Skip to content

Commit

Permalink
Merge pull request #48 from port-labs/PORT-5476-support-ssl-certifica…
Browse files Browse the repository at this point in the history 
…te-for-port-agent

Port 5476 support ssl certificate for port agent
  • Loading branch information
@yairsimantov20
yairsimantov20 authored Dec 7, 2023
2 parents 6dbc75a + f906e1f commit 79d7508
Show file tree
Hide file tree
Showing 11 changed files with 82 additions and 16 deletions.
2 changes: 1 addition & 1 deletion charts/port-agent/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: port-agent
description: A Helm chart for Port Agent
type: application
version: 0.6.4
version: 0.6.5
appVersion: "v0.6.4"
home: https://getport.io/
sources:
Expand Down
21 changes: 20 additions & 1 deletion charts/port-agent/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ For example, to use the `KafkaToWebhookStreamer` Streamer, use the following com
--set env.secret.PORT_CLIENT_SECRET=YOUR_PORT_CLIENT_SECRET

*

Replace `YOUR_PORT_ORG_ID`, `YOUR_KAFKA_CONSUMER_GROUP_ID`, `YOUR_PORT_CLIENT_ID`, `YOUR_PORT_CLIENT_SECRET`
with the values that Port supplied you.

Expand Down Expand Up @@ -72,11 +73,29 @@ The following table lists the configuration parameters of the `port-agent` chart
| `nodeSelector` | NodeSelector applied to the pod | `{}` |
| `tolerations` | Tolerations applied to the pod | `[]` |
| `affinity` | Affinity applied to the pod | `{}` |
| `selfSignedCertificate.enabled` | Enable self-signed certificate trust for the integration. | `false` |
| `selfSignedCertificate.certificate` | The value of the self-signed certificate (only when `selfSignedCertificate.enabled=true`) | `""` |

To override values in `helm install`, use either the `--set` flag or the `--set-file` flag to set individual values from a file.
To override values in `helm install`, use either the `--set` flag or the `--set-file` flag to set individual values from
a file.

Alternatively, you can use a YAML file that specifies the values while installing the chart. For example:

helm install my-port-agent port-labs/port-agent \
--create-namespace --namespace port-agent \
-f custom_values.yaml


### Self-signed certificate trust
For self-hosted 3rd-party applications with self-signed certificates, you will need to add your CA to the integration's configuration.
To do so, you will need to run the `helm install` command with the following flags:

```sh
helm install my-port-agent port-labs/port-agent \
--create-namespace --namespace port-agent \
-f custom_values.yaml
# Flag for enabling self signed certificates
--set selfSignedCertificate.enabled=true \
# Flag for passing the certificate file
--set-file selfSignedCertificate.certificate=/PATH/TO/CERTIFICATE.crt
```
9 changes: 9 additions & 0 deletions charts/port-agent/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,3 +75,12 @@ Create the list of environment variables
value: {{ $val | quote }}
{{- end}}
{{- end }}


{{/*
Get self signed cert secret name
*/}}
{{- define "selfSignedCertName" -}}
{{ $prefix:= include "port-agent.fullname" . }}
{{- printf "%s-cert" $prefix }}
{{- end }}
9 changes: 9 additions & 0 deletions charts/port-agent/templates/certificate_secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{{- if .Values.selfSignedCertificate.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "selfSignedCertName" . }}
type: Opaque
data:
crt: {{ .Values.selfSignedCertificate.certificate | b64enc }}
{{- end }}
24 changes: 24 additions & 0 deletions charts/port-agent/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,15 @@ spec:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.selfSignedCertificate.enabled }}
command: [ "sh", "-c", "update-ca-certificates && python3 main.py" ]
{{- end }}
env:
{{- if .Values.selfSignedCertificate.enabled }}
{{/* Used for requests library in python - For httpx please use SSL_CERT_FILE */}}
- name: REQUESTS_CA_BUNDLE
value: /etc/ssl/certs/ca-certificates.crt
{{- end }}
{{- include "port-agent.envVariables" . | indent 12 }}
{{- if eq .Values.secret.useExistingSecret true }}
envFrom:
Expand All @@ -45,12 +53,28 @@ spec:
name: {{ include "port-agent.fullname" . }}
subPath: controlThePayloadConfig
{{- end }}
{{- if .Values.selfSignedCertificate.enabled }}
- name: certificates
mountPath: /usr/local/share/ca-certificates/cert.crt
subPath: cert.crt
readOnly: true
{{- end }}
volumes:
{{- if .Values.controlThePayloadConfig }}
- name: {{ include "port-agent.fullname" . }}
configMap:
name: {{ include "port-agent.fullname" . }}
{{- end }}
{{- if .Values.selfSignedCertificate.enabled }}
- name: certificates
projected:
sources:
- secret:
name: {{ include "selfSignedCertName" . }}
items:
- key: crt
path: cert.crt
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
4 changes: 4 additions & 0 deletions charts/port-agent/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,7 @@ nodeSelector: {}
tolerations: []

