Skip to content

Commit

Permalink
Merge pull request #112 from snyk/fix/missing-caCert-data
Browse files Browse the repository at this point in the history 
fix: create volume mount with cacert when caCertFile is defined
  • Loading branch information
@pavel-snyk
pavel-snyk authored Apr 3, 2024
2 parents 0350353 + bb626fc commit 895d701
Show file tree
Hide file tree
Showing 20 changed files with 125 additions and 96 deletions.
2 changes: 1 addition & 1 deletion charts/snyk-broker/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
name: snyk-broker
version: 2.6.2
version: 2.6.3
description: A Helm chart for Kubernetes
type: application
17 changes: 12 additions & 5 deletions charts/snyk-broker/templates/broker_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ spec:
mountPath: /home/node/private
readOnly: true
{{- end }}
{{- if .Values.caCert }}
{{- if or (.Values.caCert) (.Values.caCertFile) }}
- name: {{ include "snyk-broker.fullname" . }}-cacert-volume
mountPath: /home/node/cacert
readOnly: true
Expand All @@ -95,7 +95,7 @@ spec:
- name: {{ include "snyk-broker.fullname" . }}-tls-secret-volume
mountPath: /home/node/tls-cert/
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{ tpl (toYaml .Values.extraVolumeMounts | indent 14) . }}
{{- end }}
Expand Down Expand Up @@ -373,14 +373,21 @@ spec:
value: {{ .Values.logLevel }}
- name: LOG_ENABLE_BODY
value: {{ .Values.logEnableBody | squote }}
{{- if .Values.caCert }}

{{- if and (.Values.caCert) (not .Values.caCertFile) }}
# HTTPS Inspection
- name: CA_CERT
value: /home/node/cacert/{{ .Values.caCert }}
- name: NODE_EXTRA_CA_CERTS
value: /home/node/cacert/{{ .Values.caCert }}
{{- end }}
{{- if and (.Values.caCertFile) (not .Values.caCert) }}
# HTTPS Inspection
- name: CA_CERT
value: /home/node/cacert/cacert
- name: NODE_EXTRA_CA_CERTS
value: /home/node/cacert/cacert
{{- end }}

