Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt Kubernetes style TLS Secrets #1194

Merged
merged 3 commits into from
Aug 22, 2023
Merged

Adopt Kubernetes style TLS Secrets #1194

merged 3 commits into from
Aug 22, 2023

Conversation

aryan9600
Copy link
Member

@aryan9600 aryan9600 commented Aug 9, 2023
edited
Loading

Modify .spec.certSecretRef HelmRepository and OCIRepository to use the keys expected in a Kubernetes Secret of type TLS, tls.crt and tls.key. Furthermore use ca.crt for specifying the CA certificate.
Deprecate the usage of certFile, keyFile and caFile for OCIRepository. Both caFile and ca.crt are supported for GitRepository with the latter taking precedence.

Part of: fluxcd/flux2#4137

@aryan9600 aryan9600 mentioned this pull request Aug 8, 2023
Closed
4 tasks
@aryan9600 aryan9600 force-pushed the tls-secret branch 2 times, most recently from 5bde40e to bba3179 Compare August 10, 2023 08:20
@aryan9600 aryan9600 marked this pull request as ready for review August 10, 2023 08:20
@aryan9600 aryan9600 force-pushed the tls-secret branch 3 times, most recently from 19902cc to 77a31f4 Compare August 16, 2023 10:19
darkowlzz
darkowlzz reviewed Aug 16, 2023
View reviewed changes
internal/controller/gitrepository_controller.go Outdated Show resolved Hide resolved
internal/controller/helmchart_controller_test.go Show resolved Hide resolved
internal/controller/ocirepository_controller_test.go Show resolved Hide resolved
internal/helm/getter/client_opts.go Outdated Show resolved Hide resolved
internal/helm/getter/client_opts.go Outdated Show resolved Hide resolved
@aryan9600 aryan9600 force-pushed the tls-secret branch 3 times, most recently from fc31743 to 7857297 Compare August 18, 2023 11:17
@aryan9600 aryan9600 added enhancement New feature or request area/security Security related issues and pull requests area/api API related issues and pull requests labels Aug 18, 2023
@aryan9600 aryan9600 changed the title Adopt Kubernetes style TLS Secret Adopt Kubernetes style TLS Secrets Aug 18, 2023
darkowlzz
darkowlzz reviewed Aug 21, 2023
View reviewed changes
docs/spec/v1beta2/ocirepositories.md Outdated Show resolved Hide resolved
internal/controller/gitrepository_controller.go Outdated Show resolved Hide resolved
internal/controller/helmrepository_controller_test.go Show resolved Hide resolved
internal/helm/getter/client_opts.go Show resolved Hide resolved
internal/tls/config.go Outdated Show resolved Hide resolved
internal/tls/config.go Show resolved Hide resolved
internal/tls/config_test.go Outdated Show resolved Hide resolved
@aryan9600 aryan9600 force-pushed the tls-secret branch 2 times, most recently from 0dbcd4e to 185d9ea Compare August 22, 2023 08:56
@aryan9600 aryan9600 force-pushed the tls-secret branch 2 times, most recently from 6384bf3 to 23f6764 Compare August 22, 2023 11:55
darkowlzz
darkowlzz approved these changes Aug 22, 2023
View reviewed changes
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@aryan9600
helmrepo: adopt Kubernetes TLS secrets for .spec.certSecretRef
4bd6bcc 
Adopt Kubernetes TLS secrets API to check for TLS data in the Secret
referred to by `.spec.certSecretRef`, i.e. check for keys `tls.crt` and
`tls.key` for the certificate and private key. Use `ca.crt` for the CA
certificate.

Signed-off-by: Sanskar Jaiswal <[email protected]>
@aryan9600
ocirepo: adopt Kubernetes style TLS secrets for .spec.certSecretRef
6fe3c96 
Adopt Kubernetes TLS secrets API to check for TLS data in the Secret
referred to by `.spec.certSecretRef`, i.e. check for keys `tls.crt` and
`tls.key` for the certificate and private key. Use `ca.crt` for the CA
certificate.
Deprecate the usage of `caFile`, `certFile` and `keyFile` keys.

Signed-off-by: Sanskar Jaiswal <[email protected]>
@aryan9600
gitrepo: add support for specifying CA data via ca.crt
2a7f67d 
Check the auth secret for the `ca.crt` key for CA certificate data.
`ca.crt` takes precdence over `caFile`.

Signed-off-by: Sanskar Jaiswal <[email protected]>
stefanprodan
stefanprodan approved these changes Aug 22, 2023
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @aryan9600 🥇

@aryan9600 aryan9600 merged commit a302c71 into main Aug 22, 2023
10 checks passed
@aryan9600 aryan9600 deleted the tls-secret branch August 22, 2023 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sftim sftim sftim left review comments

@hiddeco hiddeco hiddeco left review comments

@stefanprodan stefanprodan stefanprodan approved these changes

@darkowlzz darkowlzz darkowlzz approved these changes

Assignees
No one assigned
Labels
area/api API related issues and pull requests area/security Security related issues and pull requests enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@aryan9600 @darkowlzz @stefanprodan @hiddeco @sftim