From 6139d272f784c8c8dbb9e7d44cbf44366f709743 Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Tue, 3 Dec 2024 17:54:02 +0100 Subject: [PATCH] Added TLS certificate support for op-challenger --- charts/op-challenger/Chart.yaml | 2 +- charts/op-challenger/README.md | 2 +- .../op-challenger/templates/certificate.yaml | 36 +++++++++++++++++++ .../op-challenger/templates/statefulset.yaml | 10 ++++++ 4 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 charts/op-challenger/templates/certificate.yaml diff --git a/charts/op-challenger/Chart.yaml b/charts/op-challenger/Chart.yaml index 863f8b50..698a7845 100644 --- a/charts/op-challenger/Chart.yaml +++ b/charts/op-challenger/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v2 name: op-challenger description: A Helm chart for Fault Proof Monitoring type: application -version: 0.1.4 +version: 0.1.5 appVersion: "main" maintainers: - name: cLabs diff --git a/charts/op-challenger/README.md b/charts/op-challenger/README.md index 2ff87b91..e732751f 100644 --- a/charts/op-challenger/README.md +++ b/charts/op-challenger/README.md @@ -1,6 +1,6 @@ # op-challenger -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: main](https://img.shields.io/badge/AppVersion-main-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: main](https://img.shields.io/badge/AppVersion-main-informational?style=flat-square) A Helm chart for Fault Proof Monitoring diff --git a/charts/op-challenger/templates/certificate.yaml b/charts/op-challenger/templates/certificate.yaml new file mode 100644 index 00000000..aac34747 --- /dev/null +++ b/charts/op-challenger/templates/certificate.yaml @@ -0,0 +1,36 @@ +{{- if .Values.config.signer.tls.certManager.enabled }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "op-challenger.fullname" . }}-tls +spec: + secretName: {{ template "op-challenger.fullname" . }}-tls + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + + duration: 2160h # 90d + renewBefore: 360h # 15d + + isCA: false + usages: + - client auth + + subject: + organizations: + - cLabs + # The use of the common name field has been deprecated since 2000 and is + # discouraged from being used. + commonName: {{ template "op-challenger.fullname" . }} + + # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required. + dnsNames: + - {{ template "op-challenger.fullname" . }} + + # Issuer references are always required. + issuerRef: + name: {{ .Values.config.signer.tls.certManager.issuerName }} + kind: {{ .Values.config.signer.tls.certManager.issuerKind }} + group: {{ .Values.config.signer.tls.certManager.issuerGroup }} +{{- end }} diff --git a/charts/op-challenger/templates/statefulset.yaml b/charts/op-challenger/templates/statefulset.yaml index feba770f..06571f8b 100644 --- a/charts/op-challenger/templates/statefulset.yaml +++ b/charts/op-challenger/templates/statefulset.yaml @@ -172,10 +172,20 @@ spec: volumeMounts: - name: data mountPath: /data + {{- if .Values.config.signer.tls.enabled }} + - mountPath: "/certs" + name: pki + readOnly: true + {{- end }} volumes: - name: data persistentVolumeClaim: claimName: {{ include "op-challenger.fullname" . }}-data + {{- if .Values.config.signer.tls.enabled }} + - name: pki + secret: + secretName: {{ ternary (printf "%s-%s" (include "op-challenger.fullname" .) "tls" ) .Values.config.signer.tls.externalSecret.tlsSecretName .Values.config.signer.tls.certManager.enabled }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }}