github.com/interconnectedcloud/qdr-operator@v0.0.0-20210826174505-576d2b33dac7/pkg/resources/certificates/certificate.go (about) 1 package certificates 2 3 import ( 4 v1alpha1 "github.com/interconnectedcloud/qdr-operator/pkg/apis/interconnectedcloud/v1alpha1" 5 "github.com/interconnectedcloud/qdr-operator/pkg/utils/configs" 6 cmv1alpha1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1" 7 apiextv1b1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" 8 apiextclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" 9 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 10 "sigs.k8s.io/controller-runtime/pkg/client/config" 11 logf "sigs.k8s.io/controller-runtime/pkg/runtime/log" 12 ) 13 14 var ( 15 certmgr_detected *bool 16 log = logf.Log.WithName("certificates") 17 ) 18 19 func DetectCertmgrIssuer() bool { 20 // find certmanager issuer crd 21 if certmgr_detected == nil { 22 iscm := detectCertmgr() 23 certmgr_detected = &iscm 24 } 25 return *certmgr_detected 26 } 27 28 func detectCertmgr() bool { 29 config, err := config.GetConfig() 30 if err != nil { 31 log.Error(err, "Error getting config: %v") 32 return false 33 } 34 35 // create a client set that includes crd schema 36 extClient, err := apiextclientset.NewForConfig(config) 37 if err != nil { 38 log.Error(err, "Error getting ext client set: %v") 39 return false 40 } 41 42 crd := &apiextv1b1.CustomResourceDefinition{} 43 crd, err = extClient.ApiextensionsV1beta1().CustomResourceDefinitions().Get("issuers.certmanager.k8s.io", metav1.GetOptions{}) 44 if err != nil { 45 log.Info("Issuer crd for cert-manager not present, qdr-operator will be unable to request certificate generation") 46 return false 47 } else { 48 log.Info("Detected certmanager issuer crd", "issuer", crd) 49 return true 50 } 51 52 } 53 54 func NewSelfSignedIssuerForCR(m *v1alpha1.Interconnect) *cmv1alpha1.Issuer { 55 issuer := &cmv1alpha1.Issuer{ 56 TypeMeta: metav1.TypeMeta{ 57 APIVersion: "certmanager.k8s.io/v1alpha1", 58 Kind: "Issuer", 59 }, 60 ObjectMeta: metav1.ObjectMeta{ 61 Name: m.Name + "-selfsigned", 62 Namespace: m.Namespace, 63 }, 64 Spec: cmv1alpha1.IssuerSpec{ 65 IssuerConfig: cmv1alpha1.IssuerConfig{ 66 SelfSigned: &cmv1alpha1.SelfSignedIssuer{}, 67 }, 68 }, 69 } 70 return issuer 71 } 72 73 func NewCAIssuerForCR(m *v1alpha1.Interconnect, secret string) *cmv1alpha1.Issuer { 74 issuer := &cmv1alpha1.Issuer{ 75 TypeMeta: metav1.TypeMeta{ 76 APIVersion: "certmanager.k8s.io/v1alpha1", 77 Kind: "Issuer", 78 }, 79 ObjectMeta: metav1.ObjectMeta{ 80 Name: m.Name + "-ca", 81 Namespace: m.Namespace, 82 }, 83 Spec: cmv1alpha1.IssuerSpec{ 84 IssuerConfig: cmv1alpha1.IssuerConfig{ 85 CA: &cmv1alpha1.CAIssuer{ 86 SecretName: secret, 87 }, 88 }, 89 }, 90 } 91 return issuer 92 } 93 94 func NewCAIssuer(name string, namespace string, secret string) *cmv1alpha1.Issuer { 95 issuer := &cmv1alpha1.Issuer{ 96 TypeMeta: metav1.TypeMeta{ 97 APIVersion: "certmanager.k8s.io/v1alpha1", 98 Kind: "Issuer", 99 }, 100 ObjectMeta: metav1.ObjectMeta{ 101 Name: name, 102 Namespace: namespace, 103 }, 104 Spec: cmv1alpha1.IssuerSpec{ 105 IssuerConfig: cmv1alpha1.IssuerConfig{ 106 CA: &cmv1alpha1.CAIssuer{ 107 SecretName: secret, 108 }, 109 }, 110 }, 111 } 112 return issuer 113 } 114 115 func NewSelfSignedCACertificateForCR(m *v1alpha1.Interconnect) *cmv1alpha1.Certificate { 116 cert := &cmv1alpha1.Certificate{ 117 TypeMeta: metav1.TypeMeta{ 118 APIVersion: "certmanager.k8s.io/v1alpha1", 119 Kind: "Certificate", 120 }, 121 ObjectMeta: metav1.ObjectMeta{ 122 Name: m.Name + "-selfsigned", 123 Namespace: m.Namespace, 124 }, 125 Spec: cmv1alpha1.CertificateSpec{ 126 SecretName: m.Name + "-selfsigned", 127 CommonName: m.Name + "." + m.Namespace + ".svc.cluster.local", 128 IsCA: true, 129 IssuerRef: cmv1alpha1.ObjectReference{ 130 Name: m.Name + "-selfsigned", 131 }, 132 }, 133 } 134 return cert 135 } 136 137 func issuerName(m *v1alpha1.Interconnect, name string) string { 138 if name == "" { 139 return m.Name + "-ca" 140 } else { 141 return name 142 } 143 144 } 145 146 func NewCertificateForCR(m *v1alpha1.Interconnect, profileName string, certName string, issuer string) *cmv1alpha1.Certificate { 147 hostNames := configs.GetInterconnectExposedHostnames(m, profileName) 148 cert := &cmv1alpha1.Certificate{ 149 TypeMeta: metav1.TypeMeta{ 150 APIVersion: "certmanager.k8s.io/v1alpha1", 151 Kind: "Certificate", 152 }, 153 ObjectMeta: metav1.ObjectMeta{ 154 Name: certName, 155 Namespace: m.Namespace, 156 }, 157 Spec: cmv1alpha1.CertificateSpec{ 158 SecretName: certName, 159 CommonName: m.Name, 160 DNSNames: hostNames, 161 IssuerRef: cmv1alpha1.ObjectReference{ 162 Name: issuerName(m, issuer), 163 }, 164 }, 165 } 166 return cert 167 } 168 169 func NewCACertificateForCR(m *v1alpha1.Interconnect, name string) *cmv1alpha1.Certificate { 170 cert := &cmv1alpha1.Certificate{ 171 TypeMeta: metav1.TypeMeta{ 172 APIVersion: "certmanager.k8s.io/v1alpha1", 173 Kind: "Certificate", 174 }, 175 ObjectMeta: metav1.ObjectMeta{ 176 Name: name, 177 Namespace: m.Namespace, 178 }, 179 Spec: cmv1alpha1.CertificateSpec{ 180 SecretName: name, 181 CommonName: name, 182 IsCA: true, 183 IssuerRef: cmv1alpha1.ObjectReference{ 184 Name: m.Name + "-selfsigned", 185 }, 186 }, 187 } 188 return cert 189 }