Change cert-names each deployment

trifork · Aug 10, 2023 · 51fa6d3 · 51fa6d3
1 parent bf482d3
commit 51fa6d3
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/charts/flink-job/templates/_helpers.tpl b/charts/flink-job/templates/_helpers.tpl
@@ -278,7 +278,7 @@ Set a key=value in a dictionary, if the key is not defined
 
 {{- define "flink-job.sslVolumes" -}}
   {{- if $.Values.internalSsl.enabled -}}
-  {{ (dict "name" "truststore" "secret" (dict "secretName" (print (include "flink-job.fullname" . ) "-mtls-secret"))) | toYaml }}
+  {{ (dict "name" "truststore" "secret" (dict "secretName" (print (include "flink-job.nameWithimageHash" . ) "-mtls-secret"))) | toYaml }}
   {{- end -}}
 {{- end -}}
 
@@ -287,3 +287,7 @@ Set a key=value in a dictionary, if the key is not defined
     {{ (dict "name" "truststore" "mountPath" "/flinkkeystore" "readOnly" true) | toYaml}}
   {{- end -}}
 {{- end -}}
+
+{{- define "flink-job.nameWithimageHash" -}}
+  {{ include "flink-job.fullname" . }}{{ (sha256sum (nospace (toString .Values.image))) | trunc 10 }}
+{{- end -}}
diff --git a/charts/flink-job/templates/cert.yaml b/charts/flink-job/templates/cert.yaml
@@ -2,24 +2,23 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ printf "%s-mtls-issuer" ( include "flink-job.fullname" . ) | quote }}
+  name: {{ printf "%s-mtls-issuer" ( include "flink-job.nameWithimageHash" . ) | quote }}
 spec:
   selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: {{ printf "%s-mtls-crt" ( include "flink-job.fullname" . ) | quote }}
-  imageHash: {{ sha256sum (nospace (toString .Values.image)) }}
+  name: {{ printf "%s-mtls-crt" ( include "flink-job.nameWithimageHash" . ) | quote }}
 spec:
-  secretName: {{ printf "%s-mtls-secret" ( include "flink-job.fullname" . ) | quote }}
-  commonName: {{ printf "%s-mtls-crt" ( include "flink-job.fullname" . ) | quote }}
+  secretName: {{ printf "%s-mtls-secret" ( include "flink-job.nameWithimageHash" . ) | quote }}
+  commonName: {{ printf "%s-mtls-crt" ( include "flink-job.nameWithimageHash" . ) | quote }}
   issuerRef:
-    name: {{ printf "%s-mtls-issuer" ( include "flink-job.fullname" . ) | quote }}
+    name: {{ printf "%s-mtls-issuer" ( include "flink-job.nameWithimageHash" . ) | quote }}
   keystores:
     jks:
       create: true
       passwordSecretRef: # Password used to encrypt the keystore
         key: password
-        name: {{ printf "%s-mtls-password" ( include "flink-job.fullname" . ) | quote }}
+        name: {{ printf "%s-mtls-password" ( include "flink-job.nameWithimageHash" . ) | quote }}
 {{- end -}}