Skip to content

Commit

Permalink
Updating the caBundle for the controller webhook
Browse files Browse the repository at this point in the history
Signed-off-by: ytimocin <[email protected]>
  • Loading branch information
ytimocin committed Jan 12, 2024
1 parent c0783ff commit 46d782c
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 9 deletions.
27 changes: 27 additions & 0 deletions deploy/Chart/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,30 @@
{{- end -}}
{{- print $version }}
{{- end -}}

{{/*
Reuses the value from an existing secret, otherwise sets its value to a default value.
Usage:
{{ include "secrets.lookup" (dict "secret" "secret-name" "namespace" "ns-name" "key" "key-name" "defaultValue" "default-secret") }}

Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- namespace - String - Required - Namespace of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- defaultValue - String - Required - Default value to use if the secret does not exist.

*/}}
{{- define "secrets.lookup" -}}
{{- $value := "" -}}
{{- $namespace := .namespace | toString -}}
{{- $secretData := (lookup "v1" "Secret" $namespace .secret).data -}}
{{- if and $secretData (hasKey $secretData .key) -}}
{{- $value = index $secretData .key -}}
{{- else if .defaultValue -}}
{{- $value = .defaultValue | toString | b64enc -}}
{{- end -}}
{{- if $value -}}
{{- printf "%s" $value -}}
{{- end -}}
{{- end -}}
14 changes: 5 additions & 9 deletions deploy/Chart/templates/controller/webhook.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace "controller-cert"}}
{{- $existingWebhook := lookup "admissionregistration.k8s.io/v1" "ValidatingWebhookConfiguration" .Release.Namespace "recipe-webhook.radapp.io"}}
{{- $existingValidatingWebhook := lookup "admissionregistration.k8s.io/v1" "ValidatingWebhookConfiguration" .Release.Namespace "recipe-webhook.radapp.io"}}
{{- $ca := genCA "controller-ca" 3650 }}
{{- $cn := printf "controller" }}
{{- $altName1 := printf "controller.%s" .Release.Namespace }}
Expand All @@ -16,13 +16,9 @@ metadata:
app.kubernetes.io/name: controller
app.kubernetes.io/part-of: radius
data:
{{ if $existingSecret }}tls.crt: {{ index $existingSecret.data "tls.crt" }}
{{ else }}tls.crt: {{ b64enc $cert.Cert }}
{{ end }}

{{ if $existingSecret }}tls.key: {{ index $existingSecret.data "tls.key" }}
{{ else }}tls.key: {{ b64enc $cert.Key }}
{{ end }}
tls.crt: {{ include "secrets.lookup" (dict "secret" "controller-cert" "namespace" .Release.Namespace "key" "tls.crt" "defaultValue" $cert.Cert) }}
tls.key: {{ include "secrets.lookup" (dict "secret" "controller-cert" "namespace" .Release.Namespace "key" "tls.key" "defaultValue" $cert.Key) }}
ca.crt: {{ include "secrets.lookup" (dict "secret" "controller-cert" "namespace" .Release.Namespace "key" "ca.crt" "defaultValue" $ca.Cert) }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
Expand All @@ -32,7 +28,7 @@ webhooks:
- admissionReviewVersions:
- v1
clientConfig:
caBundle: {{ b64enc $ca.Cert }}
caBundle: {{ include "secrets.lookup" (dict "secret" "controller-cert" "namespace" .Release.Namespace "key" "ca.crt" "defaultValue" $ca.Cert) }}
service:
name: controller
namespace: {{ .Release.Namespace }}
Expand Down

0 comments on commit 46d782c

Please sign in to comment.