Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Use the op installation namespace in the SecretClass tls in the OLM package #18

Closed
wants to merge 3 commits into from
Closed

Use the op installation namespace in the SecretClass tls in the OLM package #18

wants to merge 3 commits into from

Conversation

razvan
Copy link
Member

@razvan razvan commented Apr 18, 2024

Fixes stackabletech/issues#498

This PR should be used as basis for the certification of the 24.7.0 secret op.

It makes the spec.backend.autoTls.ca.secret.namespace a template variable :

spec:
  backend:
    autoTls:
      ca:
        secret:
          name: secret-provisioner-tls-ca
          namespace: "${NAMESPACE}"

Tested with OpenShift 4.13. As seen below, the namespace is not default but stackable-operator:

➜  k get secretclass tls -n stackable-operator -o yaml
apiVersion: secrets.stackable.tech/v1alpha1
kind: SecretClass
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"secrets.stackable.tech/v1alpha1","kind":"SecretClass","metadata":{"annotations":{},"name":"tls","ownerReferences":[{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","name":"secret-operator.v24.7.0-78d5d9fcd9","uid":"e80717df-28f6-4bb5-94bd-1ab2d4d63f11"}]},"spec":{"backend":{"autoTls":{"ca":{"autoGenerate":true,"secret":{"name":"secret-provisioner-tls-ca","namespace":"stackable-operators"}}}}}}
  creationTimestamp: "2024-04-18T16:10:54Z"
  generation: 1
  name: tls
  ownerReferences:
  - apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    name: secret-operator.v24.7.0-78d5d9fcd9
    uid: e80717df-28f6-4bb5-94bd-1ab2d4d63f11
  resourceVersion: "9710580"
  uid: ad020de5-46e9-43dd-8f0e-01e5bba07cf5
spec:
  backend:
    autoTls:
      ca:
        autoGenerate: true
        caCertificateLifetime: 730d
        secret:
          name: secret-provisioner-tls-ca
          namespace: stackable-operators
      maxCertificateLifetime: 15d

@razvan razvan mentioned this pull request Apr 18, 2024
Closed
@razvan razvan self-assigned this Apr 18, 2024
@adwk67 adwk67 self-requested a review April 19, 2024 08:05
@adwk67
Copy link
Member

adwk67 commented Apr 19, 2024

Tested successfully on OKD/4.15.

@razvan
Copy link
Member Author

razvan commented May 2, 2024

merged and shipped with 24.4.0-1

@razvan razvan closed this May 2, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@adwk67 adwk67 Awaiting requested review from adwk67

Assignees

@razvan razvan

Labels
release/24.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use the namespace stackable-operators in the SecretClass tls in the OLM package
2 participants
@razvan @adwk67