Rename cluster certificate to [clusterTlsCertificateName] and add this name to [KubeSecretName]

Author: jefflill

Lib/Neon.Kube.Setup/KubeSetup.Operations.cs

@@ -2280,12 +2280,12 @@ private static async Task ConfigureCertificatesInternalAsync(
             NodeSshProxy<NodeDefinition> controlNode,
             string                       idempotencySuffix = null)
         {
-            controller.LogProgress(controlNode, verb: "setup", message: "cluster-certificate");
+            controller.LogProgress(controlNode, verb: "setup", message: "cluster-tls-certificate");
 
-            var cluster            = controller.Get<ClusterProxy>(KubeSetupProperty.ClusterProxy);
-            var k8s                = GetK8sClient(controller);
-            var headendClient      = controller.Get<HeadendClient>(KubeSetupProperty.NeonCloudHeadendClient);
-            var idempotencyKey     = "setup/cluster-certificates";
+            var cluster        = controller.Get<ClusterProxy>(KubeSetupProperty.ClusterProxy);
+            var k8s            = GetK8sClient(controller);
+            var headendClient  = controller.Get<HeadendClient>(KubeSetupProperty.NeonCloudHeadendClient);
+            var idempotencyKey = "setup/cluster-tls-certificate";
 
             if (!idempotencySuffix.IsNullOrEmpty())
             {
@@ -2296,7 +2296,7 @@ private static async Task ConfigureCertificatesInternalAsync(
             await controlNode.InvokeIdempotentAsync(idempotencyKey,
                 async () =>
                 {
-                    controller.LogProgress(controlNode, verb: "configure", message: "neon-cluster-certificate");
+                    controller.LogProgress(controlNode, verb: "configure", message: "cluster-tls-certificate");
 
                     var retry = new LinearRetryPolicy(
                         transientDetector: null,
@@ -2323,7 +2323,7 @@ await retry.InvokeAsync(
                     {
                         Metadata = new V1ObjectMeta()
                         {
-                            Name = "neon-cluster-certificate",
+                            Name = KubeSecretName.ClusterTlsCertificate,
                         },
                         Data = cert,
                         Type = "kubernetes.io/tls"
@@ -4787,7 +4787,7 @@ await controlNode.InvokeIdempotentAsync("setup/redis-ready",
         }
 
         /// <summary>
-        /// Installs a harbor container registry and required components.
+        /// Installs Harbor container registry and required components.
         /// </summary>
         /// <param name="controller">Specifies the setup controller.</param>
         /// <param name="controlNode">Specifies the control-plane node where the operation will be performed.</param>
@@ -4950,6 +4950,7 @@ await controlNode.InvokeIdempotentAsync("setup/harbor",
                     values.Add("notary.server.priorityClassName", PriorityClass.NeonData.Name);
                     values.Add("notary.signer.priorityClassName", PriorityClass.NeonData.Name);
                     values.Add("trivy.priorityClassName", PriorityClass.NeonData.Name);
+                    values.Add("clusterTlsCertificateName", KubeSecretName.ClusterTlsCertificate);
 
                     await controlNode.InstallHelmChartAsync(controller, "harbor",
                         releaseName:  "registry-harbor",

Lib/Neon.Kube.Setup/Resources/Helm/harbor/templates/harborcluster.yaml

@@ -66,12 +66,12 @@ spec:
       ingress:
         host: {{ .Values.neonkube.clusterDomain.harborRegistry }}.{{ .Values.cluster.domain }}
       tls:
-        certificateRef: neon-cluster-certificate
+        certificateRef: {{ .Values.clusterTlsCertificateName }}
     notary:
       ingress:
         host: {{ .Values.neonkube.clusterDomain.harborNotary }}.{{ .Values.cluster.domain }}
       tls:
-        certificateRef: neon-cluster-certificate
+        certificateRef: {{ .Values.clusterTlsCertificateName }}
   externalURL: https://{{ .Values.neonkube.clusterDomain.harborRegistry }}.{{ .Values.cluster.domain }}
   harborAdminPasswordRef: registry
   storage:

Lib/Neon.Kube/Kube/KubeSecretName.cs

@@ -59,5 +59,10 @@ public static class KubeSecretName
         /// </para>
         /// </summary>
         public const string GlauthGroups = "glauth-groups";
+
+        /// <summary>
+        /// Holds the cluster's TLS certificate.
+        /// </summary>
+        public const string ClusterTlsCertificate = "cluster-tls-certificate";
     }
 }

Services/neon-cluster-operator/CronJobs/ClusterCertificateRenewalJob.cs

@@ -85,8 +85,8 @@ public async Task Execute(IJobExecutionContext context)
                     var k8s           = (IKubernetes)dataMap["Kubernetes"];
                     var headendClient = (HeadendClient)dataMap["HeadendClient"];
                     var clusterInfo   = (ClusterInfo)dataMap["ClusterInfo"];
-                    var ingressSecret = await k8s.CoreV1.ReadNamespacedSecretAsync("neon-cluster-certificate", KubeNamespace.NeonIngress);
-                    var systemSecret  = await k8s.CoreV1.ReadNamespacedSecretAsync("neon-cluster-certificate", KubeNamespace.NeonSystem);
+                    var ingressSecret = await k8s.CoreV1.ReadNamespacedSecretAsync(KubeSecretName.ClusterTlsCertificate, KubeNamespace.NeonIngress);
+                    var systemSecret  = await k8s.CoreV1.ReadNamespacedSecretAsync(KubeSecretName.ClusterTlsCertificate, KubeNamespace.NeonSystem);
 
                     var ingressCertificate = X509Certificate2.CreateFromPem(
                         Encoding.UTF8.GetString(ingressSecret.Data["tls.crt"]),