Skip to content

Commit

Permalink
Adding the generation of keys and certificates
Browse files Browse the repository at this point in the history 
Signed-off-by: Ben <ben@armosec.io>
  • Loading branch information
@slashben
slashben committed Sep 4, 2024
1 parent cd4f88d commit ff90fdf
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 1 deletion.
3 changes: 2 additions & 1 deletion charts/kubescape-operator/templates/storage/apiservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ metadata:
labels:
{{- include "kubescape-operator.labels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.storage.name "tier" .Values.global.namespaceTier) | nindent 4 }}
spec:
insecureSkipTLSVerify: true
insecureSkipTLSVerify: false
caBundle: {{ .Values.global.kubescapeCa | b64enc }}
group: "spdx.softwarecomposition.kubescape.io"
groupPriorityMinimum: 1000
versionPriority: 15
Expand Down
12 changes: 12 additions & 0 deletions charts/kubescape-operator/templates/storage/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,12 @@ spec:
tcpSocket:
port: 8443
env:
- name: TLS_SERVER_CERT_FILE
value: "/etc/tls/tls.crt"
- name: TLS_SERVER_KEY_FILE
value: "/etc/tls/tls.key"
- name: TLS_CLIENT_CA_FILE
value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
- name: "CLEANUP_INTERVAL"
value: "{{ .Values.storage.cleanupInterval }}"
- name: GOMEMLIMIT
Expand Down Expand Up @@ -78,6 +84,9 @@ spec:
- name: {{ .Values.global.cloudConfig }}
mountPath: /etc/config
readOnly: true
- name: "tls"
mountPath: "/etc/tls"
readOnly: true
resources:
{{ toYaml .Values.storage.resources | indent 12 }}
nodeSelector:
Expand Down Expand Up @@ -116,4 +125,7 @@ spec:
- key: "services"
path: "services.json"
{{- end }}
- name: "tls"
secret:
secretName: {{ .Values.storage.name }}
{{- end }}
19 changes: 19 additions & 0 deletions charts/kubescape-operator/templates/storage/tlscertkey.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{{- $ca := genCA "kubescape-cluster-ca" 3650 }}
{{- $_ := set .Values.global "kubescapeCa" $ca.Cert -}}
{{- $cn := .Values.storage.name }}
{{- $dns1 := printf "%s.%s" $cn .Values.ksNamespace }}
{{- $dns2 := printf "%s.%s.svc" $cn .Values.ksNamespace }}
{{- $dns3 := printf "%s.%s.svc.cluster.local" $cn .Values.ksNamespace }}

{{- $cert := genSignedCert $cn nil (list $dns1 $dns2 $dns3) 3650 $ca }}

apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.storage.name }}
namespace: {{ .Values.ksNamespace }}
type: Opaque
data:
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
ca.crt: {{ $ca.Cert | b64enc }}

0 comments on commit ff90fdf

Please sign in to comment.