{{- if .Values.httpsCert }}
# HTTPS Config
Expand Down Expand Up @@ -460,7 +467,7 @@ spec:
configMap:
name: {{ include "snyk-broker.fullname" . }}-accept-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
{{- end }}
{{- if .Values.caCert }}
{{- if or (.Values.caCert) (.Values.caCertFile) }}
- name: {{ include "snyk-broker.fullname" . }}-cacert-volume
configMap:
name: {{ include "snyk-broker.fullname" . }}-cacert-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
Expand Down
2 changes: 1 addition & 1 deletion charts/snyk-broker/templates/cacert_configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,5 @@ metadata:
labels:
{{- include "snyk-broker.labels" . | nindent 4 }}
data:
cacert: {{ .Values.caCertFile | nindent 4}}
cacert: {{ .Values.caCertFile | toYaml | nindent 4}}
{{- end }}
6 changes: 3 additions & 3 deletions charts/snyk-broker/tests/__snapshot__/broker_cra_deployment_disablesuffixes_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: container-registry-agent-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -108,7 +108,7 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: container-registry-agent-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand All @@ -135,6 +135,6 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
6 changes: 3 additions & 3 deletions charts/snyk-broker/tests/__snapshot__/broker_cra_deployment_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: container-registry-agent-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -108,7 +108,7 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: container-registry-agent-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand All @@ -135,6 +135,6 @@ with CRA:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
6 changes: 3 additions & 3 deletions charts/snyk-broker/tests/__snapshot__/broker_deployment_apprisk_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ apprisk enabled:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -107,7 +107,7 @@ apprisk enabled:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand All @@ -134,6 +134,6 @@ apprisk enabled:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
30 changes: 20 additions & 10 deletions ...snyk-broker/tests/__snapshot__/broker_deployment_configmap_disablesuffixes_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -115,7 +115,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker-service
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -157,7 +157,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: RELEASE-NAME-snyk-broker-cacert-configmap
namespace: NAMESPACE
4: |
Expand All @@ -176,7 +176,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: snyk-broker
namespace: NAMESPACE
cacertfile:
Expand All @@ -188,7 +188,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -229,6 +229,10 @@ cacertfile:
value: info
- name: LOG_ENABLE_BODY
value: "false"
- name: CA_CERT
value: /home/node/cacert/cacert
- name: NODE_EXTRA_CA_CERTS
value: /home/node/cacert/cacert
- name: ACCEPT_CODE
value: "true"
- name: ACCEPT_IAC
Expand Down Expand Up @@ -274,10 +278,16 @@ cacertfile:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts: null
volumeMounts:
- mountPath: /home/node/cacert
name: RELEASE-NAME-snyk-broker-cacert-volume
readOnly: true
securityContext: {}
serviceAccountName: snyk-broker
volumes: null
volumes:
- configMap:
name: RELEASE-NAME-snyk-broker-cacert-configmap
name: RELEASE-NAME-snyk-broker-cacert-volume
2: |
apiVersion: v1
kind: Service
Expand All @@ -286,7 +296,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker-service
namespace: NAMESPACE
spec:
Expand All @@ -307,7 +317,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: RELEASE-NAME-snyk-broker-cacert-configmap
namespace: NAMESPACE
4: |
Expand All @@ -326,6 +336,6 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: snyk-broker
namespace: NAMESPACE
30 changes: 20 additions & 10 deletions charts/snyk-broker/tests/__snapshot__/broker_deployment_configmap_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -115,7 +115,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -157,7 +157,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: RELEASE-NAME-snyk-broker-cacert-configmap-RELEASE-NAME
namespace: NAMESPACE
4: |
Expand All @@ -176,7 +176,7 @@ cacert:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
cacertfile:
Expand All @@ -188,7 +188,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -229,6 +229,10 @@ cacertfile:
value: info
- name: LOG_ENABLE_BODY
value: "false"
- name: CA_CERT
value: /home/node/cacert/cacert
- name: NODE_EXTRA_CA_CERTS
value: /home/node/cacert/cacert
- name: ACCEPT_CODE
value: "true"
- name: ACCEPT_IAC
Expand Down Expand Up @@ -274,10 +278,16 @@ cacertfile:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts: null
volumeMounts:
- mountPath: /home/node/cacert
name: RELEASE-NAME-snyk-broker-cacert-volume
readOnly: true
securityContext: {}
serviceAccountName: snyk-broker-RELEASE-NAME
volumes: null
volumes:
- configMap:
name: RELEASE-NAME-snyk-broker-cacert-configmap-RELEASE-NAME
name: RELEASE-NAME-snyk-broker-cacert-volume
2: |
apiVersion: v1
kind: Service
Expand All @@ -286,7 +296,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker-service-RELEASE-NAME
namespace: NAMESPACE
spec:
Expand All @@ -307,7 +317,7 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: RELEASE-NAME-snyk-broker-cacert-configmap-RELEASE-NAME
namespace: NAMESPACE
4: |
Expand All @@ -326,6 +336,6 @@ cacertfile:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker-RELEASE-NAME
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: snyk-broker-RELEASE-NAME
namespace: NAMESPACE
8 changes: 4 additions & 4 deletions ...k-broker/tests/__snapshot__/broker_deployment_customaccept_disablesuffixes_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ customaccept values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: RELEASE-NAME-snyk-broker-accept-configmap
namespace: NAMESPACE
2: |
Expand All @@ -20,7 +20,7 @@ customaccept values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker
namespace: NAMESPACE
spec:
Expand Down Expand Up @@ -122,7 +122,7 @@ customaccept values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: github-com-broker-service
namespace: NAMESPACE
spec:
Expand All @@ -149,6 +149,6 @@ customaccept values:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-broker
helm.sh/chart: snyk-broker-2.6.2
helm.sh/chart: snyk-broker-2.6.3
name: snyk-broker
namespace: NAMESPACE
Loading

0 comments on commit 895d701

Please sign in to comment.