From 01182b7944941ffa41480797143871a3ee266918 Mon Sep 17 00:00:00 2001 From: Jina Jain Date: Thu, 11 Apr 2024 11:15:14 -0700 Subject: [PATCH] [opentelemetry-operator] read cert contents (#1121) * read cert contents * rename vars, add upgrade guid * fix examples, rebase * fix example * update version --- charts/opentelemetry-operator/Chart.yaml | 2 +- charts/opentelemetry-operator/UPGRADING.md | 12 +++++++++++- .../operator-webhook-with-cert-manager.yaml | 4 ++-- .../examples/default/rendered/certmanager.yaml | 4 ++-- .../examples/default/rendered/clusterrole.yaml | 6 +++--- .../default/rendered/clusterrolebinding.yaml | 4 ++-- .../examples/default/rendered/deployment.yaml | 2 +- .../examples/default/rendered/role.yaml | 2 +- .../examples/default/rendered/rolebinding.yaml | 2 +- .../examples/default/rendered/service.yaml | 4 ++-- .../default/rendered/serviceaccount.yaml | 2 +- .../tests/test-certmanager-connection.yaml | 2 +- .../tests/test-service-connection.yaml | 4 ++-- .../templates/_helpers.tpl | 6 +++--- .../opentelemetry-operator/values.schema.json | 18 +++++++++--------- charts/opentelemetry-operator/values.yaml | 11 +++++++---- 16 files changed, 49 insertions(+), 36 deletions(-) diff --git a/charts/opentelemetry-operator/Chart.yaml b/charts/opentelemetry-operator/Chart.yaml index 97547887e..68cb56187 100644 --- a/charts/opentelemetry-operator/Chart.yaml +++ b/charts/opentelemetry-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: opentelemetry-operator -version: 0.53.2 +version: 0.54.0 description: OpenTelemetry Operator Helm chart for Kubernetes type: application home: https://opentelemetry.io/ diff --git a/charts/opentelemetry-operator/UPGRADING.md b/charts/opentelemetry-operator/UPGRADING.md index f55dca76c..0cf15c8a8 100644 --- a/charts/opentelemetry-operator/UPGRADING.md +++ b/charts/opentelemetry-operator/UPGRADING.md @@ -1,5 +1,15 @@ # Upgrade guidelines +## <0.54.0 to 0.54.0 +[Changes to functionality, and variable names used for providing user-managed webhook certificates](https://github.com/open-telemetry/opentelemetry-helm-charts/pull/1121) + +Below variables have been renamed to be consistent with the chart's naming format. v0.54.0 also has a bug fix which makes the chart now read the contents of the file paths provided by these variables, instead of just using the value of the variables. +``` +admissionWebhooks.ca_file -> admissionWebhooks.caFile +admissionWebhooks.cert_file -> admissionWebhooks.certFile +admissionWebhooks.key_file -> admissionWebhooks.keyFile +``` + ## <0.50.0 to 0.50.0 Additional properties are not allowed anymore, so care must be taken that no old or misspelled ones are present anymore. @@ -24,7 +34,7 @@ Some CI/CD tools might create duplicate resources when upgrading from an older v `fullnameOverride` can be used to keep `deployment` resource consistent with the same name during an upgrade. ## 0.16.0 to 0.17.0 - + The v0.17.0 helm chart version changes OpenTelemetry Collector image to the contrib version. If you want to use the core version, set `manager.collectorImage.repository` to `otel/opentelemetry-collector`. ## 0.15.0 to 0.16.0 diff --git a/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml b/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml index 3ad384392..36a4296ce 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/admission-webhooks/operator-webhook-with-cert-manager.yaml @@ -6,7 +6,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: default/example-opentelemetry-operator-serving-cert labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm @@ -91,7 +91,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: default/example-opentelemetry-operator-serving-cert labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml b/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml index d0fbcf6ab..c8cef1c53 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/certmanager.yaml @@ -4,7 +4,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm @@ -30,7 +30,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml b/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml index 696cf94bb..4a17a9d13 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/clusterrole.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm @@ -222,7 +222,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm @@ -241,7 +241,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml b/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml index 878f8a1b7..9f6c55d32 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/clusterrolebinding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm @@ -26,7 +26,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml b/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml index 5ab642fcb..18934e78f 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/deployment.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/role.yaml b/charts/opentelemetry-operator/examples/default/rendered/role.yaml index 194dcb93e..cf4b4dd6d 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/role.