Skip to content

Commit

Permalink
Merge pull request #77 from snyk/feat/add-cacertfile-easy-loading-fro…
Browse files Browse the repository at this point in the history 
…m-file

feat: add cacertfile to load cacert more easily
  • Loading branch information
@aarlaud
aarlaud authored Sep 6, 2023
2 parents 71528c5 + f0cbd00 commit a418d27
Show file tree
Hide file tree
Showing 7 changed files with 420 additions and 14 deletions.
2 changes: 1 addition & 1 deletion charts/snyk-broker/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
name: snyk-broker
version: 1.7.2
version: 1.8.0
description: A Helm chart for Kubernetes
type: application
14 changes: 13 additions & 1 deletion charts/snyk-broker/templates/cacert_configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.caCert }}
{{- if and (.Values.caCert) (not .Values.caCertFile) }}
apiVersion: v1
kind: ConfigMap
metadata:
Expand All @@ -8,4 +8,16 @@ metadata:
{{- include "snyk-broker.labels" . | nindent 4 }}
data:
{{ (.Files.Glob .Values.caCert).AsConfig | nindent 2 }}
{{- end }}

{{- if and (.Values.caCertFile) (not .Values.caCert) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "snyk-broker.fullname" . }}-cacert-configmap
namespace: {{ .Release.Namespace }}
labels:
{{- include "snyk-broker.labels" . | nindent 4 }}
data:
cacert: {{ .Values.caCertFile | nindent 4}}
{{- end }}
325 changes: 325 additions & 0 deletions charts/snyk-broker/tests/__snapshot__/broker_deployment_configmap_test.yaml.snap
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,325 @@
cacert:
1: |
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-1.8.0
name: github-com-broker
namespace: NAMESPACE
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: snyk-broker
template:
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: snyk-broker
spec:
containers:
- env:
- name: BROKER_SERVER_URL
value: https://broker.test.snyk.io
- name: BROKER_HEALTHCHECK_PATH
value: /healthcheck
- name: BROKER_SYSTEMCHECK_PATH
value: /systemcheck
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
key: github-com-broker-token-key
name: github-com-broker-token
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github-com-token-key
name: github-com-token
- name: PORT
value: "8000"
- name: BROKER_CLIENT_URL
value: http://brokerclient
- name: LOG_LEVEL
value: info
- name: LOG_ENABLE_BODY
value: "false"
- name: CA_CERT
value: /home/node/cacert/tests/dummy_ca_cert.pem
- name: ACCEPT_CODE
value: "true"
- name: ACCEPT_IAC
value: tf,yaml,yml,json,tpl
- name: BROKER_DISPATCHER_BASE_URL
value: https://api.test.snyk.io
image: snyk/broker:github-com
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthcheck
port: 8000
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 1
name: github-com-broker
ports:
- containerPort: 8000
name: http
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthcheck
port: 8000
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 1
resources:
limits:
cpu: 1
memory: 256Mi
requests:
cpu: 1
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /home/node/cacert
name: RELEASE-NAME-snyk-broker-cacert-volume
readOnly: true
securityContext: {}
serviceAccountName: snyk-broker
volumes:
- configMap:
name: RELEASE-NAME-snyk-broker-cacert-configmap
name: RELEASE-NAME-snyk-broker-cacert-volume
2: |
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-1.8.0
name: github-com-broker-service
namespace: NAMESPACE
spec:
ports:
- port: 8000
targetPort: 8000
selector:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: snyk-broker
type: ClusterIP
3: |
apiVersion: v1
data:
dummy_ca_cert.pem: |-
-----BEGIN CERTIFICATE-----
MIIDYzCCAksCFAYMPiMLU27bbnNw60gZkdMg4Rr2MA0GCSqGSIb3DQEBCwUAMG4x
CzAJBgNVBAYTAkNIMQswCQYDVQQIDAJBQTELMAkGA1UEBwwCQUExCzAJBgNVBAoM
