testkube: add support for connecting to agent in insecure mode and sk…

…ipping cert validation (#690) * testkube: rebase with latest changes * testkube: update docs
kubeshop · Jan 12, 2024 · a09ca39 · a09ca39
1 parent fbd1918
commit a09ca39
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 5 deletions.
diff --git a/charts/testkube-api/templates/deployment.yaml b/charts/testkube-api/templates/deployment.yaml
@@ -286,11 +286,19 @@ spec:
             {{- if .Values.cloud.url }}
             - name: TESTKUBE_CLOUD_URL
               value:  "{{ .Values.cloud.url }}"
-            {{- end}}
+            {{- end }}
             {{- if .Values.cloud.uiUrl}}
             - name: TESTKUBE_CLOUD_UI_URL
-              value:  "{{ .Values.cloud.uiUrl }}"
+              value: "{{ .Values.cloud.uiUrl }}"
             {{- end}}
+            {{- if not .Values.cloud.tls.enabled }}
+            - name: TESTKUBE_PRO_TLS_INSECURE
+              value:  "true"
+            {{- end }}
+            {{- if .Values.cloud.tls.skipVerify }}
+            - name: TESTKUBE_PRO_SKIP_VERIFY
+              value:  "true"
+            {{- end }}
             {{- if .Values.cloud.orgId }}
             - name: TESTKUBE_CLOUD_ORG_ID
               value:  "{{ .Values.cloud.orgId }}"

diff --git a/charts/testkube-api/values.yaml b/charts/testkube-api/values.yaml
@@ -55,7 +55,7 @@ image:
 nameOverride: ""
 fullnameOverride: ""
 
-## Custom job-template.yml that will passed to Testkube API
+## Custom job-template.yml that will be passed to Testkube API
 configValues: ""
 
 ## Testkube API Deployment parameters
@@ -73,6 +73,11 @@ cloud:
   envId: ""
   ## true if migration from OSS
   migrate: ""
+  tls:
+    ## Toggle should the connection to Agent API in Cloud/Enterprise use secure GRPC (GRPCS) (if false, it will use insecure GRPC)
+    enabled: true
+    ## Toggle should the client skip verifying the Agent API server cert in Cloud/Enterprise
+    skipVerify: false
   ## Retrieve cloud information from existing secret
   existingSecret:
     ## Name of the secret. If set, this will be used instead of the above values

diff --git a/charts/testkube/README.md b/charts/testkube/README.md
@@ -146,8 +146,9 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| global | object | `{"annotations":{},"imagePullSecrets":[],"imageRegistry":"","labels":{}}` | Important! Please, note that this will override sub-chart image parameters. |
+| global | object | `{"annotations":{},"features":{"logsV2":false},"imagePullSecrets":[],"imageRegistry":"","labels":{}}` | Important! Please, note that this will override sub-chart image parameters. |
 | global.annotations | object | `{}` | Annotations to add to all deployed objects |
+| global.features | object | `{"logsV2":false}` | Features map for the whole chart |
 | global.imagePullSecrets | list | `[]` | Global Docker registry secret names as an array |
 | global.imageRegistry | string | `""` | Global Docker image registry |
 | global.labels | object | `{}` | Labels to add to all deployed objects |
@@ -170,6 +171,8 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag
 | nats.nats.limits.maxPayload | string | `"8MB"` | Max payload |
 | nats.nats.resources | object | `{}` | NATS resource settings |
 | nats.nats.securityContext | object | `{}` | Security Context for NATS container |
+| nats.natsbox.enabled | bool | `true` |  |
+| nats.natsbox.nodeSelector."cloud.google.com/gke-provisioning" | string | `"standard"` |  |
 | nats.natsbox.securityContext | object | `{}` | Security Context for NATS Box container |
 | nats.natsbox.tolerations | list | `[{"effect":"NoSchedule","key":"kubernetes.io/arch","operator":"Equal","value":"arm64"}]` | NATS Box tolerations settings |
 | nats.reloader.securityContext | object | `{}` | Security Context for Reloader container |
@@ -204,6 +207,8 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag
 | testkube-api.cliIngress.tls | list | `[]` | Placing a host in the TLS config will indicate a certificate should be created |
 | testkube-api.cliIngress.tlsenabled | bool | `false` | Toggle whether to enable TLS on the ingress |
 | testkube-api.cloud.key | string | `""` | Testkube Clouc License Key (for Environment) |
+| testkube-api.cloud.tls.enabled | bool | `true` | Toggle should the connection to Agent API in Cloud/Enterprise use secure GRPC (GRPCS) (if false, it will use insecure GRPC) |
+| testkube-api.cloud.tls.skipVerify | bool | `false` | Toggle should the client skip verifying the Agent API server cert in Cloud/Enterprise |
 | testkube-api.cloud.uiUrl | string | `""` |  |
 | testkube-api.cloud.url | string | `"agent.testkube.io:443"` | Testkube Cloud API URL |
 | testkube-api.clusterName | string | `""` |  |
@@ -452,7 +457,7 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag
 | testkube-operator.testConnection | object | `{"enabled":true,"resources":{},"tolerations":[{"effect":"NoSchedule","key":"kubernetes.io/arch","operator":"Equal","value":"arm64"}]}` | Test Connection pod |
 | testkube-operator.testConnection.resources | object | `{}` | Test Connection resource settings |
 | testkube-operator.testConnection.tolerations | list | `[{"effect":"NoSchedule","key":"kubernetes.io/arch","operator":"Equal","value":"arm64"}]` | Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. |
-| testkube-operator.tolerations | list | `[]` | Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. |
+| testkube-operator.tolerations | list | `[]` | Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. note: kubebuilder/kube-rbac-proxy:v0.8.0, image used by testkube-operator proxy deployment, doesn't support arm64 nodes |
 | testkube-operator.useArgoCDSync | bool | `false` | Use ArgoCD sync owner references |
 | testkube-operator.volumes.secret.defaultMode | int | `420` | Testkube Operator webhook certificate volume default mode |
 | testkube-operator.webhook.annotations | object | `{}` | Webhook specific annotations |

diff --git a/charts/testkube/values.yaml b/charts/testkube/values.yaml
@@ -291,6 +291,11 @@ testkube-api:
     uiUrl: ""
     # -- Testkube Clouc License Key (for Environment)
     key: ""
+    tls:
+      # -- Toggle should the connection to Agent API in Cloud/Enterprise use secure GRPC (GRPCS) (if false, it will use insecure GRPC)
+      enabled: true
+      # -- Toggle should the client skip verifying the Agent API server cert in Cloud/Enterprise
+      skipVerify: false
 
   # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm
   # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster.