-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add .spec.certSecretRef
to Bucket API
#1475
Conversation
aaf53e6
to
9835883
Compare
9835883
to
dcd8cc1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks @matheuscscp 🏅
.spec.certSecretRef
to Bucket API
dcd8cc1
to
01b4d8c
Compare
01b4d8c
to
27bfc7d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, the implementation and test changes look good to me.
Left one last reconciler test suggestion.
I just finished testing this with a test bucket from Here are the Helm values I used, for reference, in case anyone wants to replicate the test: mode: standalone
replicas: 1
resources:
requests:
memory: 512Mi
rootPassword: rootpass123
rootUser: rootuser
tls:
certSecret: bucket-secret
enabled: true
privateKey: tls.key
publicCrt: tls.crt and it took some time to figure out exactly what the other configuration artifacts should look like, writing them out here for completeness: ---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: Bucket
metadata:
name: test-bucket
namespace: test-bucket
spec:
bucketName: test-bucket
endpoint: minio.test-bucket.svc.cluster.local:9000
interval: 1m0s
provider: generic
certSecretRef:
name: bucket-secret
secretRef:
name: bucket-client-credentials apiVersion: v1
kind: Secret
metadata:
name: bucket-client-credentials
namespace: test-bucket
type: Opaque
stringData:
accesskey: rootuser
secretkey: rootpass123 apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-bucket-cert
namespace: test-bucket
spec:
dnsNames:
- minio.test-bucket.svc.cluster.local
isCA: true
commonName: my-bucket-cert
secretName: bucket-secret
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: ca-issuer
kind: Issuer
group: cert-manager.io apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: ca-issuer
namespace: test-bucket
spec:
selfSigned: {} You can also create a real access key and secret, but in the tests we also use the root user/pass so it's fine, works as well. |
Thanks @kingdonb for testing this on your cluster 🏅 |
Signed-off-by: Matheus Pimenta <[email protected]>
27bfc7d
to
bc16734
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks @matheuscscp 🏅
Fixes #973