[Helm] Use default ingress TLS certificate if tls.secretName is not s…

…et (#18259)

Signed-off-by: Mykola Morhun <mmorhun@redhat.com>

deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml

@@ -49,7 +49,9 @@ spec:
   tls:
   - hosts:
     - {{ template "devfileRegistryHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end -}}
 
 {{- end }}

deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml

@@ -28,7 +28,9 @@ spec:
   tls:
   - hosts:
     - {{ template "jaegerHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
   - host: {{ template "jaegerHost" . }}

deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml

@@ -27,7 +27,9 @@ spec:
   tls:
   - hosts:
     - {{ template "keycloakHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
 {{- if eq .Values.global.serverStrategy "default-host" }}

deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml

@@ -49,7 +49,9 @@ spec:
   tls:
   - hosts:
     - {{ template "pluginRegistryHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end -}}
 
 {{- end }}

deploy/kubernetes/helm/che/templates/configmap.yaml

@@ -34,7 +34,7 @@ data:
   CHE_INFRA_KUBERNETES_MASTER__URL: ""
 {{- if and .Values.global.tls .Values.global.tls.enabled }}
   CHE_INFRA_KUBERNETES_TLS__ENABLED: {{ .Values.global.tls.enabled | quote}}
-  CHE_INFRA_KUBERNETES_TLS__SECRET: {{ .Values.global.tls.secretName }}
+  CHE_INFRA_KUBERNETES_TLS__SECRET: {{ .Values.global.tls.secretName | quote}}
 {{- else }}
   CHE_INFRA_KUBERNETES_TLS__ENABLED: "false"
   CHE_INFRA_KUBERNETES_TLS__SECRET: ""

deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml

@@ -29,7 +29,9 @@ spec:
   tls:
   - hosts:
     - {{ template "cheHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
 {{- if ne .Values.global.serverStrategy "default-host" }}

deploy/kubernetes/helm/che/templates/deployment.yaml

@@ -107,7 +107,8 @@ spec:
 
         # If workspaces are created in a separate namespace(s)
         # then configure Che Server to propagate TLS secret to workspaces' namespaces
-        {{- if ne .Release.Namespace .Values.global.cheWorkspacesNamespace }}
+        # Do not propagate anything in case of using default ingress controller certificate (global.tls.secretName is empty)
+        {{- if and (ne .Release.Namespace .Values.global.cheWorkspacesNamespace) (.Values.global.tls.secretName) }}
         - name: "CHE_INFRA_KUBERNETES_TLS__CERT"
           valueFrom:
             secretKeyRef:

deploy/kubernetes/helm/che/templates/ingress.yaml

@@ -25,7 +25,9 @@ spec:
   tls:
   - hosts:
     - {{ template "cheHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
 {{- if ne .Values.global.serverStrategy "default-host" }}

deploy/kubernetes/helm/che/templates/metrics-ingress.yaml

@@ -36,7 +36,9 @@ spec:
   - hosts:
     - {{ template "prometheusHost" . }}
     - {{ template "grafanaHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
   - host: {{ template "prometheusHost" . }}

deploy/kubernetes/helm/che/values.yaml

@@ -51,6 +51,7 @@ global:
     ## Secret name that will be used in Che Ingresses for setting TLS up
     ## Note the helm chart does not create this secret and
     ## it MUST be pre-created in the configured Che namespace
+    ## If the value is empty, then the certificate from default ingress controller will be used.
     secretName: che-tls
 
     ## If self-signed certificate flag is enabled