From 2a2f9a7856d6478c624befb51996fd1494704809 Mon Sep 17 00:00:00 2001 From: "Paul.42" Date: Tue, 9 Nov 2021 16:10:08 -0700 Subject: [PATCH 1/3] Update _helpers.tpl attempt to pipe value to .Files.Get - configmap `{{.Release.Name}}-gen-certs` is empty for tls cert and key when using nodeport and when using external cert for nginx --- helm/openwhisk/templates/_helpers.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/openwhisk/templates/_helpers.tpl b/helm/openwhisk/templates/_helpers.tpl index 847ef8e2..d7319f8b 100644 --- a/helm/openwhisk/templates/_helpers.tpl +++ b/helm/openwhisk/templates/_helpers.tpl @@ -335,14 +335,14 @@ imagePullSecrets: {{/* nginx cert */}} {{- define "openwhisk.nginx_cert" -}} {{- if .Values.nginx.certificate.external }} -{{ .Files.Get .Values.nginx.certificate.cert_file }} +{{ .Values.nginx.certificate.cert_file | .Files.Get }} {{- end -}} {{- end -}} {{/* nginx key */}} {{- define "openwhisk.nginx_key" -}} {{- if .Values.nginx.certificate.external }} -{{ .Files.Get .Values.nginx.certificate.key_file }} +{{ .Values.nginx.certificate.key_file | .Files.Get }} {{- end -}} {{- end -}} From 19dee9ce8379197081f5bcf23b6de992f68f5aa9 Mon Sep 17 00:00:00 2001 From: "Paul.42" Date: Thu, 11 Nov 2021 13:00:47 -0700 Subject: [PATCH 2/3] Update and rename gen-certs-cm.yaml to gen-certs-secret.yaml if user passes in external cert, do not store key in config map, store in secret --- .../templates/{gen-certs-cm.yaml => gen-certs-secret.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename helm/openwhisk/templates/{gen-certs-cm.yaml => gen-certs-secret.yaml} (98%) diff --git a/helm/openwhisk/templates/gen-certs-cm.yaml b/helm/openwhisk/templates/gen-certs-secret.yaml similarity index 98% rename from helm/openwhisk/templates/gen-certs-cm.yaml rename to helm/openwhisk/templates/gen-certs-secret.yaml index 65f90385..9ba5a2d7 100644 --- a/helm/openwhisk/templates/gen-certs-cm.yaml +++ b/helm/openwhisk/templates/gen-certs-secret.yaml @@ -17,7 +17,7 @@ {{- if or (eq .Values.whisk.ingress.type "NodePort") (eq .Values.whisk.ingress.type "LoadBalancer") }} apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: {{ .Release.Name }}-gen-certs labels: From 9f1802350aa948cdaa497468a87508fcc34b6210 Mon Sep 17 00:00:00 2001 From: "Paul.42" Date: Thu, 11 Nov 2021 13:02:09 -0700 Subject: [PATCH 3/3] Update nginx-pod.yaml and _helperts.tpl convert {{ .Release.Name }}-gen-certs from configMap to secret --- helm/openwhisk/templates/_helpers.tpl | 4 ++-- helm/openwhisk/templates/nginx-pod.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/openwhisk/templates/_helpers.tpl b/helm/openwhisk/templates/_helpers.tpl index d7319f8b..30eed5c7 100644 --- a/helm/openwhisk/templates/_helpers.tpl +++ b/helm/openwhisk/templates/_helpers.tpl @@ -335,14 +335,14 @@ imagePullSecrets: {{/* nginx cert */}} {{- define "openwhisk.nginx_cert" -}} {{- if .Values.nginx.certificate.external }} -{{ .Values.nginx.certificate.cert_file | .Files.Get }} +{{ .Files.Get .Values.nginx.certificate.cert_file | b64enc }} {{- end -}} {{- end -}} {{/* nginx key */}} {{- define "openwhisk.nginx_key" -}} {{- if .Values.nginx.certificate.external }} -{{ .Values.nginx.certificate.key_file | .Files.Get }} +{{ .Files.Get .Values.nginx.certificate.key_file | b64enc }} {{- end -}} {{- end -}} diff --git a/helm/openwhisk/templates/nginx-pod.yaml b/helm/openwhisk/templates/nginx-pod.yaml index 5b040d66..6c4f9afa 100644 --- a/helm/openwhisk/templates/nginx-pod.yaml +++ b/helm/openwhisk/templates/nginx-pod.yaml @@ -50,8 +50,8 @@ spec: {{- if or (eq .Values.whisk.ingress.type "NodePort") (eq .Values.whisk.ingress.type "LoadBalancer") }} {{- if .Values.nginx.certificate.external }} - name: nginx-certs - configMap: - name: {{ .Release.Name }}-gen-certs + secret: + secretName: {{ .Release.Name }}-gen-certs {{- else }} - name: nginx-certs secret: