Skip to content

Commit

Permalink
Handle external server certs for jks
Browse files Browse the repository at this point in the history 
Signed-off-by: Tamal Saha <[email protected]>
  • Loading branch information
@tamalsaha
tamalsaha committed Jul 6, 2024
1 parent fa45f17 commit f9f440f
Show file tree
Hide file tree
Showing 15 changed files with 132 additions and 23 deletions.
10 changes: 9 additions & 1 deletion apis/installer/v1alpha1/ace_ace_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,7 @@ type InfraTLS struct {
CA TLSData `json:"ca"`
Acme TLSIssuerAcme `json:"acme"`
Certificate TLSData `json:"certificate"`
JKSPassword string `json:"jksPassword"`
JKS Keystore `json:"jks"`
}

type TLSData struct {
Expand All @@ -265,6 +265,14 @@ type TLSData struct {
Key string `json:"key"`
}

type Keystore struct {
// +optional
Truststore []byte `json:"truststore"`
// +optional
Keystore []byte `json:"keystore"`
Password string `json:"password"`
}

type TLSIssuerAcme struct {
Email string `json:"email"`
}
Expand Down
32 changes: 29 additions & 3 deletions apis/installer/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion charts/ace/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,9 @@ The following table lists the configurable parameters of the `ace` chart and the
| global.infra.tls.acme.email | | <code>[email protected]</code> |
| global.infra.tls.certificate.cert | | <code>""</code> |
| global.infra.tls.certificate.key | | <code>""</code> |
| global.infra.tls.jksPassword | | <code>""</code> |
| global.infra.tls.jks.keystore | | <code></code> |
| global.infra.tls.jks.truststore | | <code></code> |
| global.infra.tls.jks.password | | <code>""</code> |
| global.infra.dns.targetIPs | | <code>[]</code> |
| global.infra.dns.provider | | <code>"external" # external,cloudflare,route53,cloudDNS</code> |
| global.infra.dns.auth | | <code>{}</code> |
Expand Down
8 changes: 8 additions & 0 deletions charts/ace/templates/ingress/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,12 @@ metadata:
{{- include "ace.labels" . | nindent 4 }}
type: kubernetes.io/tls
stringData: {{ $data | toJson }}
data:
{{- with .Values.global.infra.tls.jks.keystore }}
"keystore.jks": {{ . }}
{{- end }}
{{- with .Values.global.infra.tls.jks.truststore }}
"truststore.jks": {{ . }}
{{- end }}

{{- end }}
17 changes: 14 additions & 3 deletions charts/ace/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3768,14 +3768,25 @@ properties:
- letsencrypt-staging
- external
type: string
jksPassword:
type: string
jks:
properties:
keystore:
format: byte
type: string
password:
type: string
truststore:
format: byte
type: string
required:
- password
type: object
required:
- acme
- ca
- certificate
- issuer
- jksPassword
- jks
type: object
required:
- badger
Expand Down
5 changes: 4 additions & 1 deletion charts/ace/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,10 @@ global:
certificate:
cert: ""
key: ""
jksPassword: ""
jks:
keystore:
truststore:
password: ""
dns:
targetIPs: []
provider: "external" # external,cloudflare,route53,cloudDNS
Expand Down
2 changes: 1 addition & 1 deletion charts/s3proxy/templates/issuer.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and .Values.s3proxy.tls.enable .Values.s3proxy.tls.mount (not .Values.s3proxy.tls.secret.name) }}
{{- if and .Values.s3proxy.tls.enable .Values.s3proxy.tls.jksPasswordSecretRef.name (not .Values.s3proxy.tls.secret.name) }}

