Skip to content

Commit

Permalink
Adding TLS Secret Support (#91)
Browse files Browse the repository at this point in the history 
* Adding TLS Secret Support

Signed-off-by: David Collom <[email protected]>

* refactor TLSsecret Envs

Signed-off-by: David Collom <[email protected]>

* Adding explicit env variable to enable TLS

Signed-off-by: David Collom <[email protected]>

* Addin TLS Support for Exporter

Signed-off-by: David Collom <[email protected]>

* Linting changes

Signed-off-by: David Collom <[email protected]>

* Bring things up to date

Signed-off-by: David Collom <[email protected]>

* Adding updated CRD's

Signed-off-by: David Collom <[email protected]>

* Adding TLS Examples

Signed-off-by: David Collom <[email protected]>
  • Loading branch information
@davidcollom
davidcollom authored Jan 10, 2022
1 parent fdf1758 commit 3c079cc
Show file tree
Hide file tree
Showing 11 changed files with 624 additions and 23 deletions.
9 changes: 9 additions & 0 deletions api/v1beta1/common_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,15 @@ type RedisExporter struct {
EnvVars *[]corev1.EnvVar `json:"env,omitempty"`
}

// TLS Configuration for redis instances
type TLSConfig struct {
CaKeyFile string `json:"ca,omitempty"`
CertKeyFile string `json:"cert,omitempty"`
KeyFile string `json:"key,omitempty"`
// Reference to secret which contains the certificates
Secret corev1.SecretVolumeSource `json:"secret"`
}

// Sidecar for each Redis pods
type Sidecar struct {
Name string `json:"name"`
Expand Down
1 change: 1 addition & 0 deletions api/v1beta1/redis_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ type RedisSpec struct {
PriorityClassName string `json:"priorityClassName,omitempty"`
Affinity *corev1.Affinity `json:"affinity,omitempty"`
Tolerations *[]corev1.Toleration `json:"tolerations,omitempty"`
TLS *TLSConfig `json:"TLS,omitempty"`
ReadinessProbe *corev1.Probe `json:"readinessProbe,omitempty" protobuf:"bytes,11,opt,name=readinessProbe"`
LivenessProbe *corev1.Probe `json:"livenessProbe,omitempty" protobuf:"bytes,11,opt,name=livenessProbe"`
Sidecars *[]Sidecar `json:"sidecars,omitempty"`
Expand Down
1 change: 1 addition & 0 deletions api/v1beta1/rediscluster_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ type RedisClusterSpec struct {
PriorityClassName string `json:"priorityClassName,omitempty"`
Tolerations *[]corev1.Toleration `json:"tolerations,omitempty"`
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
TLS *TLSConfig `json:"TLS,omitempty"`
Sidecars *[]Sidecar `json:"sidecars,omitempty"`
}

Expand Down
27 changes: 26 additions & 1 deletion api/v1beta1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

149 changes: 149 additions & 0 deletions config/crd/bases/redis.redis.opstreelabs.in_redis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,80 @@ spec:
spec:
description: RedisSpec defines the desired state of Redis
properties:
TLS:
description: TLS Configuration for redis instances
properties:
ca:
type: string
cert:
type: string
key:
type: string
secret:
description: Reference to secret which contains the certificates
properties:
defaultMode:
description: 'Optional: mode bits used to set permissions
on created files by default. Must be an octal value between
0000 and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires decimal
values for mode bits. Defaults to 0644. Directories within
the path are not affected by this setting. This might be
in conflict with other options that affect the file mode,
like fsGroup, and the result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the Data
field of the referenced Secret will be projected into the
volume as a file whose name is the key and content is the
value. If specified, the listed keys will be projected into
the specified paths, and unlisted keys will not be present.
If a key is specified which is not present in the Secret,
the volume setup will error unless it is marked optional.
Paths must be relative and may not contain the '..' path
or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits used to set permissions
on this file. Must be an octal value between 0000
and 0777 or a decimal value between 0 and 511. YAML
accepts both octal and decimal values, JSON requires
decimal values for mode bits. If not specified, the
volume defaultMode will be used. This might be in
conflict with other options that affect the file mode,
like fsGroup, and the result can be other mode bits
set.'
format: int32
type: integer
path:
description: The relative path of the file to map the
key to. May not be an absolute path. May not contain
the path element '..'. May not start with the string
'..'.
type: string
required:
- key
- path
type: object
type: array
optional:
description: Specify whether the Secret or its keys must be
defined
type: boolean
secretName:
description: 'Name of the secret in the pod''s namespace to
use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
required:
- secret
type: object
affinity:
description: Affinity is a group of affinity scheduling rules.
properties:
Expand Down Expand Up @@ -1642,6 +1716,81 @@ spec:
redis:
description: RedisSpec defines the desired state of Redis
properties:
TLS:
description: TLS Configuration for redis instances
properties:
ca:
type: string
cert:
type: string
key:
type: string
secret:
description: Reference to secret which contains the certificates
properties:
defaultMode:
description: 'Optional: mode bits used to set permissions
on created files by default. Must be an octal value
between 0000 and 0777 or a decimal value between 0 and
511. YAML accepts both octal and decimal values, JSON
requires decimal values for mode bits. Defaults to 0644.
Directories within the path are not affected by this
setting. This might be in conflict with other options
that affect the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the
Data field of the referenced Secret will be projected
into the volume as a file whose name is the key and
content is the value. If specified, the listed keys
will be projected into the specified paths, and unlisted
keys will not be present. If a key is specified which
is not present in the Secret, the volume setup will
error unless it is marked optional. Paths must be relative
and may not contain the '..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits used to set permissions
on this file. Must be an octal value between 0000
and 0777 or a decimal value between 0 and 511.
YAML accepts both octal and decimal values, JSON
requires decimal values for mode bits. If not
specified, the volume defaultMode will be used.
This might be in conflict with other options that
affect the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file to map
the key to. May not be an absolute path. May not
contain the path element '..'. May not start with
the string '..'.
type: string
required:
- key
- path
type: object
type: array
optional:
description: Specify whether the Secret or its keys must
be defined
type: boolean
secretName:
description: 'Name of the secret in the pod''s namespace
to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
required:
- secret
type: object
affinity:
description: Affinity is a group of affinity scheduling rules.
properties:
Expand Down
Loading

0 comments on commit 3c079cc

Please sign in to comment.