diff --git a/charts/port-agent/Chart.yaml b/charts/port-agent/Chart.yaml index 469fcc1..d36dd2c 100644 --- a/charts/port-agent/Chart.yaml +++ b/charts/port-agent/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: port-agent description: A Helm chart for Port Agent type: application -version: 0.6.4 +version: 0.6.5 appVersion: "v0.6.4" home: https://getport.io/ sources: diff --git a/charts/port-agent/README.md b/charts/port-agent/README.md index 6e60fbc..1583dc0 100644 --- a/charts/port-agent/README.md +++ b/charts/port-agent/README.md @@ -31,6 +31,7 @@ For example, to use the `KafkaToWebhookStreamer` Streamer, use the following com --set env.secret.PORT_CLIENT_SECRET=YOUR_PORT_CLIENT_SECRET * + Replace `YOUR_PORT_ORG_ID`, `YOUR_KAFKA_CONSUMER_GROUP_ID`, `YOUR_PORT_CLIENT_ID`, `YOUR_PORT_CLIENT_SECRET` with the values that Port supplied you. @@ -72,11 +73,29 @@ The following table lists the configuration parameters of the `port-agent` chart | `nodeSelector` | NodeSelector applied to the pod | `{}` | | `tolerations` | Tolerations applied to the pod | `[]` | | `affinity` | Affinity applied to the pod | `{}` | +| `selfSignedCertificate.enabled` | Enable self-signed certificate trust for the integration. | `false` | +| `selfSignedCertificate.certificate` | The value of the self-signed certificate (only when `selfSignedCertificate.enabled=true`) | `""` | -To override values in `helm install`, use either the `--set` flag or the `--set-file` flag to set individual values from a file. +To override values in `helm install`, use either the `--set` flag or the `--set-file` flag to set individual values from +a file. Alternatively, you can use a YAML file that specifies the values while installing the chart. For example: helm install my-port-agent port-labs/port-agent \ --create-namespace --namespace port-agent \ -f custom_values.yaml + + +### Self-signed certificate trust +For self-hosted 3rd-party applications with self-signed certificates, you will need to add your CA to the integration's configuration. +To do so, you will need to run the `helm install` command with the following flags: + +```sh +helm install my-port-agent port-labs/port-agent \ + --create-namespace --namespace port-agent \ + -f custom_values.yaml + # Flag for enabling self signed certificates + --set selfSignedCertificate.enabled=true \ + # Flag for passing the certificate file + --set-file selfSignedCertificate.certificate=/PATH/TO/CERTIFICATE.crt +``` \ No newline at end of file diff --git a/charts/port-agent/templates/_helpers.tpl b/charts/port-agent/templates/_helpers.tpl index 74ffd16..2888440 100644 --- a/charts/port-agent/templates/_helpers.tpl +++ b/charts/port-agent/templates/_helpers.tpl @@ -75,3 +75,12 @@ Create the list of environment variables value: {{ $val | quote }} {{- end}} {{- end }} + + +{{/* +Get self signed cert secret name +*/}} +{{- define "selfSignedCertName" -}} +{{ $prefix:= include "port-agent.fullname" . }} +{{- printf "%s-cert" $prefix }} +{{- end }} \ No newline at end of file diff --git a/charts/port-agent/templates/certificate_secret.yaml b/charts/port-agent/templates/certificate_secret.yaml new file mode 100644 index 0000000..e15cf65 --- /dev/null +++ b/charts/port-agent/templates/certificate_secret.yaml @@ -0,0 +1,9 @@ +{{- if .Values.selfSignedCertificate.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "selfSignedCertName" . }} +type: Opaque +data: + crt: {{ .Values.selfSignedCertificate.certificate | b64enc }} +{{- end }} \ No newline at end of file diff --git a/charts/port-agent/templates/deployment.yaml b/charts/port-agent/templates/deployment.yaml index 0f43a2d..2e15d47 100644 --- a/charts/port-agent/templates/deployment.yaml +++ b/charts/port-agent/templates/deployment.yaml @@ -30,7 +30,15 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.selfSignedCertificate.enabled }} + command: [ "sh", "-c", "update-ca-certificates && python3 main.py" ] + {{- end }} env: + {{- if .Values.selfSignedCertificate.enabled }} + {{/* Used for requests library in python - For httpx please use SSL_CERT_FILE */}} + - name: REQUESTS_CA_BUNDLE + value: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- include "port-agent.envVariables" . | indent 12 }} {{- if eq .Values.secret.useExistingSecret true }} envFrom: @@ -45,12 +53,28 @@ spec: name: {{ include "port-agent.fullname" . }} subPath: controlThePayloadConfig {{- end }} + {{- if .Values.selfSignedCertificate.enabled }} + - name: certificates + mountPath: /usr/local/share/ca-certificates/cert.crt + subPath: cert.crt + readOnly: true + {{- end }} volumes: {{- if .Values.controlThePayloadConfig }} - name: {{ include "port-agent.fullname" . }} configMap: name: {{ include "port-agent.fullname" . }} {{- end }} + {{- if .Values.selfSignedCertificate.enabled }} + - name: certificates + projected: + sources: + - secret: + name: {{ include "selfSignedCertName" . }} + items: + - key: crt + path: cert.crt + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/port-agent/values.yaml b/charts/port-agent/values.yaml index b1e0fe8..4906420 100644 --- a/charts/port-agent/values.yaml +++ b/charts/port-agent/values.yaml @@ -40,3 +40,7 @@ nodeSelector: {} tolerations: [] affinity: {} + +selfSignedCertificate: + enabled: false + certificate: "" diff --git a/charts/port-ocean/Chart.yaml b/charts/port-ocean/Chart.yaml index d45b168..0fdc3af 100644 --- a/charts/port-ocean/Chart.yaml +++ b/charts/port-ocean/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: port-ocean description: A Helm chart for Port Ocean integrations type: application -version: 0.1.9 +version: 0.1.10 appVersion: "0.1.0" home: https://getport.io/ sources: diff --git a/charts/port-ocean/README.md b/charts/port-ocean/README.md index 5e6d633..804ab74 100644 --- a/charts/port-ocean/README.md +++ b/charts/port-ocean/README.md @@ -77,8 +77,8 @@ The following table lists the configuration parameters of the `port-ocean` chart | `integration.type` | Type of the integration. i.e (`pager-duty`) | `""` | | `integration.config` | Configuration for the integration. | `{}` | | `integration.secrets` | Secrets for the integration (irrelevant if secret.useExistingSecret=true). | `{}` | -| `integration.selfSignedCertificate.enabled` | Enable self-signed certificate trust for the integration. | `false` | -| `integration.selfSignedCertificate.certificate` | The value of the self-signed certificate (only when `integration.selfSignedCertificate.enabled=true`) | `""` | +| `selfSignedCertificate.enabled` | Enable self-signed certificate trust for the integration. | `false` | +| `selfSignedCertificate.certificate` | The value of the self-signed certificate (only when `selfSignedCertificate.enabled=true`) | `""` | | `eventListener.type` | Type of the event listener for the integration, one of the following "WEBHOOK" / "KAFKA" / "SAMPLE" | `"KAFKA"` | To override values in `helm install`, use either the `--set` flag. @@ -99,7 +99,7 @@ helm install my-ocean-integration port-labs/port-ocean \ --create-namespace --namespace port-ocean \ -f custom_values.yaml \ # Flag for enabling self signed certificates - --set integration.selfSignedCertificate.enabled=true \ + --set selfSignedCertificate.enabled=true \ # Flag for passing the certificate file - --set-file integration.selfSignedCertificate.certificate=/PATH/TO/CERTIFICATE.crt + --set-file selfSignedCertificate.certificate=/PATH/TO/CERTIFICATE.crt ``` \ No newline at end of file diff --git a/charts/port-ocean/templates/certificate_secret.yaml b/charts/port-ocean/templates/certificate_secret.yaml index 2fd7042..4d88909 100644 --- a/charts/port-ocean/templates/certificate_secret.yaml +++ b/charts/port-ocean/templates/certificate_secret.yaml @@ -1,9 +1,9 @@ -{{- if .Values.integration.selfSignedCertificate.enabled }} +{{- if .Values.selfSignedCertificate.enabled }} apiVersion: v1 kind: Secret metadata: name: {{ include "port-ocean.selfSignedCertName" . }} type: Opaque data: - crt: {{ .Values.integration.selfSignedCertificate.certificate | b64enc }} + crt: {{ .Values.selfSignedCertificate.certificate | b64enc }} {{- end }} \ No newline at end of file diff --git a/charts/port-ocean/templates/deployment.yaml b/charts/port-ocean/templates/deployment.yaml index dfe0259..f8a07e2 100644 --- a/charts/port-ocean/templates/deployment.yaml +++ b/charts/port-ocean/templates/deployment.yaml @@ -15,7 +15,7 @@ spec: containers: - name: {{ include "port-ocean.containerName" . }} imagePullPolicy: {{ .Values.imagePullPolicy }} - {{- if .Values.integration.selfSignedCertificate.enabled }} + {{- if .Values.selfSignedCertificate.enabled }} command: ["sh", "-c", "update-ca-certificates && ocean sail"] {{- end }} image: ghcr.io/port-labs/port-ocean-{{ .Values.integration.type }}:{{ .Values.integration.version | default "latest" }} @@ -24,7 +24,7 @@ spec: - containerPort: {{.Values.service.port}} protocol: TCP {{- end }} - {{- if .Values.integration.selfSignedCertificate.enabled }} + {{- if .Values.selfSignedCertificate.enabled }} env: - name: SSL_CERT_FILE value: /etc/ssl/certs/ca-certificates.crt @@ -35,14 +35,14 @@ spec: - secretRef: name: {{ include "port-ocean.secretName" . }} volumeMounts: - {{- if .Values.integration.selfSignedCertificate.enabled }} + {{- if .Values.selfSignedCertificate.enabled }} - name: certificates mountPath: /usr/local/share/ca-certificates/cert.crt subPath: cert.crt readOnly: true {{- end }} volumes: - {{- if .Values.integration.selfSignedCertificate.enabled }} + {{- if .Values.selfSignedCertificate.enabled }} - name: certificates projected: sources: diff --git a/charts/port-ocean/values.yaml b/charts/port-ocean/values.yaml index 987684c..7b2054f 100644 --- a/charts/port-ocean/values.yaml +++ b/charts/port-ocean/values.yaml @@ -52,6 +52,7 @@ integration: eventListener: type: "KAFKA" brokers: "b-1-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196,b-2-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196,b-3-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196" - selfSignedCertificate: - enabled: false - certificate: "" \ No newline at end of file + +selfSignedCertificate: + enabled: false + certificate: "" \ No newline at end of file