From 787d0faf320ac3d466f7ec57d5b6deb4186c6c6a Mon Sep 17 00:00:00 2001 From: Jeev B Date: Tue, 8 Aug 2023 08:34:26 -0700 Subject: [PATCH] Add support for specifying a tls configuration block in both the http and grpc ingress resources Signed-off-by: Jeev B --- charts/flyte-binary/README.md | 1 + charts/flyte-binary/templates/ingress/grpc.yaml | 2 ++ charts/flyte-binary/templates/ingress/http.yaml | 2 ++ charts/flyte-binary/values.yaml | 6 ++++-- docker/sandbox-bundled/manifests/complete.yaml | 4 ++-- docker/sandbox-bundled/manifests/dev.yaml | 4 ++-- 6 files changed, 13 insertions(+), 6 deletions(-) diff --git a/charts/flyte-binary/README.md b/charts/flyte-binary/README.md index d7e97a2b8a..c307939fe7 100644 --- a/charts/flyte-binary/README.md +++ b/charts/flyte-binary/README.md @@ -165,6 +165,7 @@ Chart for basic single Flyte executable deployment | ingress.httpTls | list | `[]` | | | ingress.ingressClassName | string | `""` | | | ingress.labels | object | `{}` | | +| ingress.tls | list | `[]` | | | nameOverride | string | `""` | | | rbac.annotations | object | `{}` | | | rbac.create | bool | `true` | | diff --git a/charts/flyte-binary/templates/ingress/grpc.yaml b/charts/flyte-binary/templates/ingress/grpc.yaml index 28f1d9befd..7b7558ad99 100644 --- a/charts/flyte-binary/templates/ingress/grpc.yaml +++ b/charts/flyte-binary/templates/ingress/grpc.yaml @@ -125,5 +125,7 @@ spec: {{- end }} {{- if .Values.ingress.grpcTls }} tls: {{- tpl ( .Values.ingress.grpcTls | toYaml ) . | nindent 6 }} + {{- else if .Values.ingress.tls }} + tls: {{- tpl ( .Values.ingress.tls | toYaml ) . | nindent 6 }} {{- end }} {{- end }} diff --git a/charts/flyte-binary/templates/ingress/http.yaml b/charts/flyte-binary/templates/ingress/http.yaml index d531d30e78..9f2f91cf83 100644 --- a/charts/flyte-binary/templates/ingress/http.yaml +++ b/charts/flyte-binary/templates/ingress/http.yaml @@ -174,5 +174,7 @@ spec: {{- end }} {{- if .Values.ingress.httpTls }} tls: {{- tpl ( .Values.ingress.httpTls | toYaml ) . | nindent 6 }} + {{- else if .Values.ingress.tls }} + tls: {{- tpl ( .Values.ingress.tls | toYaml ) . | nindent 6 }} {{- end }} {{- end }} diff --git a/charts/flyte-binary/values.yaml b/charts/flyte-binary/values.yaml index d05ea27b56..9d1de4f6b0 100644 --- a/charts/flyte-binary/values.yaml +++ b/charts/flyte-binary/values.yaml @@ -327,9 +327,11 @@ ingress: httpIngressClassName: "" # grpcIngressClassName Ingress class to use with all grpc ingress resource. Overrides `ingressClassName` grpcIngressClassName: "" - # httpTls Add TLS configuration to http ingress resource + # tls Add TLS configuration to all ingress resources + tls: [] + # httpTls Add TLS configuration to http ingress resource. Overrides `tls` httpTls: [] - # grpcTls Add TLS configuration to grpc ingress resource + # grpcTls Add TLS configuration to grpc ingress resource. Overrides `tls` grpcTls: [] # httpExtraPaths Add extra paths to http ingress rule httpExtraPaths: diff --git a/docker/sandbox-bundled/manifests/complete.yaml b/docker/sandbox-bundled/manifests/complete.yaml index 61d1e518ad..b29f1220b4 100644 --- a/docker/sandbox-bundled/manifests/complete.yaml +++ b/docker/sandbox-bundled/manifests/complete.yaml @@ -784,7 +784,7 @@ type: Opaque --- apiVersion: v1 data: - haSharedSecret: UGVIYm9XaG4wSHd3Y3N3ZA== + haSharedSecret: dmhFWEFXU2l3VW4wNmdHYg== proxyPassword: "" proxyUsername: "" kind: Secret @@ -1345,7 +1345,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: 1906618531aec05d6b3f35209612f9cf19655bb9266c327a09e1be23ff932141 + checksum/secret: 9587ba37c31a9445f033acf56e7ea54c214532b8e13c8a6ef014c6d2090d05af labels: app: docker-registry release: flyte-sandbox diff --git a/docker/sandbox-bundled/manifests/dev.yaml b/docker/sandbox-bundled/manifests/dev.yaml index d8f42da109..4351d3b18b 100644 --- a/docker/sandbox-bundled/manifests/dev.yaml +++ b/docker/sandbox-bundled/manifests/dev.yaml @@ -499,7 +499,7 @@ metadata: --- apiVersion: v1 data: - haSharedSecret: cGU1MFpxVHFEU01SR2dVQw== + haSharedSecret: RnVLTjRtMHJvaEwxTWhueg== proxyPassword: "" proxyUsername: "" kind: Secret @@ -933,7 +933,7 @@ spec: metadata: annotations: checksum/config: 8f50e768255a87f078ba8b9879a0c174c3e045ffb46ac8723d2eedbe293c8d81 - checksum/secret: dc53bb66c2eb99ad100a1aae2c1a5cc6016f129f2025b25e40991e6d1153e158 + checksum/secret: a52f5b460b64e9d50cd7820278e691ae010451c1088685990544d0ee63d31227 labels: app: docker-registry release: flyte-sandbox