[helm] Optional fix secrets

Author: geropl

chart/templates/registry-facade-daemonset.yaml

@@ -108,7 +108,7 @@ spec:
           name: {{ template "gitpod.comp.configMap" $this }}
       - name: ws-manager-client-tls-certs
         secret:
-          secretName: ws-manager-client-tls
+          secretName: {{ .Values.components.wsManager.tls.client.secretName }}
       {{- if $comp.handover.enabled }}
       - name: handover
         hostPath:

chart/templates/server-deployment.yaml

@@ -5,19 +5,24 @@
 {{- $ := .root -}}
 {{- $comp := .comp -}}
 manager:
-  - name: "{{ template "gitpod.installation.shortname" . }}"
-    url: "ws-manager:8080"
-    state: "available"
-    maxScore: 100
-    score: 50
-    govern: true
-    tls:
-      ca: /ws-manager-client-tls-certs/ca.crt
-      crt: /ws-manager-client-tls-certs/tls.crt
-      key: /ws-manager-client-tls-certs/tls.key
-{{ if $comp.wsman -}}
-{{ $comp.wsman | toYaml | indent 2 }}
-{{- end -}}
+- name: "{{ template "gitpod.installation.shortname" . }}"
+  url: "ws-manager:8080"
+  state: "available"
+  maxScore: 100
+  score: 50
+  govern: true
+  tls:
+    ca: /ws-manager-client-tls-certs/ca.crt
+    crt: /ws-manager-client-tls-certs/tls.crt
+    key: /ws-manager-client-tls-certs/tls.key
+{{- range $_, $wsman := $comp.wsman }}
+{{ "- " -}}
+{{ $wsman | toYaml | indent 2 | trim }}
+  tls:
+    ca: /ws-manager-client-tls-certs/ca.crt
+    crt: /ws-manager-client-tls-certs/tls.crt
+    key: /ws-manager-client-tls-certs/tls.key
+{{- end }}
 {{- end -}}
 
 {{ define "rate-limiter-config" -}}
@@ -209,7 +214,7 @@ spec:
       volumes:
       - name: ws-manager-client-tls-certs
         secret:
-          secretName: ws-manager-client-tls
+          secretName: {{ .Values.components.wsManager.tls.client.secretName }}
 {{- if $comp.github.app }}
       - name: github-app-cert-secret
         secret:

chart/templates/ws-manager-bridge-deployment.yaml

@@ -73,6 +73,6 @@ spec:
           name: {{ template "gitpod.comp.configMap" $this }}
       - name: ws-manager-client-tls-certs
         secret:
-          secretName: ws-manager-client-tls
+          secretName: {{ .Values.components.wsManager.tls.client.secretName }}
 {{ toYaml .Values.defaults | indent 6 }}
 {{ end }}

chart/templates/ws-manager-deployment.yaml

@@ -53,7 +53,7 @@ spec:
           secretName: ws-daemon-tls
       - name: tls-certs
         secret:
-          secretName: ws-manager-tls
+          secretName: {{ $comp.tls.server.secretName }}
       - name: workspace-template
         configMap:
           name: workspace-template

chart/templates/ws-manager-tlssecret.yaml

@@ -6,11 +6,14 @@
 {{- if not $comp.disabled -}}
 {{- $altNames := list ( printf "%s.%s" (include "gitpod.fullname" .) .Release.Namespace ) ( printf "%s.%s.svc" "ws-manager" .Release.Namespace ) "ws-manager" "ws-manager-dev" -}}
 {{- $ca := genCA "wsmanager-ca" 365 -}}
+
+{{- $server := $comp.tls.server }}
+{{- if not $server.crtFile }}
 {{- $cert := genSignedCert (include "gitpod.fullname" . ) nil $altNames 365 $ca -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: ws-manager-tls
+  name: "{{ $server.secretName }}"
   labels:
     app: {{ template "gitpod.fullname" $ }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
@@ -22,15 +25,18 @@ data:
   ca.crt: {{ $ca.Cert | b64enc }}
   tls.crt: {{ $cert.Cert | b64enc }}
   tls.key: {{ $cert.Key | b64enc }}
+{{- end }}
 
 ---
 
+{{- $client := $comp.tls.client }}
+{{- if not $client.crtFile }}
 {{- $altNames := list "registry-facade" "server" "ws-manager-bridge" "ws-scheduler" "ws-proxy" "ws-manager" -}}
 {{- $cert := genSignedCert (include "gitpod.fullname" . ) nil $altNames 365 $ca -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: ws-manager-client-tls
+  name: "{{ $client.secretName }}"
   labels:
     app: {{ template "gitpod.fullname" $ }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
@@ -42,4 +48,5 @@ data:
   ca.crt: {{ $ca.Cert | b64enc }}
   tls.crt: {{ $cert.Cert | b64enc }}
   tls.key: {{ $cert.Key | b64enc }}
+{{- end }}
 {{- end -}}

chart/templates/ws-proxy-deployment.yaml

@@ -49,7 +49,7 @@ spec:
           name: {{ template "gitpod.comp.configMap" $this }}
       - name: ws-manager-client-tls-certs
         secret:
-          secretName: ws-manager-client-tls
+          secretName: {{ .Values.components.wsManager.tls.client.secretName }}
 {{- if $.Values.certificatesSecret.secretName }}
       - name: config-certificates
         secret:

chart/templates/ws-scheduler-deployment.yaml

@@ -49,7 +49,7 @@ spec:
           name: {{ template "gitpod.comp.configMap" $this }}
       - name: ws-manager-client-tls-certs
         secret:
-          secretName: ws-manager-client-tls
+          secretName: {{ .Values.components.wsManager.tls.client.secretName }}
       containers:
       - name: scheduler
         args: ["run", "-v", "--config", "/config/config.json"]

chart/values.yaml

@@ -356,6 +356,11 @@ components:
     resources:
       cpu: 100m
       memory: 32Mi
+    tls:
+      server:
+        secretName: ws-manager-tls
+      client:
+        secretName: ws-manager-client-tls
     ports:
       rpc:
         expose: true