wunderio · Rade333 · Sep 2, 2025 · Mar 19, 2025 · Sep 1, 2025 · Sep 1, 2025
diff --git a/drupal/Chart.yaml b/drupal/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: drupal
-version: 1.25.2
+version: 1.26.0
 dependencies:
 - name: mariadb
   version: 7.5.x

diff --git a/drupal/templates/backup-cron.yaml b/drupal/templates/backup-cron.yaml
@@ -50,7 +50,7 @@ spec:
                 {{ include "drupal.backup-command" (merge $params . ) | nindent 16 }}
                 {{ include "mariadb.db-validation" (merge $params . ) | nindent 16 }}
           - name: mariadb
-            image: docker.io/wunderio/bitnami-mariadb:10.3.24-debian-10-r49
+            image: {{ printf "%s/%s:%s" $.Values.mariadb.image.registry $.Values.mariadb.image.repository $.Values.mariadb.image.tag }}
             imagePullPolicy: IfNotPresent
             env:
             - name: MARIADB_ROOT_PASSWORD

diff --git a/drupal/tests/drupal_ingress_test.yaml b/drupal/tests/drupal_ingress_test.yaml
@@ -439,4 +439,74 @@ tests:
             'nginx.ingress.kubernetes.io/limit-connections': '65537'
     asserts:
       - failedTemplate:
-          errorMessage: "nginx.ingress.kubernetes.io/limit-connections cannot be greater than 65536"
+          errorMessage: "nginx.ingress.kubernetes.io/limit-connections cannot be greater than 65536"
+
+  - it: uses custom TLS secret when ssl.existingTLSSecret is defined
+    template: drupal-ingress.yaml
+    set:
+      ssl:
+        existingTLSSecret: my-tls-secret
+    asserts:
+      - equal:
+          path: spec.tls[0].secretName
+          value: my-tls-secret
+
+  - it: uses default TLS secret
+    template: drupal-ingress.yaml
+    asserts:
+      - equal:
+          path: spec.tls[0].secretName
+          value: RELEASE-NAME-tls
+
+  - it: uses default TLS secret for exposeDomains
+    template: drupal-ingress.yaml
+    set:
+      exposeDomains:
+        foo:
+          hostname: foo.bar
+          ssl:
+            enabled: true
+    asserts:
+      - documentIndex: 0
+        equal:
+          path: spec.tls[0].secretName
+          value: RELEASE-NAME-tls
+      - documentIndex: 0
+        equal:
+          path: spec.tls[0].hosts[0]
+          value: release-name.namespace.silta.wdr.io
+      - documentIndex: 1
+        equal:
+          path: spec.tls[0].secretName
+          value: RELEASE-NAME-tls-foo
+      - documentIndex: 1
+        equal:
+          path: spec.tls[0].hosts[0]
+          value: foo.bar
+
+  - it: uses custom TLS secret for exposeDomains
+    template: drupal-ingress.yaml
+    set:
+      exposeDomains:
+        foo:
+          hostname: foo.bar
+          ssl:
+            enabled: true
+            existingTLSSecret: my-foo-tls-secret
+    asserts:
+      - documentIndex: 0
+        equal:
+          path: spec.tls[0].secretName
+          value: RELEASE-NAME-tls
+      - documentIndex: 0
+        equal:
+          path: spec.tls[0].hosts[0]
+          value: release-name.namespace.silta.wdr.io
+      - documentIndex: 1
+        equal:
+          path: spec.tls[0].secretName
+          value: my-foo-tls-secret
+      - documentIndex: 1
+        equal:
+          path: spec.tls[0].hosts[0]
+          value: foo.bar
diff --git a/drupal/values.schema.json b/drupal/values.schema.json
@@ -42,7 +42,8 @@
               "issuer": { "type": "string" },
               "ca": { "type": "string" },
               "key": { "type": "string" },
-              "crt": { "type": "string" }
+              "crt": { "type": "string" },
+              "existingTLSSecret": { "type": "string" }
             }
           },
           "ingress": { "type": "string" }
@@ -61,7 +62,8 @@
             "issuer": { "type": "string" },
             "ca": { "type": "string" },
             "key": { "type": "string" },
-            "crt": { "type": "string" }
+            "crt": { "type": "string" },
+            "existingTLSSecret": { "type": "string" }
           }
         },
         "ingress": { "type": "string" }
@@ -83,7 +85,8 @@
         "issuer": { "type": "string" },
         "ca": { "type": "string" },
         "key": { "type": "string" },
-        "crt": { "type": "string" }
+        "crt": { "type": "string" },
+        "existingTLSSecret": { "type": "string" }
       }
     },
     "backendConfig": {

