-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcerts.js
More file actions
86 lines (77 loc) · 2.3 KB
/
certs.js
File metadata and controls
86 lines (77 loc) · 2.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
module.exports = (manifests, options) => {
const {
annotationEnableKey = "kontinuous/use-cert-manager",
defaultEnabled = true,
detectWildcard = true,
internalHosts = [],
detectInternal = internalHosts.length > 0,
secretName = "wildcard-crt",
clusterIssuer = "letsencrypt-prod",
namespaceLabels = {
cert: "wildcard",
},
} = options
const hasWildcard = (host) => host.endsWith(options.wildcardHost)
const isInternalHost = (host) =>
internalHosts.some((internalHost) => host.endsWith(internalHost))
const wildcardNamespaces = new Set()
for (const manifest of manifests) {
const tls = manifest.spec?.tls || []
for (const tlsEntry of tls) {
const { hosts } = tlsEntry
if (hosts.some(hasWildcard)) {
const namespace = manifest.metadata?.namespace
if (namespace) {
wildcardNamespaces.add(namespace)
}
tlsEntry.secretName = secretName
}
let enabled = defaultEnabled
const annotationEnableValue =
manifest.metadata?.annotations?.[annotationEnableKey]
if (
annotationEnableValue !== undefined &&
annotationEnableValue !== null &&
annotationEnableValue !== ""
) {
enabled = annotationEnableValue !== "false"
} else if (detectWildcard && hosts.some(hasWildcard)) {
enabled = false
} else if (detectInternal && !hosts.every(isInternalHost)) {
enabled = false
}
if (!enabled) {
continue
}
if (!manifest.metadata) {
manifest.metadata = {}
}
if (!manifest.metadata.annotations) {
manifest.metadata.annotations = {}
}
Object.assign(manifest.metadata.annotations, {
"cert-manager.io": "cluster-issuer",
"cert-manager.io/cluster-issuer": clusterIssuer,
"kubernetes.io/tls-acme": "true",
})
}
}
for (const wildcardNamespace of wildcardNamespaces) {
const ns = manifests.find(
(manifest) =>
manifest.kind === "Namespace" &&
manifest.metadata.name === wildcardNamespace
)
if (!ns) {
continue
}
if (!ns.metadata) {
ns.metadata = {}
}
if (!ns.metadata.labels) {
ns.metadata.labels = {}
}
Object.assign(ns.metadata.labels, namespaceLabels)
}
return manifests
}