From 3ac43e8c3decdc25849da700236dc2fc1ca797c9 Mon Sep 17 00:00:00 2001 From: Angelo Sleebos Date: Fri, 9 Aug 2024 11:56:13 +0200 Subject: [PATCH 1/6] add certificates Signed-off-by: Angelo Sleebos --- charts/gxf/templates/certificate.yaml | 36 +++++++++++++++++++++++++++ charts/gxf/values.yaml | 8 ++++++ 2 files changed, 44 insertions(+) create mode 100644 charts/gxf/templates/certificate.yaml diff --git a/charts/gxf/templates/certificate.yaml b/charts/gxf/templates/certificate.yaml new file mode 100644 index 0000000..1101831 --- /dev/null +++ b/charts/gxf/templates/certificate.yaml @@ -0,0 +1,36 @@ +{{- range .Values.certificates }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $.Release.Name }}-{{ .name }} +spec: + secretName: {{ $.Release.Name }}-{{ .name }} + duration: {{ .duration | default "8760h0m0s" }} # 1 year by default + renewBefore: {{ .renewBefore | default "720h0m0s" }} # 30 days by default + commonName: {{ .commonName }} + privateKey: + algorithm: RSA + size: 2048 + {{- if .dnsNames }} + dnsNames: + {{- range .dnsNames }} + - {{ . }} + {{- end }} + {{- end }} + issuerRef: + name: {{ if $.issuerRefName }}{{ $.issuerRefName }}{{ else }}{{ printf "%s-ca-issuer" $.Release.Namespace }}{{ end }} + kind: {{ if $.issuerRefKind }}{{ $.issuerRefKind }}{{ else }}Issuer{{ end }} + usages: + - server auth + - client auth + keystores: + pkcs12: + create: true + passwordSecretRef: + name: keystore-password + key: password + {{- if .isCA }} + isCA: true + {{- end }} +--- +{{- end }} diff --git a/charts/gxf/values.yaml b/charts/gxf/values.yaml index 22f48f3..8ccf0e8 100644 --- a/charts/gxf/values.yaml +++ b/charts/gxf/values.yaml @@ -104,3 +104,11 @@ logging: # filename: your-own-choosing (defaults to .Release.Name) maxHistoryDays: 3 totalSizeCap: 2GB + +certificates: [] + # - name: example-client-tls-cert + # commonName: example-client + # - name: example-server-tls-cert + # commonName: example.com + # dnsNames: + # - example.com \ No newline at end of file From 8d226819edb1c729dfafa3ce3b30e47dc9cd41c4 Mon Sep 17 00:00:00 2001 From: Angelo Sleebos Date: Fri, 9 Aug 2024 11:57:10 +0200 Subject: [PATCH 2/6] remove comments Signed-off-by: Angelo Sleebos --- charts/gxf/templates/certificate.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gxf/templates/certificate.yaml b/charts/gxf/templates/certificate.yaml index 1101831..fd281cc 100644 --- a/charts/gxf/templates/certificate.yaml +++ b/charts/gxf/templates/certificate.yaml @@ -5,8 +5,8 @@ metadata: name: {{ $.Release.Name }}-{{ .name }} spec: secretName: {{ $.Release.Name }}-{{ .name }} - duration: {{ .duration | default "8760h0m0s" }} # 1 year by default - renewBefore: {{ .renewBefore | default "720h0m0s" }} # 30 days by default + duration: {{ .duration | default "8760h0m0s" }} + renewBefore: {{ .renewBefore | default "720h0m0s" }} commonName: {{ .commonName }} privateKey: algorithm: RSA From 9630444d93505ccdecaa8b30705fc7bb4de0891c Mon Sep 17 00:00:00 2001 From: Angelo Sleebos Date: Fri, 9 Aug 2024 12:00:38 +0200 Subject: [PATCH 3/6] upgrade gxf chart Signed-off-by: Angelo Sleebos --- charts/gxf/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gxf/Chart.yaml b/charts/gxf/Chart.yaml index 96d7dbf..352c211 100644 --- a/charts/gxf/Chart.yaml +++ b/charts/gxf/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: gxf description: Generic GXF Helm chart -version: '1.7.0' +version: '1.8.0' icon: https://artwork.lfenergy.org/projects/grid-exchange-fabric/abbrev/color/grid-exchange-fabric-abbrev-color.png maintainers: - name: OSGP From 35386aa9656efaf7ddd052eb39992f571e80040e Mon Sep 17 00:00:00 2001 From: Angelo Sleebos Date: Fri, 9 Aug 2024 12:02:10 +0200 Subject: [PATCH 4/6] remove isCA Signed-off-by: Angelo Sleebos --- charts/gxf/templates/certificate.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/gxf/templates/certificate.yaml b/charts/gxf/templates/certificate.yaml index fd281cc..f1d4b60 100644 --- a/charts/gxf/templates/certificate.yaml +++ b/charts/gxf/templates/certificate.yaml @@ -29,8 +29,5 @@ spec: passwordSecretRef: name: keystore-password key: password - {{- if .isCA }} - isCA: true - {{- end }} --- {{- end }} From d3406be92c83ed1ee21ca249d78d6f6829347afa Mon Sep 17 00:00:00 2001 From: Angelo Sleebos Date: Fri, 9 Aug 2024 12:05:36 +0200 Subject: [PATCH 5/6] add new line Signed-off-by: Angelo Sleebos --- charts/gxf/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gxf/values.yaml b/charts/gxf/values.yaml index 8ccf0e8..5afbffb 100644 --- a/charts/gxf/values.yaml +++ b/charts/gxf/values.yaml @@ -111,4 +111,4 @@ certificates: [] # - name: example-server-tls-cert # commonName: example.com # dnsNames: - # - example.com \ No newline at end of file + # - example.com From 217a62eb37bb281b7aed8b190f01cef1bbd4f687 Mon Sep 17 00:00:00 2001 From: Angelo Sleebos Date: Fri, 9 Aug 2024 12:11:44 +0200 Subject: [PATCH 6/6] add variable usages Signed-off-by: Angelo Sleebos --- charts/gxf/templates/certificate.yaml | 6 ++++++ charts/gxf/values.yaml | 2 ++ 2 files changed, 8 insertions(+) diff --git a/charts/gxf/templates/certificate.yaml b/charts/gxf/templates/certificate.yaml index f1d4b60..6d412bb 100644 --- a/charts/gxf/templates/certificate.yaml +++ b/charts/gxf/templates/certificate.yaml @@ -21,8 +21,14 @@ spec: name: {{ if $.issuerRefName }}{{ $.issuerRefName }}{{ else }}{{ printf "%s-ca-issuer" $.Release.Namespace }}{{ end }} kind: {{ if $.issuerRefKind }}{{ $.issuerRefKind }}{{ else }}Issuer{{ end }} usages: + {{- if .usages }} + {{- range .usages }} + - {{ . }} + {{- end }} + {{- else }} - server auth - client auth + {{- end }} keystores: pkcs12: create: true diff --git a/charts/gxf/values.yaml b/charts/gxf/values.yaml index 5afbffb..eadb185 100644 --- a/charts/gxf/values.yaml +++ b/charts/gxf/values.yaml @@ -108,6 +108,8 @@ logging: certificates: [] # - name: example-client-tls-cert # commonName: example-client + # usages: + # - client auth # - name: example-server-tls-cert # commonName: example.com # dnsNames: