Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Redis over TLS and postgres over TLS #1642

Open
wants to merge 3 commits into
base: development
Choose a base branch
from
Open

Add support for Redis over TLS and postgres over TLS #1642

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
29c8e34
Add support for Redis over TLS and postgres over TLS
rjzondervan Apr 23, 2024
fe98d2d
update also cron runner and consumer
rjzondervan Apr 23, 2024
9cbf000
Set sslmode default off, use better name for default postgres certifi…
rjzondervan Apr 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions api/config/packages/common_ground.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ parameters:
env(APP_COMMONGROUND_KEY): "d4bb1810-8358-4372-98db-6c7bd2fb370c"
env(APP_COMMONGROUND_SECRET): ""
env(CACHE_URL): ''

env(DATABASE_ROOT_CERT): /var/certs/postgresql.crt
env(REDIS_PROTOCOL): redis


common_ground.app.id: "%env(APP_COMMONGROUND_ID)%"
app_commonground_id: "%env(APP_COMMONGROUND_ID)%"
Expand Down
1 change: 1 addition & 0 deletions api/config/packages/doctrine.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ doctrine:
# IMPORTANT: You MUST configure your server version,
# either here or in the DATABASE_URL env var (see .env file)
#server_version: '13'
sslrootcert: '%env(DATABASE_ROOT_CERT)%'
url: '%env(resolve:DATABASE_URL)%'
types:
uuid: Ramsey\Uuid\Doctrine\UuidType
Expand Down
2 changes: 1 addition & 1 deletion api/config/packages/framework.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ framework:
prefix_seed: commonground_gateway_cache
app: cache.adapter.redis
system: cache.adapter.redis
default_redis_provider: "redis://%env(REDIS_HOST)%:%env(int:REDIS_PORT)%"
default_redis_provider: "%env(REDIS_PROTOCOL)%://%env(REDIS_HOST)%:%env(int:REDIS_PORT)%"


trusted_hosts: "%env(TRUSTED_HOSTS)%"
Expand Down
Binary file added api/helm/commonground-gateway-1.5.6.tgz
View file
Open in desktop
Binary file not shown.
2 changes: 1 addition & 1 deletion api/helm/commonground-gateway/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.5.5
version: 1.5.6

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
19 changes: 18 additions & 1 deletion api/helm/commonground-gateway/templates/consumer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,13 @@ spec:
- name: vendor
persistentVolumeClaim:
claimName: {{ include "commonground-gateway.fullname" . }}-vendor
{{- if .Values.security.postgresCert }}
- name: postgres-certificate
projected:
sources:
- secret:
name: {{ include "commonground-gateway.fullname" . }}-postgresCert
{{- end }}
initContainers:
- name: {{ include "commonground-gateway.fullname" . }}-init
securityContext:
Expand Down Expand Up @@ -86,7 +93,13 @@ spec:
- mountPath: /var/run/idp
name: idp-certificate
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.security.postgresCert }}
- mountPath: /srv/api/var/certs/postgres.crt
subPath: certificate.crt
name: postgres-certificate
readOnly: true
{{- end }}
- mountPath: /srv/api/vendor
subPath: vendor
name: vendor
Expand Down Expand Up @@ -161,6 +174,8 @@ spec:
secretKeyRef:
key: database-url
name: {{ include "commonground-gateway.fullname" . }}
- name: DATABASE_ROOT_CERT
value: /srv/api/var/certs/postgres.crt
- name: CACHE_URL
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -247,6 +262,8 @@ spec:
configMapKeyRef:
key: redis-port
name: {{ include "commonground-gateway.fullname" . }}
- name: REDIS_PROTOCOL
value: {{ .Values.security.redisProtocol }}
{{- end }}
- name: SAML_ENABLED
valueFrom:
Expand Down
19 changes: 18 additions & 1 deletion api/helm/commonground-gateway/templates/cron-runner.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,14 @@ spec:
- name: vendor
persistentVolumeClaim:
claimName: {{ include "commonground-gateway.fullname" . }}-vendor


{{- if .Values.security.postgresCert }}
- name: postgres-certificate
projected:
sources:
- secret:
name: {{ include "commonground-gateway.fullname" . }}-postgresCert
{{- end }}
initContainers:
- name: {{ include "commonground-gateway.fullname" . }}-init
securityContext:
Expand Down Expand Up @@ -120,6 +127,12 @@ spec:
subPath: bundles.php
name: vendor
readOnly: false
{{- if .Values.security.postgresCert }}
- mountPath: /srv/api/var/certs/postgres.crt
subPath: certificate.crt
name: postgres-certificate
readOnly: true
{{- end }}
args:
- bin/console
- cronjob:command
Expand Down Expand Up @@ -169,6 +182,8 @@ spec:
secretKeyRef:
key: database-url
name: {{ include "commonground-gateway.fullname" . }}
- name: DATABASE_ROOT_CERT
value: /srv/api/var/certs/postgres.crt
- name: CACHE_URL
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -257,6 +272,8 @@ spec:
configMapKeyRef:
key: redis-port
name: {{ include "commonground-gateway.fullname" . }}
- name: REDIS_PROTOCOL
value: {{ .Values.security.redisProtocol }}
{{- end }}
- name: SAML_ENABLED
valueFrom:
Expand Down
17 changes: 17 additions & 0 deletions api/helm/commonground-gateway/templates/deployment.yaml
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dit moet niet ook in workers o.i.d. ? naast alleen deployment?

Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,13 @@ spec:
- secret:
name: {{ include "commonground-gateway.fullname" . }}-tls
{{- end }}
{{- if .Values.security.postgresCert }}
- name: postgres-certificate
projected:
sources:
- secret:
name: {{ include "commonground-gateway.fullname" . }}-postgresCert
{{- end }}
initContainers:
- name: {{ include "commonground-gateway.fullname" . }}-init
securityContext:
Expand Down Expand Up @@ -140,6 +147,12 @@ spec:
name: doctrine
readOnly: true
{{- end }}
{{- if .Values.security.postgresCert }}
- mountPath: /srv/api/var/certs/postgres.crt
subPath: certificate.crt
name: postgres-certificate
readOnly: true
{{- end }}
- mountPath: /srv/api/vendor
subPath: vendor
name: vendor
Expand Down Expand Up @@ -211,6 +224,8 @@ spec:
secretKeyRef:
key: database-url
name: {{ include "commonground-gateway.fullname" . }}
- name: DATABASE_ROOT_CERT
value: /srv/api/var/certs/postgres.crt
- name: CACHE_URL
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -310,6 +325,8 @@ spec:
configMapKeyRef:
key: redis-port
name: {{ include "commonground-gateway.fullname" . }}
- name: REDIS_PROTOCOL
value: {{ .Values.security.redisProtocol }}
{{- end }}
- name: SAML_ENABLED
valueFrom:
Expand Down
14 changes: 14 additions & 0 deletions api/helm/commonground-gateway/templates/secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,17 @@ data:
{{ else }}
mongodb-url: {{ .Values.mongodb.url | b64enc | quote }}
{{ end }}

{{- if .Values.security.postgresCert }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "commonground-gateway.fullname" . }}-postgresCert
labels:
{{- include "commonground-gateway.labels" . | nindent 4 }}
type: Opaque
stringData:
certificate.crt: |
{{ .Values.security.postgresCert | nindent 8 }}
{{- end }}
5 changes: 5 additions & 0 deletions api/helm/commonground-gateway/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,8 @@ security:
CvVVrqBVqLHjva4erqYol6K/jbSfUtRCy8IlFU7LYu1KLehZKYvj3vekj3Cn08Aq
ljr/Q8Pw+OfUZTzKg4PVDQVfFqKtyosv
-----END CERTIFICATE-----
postgresCert: null
redisProtocol: redis
authEnabled: true
sessionDuration: 900
certificate:
Expand Down Expand Up @@ -215,6 +217,9 @@ mongodb:
memory: 6Gi

gateway-ui:
pwa:
image:
tag: latest
enabled: true
resources:
requests:
Expand Down
Loading
Loading