From 018a0bcd2446de25449686ca700882fda22f0aae Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 16:51:09 +0700 Subject: [PATCH 1/9] Add tls generator --- charts/freeradius/templates/_helpers.tpl | 6 ++-- charts/freeradius/templates/certificate.yaml | 29 ++++++++------------ charts/freeradius/values.yaml | 10 +++++-- 3 files changed, 22 insertions(+), 23 deletions(-) diff --git a/charts/freeradius/templates/_helpers.tpl b/charts/freeradius/templates/_helpers.tpl index 46da29fe..84776648 100644 --- a/charts/freeradius/templates/_helpers.tpl +++ b/charts/freeradius/templates/_helpers.tpl @@ -68,9 +68,9 @@ Create the name of the SSL certificate to use {{- default (printf "%s-tls" (include "freeradius.fullname" .)) .Values.istio.certificate.existingSecret }} {{- end }} -{{ define "istioCertificateSecret" }} -{{- if .Values.istio.certificate.existingSecret }} - {{ .Values.dags.persistence.existingClaim }} +{{ define "tlsSecretName" }} +{{- if .Values.tls.secretName }} + {{ .Values.tls.secretName }} {{- else }} {{- default (printf "%s-tls" (include "freeradius.fullname" .)) }} {{- end }} diff --git a/charts/freeradius/templates/certificate.yaml b/charts/freeradius/templates/certificate.yaml index 50fd03ff..a2665bbf 100644 --- a/charts/freeradius/templates/certificate.yaml +++ b/charts/freeradius/templates/certificate.yaml @@ -1,42 +1,35 @@ +{{- if and .Values.tls.enabled .Values.tls.autoGenerated .Values.tls.autoGenerator.certmanager.enabled }} {{- if .Capabilities.APIVersions.Has "cert-manager.io/v1/Certificate" }} -{{- if and .Values.tls.enabled .Values.tls.autoGenerated }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $fullname := include "freeradius.fullname" . }} apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ .Release.Name }}-cert - namespace: {{ .Values.istio.namespace }} + namespace: {{ .Release.Namespace }} {{- with .Values.commonAnnotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: - {{- include "adminer.labels" . | nindent 4 }} + {{- include "freeradius.labels" . | nindent 4 }} spec: - secretName: {{ include "istioCertificateSecret" . }} + secretName: {{ include "tlsSecretName" . }} issuerRef: - group: {{ .Values.istio.certificate.issuerRef.group }} - kind: {{ .Values.istio.certificate.issuerRef.kind }} - name: {{ .Values.istio.certificate.issuerRef.name }} + group: cert-manager.io + kind: {{ .Values.tls.autoGenerator.certmanager.issuerKind }} + name: {{ .Values.tls.autoGenerator.certmanager.issuerName }} #name: letsencrypt-prd privateKey: algorithm: ECDSA rotationPolicy: Always size: 256 subject: - countries: - - ID - organizations: - - {{ .Values.organization | quote }} organizationalUnits: - {{ .Release.Name | quote }} - localities: - - Asgard - provinces: - - Yggdrasil dnsNames: - {{- if .Values.istio.hosts }} - {{- toYaml .Values.istio.hosts | nindent 4 }} - {{- end }} + {{- $altNames := list (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $fullname $releaseNamespace) $fullname }} {{- end }} {{- end }} --- \ No newline at end of file diff --git a/charts/freeradius/values.yaml b/charts/freeradius/values.yaml index 55a7e67e..8d7946a5 100644 --- a/charts/freeradius/values.yaml +++ b/charts/freeradius/values.yaml @@ -431,8 +431,14 @@ sitesEnabled: secret: adminsecret tls: - enabled: false - autoGenerated: false + enabled: true + autoGenerated: true + autoGenerator: + certmanager: + enabled: true + issuerKind: ClusterIssuer + issuerName: selfsigned-issuer + secretName: ~ existingSecret: "" mariadb: From fba67f3e2699246f9fad1a6a4fa67a4dd07493df Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 16:56:02 +0700 Subject: [PATCH 2/9] Remove dependencies --- charts/freeradius/Chart-yaml.bak | 30 ++++++++++++++++++++++++++++++ charts/freeradius/Chart.yaml | 9 --------- 2 files changed, 30 insertions(+), 9 deletions(-) create mode 100644 charts/freeradius/Chart-yaml.bak diff --git a/charts/freeradius/Chart-yaml.bak b/charts/freeradius/Chart-yaml.bak new file mode 100644 index 00000000..7c4bff24 --- /dev/null +++ b/charts/freeradius/Chart-yaml.bak @@ -0,0 +1,30 @@ +annotations: + category: AccessManagement +apiVersion: v2 +appVersion: 3.0.25 +dependencies: +- name: mariadb + condition: mariadb.enabled + repository: https://charts.bitnami.com/bitnami + version: 10.x.x +- name: postgresql + condition: postgresql.enabled + repository: https://charts.bitnami.com/bitnami + version: 10.x.x +description: FreeRADIUS is a modular, high performance free RADIUS suite developed and + distributed under the GNU General Public License, version 2, and is free for download and use. +home: https://freeradius.org/ +icon: https://freeradius.org/img/wordmark.svg +keywords: + - freeradius + - radius + - mysql + - postgresql +maintainers: + - name: Firmansyah Nainggolan + email: firmansyah@nainggolan.id + url: https://firmansyah.nainggolan.id +name: freeradius +sources: + - https://freeradius.org/ +version: 0.1.2 diff --git a/charts/freeradius/Chart.yaml b/charts/freeradius/Chart.yaml index 7c4bff24..a9060a7a 100644 --- a/charts/freeradius/Chart.yaml +++ b/charts/freeradius/Chart.yaml @@ -2,15 +2,6 @@ annotations: category: AccessManagement apiVersion: v2 appVersion: 3.0.25 -dependencies: -- name: mariadb - condition: mariadb.enabled - repository: https://charts.bitnami.com/bitnami - version: 10.x.x -- name: postgresql - condition: postgresql.enabled - repository: https://charts.bitnami.com/bitnami - version: 10.x.x description: FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use. home: https://freeradius.org/ From 2488a08676d32ea252a32cdb36183303dfa332f3 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 17:01:13 +0700 Subject: [PATCH 3/9] Add altNames --- charts/freeradius/templates/certificate.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/freeradius/templates/certificate.yaml b/charts/freeradius/templates/certificate.yaml index a2665bbf..f8ad9725 100644 --- a/charts/freeradius/templates/certificate.yaml +++ b/charts/freeradius/templates/certificate.yaml @@ -30,6 +30,7 @@ spec: - {{ .Release.Name | quote }} dnsNames: {{- $altNames := list (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $fullname $releaseNamespace) $fullname }} + {{- $altNames }} {{- end }} {{- end }} --- \ No newline at end of file From bd2d176dee0fc4a34b072737cd3fb343f66b59a1 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 17:06:29 +0700 Subject: [PATCH 4/9] Fix altNames --- charts/freeradius/templates/certificate.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/freeradius/templates/certificate.yaml b/charts/freeradius/templates/certificate.yaml index f8ad9725..e95d7ea8 100644 --- a/charts/freeradius/templates/certificate.yaml +++ b/charts/freeradius/templates/certificate.yaml @@ -30,7 +30,9 @@ spec: - {{ .Release.Name | quote }} dnsNames: {{- $altNames := list (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $fullname $releaseNamespace) $fullname }} - {{- $altNames }} + {{- range $altNames }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- end }} --- \ No newline at end of file From ca4940458eea122ce9e75c6cb4fab851797a0654 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 17:09:24 +0700 Subject: [PATCH 5/9] Fix altNames --- charts/freeradius/templates/certificate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/freeradius/templates/certificate.yaml b/charts/freeradius/templates/certificate.yaml index e95d7ea8..125ad519 100644 --- a/charts/freeradius/templates/certificate.yaml +++ b/charts/freeradius/templates/certificate.yaml @@ -30,7 +30,7 @@ spec: - {{ .Release.Name | quote }} dnsNames: {{- $altNames := list (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $fullname $releaseNamespace) $fullname }} - {{- range $altNames }} + {{- with $altNames }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} From 338fe05cadcaa5b1f1186adff8590e42d892ccc1 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 17:25:55 +0700 Subject: [PATCH 6/9] Add secret volume --- charts/freeradius/templates/deployment.