Skip to content

Commit 0c8544f

Browse files
mjudeikismjudeikis
committed
Add baseURL and certificate issuer overides
Signed-off-by: Mangirdas Judeikis <[email protected]> On-behalf-of: @SAP [email protected]
1 parent bf12804 commit 0c8544f

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

45 files changed

+804
-1039
lines changed

config/crd/bases/operator.kcp.io_frontproxies.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -188,6 +188,9 @@ spec:
188188
description: |-
189189
Requested DNS subject alternative names. The values given here will be merged into the
190190
DNS names determined automatically by the kcp-operator.
191+
If DNSNames is used together with IssuerRef, DNSNames will be uses as-is and not merged.
192+
If IssuerRef is not set, DNSNames will be merged with the defaults. This is to avoid
193+
trying to guess what DNSNames configued issuer might support.
191194
items:
192195
type: string
193196
type: array
@@ -208,6 +211,22 @@ spec:
208211
items:
209212
type: string
210213
type: array
214+
issuerRef:
215+
description: IssuerRef is a reference to the issuer for
216+
this certificate.
217+
properties:
218+
group:
219+
description: Group of the resource being referred to.
220+
type: string
221+
kind:
222+
description: Kind of the resource being referred to.
223+
type: string
224+
name:
225+
description: Name of the resource being referred to.
226+
type: string
227+
required:
228+
- name
229+
type: object
211230
privateKey:
212231
description: |-
213232
Private key options. These include the key algorithm and size, the used

config/crd/bases/operator.kcp.io_kubeconfigs.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,9 @@ spec:
6565
description: |-
6666
Requested DNS subject alternative names. The values given here will be merged into the
6767
DNS names determined automatically by the kcp-operator.
68+
If DNSNames is used together with IssuerRef, DNSNames will be uses as-is and not merged.
69+
If IssuerRef is not set, DNSNames will be merged with the defaults. This is to avoid
70+
trying to guess what DNSNames configued issuer might support.
6871
items:
6972
type: string
7073
type: array
@@ -85,6 +88,22 @@ spec:
8588
items:
8689
type: string
8790
type: array
91+
issuerRef:
92+
description: IssuerRef is a reference to the issuer for this
93+
certificate.
94+
properties:
95+
group:
96+
description: Group of the resource being referred to.
97+
type: string
98+
kind:
99+
description: Kind of the resource being referred to.
100+
type: string
101+
name:
102+
description: Name of the resource being referred to.
103+
type: string
104+
required:
105+
- name
106+
type: object
88107
privateKey:
89108
description: |-
90109
Private key options. These include the key algorithm and size, the used

