Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

testkube: add support for connecting to agent in insecure mode and skipping cert validation #690

Merged
merged 2 commits into from
Jan 12, 2024
+28 −5
Merged

testkube: add support for connecting to agent in insecure mode and skipping cert validation #690

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
668a699
testkube: rebase with latest changes
dejanzele Jan 12, 2024
7cea32a
testkube: update docs
dejanzele Jan 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions charts/testkube-api/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -286,11 +286,19 @@ spec:
{{- if .Values.cloud.url }}
- name: TESTKUBE_CLOUD_URL
value: "{{ .Values.cloud.url }}"
{{- end}}
{{- end }}
{{- if .Values.cloud.uiUrl}}
- name: TESTKUBE_CLOUD_UI_URL
value: "{{ .Values.cloud.uiUrl }}"
value: "{{ .Values.cloud.uiUrl }}"
{{- end}}
{{- if not .Values.cloud.tls.enabled }}
- name: TESTKUBE_PRO_TLS_INSECURE
value: "true"
{{- end }}
{{- if .Values.cloud.tls.skipVerify }}
- name: TESTKUBE_PRO_SKIP_VERIFY
value: "true"
{{- end }}
{{- if .Values.cloud.orgId }}
- name: TESTKUBE_CLOUD_ORG_ID
value: "{{ .Values.cloud.orgId }}"
Expand Down
7 changes: 6 additions & 1 deletion charts/testkube-api/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ image:
nameOverride: ""
fullnameOverride: ""

## Custom job-template.yml that will passed to Testkube API
## Custom job-template.yml that will be passed to Testkube API
configValues: ""

## Testkube API Deployment parameters
Expand All @@ -73,6 +73,11 @@ cloud:
envId: ""
## true if migration from OSS
migrate: ""
tls:
## Toggle should the connection to Agent API in Cloud/Enterprise use secure GRPC (GRPCS) (if false, it will use insecure GRPC)
enabled: true
## Toggle should the client skip verifying the Agent API server cert in Cloud/Enterprise
skipVerify: false
## Retrieve cloud information from existing secret
existingSecret:
## Name of the secret. If set, this will be used instead of the above values
Expand Down
9 changes: 7 additions & 2 deletions charts/testkube/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,8 +146,9 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global | object | `{"annotations":{},"imagePullSecrets":[],"imageRegistry":"","labels":{}}` | Important! Please, note that this will override sub-chart image parameters. |
| global | object | `{"annotations":{},"features":{"logsV2":false},"imagePullSecrets":[],"imageRegistry":"","labels":{}}` | Important! Please, note that this will override sub-chart image parameters. |
| global.annotations | object | `{}` | Annotations to add to all deployed objects |
| global.features | object | `{"logsV2":false}` | Features map for the whole chart |
| global.imagePullSecrets | list | `[]` | Global Docker registry secret names as an array |
| global.imageRegistry | string | `""` | Global Docker image registry |
| global.labels | object | `{}` | Labels to add to all deployed objects |
Expand All @@ -170,6 +171,8 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag
| nats.nats.limits.maxPayload | string | `"8MB"` | Max payload |
| nats.nats.resources | object | `{}` | NATS resource settings |
| nats.nats.securityContext | object | `{}` | Security Context for NATS container |
| nats.natsbox.enabled | bool | `true` | |
| nats.natsbox.nodeSelector."cloud.google.com/gke-provisioning" | string | `"standard"` | |
| nats.natsbox.securityContext | object | `{}` | Security Context for NATS Box container |
| nats.natsbox.tolerations | list | `[{"effect":"NoSchedule","key":"kubernetes.io/arch","operator":"Equal","value":"arm64"}]` | NATS Box tolerations settings |
| nats.reloader.securityContext | object | `{}` | Security Context for Reloader container |
Expand Down Expand Up @@ -204,6 +207,8 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag
| testkube-api.cliIngress.tls | list | `[]` | Placing a host in the TLS config will indicate a certificate should be created |
| testkube-api.cliIngress.tlsenabled | bool | `false` | Toggle whether to enable TLS on the ingress |
| testkube-api.cloud.key | string | `""` | Testkube Clouc License Key (for Environment) |
| testkube-api.cloud.tls.enabled | bool | `true` | Toggle should the connection to Agent API in Cloud/Enterprise use secure GRPC (GRPCS) (if false, it will use insecure GRPC) |
| testkube-api.cloud.tls.skipVerify | bool | `false` | Toggle should the client skip verifying the Agent API server cert in Cloud/Enterprise |
| testkube-api.cloud.uiUrl | string | `""` | |
| testkube-api.cloud.url | string | `"agent.testkube.io:443"` | Testkube Cloud API URL |
| testkube-api.clusterName | string | `""` | |
Expand Down Expand Up @@ -452,7 +457,7 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag
| testkube-operator.testConnection | object | `{"enabled":true,"resources":{},"tolerations":[{"effect":"NoSchedule","key":"kubernetes.io/arch","operator":"Equal","value":"arm64"}]}` | Test Connection pod |
| testkube-operator.testConnection.resources | object | `{}` | Test Connection resource settings |
| testkube-operator.testConnection.tolerations | list | `[{"effect":"NoSchedule","key":"kubernetes.io/arch","operator":"Equal","value":"arm64"}]` | Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. |
| testkube-operator.tolerations | list | `[]` | Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. |
| testkube-operator.tolerations | list | `[]` | Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. note: kubebuilder/kube-rbac-proxy:v0.8.0, image used by testkube-operator proxy deployment, doesn't support arm64 nodes |
| testkube-operator.useArgoCDSync | bool | `false` | Use ArgoCD sync owner references |
| testkube-operator.volumes.secret.defaultMode | int | `420` | Testkube Operator webhook certificate volume default mode |
| testkube-operator.webhook.annotations | object | `{}` | Webhook specific annotations |
Expand Down
5 changes: 5 additions & 0 deletions charts/testkube/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -291,6 +291,11 @@ testkube-api:
uiUrl: ""
# -- Testkube Clouc License Key (for Environment)
key: ""
tls:
# -- Toggle should the connection to Agent API in Cloud/Enterprise use secure GRPC (GRPCS) (if false, it will use insecure GRPC)
enabled: true
# -- Toggle should the client skip verifying the Agent API server cert in Cloud/Enterprise
skipVerify: false

# ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm
# -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster.
Expand Down