feat: add support for custom certificates

Ian2012 · Aug 15, 2022 · 809ae3e · 809ae3e
1 parent 5093cbd
commit 809ae3e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/drydock/templates/kustomized/tutor13/defaults.yml b/drydock/templates/kustomized/tutor13/defaults.yml
@@ -35,3 +35,4 @@ DRYDOCK_LMS_WORKER_REQUEST_CPU: "600m"
 DRYDOCK_LMS_WORKER_REQUEST_MEMORY: "1Gi"
 DRYDOCK_NEWRELIC: False
 DRYDOCK_NEWRELIC_CONFIG: ""
+DRYDOCK_CUSTOM_CERTS: {}
diff --git a/drydock/templates/kustomized/tutor13/extensions/ingress.yml b/drydock/templates/kustomized/tutor13/extensions/ingress.yml
@@ -5,7 +5,7 @@ metadata:
   namespace: {{ K8S_NAMESPACE }}
   annotations:
     kubernetes.io/ingress.class: nginx
-    {%- if ENABLE_HTTPS %}
+    {%- if ENABLE_HTTPS and not DRYDOCK_CUSTOM_CERTS%}
     cert-manager.io/issuer: letsencrypt
     {%- endif %}
 spec:
@@ -43,9 +43,25 @@ spec:
     {%- for host in DRYDOCK_INGRESS_EXTRA_HOSTS %}
     - {{ host }}
     {%- endfor %}
+    {% if DRYDOCK_CUSTOM_CERTS -%}
+    secretName: {{ DRYDOCK_CUSTOM_CERTS["secret_name"]|default("custom-tls-certs") }}
+    {% else -%}
     secretName: {{ K8S_NAMESPACE }}-tls
+    {%- endif %}
   {%- endif %}
 {% if ENABLE_HTTPS -%}
+{% if DRYDOCK_CUSTOM_CERTS -%}
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/tls
+metadata:
+  name: {{ DRYDOCK_CUSTOM_CERTS["secret_name"]|default("custom-tls-certs") }}
+  namespace: {{ K8S_NAMESPACE }}
+data:
+  tls.crt: {{ DRYDOCK_CUSTOM_CERTS["crt"] }}
+  tls.key: {{ DRYDOCK_CUSTOM_CERTS["key"] }}
+{% else %}
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
@@ -68,3 +84,4 @@ spec:
         ingress:
           class: nginx
 {% endif -%}
+{% endif -%}