[openwhisk-deploy-kube] branch master updated: Support externel nginx cerficate (#618)

style95 Tue, 07 Jul 2020 16:59:22 -0700

This is an automated email from the ASF dual-hosted git repository.

style95 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk-deploy-kube.git



The following commit(s) were added to refs/heads/master by this push:
     new db613f3  Support externel nginx cerficate (#618)
db613f3 is described below

commit db613f3c9d8d2b50b24ddaa27b7ec5d5b78e7db1
Author: ningyougang <[email protected]>
AuthorDate: Wed Jul 8 07:58:26 2020 +0800

    Support externel nginx cerficate (#618)
    
    * Support externel nginx certificate
    
    * Fix name error
    
    Co-authored-by: ning.yougang <[email protected]>
---
 helm/openwhisk/templates/_helpers.tpl       | 14 ++++++++++++++
 helm/openwhisk/templates/gen-certs-cm.yaml  |  9 +++++++++
 helm/openwhisk/templates/gen-certs-job.yaml |  2 ++
 helm/openwhisk/templates/nginx-cm.yaml      |  5 +++++
 helm/openwhisk/templates/nginx-pod.yaml     |  6 ++++++
 helm/openwhisk/values.yaml                  |  5 +++++
 6 files changed, 41 insertions(+)

diff --git a/helm/openwhisk/templates/_helpers.tpl 
b/helm/openwhisk/templates/_helpers.tpl
index 8ac8618..f6669d3 100644
--- a/helm/openwhisk/templates/_helpers.tpl
+++ b/helm/openwhisk/templates/_helpers.tpl
@@ -327,3 +327,17 @@ imagePullSecrets:
 {{- define "openwhisk.grafana_host" -}}
 {{ .Release.Name }}-grafana.{{ .Release.Namespace }}.svc.{{ .Values.k8s.domain 
}}
 {{- end -}}
+
+{{/* nginx cert */}}
+{{- define "openwhisk.nginx_cert" -}}
+{{- if .Values.nginx.certificate.external }}
+{{ .Files.Get .Values.nginx.certificate.cert_file }}
+{{- end -}}
+{{- end -}}
+
+{{/* nginx key */}}
+{{- define "openwhisk.nginx_key" -}}
+{{- if .Values.nginx.certificate.external }}
+{{ .Files.Get .Values.nginx.certificate.key_file }}
+{{- end -}}
+{{- end -}}
diff --git a/helm/openwhisk/templates/gen-certs-cm.yaml 
b/helm/openwhisk/templates/gen-certs-cm.yaml
index f7840ea..b74b568 100644
--- a/helm/openwhisk/templates/gen-certs-cm.yaml
+++ b/helm/openwhisk/templates/gen-certs-cm.yaml
@@ -22,4 +22,13 @@ metadata:
   labels:
 {{ include "openwhisk.label_boilerplate" . | indent 4 }}
 data:
+{{- if .Values.nginx.certificate.external }}
+  tls.crt: |
+{{ include "openwhisk.nginx_cert" . | indent 4 }}
+  tls.key: |
+{{ include "openwhisk.nginx_key" . | indent 4 }}
+  sslPassword: |
+    {{ .Values.nginx.certificate.sslPassword }}
+{{- else }}
 {{ (.Files.Glob "configMapFiles/genCerts/gencerts.sh").AsConfig | indent 2 }}
+{{- end }}
diff --git a/helm/openwhisk/templates/gen-certs-job.yaml 
b/helm/openwhisk/templates/gen-certs-job.yaml
index d8925e1..c72ecd5 100644
--- a/helm/openwhisk/templates/gen-certs-job.yaml
+++ b/helm/openwhisk/templates/gen-certs-job.yaml
@@ -15,6 +15,7 @@
 # limitations under the License.
 #
 
+{{- if not .Values.nginx.certificate.external }}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -55,3 +56,4 @@ spec:
             configMapKeyRef:
               name: {{ .Release.Name }}-whisk.config
               key: whisk_api_host_name
+{{- end }}
diff --git a/helm/openwhisk/templates/nginx-cm.yaml 
b/helm/openwhisk/templates/nginx-cm.yaml
index b3a3185..f850f5a 100644
--- a/helm/openwhisk/templates/nginx-cm.yaml
+++ b/helm/openwhisk/templates/nginx-cm.yaml
@@ -57,6 +57,11 @@ data:
         ssl_session_timeout  10m;
         ssl_certificate      /etc/nginx/certs/tls.crt;
         ssl_certificate_key  /etc/nginx/certs/tls.key;
+        {{- if .Values.nginx.certificate.external }}
+        {{- if ne .Values.nginx.certificate.sslPassword "" }}
+        ssl_password_file "/etc/nginx/certs/sslPassword";
+        {{- end }}
+        {{- end }}
         ssl_verify_client off;
         ssl_protocols        TLSv1.2;
         ssl_ciphers 
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
diff --git a/helm/openwhisk/templates/nginx-pod.yaml 
b/helm/openwhisk/templates/nginx-pod.yaml
index 9b5194d..4a83011 100644
--- a/helm/openwhisk/templates/nginx-pod.yaml
+++ b/helm/openwhisk/templates/nginx-pod.yaml
@@ -48,9 +48,15 @@ spec:
       {{- end }}
 
       volumes:
+      {{- if .Values.nginx.certificate.external }}
+      - name: nginx-certs
+        configMap:
+          name: {{ .Release.Name }}-gen-certs
+      {{- else }}
       - name: nginx-certs
         secret:
           secretName: {{ .Release.Name }}-nginx
+      {{- end }}
       - name: nginx-conf
         configMap:
           name: {{ .Release.Name }}-nginx
diff --git a/helm/openwhisk/values.yaml b/helm/openwhisk/values.yaml
index 4584e3f..bb3363e 100644
--- a/helm/openwhisk/values.yaml
+++ b/helm/openwhisk/values.yaml
@@ -239,6 +239,11 @@ nginx:
   httpPort: 80
   httpsPort: 443
   httpsNodePort: 31001
+  certificate:
+    external: false
+    cert_file: ""
+    key_file: ""
+    sslPassword: ""
 
 # Controller configurations
 controller:

[openwhisk-deploy-kube] branch master updated: Support externel nginx cerficate (#618)

Reply via email to