Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PRO-446: Extend Helm chart options to support configuring GraphDB cluster and connector security with provided TLS assets #132

Open
wants to merge 3 commits into
base: feature/11-3-features
Choose a base branch
from
Open

PRO-446: Extend Helm chart options to support configuring GraphDB cluster and connector security with provided TLS assets #132

wants to merge 3 commits into from

Conversation

Secchol
Copy link
Contributor

@Secchol Secchol commented Sep 20, 2024
edited
Loading

Linked to GDB-11142 , GDB-10534 and GDB-11021
Added support for configuring grpc cluster security with externally provided TLS assets.
The following properties can now be configured through the Helm chart options:

  • certificate
  • private key
  • certificate chain
  • keystore
  • truststore
  • root certs
  • certificate revocation list

Added support for configuring Tomcat connector security with externally provided TLS assets.
Added support for the following properties :

  • keystore
  • truststore
  • certificate chain

mihailradkov
mihailradkov reviewed Oct 7, 2024
View reviewed changes
values.yaml Outdated Show resolved Hide resolved
values.yaml Outdated Show resolved Hide resolved
templates/graphdb/configmap-properties.yaml Outdated Show resolved Hide resolved
templates/graphdb/configmap-properties.yaml Outdated Show resolved Hide resolved
templates/graphdb/configmap-properties.yaml Outdated Show resolved Hide resolved
templates/graphdb/statefulset.yaml Outdated Show resolved Hide resolved
templates/graphdb/configmap-properties.yaml Outdated Show resolved Hide resolved
mihailradkov
mihailradkov reviewed Oct 18, 2024
View reviewed changes
values.yaml Outdated Show resolved Hide resolved
values.yaml Outdated Show resolved Hide resolved
values.yaml Outdated Show resolved Hide resolved
values.yaml Outdated Show resolved Hide resolved
values.yaml Outdated
# graphdb.connector.SSLEnabled = true
# graphdb.connector.scheme = https
# graphdb.connector.secure = true
enabled: false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, I think we could provide a truststore without needing to configure a keystone. E.g. if you want GraphDB to trust some external service. This makes enabled invalid for both.

templates/graphdb/statefulset.yaml Outdated Show resolved Hide resolved
templates/graphdb/statefulset.yaml Outdated Show resolved Hide resolved
templates/jobs/job-create-cluster.yaml Outdated Show resolved Hide resolved
templates/proxy/configmap-properties.yaml Outdated Show resolved Hide resolved
templates/graphdb/statefulset.yaml Outdated Show resolved Hide resolved
mihailradkov
mihailradkov reviewed Oct 18, 2024
View reviewed changes
values.yaml Outdated Show resolved Hide resolved
@Secchol Secchol changed the title Added support for keystore and truststore configuration. Extend Helm chart options to support configuring GraphDB cluster and connector security with provided TLS assets Oct 21, 2024
@Secchol Secchol force-pushed the GDB-10823-Extend-Helm-Chart-With-TLS-Properties branch from 9394a09 to 212661c Compare October 28, 2024 14:49
@Secchol Secchol changed the base branch from main to feature/11-3-features October 29, 2024 13:43
@Secchol Secchol marked this pull request as ready for review October 29, 2024 13:45
@mihailradkov mihailradkov changed the title Extend Helm chart options to support configuring GraphDB cluster and connector security with provided TLS assets PRO-446: Extend Helm chart options to support configuring GraphDB cluster and connector security with provided TLS assets Oct 30, 2024
@Secchol @mihailradkov
PRO-446: Added support for configuring trust stores and key stores
fe4cdbc 
GraphDB Tomcat and GraphDB gRPC cluster can now be configured with TLS for secure
communication with GraphDB.

- Added Tomcat TLS configurations under `configuration.tls`
- Added gRPC TLS configurations under `cluster.tls`
- Updated jobs and scripts to use `https` or `http` depending on whether
  the Tomcat connector security is configured
@mihailradkov mihailradkov force-pushed the GDB-10823-Extend-Helm-Chart-With-TLS-Properties branch from 82f8826 to fe4cdbc Compare October 30, 2024 15:24
mihailradkov and others added 2 commits October 31, 2024 17:36
@mihailradkov
- Added template for rendering the GraphDB protocol
91501b1 
- Added the protocol in the cronjob for backups
- Used volume projection to simplify the statefulset
- Read ket/trust stores passwords as files
- Renamed privateKey to certificateKey
@github-actions
Updated the README
043c325
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mihailradkov mihailradkov Awaiting requested review from mihailradkov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Secchol @mihailradkov