Skip to content

Commit

Permalink
refine the tls secret ref definition
Browse files Browse the repository at this point in the history
  • Loading branch information
@leon-inf
leon-inf committed Jan 26, 2025
1 parent b463613 commit e28dc3c
Show file tree
Hide file tree
Showing 10 changed files with 84 additions and 70 deletions.
16 changes: 12 additions & 4 deletions apis/apps/v1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,7 +577,7 @@ type Issuer struct {
// It is required when the issuer is set to `UserProvided`.
//
// +optional
SecretRef *TLSSecretReference `json:"secretRef,omitempty"`
SecretRef *TLSSecretRef `json:"secretRef,omitempty"`
}

// IssuerName defines the name of the TLS certificates issuer.
Expand All @@ -593,9 +593,17 @@ const (
IssuerUserProvided IssuerName = "UserProvided"
)

// TLSSecretReference defines the Secret that contains TLS certs.
type TLSSecretReference struct {
corev1.SecretReference `json:",inline"`
// TLSSecretRef defines the Secret that contains TLS certs.
type TLSSecretRef struct {
// The namespace where the secret is located.
// If not provided, the secret is assumed to be in the same namespace as the Cluster object.
//
// +optional
Namespace string `json:"namespace"`

// Name of the Secret that contains user-provided certificates.
// +kubebuilder:validation:Required
Name string `json:"name"`

// Key of CA cert in Secret
// +kubebuilder:validation:Required
Expand Down
11 changes: 5 additions & 6 deletions apis/apps/v1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 12 additions & 10 deletions config/crd/bases/apps.kubeblocks.io_clusters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3779,19 +3779,20 @@ spec:
description: Key of TLS private key in Secret
type: string
name:
description: name is unique within a namespace to reference
a secret resource.
description: Name of the Secret that contains user-provided
certificates.
type: string
namespace:
description: namespace defines the space within which
the secret name must be unique.
description: |-
The namespace where the secret is located.
If not provided, the secret is assumed to be in the same namespace as the Cluster object.
type: string
required:
- ca
- cert
- key
- name
type: object
x-kubernetes-map-type: atomic
required:
- name
type: object
Expand Down Expand Up @@ -12531,19 +12532,20 @@ spec:
description: Key of TLS private key in Secret
type: string
name:
description: name is unique within a namespace to
reference a secret resource.
description: Name of the Secret that contains user-provided
certificates.
type: string
namespace:
description: namespace defines the space within
which the secret name must be unique.
description: |-
The namespace where the secret is located.
If not provided, the secret is assumed to be in the same namespace as the Cluster object.
type: string
required:
- ca
- cert
- key
- name
type: object
x-kubernetes-map-type: atomic
required:
- name
type: object
Expand Down
11 changes: 6 additions & 5 deletions config/crd/bases/apps.kubeblocks.io_components.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5658,19 +5658,20 @@ spec:
description: Key of TLS private key in Secret
type: string
name:
description: name is unique within a namespace to reference
a secret resource.
description: Name of the Secret that contains user-provided
certificates.
type: string
namespace:
description: namespace defines the space within which
the secret name must be unique.
description: |-
The namespace where the secret is located.
If not provided, the secret is assumed to be in the same namespace as the Cluster object.
type: string
required:
- ca
- cert
- key
- name
type: object
x-kubernetes-map-type: atomic
required:
- name
type: object
Expand Down
2 changes: 1 addition & 1 deletion controllers/apps/cluster/transformer_cluster_sharding_account.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,8 +204,8 @@ func (t *clusterShardingAccountTransformer) rewriteSystemAccount(transCtx *clust
newAccount := appsv1.ComponentSystemAccount{
Name: accountName,
SecretRef: &appsv1.ProvisionSecretRef{
Namespace: cluster.Namespace,
Name: shardingAccountSecretName(cluster.Name, sharding.Name, accountName),
Namespace: cluster.Namespace,
},
}
for i, account := range sharding.Template.SystemAccounts {
Expand Down
8 changes: 3 additions & 5 deletions controllers/apps/cluster/transformer_cluster_sharding_tls.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,11 +165,9 @@ func (t *clusterShardingTLSTransformer) rewriteTLSConfig(
transCtx *clusterTransformContext, sharding *appsv1.ClusterSharding, compDef *appsv1.ComponentDefinition) {
sharding.Template.Issuer = &appsv1.Issuer{
Name: appsv1.IssuerUserProvided,
SecretRef: &appsv1.TLSSecretReference{
SecretReference: corev1.SecretReference{
Namespace: transCtx.Cluster.Namespace,
Name: shardingTLSSecretName(transCtx.Cluster.Name, sharding.Name),
},
SecretRef: &appsv1.TLSSecretRef{
Namespace: transCtx.Cluster.Namespace,
Name: shardingTLSSecretName(transCtx.Cluster.Name, sharding.Name),
},
}
tls := compDef.Spec.TLS
Expand Down
20 changes: 7 additions & 13 deletions controllers/apps/component/component_controller_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1342,10 +1342,8 @@ var _ = Describe("Component Controller", func() {
secretRef := func() *kbappsv1.ProvisionSecretRef {
Expect(testCtx.CreateObj(testCtx.Ctx, &secret)).Should(Succeed())
return &kbappsv1.ProvisionSecretRef{
SecretReference: corev1.SecretReference{
Namespace: testCtx.DefaultNamespace,
Name: secret.Name,
},
Name: secret.Name,
Namespace: testCtx.DefaultNamespace,
}
}