diff --git a/drupal/values.yaml b/drupal/values.yaml
@@ -566,10 +566,8 @@ gdprDump:
           parameters:
             key: 'processed_data.mail'
         name:
-          converter: 'faker'
+          converter: 'randomizeText'
           unique: true
-          parameters:
-            formatter: 'name'
         pass:
           converter: 'randomizeText'
     commerce_order:

diff --git a/frontend/Chart.yaml b/frontend/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: frontend
-version: 1.21.0
+version: 1.22.0
 dependencies:
 - name: mariadb
   version: 7.10.x

diff --git a/frontend/templates/certificate.yaml b/frontend/templates/certificate.yaml
@@ -96,6 +96,7 @@ spec:
 {{- end }}
 
 {{- else if eq $context_ssl.issuer "custom" }}
+{{- if not $context_ssl.existingTLSSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -123,6 +124,7 @@ data:
 ---
 {{- end }}
 {{- end }}
+{{- end }}
 
 # Certificates for exposeDomains 
 
@@ -177,6 +179,7 @@ spec:
 ---
 
 {{- else if eq $domain.ssl.issuer "custom" }}
+{{- if not $domain.ssl.existingTLSSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -196,3 +199,4 @@ data:
 {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}
diff --git a/frontend/templates/ingress.yaml b/frontend/templates/ingress.yaml
@@ -88,6 +88,11 @@ spec:
   {{- end }}
   {{- if $ingress.tls }}
   tls:
+  {{- if $.Values.ssl.existingTLSSecret }}
+  - secretName: {{ $.Values.ssl.existingTLSSecret }}
+    hosts:
+      - {{ include "frontend.domain" . | quote }}
+  {{- else }}
   - secretName: {{ .Release.Name }}-tls{{- if eq $.Values.ssl.issuer "custom" }}-custom{{- end }}
     hosts: 
       - {{ include "frontend.domain" . | quote }}
@@ -98,6 +103,7 @@ spec:
       - '{{ template "frontend.domain" (merge $params $ ) }}'
   {{- end }}
   {{- end }}
+  {{- end }}
   rules:
   - host: {{ template "frontend.domain" . }}
     http:
@@ -253,6 +259,11 @@ spec:
   {{- if eq $domain.ingress $ingress_index }}
   {{- if $domain.ssl }}
   {{- if $domain.ssl.enabled }}
+  {{- if $domain.ssl.existingTLSSecret }}
+  - secretName: {{ $domain.ssl.existingTLSSecret }}
+    hosts:
+      - {{ $domain.hostname | quote }}
+  {{- else }}
   - secretName: {{ $.Release.Name }}-tls-{{ $domain_index }}{{- if eq $domain.ssl.issuer "custom" }}-custom{{- end }}
     hosts: 
       - {{ $domain.hostname | quote }}
@@ -261,6 +272,7 @@ spec:
   {{- end }}
   {{- end }}
   {{- end }}
+  {{- end }}
   rules:
   {{- range $domain_index, $domain := $.Values.exposeDomains }}
   {{- $domain := mergeOverwrite (deepCopy $.Values.exposeDomainsDefaults) $domain }}

