From 46d1851f0884298199ed238d877981e2658e9777 Mon Sep 17 00:00:00 2001 From: Jonas Kaninda Date: Wed, 27 Nov 2024 20:54:41 +0100 Subject: [PATCH] feat: add tls --- api/v1beta1/types.go | 2 + api/v1beta1/zz_generated.deepcopy.go | 16 +++++ .../bases/gomaproj.github.io_gateways.yaml | 12 ++++ dist/install.yaml | 12 ++++ internal/controller/deployment.go | 63 ++++++++++++------- internal/controller/helpers.go | 12 ++++ internal/controller/var.go | 5 +- 7 files changed, 100 insertions(+), 22 deletions(-) diff --git a/api/v1beta1/types.go b/api/v1beta1/types.go index 8a864b3..7b7822c 100644 --- a/api/v1beta1/types.go +++ b/api/v1beta1/types.go @@ -36,6 +36,8 @@ type Server struct { IdleTimeout int `json:"idleTimeout,omitempty" yaml:"idleTimeout,omitempty"` // LogLevel log level, info, debug, trace, off LogLevel string `json:"logLevel,omitempty" yaml:"logLevel,omitempty"` + // tls secret name + TlsSecretName string `json:"tlsSecretName,omitempty" yaml:"tlsSecretName,omitempty"` // Redis contains redis database details Redis Redis `json:"redis,omitempty" yaml:"redis,omitempty"` // Cors holds proxy global cors diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index e23367f..3f779c2 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -305,6 +305,21 @@ func (in *Middlewares) DeepCopy() *Middlewares { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Redis) DeepCopyInto(out *Redis) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Redis. +func (in *Redis) DeepCopy() *Redis { + if in == nil { + return nil + } + out := new(Redis) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Route) DeepCopyInto(out *Route) { *out = *in @@ -488,6 +503,7 @@ func (in *RoutesConfig) DeepCopy() *RoutesConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Server) DeepCopyInto(out *Server) { *out = *in + out.Redis = in.Redis in.Cors.DeepCopyInto(&out.Cors) if in.InterceptErrors != nil { in, out := &in.InterceptErrors, &out.InterceptErrors diff --git a/config/crd/bases/gomaproj.github.io_gateways.yaml b/config/crd/bases/gomaproj.github.io_gateways.yaml index da84455..1bd1ed4 100644 --- a/config/crd/bases/gomaproj.github.io_gateways.yaml +++ b/config/crd/bases/gomaproj.github.io_gateways.yaml @@ -1082,6 +1082,18 @@ spec: readTimeout: description: ReadTimeout defines proxy read timeout type: integer + redis: + description: Redis contains redis database details + properties: + addr: + description: 'Addr redis hostname and port number :' + type: string + password: + type: string + type: object + tlsSecretName: + description: tls secret name + type: string writeTimeout: description: WriteTimeout defines proxy write timeout type: integer diff --git a/dist/install.yaml b/dist/install.yaml index 1880513..1278d61 100644 --- a/dist/install.yaml +++ b/dist/install.yaml @@ -1090,6 +1090,18 @@ spec: readTimeout: description: ReadTimeout defines proxy read timeout type: integer + redis: + description: Redis contains redis database details + properties: + addr: + description: 'Addr redis hostname and port number :' + type: string + password: + type: string + type: object + tlsSecretName: + description: tls secret name + type: string writeTimeout: description: WriteTimeout defines proxy write timeout type: integer diff --git a/internal/controller/deployment.go b/internal/controller/deployment.go index 32daa25..5060736 100644 --- a/internal/controller/deployment.go +++ b/internal/controller/deployment.go @@ -21,6 +21,44 @@ import ( // createUpdateDeployment creates Kubernetes deployment func createUpdateDeployment(r GatewayReconciler, ctx context.Context, req ctrl.Request, gateway gomaprojv1beta1.Gateway, imageName string) error { logger := log.FromContext(ctx) + var volumes []corev1.Volume + var volumeMounts []corev1.VolumeMount + + volumes = append(volumes, corev1.Volume{ + Name: "config", + VolumeSource: corev1.VolumeSource{ + ConfigMap: &corev1.ConfigMapVolumeSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: req.Name, + }, + }, + }, + }) + volumeMounts = append(volumeMounts, corev1.VolumeMount{ + Name: "config", + MountPath: ConfigPath, + ReadOnly: true, + }) + if len(gateway.Spec.Server.TlsSecretName) != 0 { + volumes = append(volumes, corev1.Volume{ + Name: req.Name, + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: gateway.Spec.Server.TlsSecretName, + }, + }, + }) + volumeMounts = append(volumeMounts, corev1.VolumeMount{ + Name: req.Name, + ReadOnly: true, + MountPath: CertsPath, + }) + + } + // check if ReplicaCount is defined + if gateway.Spec.ReplicaCount != 0 { + ReplicaCount = gateway.Spec.ReplicaCount + } // Define the desired Deployment deployment := &v1.Deployment{ ObjectMeta: metav1.ObjectMeta{ @@ -29,7 +67,7 @@ func createUpdateDeployment(r GatewayReconciler, ctx context.Context, req ctrl.R Labels: gateway.Labels, }, Spec: v1.DeploymentSpec{ - Replicas: int32Ptr(gateway.Spec.ReplicaCount), // Set desired replicas + Replicas: int32Ptr(ReplicaCount), // Set desired replicas Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "app": req.Name, @@ -81,28 +119,11 @@ func createUpdateDeployment(r GatewayReconciler, ctx context.Context, req ctrl.R }, }, }, - Resources: gateway.Spec.Resources, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "config", - MountPath: "/etc/goma", - ReadOnly: true, - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "config", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: req.Name, - }, - }, - }, + Resources: gateway.Spec.Resources, + VolumeMounts: volumeMounts, }, }, + Volumes: volumes, }, }, }, diff --git a/internal/controller/helpers.go b/internal/controller/helpers.go index d20b98c..551d9a6 100644 --- a/internal/controller/helpers.go +++ b/internal/controller/helpers.go @@ -21,6 +21,13 @@ func gatewayConfig(r GatewayReconciler, ctx context.Context, req ctrl.Request, g gomaConfig := &GatewayConfig{} gomaConfig.Version = GatewayConfigVersion gomaConfig.Gateway = mapToGateway(gateway.Spec) + + // attach cert files + if len(gateway.Spec.Server.TlsSecretName) != 0 { + gomaConfig.Gateway.SSLKeyFile = TLSKeyFile + gomaConfig.Gateway.SSLCertFile = TLSCertFile + } + labelSelector := client.MatchingLabels{} var middlewareNames []string // List ConfigMaps in the namespace with the matching label @@ -60,6 +67,11 @@ func updateGatewayConfig(r RouteReconciler, ctx context.Context, req ctrl.Reques gomaConfig := &GatewayConfig{} gomaConfig.Version = GatewayConfigVersion gomaConfig.Gateway = mapToGateway(gateway.Spec) + // attach cert files + if len(gateway.Spec.Server.TlsSecretName) != 0 { + gomaConfig.Gateway.SSLKeyFile = TLSKeyFile + gomaConfig.Gateway.SSLCertFile = TLSCertFile + } labelSelector := client.MatchingLabels{} var middlewareNames []string // List ConfigMaps in the namespace with the matching label diff --git a/internal/controller/var.go b/internal/controller/var.go index add3284..87feeab 100644 --- a/internal/controller/var.go +++ b/internal/controller/var.go @@ -2,7 +2,8 @@ package controller const ( AppImageName = "jkaninda/goma-gateway" - ExtraConfigPath = "/etc/goma/extra/" + ConfigPath = "/etc/goma" + CertsPath = "/etc/goma/certs" BasicAuth = "basic" // basic authentication middlewares JWTAuth = "jwt" // JWT authentication middlewares OAuth = "oauth" @@ -12,6 +13,8 @@ const ( GatewayConfigVersion = "1.0" FinalizerName = "finalizer.gomaproj.jonaskaninda.com" ConfigName = "goma.yml" + TLSCertFile = "/etc/goma/certs/tls.crt" + TLSKeyFile = "/etc/goma/certs/tls.key" ) var (