feat: add tls
This commit is contained in:
Jonas Kaninda
@@ -21,6 +21,44 @@ import (
|
||||
// createUpdateDeployment creates Kubernetes deployment
|
||||
func createUpdateDeployment(r GatewayReconciler, ctx context.Context, req ctrl.Request, gateway gomaprojv1beta1.Gateway, imageName string) error {
|
||||
logger := log.FromContext(ctx)
|
||||
var volumes []corev1.Volume
|
||||
var volumeMounts []corev1.VolumeMount
|
||||
|
||||
volumes = append(volumes, corev1.Volume{
|
||||
Name: "config",
|
||||
VolumeSource: corev1.VolumeSource{
|
||||
ConfigMap: &corev1.ConfigMapVolumeSource{
|
||||
LocalObjectReference: corev1.LocalObjectReference{
|
||||
Name: req.Name,
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
volumeMounts = append(volumeMounts, corev1.VolumeMount{
|
||||
Name: "config",
|
||||
MountPath: ConfigPath,
|
||||
ReadOnly: true,
|
||||
})
|
||||
if len(gateway.Spec.Server.TlsSecretName) != 0 {
|
||||
volumes = append(volumes, corev1.Volume{
|
||||
Name: req.Name,
|
||||
VolumeSource: corev1.VolumeSource{
|
||||
Secret: &corev1.SecretVolumeSource{
|
||||
SecretName: gateway.Spec.Server.TlsSecretName,
|
||||
},
|
||||
},
|
||||
})
|
||||
volumeMounts = append(volumeMounts, corev1.VolumeMount{
|
||||
Name: req.Name,
|
||||
ReadOnly: true,
|
||||
MountPath: CertsPath,
|
||||
})
|
||||
|
||||
}
|
||||
// check if ReplicaCount is defined
|
||||
if gateway.Spec.ReplicaCount != 0 {
|
||||
ReplicaCount = gateway.Spec.ReplicaCount
|
||||
}
|
||||
// Define the desired Deployment
|
||||
deployment := &v1.Deployment{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
@@ -29,7 +67,7 @@ func createUpdateDeployment(r GatewayReconciler, ctx context.Context, req ctrl.R
|
||||
Labels: gateway.Labels,
|
||||
},
|
||||
Spec: v1.DeploymentSpec{
|
||||
Replicas: int32Ptr(gateway.Spec.ReplicaCount), // Set desired replicas
|
||||
Replicas: int32Ptr(ReplicaCount), // Set desired replicas
|
||||
Selector: &metav1.LabelSelector{
|
||||
MatchLabels: map[string]string{
|
||||
"app": req.Name,
|
||||
@@ -81,28 +119,11 @@ func createUpdateDeployment(r GatewayReconciler, ctx context.Context, req ctrl.R
|
||||
},
|
||||
},
|
||||
},
|
||||
Resources: gateway.Spec.Resources,
|
||||
VolumeMounts: []corev1.VolumeMount{
|
||||
{
|
||||
Name: "config",
|
||||
MountPath: "/etc/goma",
|
||||
ReadOnly: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
Volumes: []corev1.Volume{
|
||||
{
|
||||
Name: "config",
|
||||
VolumeSource: corev1.VolumeSource{
|
||||
ConfigMap: &corev1.ConfigMapVolumeSource{
|
||||
LocalObjectReference: corev1.LocalObjectReference{
|
||||
Name: req.Name,
|
||||
},
|
||||
},
|
||||
},
|
||||
Resources: gateway.Spec.Resources,
|
||||
VolumeMounts: volumeMounts,
|
||||
},
|
||||
},
|
||||
Volumes: volumes,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
@@ -21,6 +21,13 @@ func gatewayConfig(r GatewayReconciler, ctx context.Context, req ctrl.Request, g
|
||||
gomaConfig := &GatewayConfig{}
|
||||
gomaConfig.Version = GatewayConfigVersion
|
||||
gomaConfig.Gateway = mapToGateway(gateway.Spec)
|
||||
|
||||
// attach cert files
|
||||
if len(gateway.Spec.Server.TlsSecretName) != 0 {
|
||||
gomaConfig.Gateway.SSLKeyFile = TLSKeyFile
|
||||
gomaConfig.Gateway.SSLCertFile = TLSCertFile
|
||||
}
|
||||
|
||||
labelSelector := client.MatchingLabels{}
|
||||
var middlewareNames []string
|
||||
// List ConfigMaps in the namespace with the matching label
|
||||
@@ -60,6 +67,11 @@ func updateGatewayConfig(r RouteReconciler, ctx context.Context, req ctrl.Reques
|
||||
gomaConfig := &GatewayConfig{}
|
||||
gomaConfig.Version = GatewayConfigVersion
|
||||
gomaConfig.Gateway = mapToGateway(gateway.Spec)
|
||||
// attach cert files
|
||||
if len(gateway.Spec.Server.TlsSecretName) != 0 {
|
||||
gomaConfig.Gateway.SSLKeyFile = TLSKeyFile
|
||||
gomaConfig.Gateway.SSLCertFile = TLSCertFile
|
||||
}
|
||||
labelSelector := client.MatchingLabels{}
|
||||
var middlewareNames []string
|
||||
// List ConfigMaps in the namespace with the matching label
|
||||
|
||||
@@ -2,7 +2,8 @@ package controller
|
||||
|
||||
const (
|
||||
AppImageName = "jkaninda/goma-gateway"
|
||||
ExtraConfigPath = "/etc/goma/extra/"
|
||||
ConfigPath = "/etc/goma"
|
||||
CertsPath = "/etc/goma/certs"
|
||||
BasicAuth = "basic" // basic authentication middlewares
|
||||
JWTAuth = "jwt" // JWT authentication middlewares
|
||||
OAuth = "oauth"
|
||||
@@ -12,6 +13,8 @@ const (
|
||||
GatewayConfigVersion = "1.0"
|
||||
FinalizerName = "finalizer.gomaproj.jonaskaninda.com"
|
||||
ConfigName = "goma.yml"
|
||||
TLSCertFile = "/etc/goma/certs/tls.crt"
|
||||
TLSKeyFile = "/etc/goma/certs/tls.key"
|
||||
)
|
||||
|
||||
var (
|
||||
|
||||
Reference in New Issue
Block a user