/
certmanager.go
84 lines (72 loc) · 2.56 KB
/
certmanager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package integrations
import (
"context"
"fmt"
"dario.cat/mergo"
"github.com/borchero/switchboard/internal/k8s"
certmanager "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
)
type certManager struct {
client client.Client
template certmanager.Certificate
}
// NewCertManager initializes a new cert-manager integration which creates certificates which use
// the provided issuer.
func NewCertManager(client client.Client, template certmanager.Certificate) Integration {
return &certManager{client, template}
}
func (*certManager) Name() string {
return "cert-manager"
}
func (*certManager) OwnedResource() client.Object {
return &certmanager.Certificate{}
}
func (*certManager) WatchedObject() client.Object {
return nil
}
func (c *certManager) UpdateResource(
ctx context.Context, owner metav1.Object, info IngressInfo,
) error {
// If the ingress does not specify a TLS secret name or specifies no hosts, no certificate
// needs to be created.
if info.TLSSecretName == nil || len(info.Hosts) == 0 {
certificate := certmanager.Certificate{ObjectMeta: c.objectMeta(owner)}
if err := k8s.DeleteIfFound(ctx, c.client, &certificate); err != nil {
return fmt.Errorf("failed to delete TLS certificate: %w", err)
}
return nil
}
// Otherwise, we can create the certificate resource
resource := certmanager.Certificate{ObjectMeta: c.objectMeta(owner)}
if _, err := controllerutil.CreateOrPatch(ctx, c.client, &resource, func() error {
// Meta
if err := reconcileMetadata(
owner, &resource, c.client.Scheme(), &c.template.ObjectMeta,
); err != nil {
return fmt.Errorf("failed to reconcile metadata: %s", err)
}
// Spec
template := c.template.Spec.DeepCopy()
template.SecretName = *info.TLSSecretName
template.DNSNames = info.Hosts
if err := mergo.Merge(&resource.Spec, template, mergo.WithOverride); err != nil {
return fmt.Errorf("failed to reconcile specification: %s", err)
}
return nil
}); err != nil {
return fmt.Errorf("failed to upsert TLS certificate: %w", err)
}
return nil
}
//-------------------------------------------------------------------------------------------------
// UTILS
//-------------------------------------------------------------------------------------------------
func (*certManager) objectMeta(parent metav1.Object) metav1.ObjectMeta {
return metav1.ObjectMeta{
Name: fmt.Sprintf("%s-tls", parent.GetName()),
Namespace: parent.GetNamespace(),
}
}