Add support for custom CA certs and volumes #38

alfespa17 · 2022-10-01T17:05:13Z

Adding support to add volumes in terrakube components.

Adding support to add custom custom ca certificates using property security.caCerts

security:
  adminGroup: "TERRAKUBE_ADMIN"
  patSecret: "XXXXX"
  internalSecret: "XXXXXX"
  dexClientId: "microsoft"
  dexClientScope: "email openid profile offline_access groups"
  dexIssuerUri: "XXXXXX"
  caCerts:
    terrakubeDemo1.pem: |
      -----BEGIN CERTIFICATE-----
      
      XXX

      -----END CERTIFICATE-----
    terrakubeDemo2.pem: |
      -----BEGIN CERTIFICATE-----
      
      XXX

      -----END CERTIFICATE-----

Terrakube components configuration with custom CA certificates:

## API properties
api:
  enabled: true
  version: "2.7.0"
  replicaCount: "1"
  serviceType: "ClusterIP"
  env:
  - name: SERVICE_BINDING_ROOT
    value: /mnt/platform/bindings
  volumes:
    - name: ca-certs
      secret:
        secretName: terrakube-ca-secrets
        items:
        - key: "terrakubeDemo1.pem"
          path: "terrakubeDemo1.pem"
        - key: "terrakubeDemo2.pem"
          path: "terrakubeDemo2.pem"
        - key: "type"
          path: "type"
  volumeMounts:
  - name: ca-certs
    mountPath: /mnt/platform/bindings/ca-certificates
    readOnly: true
  properties:
    databaseType: "H2"
    

## Executor properties
executor:
  enabled: true
  version: "2.7.0"  
  replicaCount: "1"
  serviceType: "ClusterIP"
  env:
  - name: SERVICE_BINDING_ROOT
    value: /mnt/platform/bindings
  volumes:
    - name: ca-certs
      secret:
        secretName: terrakube-ca-secrets
        items:
        - key: "terrakubeDemo1.pem"
          path: "terrakubeDemo1.pem"
        - key: "terrakubeDemo2.pem"
          path: "terrakubeDemo2.pem"
        - key: "type"
          path: "type"
  volumeMounts:
  - name: ca-certs
    mountPath: /mnt/platform/bindings/ca-certificates
    readOnly: true
  properties:
    toolsRepository: "https://github.com/AzBuilder/terrakube-extensions"
    toolsBranch: "main"

## Registry properties
registry:
  enabled: true
  version: "2.7.0"
  replicaCount: "1"
  serviceType: "ClusterIP"
  env:
  - name: SERVICE_BINDING_ROOT
    value: /mnt/platform/bindings
  volumes:
    - name: ca-certs
      secret:
        secretName: terrakube-ca-secrets
        items:
        - key: "terrakubeDemo1.pem"
          path: "terrakubeDemo1.pem"
        - key: "terrakubeDemo2.pem"
          path: "terrakubeDemo2.pem"
        - key: "type"
          path: "type"
  volumeMounts:
  - name: ca-certs
    mountPath: /mnt/platform/bindings/ca-certificates
    readOnly: true

If the configuration is correct the pods log will show something like:

Add volume support and custom ca certs

7afe555

alfespa17 added the enhancement New feature or request label Oct 1, 2022

Update README.md

f50d0a6

alfespa17 merged commit 3220a9d into main Oct 1, 2022

alfespa17 deleted the volume-support branch October 1, 2022 17:11

alfespa17 linked an issue Oct 1, 2022 that may be closed by this pull request

terrakube with keycloak authentication #36

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for custom CA certs and volumes #38

Add support for custom CA certs and volumes #38

alfespa17 commented Oct 1, 2022

Add support for custom CA certs and volumes #38

Add support for custom CA certs and volumes #38

Conversation

alfespa17 commented Oct 1, 2022