From 981d91c32e4eb6e38a336eabfed3c28cff22ff28 Mon Sep 17 00:00:00 2001 From: firmansyahn <80936459+firmansyahn@users.noreply.github.com> Date: Wed, 16 Feb 2022 16:26:30 +0700 Subject: [PATCH] Add TLS Helper --- charts/freeradius/README.md | 2 +- charts/freeradius/templates/_helpers.tpl | 19 +++++++++ charts/freeradius/templates/certificate.yaml | 42 ++++++++++++++++++++ charts/freeradius/values.yaml | 6 ++- 4 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 charts/freeradius/templates/certificate.yaml diff --git a/charts/freeradius/README.md b/charts/freeradius/README.md index c14fed0e..24b20c54 100644 --- a/charts/freeradius/README.md +++ b/charts/freeradius/README.md @@ -31,7 +31,7 @@ $ helm install my-release startechnica/freeradius --namespace my-release --creat These commands deploy FreeRADIUS on the Kubernetes cluster in the default configuration. -> **Tip**: List all releases using `helm list` +> **Tip**: List all releases using `helm list -A` ## Uninstalling the Chart diff --git a/charts/freeradius/templates/_helpers.tpl b/charts/freeradius/templates/_helpers.tpl index 9b11dfdb..46da29fe 100644 --- a/charts/freeradius/templates/_helpers.tpl +++ b/charts/freeradius/templates/_helpers.tpl @@ -74,4 +74,23 @@ Create the name of the SSL certificate to use {{- else }} {{- default (printf "%s-tls" (include "freeradius.fullname" .)) }} {{- end }} +{{- end }} + +{{/* +Return true if a TLS secret object should be created +*/}} +{{- define "freeradius.createTlsSecret" }} +{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }} + {{- true }} +{{- end }} +{{- end }} + +{{/* Validate values of FreeRADIUS - Auth TLS enabled */}} +{{- define "freeradius.validateValues.tls" }} +{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) }} +freeradius: tls.enabled + In order to enable TLS, you also need to provide + an existing secret containing the Keystore and Truststore or + enable auto-generated certificates. +{{- end }} {{- end }} \ No newline at end of file diff --git a/charts/freeradius/templates/certificate.yaml b/charts/freeradius/templates/certificate.yaml new file mode 100644 index 00000000..50fd03ff --- /dev/null +++ b/charts/freeradius/templates/certificate.yaml @@ -0,0 +1,42 @@ +{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1/Certificate" }} +{{- if and .Values.tls.enabled .Values.tls.autoGenerated }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Release.Name }}-cert + namespace: {{ .Values.istio.namespace }} + {{- with .Values.commonAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "adminer.labels" . | nindent 4 }} +spec: + secretName: {{ include "istioCertificateSecret" . }} + issuerRef: + group: {{ .Values.istio.certificate.issuerRef.group }} + kind: {{ .Values.istio.certificate.issuerRef.kind }} + name: {{ .Values.istio.certificate.issuerRef.name }} + #name: letsencrypt-prd + privateKey: + algorithm: ECDSA + rotationPolicy: Always + size: 256 + subject: + countries: + - ID + organizations: + - {{ .Values.organization | quote }} + organizationalUnits: + - {{ .Release.Name | quote }} + localities: + - Asgard + provinces: + - Yggdrasil + dnsNames: + {{- if .Values.istio.hosts }} + {{- toYaml .Values.istio.hosts | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} +--- \ No newline at end of file diff --git a/charts/freeradius/values.yaml b/charts/freeradius/values.yaml index a51f5f92..55a7e67e 100644 --- a/charts/freeradius/values.yaml +++ b/charts/freeradius/values.yaml @@ -414,7 +414,6 @@ serviceAccount: ## automountServiceAccountToken: false - modsEnabled: sql: enabled: true @@ -431,6 +430,11 @@ sitesEnabled: port: 18121 secret: adminsecret +tls: + enabled: false + autoGenerated: false + existingSecret: "" + mariadb: enabled: false