Skip to content

Commit 4519859

Browse files
yfodilyfodil
authored
fix: handle ess options (#31)
1 parent cea3ddb commit 4519859

1 file changed

Lines changed: 11 additions & 0 deletions

File tree

cmd/provider/main.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ import (
2020
"sigs.k8s.io/controller-runtime/pkg/log/zap"
2121

2222
xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
23+
"github.com/crossplane/crossplane-runtime/pkg/certificates"
2324
xpcontroller "github.com/crossplane/crossplane-runtime/pkg/controller"
2425
"github.com/crossplane/crossplane-runtime/pkg/feature"
2526
"github.com/crossplane/crossplane-runtime/pkg/logging"
@@ -50,6 +51,7 @@ func main() {
5051

5152
namespace = app.Flag("registry_namespace.yaml", "Namespace used to set as default scope in default secret store config.").Default("crossplane-system").Envar("POD_NAMESPACE").String()
5253
enableExternalSecretStores = app.Flag("enable-external-secret-stores", "Enable support for ExternalSecretStores.").Default("false").Envar("ENABLE_EXTERNAL_SECRET_STORES").Bool()
54+
essTLSCertsPath = app.Flag("ess-tls-cert-dir", "Path of ESS TLS certificates.").Envar("ESS_TLS_CERTS_DIR").String()
5355
enableManagementPolicies = app.Flag("enable-management-policies", "Enable support for Management Policies.").Default("false").Envar("ENABLE_MANAGEMENT_POLICIES").Bool()
5456
)
5557

@@ -106,6 +108,15 @@ func main() {
106108
o.SecretStoreConfigGVK = &v1alpha1.StoreConfigGroupVersionKind
107109
log.Info("Alpha feature enabled", "flag", features.EnableAlphaExternalSecretStores)
108110

111+
o.ESSOptions = &tjcontroller.ESSOptions{}
112+
if *essTLSCertsPath != "" {
113+
log.Info("ESS TLS certificates path is set. Loading mTLS configuration.")
114+
tCfg, err := certificates.LoadMTLSConfig(filepath.Join(*essTLSCertsPath, "ca.crt"), filepath.Join(*essTLSCertsPath, "tls.crt"), filepath.Join(*essTLSCertsPath, "tls.key"), false)
115+
kingpin.FatalIfError(err, "Cannot load ESS TLS config.")
116+
117+
o.ESSOptions.TLSConfig = tCfg
118+
}
119+
109120
// Ensure default store config exists.
110121
kingpin.FatalIfError(resource.Ignore(kerrors.IsAlreadyExists, mgr.GetClient().Create(context.Background(), &v1alpha1.StoreConfig{
111122
ObjectMeta: metav1.ObjectMeta{

0 commit comments

Comments
 (0)