Skip to content

Commit

Permalink
Merge pull request #107 from snyk/feat/move-tls-cert-to-secret
Browse files Browse the repository at this point in the history 
feat: Moving tls cert and key to secrets
  • Loading branch information
@aarlaud
aarlaud authored Mar 7, 2024
2 parents d3a4de0 + 45116bc commit 3fc0db6
Show file tree
Hide file tree
Showing 22 changed files with 117 additions and 126 deletions.
2 changes: 1 addition & 1 deletion charts/snyk-broker/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
name: snyk-broker
version: 2.5.3
version: 2.6.0
description: A Helm chart for Kubernetes
type: application
13 changes: 12 additions & 1 deletion charts/snyk-broker/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,4 +109,15 @@ Create the name of the broker service to use
{{- else }}
{{- .Values.scmType}}-broker-service
{{- end -}}
{{- end -}}
{{- end -}}

{{/*
Create TLS secret name
*/}}
{{- define "tls-secret-name" -}}
{{- if not .Values.disableSuffixes -}}
{{ include "snyk-broker.fullname" .}}-tls-secret
{{- else -}}
tls-secret
{{- end -}}
{{- end -}}
30 changes: 10 additions & 20 deletions charts/snyk-broker/templates/broker_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,16 +81,11 @@ spec:
mountPath: /home/node/cacert
readOnly: true
{{- end }}
{{- if .Values.httpsCert }}
- name: {{ include "snyk-broker.fullname" . }}-httpscert-volume
mountPath: /home/node/httpscert
{{- if and (.Values.httpsCert) (.Values.httpsKey) }}
- name: {{ include "snyk-broker.fullname" . }}-tls-secret-volume
mountPath: /home/node/tls-cert/
readOnly: true
{{- end }}
{{- if .Values.httpsKey }}
- name: {{ include "snyk-broker.fullname" . }}-httpskey-volume
mountPath: /home/node/httpskey
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{ tpl (toYaml .Values.extraVolumeMounts | indent 14) . }}
{{- end }}
Expand Down Expand Up @@ -380,11 +375,11 @@ spec:
{{- if .Values.httpsCert }}
# HTTPS Config
- name: HTTPS_CERT
value: /home/node/httpscert/{{ .Values.httpsCert }}
value: /home/node/tls-cert/tls.crt
{{- end }}
{{- if .Values.httpsKey }}
- name: HTTPS_KEY
value: /home/node/httpskey/{{ .Values.httpsKey }}
value: /home/node/tls-cert/tls.key
{{- end }}

{{- if .Values.tlsRejectUnauthorized }}
Expand Down Expand Up @@ -460,16 +455,11 @@ spec:
configMap:
name: {{ include "snyk-broker.fullname" . }}-cacert-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
{{- end }}
{{- if .Values.httpsCert }}
- name: {{ include "snyk-broker.fullname" . }}-httpscert-volume
configMap:
name: {{ include "snyk-broker.fullname" . }}-httpscert-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
{{- if and (.Values.httpsCert) (.Values.httpsKey) }}
- name: {{ include "snyk-broker.fullname" . }}-tls-secret-volume
secret:
secretName: {{ include "tls-secret-name" . }}
{{- end }}
{{- if .Values.httpsKey }}
- name: {{ include "snyk-broker.fullname" . }}-httpskey-volume
configMap:
name: {{ include "snyk-broker.fullname" . }}-httpskey-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
{{- end }}
{{- if .Values.extraVolumes }}
{{ tpl (toYaml .Values.extraVolumes | indent 6) . }}
{{- end }}
11 changes: 0 additions & 11 deletions charts/snyk-broker/templates/httpscert_configmap.yaml
View file

This file was deleted.

11 changes: 0 additions & 11 deletions charts/snyk-broker/templates/httpskey_configmap.yaml
View file

This file was deleted.

12 changes: 12 additions & 0 deletions charts/snyk-broker/templates/secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,4 +116,16 @@ metadata:
type: Opaque
data:
"nexus-nexus-url": {{ .Values.nexusUrl | b64enc | quote }}
---
{{- end}}
{{- if and (.Values.httpsCert) (.Values.httpsKey) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "tls-secret-name" . }}
type: kubernetes.io/tls
data:
tls.crt: {{ (.Files.Get .Values.httpsCert) | b64enc | quote }}
tls.key: {{ (.Files.Get .Values.httpsKey) | b64enc | quote }}
---
{{- end }}
6 changes: 3 additions & 3 deletions charts/snyk-broker/tests/__snapshot__/broker_cra_deployment_disablesuffixes_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: container-registry-agent-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -106,7 +106,7 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: container-registry-agent-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand All @@ -133,6 +133,6 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
6 changes: 3 additions & 3 deletions charts/snyk-broker/tests/__snapshot__/broker_cra_deployment_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: container-registry-agent-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -106,7 +106,7 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: container-registry-agent-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand All @@ -133,6 +133,6 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
6 changes: 3 additions & 3 deletions charts/snyk-broker/tests/__snapshot__/broker_deployment_apprisk_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ apprisk enabled:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -105,7 +105,7 @@ apprisk enabled:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand All @@ -132,6 +132,6 @@ apprisk enabled:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
16 changes: 8 additions & 8 deletions ...snyk-broker/tests/__snapshot__/broker_deployment_configmap_disablesuffixes_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -113,7 +113,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker-service
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -155,7 +155,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: RELEASE-NAME-snyk-broker-cacert-configmap
namespace: NAMESPACE
4: |
Expand All @@ -174,7 +174,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: snyk-broker
namespace: NAMESPACE
cacertfile:
Expand All @@ -186,7 +186,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -282,7 +282,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker-service
namespace: NAMESPACE
spec:
Expand All @@ -303,7 +303,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: RELEASE-NAME-snyk-broker-cacert-configmap
namespace: NAMESPACE
4: |
Expand All @@ -322,6 +322,6 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: snyk-broker
namespace: NAMESPACE
16 changes: 8 additions & 8 deletions charts/snyk-broker/tests/__snapshot__/broker_deployment_configmap_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -113,7 +113,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -155,7 +155,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: RELEASE-NAME-snyk-broker-cacert-configmap-RELEASE-NAME
namespace: NAMESPACE
4: |
Expand All @@ -174,7 +174,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
cacertfile:
Expand All @@ -186,7 +186,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -282,7 +282,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand All @@ -303,7 +303,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: RELEASE-NAME-snyk-broker-cacert-configmap-RELEASE-NAME
namespace: NAMESPACE
4: |
Expand All @@ -322,6 +322,6 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
8 changes: 4 additions & 4 deletions ...k-broker/tests/__snapshot__/broker_deployment_customaccept_disablesuffixes_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ customaccept values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: RELEASE-NAME-snyk-broker-accept-configmap
namespace: NAMESPACE
2: |
Expand All @@ -20,7 +20,7 @@ customaccept values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -120,7 +120,7 @@ customaccept values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: github-com-broker-service
namespace: NAMESPACE
spec:
Expand All @@ -147,6 +147,6 @@ customaccept values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.5.3
helm.sh/chart: snyk-broker-2.6.0
name: snyk-broker
namespace: NAMESPACE
Loading

0 comments on commit 3fc0db6

Please sign in to comment.