allow the use of Kubernetes TLS secrets for http-certs

cyril.cros · cyril.cros · commit 8a2f5a0c7bca · 2021-03-18T14:01:09.000-04:00
diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt
@@ -0,0 +1,5 @@
+{{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }}
+You can now directly use a secret of type `kubernetes.io/tls` for your `certificatesSecret` instead of manually packing your certificates
+into an `Opaque` secret with `fullChainName` / `keyName` / `chainName` entries. This older packing method will become deprecated.
+Please migrate to the Kubernetes TLS Secret format. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets for details.
+{{- end }}
diff --git a/chart/templates/proxy-deployment.yaml b/chart/templates/proxy-deployment.yaml
@@ -165,16 +165,21 @@ spec:
       - name: config-certificates
         secret:
           secretName: {{ $.Values.certificatesSecret.secretName }}
-{{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }}
           items:
+{{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }}
           - key: {{ $.Values.certificatesSecret.fullChainName }}
             path: fullchain.pem
           - key: {{ $.Values.certificatesSecret.chainName }}
             path: chain.pem
           - key: {{ $.Values.certificatesSecret.keyName }}
             path: privkey.pem
+{{- else }}
+          - key: tls.crt
+            path: fullchain.pem
+          - key: tls.key
+            path: privkey.pem
 {{- end }}
 {{- end }}
 {{ include "gitpod.container.configmap.volumes" $this | indent 6 }}
 {{ toYaml .Values.defaults | indent 6 }}
-{{ end }}
+{{ end }}
diff --git a/chart/templates/registry-facade-daemonset.yaml b/chart/templates/registry-facade-daemonset.yaml
@@ -122,14 +122,19 @@ spec:
       - name: https-certificates
         secret:
           secretName: {{ .Values.certificatesSecret.secretName }}
-          {{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }}
           items:
+          {{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }}
           - key: {{ $.Values.certificatesSecret.fullChainName }}
             path: fullchain.pem
           - key: {{ $.Values.certificatesSecret.chainName }}
             path: chain.pem
           - key: {{ $.Values.certificatesSecret.keyName }}
             path: privkey.pem
+          {{- else }}
+          - key: tls.crt
+            path: fullchain.pem
+          - key: tls.key
+            path: privkey.pem
           {{- end }}
       {{- end }}
 {{ toYaml .Values.defaults | indent 6 }}
