Merge pull request #361 from alanjino/main

feat: added mtls support
intelops · May 21, 2024 · 3a90894 · 3a90894
2 parents e2b2ab7 + 9922764
commit 3a90894
Show file tree

Hide file tree

Showing 6 changed files with 103 additions and 7 deletions.
diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.21
+version: 1.1.22
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml
@@ -46,6 +46,16 @@ spec:
 #              path: /
 #              port: http
           env:
+          {{- if .Values.mtls.enabled }}
+          - name: CERT_FILE
+            value: /etc/mtls/client-cert.pem
+          - name: KEY_FILE
+            value: /etc/mtls/client-key.pem
+          - name: CA_FILE
+            value: /etc/mtls/ca-cert.pem
+          - name: ENABLE_MTLS_NATS
+            value: "true"  
+          {{- end }}      
           - name: KUBERHEALTHY_URL
             value: {{ .Values.kuberhealthy.url }}
           - name: POLL_INTERVAL
@@ -91,8 +101,13 @@ spec:
             value: {{ .Values.opentelemetry.url }}
           - name : APPLICATION_NAME
             value : {{ .Values.opentelemetry.appName }}
-          {{- if .Values.persistence.enabled }}
+
           volumeMounts:
+          {{- if .Values.mtls.enabled }}    
+          - name: mtls
+            mountPath: /etc/mtls 
+          {{- end }}   
+          {{- if .Values.persistence.enabled }}
           - name: data
             mountPath: {{ .Values.persistence.mountPath }}
           {{- end }}
@@ -118,6 +133,16 @@ spec:
               containerPort: 8081
               protocol: TCP
           env:
+          {{- if .Values.mtls.enabled }}
+          - name: CERT_FILE
+            value: /etc/mtls/client-cert.pem
+          - name: KEY_FILE
+            value: /etc/mtls/client-key.pem
+          - name: CA_FILE
+            value: /etc/mtls/ca-cert.pem
+          - name: ENABLE_MTLS_NATS
+            value: "true"  
+          {{- end }}      
           - name: CLUSTER_NAME
             value: {{ .Values.clusterName }}
           - name: NATS_TOKEN
@@ -137,8 +162,13 @@ spec:
             value: {{ .Values.opentelemetry.url }}
           - name : APPLICATION_NAME
             value : {{ .Values.opentelemetry.appName }}
-          {{- if .Values.git_bridge.persistence.enabled }}
+
           volumeMounts:
+          {{- if .Values.mtls.enabled }}    
+          - name: mtls
+            mountPath: /etc/mtls 
+          {{- end }} 
+          {{- if .Values.git_bridge.persistence.enabled }}  
           - name: data
             mountPath: {{ .Values.git_bridge.persistence.mountPath }}
           {{- end }}
@@ -165,6 +195,16 @@ spec:
               containerPort: 8082
               protocol: TCP
           env:
+          {{- if .Values.mtls.enabled }}
+          - name: CERT_FILE
+            value: /etc/mtls/client-cert.pem
+          - name: KEY_FILE
+            value: /etc/mtls/client-key.pem
+          - name: CA_FILE
+            value: /etc/mtls/ca-cert.pem
+          - name: ENABLE_MTLS_NATS
+            value: "true"  
+          {{- end }}          
           - name: CLUSTER_NAME
             value: {{ .Values.clusterName }}
           - name: NATS_TOKEN
@@ -184,8 +224,13 @@ spec:
             value: {{ .Values.opentelemetry.url }}
           - name : APPLICATION_NAME
             value : {{ .Values.opentelemetry.appName }}
-          {{- if .Values.container_bridge.persistence.enabled }}
+
           volumeMounts:
+          {{- if .Values.mtls.enabled }}    
+          - name: mtls
+            mountPath: /etc/mtls 
+          {{- end }}   
+          {{- if .Values.container_bridge.persistence.enabled }}  
           - name: data
             mountPath: {{ .Values.container_bridge.persistence.mountPath }}
           {{- end }}
@@ -203,12 +248,18 @@ spec:
               ephemeral-storage: {{ .Values.container_bridge.resources.requests.ephemeralstorage }}
               {{- end }}
 {{- end }}
-      {{- if .Values.persistence.enabled }}
+
       volumes:
+      {{- if .Values.persistence.enabled }}
       - name: data
         persistentVolumeClaim:
           claimName: {{ include "agent.fullname" . }}-data
       {{- end }}
+      {{- if .Values.mtls.enabled }}      
+      - name: mtls
+        secret:
+          secretName: {{ .Values.mtls.secret.name }}
+      {{- end }}         
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml
@@ -281,3 +281,9 @@ nats:
     # secret:
     #   name: ""
     #   key: ""
+
+
+mtls:
+  enabled: false
+  secret:
+    name: 
diff --git a/charts/client/Chart.yaml b/charts/client/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.27
+version: 1.1.28
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/client/templates/deployment.yaml b/charts/client/templates/deployment.yaml
@@ -84,6 +84,12 @@ spec:
             - name: http
               containerPort: 80
               protocol: TCP
+
+          volumeMounts:
+          {{- if .Values.mtls.enabled }}
+          - name: mtls
+            mountPath: /etc/mtls
+          {{- end }}    
 #          livenessProbe:
 #            httpGet:
 #              path: /
@@ -93,6 +99,16 @@ spec:
 #              path: /
 #              port: http
           env:
+          {{- if .Values.mtls.enabled }}
+          - name: CERT_FILE
+            value: /etc/mtls/client-cert.pem
+          - name: KEY_FILE
+            value: /etc/mtls/client-key.pem
+          - name: CA_FILE
+            value: /etc/mtls/ca-cert.pem
+          - name: ENABLE_MTLS_NATS
+            value: "true"
+          {{- end }}
           - name: NATS_TOKEN
             {{- if and .Values.nats.enabled .Values.nats.auth.enabled .Values.nats.auth.token }}
             value: {{ .Values.nats.auth.token }}
@@ -169,6 +185,12 @@ spec:
             value : {{ .Values.consumer.kuberhealthyconsumer }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+      {{- if .Values.mtls.enabled }}
+      volumes:
+        - name: mtls
+          secret:
+            secretName: {{ .Values.mtls.secret.name }}
+      {{- end }}      
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/client/values.yaml b/charts/client/values.yaml
@@ -94,6 +94,15 @@ nats:
     # secret:
     #   name: ""
     #   key: ""
+  tls: {}
+    # secret:
+    #   name: 
+    # ca: ""
+    # cert: ""
+    # key: ""
+    # verify: true
+    # verify_and_map: true
+
   nats:
     jetstream:
       enabled: true
@@ -188,4 +197,12 @@ consumer:
   trivyconsumer: "TRIVY_CONSUMER"
   trivyimageconsumer: "TRIVY_IMAGE_CONSUMER"
   trivysbomconsumer: "TRIVY_SBOM_CONSUMER"
-  kuberhealthyconsumer: "KUBERHEALTHY_CONSUMER"
+  kuberhealthyconsumer: "KUBERHEALTHY_CONSUMER"
+
+
+mtls:
+  enabled: false
+  secret:
+    name: 
+
+