diff --git a/Makefile b/Makefile index f6d890e..b4718cb 100644 --- a/Makefile +++ b/Makefile @@ -90,7 +90,7 @@ fallthrough: submodules # NOTE(hasheddan): we force image building to happen prior to xpkg build so that # we ensure image is present in daemon. -xpkg.build.upjet-provider-template: do.build.images +xpkg.build.provider-confluent: do.build.images # NOTE(hasheddan): we ensure up is installed prior to running platform-specific # build steps in parallel to avoid encountering an installation race condition. diff --git a/cmd/provider/main.go b/cmd/provider/main.go index 9f1e959..f173221 100644 --- a/cmd/provider/main.go +++ b/cmd/provider/main.go @@ -10,7 +10,14 @@ import ( "path/filepath" "time" + "github.com/crossplane-contrib/provider-confluent/apis" + "github.com/crossplane-contrib/provider-confluent/apis/v1alpha1" + "github.com/crossplane-contrib/provider-confluent/config" + "github.com/crossplane-contrib/provider-confluent/internal/clients" + "github.com/crossplane-contrib/provider-confluent/internal/controller" + "github.com/crossplane-contrib/provider-confluent/internal/features" xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1" + "github.com/crossplane/crossplane-runtime/pkg/certificates" xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller" "github.com/crossplane/crossplane-runtime/pkg/feature" "github.com/crossplane/crossplane-runtime/pkg/logging" @@ -24,13 +31,6 @@ import ( "k8s.io/client-go/tools/leaderelection/resourcelock" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log/zap" - - "github.com/crossplane-contrib/provider-confluent/apis" - "github.com/crossplane-contrib/provider-confluent/apis/v1alpha1" - "github.com/crossplane-contrib/provider-confluent/config" - "github.com/crossplane-contrib/provider-confluent/internal/clients" - "github.com/crossplane-contrib/provider-confluent/internal/controller" - "github.com/crossplane-contrib/provider-confluent/internal/features" ) func main() { @@ -48,6 +48,7 @@ func main() { namespace = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String() enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool() + essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String() enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool() ) @@ -96,6 +97,15 @@ func main() { o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores) + o.ESSOptions = &xpcontroller.ESSOptions{} + if *essTLSCertsPath != "" { + log.Info("ESS TLS certificates path is set. Loading mTLS configuration.") + tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false) + kingpin.FatalIfError(err, "Cannot load ESS TLS config.") + + o.ESSOptions.TLSConfig = tCfg + } + // Ensure default store config exists. kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{ ObjectMeta: metav1.ObjectMeta{