From a09ca3993f7aa5414cb1b9be39c9961ce1b2f284 Mon Sep 17 00:00:00 2001 From: Dejan Zele Pejchev Date: Fri, 12 Jan 2024 10:25:15 +0100 Subject: [PATCH] testkube: add support for connecting to agent in insecure mode and skipping cert validation (#690) * testkube: rebase with latest changes * testkube: update docs --- charts/testkube-api/templates/deployment.yaml | 12 ++++++++++-- charts/testkube-api/values.yaml | 7 ++++++- charts/testkube/README.md | 9 +++++++-- charts/testkube/values.yaml | 5 +++++ 4 files changed, 28 insertions(+), 5 deletions(-) diff --git a/charts/testkube-api/templates/deployment.yaml b/charts/testkube-api/templates/deployment.yaml index a6d5c761c..e3f605061 100644 --- a/charts/testkube-api/templates/deployment.yaml +++ b/charts/testkube-api/templates/deployment.yaml @@ -286,11 +286,19 @@ spec: {{- if .Values.cloud.url }} - name: TESTKUBE_CLOUD_URL value: "{{ .Values.cloud.url }}" - {{- end}} + {{- end }} {{- if .Values.cloud.uiUrl}} - name: TESTKUBE_CLOUD_UI_URL - value: "{{ .Values.cloud.uiUrl }}" + value: "{{ .Values.cloud.uiUrl }}" {{- end}} + {{- if not .Values.cloud.tls.enabled }} + - name: TESTKUBE_PRO_TLS_INSECURE + value: "true" + {{- end }} + {{- if .Values.cloud.tls.skipVerify }} + - name: TESTKUBE_PRO_SKIP_VERIFY + value: "true" + {{- end }} {{- if .Values.cloud.orgId }} - name: TESTKUBE_CLOUD_ORG_ID value: "{{ .Values.cloud.orgId }}" diff --git a/charts/testkube-api/values.yaml b/charts/testkube-api/values.yaml index 3d341a61f..bcb920ea2 100644 --- a/charts/testkube-api/values.yaml +++ b/charts/testkube-api/values.yaml @@ -55,7 +55,7 @@ image: nameOverride: "" fullnameOverride: "" -## Custom job-template.yml that will passed to Testkube API +## Custom job-template.yml that will be passed to Testkube API configValues: "" ## Testkube API Deployment parameters @@ -73,6 +73,11 @@ cloud: envId: "" ## true if migration from OSS migrate: "" + tls: + ## Toggle should the connection to Agent API in Cloud/Enterprise use secure GRPC (GRPCS) (if false, it will use insecure GRPC) + enabled: true + ## Toggle should the client skip verifying the Agent API server cert in Cloud/Enterprise + skipVerify: false ## Retrieve cloud information from existing secret existingSecret: ## Name of the secret. If set, this will be used instead of the above values diff --git a/charts/testkube/README.md b/charts/testkube/README.md index faf6cdaf3..c8eb4129d 100644 --- a/charts/testkube/README.md +++ b/charts/testkube/README.md @@ -146,8 +146,9 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag | Key | Type | Default | Description | |-----|------|---------|-------------| -| global | object | `{"annotations":{},"imagePullSecrets":[],"imageRegistry":"","labels":{}}` | Important! Please, note that this will override sub-chart image parameters. | +| global | object | `{"annotations":{},"features":{"logsV2":false},"imagePullSecrets":[],"imageRegistry":"","labels":{}}` | Important! Please, note that this will override sub-chart image parameters. | | global.annotations | object | `{}` | Annotations to add to all deployed objects | +| global.features | object | `{"logsV2":false}` | Features map for the whole chart | | global.imagePullSecrets | list | `[]` | Global Docker registry secret names as an array | | global.imageRegistry | string | `""` | Global Docker image registry | | global.labels | object | `{}` | Labels to add to all deployed objects | @@ -170,6 +171,8 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag | nats.nats.limits.maxPayload | string | `"8MB"` | Max payload | | nats.nats.resources | object | `{}` | NATS resource settings | | nats.nats.securityContext | object | `{}` | Security Context for NATS container | +| nats.natsbox.enabled | bool | `true` | | +| nats.natsbox.nodeSelector."cloud.google.com/gke-provisioning" | string | `"standard"` | | | nats.natsbox.securityContext | object | `{}` | Security Context for NATS Box container | | nats.natsbox.tolerations | list | `[{"effect":"NoSchedule","key":"kubernetes.io/arch","operator":"Equal","value":"arm64"}]` | NATS Box tolerations settings | | nats.reloader.securityContext | object | `{}` | Security Context for Reloader container | @@ -204,6 +207,8 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag | testkube-api.cliIngress.tls | list | `[]` | Placing a host in the TLS config will indicate a certificate should be created | | testkube-api.cliIngress.tlsenabled | bool | `false` | Toggle whether to enable TLS on the ingress | | testkube-api.cloud.key | string | `""` | Testkube Clouc License Key (for Environment) | +| testkube-api.cloud.tls.enabled | bool | `true` | Toggle should the connection to Agent API in Cloud/Enterprise use secure GRPC (GRPCS) (if false, it will use insecure GRPC) | +| testkube-api.cloud.tls.skipVerify | bool | `false` | Toggle should the client skip verifying the Agent API server cert in Cloud/Enterprise | | testkube-api.cloud.uiUrl | string | `""` | | | testkube-api.cloud.url | string | `"agent.testkube.io:443"` | Testkube Cloud API URL | | testkube-api.clusterName | string | `""` | | @@ -452,7 +457,7 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag | testkube-operator.testConnection | object | `{"enabled":true,"resources":{},"tolerations":[{"effect":"NoSchedule","key":"kubernetes.io/arch","operator":"Equal","value":"arm64"}]}` | Test Connection pod | | testkube-operator.testConnection.resources | object | `{}` | Test Connection resource settings | | testkube-operator.testConnection.tolerations | list | `[{"effect":"NoSchedule","key":"kubernetes.io/arch","operator":"Equal","value":"arm64"}]` | Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. | -| testkube-operator.tolerations | list | `[]` | Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. | +| testkube-operator.tolerations | list | `[]` | Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. note: kubebuilder/kube-rbac-proxy:v0.8.0, image used by testkube-operator proxy deployment, doesn't support arm64 nodes | | testkube-operator.useArgoCDSync | bool | `false` | Use ArgoCD sync owner references | | testkube-operator.volumes.secret.defaultMode | int | `420` | Testkube Operator webhook certificate volume default mode | | testkube-operator.webhook.annotations | object | `{}` | Webhook specific annotations | diff --git a/charts/testkube/values.yaml b/charts/testkube/values.yaml index d4769bf13..ef73c80d7 100644 --- a/charts/testkube/values.yaml +++ b/charts/testkube/values.yaml @@ -291,6 +291,11 @@ testkube-api: uiUrl: "" # -- Testkube Clouc License Key (for Environment) key: "" + tls: + # -- Toggle should the connection to Agent API in Cloud/Enterprise use secure GRPC (GRPCS) (if false, it will use insecure GRPC) + enabled: true + # -- Toggle should the client skip verifying the Agent API server cert in Cloud/Enterprise + skipVerify: false # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster.