[installer]: set secretTemplate for certs

Simon Emms · Simon Emms · commit 7aab9557dffc · 2022-07-21T10:05:38.000Z
This allows them to be picked up by the KOTS support bundle
diff --git a/install/installer/go.sum b/install/installer/go.sum
@@ -84,10 +84,12 @@ github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW
 github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
 github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM=
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
+github.com/Azure/go-autorest/autorest v0.11.19 h1:7/IqD2fEYVha1EPeaiytVKhzmPV223pfkRIQUGOK2IE=
 github.com/Azure/go-autorest/autorest v0.11.19/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
 github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
+github.com/Azure/go-autorest/autorest/adal v0.9.14 h1:G8hexQdV5D4khOXrWG2YuLCFKhWYmWD8bHYaXN5ophk=
 github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
diff --git a/install/installer/pkg/components/cluster/certmanager.go b/install/installer/pkg/components/cluster/certmanager.go
@@ -53,6 +53,9 @@ func certmanager(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &v1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 		// Set the CA to our issuer
diff --git a/install/installer/pkg/components/docker-registry/certificate.go b/install/installer/pkg/components/docker-registry/certificate.go
@@ -6,6 +6,7 @@ package dockerregistry
 
 import (
 	"fmt"
+
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
 	certmanagerv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
@@ -37,6 +38,9 @@ func certificate(ctx *common.RenderContext) ([]runtime.Object, error) {
 			DNSNames: []string{
 				fmt.Sprintf("registry.%s.svc.cluster.local", ctx.Namespace),
 			},
+			SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+				Labels: common.DefaultLabels(Component),
+			},
 		},
 	}}, nil
 }
diff --git a/install/installer/pkg/components/registry-facade/certificate.go b/install/installer/pkg/components/registry-facade/certificate.go
@@ -33,6 +33,9 @@ func certificate(ctx *common.RenderContext) ([]runtime.Object, error) {
 			DNSNames: []string{
 				fmt.Sprintf("reg.%s", ctx.Config.Domain),
 			},
+			SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+				Labels: common.DefaultLabels(Component),
+			},
 		},
 	}}, nil
 }
diff --git a/install/installer/pkg/components/ws-daemon/tlssecret.go b/install/installer/pkg/components/ws-daemon/tlssecret.go
@@ -36,6 +36,9 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 	}, nil
diff --git a/install/installer/pkg/components/ws-manager/tlssecret.go b/install/installer/pkg/components/ws-manager/tlssecret.go
@@ -49,6 +49,9 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 		&certmanagerv1.Certificate{
@@ -67,6 +70,9 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 	}, nil
diff --git a/install/kots/manifests/gitpod-certificate.yaml b/install/kots/manifests/gitpod-certificate.yaml
@@ -19,3 +19,7 @@ spec:
     - '{{repl ConfigOption "domain" }}'
     - '*.{{repl ConfigOption "domain" }}'
     - '*.ws.{{repl ConfigOption "domain" }}'
+  secretTemplate:
+    labels:
+      app: gitpod
+      component: gitpod-installer
