Add .spec.certSecretRef to Bucket API
#1475
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
matheuscscp
force-pushed
the
bucket-cert-secret
branch
13 times, most recently
from
aaf53e6
to
9835883
Compare
stefanprodan
reviewed
May 9, 2024
matheuscscp
force-pushed
the
bucket-cert-secret
branch
from
9835883
to
dcd8cc1
Compare
stefanprodan
approved these changes
May 14, 2024
stefanprodan
added
enhancement
stefanprodan
changed the title
.spec.certSecretRef to Bucket API
darkowlzz
reviewed
May 14, 2024
matheuscscp
force-pushed
the
bucket-cert-secret
branch
from
dcd8cc1
to
01b4d8c
Compare
matheuscscp
force-pushed
the
bucket-cert-secret
branch
from
01b4d8c
to
27bfc7d
Compare
darkowlzz
reviewed
May 15, 2024
|
I just finished testing this with a test bucket from Here are the Helm values I used, for reference, in case anyone wants to replicate the test: mode: standalone
replicas: 1
resources:
requests:
memory: 512Mi
rootPassword: rootpass123
rootUser: rootuser
tls:
certSecret: bucket-secret
enabled: true
privateKey: tls.key
publicCrt: tls.crtand it took some time to figure out exactly what the other configuration artifacts should look like, writing them out here for completeness: ---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: Bucket
metadata:
name: test-bucket
namespace: test-bucket
spec:
bucketName: test-bucket
endpoint: minio.test-bucket.svc.cluster.local:9000
interval: 1m0s
provider: generic
certSecretRef:
name: bucket-secret
secretRef:
name: bucket-client-credentialsapiVersion: v1
kind: Secret
metadata:
name: bucket-client-credentials
namespace: test-bucket
type: Opaque
stringData:
accesskey: rootuser
secretkey: rootpass123apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: my-bucket-cert
namespace: test-bucket
spec:
dnsNames:
- minio.test-bucket.svc.cluster.local
isCA: true
commonName: my-bucket-cert
secretName: bucket-secret
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: ca-issuer
kind: Issuer
group: cert-manager.ioapiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: ca-issuer
namespace: test-bucket
spec:
selfSigned: {}You can also create a real access key and secret, but in the tests we also use the root user/pass so it's fine, works as well. |
|
Thanks @kingdonb for testing this on your cluster 🏅 |
Signed-off-by: Matheus Pimenta <[email protected]>
matheuscscp
force-pushed
the
bucket-cert-secret
branch
from
27bfc7d
to
bc16734
Compare
stefanprodan
approved these changes
May 22, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #973