diff --git a/api/v1alpha1/irsasetup_types.go b/api/v1alpha1/irsasetup_types.go
index 30f7b7c..2f4910a 100644
--- a/api/v1alpha1/irsasetup_types.go
+++ b/api/v1alpha1/irsasetup_types.go
@@ -33,8 +33,11 @@ type IRSASetupSpec struct {
// +required
Cleanup bool `json:"cleanup"`
- // Mode specifies the mode of operation. Can be either "selfhosted" or "eks".
- Mode string `json:"mode"`
+ // Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled.
+ // Currently unused. Planned values:
+ // - "selfhosted": For self-managed Kubernetes clusters.
+ // - "eks": For Amazon EKS environments.
+ Mode string `json:"mode,omitempty"`
// Discovery configures the IdP Discovery process, essential for setting up IRSA by locating
// the OIDC provider information.
diff --git a/charts/irsa-manager/crds/irsasetup-crd.yaml b/charts/irsa-manager/crds/irsasetup-crd.yaml
index 11af11c..7cc00d0 100644
--- a/charts/irsa-manager/crds/irsasetup-crd.yaml
+++ b/charts/irsa-manager/crds/irsasetup-crd.yaml
@@ -71,13 +71,15 @@ spec:
type: object
type: object
mode:
- description: Mode specifies the mode of operation. Can be either "selfhosted"
- or "eks".
+ description: |-
+ Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled.
+ Currently unused. Planned values:
+ - "selfhosted": For self-managed Kubernetes clusters.
+ - "eks": For Amazon EKS environments.
type: string
required:
- cleanup
- discovery
- - mode
type: object
status:
description: IRSASetupStatus defines the observed state of IRSASetup
diff --git a/charts/irsa-manager/templates/deployment.yaml b/charts/irsa-manager/templates/deployment.yaml
index 078d4d5..e75b142 100644
--- a/charts/irsa-manager/templates/deployment.yaml
+++ b/charts/irsa-manager/templates/deployment.yaml
@@ -62,6 +62,7 @@ spec:
secretKeyRef:
key: aws-role-arn
name: aws-secret
+ optional: true
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ quote .Values.kubernetesClusterDomain }}
image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag
diff --git a/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml b/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml
index 00c5eb4..c8fe6c9 100644
--- a/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml
+++ b/config/crd/bases/irsa-manager.kkb0318.github.io_irsasetups.yaml
@@ -72,13 +72,15 @@ spec:
type: object
type: object
mode:
- description: Mode specifies the mode of operation. Can be either "selfhosted"
- or "eks".
+ description: |-
+ Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled.
+ Currently unused. Planned values:
+ - "selfhosted": For self-managed Kubernetes clusters.
+ - "eks": For Amazon EKS environments.
type: string
required:
- cleanup
- discovery
- - mode
type: object
status:
description: IRSASetupStatus defines the observed state of IRSASetup
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index ed6b04c..0e6f638 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -95,7 +95,7 @@ spec:
secretKeyRef:
name: aws-secret
key: aws-role-arn
- # optional: true
+ optional: true
name: manager
securityContext:
allowPrivilegeEscalation: false
diff --git a/docs/api.md b/docs/api.md
index e7ebdf8..aca1086 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -100,7 +100,7 @@ _Appears in:_
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `cleanup` _boolean_ | Cleanup, when enabled, allows the IRSASetup to perform garbage collection
of resources that are no longer needed or managed. | | |
-| `mode` _string_ | Mode specifies the mode of operation. Can be either "selfhosted" or "eks". | | |
+| `mode` _string_ | Mode (Optional, Future Feature) Defines how the controller will operate once this feature is enabled.
Currently unused. Planned values:
- "selfhosted": For self-managed Kubernetes clusters.
- "eks": For Amazon EKS environments. | | |
| `discovery` _[Discovery](#discovery)_ | Discovery configures the IdP Discovery process, essential for setting up IRSA by locating
the OIDC provider information. | | |
diff --git a/examples/selfhosted.yaml b/examples/selfhosted.yaml
index 1fbeda8..656268d 100644
--- a/examples/selfhosted.yaml
+++ b/examples/selfhosted.yaml
@@ -5,7 +5,6 @@ metadata:
namespace: irsa-manager-system
spec:
cleanup: false
- mode: selfhosted
discovery:
s3:
region: ap-northeast-1
diff --git a/internal/controller/irsasetup_controller_test.go b/internal/controller/irsasetup_controller_test.go
index 872a049..e67c0da 100644
--- a/internal/controller/irsasetup_controller_test.go
+++ b/internal/controller/irsasetup_controller_test.go
@@ -53,7 +53,7 @@ var _ = Describe("IRSASetup Controller", func() {
},
Spec: irsav1alpha1.IRSASetupSpec{
Cleanup: true,
- Mode: "selfhosted",
+ // Mode: "selfhosted",
Discovery: irsav1alpha1.Discovery{
S3: irsav1alpha1.S3Discovery{
Region: "ap-northeast-1",
@@ -134,7 +134,7 @@ var _ = Describe("IRSASetup Controller", func() {
},
Spec: irsav1alpha1.IRSASetupSpec{
Cleanup: true,
- Mode: "selfhoted",
+ // Mode: "selfhoted",
Discovery: irsav1alpha1.Discovery{
S3: irsav1alpha1.S3Discovery{
Region: "ap-northeast-1",
@@ -219,7 +219,7 @@ var _ = Describe("IRSASetup Controller", func() {
},
Spec: irsav1alpha1.IRSASetupSpec{
Cleanup: false,
- Mode: "selfhoted",
+ // Mode: "selfhoted",
Discovery: irsav1alpha1.Discovery{
S3: irsav1alpha1.S3Discovery{
Region: "ap-northeast-1",
diff --git a/internal/selfhosted/webhook/certificate_test.go b/internal/selfhosted/webhook/certificate_test.go
index e6ed213..a025bf8 100644
--- a/internal/selfhosted/webhook/certificate_test.go
+++ b/internal/selfhosted/webhook/certificate_test.go
@@ -19,21 +19,25 @@ func TestCreateTlsCredentials(t *testing.T) {
}
certBlock, _ := pem.Decode(creds.certificate)
+ var cert *x509.Certificate
if certBlock == nil {
t.Fatal("Failed to decode PEM block containing the certificate")
+ } else {
+ cert, err = x509.ParseCertificate(certBlock.Bytes)
+ if err != nil {
+ t.Fatalf("Failed to parse certificate: %v", err)
+ }
}
- cert, err := x509.ParseCertificate(certBlock.Bytes)
- if err != nil {
- t.Fatalf("Failed to parse certificate: %v", err)
- }
-
+ var key *rsa.PrivateKey
keyBlock, _ := pem.Decode(creds.privateKey)
if keyBlock == nil {
t.Fatal("Failed to decode PEM block containing the private key")
- }
- key, err := x509.ParsePKCS1PrivateKey(keyBlock.Bytes)
- if err != nil {
- t.Fatalf("Failed to parse private key: %v", err)
+ } else {
+ key, err = x509.ParsePKCS1PrivateKey(keyBlock.Bytes)
+ if err != nil {
+ t.Fatalf("Failed to parse private key: %v", err)
+ }
+
}
// Verify public keys are equivalent