jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(redis): add support for custom TLS CA certificates

Browse source
This commit is contained in:
Jorgen Evens 2022-08-10 17:33:28 +02:00 committed by rjshrjndrn
parent c91c97f1c7
commit 0cbbf43890
11 changed files with 60 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
scripts/helmcharts/openreplay/charts/assets/templates/deployment.yaml
View file

@ -104,14 +104,16 @@ spec:
containerPort: {{ $val }}
protocol: TCP
{{- end }}
{{- with .Values.persistence.mounts }}
volumeMounts:
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 12 }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.persistence.volumes }}
volumes:
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 8 }}
{{- with .Values.persistence.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}

6
scripts/helmcharts/openreplay/charts/db/templates/deployment.yaml
View file

@ -75,16 +75,18 @@ spec:
containerPort: {{ $val }}
protocol: TCP
{{- end }}
{{- with .Values.persistence.mounts }}
volumeMounts:
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 12 }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.persistence.volumes }}
volumes:
{{- with .Values.persistence.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

6
scripts/helmcharts/openreplay/charts/ender/templates/deployment.yaml
View file

@ -71,16 +71,18 @@ spec:
containerPort: {{ $val }}
protocol: TCP
{{- end }}
{{- with .Values.persistence.mounts }}
volumeMounts:
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 12 }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.persistence.volumes }}
volumes:
{{- with .Values.persistence.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

10
scripts/helmcharts/openreplay/charts/frontend/templates/deployment.yaml
View file

@ -111,6 +111,11 @@ spec:
containerPort: {{ $val }}
protocol: TCP
{{- end }}
volumeMounts:
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 12 }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@ -125,3 +130,8 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- with .Values.persistence.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 8 }}

2
scripts/helmcharts/openreplay/charts/frontend/values.yaml
View file

@ -99,3 +99,5 @@ nodeSelector: {}
tolerations: []
affinity: {}
persistence: {}

6
scripts/helmcharts/openreplay/charts/heuristics/templates/deployment.yaml
View file

@ -60,16 +60,18 @@ spec:
containerPort: {{ $val }}
protocol: TCP
{{- end }}
{{- with .Values.persistence.mounts }}
volumeMounts:
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 12 }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.persistence.volumes }}
volumes:
{{- with .Values.persistence.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

6
scripts/helmcharts/openreplay/charts/http/templates/deployment.yaml
View file

@ -111,14 +111,16 @@ spec:
containerPort: {{ $val }}
protocol: TCP
{{- end }}
{{- with .Values.persistence.mounts }}
volumeMounts:
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 12 }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.persistence.volumes }}
volumes:
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 8 }}
{{- with .Values.persistence.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}

6
scripts/helmcharts/openreplay/charts/integrations/templates/deployment.yaml
View file

@ -71,14 +71,16 @@ spec:
containerPort: {{ $val }}
protocol: TCP
{{- end }}
{{- with .Values.persistence.mounts }}
volumeMounts:
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 12 }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.persistence.volumes }}
volumes:
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 8 }}
{{- with .Values.persistence.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}

3
scripts/helmcharts/openreplay/charts/sink/templates/deployment.yaml
View file

@ -85,6 +85,7 @@ spec:
volumeMounts:
- name: datadir
mountPath: /mnt/efs
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 10 }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
@ -95,6 +96,7 @@ spec:
# Ensure the file directory is created.
path: {{ .Values.pvc.hostMountPath }}
type: DirectoryOrCreate
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 6 }}
{{- with .Values.persistence.volumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
@ -103,6 +105,7 @@ spec:
- name: datadir
persistentVolumeClaim:
claimName: {{ .Values.pvc.name }}
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 6 }}
{{- with .Values.persistence.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}

2
scripts/helmcharts/openreplay/charts/storage/templates/deployment.yaml
View file

@ -93,6 +93,7 @@ spec:
volumeMounts:
- name: datadir
mountPath: /mnt/efs
{{- include "openreplay.volume.redis_ca_certificate.mount" .Values.global.redis | nindent 10 }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
@ -115,6 +116,7 @@ spec:
persistentVolumeClaim:
claimName: {{ .Values.pvc.name }}
{{- end }}
{{- include "openreplay.volume.redis_ca_certificate" .Values.global.redis | nindent 6 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

19
scripts/helmcharts/openreplay/templates/_helpers.tpl
View file

@ -83,3 +83,22 @@ Create the environment configuration for REDIS_STRING
- name: REDIS_STRING
value: '{{ $scheme }}://{{ $auth }}{{ .redisHost }}:{{ .redisPort }}'
{{- end }}
{{/*
Create the volume mount config for redis TLS certificates
*/}}
{{- define "openreplay.volume.redis_ca_certificate" -}}
{{- if and (.tls.enabled) (.tls.certificatesSecret) (.tls.certCAFilename) -}}
- name: redis-ca-certificate
secret:
secretName: {{ .tls.certificatesSecret }}
{{- end }}
{{- end }}
{{- define "openreplay.volume.redis_ca_certificate.mount" -}}
{{- if and (.tls.enabled) (.tls.certificatesSecret) (.tls.certCAFilename) -}}
- name: redis-ca-certificate
mountPath: /etc/ssl/certs/redis-ca-certificate.pem
subPath: {{ .tls.certCAFilename }}
{{- end }}
{{- end }}