Expand Down Expand Up @@ -1415,10 +1413,8 @@ var _ = Describe("Component Controller", func() {
secretRef := func() *kbappsv1.ProvisionSecretRef {
Expect(testCtx.CreateObj(testCtx.Ctx, &secret)).Should(Succeed())
return &kbappsv1.ProvisionSecretRef{
SecretReference: corev1.SecretReference{
Namespace: testCtx.DefaultNamespace,
Name: secret.Name,
},
Name: secret.Name,
Namespace: testCtx.DefaultNamespace,
}
}

Expand Down Expand Up @@ -1531,11 +1527,9 @@ var _ = Describe("Component Controller", func() {
secretRef := func() *kbappsv1.ProvisionSecretRef {
Expect(testCtx.CreateObj(testCtx.Ctx, &secret)).Should(Succeed())
return &kbappsv1.ProvisionSecretRef{
SecretReference: corev1.SecretReference{
Namespace: testCtx.DefaultNamespace,
Name: secret.Name,
},
Password: "sysaccount-update",
Name: secret.Name,
Namespace: testCtx.DefaultNamespace,
Password: "sysaccount-update",
}
}

Expand Down
22 changes: 12 additions & 10 deletions deploy/helm/crds/apps.kubeblocks.io_clusters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3779,19 +3779,20 @@ spec:
description: Key of TLS private key in Secret
type: string
name:
description: name is unique within a namespace to reference
a secret resource.
description: Name of the Secret that contains user-provided
certificates.
type: string
namespace:
description: namespace defines the space within which
the secret name must be unique.
description: |-
The namespace where the secret is located.
If not provided, the secret is assumed to be in the same namespace as the Cluster object.
type: string
required:
- ca
- cert
- key
- name
type: object
x-kubernetes-map-type: atomic
required:
- name
type: object
Expand Down Expand Up @@ -12531,19 +12532,20 @@ spec:
description: Key of TLS private key in Secret
type: string
name:
description: name is unique within a namespace to
reference a secret resource.
description: Name of the Secret that contains user-provided
certificates.
type: string
namespace:
description: namespace defines the space within
which the secret name must be unique.
description: |-
The namespace where the secret is located.
If not provided, the secret is assumed to be in the same namespace as the Cluster object.
type: string
required:
- ca
- cert
- key
- name
type: object
x-kubernetes-map-type: atomic
required:
- name
type: object
Expand Down
11 changes: 6 additions & 5 deletions deploy/helm/crds/apps.kubeblocks.io_components.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5658,19 +5658,20 @@ spec:
description: Key of TLS private key in Secret
type: string
name:
description: name is unique within a namespace to reference
a secret resource.
description: Name of the Secret that contains user-provided
certificates.
type: string
namespace:
description: namespace defines the space within which
the secret name must be unique.
description: |-
The namespace where the secret is located.
If not provided, the secret is assumed to be in the same namespace as the Cluster object.
type: string
required:
- ca
- cert
- key
- name
type: object
x-kubernetes-map-type: atomic
required:
- name
type: object
Expand Down
31 changes: 20 additions & 11 deletions docs/developer_docs/api-reference/cluster.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8064,8 +8064,8 @@ for TLS communication.</li>
<td>
<code>secretRef</code><br/>
<em>
<a href="#apps.kubeblocks.io/v1.TLSSecretReference">
TLSSecretReference
<a href="#apps.kubeblocks.io/v1.TLSSecretRef">
TLSSecretRef
</a>
</em>
</td>
Expand Down Expand Up @@ -11544,13 +11544,13 @@ Required when TLS is enabled.</p>
</tr>
</tbody>
</table>
<h3 id="apps.kubeblocks.io/v1.TLSSecretReference">TLSSecretReference
<h3 id="apps.kubeblocks.io/v1.TLSSecretRef">TLSSecretRef
</h3>
<p>
(<em>Appears on:</em><a href="#apps.kubeblocks.io/v1.Issuer">Issuer</a>)
</p>
<div>
<p>TLSSecretReference defines the Secret that contains TLS certs.</p>
<p>TLSSecretRef defines the Secret that contains TLS certs.</p>
</div>
<table>
<thead>
Expand All @@ -11562,17 +11562,26 @@ Required when TLS is enabled.</p>
<tbody>
<tr>
<td>
<code>SecretReference</code><br/>
<code>namespace</code><br/>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretreference-v1-core">
Kubernetes core/v1.SecretReference
</a>
string
</em>
</td>
<td>
<p>
(Members of <code>SecretReference</code> are embedded into this type.)
</p>
<em>(Optional)</em>
<p>The namespace where the secret is located.
If not provided, the secret is assumed to be in the same namespace as the Cluster object.</p>
</td>
</tr>
<tr>
<td>
<code>name</code><br/>
<em>
string
</em>
</td>
<td>
<p>Name of the Secret that contains user-provided certificates.</p>
</td>
</tr>
<tr>
Expand Down

0 comments on commit e28dc3c

Please sign in to comment.