From 7d553e80faef4563277afa01bce2cd7aae5c6f28 Mon Sep 17 00:00:00 2001
From: Mykola Morhun <mmorhun@redhat.com>
Date: Fri, 30 Oct 2020 16:15:17 +0200
Subject: [PATCH] [Helm] Use default ingress TLS certificate if tls.secretName
 is not set

Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
---
 .../custom-charts/che-devfile-registry/templates/ingress.yaml  | 2 ++
 .../helm/che/custom-charts/che-jaeger/templates/ingress.yaml   | 2 ++
 .../helm/che/custom-charts/che-keycloak/templates/ingress.yaml | 2 ++
 .../custom-charts/che-plugin-registry/templates/ingress.yaml   | 2 ++
 deploy/kubernetes/helm/che/templates/configmap.yaml            | 2 +-
 deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml    | 2 ++
 deploy/kubernetes/helm/che/templates/deployment.yaml           | 3 ++-
 deploy/kubernetes/helm/che/templates/ingress.yaml              | 2 ++
 deploy/kubernetes/helm/che/templates/metrics-ingress.yaml      | 2 ++
 deploy/kubernetes/helm/che/values.yaml                         | 1 +
 10 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml b/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml
index 17c44075d8ed..63af4fbb572d 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml
@@ -49,7 +49,9 @@ spec:
   tls:
   - hosts:
     - {{ template "devfileRegistryHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end -}}
 
 {{- end }}
diff --git a/deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml b/deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml
index e227256f891a..c8dcfd7b7ca7 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml
@@ -28,7 +28,9 @@ spec:
   tls:
   - hosts:
     - {{ template "jaegerHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
   - host: {{ template "jaegerHost" . }}
diff --git a/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml b/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml
index 64161eea50bc..9f072318ee85 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml
@@ -27,7 +27,9 @@ spec:
   tls:
   - hosts:
     - {{ template "keycloakHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
 {{- if eq .Values.global.serverStrategy "default-host" }}
diff --git a/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml b/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml
index 64221a9b19e2..873f86369e0e 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml
@@ -49,7 +49,9 @@ spec:
   tls:
   - hosts:
     - {{ template "pluginRegistryHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end -}}
 
 {{- end }}
diff --git a/deploy/kubernetes/helm/che/templates/configmap.yaml b/deploy/kubernetes/helm/che/templates/configmap.yaml
index 31a018328fbb..8221b2f7f285 100644
--- a/deploy/kubernetes/helm/che/templates/configmap.yaml
+++ b/deploy/kubernetes/helm/che/templates/configmap.yaml
@@ -34,7 +34,7 @@ data:
   CHE_INFRA_KUBERNETES_MASTER__URL: ""
 {{- if and .Values.global.tls .Values.global.tls.enabled }}
   CHE_INFRA_KUBERNETES_TLS__ENABLED: {{ .Values.global.tls.enabled | quote}}
-  CHE_INFRA_KUBERNETES_TLS__SECRET: {{ .Values.global.tls.secretName }}
+  CHE_INFRA_KUBERNETES_TLS__SECRET: {{ .Values.global.tls.secretName | quote}}
 {{- else }}
   CHE_INFRA_KUBERNETES_TLS__ENABLED: "false"
   CHE_INFRA_KUBERNETES_TLS__SECRET: ""
diff --git a/deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml b/deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml
index 8c5b97a0be14..3ff389b42e80 100644
--- a/deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml
+++ b/deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml
@@ -29,7 +29,9 @@ spec:
   tls:
   - hosts:
     - {{ template "cheHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
 {{- if ne .Values.global.serverStrategy "default-host" }}
diff --git a/deploy/kubernetes/helm/che/templates/deployment.yaml b/deploy/kubernetes/helm/che/templates/deployment.yaml
index 91ce8f0c670a..c1cd28c5d23c 100644
--- a/deploy/kubernetes/helm/che/templates/deployment.yaml
+++ b/deploy/kubernetes/helm/che/templates/deployment.yaml
@@ -107,7 +107,8 @@ spec:
 
         # If workspaces are created in a separate namespace(s)
         # then configure Che Server to propagate TLS secret to workspaces' namespaces
-        {{- if ne .Release.Namespace .Values.global.cheWorkspacesNamespace }}
+        # Do not propagete anything in case of using default ingress controller certificate (tls.secretName is empty)
+        {{- if and (ne .Release.Namespace .Values.global.cheWorkspacesNamespace) (.Values.global.tls.secretName) }}
         - name: "CHE_INFRA_KUBERNETES_TLS__CERT"
           valueFrom:
             secretKeyRef:
diff --git a/deploy/kubernetes/helm/che/templates/ingress.yaml b/deploy/kubernetes/helm/che/templates/ingress.yaml
index fa06a8925ab0..801243e33d3a 100644
--- a/deploy/kubernetes/helm/che/templates/ingress.yaml
+++ b/deploy/kubernetes/helm/che/templates/ingress.yaml
@@ -25,7 +25,9 @@ spec:
   tls:
   - hosts:
     - {{ template "cheHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
 {{- if ne .Values.global.serverStrategy "default-host" }}
diff --git a/deploy/kubernetes/helm/che/templates/metrics-ingress.yaml b/deploy/kubernetes/helm/che/templates/metrics-ingress.yaml
index b740fb7a99cd..d4b2f1744b1f 100644
--- a/deploy/kubernetes/helm/che/templates/metrics-ingress.yaml
+++ b/deploy/kubernetes/helm/che/templates/metrics-ingress.yaml
@@ -36,7 +36,9 @@ spec:
   - hosts:
     - {{ template "prometheusHost" . }}
     - {{ template "grafanaHost" . }}
+    {{- if .Values.global.tls.secretName }}
     secretName: {{ .Values.global.tls.secretName }}
+    {{- end -}}
 {{- end }}
   rules:
   - host: {{ template "prometheusHost" . }}
diff --git a/deploy/kubernetes/helm/che/values.yaml b/deploy/kubernetes/helm/che/values.yaml
index d846f4764035..6fbebf1f39b2 100644
--- a/deploy/kubernetes/helm/che/values.yaml
+++ b/deploy/kubernetes/helm/che/values.yaml
@@ -51,6 +51,7 @@ global:
     ## Secret name that will be used in Che Ingresses for setting TLS up
     ## Note the helm chart does not create this secret and
     ## it MUST be pre-created in the configured Che namespace
+    ## If the value is empty, then the certificate from default ingress controller will be used.
     secretName: che-tls
 
     ## If self-signed certificate flag is enabled