Skip to content

Commit

Permalink
Added fields for ca certificate configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@OlivierCazade
OlivierCazade committed Jun 21, 2023
1 parent 0e58e62 commit e94358a
Show file tree
Hide file tree
Showing 7 changed files with 445 additions and 13 deletions.
10 changes: 10 additions & 0 deletions api/v1alpha1/flowcollector_webhook.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ func (r *FlowCollector) ConvertTo(dstRaw conversion.Hub) error {

dst.Spec.Loki.StatusTLS = restored.Spec.Loki.StatusTLS

dst.Spec.Processor.Metrics.Server.TLS.Provided.InsecureSkipVerify = restored.Spec.Processor.Metrics.Server.TLS.Provided.InsecureSkipVerify
dst.Spec.Processor.Metrics.Server.TLS.Provided.CaFile = restored.Spec.Processor.Metrics.Server.TLS.Provided.CaFile

if restored.Spec.Exporters != nil {
for _, restoredExp := range restored.Spec.Exporters {
if !isExporterIn(restoredExp, dst.Spec.Exporters) {
Expand Down Expand Up @@ -139,3 +142,10 @@ func Convert_v1beta1_FlowCollectorLoki_To_v1alpha1_FlowCollectorLoki(in *v1beta1
func Convert_v1beta1_FlowCollectorExporter_To_v1alpha1_FlowCollectorExporter(in *v1beta1.FlowCollectorExporter, out *FlowCollectorExporter, s apiconversion.Scope) error {
return autoConvert_v1beta1_FlowCollectorExporter_To_v1alpha1_FlowCollectorExporter(in, out, s)
}

// This function need to be manually created because conversion-gen not able to create it intentionally because
// we have new defined fields in v1beta1 not in v1alpha1
// nolint:golint,stylecheck,revive
func Convert_v1beta1_CertificateReference_To_v1alpha1_CertificateReference(in *v1beta1.CertificateReference, out *CertificateReference, s apiconversion.Scope) error {
return autoConvert_v1beta1_CertificateReference_To_v1alpha1_CertificateReference(in, out, s)
}
37 changes: 25 additions & 12 deletions api/v1alpha1/zz_generated.conversion.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions api/v1beta1/flowcollector_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -678,6 +678,16 @@ type CertificateReference struct {
// certKey defines the path to the certificate private key file name within the config map or secret. Omit when the key is not necessary.
// +optional
CertKey string `json:"certKey,omitempty"`

// caFile defines the path to the CA file name within the config map or secret. Omit when the ca file is not necessary.
// +optional
//+kubebuilder:default:=""
CaFile string `json:"caFile,omitempty"`

//+kubebuilder:default:=false
// insecureSkipVerify allows skipping client-side verification of the server certificate
// If set to true, CACert field will be ignored
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
}

// ClientTLS defines TLS client configuration
Expand Down
108 changes: 108 additions & 0 deletions bundle/manifests/flows.netobserv.io_flowcollectors.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3225,6 +3225,12 @@ spec:
description: caCert defines the reference of the certificate
for the Certificate Authority
properties:
caFile:
default: ""
description: caFile defines the path to the CA file
name within the config map or secret. Omit when
the ca file is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3234,6 +3240,12 @@ spec:
private key file name within the config map or
secret. Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping
client-side verification of the server certificate
If set to true, CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3270,6 +3282,12 @@ spec:
used for mTLS (you can ignore it when using regular,
one-way TLS)
properties:
caFile:
default: ""
description: caFile defines the path to the CA file
name within the config map or secret. Omit when
the ca file is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3279,6 +3297,12 @@ spec:
private key file name within the config map or
secret. Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping
client-side verification of the server certificate
If set to true, CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3341,6 +3365,12 @@ spec:
description: caCert defines the reference of the certificate
for the Certificate Authority
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3350,6 +3380,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3385,6 +3421,12 @@ spec:
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3394,6 +3436,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3491,6 +3539,12 @@ spec:
description: caCert defines the reference of the certificate
for the Certificate Authority
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3500,6 +3554,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3535,6 +3595,12 @@ spec:
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3544,6 +3610,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3592,6 +3664,12 @@ spec:
description: caCert defines the reference of the certificate
for the Certificate Authority
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3601,6 +3679,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3636,6 +3720,12 @@ spec:
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3645,6 +3735,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -4369,6 +4465,12 @@ spec:
provided:
description: TLS configuration.
properties:
caFile:
default: ""
description: caFile defines the path to the CA
file name within the config map or secret. Omit
when the ca file is not necessary.
type: string
certFile:
description: certFile defines the path to the
certificate file name within the config map
Expand All @@ -4379,6 +4481,12 @@ spec:
private key file name within the config map
or secret. Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping
client-side verification of the server certificate
If set to true, CACert field will be ignored
type: boolean
name:
description: name of the config map or secret
containing certificates
Expand Down
Loading

0 comments on commit e94358a

Please sign in to comment.