From 51fa6d3ef541c95d0ea99518d0d5eb1ba6f31d34 Mon Sep 17 00:00:00 2001
From: Mikkel Bjerg <mbj@trifork.com>
Date: Thu, 10 Aug 2023 14:24:11 +0200
Subject: [PATCH] Change cert-names each deployment

---
 charts/flink-job/templates/_helpers.tpl |  6 +++++-
 charts/flink-job/templates/cert.yaml    | 13 ++++++-------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/charts/flink-job/templates/_helpers.tpl b/charts/flink-job/templates/_helpers.tpl
index 3019f409..9024a868 100644
--- a/charts/flink-job/templates/_helpers.tpl
+++ b/charts/flink-job/templates/_helpers.tpl
@@ -278,7 +278,7 @@ Set a key=value in a dictionary, if the key is not defined
 
 {{- define "flink-job.sslVolumes" -}}
   {{- if $.Values.internalSsl.enabled -}}
-  {{ (dict "name" "truststore" "secret" (dict "secretName" (print (include "flink-job.fullname" . ) "-mtls-secret"))) | toYaml }}
+  {{ (dict "name" "truststore" "secret" (dict "secretName" (print (include "flink-job.nameWithimageHash" . ) "-mtls-secret"))) | toYaml }}
   {{- end -}}
 {{- end -}}
 
@@ -287,3 +287,7 @@ Set a key=value in a dictionary, if the key is not defined
     {{ (dict "name" "truststore" "mountPath" "/flinkkeystore" "readOnly" true) | toYaml}}
   {{- end -}}
 {{- end -}}
+
+{{- define "flink-job.nameWithimageHash" -}}
+  {{ include "flink-job.fullname" . }}{{ (sha256sum (nospace (toString .Values.image))) | trunc 10 }}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/flink-job/templates/cert.yaml b/charts/flink-job/templates/cert.yaml
index a2d02313..b506e5b6 100644
--- a/charts/flink-job/templates/cert.yaml
+++ b/charts/flink-job/templates/cert.yaml
@@ -2,24 +2,23 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ printf "%s-mtls-issuer" ( include "flink-job.fullname" . ) | quote }}
+  name: {{ printf "%s-mtls-issuer" ( include "flink-job.nameWithimageHash" . ) | quote }}
 spec:
   selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: {{ printf "%s-mtls-crt" ( include "flink-job.fullname" . ) | quote }}
-  imageHash: {{ sha256sum (nospace (toString .Values.image)) }}
+  name: {{ printf "%s-mtls-crt" ( include "flink-job.nameWithimageHash" . ) | quote }}
 spec:
-  secretName: {{ printf "%s-mtls-secret" ( include "flink-job.fullname" . ) | quote }}
-  commonName: {{ printf "%s-mtls-crt" ( include "flink-job.fullname" . ) | quote }}
+  secretName: {{ printf "%s-mtls-secret" ( include "flink-job.nameWithimageHash" . ) | quote }}
+  commonName: {{ printf "%s-mtls-crt" ( include "flink-job.nameWithimageHash" . ) | quote }}
   issuerRef:
-    name: {{ printf "%s-mtls-issuer" ( include "flink-job.fullname" . ) | quote }}
+    name: {{ printf "%s-mtls-issuer" ( include "flink-job.nameWithimageHash" . ) | quote }}
   keystores:
     jks:
       create: true
       passwordSecretRef: # Password used to encrypt the keystore
         key: password
-        name: {{ printf "%s-mtls-password" ( include "flink-job.fullname" . ) | quote }}
+        name: {{ printf "%s-mtls-password" ( include "flink-job.nameWithimageHash" . ) | quote }}
 {{- end -}}
\ No newline at end of file