Skip to content

Commit

Permalink
using certificates from existing secret if it already exists (#284)
Browse files Browse the repository at this point in the history
  • Loading branch information
matheusfm authored May 14, 2024
1 parent 13dcc11 commit f6e4977
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions charts/zora/templates/operator/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,20 +13,25 @@
# limitations under the License.
{{ $secretName := printf "%s-serving-cert" (include "zora.fullname" .) -}}
{{- $serviceName := printf "%s-webhook" (include "zora.fullname" .) -}}
{{- if and .Values.operator.webhook.enabled (not (lookup "v1" "Secret" .Release.Namespace $secretName)) -}}
{{- $cn := $serviceName -}}
{{- $ca := genCA $cn 3650 -}}
{{- $altNames := list ( printf "%s.%s" $serviceName .Release.Namespace ) ( printf "%s.%s.svc" $serviceName .Release.Namespace ) ( printf "%s.%s.svc.cluster.local" $serviceName .Release.Namespace ) -}}
{{- $cert := genSignedCert $cn nil $altNames 3650 $ca -}}
{{- if .Values.operator.webhook.enabled -}}
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace $secretName -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: kubernetes.io/tls
data:
{{- if $existingSecret }}
{{- toYaml $existingSecret.data | nindent 2 }}
{{- else }}
{{- $cn := $serviceName }}
{{- $ca := genCA $cn 3650 }}
{{- $altNames := list ( printf "%s.%s" $serviceName .Release.Namespace ) ( printf "%s.%s.svc" $serviceName .Release.Namespace ) ( printf "%s.%s.svc.cluster.local" $serviceName .Release.Namespace ) }}
{{- $cert := genSignedCert $cn nil $altNames 3650 $ca }}
tls.key: {{ b64enc $cert.Key }}
tls.crt: {{ b64enc $cert.Cert }}
ca.crt: {{ b64enc $ca.Cert }}
{{- end }}
---
{{- end -}}
apiVersion: apps/v1
Expand Down

0 comments on commit f6e4977

Please sign in to comment.