From 8a2f5a0c7bca785f152e11172fde9ed92b7f3402 Mon Sep 17 00:00:00 2001 From: "cyril.cros" Date: Thu, 18 Mar 2021 14:01:09 -0400 Subject: [PATCH] allow the use of Kubernetes TLS secrets for http-certs --- chart/templates/NOTES.txt | 5 +++++ chart/templates/proxy-deployment.yaml | 9 +++++++-- chart/templates/registry-facade-daemonset.yaml | 7 ++++++- 3 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 chart/templates/NOTES.txt diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt new file mode 100644 index 00000000000000..3b27df1701c32e --- /dev/null +++ b/chart/templates/NOTES.txt @@ -0,0 +1,5 @@ +{{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }} +You can now directly use a secret of type `kubernetes.io/tls` for your `certificatesSecret` instead of manually packing your certificates +into an `Opaque` secret with `fullChainName` / `keyName` / `chainName` entries. This older packing method will become deprecated. +Please migrate to the Kubernetes TLS Secret format. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets for details. +{{- end }} diff --git a/chart/templates/proxy-deployment.yaml b/chart/templates/proxy-deployment.yaml index 34596799b6abb8..6b491ea4b4e694 100644 --- a/chart/templates/proxy-deployment.yaml +++ b/chart/templates/proxy-deployment.yaml @@ -165,16 +165,21 @@ spec: - name: config-certificates secret: secretName: {{ $.Values.certificatesSecret.secretName }} -{{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }} items: +{{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }} - key: {{ $.Values.certificatesSecret.fullChainName }} path: fullchain.pem - key: {{ $.Values.certificatesSecret.chainName }} path: chain.pem - key: {{ $.Values.certificatesSecret.keyName }} path: privkey.pem +{{- else }} + - key: tls.crt + path: fullchain.pem + - key: tls.key + path: privkey.pem {{- end }} {{- end }} {{ include "gitpod.container.configmap.volumes" $this | indent 6 }} {{ toYaml .Values.defaults | indent 6 }} -{{ end }} \ No newline at end of file +{{ end }} diff --git a/chart/templates/registry-facade-daemonset.yaml b/chart/templates/registry-facade-daemonset.yaml index 815a66ee960184..ed7a77e58a2f40 100644 --- a/chart/templates/registry-facade-daemonset.yaml +++ b/chart/templates/registry-facade-daemonset.yaml @@ -122,14 +122,19 @@ spec: - name: https-certificates secret: secretName: {{ .Values.certificatesSecret.secretName }} - {{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }} items: + {{- if (and $.Values.certificatesSecret.fullChainName $.Values.certificatesSecret.chainName $.Values.certificatesSecret.keyName) }} - key: {{ $.Values.certificatesSecret.fullChainName }} path: fullchain.pem - key: {{ $.Values.certificatesSecret.chainName }} path: chain.pem - key: {{ $.Values.certificatesSecret.keyName }} path: privkey.pem + {{- else }} + - key: tls.crt + path: fullchain.pem + - key: tls.key + path: privkey.pem {{- end }} {{- end }} {{ toYaml .Values.defaults | indent 6 }}