Skip to content

Commit

Permalink
feat(services): expose CA certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
byashimov committed Feb 13, 2024
1 parent 017d5c5 commit c30465d
Show file tree
Hide file tree
Showing 62 changed files with 137 additions and 98 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

## [MAJOR.MINOR.PATCH] - YYYY-MM-DD

- Expose project CA certificate to service secrets: `REDIS_CA_CERT`, `MYSQL_CA_CERT`, etc.

## v0.17.0 - 2024-02-01

- Bump k8s deps to 1.26.13
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/cassandra_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ type CassandraSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`
// Exposed keys: `CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`, `CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/clickhouse_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type ClickhouseSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`
// Exposed keys: `CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`, `CLICKHOUSE_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ type AuthSecretReference struct {

// ConnInfoSecretTarget contains information secret name
type ConnInfoSecretTarget struct {
// Name of the secret resource to be created. By default, is equal to the resource name
// Name of the secret resource to be created. By default, it is equal to the resource name
Name string `json:"name"`
// +kubebuilder:pruning:PreserveUnknownFields
// Annotations added to the secret
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/connectionpool_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ type ConnectionPoolSpec struct {
PoolMode string `json:"poolMode,omitempty"`

// Information regarding secret creation.
// Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`
// Exposed keys: `CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`, `CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`, `CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/grafana_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ type GrafanaSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`
// Exposed keys: `GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`, `GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/kafka_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type KafkaSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`
// Exposed keys: `KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`, `KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`, `KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`, `KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/mysql_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type MySQLSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`
// Exposed keys: `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`, `MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/opensearch_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type OpenSearchSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`
// Exposed keys: `OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`, `OPENSEARCH_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/postgresql_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type PostgreSQLSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`
// Exposed keys: `POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`, `POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`, `POSTGRESQL_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
2 changes: 1 addition & 1 deletion api/v1alpha1/redis_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ type RedisSpec struct {
AuthSecretRef *AuthSecretReference `json:"authSecretRef,omitempty"`

// Information regarding secret creation.
// Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`
// Exposed keys: `REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`
ConnInfoSecretTarget ConnInfoSecretTarget `json:"connInfoSecretTarget,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="connInfoSecretTargetDisabled is immutable."
Expand Down
4 changes: 2 additions & 2 deletions charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`,
`CASSANDRA_URI`, `CASSANDRA_HOSTS`"
`CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -88,7 +88,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`"
`CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`,
`CLICKHOUSE_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -74,7 +75,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ spec:
"Information regarding secret creation. Exposed keys:
`CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`,
`CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`,
`CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`"
`CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -91,7 +91,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
4 changes: 2 additions & 2 deletions charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`,
`GRAFANA_URI`, `GRAFANA_HOSTS`"
`GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -88,7 +88,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
4 changes: 2 additions & 2 deletions charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ spec:
`KAFKA_HOST`, `KAFKA_PORT`, `KAFKA_USERNAME`, `KAFKA_PASSWORD`,
`KAFKA_ACCESS_CERT`, `KAFKA_ACCESS_KEY`, `KAFKA_SASL_HOST`, `KAFKA_SASL_PORT`,
`KAFKA_SCHEMA_REGISTRY_HOST`, `KAFKA_SCHEMA_REGISTRY_PORT`, `KAFKA_CONNECT_HOST`,
`KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`"
`KAFKA_CONNECT_PORT`, `KAFKA_REST_HOST`, `KAFKA_REST_PORT`, `KAFKA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -90,7 +90,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
4 changes: 2 additions & 2 deletions charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_DATABASE`, `MYSQL_USER`, `MYSQL_PASSWORD`,
`MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`"
`MYSQL_SSL_MODE`, `MYSQL_URI`, `MYSQL_REPLICA_URI`, `MYSQL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -88,7 +88,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`"
`OPENSEARCH_HOST`, `OPENSEARCH_PORT`, `OPENSEARCH_USER`, `OPENSEARCH_PASSWORD`,
`OPENSEARCH_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -74,7 +75,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`POSTGRESQL_HOST`, `POSTGRESQL_PORT`, `POSTGRESQL_DATABASE`, `POSTGRESQL_USER`,
`POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`"
`POSTGRESQL_PASSWORD`, `POSTGRESQL_SSLMODE`, `POSTGRESQL_DATABASE_URI`,
`POSTGRESQL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -88,7 +89,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
4 changes: 2 additions & 2 deletions charts/aiven-operator-crds/templates/aiven.io_redis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`"
`REDIS_HOST`, `REDIS_PORT`, `REDIS_USER`, `REDIS_PASSWORD`, `REDIS_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -74,7 +74,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
4 changes: 2 additions & 2 deletions config/crd/bases/aiven.io_cassandras.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`CASSANDRA_HOST`, `CASSANDRA_PORT`, `CASSANDRA_USER`, `CASSANDRA_PASSWORD`,
`CASSANDRA_URI`, `CASSANDRA_HOSTS`"
`CASSANDRA_URI`, `CASSANDRA_HOSTS`, `CASSANDRA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -88,7 +88,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
5 changes: 3 additions & 2 deletions config/crd/bases/aiven.io_clickhouses.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ spec:
connInfoSecretTarget:
description:
"Information regarding secret creation. Exposed keys:
`CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`"
`CLICKHOUSE_HOST`, `CLICKHOUSE_PORT`, `CLICKHOUSE_USER`, `CLICKHOUSE_PASSWORD`,
`CLICKHOUSE_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -74,7 +75,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
2 changes: 1 addition & 1 deletion config/crd/bases/aiven.io_clickhouseusers.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
4 changes: 2 additions & 2 deletions config/crd/bases/aiven.io_connectionpools.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ spec:
"Information regarding secret creation. Exposed keys:
`CONNECTIONPOOL_NAME`, `CONNECTIONPOOL_HOST`, `CONNECTIONPOOL_PORT`,
`CONNECTIONPOOL_DATABASE`, `CONNECTIONPOOL_USER`, `CONNECTIONPOOL_PASSWORD`,
`CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`"
`CONNECTIONPOOL_SSLMODE`, `CONNECTIONPOOL_DATABASE_URI`, `CONNECTIONPOOL_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -91,7 +91,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
4 changes: 2 additions & 2 deletions config/crd/bases/aiven.io_grafanas.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ spec:
description:
"Information regarding secret creation. Exposed keys:
`GRAFANA_HOST`, `GRAFANA_PORT`, `GRAFANA_USER`, `GRAFANA_PASSWORD`,
`GRAFANA_URI`, `GRAFANA_HOSTS`"
`GRAFANA_URI`, `GRAFANA_HOSTS`, `GRAFANA_CA_CERT`"
properties:
annotations:
additionalProperties:
Expand All @@ -88,7 +88,7 @@ spec:
name:
description:
Name of the secret resource to be created. By default,
is equal to the resource name
it is equal to the resource name
type: string
prefix:
description:
Expand Down
Loading

0 comments on commit c30465d

Please sign in to comment.