Skip to content

Commit

Permalink
Merge pull request #78 from mainflux/certs
Browse files Browse the repository at this point in the history 
NOISSUE - Add certs service and deployment charts
  • Loading branch information
@blokovi
blokovi authored Feb 23, 2021
2 parents 1bcf36f + 5caeac9 commit 8308d4c
Show file tree
Hide file tree
Showing 5 changed files with 136 additions and 0 deletions.
5 changes: 5 additions & 0 deletions charts/mainflux/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,11 @@ dependencies:
repository: "@bitnami"
alias: postgresql-bootstrap
condition: bootstrap.enabled
- name: postgresql
version: "10.2.3"
repository: "@bitnami"
alias: postgresql-certs
condition: certs.enabled
- name: redis
version: "12.6.2"
repository: "@bitnami"
Expand Down
1 change: 1 addition & 0 deletions charts/mainflux/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ The following table lists the configurable parameters and their default values.
| twins.dbPort | Twins service DB port | 27017 |
| twins.httpPort | Twins service HTTP port | 9021 |
| twins.redisCachePort | Twins service Redis Cache port | 6379 |
| certs.enabled | Enable certs service | false |

All Mainflux services (both core and add-ons) can have their `logLevel`, `image.pullPolicy`, `image.repository` and `image.tag` overridden.

Expand Down
84 changes: 84 additions & 0 deletions charts/mainflux/templates/certs-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
# Copyright (c) Mainflux
# SPDX-License-Identifier: Apache-2.0

{{- if .Values.certs.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-certs
spec:
selector:
matchLabels:
app: {{ .Release.Name }}
component: certs
template:
metadata:
labels:
app: {{ .Release.Name }}
component: certs
spec:
containers:
- env:
- name: MF_CERTS_LOG_LEVEL
value: {{ default .Values.defaults.logLevel .Values.certs.logLevel }}
- name: MF_JAEGER_URL
value: {{ .Release.Name }}-jaeger-operator-jaeger-agent:{{ .Values.defaults.jaegerPort }}
- name: MF_CERTS_DB_HOST
value: {{ .Release.Name }}-postgresql-certs
- name: MF_CERTS_DB
value: {{ index .Values "postgresql-certs" "postgresqlDatabase" }}
- name: MF_CERTS_DB_PASS
value: {{ index .Values "postgresql-certs" "postgresqlPassword" }}
- name: MF_CERTS_DB_PORT
value: "{{ .Values.certs.dbPort }}"
- name: MF_CERTS_DB_USER
value: {{ index .Values "postgresql-certs" "postgresqlUsername" }}
- name: MF_CERTS_DB_SSL_MODE
value: disable
- name: MF_CERTS_DB_SSL_CERT
value: disable
- name: MF_CERTS_DB_SSL_KEY
value: disable
- name: MF_CERTS_DB_SSL_ROOT_CERT
value: disable
- name: MF_CERTS_ENCRYPT_KEY
value: {{ index .Values "certs" "encryptKey" }}
- name: MF_CERTS_CLIENT_TLS
value: {{ index .Values "certs" "clientTLS" }}
- name: MF_CERTS_SERVER_CERT
value: {{ index .Values "certs" "serverCert" }}
- name: MF_CERTS_SERVER_KEY
value: {{ index .Values "certs" "serverKey" }}
- name: MF_CERTS_HTTP_PORT
value: "{{ .Values.certs.httpPort }}"
- name: MF_AUTH_GRPC_URL
value: {{ .Release.Name }}-envoy:{{ .Values.authn.grpcPort }}
- name: MF_SDK_BASE_URL
value: http://{{ .Release.Name }}-things:{{ .Values.things.httpPort }}
- name: MF_SDK_THINGS_PREFIX
value: {{ index .Values "certs" "sdkThingsPrefix" }}
- name: MF_CERTS_SIGN_CA_PATH
value: {{ index .Values "certs" "signCAPath" }}
- name: MF_CERTS_SIGN_CA_KEY_PATH
value: {{ index .Values "certs" "signCAKeyPath" }}
- name: MF_CERTS_SIGN_HOURS_VALID
value: {{ index .Values "certs" "signHoursValid" }}
- name: MF_CERTS_SIGN_RSA_BITS
value: "{{ .Values.certs.signRSABits }}"
- name: MF_CERTS_VAULT_TOKEN
value: {{ index .Values "certs" "signVaultToken" }}
- name: MF_CERTS_VAULT_HOST
value: {{ index .Values "certs" "signVaultHost" }}
- name: MF_CERTS_VAULT_PKI_PATH
value: {{ index .Values "certs" "signVaultPKIPath" }}
- name: MF_CERTS_VAULT_ROLE
value: {{ index .Values "certs" "signVaultRole" }}
image: "{{ default .Values.defaults.image.repository .Values.certs.image.repository }}/certs:{{ default .Values.defaults.image.tag .Values.certs.image.tag }}"
imagePullPolicy: {{ default .Values.defaults.image.pullPolicy .Values.certs.image.pullPolicy }}
name: {{ .Release.Name }}-certs
ports:
- containerPort: {{ .Values.certs.httpPort }}
protocol: TCP
dnsPolicy: ClusterFirst
restartPolicy: Always
{{- end }}
17 changes: 17 additions & 0 deletions charts/mainflux/templates/certs-service.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Copyright (c) Mainflux
# SPDX-License-Identifier: Apache-2.0

{{- if .Values.certs.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}-certs
spec:
selector:
app: {{ .Release.Name }}
component: certs
ports:
- port: {{ .Values.certs.httpPort }}
protocol: TCP
name: {{ .Release.Name }}-certs-{{ .Values.certs.httpPort }}
{{- end }}
29 changes: 29 additions & 0 deletions charts/mainflux/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,26 @@ bootstrap:
httpPort: 8182
redisESPort: 6379

certs:
enabled: false
image: {}
dbPort: 5432
httpPort: 8204
logLevel: "info"
sdkThingsPrefix: ""
encryptKey: ""
clientTLS: ""
serverCert: ""
serverKey: ""
signCAPath: "/etc/ssl/certs/ca.crt"
signCAKeyPath: "/etc/ssl/certs/ca.key"
signHoursValid: "2048h"
signRSABits: 2048
signVaultToken: ""
signVaultHost: ""
signVaultPKIPath: "pki_int"
signVaultRole: "agent"

ui:
image: {}
port: 3000
Expand Down Expand Up @@ -180,6 +200,15 @@ postgresql-bootstrap:
requests:
cpu: 25m

postgresql-certs:
name: postgresql-certs
postgresqlUsername: postgres
postgresqlPassword: mainflux
postgresqlDatabase: certs
resources:
requests:
cpu: 25m

redis-streams:
volumePermissions:
enabled: true
Expand Down

0 comments on commit 8308d4c

Please sign in to comment.