config/crd/bases/operator.kcp.io_rootshards.yaml

Lines changed: 51 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -274,6 +274,9 @@ spec:
274274
description: |-
275275
Requested DNS subject alternative names. The values given here will be merged into the
276276
DNS names determined automatically by the kcp-operator.
277+
If DNSNames is used together with IssuerRef, DNSNames will be uses as-is and not merged.
278+
If IssuerRef is not set, DNSNames will be merged with the defaults. This is to avoid
279+
trying to guess what DNSNames configued issuer might support.
277280
items:
278281
type: string
279282
type: array
@@ -294,6 +297,22 @@ spec:
294297
items:
295298
type: string
296299
type: array
300+
issuerRef:
301+
description: IssuerRef is a reference to the issuer for
302+
this certificate.
303+
properties:
304+
group:
305+
description: Group of the resource being referred to.
306+
type: string
307+
kind:
308+
description: Kind of the resource being referred to.
309+
type: string
310+
name:
311+
description: Name of the resource being referred to.
312+
type: string
313+
required:
314+
- name
315+
type: object
297316
privateKey:
298317
description: |-
299318
Private key options. These include the key algorithm and size, the used
@@ -472,19 +491,21 @@ spec:
472491
to acquire new certificates. This field is mutually exclusive with caSecretRef.
473492
properties:
474493
group:
475-
description: Group of the object being referred to.
494+
description: Group of the resource being referred to.
476495
type: string
477496
kind:
478-
description: Kind of the object being referred to.
497+
description: Kind of the resource being referred to.
479498
type: string
480499
name:
481-
description: Name of the object being referred to.
500+
description: Name of the resource being referred to.
482501
type: string
483502
required:
484503
- name
485504
type: object
486505
type: object
487506
clusterDomain:
507+
description: ClusterDomain is the DNS domain for services in the cluster.
508+
Defaults to "cluster.local" if not set.
488509
type: string
489510
deploymentTemplate:
490511
description: 'Optional: DeploymentTemplate configures the Kubernetes
@@ -1689,6 +1710,9 @@ spec:
16891710
description: |-
16901711
Requested DNS subject alternative names. The values given here will be merged into the
16911712
DNS names determined automatically by the kcp-operator.
1713+
If DNSNames is used together with IssuerRef, DNSNames will be uses as-is and not merged.
1714+
If IssuerRef is not set, DNSNames will be merged with the defaults. This is to avoid
1715+
trying to guess what DNSNames configued issuer might support.
16921716
items:
16931717
type: string
16941718
type: array
@@ -1709,6 +1733,25 @@ spec:
17091733
items:
17101734
type: string
17111735
type: array
1736+
issuerRef:
1737+
description: IssuerRef is a reference to the issuer
1738+
for this certificate.
1739+
properties:
1740+
group:
1741+
description: Group of the resource being referred
1742+
to.
1743+
type: string
1744+
kind:
1745+
description: Kind of the resource being referred
1746+
to.
1747+
type: string
1748+
name:
1749+
description: Name of the resource being referred
1750+
to.
1751+
type: string
1752+
required:
1753+
- name
1754+
type: object
17121755
privateKey:
17131756
description: |-
17141757
Private key options. These include the key algorithm and size, the used
@@ -3198,6 +3241,11 @@ spec:
31983241
type: string
31993242
type: object
32003243
type: object
3244+
shardBaseURL:
3245+
description: |-
3246+
ShardBaseURL is the base URL under which this shard should be reachable. This is used to configure
3247+
the external URL. If not provided, the operator will use kubernetes service address to generate it.
3248+
type: string
32013249
required:
32023250
- cache
32033251
- certificates

config/crd/bases/operator.kcp.io_shards.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -258,6 +258,9 @@ spec:
258258
description: |-
259259
Requested DNS subject alternative names. The values given here will be merged into the
260260
DNS names determined automatically by the kcp-operator.
261+
If DNSNames is used together with IssuerRef, DNSNames will be uses as-is and not merged.
262+
If IssuerRef is not set, DNSNames will be merged with the defaults. This is to avoid
263+
trying to guess what DNSNames configued issuer might support.
261264
items:
262265
type: string
263266
type: array
@@ -278,6 +281,22 @@ spec:
278281
items:
279282
type: string
280283
type: array
284+
issuerRef:
285+
description: IssuerRef is a reference to the issuer for
286+
this certificate.
287+
properties:
288+
group:
289+
description: Group of the resource being referred to.
290+
type: string
291+
kind:
292+
description: Kind of the resource being referred to.
293+
type: string
294+
name:
295+
description: Name of the resource being referred to.
296+
type: string
297+
required:
298+
- name
299+
type: object
281300
privateKey:
282301
description: |-
283302
Private key options. These include the key algorithm and size, the used
@@ -428,6 +447,8 @@ spec:
428447
certificates for this shard.
429448
type: object
430449
clusterDomain:
450+
description: ClusterDomain is the DNS domain for services in the cluster.
451+
Defaults to "cluster.local" if not set.
431452
type: string
432453
deploymentTemplate:
433454
description: 'Optional: DeploymentTemplate configures the Kubernetes
@@ -1702,6 +1723,11 @@ spec:
17021723
type: string
17031724
type: object
17041725
type: object
1726+
shardBaseURL:
1727+
description: |-
1728+
ShardBaseURL is the base URL under which this shard should be reachable. This is used to configure
1729+
the external URL. If not provided, the operator will use kubernetes service address to generate it.
1730+
type: string
17051731
required:
17061732
- etcd
17071733
- rootShard

go.mod

Lines changed: 43 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -5,30 +5,31 @@ go 1.23.0
55
replace github.com/kcp-dev/kcp-operator/sdk => ./sdk
66

