issuer naming should respect issuer_name override (#378)

align the spire-server configmap and issuer CR naming --------- Signed-off-by: Drew Wells <dwells@infoblox.com> Signed-off-by: Faisal Memon <fymemon@yahoo.com> Co-authored-by: Faisal Memon <fymemon@yahoo.com>
spiffe · Aug 2, 2023 · d2e1606 · d2e1606
1 parent a2e5c36
commit d2e1606
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/charts/spire/charts/spire-server/templates/configmap.yaml b/charts/spire/charts/spire-server/templates/configmap.yaml
@@ -78,7 +78,7 @@ plugins:
   UpstreamAuthority:
     - cert-manager:
         plugin_data:
-          issuer_name: {{ default (include "spire-server.fullname" $root) .issuer_name }}
+          issuer_name: {{ default (include "spire-server.fullname" $root) .issuer_name }}-ca
           issuer_kind: {{ .issuer_kind | quote }}
           issuer_group: {{ .issuer_group | quote }}
           namespace: {{ default $root.Release.Namespace .namespace | quote }}

diff --git a/charts/spire/charts/spire-server/templates/issuer.yaml b/charts/spire/charts/spire-server/templates/issuer.yaml
@@ -1,12 +1,13 @@
 {{- with .Values.upstreamAuthority.certManager }}
 {{ if and .enabled .ca.create }}
+{{ $issuerName := printf "%s-selfsigned" (default (include "spire-server.fullname" $) .issuer_name)  }}
 {{/*
 Configuring CA Issuer: https://cert-manager.io/docs/configuration/ca/
 */}}
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ include "spire-server.fullname" $ }}-selfsigned
+  name: {{ $issuerName }}
   namespace: {{ include "spire-server.namespace" $ }}
   labels:
     {{- include "spire-server.labels" $ | nindent 4}}
@@ -38,14 +39,14 @@ spec:
   renewBefore: {{ . }}
   {{- end }}
   issuerRef:
-    name: {{ include "spire-server.fullname" $ }}-selfsigned
+    name: {{ $issuerName }}
     kind: Issuer
     group: cert-manager.io
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ include "spire-server.fullname" $ }}
+  name: {{ include "spire-server.fullname" $ }}-ca
   namespace: {{ include "spire-server.namespace" $ }}
 spec:
   ca:

diff --git a/charts/spire/charts/spire-server/templates/statefulset.yaml b/charts/spire/charts/spire-server/templates/statefulset.yaml
@@ -58,7 +58,7 @@ spec:
             - --timeout=3m
             - --for=condition=ready
             - issuer
-            - {{ include "spire-server.fullname" $ }}
+            - {{ include "spire-server.fullname" $ }}-ca
           imagePullPolicy: {{ .Values.tools.kubectl.image.pullPolicy }}
       {{- end }}
       {{- if gt (len .Values.initContainers) 0 }}