AkFBMQswCQYDVQQLDAJBQTELMAkGA1UEAwwCQUExHjAcBgkqhkiG9w0BCQEWD2Fu
dG9pbmVAc255ay5pbzAeFw0yMzA4MzEyMTE2NDRaFw0yNDA4MzAyMTE2NDRaMG4x
CzAJBgNVBAYTAkNIMQswCQYDVQQIDAJBQTELMAkGA1UEBwwCQUExCzAJBgNVBAoM
AkFBMQswCQYDVQQLDAJBQTELMAkGA1UEAwwCQUExHjAcBgkqhkiG9w0BCQEWD2Fu
dG9pbmVAc255ay5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPSe
fzWIMgAFuIwP4ScnLoZPb75dKLy8Ao2QtowF6WyntFuNWPJPLbs8sTeRPPbtbDYn
k2rfi15vQWL7HB7uKqTwFdXmf4kZu9SNxH1c7q+KNtYm1hiMBOlhM951N3gcefCE
W8A2rD95ngZlDdnFfBmsWvomg2a8OQjveMA9Nl3aR8qFNsym52yphTAilV+QMmmj
Xc7V/ElQElXN9uoSIbg6eTZ/yNqPDkdEQ+0f033IheHTdjFgnmCY4kFBp/4X6dDj
vUbmfvQ8c3GN11SvyoJgrd0grquiIp3qHRXIfr+U6Z5aAT+G4/paTnuRlMFhpQwV
D0Ur9jto7i/xo0gDArMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAP7c+rHqEbST8
Vd25DNmhwb4hEGI2K8+YWixauZJOcRwamLrQree7UHn0EeWW+qZa2ec5G2y2fGb9
HrB6C3LvDb0rmXWXbWTSM3Mj55ITDIYD3xBe2I5+jlykrxlEsC5QwFXMMbDKFwQj
J7V6gFfjJweX8Ko9kUdXdKmx2/napkPEkU8hoAZ4cMaaqfx6d2hvQL+2flQkjH+A
B3AgJ/FdaW0sb5caSstO1BEg3NgpJjO1YKRkxb1hkrjNRSJ2NfTkCwiTp9yIz25u
2UANxr7bbnEPd4bkk7OjE6SL+RH3YMCa3sBqtKwY14vs61AoWlS1bE0z8aRRsX49
owemeenoGQ==
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-1.8.0
name: RELEASE-NAME-snyk-broker-cacert-configmap
namespace: NAMESPACE
4: |
apiVersion: v1
data:
github-com-broker-token-key: MTIz
kind: Secret
metadata:
name: github-com-broker-token
type: Opaque
5: |
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-1.8.0
name: snyk-broker
namespace: NAMESPACE
cacertfile:
1: |
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-1.8.0
name: github-com-broker
namespace: NAMESPACE
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: snyk-broker
template:
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: snyk-broker
spec:
containers:
- env:
- name: BROKER_SERVER_URL
value: https://broker.test.snyk.io
- name: BROKER_HEALTHCHECK_PATH
value: /healthcheck
- name: BROKER_SYSTEMCHECK_PATH
value: /systemcheck
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
key: github-com-broker-token-key
name: github-com-broker-token
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github-com-token-key
name: github-com-token
- name: PORT
value: "8000"
- name: BROKER_CLIENT_URL
value: http://brokerclient
- name: LOG_LEVEL
value: info
- name: LOG_ENABLE_BODY
value: "false"
- name: ACCEPT_CODE
value: "true"
- name: ACCEPT_IAC
value: tf,yaml,yml,json,tpl
- name: BROKER_DISPATCHER_BASE_URL
value: https://api.test.snyk.io
image: snyk/broker:github-com
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthcheck
port: 8000
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 1
name: github-com-broker
ports:
- containerPort: 8000
name: http
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthcheck
port: 8000
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 1
resources:
limits:
cpu: 1
memory: 256Mi
requests:
cpu: 1
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts: null
securityContext: {}
serviceAccountName: snyk-broker
volumes: null
2: |
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-1.8.0
name: github-com-broker-service
namespace: NAMESPACE
spec:
ports:
- port: 8000
targetPort: 8000
selector:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/name: snyk-broker
type: ClusterIP
3: |
apiVersion: v1
data:
cacert: testValueSetBySetFile
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-1.8.0
name: RELEASE-NAME-snyk-broker-cacert-configmap
namespace: NAMESPACE
4: |
apiVersion: v1
data:
github-com-broker-token-key: MTIz
kind: Secret
metadata:
name: github-com-broker-token
type: Opaque
5: |
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-1.8.0
name: snyk-broker
namespace: NAMESPACE
Loading

0 comments on commit a418d27

Please sign in to comment.