77
require (
8-
github.com/cert-manager/cert-manager v1.16.2
8+
github.com/cert-manager/cert-manager v1.18.2
99
github.com/go-logr/logr v1.4.2
1010
github.com/go-logr/zapr v1.3.0
1111
github.com/go-test/deep v1.1.0
1212
github.com/kcp-dev/code-generator/v2 v2.3.1
1313
github.com/kcp-dev/kcp-operator/sdk v0.0.0-00010101000000-000000000000
1414
github.com/kcp-dev/kcp/sdk v0.27.1
1515
github.com/kcp-dev/logicalcluster/v3 v3.0.5
16-
github.com/stretchr/testify v1.9.0
16+
github.com/stretchr/testify v1.10.0
1717
go.uber.org/zap v1.27.0
1818
k8c.io/reconciler v0.5.0
19-
k8s.io/api v0.31.6
20-
k8s.io/apimachinery v0.31.6
21-
k8s.io/client-go v0.31.6
22-
k8s.io/code-generator v0.31.6
23-
k8s.io/utils v0.0.0-20240921022957-49e7df575cb6
19+
k8s.io/api v0.32.0
20+
k8s.io/apimachinery v0.32.0
21+
k8s.io/client-go v0.32.0
22+
k8s.io/code-generator v0.32.0
23+
k8s.io/utils v0.0.0-20241210054802-24370beab758
2424
sigs.k8s.io/controller-runtime v0.19.0
2525
sigs.k8s.io/controller-tools v0.16.1
2626
sigs.k8s.io/yaml v1.4.0
2727
)
2828

