Skip to content

Commit

Permalink
feat: make tls certificate optional
Browse files Browse the repository at this point in the history
This gives people the opertunity to use a wildcard cert in the ingress
  • Loading branch information
TrayserCassa committed Oct 11, 2024
1 parent 1ac770e commit 3e43f44
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 12 deletions.
3 changes: 3 additions & 0 deletions api/v1/store.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,9 @@ type NetworkSpec struct {
IngressClassName string `json:"ingressClassName,omitempty"`
Annotations map[string]string `json:"annotations,omitempty"`
Labels map[string]string `json:"labels,omitempty"`

// +kubebuilder:default=store-tls
TLSSecretName string `json:"tlsSecretName,omitempty"`
}

type ContainerSpec struct {
Expand Down
23 changes: 11 additions & 12 deletions internal/ingress/ingress.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,16 @@ func GetStoreIngress(
func StoreIngress(store *v1.Store) *networkingv1.Ingress {
pathType := networkingv1.PathTypePrefix

var tls []networkingv1.IngressTLS
if store.Spec.Network.TLSSecretName != "" {
tls = append(tls, networkingv1.IngressTLS{
Hosts: []string{
store.Spec.Network.Host,
},
SecretName: store.Spec.Network.TLSSecretName,
})
}

return &networkingv1.Ingress{
TypeMeta: metav1.TypeMeta{},
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -102,22 +112,11 @@ func StoreIngress(store *v1.Store) *networkingv1.Ingress {
},
},
},
TLS: []networkingv1.IngressTLS{
{
Hosts: []string{
store.Spec.Network.Host,
},
SecretName: GetTLSStoreSecretName(store),
},
},
TLS: tls,
},
}
}

func GetStoreIngressName(store *v1.Store) string {
return fmt.Sprintf("store-%s", store.Name)
}

func GetTLSStoreSecretName(store *v1.Store) string {
return fmt.Sprintf("store-tls-%s", store.Name)
}

0 comments on commit 3e43f44

Please sign in to comment.