feat: add tls

2024-11-27 20:54:41 +01:00
parent 19d12f40c7
commit 46d1851f08
7 changed files with 100 additions and 22 deletions
--- a/api/v1beta1/types.go
+++ b/api/v1beta1/types.go
@@ -36,6 +36,8 @@ type Server struct {
 	IdleTimeout int `json:"idleTimeout,omitempty" yaml:"idleTimeout,omitempty"`
 	// LogLevel log level, info, debug, trace, off
 	LogLevel string `json:"logLevel,omitempty" yaml:"logLevel,omitempty"`
+	// tls secret name
+	TlsSecretName string `json:"tlsSecretName,omitempty" yaml:"tlsSecretName,omitempty"`
 	// Redis contains redis database details
 	Redis Redis `json:"redis,omitempty" yaml:"redis,omitempty"`
 	// Cors holds proxy global cors
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -305,6 +305,21 @@ func (in *Middlewares) DeepCopy() *Middlewares {
 	return out
 }

+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Redis) DeepCopyInto(out *Redis) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Redis.
+func (in *Redis) DeepCopy() *Redis {
+	if in == nil {
+		return nil
+	}
+	out := new(Redis)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Route) DeepCopyInto(out *Route) {
 	*out = *in
@@ -488,6 +503,7 @@ func (in *RoutesConfig) DeepCopy() *RoutesConfig {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Server) DeepCopyInto(out *Server) {
 	*out = *in
+	out.Redis = in.Redis
 	in.Cors.DeepCopyInto(&out.Cors)
 	if in.InterceptErrors != nil {
 		in, out := &in.InterceptErrors, &out.InterceptErrors
--- a/config/crd/bases/gomaproj.github.io_gateways.yaml
+++ b/config/crd/bases/gomaproj.github.io_gateways.yaml
@@ -1082,6 +1082,18 @@ spec:
                  readTimeout:
                    description: ReadTimeout defines proxy read timeout
                    type: integer
+                  redis:
+                    description: Redis contains redis database details
+                    properties:
+                      addr:
+                        description: 'Addr redis hostname and port number :'
+                        type: string
+                      password:
+                        type: string
+                    type: object
+                  tlsSecretName:
+                    description: tls secret name
+                    type: string
                  writeTimeout:
                    description: WriteTimeout defines proxy write timeout
                    type: integer
--- a/dist/install.yaml
+++ b/dist/install.yaml
@@ -1090,6 +1090,18 @@ spec:
                  readTimeout:
                    description: ReadTimeout defines proxy read timeout
                    type: integer
+                  redis:
+                    description: Redis contains redis database details
+                    properties:
+                      addr:
+                        description: 'Addr redis hostname and port number :'
+                        type: string
+                      password:
+                        type: string
+                    type: object
+                  tlsSecretName:
+                    description: tls secret name
+                    type: string
                  writeTimeout:
                    description: WriteTimeout defines proxy write timeout
                    type: integer
--- a/internal/controller/deployment.go
+++ b/internal/controller/deployment.go
@@ -21,6 +21,44 @@ import (
 // createUpdateDeployment creates Kubernetes deployment
 func createUpdateDeployment(r GatewayReconciler, ctx context.Context, req ctrl.Request, gateway gomaprojv1beta1.Gateway, imageName string) error {
 	logger := log.FromContext(ctx)
+	var volumes []corev1.Volume
+	var volumeMounts []corev1.VolumeMount
+
+	volumes = append(volumes, corev1.Volume{
+		Name: "config",
+		VolumeSource: corev1.VolumeSource{
+			ConfigMap: &corev1.ConfigMapVolumeSource{
+				LocalObjectReference: corev1.LocalObjectReference{