2929
require (
30+
cel.dev/expr v0.19.1 // indirect
3031
github.com/Masterminds/semver/v3 v3.2.1 // indirect
31-
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
32+
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
3233
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
3334
github.com/beorn7/perks v1.0.1 // indirect
3435
github.com/blang/semver/v4 v4.0.0 // indirect
@@ -39,80 +40,79 @@ require (
3940
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
4041
github.com/fatih/color v1.17.0 // indirect
4142
github.com/felixge/httpsnoop v1.0.4 // indirect
42-
github.com/fsnotify/fsnotify v1.7.0 // indirect
43+
github.com/fsnotify/fsnotify v1.8.0 // indirect
4344
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
4445
github.com/go-logr/stdr v1.2.2 // indirect
4546
github.com/go-openapi/jsonpointer v0.21.0 // indirect
4647
github.com/go-openapi/jsonreference v0.21.0 // indirect
4748
github.com/go-openapi/swag v0.23.0 // indirect
4849
github.com/gobuffalo/flect v1.0.2 // indirect
4950
github.com/gogo/protobuf v1.3.2 // indirect
50-
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
5151
github.com/golang/protobuf v1.5.4 // indirect
52-
github.com/google/cel-go v0.20.1 // indirect
53-
github.com/google/gnostic-models v0.6.8 // indirect
52+
github.com/google/cel-go v0.22.1 // indirect
53+
github.com/google/gnostic-models v0.6.9 // indirect
5454
github.com/google/go-cmp v0.6.0 // indirect
5555
github.com/google/gofuzz v1.2.1-0.20210504230335-f78f29fc09ea // indirect
5656
github.com/google/uuid v1.6.0 // indirect
57-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
58-
github.com/imdario/mergo v0.3.16 // indirect
57+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 // indirect
5958
github.com/inconshreveable/mousetrap v1.1.0 // indirect
6059
github.com/josharian/intern v1.0.0 // indirect
6160
github.com/json-iterator/go v1.1.12 // indirect
62-
github.com/klauspost/compress v1.17.9 // indirect
63-
github.com/mailru/easyjson v0.7.7 // indirect
61+
github.com/klauspost/compress v1.17.11 // indirect
62+
github.com/mailru/easyjson v0.9.0 // indirect
6463
github.com/mattn/go-colorable v0.1.13 // indirect
6564
github.com/mattn/go-isatty v0.0.20 // indirect
6665
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
6766
github.com/modern-go/reflect2 v1.0.2 // indirect
6867
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
69-
github.com/onsi/gomega v1.34.1 // indirect
68+
github.com/onsi/gomega v1.35.1 // indirect
7069
github.com/pkg/errors v0.9.1 // indirect
7170
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
72-
github.com/prometheus/client_golang v1.20.4 // indirect
71+
github.com/prometheus/client_golang v1.20.5 // indirect
7372
github.com/prometheus/client_model v0.6.1 // indirect
74-
github.com/prometheus/common v0.55.0 // indirect
73+
github.com/prometheus/common v0.61.0 // indirect
7574
github.com/prometheus/procfs v0.15.1 // indirect
7675
github.com/spf13/cobra v1.8.1 // indirect
7776
github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect
7877
github.com/stoewer/go-strcase v1.3.0 // indirect
7978
github.com/x448/float16 v0.8.4 // indirect
80-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
81-
go.opentelemetry.io/otel v1.29.0 // indirect
82-
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
83-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
84-
go.opentelemetry.io/otel/metric v1.29.0 // indirect
85-
go.opentelemetry.io/otel/sdk v1.28.0 // indirect
86-
go.opentelemetry.io/otel/trace v1.29.0 // indirect
87-
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
79+
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
80+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
81+
go.opentelemetry.io/otel v1.33.0 // indirect
82+
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect
83+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect
84+
go.opentelemetry.io/otel/metric v1.33.0 // indirect
85+
go.opentelemetry.io/otel/sdk v1.33.0 // indirect
86+
go.opentelemetry.io/otel/trace v1.33.0 // indirect
87+
go.opentelemetry.io/proto/otlp v1.4.0 // indirect
8888
go.uber.org/multierr v1.11.0 // indirect
89-
golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 // indirect
89+
golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect
9090
golang.org/x/mod v0.24.0 // indirect
9191
golang.org/x/net v0.40.0 // indirect
92-
golang.org/x/oauth2 v0.27.0 // indirect
92+
golang.org/x/oauth2 v0.28.0 // indirect
9393
golang.org/x/sync v0.14.0 // indirect
9494
golang.org/x/sys v0.33.0 // indirect
9595
golang.org/x/term v0.32.0 // indirect
9696
golang.org/x/text v0.25.0 // indirect
97-
golang.org/x/time v0.6.0 // indirect
98-
golang.org/x/tools v0.25.1 // indirect
97+
golang.org/x/time v0.8.0 // indirect
98+
golang.org/x/tools v0.28.0 // indirect
9999
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
100-
google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
101-
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
102-
google.golang.org/grpc v1.66.2 // indirect
103-
google.golang.org/protobuf v1.34.2 // indirect
100+
google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb // indirect
101+
google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb // indirect
102+
google.golang.org/grpc v1.69.2 // indirect
103+
google.golang.org/protobuf v1.36.0 // indirect
104104
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
105105
gopkg.in/inf.v0 v0.9.1 // indirect
106106
gopkg.in/yaml.v2 v2.4.0 // indirect
107107
gopkg.in/yaml.v3 v3.0.1 // indirect
108-
k8s.io/apiextensions-apiserver v0.31.6 // indirect
109-
k8s.io/apiserver v0.31.6 // indirect
110-
k8s.io/component-base v0.31.6 // indirect
111-
k8s.io/gengo/v2 v2.0.0-20240826214909-a7b603a56eb7 // indirect
108+
k8s.io/apiextensions-apiserver v0.32.0 // indirect
109+
k8s.io/apiserver v0.32.0 // indirect
110+
k8s.io/component-base v0.32.0 // indirect
111+
k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 // indirect
112112
k8s.io/klog/v2 v2.130.1 // indirect
113-
k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect
114-
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
113+
k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
114+
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.1 // indirect
115115
sigs.k8s.io/gateway-api v1.1.0 // indirect
116-
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
117-
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
116+
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
117+
sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
118118
)

0 commit comments

Comments
 (0)