Merge pull request #3 from startechnica/freeradius

Freeradius

charts/freeradius/Chart-yaml.bak

@@ -0,0 +1,30 @@
+annotations:
+  category: AccessManagement
+apiVersion: v2
+appVersion: 3.0.25
+dependencies:
+- name: mariadb
+  condition: mariadb.enabled
+  repository: https://charts.bitnami.com/bitnami
+  version: 10.x.x
+- name: postgresql
+  condition: postgresql.enabled
+  repository: https://charts.bitnami.com/bitnami
+  version: 10.x.x
+description: FreeRADIUS is a modular, high performance free RADIUS suite developed and 
+  distributed under the GNU General Public License, version 2, and is free for download and use.
+home: https://freeradius.org/
+icon: https://freeradius.org/img/wordmark.svg
+keywords:
+  - freeradius
+  - radius
+  - mysql
+  - postgresql
+maintainers:
+  - name: Firmansyah Nainggolan
+    email: [email protected]
+    url: https://firmansyah.nainggolan.id
+name: freeradius
+sources:
+  - https://freeradius.org/
+version: 0.1.2

charts/freeradius/Chart.yaml

@@ -2,15 +2,6 @@ annotations:
   category: AccessManagement
 apiVersion: v2
 appVersion: 3.0.25
-dependencies:
-- name: mariadb
-  condition: mariadb.enabled
-  repository: https://charts.bitnami.com/bitnami
-  version: 10.x.x
-- name: postgresql
-  condition: postgresql.enabled
-  repository: https://charts.bitnami.com/bitnami
-  version: 10.x.x
 description: FreeRADIUS is a modular, high performance free RADIUS suite developed and 
   distributed under the GNU General Public License, version 2, and is free for download and use.
 home: https://freeradius.org/
@@ -27,4 +18,4 @@ maintainers:
 name: freeradius
 sources:
   - https://freeradius.org/
-version: 0.1.2
+version: 0.1.3

charts/freeradius/templates/_helpers.tpl

@@ -64,13 +64,9 @@ Create the name of the service account to use
 {{/*
 Create the name of the SSL certificate to use
 */}}
-{{- define "istioCertificateSecret2" -}}
-{{- default (printf "%s-tls" (include "freeradius.fullname" .)) .Values.istio.certificate.existingSecret }}
-{{- end }}
-
-{{ define "istioCertificateSecret" }}
-{{- if .Values.istio.certificate.existingSecret }}
-  {{ .Values.dags.persistence.existingClaim }}
+{{ define "tlsSecretName" }}
+{{- if .Values.tls.secretName }}
+  {{ .Values.tls.secretName }}
 {{- else }}
   {{- default (printf "%s-tls" (include "freeradius.fullname" .)) }}
 {{- end }}

charts/freeradius/templates/certificate.yaml

@@ -1,41 +1,37 @@
+{{- if and .Values.tls.enabled .Values.tls.autoGenerated .Values.tls.autoGenerator.certmanager.enabled }}
 {{- if .Capabilities.APIVersions.Has "cert-manager.io/v1/Certificate" }}
-{{- if and .Values.tls.enabled .Values.tls.autoGenerated }}
+{{- $releaseNamespace := .Release.Namespace }}
+{{- $clusterDomain := .Values.clusterDomain }}
+{{- $fullname := include "freeradius.fullname" . }}
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: {{ .Release.Name }}-cert
-  namespace: {{ .Values.istio.namespace }}
+  namespace: {{ .Release.Namespace }}
   {{- with .Values.commonAnnotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
   labels:
-    {{- include "adminer.labels" . | nindent 4 }}
+    {{- include "freeradius.labels" . | nindent 4 }}
 spec:
-  secretName: {{ include "istioCertificateSecret" . }}
+  secretName: {{ include "tlsSecretName" . }}
   issuerRef:
-    group: {{ .Values.istio.certificate.issuerRef.group }}
-    kind: {{ .Values.istio.certificate.issuerRef.kind }}
-    name: {{ .Values.istio.certificate.issuerRef.name }}
+    group: cert-manager.io
+    kind: {{ .Values.tls.autoGenerator.certmanager.issuerKind }}
+    name: {{ .Values.tls.autoGenerator.certmanager.issuerName }}
     #name: letsencrypt-prd
   privateKey:
     algorithm: ECDSA
     rotationPolicy: Always
     size: 256
   subject:
-    countries:
-    - ID
-    organizations:
-    - {{ .Values.organization | quote }}
     organizationalUnits:
     - {{ .Release.Name | quote }}
-    localities:
-    - Asgard
-    provinces:
-    - Yggdrasil
   dnsNames:
-  {{- if .Values.istio.hosts }}
-    {{- toYaml .Values.istio.hosts | nindent 4 }}
+  {{- $altNames := list (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $fullname $releaseNamespace) $fullname }}
+  {{- with $altNames }}
+    {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- end }}
 {{- end }}

charts/freeradius/templates/deployment.yaml

@@ -108,6 +108,11 @@ spec:
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
             {{- end }}
+            {{- if and .Values.tls.enabled }}
+            - name: freeradius-tls
+              mountPath: "/etc/freeradius/certs/tls"
+              readOnly: true
+            {{- end }}
             - name: freeradius-mods
               mountPath: /etc/freeradius/mods-enabled/sql
               subPath: sql
@@ -127,6 +132,11 @@ spec:
           persistentVolumeClaim:
             claimName: {{ tpl .Values.persistence.existingClaim . }}
         {{- end }}
+        {{- if and .Values.tls.enabled }}
+        - name: freeradius-tls
+          secret:
+            secretName: {{ include "tlsSecretName" . }}
+        {{- end }}
         - name: freeradius-mods
           configMap:
             name: freeradius-mods
@@ -144,4 +154,5 @@ spec:
     {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
-    {{- end }}
+    {{- end }}
+---

charts/freeradius/values.yaml

@@ -424,15 +424,22 @@ modsEnabled:
     password: radius
     radiusdb: radiusdb
     tableClient: nas
+    existingTlsSecret: ""
 
 sitesEnabled:
   status:
     port: 18121
     secret: adminsecret
 
 tls:
-  enabled: false
-  autoGenerated: false
+  enabled: true
+  autoGenerated: true
+  autoGenerator:
+    certmanager:
+      enabled: true
+      issuerKind: ClusterIssuer
+      issuerName: selfsigned-issuer
+  secretName: ~
   existingSecret: ""
 
 mariadb: