software-engineering/zitadel-k8s-operator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add rootTlsSecret

Browse Source 
[ZITADOPER-1]
This commit is contained in:
Haim Kortovich
2024-05-27 22:29:43 -05:00
parent 100fc7cc54
commit 7c0db9861f
6 changed files with 56 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ops/chart/crds/zitadelcluster-crd.yaml
View File

@@ -175,6 +175,20 @@ spec:
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object type: object
type: object type: object
rootTLSSecret:
description: SecretReference represents a Secret Reference. It has
enough information to retrieve secret in any namespace
properties:
name:
description: name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: namespace defines the space within which the secret
name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
serviceAnnotations: serviceAnnotations:
additionalProperties: additionalProperties:
type: string type: string
@@ -235,6 +249,7 @@ spec:
- image - image
- purpose - purpose
- resources - resources
- rootTLSSecret
- smtpConfig - smtpConfig
type: object type: object
status: status:

3
src/api/v1alpha1/zitadelcluster_types.go
View File

@@ -82,7 +82,8 @@ type ZitadelClusterSpec struct {
ServiceAnnotations map[string]string `json:"serviceAnnotations,omitempty"` ServiceAnnotations map[string]string `json:"serviceAnnotations,omitempty"`
// +kubebuilder:default=3 // +kubebuilder:default=3
// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:podCount"} // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:podCount"}
Replicas int32 `json:"replicas,omitempty"` Replicas int32 `json:"replicas,omitempty"`
RootTLSSecret corev1.SecretReference `json:"rootTLSSecret"`
} }
// ZitadelClusterStatus defines the observed state of ZitadelCluster // ZitadelClusterStatus defines the observed state of ZitadelCluster

1
src/api/v1alpha1/zz_generated.deepcopy.go
View File

@@ -870,6 +870,7 @@ func (in *ZitadelClusterSpec) DeepCopyInto(out *ZitadelClusterSpec) {
(*out)[key] = val (*out)[key] = val
} }
} }
out.RootTLSSecret = in.RootTLSSecret
} }
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZitadelClusterSpec. // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZitadelClusterSpec.

15
src/config/crd/bases/zitadel.topmanage.com_zitadelclusters.yaml
View File

@@ -176,6 +176,20 @@ spec:
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object type: object
type: object type: object
rootTLSSecret:
description: SecretReference represents a Secret Reference. It has
enough information to retrieve secret in any namespace
properties:
name:
description: name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: namespace defines the space within which the secret
name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
serviceAnnotations: serviceAnnotations:
additionalProperties: additionalProperties:
type: string type: string
@@ -236,6 +250,7 @@ spec:
- image - image
- purpose - purpose
- resources - resources
- rootTLSSecret
- smtpConfig - smtpConfig
type: object type: object
status: status:

20
src/pkg/builder/job_builder.go
View File

@@ -37,6 +37,11 @@ func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.ZitadelCluster, key type
}, },
EnableServiceLinks: &enableServiceLinks, EnableServiceLinks: &enableServiceLinks,
Volumes: []corev1.Volume{ Volumes: []corev1.Volume{
{Name: "certs", VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: zitadel.Spec.RootTLSSecret.Name,
},
}},
{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}}, {Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
}, },
Containers: []corev1.Container{ Containers: []corev1.Container{
@@ -47,8 +52,23 @@ func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.ZitadelCluster, key type
"init", "init",
"--config", "/config/zitadel-config-yaml", "--config", "/config/zitadel-config-yaml",
}, },
Env: []corev1.EnvVar{
{
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
Value: "/certs/ca.crt",
},
{
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
Value: "/certs/tls.crt",
},
{
Name: "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
Value: "/certs/tls.key",
},
},
VolumeMounts: []corev1.VolumeMount{ VolumeMounts: []corev1.VolumeMount{
{Name: "zitadel-config-yaml", MountPath: "/config"}, {Name: "zitadel-config-yaml", MountPath: "/config"},
{Name: "certs", MountPath: "/certs"},
}, },
}, },
}, },

3
src/pkg/controller/configmap/controller.go
View File

@@ -33,6 +33,9 @@ func (r *ConfigMapReconciler) ReconcileZitadelConfiguration(ctx context.Context,
Database: Database:
Cockroach: Cockroach:
Host: %s Host: %s
Admin:
SSL:
Mode: require
ExternalDomain: %s ExternalDomain: %s
ExternalPort: %d ExternalPort: %d
ExternalSecure: %t ExternalSecure: %t