From 6dbbb888110034c38f3626e616557c83b4f0d032 Mon Sep 17 00:00:00 2001 From: Tomasz Prus Date: Wed, 1 Nov 2023 00:15:28 +0100 Subject: [PATCH] autoGenerateCert as object with enabled, ifNotExists properties --- .../admission-webhooks/operator-webhook.yaml | 4 +-- .../opentelemetry-operator/values.schema.json | 31 +++++++++++++++---- charts/opentelemetry-operator/values.yaml | 8 ++--- 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml b/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml index 620ab0b4e..5bb7d7668 100644 --- a/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml +++ b/charts/opentelemetry-operator/templates/admission-webhooks/operator-webhook.yaml @@ -3,10 +3,10 @@ {{- $caCertEnc := "" }} {{- $certCrtEnc := "" }} {{- $certKeyEnc := "" }} -{{- if .Values.admissionWebhooks.autoGenerateCert }} +{{- if .Values.admissionWebhooks.autoGenerateCert.enabled }} {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (default (printf "%s-controller-manager-service-cert" (include "opentelemetry-operator.fullname" .)) .Values.admissionWebhooks.secretName )) }} {{- $prevHook := (lookup "admissionregistration.k8s.io/v1" "MutatingWebhookConfiguration" .Release.Namespace (print (include "opentelemetry-operator.MutatingWebhookName" . ) "-mutation")) }} -{{- if and .Values.admissionWebhooks.autoGenerateReuseCert $prevSecret $prevHook }} +{{- if and .Values.admissionWebhooks.autoGenerateCert.ifNotExists $prevSecret $prevHook }} {{- $certCrtEnc = index $prevSecret "data" "tls.crt" }} {{- $certKeyEnc = index $prevSecret "data" "tls.key" }} {{- $caCertEnc = (first $prevHook.webhooks).clientConfig.caBundle }} diff --git a/charts/opentelemetry-operator/values.schema.json b/charts/opentelemetry-operator/values.schema.json index 0c6d4cd78..7e855408c 100644 --- a/charts/opentelemetry-operator/values.schema.json +++ b/charts/opentelemetry-operator/values.schema.json @@ -1304,12 +1304,31 @@ }] }, "autoGenerateCert": { - "type": "boolean", - "default": true, - "title": "The autoGenerateCert schema", - "examples": [ - true - ] + "type": "object", + "default": {}, + "title": "The autoGenerateCert Schema", + "required": [ + "enabled", + "ifNotExists" + ], + "properties": { + "enabled": { + "type": "boolean", + "default": true, + "title": "The enabled Schema", + "examples": [ + true + ] + }, + "ifNotExists": { + "type": "boolean", + "default": true, + "title": "The ifNotExists Schema", + "examples": [ + true + ] + } + } }, "secretAnnotations": { "type": "object", diff --git a/charts/opentelemetry-operator/values.yaml b/charts/opentelemetry-operator/values.yaml index cdefe1882..7172087fa 100644 --- a/charts/opentelemetry-operator/values.yaml +++ b/charts/opentelemetry-operator/values.yaml @@ -218,10 +218,10 @@ admissionWebhooks: ## TLS Certificate Option 2: Use Helm to automatically generate self-signed certificate. ## certManager must be disabled and autoGenerateCert must be enabled. ## If true and certManager.enabled is false, Helm will automatically create a self-signd cert and secret for you. - autoGenerateCert: true - - # Set true to reuse existing cert, autoGenerateCert must be enabled too - autoGenerateCertIfNotExists: true + autoGenerateCert: + enabled: true + # true means generate cert if cert not exists only + ifNotExists: true ## TLS Certificate Option 3: Use your own self-signed certificate. ## certManager and autoGenerateCert must be disabled and cert_file, key_file, and ca_file must be set.