fix IngressRouteTCP

charts/mongodb/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: mongodb
 description: A Helm chart for deploying a mongodb
 type: application
-version: 0.0.8
+version: 0.0.9
 appVersion: 6.0.0

charts/mongodb/openssl-test-server.cnf

@@ -0,0 +1,56 @@
+[ req ]
+default_bits = 4096
+default_keyfile = myTestServerCertificateKey.pem    ## The default private key file name.
+default_md = sha256
+distinguished_name = req_dn
+req_extensions = v3_req
+
+[ v3_req ]
+subjectKeyIdentifier  = hash
+basicConstraints = CA:FALSE
+keyUsage = critical, digitalSignature, keyEncipherment
+nsComment = "OpenSSL Generated Certificate"
+extendedKeyUsage  = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = mongo-0.demo2.open-iap.com
+DNS.2 = mongo-1.demo2.open-iap.com
+DNS.3 = mongoarbiter-0.demo2.open-iap.com
+DNS.4 = mongo-0.demo3.open-iap.com
+DNS.5 = mongo-1.demo3.open-iap.com
+DNS.6 = mongoarbiter-0.demo3.open-iap.com
+DNS.7 = mongo-0.demo2.openiap.io
+DNS.8 = mongo-1.demo2.openiap.io
+DNS.9 = mongoarbiter-0.demo2.openiap.io
+DNS.10 = mongo-0.demo3.openiap.io
+DNS.11 = mongo-1.demo3.openiap.io
+DNS.12 = mongoarbiter-0.demo3.openiap.io
+
+
+[ req_dn ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64

charts/mongodb/templates/deployment.yaml

@@ -59,6 +59,18 @@ spec:
         args: 
         # - "-c"
         # - "/usr/local/bin/docker-entrypoint.sh"
+        {{- if .Values.tls.enabled }}
+        - "--tlsMode"
+        - "preferTLS"
+        - "--tlsCertificateKeyFile"
+        - {{ .Values.tls.certfile | quote }}
+          {{- if .Values.tls.certpassword }}
+        - "--tlsCertificateKeyFilePassword"
+        - {{ .Values.tls.certpassword | quote }}
+         {{- end }}
+        # - "--tlsCAFile"
+        # - {{ .Values.tls.cafile | quote }}
+        {{- end }}
         - "--dbpath"
         - "/data/db"
         - "--replSet" 
@@ -121,8 +133,33 @@ spec:
           - name: MONGODB_RSNAME
             value: {{ .Values.rsname | quote }}
           - name: KUBE_NAMESPACE
-            value: {{.Release.Namespace | quote }}
-          {{- if and .Values.service.domainprefix (gt (len .Values.service.external) 0) }}
+            value: {{ .Release.Namespace | quote }}
+          {{- if .Values.tls.enabled }}
+          - name: TLS_SELFSIGN
+            value: {{ .Values.tls.enabled | quote }}
+          - name: TLS_KEYFILE
+            value: {{ .Values.tls.certfile | quote }}
+            {{- if .Values.tls.ca_private }}
+          - name: TLS_CA_PRIVATE
+            value: {{ .Values.tls.ca_private | quote }}
+            {{- end }}
+            {{- if .Values.tls.ca_cert }}
+          - name: TLS_CA_CERT
+            value: {{ .Values.tls.ca_cert | quote }}
+            {{- end }}
+            {{- if .Values.tls.certpassword }}
+          - name: TLS_KEYPASSWORD
+            value: {{ .Values.tls.certpassword | quote }}
+            {{- end }}
+          - name: TLS_CAFILE
+            value: {{ .Values.tls.cafile | quote }}
+          - name: TLS_DNS_HOSTS
+            value: {{ .Values.tls.dns_hosts | quote }}
+          {{- end }}
+          {{- if (and .Values.ingress.domainprefix .Values.ingress.enabled) }}
+          - name: EXTERNAL_DOMAIN
+            value: {{.Values.ingress.domainprefix}}
+          {{- else if and .Values.service.domainprefix (gt (len .Values.service.external) 0) }}
           - name: EXTERNAL_DOMAIN
             value: {{.Values.service.domainprefix}}
           {{- end }}
@@ -243,6 +280,20 @@ spec:
         - "--keyFile"
         - "/data/db/mongodb.key"
         {{- end }}
+        {{- if .Values.tls.enabled }}
+        - "--tlsMode"
+        - "preferTLS"
+        - "--tlsCertificateKeyFile"
+        - {{ .Values.tls.certfile | quote }}
+          {{- if .Values.tls.certpassword }}
+        - "--tlsCertificateKeyFilePassword"
+        - {{ .Values.tls.certpassword | quote }}
+         {{- end }}
+         {{- if .Values.tls.addcafilearg }}
+        - "--tlsCAFile"
+        - {{ .Values.tls.cafile | quote }}
+        {{- end }}
+        {{- end }}
         env:
           {{- if .Values.auth.enabled }}
           - name: MONGO_INITDB_ROOT_USERNAME

