Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the op installation namespace in the SecretClass tls in the OLM package #18

Closed
wants to merge 3 commits into from
Closed

Use the op installation namespace in the SecretClass tls in the OLM package #18

wants to merge 3 commits into from

Conversation

razvan
Copy link
Member

@razvan razvan commented Apr 18, 2024

Fixes stackabletech/issues#498

This PR should be used as basis for the certification of the 24.7.0 secret op.

It makes the spec.backend.autoTls.ca.secret.namespace a template variable :

spec:
  backend:
    autoTls:
      ca:
        secret:
          name: secret-provisioner-tls-ca
          namespace: "${NAMESPACE}"

Tested with OpenShift 4.13. As seen below, the namespace is not default but stackable-operator:

➜  k get secretclass tls -n stackable-operator -o yaml
apiVersion: secrets.stackable.tech/v1alpha1
kind: SecretClass
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"secrets.stackable.tech/v1alpha1","kind":"SecretClass","metadata":{"annotations":{},"name":"tls","ownerReferences":[{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","name":"secret-operator.v24.7.0-78d5d9fcd9","uid":"e80717df-28f6-4bb5-94bd-1ab2d4d63f11"}]},"spec":{"backend":{"autoTls":{"ca":{"autoGenerate":true,"secret":{"name":"secret-provisioner-tls-ca","namespace":"stackable-operators"}}}}}}
  creationTimestamp: "2024-04-18T16:10:54Z"
  generation: 1
  name: tls
  ownerReferences:
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    name: secret-operator.v24.7.0-78d5d9fcd9
    uid: e80717df-28f6-4bb5-94bd-1ab2d4d63f11
  resourceVersion: "9710580"
  uid: ad020de5-46e9-43dd-8f0e-01e5bba07cf5
spec:
  backend:
    autoTls:
      ca:
        autoGenerate: true
        caCertificateLifetime: 730d
        secret:
          name: secret-provisioner-tls-ca
          namespace: stackable-operators
      maxCertificateLifetime: 15d

@razvan razvan mentioned this pull request Apr 18, 2024
Closed
@razvan razvan self-assigned this Apr 18, 2024
@adwk67 adwk67 self-requested a review April 19, 2024 08:05
@adwk67
Copy link
Member

adwk67 commented Apr 19, 2024

Tested successfully on OKD/4.15.

@razvan
Copy link
Member Author

razvan commented May 2, 2024

merged and shipped with 24.4.0-1

@razvan razvan closed this May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adwk67 adwk67 Awaiting requested review from adwk67

Assignees

@razvan razvan

Labels
release/24.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use the namespace stackable-operators in the SecretClass tls in the OLM package
2 participants
@razvan @adwk67