fix webterminal helm install (#1933)

* fix webterminal helm install * move certificates into own template remove dummy values
YAKEcloud · Feb 10, 2025 · 5e1e2ca · 5e1e2ca
1 parent f17208c
commit 5e1e2ca
Show file tree

Hide file tree

Showing 4 changed files with 126 additions and 11 deletions.
diff --git a/configuration/configuration/templates/webterminal.yaml b/configuration/configuration/templates/webterminal.yaml
@@ -8,8 +8,7 @@ type: Opaque
 stringData:
   values.yaml: |-
     global:
-      runtime:
-        certificate:
-          certManager:
-            enabled: true
-            issuerName: gardener-ca
+      deployment:
+        createNamespace: false
+        virtualGarden:
+          enabled: true
diff --git a/gardener/certificates/templates/cert-manager-ca.yaml b/gardener/certificates/templates/cert-manager-ca.yaml
@@ -202,4 +202,4 @@ spec:
     - gardener-admission-controller.garden
     - gardener-admission-controller.garden.svc
   issuerRef:
-    name: gardener-ca
+    name: gardener-ca
diff --git a/gardener/certificates/templates/terminal-cert.yaml b/gardener/certificates/templates/terminal-cert.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: terminal-admission-controller-cert
+  namespace: flux-system
+spec:
+  secretName: terminal-admission-controller-cert
+  commonName: terminal-admission-controller.terminal-system.svc.cluster.local
+  duration: 87600h # 10 years
+  usages:
+    - server auth
+  dnsNames:
+    - terminal-admission-controller
+    - terminal-admission-controller.terminal-system
+    - terminal-admission-controller.terminal-system.svc
+    - terminal-admission-controller.terminal-system.svc.cluster
+    - terminal-admission-controller.terminal-system.svc.cluster.local
+  issuerRef:
+    name: gardener-ca
+  privateKey:
+    algorithm: RSA
+    size: 3072
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: terminal-metrics-cert
+  namespace: flux-system
+spec:
+  secretName: terminal-metrics-cert
+  commonName: terminal-metrics.terminal-system.svc.cluster.local
+  duration: 87600h # 10 years
+  usages:
+    - server auth
+  dnsNames:
+    - terminal-metrics
+    - terminal-metrics.terminal-system
+    - terminal-metrics.terminal-system.svc
+    - terminal-metrics.terminal-system.svc.cluster
+    - terminal-metrics.terminal-system.svc.cluster.local
+  issuerRef:
+    name: gardener-ca
+  privateKey:
+    algorithm: RSA
+    size: 3072
diff --git a/gardener/webterminal.yaml b/gardener/webterminal.yaml
@@ -8,7 +8,7 @@ spec:
   dependsOn:
     - name: configuration
     - name: gardener-application
-  targetNamespace: flux-system
+  targetNamespace: terminal-system
   interval: 1m
   chart:
     spec:
@@ -23,15 +23,54 @@ spec:
     remediation:
       retries: 3
     createNamespace: true
+  values:
+    utils-templates:
+      enabled: true
   valuesFrom:
     - kind: Secret
       name: webterminal-base-values
       optional: false
+    - kind: Secret
+      name: webterminal-values-0
+      optional: true
+    - kind: Secret
+      name: webterminal-values-1
+      optional: true
+    - kind: Secret
+      name: webterminal-values-2
+      optional: true
     - kind: Secret
       name: webterminal-values
       optional: true
       valuesKey: enabled
       targetPath: terminal-controller-manager-runtime.enabled
+
+    - kind: Secret
+      name: gardener-internal-kubeconfig
+      valuesKey: value
+      targetPath: global.controller.manager.kubeconfig
+
+    - kind: Secret
+      name: terminal-metrics-cert
+      valuesKey: tls.key
+      targetPath: global.controller.manager.config.server.metrics.tls.key
+    - kind: Secret
+      name: terminal-metrics-cert
+      valuesKey: tls.crt
+      targetPath: global.controller.manager.config.server.metrics.tls.crt
+    - kind: Secret
+      name: terminal-admission-controller-cert
+      valuesKey: ca.crt
+      targetPath: global.admission.config.server.webhooks.caBundle
+    - kind: Secret
+      name: terminal-admission-controller-cert
+      valuesKey: tls.key
+      targetPath: global.admission.config.server.webhooks.tls.key
+    - kind: Secret
+      name: terminal-admission-controller-cert
+      valuesKey: tls.crt
+      targetPath: global.admission.config.server.webhooks.tls.crt
+
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
@@ -42,7 +81,7 @@ spec:
   dependsOn:
     - name: configuration
     - name: terminal-controller-manager-runtime
-  targetNamespace: flux-system
+  targetNamespace: terminal-system
   kubeConfig:
     secretRef:
       name: gardener-internal-kubeconfig
@@ -60,14 +99,45 @@ spec:
     remediation:
       retries: 3
     createNamespace: true
+  values:
+    utils-templates:
+      enabled: true
   valuesFrom:
     - kind: Secret
-      name: terminal-webhook-server-cert
-      valuesKey: tls.crt
-      targetPath: global.application.certificate.caBundle
+      name: webterminal-base-values
+      optional: false
+    - kind: Secret
+      name: webterminal-values-0
+      optional: true
+    - kind: Secret
+      name: webterminal-values-1
+      optional: true
+    - kind: Secret
+      name: webterminal-values-2
       optional: true
     - kind: Secret
       name: webterminal-values
       optional: true
       valuesKey: enabled
       targetPath: terminal-controller-manager-application.enabled
+
+    - kind: Secret
+      name: terminal-metrics-cert
+      valuesKey: tls.key
+      targetPath: global.controller.manager.config.server.metrics.tls.key
+    - kind: Secret
+      name: terminal-metrics-cert
+      valuesKey: tls.crt
+      targetPath: global.controller.manager.config.server.metrics.tls.crt
+    - kind: Secret
+      name: terminal-admission-controller-cert
+      valuesKey: ca.crt
+      targetPath: global.admission.config.server.webhooks.caBundle
+    - kind: Secret
+      name: terminal-admission-controller-cert
+      valuesKey: tls.key
+      targetPath: global.admission.config.server.webhooks.tls.key
+    - kind: Secret
+      name: terminal-admission-controller-cert
+      valuesKey: tls.crt
+      targetPath: global.admission.config.server.webhooks.tls.crt