diff --git a/frontend/tests/ingress_test.yaml b/frontend/tests/ingress_test.yaml
@@ -322,4 +322,74 @@ tests:
             'nginx.ingress.kubernetes.io/limit-connections': '65537'
     asserts:
       - failedTemplate:
-          errorMessage: "nginx.ingress.kubernetes.io/limit-connections cannot be greater than 65536"
+          errorMessage: "nginx.ingress.kubernetes.io/limit-connections cannot be greater than 65536"
+
+  - it: uses default TLS secret when ssl.existingTLSSecret is not defined
+    template: ingress.yaml
+    asserts:
+      - equal:
+          path: spec.tls[0].secretName
+          value: RELEASE-NAME-tls
+
+  - it: uses default TLS secret for exposeDomains when ssl.existingTLSSecret is not defined
+    template: ingress.yaml
+    set:
+      exposeDomains:
+        foo:
+          hostname: foo.bar
+          ssl:
+            enabled: true
+    asserts:
+      - documentIndex: 0
+        equal:
+          path: spec.tls[0].secretName
+          value: RELEASE-NAME-tls
+      - documentIndex: 0
+        equal:
+          path: spec.tls[0].hosts[0]
+          value: release-name.namespace.silta.wdr.io
+      - documentIndex: 1
+        equal:
+          path: spec.tls[0].secretName
+          value: RELEASE-NAME-tls-foo
+      - documentIndex: 1
+        equal:
+          path: spec.tls[0].hosts[0]
+          value: foo.bar
+
+  - it: uses custom TLS secret when ssl.existingTLSSecret is defined
+    template: ingress.yaml
+    set:
+      ssl:
+        existingTLSSecret: my-tls-secret
+    asserts:
+      - equal:
+          path: spec.tls[0].secretName
+          value: my-tls-secret
+
+  - it: uses custom TLS secret for exposeDomains
+    template: ingress.yaml
+    set:
+      exposeDomains:
+        foo:
+          hostname: foo.bar
+          ssl:
+            enabled: true
+            existingTLSSecret: my-foo-tls-secret
+    asserts:
+      - documentIndex: 0
+        equal:
+          path: spec.tls[0].secretName
+          value: RELEASE-NAME-tls
+      - documentIndex: 0
+        equal:
+          path: spec.tls[0].hosts[0]
+          value: release-name.namespace.silta.wdr.io
+      - documentIndex: 1
+        equal:
+          path: spec.tls[0].secretName
+          value: my-foo-tls-secret
+      - documentIndex: 1
+        equal:
+          path: spec.tls[0].hosts[0]
+          value: foo.bar
diff --git a/frontend/values.schema.json b/frontend/values.schema.json
@@ -33,7 +33,8 @@
               "issuer": { "type": "string" },
               "ca": { "type": "string" },
               "key": { "type": "string" },
-              "crt": { "type": "string" }
+              "crt": { "type": "string" },
+              "existingTLSSecret": { "type": "string" }
             }
           },
           "ingress": { "type": "string" }
@@ -52,7 +53,8 @@
             "issuer": { "type": "string" },
             "ca": { "type": "string" },
             "key": { "type": "string" },
-            "crt": { "type": "string" }
+            "crt": { "type": "string" },
+            "existingTLSSecret": { "type": "string" }
           }
         },
         "ingress": { "type": "string" }
@@ -73,7 +75,8 @@
         "issuer": { "type": "string" },
         "ca": { "type": "string" },
         "key": { "type": "string" },
-        "crt": { "type": "string" }
+        "crt": { "type": "string" },
+        "existingTLSSecret": { "type": "string" }
       }
     },
     "backendConfig": {

diff --git a/silta-cluster/Chart.yaml b/silta-cluster/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "1.0"
 description: Setup a silta kubernetes cluster.
 name: silta-cluster
-version: 1.10.0
+version: 1.10.1
 # csi-rclone external provisioner requires kubernetes 1.20+
 # https://github.com/kubernetes-csi/external-provisioner?tab=readme-ov-file#compatibility
 kubeVersion: '>=1.20.0-0'

diff --git a/silta-cluster/templates/deployment-remover-sa.yaml b/silta-cluster/templates/deployment-remover-sa.yaml
@@ -100,6 +100,7 @@ rules:
   - list
   - get
   - watch
+  - delete
 - apiGroups:
   - policy
   resources:

diff --git a/simple/Chart.yaml b/simple/Chart.yaml
@@ -1,5 +1,5 @@
 name: simple
-version: 1.9.0
+version: 1.10.0
 apiVersion: v2
 dependencies:
 - name: silta-release

diff --git a/simple/templates/certificate.yaml b/simple/templates/certificate.yaml
@@ -48,6 +48,7 @@ spec:
 ---
 
 {{- else if eq $context_ssl.issuer "custom" }}
+{{- if not $context_ssl.existingTLSSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -61,6 +62,7 @@ data:
   tls.key: {{ $context_ssl.key | b64enc }}
 ---
 {{- end }}
+{{- end }}
 
 # Certificates for exposeDomains 
 
@@ -115,6 +117,7 @@ spec:
 ---
 
 {{- else if eq $domain.ssl.issuer "custom" }}
+{{- if not $domain.ssl.existingTLSSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -134,3 +137,4 @@ data:
 {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}
-Original file line number
+Diff line change
@@ Expand Up / @@ -100,6 +100,7 @@ rules: @@
       - list
       - get
       - watch
+      - delete
     - apiGroups:
       - policy
       resources:
@@ Expand Down @@