Issue certifcates for etcd-operator

ArkaSaha30 · ArkaSaha30 · commit 3685a85023b2 · 2024-12-07T23:57:00.000+05:30
This commit will add the capability to issue selfsigned certificates for etcd-operator.

Signed-off-by: ArkaSaha30 &lt;arkasaha30@gmail.com&gt;
diff --git a/api/v1alpha1/etcdcluster_types.go b/api/v1alpha1/etcdcluster_types.go
@@ -23,6 +23,18 @@ import (
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
+type EtcdMember struct {
+	PeerSecret   string `json:"peerSecret"`
+	ServerSecret string `json:"serverSecret"`
+}
+
+// TLSCertificate defines the certificate issued by the certificate provider
+type TLSCertificate struct {
+	Member         EtcdMember `json:"member,omitempty"`
+	OperatorSecret string     `json:"operatorSecret"`
+	Provider       string     `json:"provider"`
+}
+
 // EtcdClusterSpec defines the desired state of EtcdCluster.
 type EtcdClusterSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
@@ -31,7 +43,8 @@ type EtcdClusterSpec struct {
 	// Size is the expected size of the etcd cluster.
 	Size int `json:"size"`
 	// Version is the expected version of the etcd container image.
-	Version string `json:"version"`
+	Version string         `json:"version"`
+	Tls     TLSCertificate `json:"tls,omitempty"`
 }
 
 // EtcdClusterStatus defines the observed state of EtcdCluster.
diff --git a/config/certmanager/cert-manager_issuer.yaml b/config/certmanager/cert-manager_issuer.yaml
@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned
+  namespace: etcd-operator-system
+spec:
+  selfSigned: {}
diff --git a/config/certmanager/etcd-client-cert.yaml b/config/certmanager/etcd-client-cert.yaml
@@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-client-certificate
+  namespace: etcd-operator-system
+spec:
+  secretName: etcd-client-tls
+  dnsNames:
+    - etcd.etcd-operator-system
+  issuerRef:
+    name: etcd-operator-selfsigned
diff --git a/config/certmanager/etcd-peer-cert.yaml b/config/certmanager/etcd-peer-cert.yaml
@@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-peer-certificate
+  namespace: etcd-operator-system
+spec:
+  secretName: etcd-peer-tls
+  dnsNames:
+    - etcd.etcd-operator-system
+  issuerRef:
+    name: etcd-operator-selfsigned
diff --git a/config/certmanager/etcd-server-cert.yaml b/config/certmanager/etcd-server-cert.yaml
@@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-server-certificate
+  namespace: etcd-operator-system
+spec:
+  secretName: etcd-server-tls
+  dnsNames:
+    - etcd.etcd-operator-system
+  issuerRef:
+    name: etcd-operator-selfsigned
diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml
@@ -0,0 +1,5 @@
+resources:
+- cert-manager_issuer.yaml
+- etcd-peer-cert.yaml
+- etcd-server-cert.yaml
+- etcd-client-cert.yaml
diff --git a/config/crd/bases/operator.etcd.io_etcdclusters.yaml b/config/crd/bases/operator.etcd.io_etcdclusters.yaml
@@ -42,6 +42,28 @@ spec:
               size:
                 description: Size is the expected size of the etcd cluster.
                 type: integer
+              tls:
+                description: TLSCertificate defines the certificate issued by the
+                  certificate provider
+                properties:
+                  member:
+                    properties:
+                      peerSecret:
+                        type: string
+                      serverSecret:
+                        type: string
+                    required:
+                    - peerSecret
+                    - serverSecret
+                    type: object
+                  operatorSecret:
+                    type: string
+                  provider:
+                    type: string
+                required:
+                - operatorSecret
+                - provider
+                type: object
               version:
                 description: Version is the expected version of the etcd container
                   image.
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -22,7 +22,7 @@ resources:
 # crd/kustomization.yaml
 #- ../webhook
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
-#- ../certmanager
+- ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 # [METRICS] Expose the controller manager metrics service.
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -1,2 +1,8 @@
 resources:
 - manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: arkasaha30/etcd-operator
+  newTag: cert2
diff --git a/config/samples/operator_v1alpha1_etcdcluster.yaml b/config/samples/operator_v1alpha1_etcdcluster.yaml
@@ -7,3 +7,12 @@ metadata:
   name: etcdcluster-sample
 spec:
   # TODO(user): Add fields here
+  size: 4
+  version: "3.5.17"
+  tls:
+    member:
+      peerSecret: etcd-peer-tls
+      serverSecret: etcd-server-tls
+    operatorSecret: etcd-client-tls
+    provider: cert-manager
+
