Skip to content

Commit

Permalink
Add option to use cert from predefined dns zone
Browse files Browse the repository at this point in the history
  • Loading branch information
@wpjunior
wpjunior committed Aug 19, 2021
1 parent f765edc commit e2741d0
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 5 deletions.
3 changes: 3 additions & 0 deletions api/v1alpha1/rpaasinstance_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,9 @@ type CertManager struct {
// IPAddresses is a list of IP addresses to be set in Subject Alternative Names.
// +optional
IPAddresses []string `json:"ipAddresses,omitempty"`

// DNSNamesDefault when is set use the provided DNSName from DNS Zone field
DNSNamesDefault bool `json:"dnsNamesDefault"`
}

type AllowedUpstream struct {
Expand Down
30 changes: 25 additions & 5 deletions internal/controllers/certificates/cert_manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package certificates

import (
"context"
"errors"
"fmt"

cmv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
Expand Down Expand Up @@ -34,10 +35,17 @@ func reconcileCertManager(ctx context.Context, client client.Client, instance *v

cert, err := getCertificate(ctx, client, instance)
if err != nil && k8serrors.IsNotFound(err) {
return client.Create(ctx, newCertificate(instance, issuer))
cert, certErr := newCertificate(instance, issuer)
if certErr != nil {
return certErr
}
return client.Create(ctx, cert)
}

newCert := newCertificate(instance, issuer)
newCert, err := newCertificate(instance, issuer)
if err != nil {
return err
}
newCert.ResourceVersion = cert.ResourceVersion

if err = client.Update(ctx, newCert); err != nil {
Expand Down Expand Up @@ -112,7 +120,19 @@ func getCertificate(ctx context.Context, client client.Client, instance *v1alpha
return &cert, err
}

func newCertificate(instance *v1alpha1.RpaasInstance, issuer *cmmeta.ObjectReference) *cmv1.Certificate {
func newCertificate(instance *v1alpha1.RpaasInstance, issuer *cmmeta.ObjectReference) (*cmv1.Certificate, error) {
dnsNames := instance.Spec.DynamicCertificates.CertManager.DNSNames

if instance.Spec.DynamicCertificates.CertManager.DNSNamesDefault {
if instance.Spec.DNS == nil {
return nil, errors.New("DNS Spec is not specified")
}

dnsNames = []string{
fmt.Sprintf("%s.%s", instance.Name, instance.Spec.DNS.Zone),
}
}

return &cmv1.Certificate{
ObjectMeta: metav1.ObjectMeta{
Name: instance.Name,
Expand All @@ -127,11 +147,11 @@ func newCertificate(instance *v1alpha1.RpaasInstance, issuer *cmmeta.ObjectRefer
},
Spec: cmv1.CertificateSpec{
IssuerRef: *issuer,
DNSNames: instance.Spec.DynamicCertificates.CertManager.DNSNames,
DNSNames: dnsNames,
IPAddresses: instance.Spec.DynamicCertificates.CertManager.IPAddresses,
SecretName: fmt.Sprintf("%s-cert-manager", instance.Name),
},
}
}, nil
}

func getCertManagerIssuer(ctx context.Context, client client.Client, instance *v1alpha1.RpaasInstance) (*cmmeta.ObjectReference, error) {
Expand Down
48 changes: 48 additions & 0 deletions internal/controllers/certificates/cert_manager_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,54 @@ func Test_ReconcileCertManager(t *testing.T) {
},
},

"when cert manager set to use dns zone, should create certificate": {
instance: &v1alpha1.RpaasInstance{
ObjectMeta: metav1.ObjectMeta{
Name: "my-instance",
Namespace: "rpaasv2",
},
Spec: v1alpha1.RpaasInstanceSpec{
DNS: &v1alpha1.DNSConfig{
Zone: "rpaasv2.example.org",
},
DynamicCertificates: &v1alpha1.DynamicCertificates{
CertManager: &v1alpha1.CertManager{
Issuer: "issuer-1",
DNSNamesDefault: true,
},
},
},
},
assert: func(t *testing.T, cli client.Client, instance *v1alpha1.RpaasInstance) {
var cert cmv1.Certificate
err := cli.Get(context.TODO(), types.NamespacedName{
Name: instance.Name,
Namespace: instance.Namespace,
}, &cert)
require.NoError(t, err)

assert.Equal(t, []metav1.OwnerReference{
{
APIVersion: "extensions.tsuru.io/v1alpha1",
Kind: "RpaasInstance",
Name: "my-instance",
Controller: func(b bool) *bool { return &b }(true),
BlockOwnerDeletion: func(b bool) *bool { return &b }(true),
},
}, cert.OwnerReferences)

assert.Equal(t, cmv1.CertificateSpec{
IssuerRef: cmmeta.ObjectReference{
Name: "issuer-1",
Group: "cert-manager.io",
Kind: "Issuer",
},
SecretName: "my-instance-cert-manager",
DNSNames: []string{"my-instance.rpaasv2.example.org"},
}, cert.Spec)
},
},

"when DNSes, ips and issuer are changed, certificate should be updated according to": {
instance: &v1alpha1.RpaasInstance{
ObjectMeta: metav1.ObjectMeta{
Expand Down

0 comments on commit e2741d0

Please sign in to comment.