From 41af51c873e6e371273abf4277e600e7539d4ab6 Mon Sep 17 00:00:00 2001 From: boneys Date: Thu, 18 Jan 2024 17:15:39 -0800 Subject: [PATCH 1/3] Support certificate stores --- .../orkes-conductor/templates/deployment.yaml | 24 +++++++++++++++++++ charts/orkes-conductor/values.yaml | 5 ++++ 2 files changed, 29 insertions(+) diff --git a/charts/orkes-conductor/templates/deployment.yaml b/charts/orkes-conductor/templates/deployment.yaml index 411d478..8ea4a8d 100644 --- a/charts/orkes-conductor/templates/deployment.yaml +++ b/charts/orkes-conductor/templates/deployment.yaml @@ -1,5 +1,6 @@ {{- $securityEnabled := eq (toString .Values.security.enabled) "true" -}} {{- $clusterMode := eq (toString .Values.redis.clusterMode) "true" -}} +{{- $enableCustomTrustStore := eq (toString .Values.enableCustomTrustStore) "true" -}} {{- if $securityEnabled -}} {{- $validation := .Values.security.defaultUserEmail | required "security.defaultUserEmail is required." -}} {{- $validation := .Values.security.defaultUserName | required "security.defaultUserName is required." -}} @@ -330,6 +331,14 @@ spec: value: localhost - name: conductor.worker.http.block.ips value: {{ .Values.workers.blockIps | quote }} + {{- if $enableCustomTrustStore }} + - name: conductor.worker.http.customcerts.enabled + value: "true" + - name: conductor.worker.http.customcerts.path + value: {{ printf "/app/certificates/%s" .Values.jksFileName | quote }} + - name: conductor.worker.http.customcerts.password + value: {{ .Values.jksFilePassword | quote }} + {{- end }} - name: conductor.server.url value: http://{{ include "orkes-conductor.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:5000/api/ {{- if $securityEnabled }} @@ -344,6 +353,12 @@ spec: fieldPath: status.podIP image: "{{ .Values.workerImage.repository }}:{{ .Values.workerImage.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if $enableCustomTrustStore }} + volumeMounts: + - name: custom-truststore-vol + mountPath: {{ printf "/app/certificates/%s" .Values.jksFileName | quote }} + subPath: {{ .Values.jksFileName | quote }} + {{- end }} name: {{ include "orkes-conductor-workers.fullname" . }}-workers resources: limits: @@ -355,6 +370,15 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst + {{- if $enableCustomTrustStore }} + volumes: + - name: custom-truststore-vol + configMap: + name: "custom-truststore-cm" + items: + - key: {{ .Values.jksFileName | quote }} + path: {{ .Values.jksFileName | quote }} + {{- end }} imagePullSecrets: - name: orkesregistry restartPolicy: Always diff --git a/charts/orkes-conductor/values.yaml b/charts/orkes-conductor/values.yaml index c63e4ad..748d400 100644 --- a/charts/orkes-conductor/values.yaml +++ b/charts/orkes-conductor/values.yaml @@ -93,6 +93,11 @@ imageCredentials: email: dockeracess@orkes.io password: +enableCustomTrustStore: false +# If you are using a custom trust store, provide the following variables +#jksFileName: +#jksFilePassword: + security: allowedOrigins: "*" enabled: false From 3c3c1a1c32df9b15b8f572066ffdd24ecc02b13c Mon Sep 17 00:00:00 2001 From: boneys Date: Thu, 18 Jan 2024 19:10:46 -0800 Subject: [PATCH 2/3] Support additional parameters --- charts/orkes-conductor/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/orkes-conductor/values.yaml b/charts/orkes-conductor/values.yaml index 748d400..27a9cad 100644 --- a/charts/orkes-conductor/values.yaml +++ b/charts/orkes-conductor/values.yaml @@ -95,8 +95,8 @@ imageCredentials: enableCustomTrustStore: false # If you are using a custom trust store, provide the following variables -#jksFileName: -#jksFilePassword: +# jksFileName: +# jksFilePassword: security: allowedOrigins: "*" From 9ee4e9a99853108d682165da359428843ef6fa4d Mon Sep 17 00:00:00 2001 From: boneys Date: Thu, 18 Jan 2024 19:18:22 -0800 Subject: [PATCH 3/3] Increasing the version to enable the release --- charts/orkes-conductor-standalone/Chart.yaml | 2 +- charts/orkes-conductor/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/orkes-conductor-standalone/Chart.yaml b/charts/orkes-conductor-standalone/Chart.yaml index 152867e..2c0414c 100644 --- a/charts/orkes-conductor-standalone/Chart.yaml +++ b/charts/orkes-conductor-standalone/Chart.yaml @@ -4,5 +4,5 @@ description: Orkes Conductor Standalone (recommended only for testing and develo type: application -version: 2.6.46 +version: 2.6.47 appVersion: "2.6.46" diff --git a/charts/orkes-conductor/Chart.yaml b/charts/orkes-conductor/Chart.yaml index 5a2ee3e..6e553c5 100644 --- a/charts/orkes-conductor/Chart.yaml +++ b/charts/orkes-conductor/Chart.yaml @@ -4,5 +4,5 @@ description: Orkes Conductor type: application -version: 2.6.46 +version: 2.6.47 appVersion: "2.6.46"