[installer]: set secretTemplate for certs

Simon Emms · Simon Emms · commit afb11a6b3e14 · 2022-07-21T09:40:03.000Z
This allows them to be picked up by the KOTS support bundle
diff --git a/install/installer/pkg/components/cluster/certmanager.go b/install/installer/pkg/components/cluster/certmanager.go
@@ -53,6 +53,9 @@ func certmanager(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &v1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 		// Set the CA to our issuer
diff --git a/install/installer/pkg/components/docker-registry/certificate.go b/install/installer/pkg/components/docker-registry/certificate.go
@@ -6,6 +6,7 @@ package dockerregistry
 
 import (
 	"fmt"
+
 	certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
@@ -37,6 +38,9 @@ func certificate(ctx *common.RenderContext) ([]runtime.Object, error) {
 			DNSNames: []string{
 				fmt.Sprintf("registry.%s.svc.cluster.local", ctx.Namespace),
 			},
+			SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+				Labels: common.DefaultLabels(Component),
+			},
 		},
 	}}, nil
 }
diff --git a/install/installer/pkg/components/registry-facade/certificate.go b/install/installer/pkg/components/registry-facade/certificate.go
@@ -6,6 +6,7 @@ package registryfacade
 
 import (
 	"fmt"
+
 	certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
 
@@ -33,6 +34,9 @@ func certificate(ctx *common.RenderContext) ([]runtime.Object, error) {
 			DNSNames: []string{
 				fmt.Sprintf("reg.%s", ctx.Config.Domain),
 			},
+			SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+				Labels: common.DefaultLabels(Component),
+			},
 		},
 	}}, nil
 }
diff --git a/install/installer/pkg/components/ws-daemon/tlssecret.go b/install/installer/pkg/components/ws-daemon/tlssecret.go
@@ -6,6 +6,7 @@ package wsdaemon
 
 import (
 	"fmt"
+
 	certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
@@ -36,6 +37,9 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 	}, nil
diff --git a/install/installer/pkg/components/ws-manager/tlssecret.go b/install/installer/pkg/components/ws-manager/tlssecret.go
@@ -49,6 +49,9 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 		&certmanagerv1.Certificate{
@@ -67,6 +70,9 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 	}, nil
diff --git a/install/kots/manifests/gitpod-certificate.yaml b/install/kots/manifests/gitpod-certificate.yaml
@@ -19,3 +19,7 @@ spec:
     - '{{repl ConfigOption "domain" }}'
     - '*.{{repl ConfigOption "domain" }}'
     - '*.ws.{{repl ConfigOption "domain" }}'
+  secretTemplate:
+    labels:
+      app: gitpod
+      component: gitpod-installer