{{- if not .Values.s3proxy.tls.issuer.name }}

Expand Down
4 changes: 3 additions & 1 deletion charts/service-gateway-presets/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,9 @@ The following table lists the configurable parameters of the `service-gateway-pr
| infra.tls.acme.email | | <code>[email protected]</code> |
| infra.tls.certificate.cert | | <code>""</code> |
| infra.tls.certificate.key | | <code>""</code> |
| infra.tls.jksPassword | | <code>""</code> |
| infra.tls.jks.keystore | | <code></code> |
| infra.tls.jks.truststore | | <code></code> |
| infra.tls.jks.password | | <code>""</code> |
| infra.dns.provider | | <code>"external" # external,cloudflare,route53,cloudDNS</code> |
| infra.dns.auth | | <code>{}</code> |
| gateway-dns.enabled | | <code>false</code> |
Expand Down
8 changes: 8 additions & 0 deletions charts/service-gateway-presets/templates/gateway-tls/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,12 @@ metadata:
{{- include "service-gateway-presets.labels" . | nindent 4 }}
type: kubernetes.io/tls
stringData: {{ $data | toJson }}
data:
{{- with .Values.infra.tls.jks.keystore }}
"keystore.jks": {{ . }}
{{- end }}
{{- with .Values.infra.tls.jks.truststore }}
"truststore.jks": {{ . }}
{{- end }}

{{- end }}
17 changes: 14 additions & 3 deletions charts/service-gateway-presets/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,14 +361,25 @@ properties:
- letsencrypt-staging
- external
type: string
jksPassword:
type: string
jks:
properties:
keystore:
format: byte
type: string
password:
type: string
truststore:
format: byte
type: string
required:
- password
type: object
required:
- acme
- ca
- certificate
- issuer
- jksPassword
- jks
type: object
required:
- clusterName
Expand Down
5 changes: 4 additions & 1 deletion charts/service-gateway-presets/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,10 @@ infra:
certificate:
cert: ""
key: ""
jksPassword: ""
jks:
keystore:
truststore:
password: ""
dns:
provider: "external" # external,cloudflare,route53,cloudDNS
auth: {}
Expand Down
4 changes: 3 additions & 1 deletion charts/service-vault/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,9 @@ The following table lists the configurable parameters of the `service-vault` cha
| infra.tls.acme.email | | <code>[email protected]</code> |
| infra.tls.certificate.cert | | <code>""</code> |
| infra.tls.certificate.key | | <code>""</code> |
| infra.tls.jksPassword | | <code>""</code> |
| infra.tls.jks.keystore | | <code></code> |
| infra.tls.jks.truststore | | <code></code> |
| infra.tls.jks.password | | <code>""</code> |
| infra.dns.provider | | <code>"external" # external,cloudflare,route53,cloudDNS</code> |
| infra.dns.auth | | <code>{}</code> |
| gateway-dns.enabled | | <code>false</code> |
Expand Down
17 changes: 14 additions & 3 deletions charts/service-vault/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -339,14 +339,25 @@ properties:
- letsencrypt-staging
- external
type: string
jksPassword:
type: string
jks:
properties:
keystore:
format: byte
type: string
password:
type: string
truststore:
format: byte
type: string
required:
- password
type: object
required:
- acme
- ca
- certificate
- issuer
- jksPassword
- jks
type: object
required:
- clusterName
Expand Down
5 changes: 4 additions & 1 deletion charts/service-vault/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,10 @@ infra:
certificate:
cert: ""
key: ""
jksPassword: ""
jks:
keystore:
truststore:
password: ""
dns:
provider: "external" # external,cloudflare,route53,cloudDNS
auth: {}
Expand Down
17 changes: 14 additions & 3 deletions schema/ace-options/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -788,14 +788,25 @@ properties:
- letsencrypt-staging
- external
type: string
jksPassword:
type: string
jks:
properties:
keystore:
format: byte
type: string
password:
type: string
truststore:
format: byte
type: string
required:
- password
type: object
required:
- acme
- ca
- certificate
- issuer
- jksPassword
- jks
type: object
required:
- cloudServices
Expand Down

0 comments on commit f9f440f

Please sign in to comment.