Skip to content

Commit

Permalink
Issue certifcates for etcd-operator
Browse files Browse the repository at this point in the history 
This commit will add the capability to issue selfsigned certificates for etcd-operator.

Signed-off-by: ArkaSaha30 <[email protected]>
  • Loading branch information
@ArkaSaha30
ArkaSaha30 committed Dec 7, 2024
1 parent 340fe74 commit f5456d0
Show file tree
Hide file tree
Showing 10 changed files with 97 additions and 2 deletions.
15 changes: 14 additions & 1 deletion api/v1alpha1/etcdcluster_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,18 @@ import (
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.

type MemberSecrets struct {
PeerSecret string `json:"peerSecret"`
ServerSecret string `json:"serverSecret"`
}

// TLSCertificate defines the certificate issued by the certificate provider
type TLSCertificate struct {
Member MemberSecrets `json:"member"`
OperatorSecret string `json:"operatorSecret"`
Provider string `json:"provider"`
}

// EtcdClusterSpec defines the desired state of EtcdCluster.
type EtcdClusterSpec struct {
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Expand All @@ -31,7 +43,8 @@ type EtcdClusterSpec struct {
// Size is the expected size of the etcd cluster.
Size int `json:"size"`
// Version is the expected version of the etcd container image.
Version string `json:"version"`
Version string `json:"version"`
TLS *TLSCertificate `json:"tls,omitempty"`
}

// EtcdClusterStatus defines the observed state of EtcdCluster.
Expand Down
7 changes: 7 additions & 0 deletions config/certmanager/cert-manager_issuer.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned
namespace: etcd-operator-system
spec:
selfSigned: {}
11 changes: 11 additions & 0 deletions config/certmanager/etcd-client-cert.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etcd-client-certificate
namespace: etcd-operator-system
spec:
secretName: etcd-client-tls
dnsNames:
- etcd.etcd-operator-system
issuerRef:
name: etcd-operator-selfsigned
11 changes: 11 additions & 0 deletions config/certmanager/etcd-peer-cert.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etcd-peer-certificate
namespace: etcd-operator-system
spec:
secretName: etcd-peer-tls
dnsNames:
- etcd.etcd-operator-system
issuerRef:
name: etcd-operator-selfsigned
11 changes: 11 additions & 0 deletions config/certmanager/etcd-server-cert.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: etcd-server-certificate
namespace: etcd-operator-system
spec:
secretName: etcd-server-tls
dnsNames:
- etcd.etcd-operator-system
issuerRef:
name: etcd-operator-selfsigned
5 changes: 5 additions & 0 deletions config/certmanager/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resources:
- cert-manager_issuer.yaml
- etcd-peer-cert.yaml
- etcd-server-cert.yaml
- etcd-client-cert.yaml
22 changes: 22 additions & 0 deletions config/crd/bases/operator.etcd.io_etcdclusters.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,28 @@ spec:
description: Version is the expected version of the etcd container
image.
type: string
tls:
description: TLSCertificate defines the certificate issued by the
certificate provider
properties:
member:
properties:
peerSecret:
type: string
serverSecret:
type: string
required:
- peerSecret
- serverSecret
type: object
operatorSecret:
type: string
provider:
type: string
required:
- operatorSecret
- provider
type: object
required:
- size
- version
Expand Down
2 changes: 1 addition & 1 deletion config/default/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ resources:
# crd/kustomization.yaml
#- ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
#- ../certmanager
- ../certmanager
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ../prometheus
# [METRICS] Expose the controller manager metrics service.
Expand Down
6 changes: 6 additions & 0 deletions config/manager/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,8 @@
resources:
- manager.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: arkasaha30/etcd-operator
newTag: cert2
9 changes: 9 additions & 0 deletions config/samples/operator_v1alpha1_etcdcluster.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,12 @@ metadata:
name: etcdcluster-sample
spec:
# TODO(user): Add fields here
size: 4
version: "3.5.17"
tls:
member:
peerSecret: etcd-peer-tls
serverSecret: etcd-server-tls
operatorSecret: etcd-client-tls
provider: cert-manager

0 comments on commit f5456d0

Please sign in to comment.