From becca8065a27ee9a97523554bbb18e5104ed3730 Mon Sep 17 00:00:00 2001 From: alanjino Date: Wed, 8 May 2024 13:45:39 +0530 Subject: [PATCH] feat: added mtls support --- charts/agent/Chart.yaml | 2 +- charts/agent/templates/deployment.yaml | 59 +++++++++++++++++++++++-- charts/agent/values.yaml | 6 +++ charts/client/Chart.yaml | 2 +- charts/client/templates/deployment.yaml | 22 +++++++++ charts/client/values.yaml | 19 +++++++- 6 files changed, 103 insertions(+), 7 deletions(-) diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml index deb5a7fe..41b206c5 100644 --- a/charts/agent/Chart.yaml +++ b/charts/agent/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.1.21 +version: 1.1.22 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/agent/templates/deployment.yaml b/charts/agent/templates/deployment.yaml index 675ff272..8de9de0d 100644 --- a/charts/agent/templates/deployment.yaml +++ b/charts/agent/templates/deployment.yaml @@ -46,6 +46,16 @@ spec: # path: / # port: http env: + {{- if .Values.mtls.enabled }} + - name: CERT_FILE + value: /etc/mtls/client-cert.pem + - name: KEY_FILE + value: /etc/mtls/client-key.pem + - name: CA_FILE + value: /etc/mtls/ca-cert.pem + - name: ENABLE_MTLS_NATS + value: "true" + {{- end }} - name: KUBERHEALTHY_URL value: {{ .Values.kuberhealthy.url }} - name: POLL_INTERVAL @@ -91,8 +101,13 @@ spec: value: {{ .Values.opentelemetry.url }} - name : APPLICATION_NAME value : {{ .Values.opentelemetry.appName }} - {{- if .Values.persistence.enabled }} + volumeMounts: + {{- if .Values.mtls.enabled }} + - name: mtls + mountPath: /etc/mtls + {{- end }} + {{- if .Values.persistence.enabled }} - name: data mountPath: {{ .Values.persistence.mountPath }} {{- end }} @@ -118,6 +133,16 @@ spec: containerPort: 8081 protocol: TCP env: + {{- if .Values.mtls.enabled }} + - name: CERT_FILE + value: /etc/mtls/client-cert.pem + - name: KEY_FILE + value: /etc/mtls/client-key.pem + - name: CA_FILE + value: /etc/mtls/ca-cert.pem + - name: ENABLE_MTLS_NATS + value: "true" + {{- end }} - name: CLUSTER_NAME value: {{ .Values.clusterName }} - name: NATS_TOKEN @@ -137,8 +162,13 @@ spec: value: {{ .Values.opentelemetry.url }} - name : APPLICATION_NAME value : {{ .Values.opentelemetry.appName }} - {{- if .Values.git_bridge.persistence.enabled }} + volumeMounts: + {{- if .Values.mtls.enabled }} + - name: mtls + mountPath: /etc/mtls + {{- end }} + {{- if .Values.git_bridge.persistence.enabled }} - name: data mountPath: {{ .Values.git_bridge.persistence.mountPath }} {{- end }} @@ -165,6 +195,16 @@ spec: containerPort: 8082 protocol: TCP env: + {{- if .Values.mtls.enabled }} + - name: CERT_FILE + value: /etc/mtls/client-cert.pem + - name: KEY_FILE + value: /etc/mtls/client-key.pem + - name: CA_FILE + value: /etc/mtls/ca-cert.pem + - name: ENABLE_MTLS_NATS + value: "true" + {{- end }} - name: CLUSTER_NAME value: {{ .Values.clusterName }} - name: NATS_TOKEN @@ -184,8 +224,13 @@ spec: value: {{ .Values.opentelemetry.url }} - name : APPLICATION_NAME value : {{ .Values.opentelemetry.appName }} - {{- if .Values.container_bridge.persistence.enabled }} + volumeMounts: + {{- if .Values.mtls.enabled }} + - name: mtls + mountPath: /etc/mtls + {{- end }} + {{- if .Values.container_bridge.persistence.enabled }} - name: data mountPath: {{ .Values.container_bridge.persistence.mountPath }} {{- end }} @@ -203,12 +248,18 @@ spec: ephemeral-storage: {{ .Values.container_bridge.resources.requests.ephemeralstorage }} {{- end }} {{- end }} - {{- if .Values.persistence.enabled }} + volumes: + {{- if .Values.persistence.enabled }} - name: data persistentVolumeClaim: claimName: {{ include "agent.fullname" . }}-data {{- end }} + {{- if .Values.mtls.enabled }} + - name: mtls + secret: + secretName: {{ .Values.mtls.secret.name }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml index 08701e04..db5aaad3 100644 --- a/charts/agent/values.yaml +++ b/charts/agent/values.yaml @@ -281,3 +281,9 @@ nats: # secret: # name: "" # key: "" + + +mtls: + enabled: false + secret: + name: \ No newline at end of file diff --git a/charts/client/Chart.yaml b/charts/client/Chart.yaml index 81451ca3..dc7fa5a3 100644 --- a/charts/client/Chart.yaml +++ b/charts/client/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.1.27 +version: 1.1.28 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/client/templates/deployment.yaml b/charts/client/templates/deployment.yaml index 2706a7fa..7daeda56 100644 --- a/charts/client/templates/deployment.yaml +++ b/charts/client/templates/deployment.yaml @@ -84,6 +84,12 @@ spec: - name: http containerPort: 80 protocol: TCP + + volumeMounts: + {{- if .Values.mtls.enabled }} + - name: mtls + mountPath: /etc/mtls + {{- end }} # livenessProbe: # httpGet: # path: / @@ -93,6 +99,16 @@ spec: # path: / # port: http env: + {{- if .Values.mtls.enabled }} + - name: CERT_FILE + value: /etc/mtls/client-cert.pem + - name: KEY_FILE + value: /etc/mtls/client-key.pem + - name: CA_FILE + value: /etc/mtls/ca-cert.pem + - name: ENABLE_MTLS_NATS + value: "true" + {{- end }} - name: NATS_TOKEN {{- if and .Values.nats.enabled .Values.nats.auth.enabled .Values.nats.auth.token }} value: {{ .Values.nats.auth.token }} @@ -169,6 +185,12 @@ spec: value : {{ .Values.consumer.kuberhealthyconsumer }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.mtls.enabled }} + volumes: + - name: mtls + secret: + secretName: {{ .Values.mtls.secret.name }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/client/values.yaml b/charts/client/values.yaml index 4fe08c21..8cc21956 100644 --- a/charts/client/values.yaml +++ b/charts/client/values.yaml @@ -94,6 +94,15 @@ nats: # secret: # name: "" # key: "" + tls: {} + # secret: + # name: + # ca: "" + # cert: "" + # key: "" + # verify: true + # verify_and_map: true + nats: jetstream: enabled: true @@ -188,4 +197,12 @@ consumer: trivyconsumer: "TRIVY_CONSUMER" trivyimageconsumer: "TRIVY_IMAGE_CONSUMER" trivysbomconsumer: "TRIVY_SBOM_CONSUMER" - kuberhealthyconsumer: "KUBERHEALTHY_CONSUMER" \ No newline at end of file + kuberhealthyconsumer: "KUBERHEALTHY_CONSUMER" + + +mtls: + enabled: false + secret: + name: + +