Merge pull request #1434 from FabianKramm/main

refactor: allow extra sans
loft-sh · Dec 28, 2023 · bc8b1cd · bc8b1cd
2 parents 8235e1b + ad119af
commit bc8b1cd
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 4 deletions.
diff --git a/charts/eks/templates/rbac/clusterrole.yaml b/charts/eks/templates/rbac/clusterrole.yaml
@@ -18,7 +18,7 @@ rules:
     resources: ["features", "virtualclusters"]
     verbs: ["get", "list", "watch"]
 {{- end }}
-  {{- if or .Values.sync.nodes.enabled .Values.rbac.clusterRole.create }}
+  {{- if or .Values.pro .Values.sync.nodes.enabled .Values.rbac.clusterRole.create }}
   - apiGroups: [""]
     resources: ["nodes", "nodes/status"]
     verbs: ["get", "watch", "list"]

diff --git a/charts/k0s/templates/rbac/clusterrole.yaml b/charts/k0s/templates/rbac/clusterrole.yaml
@@ -18,7 +18,7 @@ rules:
     resources: ["features", "virtualclusters"]
     verbs: ["get", "list", "watch"]
 {{- end }}
-  {{- if or .Values.sync.nodes.enabled .Values.rbac.clusterRole.create }}
+  {{- if or .Values.pro .Values.sync.nodes.enabled .Values.rbac.clusterRole.create }}
   - apiGroups: [""]
     resources: ["nodes", "nodes/status"]
     verbs: ["get", "watch", "list"]

diff --git a/charts/k3s/templates/rbac/clusterrole.yaml b/charts/k3s/templates/rbac/clusterrole.yaml
@@ -18,7 +18,7 @@ rules:
     resources: ["features", "virtualclusters"]
     verbs: ["get", "list", "watch"]
 {{- end }}
-  {{- if or .Values.sync.nodes.enabled .Values.rbac.clusterRole.create }}
+  {{- if or .Values.pro .Values.sync.nodes.enabled .Values.rbac.clusterRole.create }}
   - apiGroups: [""]
     resources: ["nodes", "nodes/status"]
     verbs: ["get", "watch", "list"]

diff --git a/charts/k8s/templates/rbac/clusterrole.yaml b/charts/k8s/templates/rbac/clusterrole.yaml
@@ -18,7 +18,7 @@ rules:
     resources: ["features", "virtualclusters"]
     verbs: ["get", "list", "watch"]
 {{- end }}
-  {{- if or .Values.sync.nodes.enabled .Values.rbac.clusterRole.create }}
+  {{- if or .Values.pro .Values.sync.nodes.enabled .Values.rbac.clusterRole.create }}
   - apiGroups: [""]
     resources: ["nodes", "nodes/status"]
     verbs: ["get", "watch", "list"]

diff --git a/pkg/server/cert/syncer.go b/pkg/server/cert/syncer.go
@@ -23,6 +23,11 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
+type ExtraSANsFunc func(ctx context.Context) ([]string, error)
+
+// ExtraSANs can be used to add extra sans via a function
+var ExtraSANs []ExtraSANsFunc
+
 type Syncer interface {
 	dynamiccertificates.Notifier
 	dynamiccertificates.ControllerRunner
@@ -122,8 +127,19 @@ func (s *syncer) getSANs(ctx context.Context) ([]string, error) {
 		}
 	}
 
+	// add cluster ip
 	retSANs = append(retSANs, svc.Spec.ClusterIP)
 
+	// add extra sans
+	for _, extraSans := range ExtraSANs {
+		extraSansValues, err := extraSans(ctx)
+		if err != nil {
+			return nil, fmt.Errorf("error getting extra sans: %w", err)
+		}
+
+		retSANs = append(retSANs, extraSansValues...)
+	}
+
 	// add pod IP
 	podIP := os.Getenv("POD_IP")
 	if podIP != "" {