Enable ESS (#6)

Signed-off-by: I534922 <[email protected]>

Makefile

@@ -90,7 +90,7 @@ fallthrough: submodules
 
 # NOTE(hasheddan): we force image building to happen prior to xpkg build so that
 # we ensure image is present in daemon.
-xpkg.build.upjet-provider-template: do.build.images
+xpkg.build.provider-confluent: do.build.images
 
 # NOTE(hasheddan): we ensure up is installed prior to running platform-specific
 # build steps in parallel to avoid encountering an installation race condition.

cmd/provider/main.go

@@ -10,7 +10,14 @@ import (
 	"path/filepath"
 	"time"
 
+	"github.com/crossplane-contrib/provider-confluent/apis"
+	"github.com/crossplane-contrib/provider-confluent/apis/v1alpha1"
+	"github.com/crossplane-contrib/provider-confluent/config"
+	"github.com/crossplane-contrib/provider-confluent/internal/clients"
+	"github.com/crossplane-contrib/provider-confluent/internal/controller"
+	"github.com/crossplane-contrib/provider-confluent/internal/features"
 	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
+	"github.com/crossplane/crossplane-runtime/pkg/certificates"
 	xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller"
 	"github.com/crossplane/crossplane-runtime/pkg/feature"
 	"github.com/crossplane/crossplane-runtime/pkg/logging"
@@ -24,13 +31,6 @@ import (
 	"k8s.io/client-go/tools/leaderelection/resourcelock"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
-
-	"github.com/crossplane-contrib/provider-confluent/apis"
-	"github.com/crossplane-contrib/provider-confluent/apis/v1alpha1"
-	"github.com/crossplane-contrib/provider-confluent/config"
-	"github.com/crossplane-contrib/provider-confluent/internal/clients"
-	"github.com/crossplane-contrib/provider-confluent/internal/controller"
-	"github.com/crossplane-contrib/provider-confluent/internal/features"
 )
 
 func main() {
@@ -48,6 +48,7 @@ func main() {
 
 		namespace                  = app.Flag("namespace", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String()
 		enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool()
+		essTLSCertsPath            = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String()
 		enableManagementPolicies   = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool()
 	)
 
@@ -96,6 +97,15 @@ func main() {
 		o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind
 		log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores)
 
+		o.ESSOptions = &xpcontroller.ESSOptions{}
+		if *essTLSCertsPath != "" {
+			log.Info("ESS TLS certificates path is set. Loading mTLS configuration.")
+			tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false)
+			kingpin.FatalIfError(err, "Cannot load ESS TLS config.")
+
+			o.ESSOptions.TLSConfig = tCfg
+		}
+
 		// Ensure default store config exists.
 		kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{
 			ObjectMeta: metav1.ObjectMeta{