Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Funcionality : being able to give an already existing secret as SSL #728

Merged
merged 4 commits into from
Aug 10, 2018
Merged

Funcionality : being able to give an already existing secret as SSL #728

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
40c8c2c
Funcionality : being able to give an already existing secret as SSLw
Jun 15, 2018
08c60bd
Added default values
Jun 22, 2018
9b40097
Refactoring of names
Jul 8, 2018
44fbc11
update https.secret placeholders in values.yaml
minrk Aug 10, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 14 additions & 2 deletions jupyterhub/templates/proxy/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{{- $manualHTTPS := (and .Values.proxy.https.enabled (eq .Values.proxy.https.type "manual")) -}}
{{- $manualHTTPSwithsecret := (and .Values.proxy.https.enabled (eq .Values.proxy.https.type "manualsecret")) -}}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
Expand Down Expand Up @@ -44,6 +45,12 @@ spec:
- key: release
operator: In
values: [{{ .Release.Name | quote }}]
{{- if $manualHTTPSwithsecret }}
volumes:
- name: tls-secret
secret:
secretName: {{ .Values.proxy.https.secret }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you fill out values.yaml with null values for these?

I'm guessing it should look like:

proxy:
  https:
    type: secret
    secret:
      name: 'my-tls-secret'
      key: 'mydomain.key'
      cert: 'mydomain.crt'

Does that look right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the only thing would be that type: manualsecret, but that's easily transformable to secret, I can do that if you want !

{{- end }}
{{- if $manualHTTPS }}
volumes:
- name: tls-secret
Expand All @@ -65,13 +72,18 @@ spec:
- --redirect-port=8000
- --ssl-key=/etc/chp/tls/tls.key
- --ssl-cert=/etc/chp/tls/tls.crt
{{- else if $manualHTTPSwithsecret }}
- --port=8443
- --redirect-port=8000
- --ssl-key=/etc/chp/tls/{{ .Values.proxy.https.keyname }}
- --ssl-cert=/etc/chp/tls/{{ .Values.proxy.https.crtname }}
{{- else }}
- --port=8000
{{- end }}
{{- if .Values.debug.enabled }}
- --log-level=debug
{{- end }}
{{- if $manualHTTPS }}
{{- if or $manualHTTPS $manualHTTPSwithsecret }}
volumeMounts:
- name: tls-secret
mountPath: /etc/chp/tls
Expand All @@ -87,7 +99,7 @@ spec:
key: proxy.token
imagePullPolicy: {{ .Values.proxy.chp.image.pullPolicy }}
ports:
{{- if $manualHTTPS }}
{{- if or $manualHTTPS $manualHTTPSwithsecret }}
- containerPort: 8443
name: proxy-https
{{- end }}
Expand Down
3 changes: 2 additions & 1 deletion jupyterhub/templates/proxy/netpol.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) }}
{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) }}
{{- $manualHTTPS := (and $HTTPS (eq .Values.proxy.https.type "manual")) }}
{{- $manualHTTPSwithsecret := (and .Values.proxy.https.enabled (eq .Values.proxy.https.type "manualsecret")) -}}
{{- if and .Values.proxy.networkPolicy.enabled -}}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
Expand All @@ -25,7 +26,7 @@ spec:
- protocol: TCP
port: 8000
{{- end }}
{{- if $manualHTTPS }}
{{- if or $manualHTTPS $manualHTTPSwithsecret}}
- protocol: TCP
port: 8443
{{- end }}
Expand Down
3 changes: 2 additions & 1 deletion jupyterhub/templates/proxy/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) }}
{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) }}
{{- $manualHTTPS := (and $HTTPS (eq .Values.proxy.https.type "manual")) -}}
{{- $manualHTTPSwithsecret := (and .Values.proxy.https.enabled (eq .Values.proxy.https.type "manualsecret")) -}}
apiVersion: v1
kind: Service
metadata:
Expand Down Expand Up @@ -56,7 +57,7 @@ spec:
- name: https
port: 443
protocol: TCP
{{- if $manualHTTPS }}
{{- if or $manualHTTPS $manualHTTPSwithsecret }}
targetPort: 8443
{{- else }}
targetPort: 443
Expand Down
4 changes: 4 additions & 0 deletions jupyterhub/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,11 +93,15 @@ proxy:
https:
enabled: true
type: letsencrypt
#type: manualsecret
letsencrypt:
contactEmail: ''
manual:
key:
cert:
secret: ""
keyname: ""
crtname: ""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we restructure this a tiny bit so it looks like:

type: "secret"
secret:
  name: ""
  keyname: ""
  crtname: ""

so that the secret-related config is under https.secret instead of at the top level and the 'type' key matches the sub-dict ('secret')?

hosts: []
networkPolicy:
enabled: false
Expand Down