Skip to content

Commit 6c44e8f

Browse files
francesco-furlanfrancesco-furlan
committed
chore: let's keep tls_certificates.create true when cert_manager is enabled
1 parent 552a0a0 commit 6c44e8f

File tree

4 files changed

+18
-36
lines changed

4 files changed

+18
-36
lines changed

charts/shield/templates/cluster/_tls.tpl

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
{{- end }}
1010

1111
{{- define "cluster.tls_certificates.secret_name" -}}
12-
{{- if .Values.cluster.tls_certificates.create -}}
12+
{{- if and (.Values.cluster.tls_certificates.create) (not (include "cluster.tls_certificates.use_cert_manager" .)) -}}
1313
{{- include "cluster.fullname" . }}-tls-certificates
1414
{{- else if (include "cluster.tls_certificates.use_cert_manager" .) -}}
1515
{{- include "cluster.tls_certificates.cm_certificate_name" . -}}
@@ -51,9 +51,6 @@
5151
{{- end }}
5252

5353
{{- define "cluster.tls_certificates.check_conflicts" -}}
54-
{{- if and .Values.cluster.tls_certificates.create .Values.cluster.tls_certificates.cert_manager.enabled -}}
55-
{{- fail "Cannot specify both tls_certificates.create and tls_certificates.cert_manager.enabled" -}}
56-
{{- end -}}
5754
{{- if and (not (quote .Values.cluster.tls_certificates.secret_name | empty)) .Values.cluster.tls_certificates.cert_manager.enabled -}}
5855
{{- fail "Cannot specify both tls_certificates.cert_manager.enabled and tls_certificates.secret_name" -}}
5956
{{- end -}}

charts/shield/templates/cluster/tls-certificates-admissionregistration.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,6 @@
2020
{{- $_ := set $cert "Key" ($tlsCert.Key | b64enc) -}}
2121
{{- $_ := set $cert "CACert" ($ca.Cert | b64enc) -}}
2222
{{- end -}}
23-
{{- end -}}
2423
{{- if .Values.cluster.tls_certificates.create }}
2524
---
2625
apiVersion: v1
@@ -35,6 +34,7 @@ data:
3534
{{ include "cluster.tls_certificates.private_key_file_name" . }}: {{ $cert.Key }}
3635
{{ include "cluster.tls_certificates.ca_cert_file_name" . }}: {{ $cert.CACert }}
3736
{{- end }}
37+
{{- end -}}
3838
{{- if and .Values.cluster.validatingwebhookconfiguration.create (include "cluster.audit_enabled" .) }}
3939
---
4040
apiVersion: admissionregistration.k8s.io/v1

charts/shield/tests/cluster/cert-manager_test.yaml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ tests:
5151
set:
5252
cluster:
5353
tls_certificates:
54-
create: false
54+
create: true
5555
cert_manager:
5656
enabled: true
5757
ca:
@@ -68,7 +68,7 @@ tests:
6868
set:
6969
cluster:
7070
tls_certificates:
71-
create: false
71+
create: true
7272
cert_manager:
7373
enabled: true
7474
ca:
@@ -87,7 +87,7 @@ tests:
8787
set:
8888
cluster:
8989
tls_certificates:
90-
create: false
90+
create: true
9191
cert_manager:
9292
enabled: true
9393
ca:
@@ -111,7 +111,7 @@ tests:
111111
set:
112112
cluster:
113113
tls_certificates:
114-
create: false
114+
create: true
115115
cert_manager:
116116
enabled: true
117117
ca:
@@ -151,7 +151,7 @@ tests:
151151
set:
152152
cluster:
153153
tls_certificates:
154-
create: false
154+
create: true
155155
cert_manager:
156156
enabled: true
157157
ca:
@@ -189,7 +189,7 @@ tests:
189189
set:
190190
cluster:
191191
tls_certificates:
192-
create: false
192+
create: true
193193
cert_manager:
194194
enabled: true
195195
ca:
@@ -238,7 +238,7 @@ tests:
238238
set:
239239
cluster:
240240
tls_certificates:
241-
create: false
241+
create: true
242242
cert_manager:
243243
enabled: true
244244
ca:
@@ -270,7 +270,7 @@ tests:
270270
set:
271271
cluster:
272272
tls_certificates:
273-
create: false
273+
create: true
274274
cert_manager:
275275
enabled: true
276276
ca:
@@ -310,7 +310,7 @@ tests:
310310
enabled: true
311311
cluster:
312312
tls_certificates:
313-
create: false
313+
create: true
314314
cert_manager:
315315
enabled: true
316316
ca:
@@ -357,7 +357,7 @@ tests:
357357
enabled: true
358358
cluster:
359359
tls_certificates:
360-
create: false
360+
create: true
361361
cert_manager:
362362
enabled: true
363363
ca:
@@ -379,7 +379,7 @@ tests:
379379
enabled: true
380380
cluster:
381381
tls_certificates:
382-
create: false
382+
create: true
383383
cert_manager:
384384
enabled: true
385385
ca:
@@ -410,7 +410,7 @@ tests:
410410
enabled: true
411411
cluster:
412412
tls_certificates:
413-
create: false
413+
create: true
414414
cert_manager:
415415
enabled: true
416416
ca:

charts/shield/tests/cluster/tls-certificates-admissionregistration_test.yaml

Lines changed: 4 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -636,21 +636,6 @@ tests:
636636
scope: Namespaced
637637
documentIndex: 1
638638

639-
- it: Cert Manager Integration exclusive with tls create cert
640-
set:
641-
features:
642-
detections:
643-
kubernetes_audit:
644-
enabled: true
645-
cluster:
646-
tls_certificates:
647-
create: true
648-
cert_manager:
649-
enabled: true
650-
asserts:
651-
- failedTemplate:
652-
errorPattern: "Cannot specify both"
653-
654639
- it: Cert Manager Integration exclusive with tls secret name
655640
set:
656641
features:
@@ -675,7 +660,7 @@ tests:
675660
enabled: true
676661
cluster:
677662
tls_certificates:
678-
create: false
663+
create: true
679664
cert_manager:
680665
enabled: true
681666
ca:
@@ -706,7 +691,7 @@ tests:
706691
enabled: true
707692
cluster:
708693
tls_certificates:
709-
create: false
694+
create: true
710695
cert_manager:
711696
enabled: true
712697
ca:
@@ -738,7 +723,7 @@ tests:
738723
enabled: true
739724
cluster:
740725
tls_certificates:
741-
create: false
726+
create: true
742727
cert_manager:
743728
enabled: true
744729
ca:
@@ -768,7 +753,7 @@ tests:
768753
enabled: true
769754
cluster:
770755
tls_certificates:
771-
create: false
756+
create: true
772757
cert_manager:
773758
enabled: true
774759
ca:

0 commit comments

Comments
 (0)