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/role.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml b/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml index 4b040a787..86aa114a8 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/rolebinding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/service.yaml b/charts/opentelemetry-operator/examples/default/rendered/service.yaml index 720197c9e..50dbe8e44 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/service.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm @@ -32,7 +32,7 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml b/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml index 5c659c3a2..0c4359d06 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/serviceaccount.yaml @@ -6,7 +6,7 @@ metadata: name: opentelemetry-operator namespace: default labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml b/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml index 7c9fd51d2..d3976d23b 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/tests/test-certmanager-connection.yaml @@ -6,7 +6,7 @@ metadata: name: "example-opentelemetry-operator-cert-manager" namespace: default labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml b/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml index 0a299407c..ae8faa3fe 100644 --- a/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml +++ b/charts/opentelemetry-operator/examples/default/rendered/tests/test-service-connection.yaml @@ -6,7 +6,7 @@ metadata: name: "example-opentelemetry-operator-metrics" namespace: default labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm @@ -44,7 +44,7 @@ metadata: name: "example-opentelemetry-operator-webhook" namespace: default labels: - helm.sh/chart: opentelemetry-operator-0.53.2 + helm.sh/chart: opentelemetry-operator-0.54.0 app.kubernetes.io/name: opentelemetry-operator app.kubernetes.io/version: "0.97.1" app.kubernetes.io/managed-by: Helm diff --git a/charts/opentelemetry-operator/templates/_helpers.tpl b/charts/opentelemetry-operator/templates/_helpers.tpl index f78b0d8b3..ea9067d51 100644 --- a/charts/opentelemetry-operator/templates/_helpers.tpl +++ b/charts/opentelemetry-operator/templates/_helpers.tpl @@ -117,9 +117,9 @@ a cert is loaded from an existing secret or is provided via `.Values` {{- $caCertEnc = b64enc $ca.Cert }} {{- end }} {{- else }} -{{- $certCrtEnc = b64enc .Values.admissionWebhooks.cert_file }} -{{- $certKeyEnc = b64enc .Values.admissionWebhooks.key_file }} -{{- $caCertEnc = b64enc .Values.admissionWebhooks.ca_file }} +{{- $certCrtEnc = .Files.Get .Values.admissionWebhooks.cert_file | b64enc }} +{{- $certKeyEnc = .Files.Get .Values.admissionWebhooks.key_file | b64enc }} +{{- $caCertEnc = .Files.Get .Values.admissionWebhooks.ca_file | b64enc }} {{- end }} {{- $result := dict "crt" $certCrtEnc "key" $certKeyEnc "ca" $caCertEnc }} {{- $result | toYaml }} diff --git a/charts/opentelemetry-operator/values.schema.json b/charts/opentelemetry-operator/values.schema.json index 5f086b6ed..ccb596d1e 100644 --- a/charts/opentelemetry-operator/values.schema.json +++ b/charts/opentelemetry-operator/values.schema.json @@ -1296,9 +1296,9 @@ "objectSelector", "certManager", "autoGenerateCert", - "cert_file", - "key_file", - "ca_file", + "certFile", + "keyFile", + "caFile", "serviceAnnotations", "secretAnnotations", "secretLabels" @@ -1475,26 +1475,26 @@ "recreate": true }] }, - "cert_file": { + "certFile": { "type": "string", "default": "", - "title": "The cert_file Schema", + "title": "File path to self-managed TLS certificate.", "examples": [ "" ] }, - "key_file": { + "keyFile": { "type": "string", "default": "", - "title": "The key_file Schema", + "title": "File path to self-managed TLS key.", "examples": [ "" ] }, - "ca_file": { + "caFile": { "type": "string", "default": "", - "title": "The ca_file Schema", + "title": "File path to self-managed CA bundle.", "examples": [ "" ] diff --git a/charts/opentelemetry-operator/values.yaml b/charts/opentelemetry-operator/values.yaml index b70962334..b46e737f8 100644 --- a/charts/opentelemetry-operator/values.yaml +++ b/charts/opentelemetry-operator/values.yaml @@ -244,13 +244,16 @@ admissionWebhooks: recreate: true ## TLS Certificate Option 3: Use your own self-signed certificate. - ## certManager and autoGenerateCert must be disabled and cert_file, key_file, and ca_file must be set. + ## certManager and autoGenerateCert must be disabled and certFile, keyFile, and caFile must be set. + ## The chart reads the contents of the file paths with the helm .Files.Get function. + ## Refer to this doc https://helm.sh/docs/chart_template_guide/accessing_files/ to understand + ## limitations of file paths accessible to the chart. ## Path to your own PEM-encoded certificate. - cert_file: "" + certFile: "" ## Path to your own PEM-encoded private key. - key_file: "" + keyFile: "" ## Path to the CA cert. - ca_file: "" + caFile: "" # Adds additional annotations to the admissionWebhook Service serviceAnnotations: {}