From e9f5a8c97e8f03d77e88c2ecef81611c7446e5a4 Mon Sep 17 00:00:00 2001 From: Aleix Date: Mon, 6 May 2024 14:13:52 +0200 Subject: [PATCH] feat: Enable ssl in status component (#1878) * feat: Enable ssl in status component * fixup! feat: Enable ssl in status component --- catalog/helm/templates/status/deployment.yaml | 14 +++++++++++++- catalog/helm/templates/status/route.yaml | 2 ++ catalog/helm/templates/status/service.yaml | 2 +- catalog/helm/values.yaml | 2 +- catalog/status/Dockerfile | 1 + catalog/status/nginx-default-cfg/redirect.conf | 10 ++++++++++ .../catalog/interfaces/status/deployment.yaml | 14 +++++++++++++- .../templates/catalog/interfaces/status/route.yaml | 2 ++ .../catalog/interfaces/status/service.yaml | 2 +- helm/values.yaml | 2 +- 10 files changed, 45 insertions(+), 6 deletions(-) diff --git a/catalog/helm/templates/status/deployment.yaml b/catalog/helm/templates/status/deployment.yaml index 21826215e..3b7f6dad1 100644 --- a/catalog/helm/templates/status/deployment.yaml +++ b/catalog/helm/templates/status/deployment.yaml @@ -41,9 +41,21 @@ spec: livenessProbe: initialDelaySeconds: 30 tcpSocket: - port: 8080 + port: 443 timeoutSeconds: 1 {{- with .Values.status.resources }} resources: {{- toYaml . | nindent 10 }} {{- end }} + ports: + - containerPort: 443 + name: public + protocol: TCP + volumeMounts: + - name: proxy-tls + mountPath: /etc/tls/private + volumes: + - name: proxy-tls + secret: + defaultMode: 0644 + secretName: {{ printf "%s-tls" (include "babylonCatalog.statusName" .) }} diff --git a/catalog/helm/templates/status/route.yaml b/catalog/helm/templates/status/route.yaml index cc08ccb83..3188bd48f 100644 --- a/catalog/helm/templates/status/route.yaml +++ b/catalog/helm/templates/status/route.yaml @@ -20,6 +20,8 @@ spec: to: kind: Service name: {{ include "babylonCatalog.statusName" . }} + port: + targetPort: proxy {{- if and .Values.route.certManager.enable .Values.status.host }} --- apiVersion: cert-manager.io/v1 diff --git a/catalog/helm/templates/status/service.yaml b/catalog/helm/templates/status/service.yaml index 82bbec2c1..45d4a865e 100644 --- a/catalog/helm/templates/status/service.yaml +++ b/catalog/helm/templates/status/service.yaml @@ -10,7 +10,7 @@ spec: - name: proxy port: 443 protocol: TCP - targetPort: 8080 + targetPort: 443 selector: {{- include "babylonCatalog.statusSelectorLabels" . | nindent 4 }} type: ClusterIP diff --git a/catalog/helm/values.yaml b/catalog/helm/values.yaml index c4c1d2cee..e97e244e3 100644 --- a/catalog/helm/values.yaml +++ b/catalog/helm/values.yaml @@ -50,7 +50,7 @@ status: name: # default use chart name + '-status' image: #override: - tag: v0.0.1 + tag: v0.0.2 repository: quay.io/redhat-gpte/babylon-catalog-status pullPolicy: IfNotPresent replicaCount: 1 diff --git a/catalog/status/Dockerfile b/catalog/status/Dockerfile index 4e00a2f6f..ff689001d 100644 --- a/catalog/status/Dockerfile +++ b/catalog/status/Dockerfile @@ -19,3 +19,4 @@ USER 1001 CMD /usr/libexec/s2i/run EXPOSE 8080 +EXPOSE 443 diff --git a/catalog/status/nginx-default-cfg/redirect.conf b/catalog/status/nginx-default-cfg/redirect.conf index 6c8bf916b..a74f8d9f3 100644 --- a/catalog/status/nginx-default-cfg/redirect.conf +++ b/catalog/status/nginx-default-cfg/redirect.conf @@ -1,3 +1,13 @@ +server { + listen 8080; + listen 443 ssl; + ssl_certificate_key /etc/tls/private/tls.key; + ssl_certificate /etc/tls/private/tls.crt; + ssl_session_timeout 5m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; + ssl_prefer_server_ciphers on; +} location ~* \.(?:css|js)$ { try_files $uri =404; access_log off; diff --git a/helm/templates/catalog/interfaces/status/deployment.yaml b/helm/templates/catalog/interfaces/status/deployment.yaml index 6ee1eeede..fc75b9a5a 100644 --- a/helm/templates/catalog/interfaces/status/deployment.yaml +++ b/helm/templates/catalog/interfaces/status/deployment.yaml @@ -32,12 +32,19 @@ spec: livenessProbe: initialDelaySeconds: 30 tcpSocket: - port: 8080 + port: 443 timeoutSeconds: 1 {{- with $status.resources }} resources: {{- toYaml . | nindent 10 }} {{- end }} + ports: + - containerPort: 443 + name: public + protocol: TCP + volumeMounts: + - name: proxy-tls + mountPath: /etc/tls/private {{- with $status.image.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -51,4 +58,9 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + volumes: + - name: proxy-tls + secret: + defaultMode: 0644 + secretName: babylon-catalog-status-tls {{- end }} \ No newline at end of file diff --git a/helm/templates/catalog/interfaces/status/route.yaml b/helm/templates/catalog/interfaces/status/route.yaml index 4133a5222..c0086ddb7 100644 --- a/helm/templates/catalog/interfaces/status/route.yaml +++ b/helm/templates/catalog/interfaces/status/route.yaml @@ -23,5 +23,7 @@ spec: kind: Service name: babylon-catalog-status weight: 100 + port: + targetPort: proxy wildcardPolicy: None {{- end }} diff --git a/helm/templates/catalog/interfaces/status/service.yaml b/helm/templates/catalog/interfaces/status/service.yaml index b3cce3a0e..c97fe7f85 100644 --- a/helm/templates/catalog/interfaces/status/service.yaml +++ b/helm/templates/catalog/interfaces/status/service.yaml @@ -13,7 +13,7 @@ spec: - name: proxy port: 443 protocol: TCP - targetPort: 8080 + targetPort: 443 selector: {{- include "babylon.selectorLabels" $ | nindent 4 }} app.kubernetes.io/component: catalog-status diff --git a/helm/values.yaml b/helm/values.yaml index 2ae07deba..134678444 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -139,7 +139,7 @@ catalog: memory: "256Mi" status: image: - tag: v0.0.1 + tag: v0.0.2 repository: quay.io/redhat-gpte/babylon-catalog-status pullPolicy: IfNotPresent replicaCount: 1