From 9e8576b6359c7e4611b6d2355226023e148ea117 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= <joe@cloudeteer.de>
Date: Tue, 21 Nov 2023 20:01:24 +0100
Subject: [PATCH] [kube-prometheus-stack] unify hostnames
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
---
 .../templates/_helpers.tpl                    | 11 ++++++
 .../job-patch/job-createSecret.yaml           |  2 +-
 .../prometheus-operator/certmanager.yaml      | 37 ++++++++-----------
 3 files changed, 28 insertions(+), 22 deletions(-)

diff --git a/charts/kube-prometheus-stack/templates/_helpers.tpl b/charts/kube-prometheus-stack/templates/_helpers.tpl
index fb7f5471258a..9df77521f4aa 100644
--- a/charts/kube-prometheus-stack/templates/_helpers.tpl
+++ b/charts/kube-prometheus-stack/templates/_helpers.tpl
@@ -286,3 +286,14 @@ global:
   {{- end }}
 {{- end }}
 {{- end -}}
+
+{{- define "kube-prometheus-stack.operator.admission-webhook.dnsNames" }}
+{{- $fullname := include "kube-prometheus-stack.operator.fullname" . }}
+{{- $namespace := include "kube-prometheus-stack.namespace" . }}
+{{- $fullname }}
+{{ $fullname }}.{{ $namespace }}.svc
+{{- if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
+{{ $fullname }}-webhook
+{{ $fullname }}-webhook.{{ $namespace }}.svc
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml
index 92e25473d6d7..a871dade5b3b 100644
--- a/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml
@@ -43,7 +43,7 @@ spec:
           imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
           args:
             - create
-            - --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc{{- if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }},{{ template "kube-prometheus-stack.operator.fullname" . }}-webhook,{{ template "kube-prometheus-stack.operator.fullname" . }}-webhook.{{ template "kube-prometheus-stack.namespace" . }}.svc{{- end }}
+            - --host={{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | replace "\n" "," }}
             - --namespace={{ template "kube-prometheus-stack.namespace" . }}
             - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
           {{- with .Values.prometheusOperator.admissionWebhooks.createSecretJob }}
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml
index 5ccdbd43e5b9..5c61f37491fa 100644
--- a/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml
+++ b/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml
@@ -1,12 +1,14 @@
 {{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}}
+{{- $fullname := include "kube-prometheus-stack.operator.fullname" . }}
+{{- $namespace := include "kube-prometheus-stack.namespace" . }}
 {{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}}
 # Create a selfsigned Issuer, in order to create a root CA certificate for
 # signing webhook serving certificates
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
-  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  name: {{ $fullname }}-self-signed-issuer
+  namespace: {{ $namespace }}
 spec:
   selfSigned: {}
 ---
@@ -14,13 +16,13 @@ spec:
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
-  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  name: {{ $fullname }}-root-cert
+  namespace: {{ $namespace }}
 spec:
-  secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
+  secretName: {{ $fullname }}-root-cert
   duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
   issuerRef:
-    name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
+    name: {{ $fullname }}-self-signed-issuer
   commonName: "ca.webhook.kube-prometheus-stack"
   isCA: true
 ---
@@ -28,35 +30,28 @@ spec:
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
-  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  name: {{ $fullname }}-root-issuer
+  namespace: {{ $namespace }}
 spec:
   ca:
-    secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
+    secretName: {{ $fullname }}-root-cert
 {{- end }}
 ---
 # generate a server certificate for the apiservices to use
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: {{ template "kube-prometheus-stack.fullname" . }}-admission
-  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  name: {{ $fullname }}-admission
+  namespace: {{ $namespace }}
 spec:
-  secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
+  secretName: {{ $fullname }}-admission
   duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
   issuerRef:
     {{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }}
     {{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }}
     {{- else }}
-    name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
+    name: {{ $fullname }}-root-issuer
     {{- end }}
   dnsNames:
-  - {{ template "kube-prometheus-stack.operator.fullname" . }}
-  - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}
-  - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
-  {{- if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
-  - {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
-  - {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook.{{ template "kube-prometheus-stack.namespace" . }}
-  - {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook.{{ template "kube-prometheus-stack.namespace" . }}.svc
-  {{- end -}}
+    {{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | splitList "\n" | toYaml | nindent 4 }}
 {{- end -}}