affinity: {}

selfSignedCertificate:
enabled: false
certificate: ""
2 changes: 1 addition & 1 deletion charts/port-ocean/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: port-ocean
description: A Helm chart for Port Ocean integrations
type: application
version: 0.1.9
version: 0.1.10
appVersion: "0.1.0"
home: https://getport.io/
sources:
Expand Down
8 changes: 4 additions & 4 deletions charts/port-ocean/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,8 @@ The following table lists the configuration parameters of the `port-ocean` chart
| `integration.type` | Type of the integration. i.e (`pager-duty`) | `""` |
| `integration.config` | Configuration for the integration. | `{}` |
| `integration.secrets` | Secrets for the integration (irrelevant if secret.useExistingSecret=true). | `{}` |
| `integration.selfSignedCertificate.enabled` | Enable self-signed certificate trust for the integration. | `false` |
| `integration.selfSignedCertificate.certificate` | The value of the self-signed certificate (only when `integration.selfSignedCertificate.enabled=true`) | `""` |
| `selfSignedCertificate.enabled` | Enable self-signed certificate trust for the integration. | `false` |
| `selfSignedCertificate.certificate` | The value of the self-signed certificate (only when `selfSignedCertificate.enabled=true`) | `""` |
| `eventListener.type` | Type of the event listener for the integration, one of the following "WEBHOOK" / "KAFKA" / "SAMPLE" | `"KAFKA"` |

To override values in `helm install`, use either the `--set` flag.
Expand All @@ -99,7 +99,7 @@ helm install my-ocean-integration port-labs/port-ocean \
--create-namespace --namespace port-ocean \
-f custom_values.yaml \
# Flag for enabling self signed certificates
--set integration.selfSignedCertificate.enabled=true \
--set selfSignedCertificate.enabled=true \
# Flag for passing the certificate file
--set-file integration.selfSignedCertificate.certificate=/PATH/TO/CERTIFICATE.crt
--set-file selfSignedCertificate.certificate=/PATH/TO/CERTIFICATE.crt
```
4 changes: 2 additions & 2 deletions charts/port-ocean/templates/certificate_secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{{- if .Values.integration.selfSignedCertificate.enabled }}
{{- if .Values.selfSignedCertificate.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "port-ocean.selfSignedCertName" . }}
type: Opaque
data:
crt: {{ .Values.integration.selfSignedCertificate.certificate | b64enc }}
crt: {{ .Values.selfSignedCertificate.certificate | b64enc }}
{{- end }}
8 changes: 4 additions & 4 deletions charts/port-ocean/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
containers:
- name: {{ include "port-ocean.containerName" . }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- if .Values.integration.selfSignedCertificate.enabled }}
{{- if .Values.selfSignedCertificate.enabled }}
command: ["sh", "-c", "update-ca-certificates && ocean sail"]
{{- end }}
image: ghcr.io/port-labs/port-ocean-{{ .Values.integration.type }}:{{ .Values.integration.version | default "latest" }}
Expand All @@ -24,7 +24,7 @@ spec:
- containerPort: {{.Values.service.port}}
protocol: TCP
{{- end }}
{{- if .Values.integration.selfSignedCertificate.enabled }}
{{- if .Values.selfSignedCertificate.enabled }}
env:
- name: SSL_CERT_FILE
value: /etc/ssl/certs/ca-certificates.crt
Expand All @@ -35,14 +35,14 @@ spec:
- secretRef:
name: {{ include "port-ocean.secretName" . }}
volumeMounts:
{{- if .Values.integration.selfSignedCertificate.enabled }}
{{- if .Values.selfSignedCertificate.enabled }}
- name: certificates
mountPath: /usr/local/share/ca-certificates/cert.crt
subPath: cert.crt
readOnly: true
{{- end }}
volumes:
{{- if .Values.integration.selfSignedCertificate.enabled }}
{{- if .Values.selfSignedCertificate.enabled }}
- name: certificates
projected:
sources:
Expand Down
7 changes: 4 additions & 3 deletions charts/port-ocean/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ integration:
eventListener:
type: "KAFKA"
brokers: "b-1-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196,b-2-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196,b-3-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196"
selfSignedCertificate:
enabled: false
certificate: ""

selfSignedCertificate:
enabled: false
certificate: ""

0 comments on commit 79d7508

Please sign in to comment.