+					Name: req.Name,
+				},
+			},
+		},
+	})
+	volumeMounts = append(volumeMounts, corev1.VolumeMount{
+		Name:      "config",
+		MountPath: ConfigPath,
+		ReadOnly:  true,
+	})
+	if len(gateway.Spec.Server.TlsSecretName) != 0 {
+		volumes = append(volumes, corev1.Volume{
+			Name: req.Name,
+			VolumeSource: corev1.VolumeSource{
+				Secret: &corev1.SecretVolumeSource{
+					SecretName: gateway.Spec.Server.TlsSecretName,
+				},
+			},
+		})
+		volumeMounts = append(volumeMounts, corev1.VolumeMount{
+			Name:      req.Name,
+			ReadOnly:  true,
+			MountPath: CertsPath,
+		})
+
+	}
+	// check if ReplicaCount is defined
+	if gateway.Spec.ReplicaCount != 0 {
+		ReplicaCount = gateway.Spec.ReplicaCount
+	}
 	// Define the desired Deployment
 	deployment := &v1.Deployment{
 		ObjectMeta: metav1.ObjectMeta{
@@ -29,7 +67,7 @@ func createUpdateDeployment(r GatewayReconciler, ctx context.Context, req ctrl.R
 			Labels:    gateway.Labels,
 		},
 		Spec: v1.DeploymentSpec{
-			Replicas: int32Ptr(gateway.Spec.ReplicaCount), // Set desired replicas
+			Replicas: int32Ptr(ReplicaCount), // Set desired replicas
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{
 					"app":        req.Name,
@@ -82,27 +120,10 @@ func createUpdateDeployment(r GatewayReconciler, ctx context.Context, req ctrl.R
 								},
 							},
 							Resources:    gateway.Spec.Resources,
-							VolumeMounts: []corev1.VolumeMount{
-								{
-									Name:      "config",
-									MountPath: "/etc/goma",
-									ReadOnly:  true,
-								},
-							},
-						},
-					},
-					Volumes: []corev1.Volume{
-						{
-							Name: "config",
-							VolumeSource: corev1.VolumeSource{
-								ConfigMap: &corev1.ConfigMapVolumeSource{
-									LocalObjectReference: corev1.LocalObjectReference{
-										Name: req.Name,
-									},
-								},
-							},
+							VolumeMounts: volumeMounts,
 						},
 					},
+					Volumes: volumes,
 				},
 			},
 		},
--- a/internal/controller/helpers.go
+++ b/internal/controller/helpers.go
@@ -21,6 +21,13 @@ func gatewayConfig(r GatewayReconciler, ctx context.Context, req ctrl.Request, g
 	gomaConfig := &GatewayConfig{}
 	gomaConfig.Version = GatewayConfigVersion
 	gomaConfig.Gateway = mapToGateway(gateway.Spec)
+
+	// attach cert files
+	if len(gateway.Spec.Server.TlsSecretName) != 0 {
+		gomaConfig.Gateway.SSLKeyFile = TLSKeyFile
+		gomaConfig.Gateway.SSLCertFile = TLSCertFile
+	}
+
 	labelSelector := client.MatchingLabels{}
 	var middlewareNames []string
 	// List ConfigMaps in the namespace with the matching label
@@ -60,6 +67,11 @@ func updateGatewayConfig(r RouteReconciler, ctx context.Context, req ctrl.Reques
 	gomaConfig := &GatewayConfig{}
 	gomaConfig.Version = GatewayConfigVersion
 	gomaConfig.Gateway = mapToGateway(gateway.Spec)
+	// attach cert files
+	if len(gateway.Spec.Server.TlsSecretName) != 0 {
+		gomaConfig.Gateway.SSLKeyFile = TLSKeyFile
+		gomaConfig.Gateway.SSLCertFile = TLSCertFile
+	}
 	labelSelector := client.MatchingLabels{}
 	var middlewareNames []string
 	// List ConfigMaps in the namespace with the matching label
--- a/internal/controller/var.go
+++ b/internal/controller/var.go
@@ -2,7 +2,8 @@ package controller

 const (
 	AppImageName         = "jkaninda/goma-gateway"
-	ExtraConfigPath      = "/etc/goma/extra/"
+	ConfigPath           = "/etc/goma"
+	CertsPath            = "/etc/goma/certs"
 	BasicAuth            = "basic" // basic authentication middlewares
 	JWTAuth              = "jwt"   // JWT authentication middlewares
 	OAuth                = "oauth"
@@ -12,6 +13,8 @@ const (
 	GatewayConfigVersion = "1.0"
 	FinalizerName        = "finalizer.gomaproj.jonaskaninda.com"
 	ConfigName           = "goma.yml"
+	TLSCertFile          = "/etc/goma/certs/tls.crt"
+	TLSKeyFile           = "/etc/goma/certs/tls.key"
 )

 var (