Skip to content

Commit

Permalink
[certmanager] introduce EnsureCertForServiceWithSelector()
Browse files Browse the repository at this point in the history
Adds func to create a certificate for a k8s service identified
by a label selector.
  • Loading branch information
stuggi committed Dec 18, 2023
1 parent d24d9d0 commit cfd7577
Showing 1 changed file with 52 additions and 0 deletions.
52 changes: 52 additions & 0 deletions modules/certmanager/certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ import (
certmgrmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
Expand Down Expand Up @@ -231,3 +233,53 @@ func EnsureCert(

return certSecret, ctrl.Result{}, nil
}

// EnsureCertForServiceWithSelector - creates certificate for k8s service identified
// by a label selector
func EnsureCertForServiceWithSelector(
ctx context.Context,
helper *helper.Helper,
namespace string,
selector map[string]string,
issuer string,
) (tls.SimpleService, ctrl.Result, error) {
t := tls.SimpleService{
Ca: tls.Ca{
CaBundleSecretName: tls.CABundleSecret,
},
}

svcs, err := service.GetServicesListWithLabel(
ctx,
helper,
namespace,
selector,
)
if err != nil {
return t, ctrl.Result{}, err
}

for _, svc := range svcs.Items {
// create cert for the service
certRequest := CertificateRequest{
IssuerName: issuer,
CertName: fmt.Sprintf("%s-svc", svc.Name),
Hostnames: []string{fmt.Sprintf("%s.%s.svc", svc.Name, namespace)},
Labels: svc.Labels,
}
certSecret, ctrlResult, err := EnsureCert(
ctx,
helper,
certRequest)
if err != nil {
return t, ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
return t, ctrlResult, nil
}

t.SecretName = &certSecret.Name
break
}

return t, ctrl.Result{}, nil
}

0 comments on commit cfd7577

Please sign in to comment.