressions=(
     "/___delete_me___/d"
     "s/___//g"
 )
+
 find $CHARTS_DIR -name "*.yaml" | while read file; do
     for expr in "${sed_expressions[@]}"; do
-        sed -i "$expr" "$file"
+        if [[ "$OSTYPE" == "darwin"* ]]; then
+            # macOS (BSD) version
+            sed -i '' "$expr" "$file"
+        else
+            # Linux (GNU) version
+            sed -i "$expr" "$file"
+        fi
     done
 done
 
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -79,6 +79,7 @@ replacements:
          delimiter: '.'
          index: 0
          create: true
+
  - source:
      kind: Service
      version: v1
diff --git a/config/overlays/helm/certificate-patch.yaml b/config/overlays/helm/certificate-patch.yaml
@@ -0,0 +1,21 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
+spec:
+  dnsNames:
+    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc
+    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc.cluster.local
+---
+# The following manifests contain a self-signed issuer CR and a metrics certificate CR.
+# More document can be found at https://docs.cert-manager.io
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: metrics-certs  # this name should match the one appeared in kustomizeconfig.yaml
+spec:
+  dnsNames:
+    # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
+    # replacements in the config/default/kustomization.yaml file.
+    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc
+    - SERVICE_NAME.{{ include "chart.namespace" . }}.svc.cluster.local
diff --git a/config/overlays/helm/kustomization.yaml b/config/overlays/helm/kustomization.yaml
@@ -17,9 +17,49 @@ patches:
   - path: exclude-webhook-server-container-port.yaml
   - path: exclude-validatingwebhook.yaml
   - path: mutatingwebhook.yaml
+  - path: certificate-patch.yaml
 
 configMapGenerator:
 - name: manager-config
   behavior: merge
   files:
     - controller_manager_config.yaml
+
+replacements:
+  - source: # Uncomment the following block to enable certificates for metrics
+      kind: Service
+      version: v1
+      name: controller-manager-metrics-service
+      fieldPath: metadata.name
+    targets:
+      - select:
+          kind: Certificate
+          group: cert-manager.io
+          version: v1
+          name: metrics-certs
+        fieldPaths:
+          - spec.dnsNames.0
+          - spec.dnsNames.1
+        options:
+          delimiter: '.'
+          index: 0
+          create: true
+
+  - source: # Uncomment the following block if you have any webhook
+      kind: Service
+      version: v1
+      name: webhook-service
+      fieldPath: .metadata.name # Name of the service
+    targets:
+      - select:
+          kind: Certificate
+          group: cert-manager.io
+          version: v1
+          name: serving-cert
+        fieldPaths:
+          - spec.dnsNames.0
+          - spec.dnsNames.1
+        options:
+          delimiter: '.'
+          index: 0
+          create: true
