change certmanager values default to false, make certificate optional (…

…#23) Merge & release only after we release new operator that supports self-signing on runtime. metalbear-co/operator#37
metalbear-co · Jan 1, 2024 · c904fda · c904fda
1 parent b5702b9
commit c904fda
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 9 deletions.
diff --git a/mirrord-operator/Chart.yaml b/mirrord-operator/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.0
+version: 0.8.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.68.1"
+appVersion: "3.70.0"
diff --git a/mirrord-operator/README.md b/mirrord-operator/README.md
@@ -20,6 +20,3 @@ If you have a certificate license (usually part of Enterprise offering) you can:
         license.pem: LICENSE_CONTENT
     ```
     then reference it using `license.pemRef` in `values.yaml`
-
-
-If `certManager.enabled` is set to `false`, you must set `tls.data['tls.key']` and `tls.data['tls.crt']`
diff --git a/mirrord-operator/templates/deployment.yaml b/mirrord-operator/templates/deployment.yaml
@@ -26,10 +26,16 @@ spec:
           value: mirrord=info,operator=info
         - name: OPERATOR_ADDR
           value: 0.0.0.0:3000
+        - name: OPERATOR_NAMESPACE
+          value: {{ .Values.namespace }}
+        - name: OPERATOR_SERVICE_NAME
+          value: mirrord-operator
+        {{- if or (index .Values.tls.data "tls.key") .Values.tls.certManager.enabled }}
         - name: OPERATOR_TLS_CERT_PATH
           value: /tls/tls.crt
         - name: OPERATOR_TLS_KEY_PATH
           value: /tls/tls.key
+        {{- end }}
         {{- if .Values.agent.image }}
         - name: MIRRORD_AGENT_IMAGE
           value: {{ .Values.agent.image }}
@@ -89,9 +95,11 @@ spec:
         {{- end }}
       serviceAccountName: {{ .Values.sa.name }}
       volumes:
+      {{- if or (index .Values.tls.data "tls.key") .Values.tls.certManager.enabled }}
       - name: tls-volume
         secret:
           secretName: {{ .Values.tls.secret }}
+      {{- end }}
       {{- if .Values.license.file.data }}
       - name: license-volume
         secret:

diff --git a/mirrord-operator/templates/tls.yaml b/mirrord-operator/templates/tls.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.tls.certManager.enabled }}
+{{- if (index .Values.tls.data "tls.key") }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,7 +7,7 @@ metadata:
 stringData:
   {{- toYaml .Values.tls.data | nindent 2 }}
 type: kubernetes.io/tls
-{{- else }}
+{{- else if .Values.tls.certManager.enabled }}
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:

diff --git a/mirrord-operator/values.yaml b/mirrord-operator/values.yaml
@@ -35,12 +35,14 @@ sa:
 tls:
   secret: mirrord-operator-tls
 
+  # if you're using a verified certificate, set this value to true.
   apiService:
     insecureSkipTLSVerify: true
 
+  # if certmanager is disabled and no tls.key and tls.crt is set,
+  # the operator will generate a self-signed certificate.
   certManager:
-    # If this is not enabled value for `tls.data` must be not empty 
-    enabled: true
+    enabled: false
 
     issuer: mirrord-operator-issuer
     certificate: mirrord-operator-tls