fix: Redis ca cert

ctrlplanedev · Aug 28, 2024 · f09bf9d · f09bf9d
1 parent c998a46
commit f09bf9d
Show file tree

Hide file tree

Showing 8 changed files with 49 additions and 7 deletions.
diff --git a/charts/ctrlplane/Chart.yaml b/charts/ctrlplane/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: ctrlplane
 description: Ctrlplane Helm chart for Kubernetes
 type: application
-version: 0.1.6
+version: 0.1.7
 appVersion: "1.16.0"
 
 dependencies:

diff --git a/charts/ctrlplane/charts/event-worker/Chart.yaml b/charts/ctrlplane/charts/event-worker/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: event-worker
 description: A Helm chart for Kubernetes
 type: application
-version: 0.1.4
+version: 0.1.5
 appVersion: "1.16.0"
diff --git a/charts/ctrlplane/charts/event-worker/templates/deployment.yaml b/charts/ctrlplane/charts/event-worker/templates/deployment.yaml
@@ -38,6 +38,12 @@ spec:
       containers:
         - name: event-worker
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          volumeMounts:
+            {{- if ne (include "ctrlplane.redisCaCert" .) "" }}
+            - name: {{ include "ctrlplane.chart" . }}-redis-ca
+              mountPath: /etc/ssl/certs/redis_ca.pem
+              subPath: redis_ca.pem
+            {{- end }}
           ports:
             - name: http
               containerPort: 3000
@@ -56,4 +62,13 @@ spec:
             {{- include "ctrlplane.extraEnv" . | nindent 12 }}
             {{- include "ctrlplane.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }}
           resources:
-            {{- toYaml .Values.resources | nindent 12 }}
+            {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        {{- if ne (include "ctrlplane.redisCaCert" .) "" }}
+        - name: {{ include "ctrlplane.chart" . }}-redis-ca
+          secret:
+            secretName: {{ include "ctrlplane.chart" . }}-connections
+            items:
+              - key: REDIS_CA_CERT
+                path: redis_ca.pem
+        {{- end }}
diff --git a/charts/ctrlplane/charts/webservice/Chart.yaml b/charts/ctrlplane/charts/webservice/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: webservice
 description: A Helm chart for Kubernetes
 type: application
-version: 0.1.1
+version: 0.1.2
 appVersion: "1.16.0"
diff --git a/charts/ctrlplane/charts/webservice/templates/deployment.yaml b/charts/ctrlplane/charts/webservice/templates/deployment.yaml
@@ -38,6 +38,12 @@ spec:
       containers:
         - name: webservice
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          volumeMounts:
+            {{- if ne (include "ctrlplane.redisCaCert" .) "" }}
+            - name: {{ include "ctrlplane.chart" . }}-redis-ca
+              mountPath: /etc/ssl/certs/redis_ca.pem
+              subPath: redis_ca.pem
+            {{- end }}
           ports:
             - name: http
               containerPort: 3000
@@ -73,4 +79,13 @@ spec:
               path: /api/healthz
               port: http
           resources:
-            {{- toYaml .Values.resources | nindent 12 }}
+            {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        {{- if ne (include "ctrlplane.redisCaCert" .) "" }}
+        - name: {{ include "ctrlplane.chart" . }}-redis-ca
+          secret:
+            secretName: {{ include "ctrlplane.chart" . }}-connections
+            items:
+              - key: REDIS_CA_CERT
+                path: redis_ca.pem
+        {{- end }}
diff --git a/charts/ctrlplane/templates/_redis.tpl b/charts/ctrlplane/templates/_redis.tpl
@@ -1,3 +1,11 @@
 {{- define "ctrlplane.redisUrl" -}}
-{{- printf "postgresql://:%s@%s:%s" .Values.global.redis.password .Values.global.redis.host .Values.global.redis.porte   -}}
+{{- $baseUrl := printf "redis://:%s@%s:%s" .Values.global.redis.password .Values.global.redis.host .Values.global.redis.port -}}
+{{- if .Values.redis.caCert -}}
+{{- printf "%s?tls=true&caCertPath=/etc/ssl/certs/redis_ca.pem&ttlInSeconds=604800" $baseUrl -}}
+{{- else -}}
+{{- $baseUrl -}}
+{{- end -}}
+
+{{- define "ctrlplane.redisCaCert" -}}
+{{- .Values.redis.caCert -}}
 {{- end -}}
diff --git a/charts/ctrlplane/templates/secrets.yaml b/charts/ctrlplane/templates/secrets.yaml
@@ -6,4 +6,7 @@ metadata:
     {{- include "ctrlplane.labels" . | nindent 4 }}
 data:
   POSTGRES_URL: {{ include "ctrlplane.postgresqlUrl" . | b64enc }}
-  REDIS_URL: {{ include "ctrlplane.redisUrl" . | b64enc }}
+  REDIS_URL: {{ include "ctrlplane.redisUrl" . | b64enc }}
+  {{- if .Values.redis.caCert }}
+  REDIS_CA_CERT: {{ .Values.redis.caCert | b64enc }}
+  {{- end }}
diff --git a/charts/ctrlplane/values.yaml b/charts/ctrlplane/values.yaml
@@ -10,6 +10,7 @@ global:
     host: ""
     port: 6379
     password: ""
+    caCert: ""
 
   postgresql:
     user: "ctrlplane"