add ability to use a custom issuer

kubernetes-sigs · Feb 21, 2024 · 957aca5 · 957aca5
1 parent 2914bff
commit 957aca5
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 9 deletions.
diff --git a/deployment/helm/node-feature-discovery/templates/cert-manager-certs.yaml b/deployment/helm/node-feature-discovery/templates/cert-manager-certs.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.tls.certManager }}
+{{- if .Values.tls.certManager.enable }}
 {{- if .Values.master.enable }}
 ---
 apiVersion: cert-manager.io/v1
@@ -19,8 +19,8 @@ spec:
   - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" .  }}.svc
   - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
   issuerRef:
-    name: nfd-ca-issuer
-    kind: Issuer
+    name: {{ default "nfd-ca-issuer" .Values.tls.certManager.issuerName }}
+    kind: {{ default "Issuer" .Values.tls.certManager.issuerKind }}
     group: cert-manager.io
 {{- end }}
 ---
@@ -39,8 +39,8 @@ spec:
   dnsNames:
   - {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
   issuerRef:
-    name: nfd-ca-issuer
-    kind: Issuer
+    name: {{ default "nfd-ca-issuer" .Values.tls.certManager.issuerName }}
+    kind: {{ default "Issuer" .Values.tls.certManager.issuerKind }}
     group: cert-manager.io
 {{- end }}
 
@@ -60,8 +60,8 @@ spec:
   dnsNames:
   - {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
   issuerRef:
-    name: nfd-ca-issuer
-    kind: Issuer
+    name: {{ default "nfd-ca-issuer" .Values.tls.certManager.issuerName }}
+    kind: {{ default "Issuer" .Values.tls.certManager.issuerKind }}
     group: cert-manager.io
 {{- end }}
 

diff --git a/deployment/helm/node-feature-discovery/templates/cert-manager-issuer.yaml b/deployment/helm/node-feature-discovery/templates/cert-manager-issuer.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.tls.certManager }}
+{{- if and .Values.tls.certManager.enable (not .Values.tls.certManager.issuerName ) }}
 # See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
 # - Create a self signed issuer
 # - Use this to create a CA cert

diff --git a/deployment/helm/node-feature-discovery/values.yaml b/deployment/helm/node-feature-discovery/values.yaml
@@ -529,7 +529,10 @@ gc:
 # need to manually, or otherwise, provision the TLS certs as secrets
 tls:
   enable: false
-  certManager: false
+  certManager:
+    enable: false
+    issuerKind:
+    issuerName:
 
 prometheus:
   enable: false