[installer]: set secretTemplate for certs

This allows them to be picked up by the KOTS support bundle
gitpod-io · Jul 21, 2022 · 7aab955 · 7aab955
1 parent e3232a1
commit 7aab955
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 0 deletions.
diff --git a/install/installer/go.sum b/install/installer/go.sum
@@ -84,10 +84,12 @@ github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW
 github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
 github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM=
 github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
+github.com/Azure/go-autorest/autorest v0.11.19 h1:7/IqD2fEYVha1EPeaiytVKhzmPV223pfkRIQUGOK2IE=
 github.com/Azure/go-autorest/autorest v0.11.19/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
 github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
 github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q=
 github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
+github.com/Azure/go-autorest/autorest/adal v0.9.14 h1:G8hexQdV5D4khOXrWG2YuLCFKhWYmWD8bHYaXN5ophk=
 github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
 github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
 github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=

diff --git a/install/installer/pkg/components/cluster/certmanager.go b/install/installer/pkg/components/cluster/certmanager.go
@@ -53,6 +53,9 @@ func certmanager(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &v1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 		// Set the CA to our issuer

diff --git a/install/installer/pkg/components/docker-registry/certificate.go b/install/installer/pkg/components/docker-registry/certificate.go
@@ -6,6 +6,7 @@ package dockerregistry
 
 import (
 	"fmt"
+
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
 	certmanagerv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
@@ -37,6 +38,9 @@ func certificate(ctx *common.RenderContext) ([]runtime.Object, error) {
 			DNSNames: []string{
 				fmt.Sprintf("registry.%s.svc.cluster.local", ctx.Namespace),
 			},
+			SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+				Labels: common.DefaultLabels(Component),
+			},
 		},
 	}}, nil
 }
diff --git a/install/installer/pkg/components/registry-facade/certificate.go b/install/installer/pkg/components/registry-facade/certificate.go
@@ -33,6 +33,9 @@ func certificate(ctx *common.RenderContext) ([]runtime.Object, error) {
 			DNSNames: []string{
 				fmt.Sprintf("reg.%s", ctx.Config.Domain),
 			},
+			SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+				Labels: common.DefaultLabels(Component),
+			},
 		},
 	}}, nil
 }
diff --git a/install/installer/pkg/components/ws-daemon/tlssecret.go b/install/installer/pkg/components/ws-daemon/tlssecret.go
@@ -36,6 +36,9 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 	}, nil

diff --git a/install/installer/pkg/components/ws-manager/tlssecret.go b/install/installer/pkg/components/ws-manager/tlssecret.go
@@ -49,6 +49,9 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 		&certmanagerv1.Certificate{
@@ -67,6 +70,9 @@ func tlssecret(ctx *common.RenderContext) ([]runtime.Object, error) {
 					Kind:  "Issuer",
 					Group: "cert-manager.io",
 				},
+				SecretTemplate: &certmanagerv1.CertificateSecretTemplate{
+					Labels: common.DefaultLabels(Component),
+				},
 			},
 		},
 	}, nil

diff --git a/install/kots/manifests/gitpod-certificate.yaml b/install/kots/manifests/gitpod-certificate.yaml
@@ -19,3 +19,7 @@ spec:
     - '{{repl ConfigOption "domain" }}'
     - '*.{{repl ConfigOption "domain" }}'
     - '*.ws.{{repl ConfigOption "domain" }}'
+  secretTemplate:
+    labels:
+      app: gitpod
+      component: gitpod-installer