Re-enable "feat(tls): Change Issuer to ClusterIssuer""

This reverts commit 8a79d7c51b. Reason for revert: resolved bug with cluster issuer versioning Co-authored-by: Sangeet Gupta <sg774j@att.com> Change-Id: I047cbfaa5aa9e7285a23e603074429180495557d
2021-01-28 20:11:09 +00:00
parent 42cc7d152b
commit 6ee06562c8
13 changed files with 190 additions and 8 deletions
--- a/helm-toolkit/templates/manifests/_certificates.tpl
+++ b/helm-toolkit/templates/manifests/_certificates.tpl
@@ -41,6 +41,54 @@ examples:
    usage: |
      {{- $opts := dict "envAll" . "service" "dashboard" "type" "internal" -}}
      {{ $opts | include "helm-toolkit.manifests.certificates" }}
+    return: |
+      ---
+      apiVersion: cert-manager.io/v1
+      kind: Certificate
+      metadata:
+        name: keystone-tls-api
+        namespace: NAMESPACE
+      spec:
+        commonName: keystone-api.openstack.svc.cluster.local
+        dnsNames:
+        - cluster.local
+        duration: 2160h
+        issuerRef:
+          name: ca-issuer
+        keySize: 2048
+        organization:
+        - ACME
+        secretName: keystone-tls-api
+        usages:
+        - server auth
+        - client auth
+
+  - values: |
+      cert_manager_version: v0.15.0
+      endpoints:
+        dashboard:
+          host_fqdn_override:
+            default:
+              host: null
+              tls:
+                secretName: keystone-tls-api
+                issuerRef:
+                  name: ca-issuer
+                  duration: 2160h
+                  organization:
+                    - ACME
+                  commonName: keystone-api.openstack.svc.cluster.local
+                  keySize: 2048
+                  usages:
+                    - server auth
+                    - client auth
+                  dnsNames:
+                    - cluster.local
+                  issuerRef:
+                    name: ca-issuer
+    usage: |
+      {{- $opts := dict "envAll" . "service" "dashboard" "type" "internal" -}}
+      {{ $opts | include "helm-toolkit.manifests.certificates" }}
    return: |
      ---
      apiVersion: cert-manager.io/v1alpha3
@@ -93,8 +141,16 @@ examples:
 {{- if not (hasKey $slice "usages") -}}
 {{- $_ := (list "server auth" "client auth") | set (index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls") "usages" -}}
 {{- end -}}
+{{- $cert_manager_version := "v1.0.0" -}}
+{{- if $envAll.Values.cert_manager_version -}}
+{{- $cert_manager_version = $envAll.Values.cert_manager_version -}}
+{{- end -}}
 ---
+{{- if semverCompare "< v1.0.0"  $cert_manager_version }}
 apiVersion: cert-manager.io/v1alpha3
+{{- else }}
+apiVersion: cert-manager.io/v1
+{{- end }}
 kind: Certificate
 metadata:
  name: {{ index $envAll.Values.endpoints $service "host_fqdn_override" "default" "tls" "secretName" }}
--- a/helm-toolkit/templates/manifests/_ingress.tpl
+++ b/helm-toolkit/templates/manifests/_ingress.tpl
@@ -220,6 +220,7 @@ examples:
                    serviceName: barbican-api
                    servicePort: b-api
  - values: |
+      cert_issuer_type: issuer
      network:
        api:
          ingress:
@@ -362,7 +363,7 @@ examples:
                name: ca-issuer
                kind: ClusterIssuer
    usage: |
-      {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "certIssuer" "cluster-issuer") -}}
+      {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}}
    return: |
      ---
      apiVersion: networking.k8s.io/v1beta1
@@ -554,14 +555,14 @@ examples:
 {{- $backendPort := index . "backendPort" -}}
 {{- $endpoint := index . "endpoint" | default "public" -}}
 {{- $certIssuer := index . "certIssuer" | default "" -}}
-{{- $certIssuerType := index . "certIssuerType" | default "issuer" -}}
-{{- if and (ne $certIssuerType "issuer") (ne $certIssuerType "cluster-issuer") }}
-{{- $certIssuerType = "issuer" -}}
-{{- end }}
 {{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 {{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 {{- $hostName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 {{- $hostNameFull := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
+{{- $certIssuerType := "cluster-issuer" -}}
+{{- if $envAll.Values.cert_issuer_type }}
+{{- $certIssuerType = $envAll.Values.cert_issuer_type }}
+{{- end }}
 ---
 apiVersion: networking.k8s.io/v1beta1
 kind: Ingress