Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TILES-6894 floors-api: add user certs #524

Merged
merged 3 commits into from
Nov 6, 2024
Merged

TILES-6894 floors-api: add user certs #524

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7f616bb
floors-api: add user certs
Oct 23, 2024
7e924b9
Format
Oct 23, 2024
389abaa
Merge branch 'develop' into TILES-6894-floors-api-user-certs
dnischeta Oct 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/floors-api/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: Helm for floors service
type: application

version: 1.30.0
appVersion: 1.0.4
appVersion: 1.1.0
dnischeta marked this conversation as resolved.
Show resolved Hide resolved

maintainers:
- name: 2gis
Expand Down
7 changes: 7 additions & 0 deletions charts/floors-api/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,3 +108,10 @@ Read more about the On-Premise solution [here](https://docs.2gis.com/en/on-premi
| `import.resources.requests.memory` | A memory request, e.g., `128Mi`. | |
| `import.resources.limits.cpu` | A CPU limit, e.g., `100m`. | |
| `import.resources.limits.memory` | A memory limit, e.g., `128Mi`. | |

### **Custom Certificate Authority**

| Name | Description | Value |
| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- |
| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` |
| `customCAs.certsPath` | Custom CA bundle mount directory in the container. | `""` |
11 changes: 11 additions & 0 deletions charts/floors-api/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,14 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler.
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}

{{/*
Mount directory for custom CA
*/}}
{{- define "floors.customCA.mountPath" -}}
{{ $.Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }}
{{- end -}}

{{- define "floors.checksum" -}}
{{ (include (print $.Template.BasePath .path) $ | fromYaml).data | toYaml | sha256sum }}
{{- end }}
13 changes: 13 additions & 0 deletions charts/floors-api/templates/custom-ca.configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{{- if $.Values.customCAs.bundle }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "floors.fullname" . }}-custom-ca
labels:
{{- include "floors.labels" . | nindent 4 }}

data:
custom-ca.crt: |-
{{- $.Values.customCAs.bundle | nindent 4 }}
{{- end }}
16 changes: 16 additions & 0 deletions charts/floors-api/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ spec:
metadata:
{{- with .Values.podAnnotations }}
annotations:
checksum/custom-ca: {{ include "floors.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- toYaml . | nindent 8 }}
{{- end }}
Expand Down Expand Up @@ -60,9 +61,19 @@ spec:
value: "{{ .Values.dgctlStorage.region }}"
- name: IMPORTER_S3_SECURE
value: "{{ .Values.dgctlStorage.secure }}"
{{- if $.Values.customCAs.bundle }}
- name: IMPORTER_SSL_CERT_FILE
value: {{ include "floors.customCA.mountPath" $ }}/custom-ca.crt
{{- end }}
volumeMounts:
- name: {{ include "floors.fullname" $ }}-data
mountPath: "/var/floorsConvertedData"
{{- if $.Values.customCAs.bundle }}
- name: custom-ca
mountPath: {{ include "floors.customCA.mountPath" $ }}/custom-ca.crt
subPath: custom-ca.crt
kityan marked this conversation as resolved.
Show resolved Hide resolved
readOnly: true
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
containers:
Expand Down Expand Up @@ -146,6 +157,11 @@ spec:
path: servers.conf
- name: {{ include "floors.fullname" $ }}-data
emptyDir: {}
{{- if $.Values.customCAs.bundle }}
- name: custom-ca
configMap:
name: {{ include "floors.fullname" $ }}-custom-ca
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
Expand Down
13 changes: 13 additions & 0 deletions charts/floors-api/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,3 +166,16 @@ import:
repository: 2gis-on-premise/floors-importer
pullPolicy: IfNotPresent
tag: 1.0.4

# @section **Custom Certificate Authority**

# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1)
# @param customCAs.certsPath Custom CA bundle mount directory in the container.

customCAs:
bundle: ''
# bundle: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
certsPath: ''
Loading