Add Cert Manager to Operator #70

guanzhousongmicrosoft · 2025-08-27T15:17:40Z

No description provided.

operator/src/internal/cnpg/cnpg_cluster.go

operator/src/api/preview/documentdb_types.go

internal/controller/documentdb_controller.go

…etes-operator

cmd/main.go

internal/controller/documentdb_controller.go

internal/utils/util.go

docs/provided-mode-test.md

…entdb-kubernetes-operator

…etes-operator

hossain-rayhan · 2025-10-21T16:03:19Z

docs/provided-mode-test.md

@@ -0,0 +1,445 @@
+# Provided TLS mode: step-by-step test (AKV + Secrets Store CSI)


Lets put all tls setup doc under our /documentdb-playground/tls folder.

This is improtant.

hossain-rayhan · 2025-10-21T16:05:22Z

scripts/cert-manager/gateway-tls-e2e.sh

@@ -0,0 +1,186 @@
+#!/usr/bin/env bash


Lets move all the TLS cert-manager scripts to the documentdb-playground/tls folder.

hossain-rayhan · 2025-10-21T16:43:10Z

scripts/cert-manager/gateway-tls-e2e.sh

+done
+
+if [[ -z "$RESOURCE_GROUP" ]]; then
+  RESOURCE_GROUP="guanzhou-${SUFFIX}-rg"


We have guanzhou hardcoded in many places. Please replace them with param or documentdb

hossain-rayhan · 2025-11-03T20:15:03Z

We need a delete cluster or cleanup command to avoid cost.

hossain-rayhan · 2025-11-03T20:26:12Z

Here are my thoughts.
We'll add advanced configuration section in our top level README. That will get us to our docs/operator-public-document/preview/advanced-configuration folder. Here we'll have a link for TLS Configuration. This section will take us to documentdb-playground/tls folder.

Here we'll have a README or tls-setup.md file, which will give two simple commands maybe.

one for ./create_cluster.sh --suffix myusername --subscriptionid mysubscriptionid. It will take care of everything
another command for clean up: ./delete_cluster --all something like this.

…etes-operator

hossain-rayhan · 2025-11-03T20:06:04Z

scripts/cert-manager/create-cluster.sh

@@ -0,0 +1,657 @@
+#!/bin/bash


Create a new folder tls under /documentdb-playground and move all the scripts and docs under it.

hossain-rayhan · 2025-11-03T20:06:58Z

operator/documentdb-helm-chart/values.yaml

@@ -17,10 +17,10 @@ walReplica: false  # Set to true to deploy the WAL replica plugin

 image:
  documentdbk8soperator:
-    repository: ghcr.io/microsoft/documentdb-kubernetes-operator/operator
+    repository: ghcr.io/guanzhousongmicrosoft/documentdb-kubernetes-operator/operator


Keep the official registry name.

hossain-rayhan · 2025-11-03T20:07:18Z

operator/documentdb-helm-chart/values.yaml

    pullPolicy: Always
  sidecarinjector:
-    repository: ghcr.io/microsoft/documentdb-kubernetes-operator/sidecar
+    repository: ghcr.io/guanzhousongmicrosoft/documentdb-kubernetes-operator/sidecar


Same. Keep official repo name.

hossain-rayhan · 2025-11-03T20:08:40Z

operator/src/internal/cnpg/cnpg_cluster.go

+						Enabled:    pointer.Bool(true),
+						Parameters: params,
+					}}
+				}(),


Please rebase. We changed the directory structure.

hossain-rayhan · 2025-11-03T20:10:28Z

scripts/cert-manager/create-cluster.sh

+#set -e  # Exit on any error
+
+# Configuration
+CLUSTER_NAME="guanzhou-102001"


Use documentdb- prefix instead of our usernames.

hossain-rayhan · 2025-11-03T20:11:01Z

scripts/cert-manager/create-cluster.sh

+# DocumentDB Operator Configuration
+# For testing: use hossain-rayhan/documentdb-operator (fork with Azure enhancements)
+# For production: use microsoft/documentdb-operator (official)
+OPERATOR_GITHUB_ORG="guanzhousongmicrosoft"


The default should be microsoft.

hossain-rayhan · 2025-11-03T20:13:44Z

docs/provided-mode-test.md

@@ -0,0 +1,445 @@
+# Provided TLS mode: step-by-step test (AKV + Secrets Store CSI)


This is improtant.

…etes-operator

Your Name added 5 commits August 13, 2025 14:34

tls

13a611b

tls

5acec1d

add instruction

00c9526

clean up

ed77baf

clean up

1335f35

hossain-rayhan reviewed Sep 26, 2025

View reviewed changes

operator/src/internal/cnpg/cnpg_cluster.go Show resolved Hide resolved

hossain-rayhan reviewed Sep 26, 2025

View reviewed changes

operator/src/api/preview/documentdb_types.go Show resolved Hide resolved

hossain-rayhan reviewed Sep 26, 2025

View reviewed changes

operator/src/api/preview/documentdb_types.go Show resolved Hide resolved

hossain-rayhan reviewed Sep 26, 2025

View reviewed changes

internal/controller/documentdb_controller.go Outdated Show resolved Hide resolved

Your Name and others added 4 commits September 26, 2025 19:38

Merge branch 'main' of https://github.com/microsoft/documentdb-kubern…

33ce9aa

…etes-operator

use TLSConfiguration

cdae47e

address comments

5b2ad43

Merge branch 'microsoft:main' into main

3aacb40

hossain-rayhan reviewed Oct 10, 2025

View reviewed changes

cmd/main.go Outdated Show resolved Hide resolved

hossain-rayhan reviewed Oct 10, 2025

View reviewed changes

internal/controller/documentdb_controller.go Outdated Show resolved Hide resolved

hossain-rayhan reviewed Oct 10, 2025

View reviewed changes

internal/utils/util.go Outdated Show resolved Hide resolved

Your Name and others added 5 commits October 13, 2025 13:56

rename gateway_tls_controller

8bbbe03

remove

c2df3a2

fix db.microsoft.com

9ed222e

add tls argument

6c212c0

add retry logic

bcd268e