Add TLS config to Perses client and mount certs to Deployment and Sta…

…tefulSet Signed-off-by: Douglass Kirkley <doug.kirkley@gmail.com>
perses · Feb 7, 2025 · 06955c1 · 06955c1
1 parent 54faa23
commit 06955c1
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 25 deletions.
diff --git a/api/v1alpha1/perses_types.go b/api/v1alpha1/perses_types.go
@@ -23,17 +23,20 @@ import (
 // PersesSpec defines the desired state of Perses
 type PersesSpec struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	// Client perses client configuration
 	Client Client `json:"client,omitempty"`
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
 	Config PersesConfig `json:"config,omitempty"`
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
 	ContainerPort int32 `json:"containerPort,omitempty"`
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	// Args extra arguments to pass to perses
 	Args []string `json:"args,omitempty"`
 }
 
 type Client struct {
 	// +optional
+	// TLS tls_config for perses client
 	TLS *TLS `json:"tls,omitempty"`
 }
 
@@ -45,6 +48,7 @@ type TLS struct {
 	UserCert *Certificate `json:"userCert,omitempty"`
 }
 
+// CertificateType types of certificate sources in k8s
 type CertificateType string
 
 const (
@@ -54,15 +58,14 @@ const (
 
 type Certificate struct {
 	// +kubebuilder:validation:Enum:={"secret", "configmap"}
-	Type        CertificateType `json:"type"`
-	Name        string          `json:"name"`
-	CertFile    string          `json:"certFile"`
-	CertKeyFile string          `json:"certKeyFile"`
-}
-
-type UserCert struct {
-	Type string `json:"type,omitempty"`
+	// Type source type of certificate
+	Type CertificateType `json:"type"`
+	// Name of certificate k8s resource
 	Name string `json:"name"`
+	// CertFile path to certificate
+	CertFile string `json:"certFile"`
+	// CertKeyFile path to certificate key file
+	CertKeyFile string `json:"certKeyFile"`
 }
 
 // PersesStatus defines the observed state of Perses

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/perses.dev_perses.yaml b/config/crd/bases/perses.dev_perses.yaml
@@ -40,22 +40,29 @@ spec:
             description: PersesSpec defines the desired state of Perses
             properties:
               args:
+                description: Args extra arguments to pass to perses
                 items:
                   type: string
                 type: array
               client:
+                description: Client perses client configuration
                 properties:
                   tls:
+                    description: TLS tls_config for perses client
                     properties:
                       caCert:
                         properties:
                           certFile:
+                            description: CertFile path to certificate
                             type: string
                           certKeyFile:
+                            description: CertKeyFile path to certificate key file
                             type: string
                           name:
+                            description: Name of certificate k8s resource
                             type: string
                           type:
+                            description: Type source type of certificate
                             enum:
                             - secret
                             - configmap
@@ -73,12 +80,16 @@ spec:
                       userCert:
                         properties:
                           certFile:
+                            description: CertFile path to certificate
                             type: string
                           certKeyFile:
+                            description: CertKeyFile path to certificate key file
                             type: string
                           name:
+                            description: Name of certificate k8s resource
                             type: string
                           type:
+                            description: Type source type of certificate
                             enum:
                             - secret
                             - configmap

diff --git a/internal/perses/common/volumes.go b/internal/perses/common/volumes.go
@@ -102,16 +102,16 @@ func GetVolumeMounts(perses *v1alpha1.Perses) []corev1.VolumeMount {
 	if perses.Spec.Client.TLS != nil && perses.Spec.Client.TLS.Enable {
 		volumeMounts = append(volumeMounts, corev1.VolumeMount{
 			Name:      "ca",
+			ReadOnly:  true,
 			MountPath: "/ca",
 			SubPath:   perses.Spec.Client.TLS.CaCert.CertFile,
-			ReadOnly:  true,
 		})
 
 		if perses.Spec.Client.TLS.UserCert != nil {
 			volumeMounts = append(volumeMounts, corev1.VolumeMount{
 				Name:      "tls",
-				MountPath: "/tls",
 				ReadOnly:  true,
+				MountPath: "/tls",
 			})
 		}
 	}