diff --git a/charts/dsv-injector/Chart.yaml b/charts/dsv-injector/Chart.yaml index 6a1bcab..adbc9db 100644 --- a/charts/dsv-injector/Chart.yaml +++ b/charts/dsv-injector/Chart.yaml @@ -18,7 +18,7 @@ description: | --set image.tag=${IMAGE_TAG} \ --atomic \ --timeout "5m" \ - --debug -v4 \ # optional --values ./myvaluesfile/values.yaml \ + --debug -v4 \ # optional for local test iteration --values .cache/charts/dsv-injector/values.yaml \ dsv-injector ./charts/dsv-injector ``` diff --git a/charts/dsv-injector/templates/NOTES.txt b/charts/dsv-injector/templates/NOTES.txt index 73cca24..f2f5d62 100644 --- a/charts/dsv-injector/templates/NOTES.txt +++ b/charts/dsv-injector/templates/NOTES.txt @@ -3,7 +3,7 @@ {{- $uri := trimAll "/" .Values.webhookUri -}} ✨ Deployed: {{ include "dsv.fullname" . }} -📂 Namepsace: {{ .Release.Namespace }} +📂 Namespace: {{ .Release.Namespace }} {{ if eq .Values.service.type "ExternalName" }} 🔗 The cluster will call the webhook at {{ printf "https://%s:%d/%s" .Values.externalName $port $uri }} @@ -28,13 +28,8 @@ {{- $tlsSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-tls" (include "dsv.name" .)) -}} {{- $recreateSelfSignedCertThreshold := default 90 .Values.recreateSelfSignedCertThreshold | int -}} -{{- $needsRecreate := false -}} -{{- if $tlsSecret }} - {{- $cert := $tlsSecret.data.cert | b64dec | fromYaml -}} - {{- if and $cert (lt (now | date "2006-01-02") (dateModify (now | date "2006-01-02") (printf "+%dh" (mul $recreateSelfSignedCertThreshold 24)))) }} - {{- $needsRecreate = true -}} - ❗❗❗ Cert expiration shows expiring within threshold: [$recreateSelfSignedCertThreshold] days, so will be recreated. - {{- else -}} - ✔ī¸ Cert shows expiration greater than threshold of [$recreateSelfSignedCertThreshold]. - {{- end -}} +{{- if eq .Values.service.type "ExternalName" }} +ℹī¸ ExternalName provided for service type, so no self signed cert will be used. +{{- else -}} +➕ Will generate a self signed cert with expiration of [{{ (default 365 .Values.webhookCertExpireDays | int) }}] days. {{- end -}} diff --git a/charts/dsv-injector/templates/webhook.yaml b/charts/dsv-injector/templates/webhook.yaml index 53407aa..e2384ac 100644 --- a/charts/dsv-injector/templates/webhook.yaml +++ b/charts/dsv-injector/templates/webhook.yaml @@ -1,13 +1,6 @@ {{- $tlsCert := genSelfSignedCert (include "dsv.dnsname" .) nil (list (include "dsv.dnsname" .) (include "dsv.name" .)) (default 365 .Values.webhookCertExpireDays | int) -}} -{{- $tlsSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-tls" (include "dsv.name" .)) -}} -{{- $recreateSelfSignedCertThreshold := default 90 .Values.recreateSelfSignedCertThreshold | int -}} -{{- $needsRecreate := false -}} -{{- if $tlsSecret }} - {{- $cert := $tlsSecret.data.cert | b64dec | fromYaml -}} - {{- if and $cert (lt (now | date "2006-01-02") (dateModify (now | date "2006-01-02") (printf "+%dh" (mul $recreateSelfSignedCertThreshold 24)))) }} - {{- $needsRecreate = true -}} - {{- end -}} -{{- end -}} +{{- $existingTlsSecret := lookup "v1" "Secret" .Release.Namespace (printf "%s-tls" (include "dsv.name" .)) -}} + --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -27,8 +20,6 @@ webhooks: clientConfig: {{- if eq .Values.service.type "ExternalName" }} caBundle: {{ .Values.caBundle }} -{{- else if and $tlsSecret (not $needsRecreate) }} - caBundle: {{ $tlsSecret.data.cert }} {{- else }} caBundle: {{ $tlsCert.Cert | b64enc }} {{- end }} @@ -43,15 +34,24 @@ webhooks: --- apiVersion: v1 kind: Secret +metadata: + name: my-tls-secret + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation +type: kubernetes.io/tls +data: + tls.crt: {{ $tlsCert.Cert | b64enc }} + tls.key: {{ $tlsCert.Key | b64enc }} +--- +apiVersion: v1 +kind: Secret metadata: name: {{ include "dsv.name" . }}-tls + annotations: + last-modified: {{ now | quote }} data: -{{- if and $tlsSecret (not $needsRecreate) }} - cert.pem: {{ $tlsSecret.data.cert }} - key.pem: {{ $tlsSecret.data.key }} -{{- else }} cert.pem: {{ $tlsCert.Cert | b64enc }} key.pem: {{ $tlsCert.Key | b64enc }} -{{- end }} type: Opaque {{- end }} diff --git a/charts/dsv-syncer/Chart.yaml b/charts/dsv-syncer/Chart.yaml index a570fc6..c9a38f5 100644 --- a/charts/dsv-syncer/Chart.yaml +++ b/charts/dsv-syncer/Chart.yaml @@ -16,7 +16,7 @@ description: | --set image.tag=${IMAGE_TAG} \ --atomic \ --timeout "5m" \ - --debug \ # optional --values ./myvaluesfile/values.yaml \ + --debug \ # optional --values --values .cache/charts/dsv-injector/values.yaml \ dsv-syncer ./charts/dsv-syncer ``` keywords: diff --git a/charts/dsv-syncer/templates/NOTES.txt b/charts/dsv-syncer/templates/NOTES.txt index 4acf8ec..7cdb060 100644 --- a/charts/dsv-syncer/templates/NOTES.txt +++ b/charts/dsv-syncer/templates/NOTES.txt @@ -1,9 +1,9 @@ ✨ Deployed: {{ include "dsv.fullname" . }} -📂 Namepsace: {{ .Release.Namespace }} +📂 Namespace: {{ .Release.Namespace }} {{- if .Values.configmap }} ⚙ī¸ ConfigMap created: {{ include "dsv.fullname" . }}-configmap {{ else }} ➖ no configmap detected, defaults used for logging level and any other configmap values -{{ end }} \ No newline at end of file +{{ end }}