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/charts/freeradius/templates/deployment.yaml b/charts/freeradius/templates/deployment.yaml index ff2f4c6f..7bdc4766 100644 --- a/charts/freeradius/templates/deployment.yaml +++ b/charts/freeradius/templates/deployment.yaml @@ -108,6 +108,11 @@ spec: subPath: {{ .Values.persistence.subPath }} {{- end }} {{- end }} + {{- if and .Values.tls.enabled }} + - name: freeradius-tls + mountPath: "/etc/freeradius/tls" + readOnly: true + {{- end }} - name: freeradius-mods mountPath: /etc/freeradius/mods-enabled/sql subPath: sql @@ -127,6 +132,11 @@ spec: persistentVolumeClaim: claimName: {{ tpl .Values.persistence.existingClaim . }} {{- end }} + {{- if and .Values.tls.enabled }} + - name: freeradius-tls + secret: + secretName: {{ include "tlsSecretName" . }} + {{- end }} - name: freeradius-mods configMap: name: freeradius-mods From 0578172a8c6cc92a607095fa31d99844f4c78b32 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 17:38:34 +0700 Subject: [PATCH 7/9] Fix certs directory --- charts/freeradius/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/freeradius/templates/deployment.yaml b/charts/freeradius/templates/deployment.yaml index 7bdc4766..0e2e2870 100644 --- a/charts/freeradius/templates/deployment.yaml +++ b/charts/freeradius/templates/deployment.yaml @@ -110,7 +110,7 @@ spec: {{- end }} {{- if and .Values.tls.enabled }} - name: freeradius-tls - mountPath: "/etc/freeradius/tls" + mountPath: "/etc/freeradius/certs/tls" readOnly: true {{- end }} - name: freeradius-mods From e6c393bd3dd9a225e1c1eeda72b6df8a35337eb8 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 17:41:50 +0700 Subject: [PATCH 8/9] Commit --- charts/freeradius/templates/_helpers.tpl | 4 ---- charts/freeradius/templates/deployment.yaml | 3 ++- charts/freeradius/values.yaml | 1 + 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/freeradius/templates/_helpers.tpl b/charts/freeradius/templates/_helpers.tpl index 84776648..607d9ada 100644 --- a/charts/freeradius/templates/_helpers.tpl +++ b/charts/freeradius/templates/_helpers.tpl @@ -64,10 +64,6 @@ Create the name of the service account to use {{/* Create the name of the SSL certificate to use */}} -{{- define "istioCertificateSecret2" -}} -{{- default (printf "%s-tls" (include "freeradius.fullname" .)) .Values.istio.certificate.existingSecret }} -{{- end }} - {{ define "tlsSecretName" }} {{- if .Values.tls.secretName }} {{ .Values.tls.secretName }} diff --git a/charts/freeradius/templates/deployment.yaml b/charts/freeradius/templates/deployment.yaml index 0e2e2870..9e61f345 100644 --- a/charts/freeradius/templates/deployment.yaml +++ b/charts/freeradius/templates/deployment.yaml @@ -154,4 +154,5 @@ spec: {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file + {{- end }} +--- \ No newline at end of file diff --git a/charts/freeradius/values.yaml b/charts/freeradius/values.yaml index 8d7946a5..991eee46 100644 --- a/charts/freeradius/values.yaml +++ b/charts/freeradius/values.yaml @@ -424,6 +424,7 @@ modsEnabled: password: radius radiusdb: radiusdb tableClient: nas + existingTlsSecret: "" sitesEnabled: status: From 684b1e83007efcd78a287051365efa4170f5c883 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 17:42:31 +0700 Subject: [PATCH 9/9] Up to version 0.1.3 --- charts/freeradius/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/freeradius/Chart.yaml b/charts/freeradius/Chart.yaml index a9060a7a..a243a337 100644 --- a/charts/freeradius/Chart.yaml +++ b/charts/freeradius/Chart.yaml @@ -18,4 +18,4 @@ maintainers: name: freeradius sources: - https://freeradius.org/ -version: 0.1.2 +version: 0.1.3