Skip to content
This repository has been archived by the owner on May 12, 2022. It is now read-only.

Commit

Permalink
Update for cert-manager v0.13.1
Browse files Browse the repository at this point in the history 
Signed-off-by: James Munnelly <james.munnelly@jetstack.io>
  • Loading branch information
James Munnelly committed Mar 5, 2020
1 parent f002690 commit 011a3f9
Show file tree
Hide file tree
Showing 5 changed files with 320 additions and 223 deletions.
21 changes: 11 additions & 10 deletions controllers/certificaterequest_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ import (

"github.com/go-logr/logr"
apiutil "github.com/jetstack/cert-manager/pkg/api/util"
cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
core "k8s.io/api/core/v1"
"k8s.io/client-go/tools/record"
ctrl "sigs.k8s.io/controller-runtime"
Expand Down Expand Up @@ -70,7 +71,7 @@ func (r *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result,
// Fetch the LocalCA resource for this request so we can read the CA Secret.
localCA := exampleapi.LocalCA{}
if err := r.Client.Get(ctx, client.ObjectKey{Namespace: req.Namespace, Name: cr.Spec.IssuerRef.Name}, &localCA); err != nil {
err := r.setStatus(ctx, log, &cr, cmapi.ConditionFalse, cmapi.CertificateRequestReasonPending,
err := r.setStatus(ctx, log, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending,
"Failed to retrieve LocalCA %s/%s: %v", req.Namespace, cr.Spec.IssuerRef.Name, err)
return ctrl.Result{}, err
}
Expand All @@ -80,15 +81,15 @@ func (r *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result,
Type: exampleapi.LocalCAConditionReady,
Status: exampleapi.ConditionTrue,
}) {
err := r.setStatus(ctx, log, &cr, cmapi.ConditionFalse, cmapi.CertificateRequestReasonPending,
err := r.setStatus(ctx, log, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending,
"LocalCA %s/%s is not Ready", req.Namespace, cr.Spec.IssuerRef.Name)
return ctrl.Result{}, err
}

// Fetch the Secret resource containing the CA keypair used for signing
caSecret := core.Secret{}
if err := r.Client.Get(ctx, client.ObjectKey{Namespace: localCA.Namespace, Name: localCA.Spec.SecretName}, &caSecret); err != nil {
err := r.setStatus(ctx, log, &cr, cmapi.ConditionFalse, cmapi.CertificateRequestReasonPending,
err := r.setStatus(ctx, log, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending,
"Failed to fetch CA secret resource: %v", err)
return ctrl.Result{}, err
}
Expand All @@ -97,23 +98,23 @@ func (r *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result,
caPK, caCert, err := decodeCertificateSecret(&caSecret)
if err != nil {
log.Error(err, "failed to decode keypair")
err := r.setStatus(ctx, log, &cr, cmapi.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to decode CA secret data: %v", err)
err := r.setStatus(ctx, log, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonPending, "Failed to decode CA secret data: %v", err)
return ctrl.Result{}, err
}

// Generate a 'template' based on the CertificateRequest resource
template, err := pkiutil.GenerateTemplateFromCertificateRequest(&cr)
if err != nil {
log.Error(err, "failed to generate certificate template from request")
err := r.setStatus(ctx, log, &cr, cmapi.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to generate template for certificate signing: %v", err)
err := r.setStatus(ctx, log, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to generate template for certificate signing: %v", err)
return ctrl.Result{}, err
}

// Sign the template - this is where we actually sign a certificate
signedPEM, _, err := pkiutil.SignCertificate(template, caCert, template.PublicKey, caPK)
if err != nil {
log.Error(err, "failed signing certificate")
err := r.setStatus(ctx, log, &cr, cmapi.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate: %v", err)
err := r.setStatus(ctx, log, &cr, cmmeta.ConditionFalse, cmapi.CertificateRequestReasonFailed, "Failed to sign certificate: %v", err)
return ctrl.Result{}, err
}

Expand All @@ -123,7 +124,7 @@ func (r *CertificateRequestReconciler) Reconcile(req ctrl.Request) (ctrl.Result,
cr.Status.CA = caSecret.Data[core.TLSCertKey]

// Finally, update the status
return ctrl.Result{}, r.setStatus(ctx, log, &cr, cmapi.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Successfully issued certificate")
return ctrl.Result{}, r.setStatus(ctx, log, &cr, cmmeta.ConditionTrue, cmapi.CertificateRequestReasonIssued, "Successfully issued certificate")
}

// localCAHasCondition will return true if the given LocalCA has a
Expand All @@ -141,14 +142,14 @@ func localCAHasCondition(localCA exampleapi.LocalCA, c exampleapi.LocalCAConditi
return false
}

func (r *CertificateRequestReconciler) setStatus(ctx context.Context, log logr.Logger, cr *cmapi.CertificateRequest, status cmapi.ConditionStatus, reason, message string, args ...interface{}) error {
func (r *CertificateRequestReconciler) setStatus(ctx context.Context, log logr.Logger, cr *cmapi.CertificateRequest, status cmmeta.ConditionStatus, reason, message string, args ...interface{}) error {
// Format the message and update the localCA variable with the new Condition
completeMessage := fmt.Sprintf(message, args...)
apiutil.SetCertificateRequestCondition(cr, cmapi.CertificateRequestConditionReady, status, reason, completeMessage)

// Fire an Event to additionally inform users of the change
eventType := core.EventTypeNormal
if status == cmapi.ConditionFalse {
if status == cmmeta.ConditionFalse {
eventType = core.EventTypeWarning
}
r.Recorder.Event(cr, eventType, reason, completeMessage)
Expand Down
25 changes: 9 additions & 16 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,15 @@
module github.com/jetstack/cert-manager-external-issuer-example

go 1.12
go 1.13

require (
github.com/go-logr/logr v0.1.0
github.com/jetstack/cert-manager v0.9.1-0.20190801150227-8fa48c2148e3
github.com/onsi/ginkgo v1.8.0
github.com/onsi/gomega v1.5.0
k8s.io/api v0.0.0-20190718183219-b59d8169aab5
k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719
k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
k8s.io/klog v0.3.1
k8s.io/utils v0.0.0-20190607212802-c55fbcfc754a
sigs.k8s.io/controller-runtime v0.2.0-beta.4
github.com/jetstack/cert-manager v0.13.1
github.com/onsi/ginkgo v1.11.0
github.com/onsi/gomega v1.8.1
k8s.io/api v0.17.3
k8s.io/apimachinery v0.17.3
k8s.io/client-go v0.17.3
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f
sigs.k8s.io/controller-runtime v0.5.0
)

replace k8s.io/api => k8s.io/api v0.0.0-20190718183219-b59d8169aab5

replace k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719

replace k8s.io/client-go => k8s.io/client-go v0.0.0-20190718183610-8e956561bbf5
Loading

0 comments on commit 011a3f9

Please sign in to comment.