charts/mongodb/templates/svc.yaml

@@ -59,9 +59,12 @@ spec:
   # - match: HostSNIRegexp(`mongo-{subdomain:[[:ascii:]]+}.{{$.Values.ingress.domainprefix}}`)
   - match: HostSNI(`mongo-{{ $mongocount }}.{{$.Values.ingress.domainprefix}}`)
     services:
-    - name: mongo
+    - name: mongo-{{ $mongocount }}
       port: 27017
-    {{- if $.Values.ingress.certResolver }}
+    {{- if $.Values.ingress.passthrough }}
+  tls:
+    passthrough: true
+    {{- else if $.Values.ingress.certResolver }}
   tls:
     certResolver: {{$.Values.ingress.certResolver}}
     domains:

charts/mongodb/values.yaml

@@ -37,6 +37,14 @@ auth:
   initdbrole: readWrite
   # To generate one your slef use: openssl rand -base64 756
   key: D3vzi4V4znL2WrDcWX6MWOi3NvH0sSeYp9pyHTw9Tmgi3q6ljn62qMLPAz4VHHRMER/6A4rFPM3PlVQ5WSx8zD+OFMwuJOZQ8hiQSqz312pBFvm3geV/i5bc42nm9XAM2MaDUIKugRT8a0G4qgJLSYhDlwKYnD09DKeRvbEQ5USt41nzF+Ki72vKmz4qDS8hKDBq4P2TWBbUTKwkBKOLf4CCpCF/9DMZszj61L8P6Dl7rFkSW3b5cN2VOBwREMVPdCHqf4J7PueiWvOHDdMXNcOLvTLKN+R0GFr/TFwnoAlMGj1hgWj0BrfrZM967wIvyaqs/8QoaQlwLB73lZSFgE/TN38fEYYmraQ56naGP24EeEDjMl6HZQLnSxySykjuiYnd9Xk+NqdXhc1fIty2rPyAehJ4yWDsynnWQaA91nSo2k24cHO5OKYqR4eZmDwpLo/5kj48AlvOgCmZ6Uq5x47KJJrR6fxmBGbvMg5GmK5GNXnJKzzSzi3BzoB7bSHW/lE1bnpNKr9A5BQml1P6C4DkUTRJamRQHGB9yainxeynFcq22D7FgDvqnJLkKgE1gm51w8URMRI+Hh7EbffQoAJI82pvyKSCRi1NX5O55AZjKVYURkeVwe02fNveIDj05agZpfIZly0G8WLzTiiNf6dxa24YFUjPBu2Cq6PlGQRx5SE2/U8S+6IRKo1mV+fuTu5vqcYKFrkYEDamzYit62Pwh0hjpj8RX5qvRMBgCnk5mfZs8vijGa1TUm7RIiJBpLjySD7wwWiir+E9Dm6JJOdIX0YIHYRrWvi3cxRmTT6ZeONMOo7+tTitysBtkGzpl5pf0qehvi0qy6W8wCgYWbdHo9PpHFLbLz7bVsyZLNxa4cLs5C43e1Gk34QXwmOA6OzimBSq1GrKp+gM0sQhuCgAsM2nsyzOt1CESegnjRhwkkgWl/9QpDfdmlN1dFvaSybYuaQA1QZYuzJ8acHohP/q6r9l
+tls:
+  enabled: false
+  selfsigned: true
+  certfile: /data/db/cert.pem
+  keypassword: 
+  addcafilearg: false
+  cafile: /data/db/ca.pem
+  capassword: 
 service:
   # by default with create a headless service named mongo
   # so each node can be accessed directly using mongo-0.mongo and mongo-1.mongo and so on
@@ -57,6 +65,7 @@ ingress:
   # and either create a dedicated port, and use a port with ssl support, normally called websecure
   enabled: false
   domainprefix: # Domain prefix used for ingress rule
+  tlspassthrough: false
   certResolver: 
   externalport: 443 # used for generating connection strings, what port is the entryPoint mapped to ?
   entryPoints:

index.yaml

@@ -75,6 +75,16 @@ entries:
     - https://github.com/open-rpa/helm-charts/releases/download/calendso-0.1.1/calendso-0.1.1.tgz
     version: 0.1.1
   mongodb:
+  - apiVersion: v2
+    appVersion: 6.0.0
+    created: "2022-12-18T22:56:07.22086273+01:00"
+    description: A Helm chart for deploying a mongodb
+    digest: b57825b6ef2f99558982def8c7bab893146581aa5e23e238df9d2039a3625fe3
+    name: mongodb
+    type: application
+    urls:
+    - https://github.com/open-rpa/helm-charts/releases/download/mongodb-0.0.9/mongodb-0.0.9.tgz
+    version: 0.0.9
   - apiVersion: v2
     appVersion: 6.0.0
     created: "2022-12-16T12:48:48.38588112+01:00"
@@ -1582,4 +1592,4 @@ entries:
     urls:
     - https://github.com/open-rpa/helm-charts/releases/download/rocketchat-3.0.2/rocketchat-3.0.2.tgz
     version: 3.0.2
-generated: "2022-12-16T12:48:48.633424654+01:00"
+generated: "2022-12-18T22:56:07.441147908+01:00"