Merge pull request #44 from port-labs/Ocean-Support_Self-signed_certi…

…ficates Added manifests for self-signed certificate
port-labs · Dec 3, 2023 · a041e5d · a041e5d
2 parents 67e9c1a + dc66840
commit a041e5d
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 2 deletions.
diff --git a/charts/port-ocean/README.md b/charts/port-ocean/README.md
@@ -77,6 +77,8 @@ The following table lists the configuration parameters of the `port-ocean` chart
 | `integration.type`         | Type of the integration. i.e (`pager-duty`)                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `""`                        |
 | `integration.config`       | Configuration for the integration.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | `{}`                        |
 | `integration.secrets`      | Secrets for the integration (irrelevant if secret.useExistingSecret=true).                                                                                                                                                                                                                                                                                                                                                                                                                         | `{}`                        |
+| `integration.selfSignedCertificate.enabled`      | Enable self-signed certificate trust for the integration.                                                                                                                                                                                                                                                                                                                                                                                                                       | `false`                        |
+| `integration.selfSignedCertificate.certificate`      |  The value of the self-signed certificate (only when `integration.selfSignedCertificate.enabled=true`)                                                                                                                                                                                                                                                                                                                                                                                                                        | `""`                        |
 | `eventListener.type`       | Type of the event listener for the integration, one of the following "WEBHOOK" / "KAFKA" / "SAMPLE"                                                                                                                                                                                                                                                                                                                                                                                                | `"KAFKA"`                   |
 
 To override values in `helm install`, use either the `--set` flag.
@@ -85,4 +87,19 @@ Alternatively, you can use a YAML file that specifies the values while installin
 
     helm install my-ocean-integration port-labs/port-ocean \
        --create-namespace --namespace port-ocean \
-       -f custom_values.yaml
+       -f custom_values.yaml
+
+
+### Self-signed certificate trust
+For self-hosted 3rd-party applications with self-signed certificates, you will need to add your CA to the integration's configuration. 
+To do so, you will need to run the `helm install` command with the following flags:
+
+```sh
+helm install my-ocean-integration port-labs/port-ocean \
+   --create-namespace --namespace port-ocean \
+   -f custom_values.yaml \ 
+   # Flag for enabling self signed certificates
+   --set integration.selfSignedCertificate.enabled=true \ 
+   # Flag for passing the certificate file
+   --set-file integration.selfSignedCertificate.certificate=/PATH/TO/CERTIFICATE.crt
+```
diff --git a/charts/port-ocean/templates/_helpers.tpl b/charts/port-ocean/templates/_helpers.tpl
@@ -104,3 +104,11 @@ Get deployment name per integration
 {{ $prefix:= include "port-ocean.metadataNamePrefix" . }}
 {{- printf "%s-deployment" $prefix }}
 {{- end }}
+
+{{/*
+Get self signed cert secret name
+*/}}
+{{- define "port-ocean.selfSignedCertName" -}}
+{{ $prefix:= include "port-ocean.metadataNamePrefix" . }}
+{{- printf "%s-cert" $prefix }}
+{{- end }}
diff --git a/charts/port-ocean/templates/certificate_secret.yaml b/charts/port-ocean/templates/certificate_secret.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.integration.selfSignedCertificate.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "port-ocean.selfSignedCertName" . }}
+type: Opaque
+data:
+  crt: {{ .Values.integration.selfSignedCertificate.certificate | b64enc }}
+{{- end }}
diff --git a/charts/port-ocean/templates/deployment.yaml b/charts/port-ocean/templates/deployment.yaml
@@ -26,6 +26,24 @@ spec:
               name: {{ include "port-ocean.configMapName" . }}
           - secretRef:
               name: {{ include "port-ocean.secretName" . }}
+        volumeMounts:
+        {{- if .Values.integration.selfSignedCertificate.enabled }}
+          - name: certificates
+            mountPath: /etc/ssl/certs/cert.pem
+            subPath: cert.pem
+            readOnly: true
+        {{- end }}
+      volumes:
+        {{- if .Values.integration.selfSignedCertificate.enabled }}
+        - name: certificates
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "port-ocean.selfSignedCertName" . }}
+                  items:
+                    - key: crt
+                      path: cert.pem
+        {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
       {{- toYaml . | nindent 8 }}

diff --git a/charts/port-ocean/values.yaml b/charts/port-ocean/values.yaml
@@ -51,4 +51,7 @@ integration:
   secrets: {}
   eventListener:
     type: "KAFKA"
-    brokers: "b-1-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196,b-2-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196,b-3-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196"
+    brokers: "b-1-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196,b-2-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196,b-3-public.publicclusterprod.t9rw6w.c1.kafka.eu-west-1.amazonaws.com:9196"
+  selfSignedCertificate:
+    enabled: false
+    certificate: ""