From 0815cdb1e0c88fe93a9e636fb48eb0110ac2b542 Mon Sep 17 00:00:00 2001
From: Mykola Morhun <mmorhun@redhat.com>
Date: Tue, 10 Nov 2020 12:35:42 +0200
Subject: [PATCH] [Helm] Use default ingress TLS certificate if tls.secretName
 is not set (#18259)

Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
---
 .../custom-charts/che-devfile-registry/templates/ingress.yaml  | 2 ++
 .../helm/che/custom-charts/che-jaeger/templates/ingress.yaml   | 2 ++
 .../helm/che/custom-charts/che-keycloak/templates/ingress.yaml | 2 ++
 .../custom-charts/che-plugin-registry/templates/ingress.yaml   | 2 ++
 deploy/kubernetes/helm/che/templates/configmap.yaml            | 2 +-
 deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml    | 2 ++
 deploy/kubernetes/helm/che/templates/deployment.yaml           | 3 ++-
 deploy/kubernetes/helm/che/templates/ingress.yaml              | 2 ++
 deploy/kubernetes/helm/che/templates/metrics-ingress.yaml      | 2 ++
 deploy/kubernetes/helm/che/values.yaml                         | 1 +
 10 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml b/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml
index 17c44075d8e..63af4fbb572 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml
@@ -49,7 +49,9 @@ spec:
   tls:
   - hosts:
     - {{ template "devfileRegistryHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end -}}
 
 {{- end }}
diff --git a/deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml b/deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml
index e227256f891..c8dcfd7b7ca 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml
@@ -28,7 +28,9 @@ spec:
   tls:
   - hosts:
     - {{ template "jaegerHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
   - host: {{ template "jaegerHost" . }}
diff --git a/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml b/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml
index 64161eea50b..9f072318ee8 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml
@@ -27,7 +27,9 @@ spec:
   tls:
   - hosts:
     - {{ template "keycloakHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
 {{- if eq .Values.global.serverStrategy "default-host" }}
diff --git a/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml b/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml
index 64221a9b19e..873f86369e0 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml
@@ -49,7 +49,9 @@ spec:
   tls:
   - hosts:
     - {{ template "pluginRegistryHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end -}}
 
 {{- end }}
diff --git a/deploy/kubernetes/helm/che/templates/configmap.yaml b/deploy/kubernetes/helm/che/templates/configmap.yaml
index 31a018328fb..8221b2f7f28 100644
--- a/deploy/kubernetes/helm/che/templates/configmap.yaml
+++ b/deploy/kubernetes/helm/che/templates/configmap.yaml
@@ -34,7 +34,7 @@ data:
   CHE_INFRA_KUBERNETES_MASTER__URL: ""
 {{- if and .Values.global.tls .Values.global.tls.enabled }}
   CHE_INFRA_KUBERNETES_TLS__ENABLED: {{ .Values.global.tls.enabled | quote}}
-  CHE_INFRA_KUBERNETES_TLS__SECRET: {{ .Values.global.tls.secretName }}
+  CHE_INFRA_KUBERNETES_TLS__SECRET: {{ .Values.global.tls.secretName | quote}}
 {{- else }}
   CHE_INFRA_KUBERNETES_TLS__ENABLED: "false"
   CHE_INFRA_KUBERNETES_TLS__SECRET: ""
diff --git a/deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml b/deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml
index 8c5b97a0be1..3ff389b42e8 100644
--- a/deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml
+++ b/deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml
@@ -29,7 +29,9 @@ spec:
   tls:
   - hosts:
     - {{ template "cheHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
 {{- if ne .Values.global.serverStrategy "default-host" }}
diff --git a/deploy/kubernetes/helm/che/templates/deployment.yaml b/deploy/kubernetes/helm/che/templates/deployment.yaml
index 91ce8f0c670..97cc76a45c4 100644
--- a/deploy/kubernetes/helm/che/templates/deployment.yaml
+++ b/deploy/kubernetes/helm/che/templates/deployment.yaml
@@ -107,7 +107,8 @@ spec:
 
         # If workspaces are created in a separate namespace(s)
         # then configure Che Server to propagate TLS secret to workspaces' namespaces
-        {{- if ne .Release.Namespace .Values.global.cheWorkspacesNamespace }}
+        # Do not propagate anything in case of using default ingress controller certificate (global.tls.secretName is empty)
+        {{- if and (ne .Release.Namespace .Values.global.cheWorkspacesNamespace) (.Values.global.tls.secretName) }}
         - name: "CHE_INFRA_KUBERNETES_TLS__CERT"
           valueFrom:
             secretKeyRef:
diff --git a/deploy/kubernetes/helm/che/templates/ingress.yaml b/deploy/kubernetes/helm/che/templates/ingress.yaml
index fa06a8925ab..801243e33d3 100644
--- a/deploy/kubernetes/helm/che/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/templates/ingress.yaml
@@ -25,7 +25,9 @@ spec:
   tls:
   - hosts:
     - {{ template "cheHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
 {{- if ne .Values.global.serverStrategy "default-host" }}
diff --git a/deploy/kubernetes/helm/che/templates/metrics-ingress.yaml b/deploy/kubernetes/helm/che/templates/metrics-ingress.yaml
index b740fb7a99c..d4b2f1744b1 100644
--- a/deploy/kubernetes/helm/che/templates/metrics-ingress.yaml
+++ b/deploy/kubernetes/helm/che/templates/metrics-ingress.yaml
@@ -36,7 +36,9 @@ spec:
   - hosts:
     - {{ template "prometheusHost" . }}
     - {{ template "grafanaHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
   - host: {{ template "prometheusHost" . }}
diff --git a/deploy/kubernetes/helm/che/values.yaml b/deploy/kubernetes/helm/che/values.yaml
index d846f476403..6fbebf1f39b 100644
--- a/deploy/kubernetes/helm/che/values.yaml
+++ b/deploy/kubernetes/helm/che/values.yaml
@@ -51,6 +51,7 @@ global:
     ## Secret name that will be used in Che Ingresses for setting TLS up
     ## Note the helm chart does not create this secret and
     ## it MUST be pre-created in the configured Che namespace
+    ## If the value is empty, then the certificate from default ingress controller will be used.
     secretName: che-tls
 
     ## If self-signed certificate flag is enabled