Merge pull request #19 from janlauber/enhance-tls

feat: add custom tlsSecretName
janlauber · Mar 26, 2024 · 43d9acc · 43d9acc
2 parents 8df39f7 + e28ac4c
commit 43d9acc
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 13 deletions.
diff --git a/api/v1alpha1/rollout_types.go b/api/v1alpha1/rollout_types.go
@@ -93,9 +93,10 @@ type IngressSpec struct {
 }
 
 type IngressRule struct {
-	Host string `json:"host"`
-	Path string `json:"path"`
-	TLS  bool   `json:"tls"`
+	Host          string `json:"host"`
+	Path          string `json:"path"`
+	TLS           bool   `json:"tls"`
+	TlsSecretName string `json:"tlsSecretName,omitempty"`
 }
 
 // RolloutSpec defines the desired state of Rollout

diff --git a/config/crd/bases/one-click.dev_rollouts.yaml b/config/crd/bases/one-click.dev_rollouts.yaml
@@ -115,6 +115,8 @@ spec:
                                 type: string
                               tls:
                                 type: boolean
+                              tlsSecretName:
+                                type: string
                             required:
                             - host
                             - path

diff --git a/controllers/deployment.go b/controllers/deployment.go
@@ -51,7 +51,8 @@ func (r *RolloutReconciler) reconcileDeployment(ctx context.Context, rollout *on
 
 func (r *RolloutReconciler) deploymentForRollout(ctx context.Context, f *oneclickiov1alpha1.Rollout) *appsv1.Deployment {
 	log := log.FromContext(context.Background())
-	labels := map[string]string{"rollout.one-click.dev/name": f.Name}
+	// the name of the namespace is the project name
+	labels := map[string]string{"rollout.one-click.dev/name": f.Name, "project.one-click.dev/name": f.Namespace}
 	replicas := int32(f.Spec.HorizontalScale.MinReplicas)
 
 	dep := &appsv1.Deployment{

diff --git a/controllers/ingress.go b/controllers/ingress.go
@@ -127,7 +127,8 @@ func (r *RolloutReconciler) reconcileIngress(ctx context.Context, f *oneclickiov
 }
 
 func (r *RolloutReconciler) ingressForRollout(f *oneclickiov1alpha1.Rollout, intf oneclickiov1alpha1.InterfaceSpec) *networkingv1.Ingress {
-	labels := map[string]string{"rollout.one-click.dev/name": f.Name}
+	// the name of the namespace is the project name
+	labels := map[string]string{"rollout.one-click.dev/name": f.Name, "project.one-click.dev/name": f.Namespace}
 	ingress := &networkingv1.Ingress{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:        intf.Name + "-ingress", // Create a unique name for the Ingress
@@ -183,9 +184,18 @@ func (r *RolloutReconciler) ingressForRollout(f *oneclickiov1alpha1.Rollout, int
 
 		// Add TLS configuration if TLS is enabled for this ingress path
 		if rule.TLS {
-			tls := networkingv1.IngressTLS{
-				Hosts:      []string{rule.Host},
-				SecretName: intf.Name + "-tls-secret", // Name of the TLS secret
+			var tls networkingv1.IngressTLS
+
+			// Add the TLS secret name if defined
+			if rule.TlsSecretName == "" {
+				tls = networkingv1.IngressTLS{
+					Hosts:      []string{rule.Host},
+					SecretName: intf.Name + "-tls-secret", // Name of the TLS secret
+				}
+			} else {
+				tls = networkingv1.IngressTLS{
+					SecretName: rule.TlsSecretName,
+				}
 			}
 			ingress.Spec.TLS = append(ingress.Spec.TLS, tls)
 		}
@@ -235,11 +245,19 @@ func getIngressTLS(intf oneclickiov1alpha1.InterfaceSpec) []networkingv1.Ingress
 
 	// Loop over each rule defined in the ingress path
 	for _, rule := range intf.Ingress.Rules {
-		// Add TLS configuration if TLS is enabled for this ingress path
 		if rule.TLS {
-			tls := networkingv1.IngressTLS{
-				Hosts:      []string{rule.Host},
-				SecretName: intf.Name + "-tls-secret", // Name of the TLS secret
+			var tls networkingv1.IngressTLS
+
+			// Add the TLS secret name if defined
+			if rule.TlsSecretName == "" {
+				tls = networkingv1.IngressTLS{
+					Hosts:      []string{rule.Host},
+					SecretName: intf.Name + "-tls-secret", // Name of the TLS secret
+				}
+			} else {
+				tls = networkingv1.IngressTLS{
+					SecretName: rule.TlsSecretName,
+				}
 			}
 			tlsConfigs = append(tlsConfigs, tls)
 		}

diff --git a/controllers/secrets.go b/controllers/secrets.go
@@ -122,7 +122,7 @@ func (r *RolloutReconciler) secretForRollout(f *oneclickiov1alpha1.Rollout) (*co
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      f.Name + "-secrets", // Naming the secret based on the Rollout name
 			Namespace: f.Namespace,
-			Labels:    map[string]string{"rollout.one-click.dev/name": f.Name},
+			Labels:    map[string]string{"rollout.one-click.dev/name": f.Name, "project.one-click.dev/name": f.Namespace},
 		},
 		StringData: secretData,
 	}

diff --git a/controllers/service.go b/controllers/service.go
@@ -94,6 +94,7 @@ func (r *RolloutReconciler) serviceForRollout(f *oneclickiov1alpha1.Rollout, int
 	}
 	selectorLabels := map[string]string{
 		"rollout.one-click.dev/name": f.Name,
+		"project.one-click.dev/name": f.Namespace,
 	}
 	svc := &corev1.Service{
 		ObjectMeta: metav1.ObjectMeta{

diff --git a/controllers/volume.go b/controllers/volume.go
@@ -120,6 +120,7 @@ func allowsVolumeExpansion(sc *storagev1.StorageClass) bool {
 func (r *RolloutReconciler) constructPVCForRollout(rollout *oneclickiov1alpha1.Rollout, volSpec oneclickiov1alpha1.VolumeSpec) *corev1.PersistentVolumeClaim {
 	labels := map[string]string{
 		"rollout.one-click.dev/name": rollout.Name,
+		"project.one-click.dev/name": rollout.Namespace,
 	}
 
 	pvc := &corev1.PersistentVolumeClaim{