From 85fe7dfa60b1ed4c59cee06ba41063bd44a447ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 11 Oct 2023 10:41:38 +0200 Subject: [PATCH 1/3] make restund pass pass helm templating --- nix/scripts/list-helm-containers.sh | 3 --- values/restund/prod-secrets.example.yaml | 2 ++ values/restund/prod-values.example.yaml | 5 +++++ 3 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 values/restund/prod-secrets.example.yaml create mode 100644 values/restund/prod-values.example.yaml diff --git a/nix/scripts/list-helm-containers.sh b/nix/scripts/list-helm-containers.sh index 70c3be206..5ab204776 100644 --- a/nix/scripts/list-helm-containers.sh +++ b/nix/scripts/list-helm-containers.sh @@ -31,9 +31,6 @@ while IFS= read -r chart; do echo "Running helm template on chart ${chart}…" >&2 # The image values are left as-is helm template "$chart" \ - --set secrets.zrestSecret=emptyString \ - --set federate.dtls.tls.key=emptyString \ - --set federate.dtls.tls.crt=emptyString \ $( [[ -f ./values/$(basename $chart)/prod-values.example.yaml ]] && echo "-f ./values/$(basename $chart)/prod-values.example.yaml" ) \ $( [[ -f ./values/$(basename $chart)/prod-secrets.example.yaml ]] && echo "-f ./values/$(basename $chart)/prod-secrets.example.yaml" ) \ | yq -r '..|.image? | select(.)' | optionally_complain | sort -u diff --git a/values/restund/prod-secrets.example.yaml b/values/restund/prod-secrets.example.yaml new file mode 100644 index 000000000..4187183ea --- /dev/null +++ b/values/restund/prod-secrets.example.yaml @@ -0,0 +1,2 @@ +secrets: + zrestSecret: "secret" diff --git a/values/restund/prod-values.example.yaml b/values/restund/prod-values.example.yaml new file mode 100644 index 000000000..3005f6b44 --- /dev/null +++ b/values/restund/prod-values.example.yaml @@ -0,0 +1,5 @@ +federate: + dtls: + tls: + key: "key" + secret: "secret" From 0a03fd081e5e84f21bd186f9a9a0906127dcdd59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:01:42 +0200 Subject: [PATCH 2/3] fix: bad key --- values/restund/prod-values.example.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/restund/prod-values.example.yaml b/values/restund/prod-values.example.yaml index 3005f6b44..a188ebd8b 100644 --- a/values/restund/prod-values.example.yaml +++ b/values/restund/prod-values.example.yaml @@ -2,4 +2,4 @@ federate: dtls: tls: key: "key" - secret: "secret" + crt: "cert" From 329f97b2cd8d00526712290cc29648dbc0989fe5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 11 Oct 2023 11:34:12 +0200 Subject: [PATCH 3/3] refactor: make example files more presentable --- values/restund/prod-secrets.example.yaml | 21 +++++++++++++++++++++ values/restund/prod-values.example.yaml | 12 +++++++----- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/values/restund/prod-secrets.example.yaml b/values/restund/prod-secrets.example.yaml index 4187183ea..d5f32ea32 100644 --- a/values/restund/prod-secrets.example.yaml +++ b/values/restund/prod-secrets.example.yaml @@ -1,2 +1,23 @@ secrets: zrestSecret: "secret" +# Assuming you run helm directly (and not helm-wrapper with sops), you can +# simply drop your certificate/private key here. Be careful with spaces/indentation, +# as the ingress seems to simply "swallow" errors if any (and serve the Fake default certificate +# which is highly confusing) +federate: + dtls: + tls: + # If you are having trouble with YAML formatting (getting validation errors due to spacing/indentation) + # try running helm with --set federate.dtls.tls.crt=your-cert.pem --set deferate.dtls.tls.key=your-key.pem + # instead + crt: | + -----BEGIN CERTIFICATE----- + .... OWN CERTIFICATE ...... + -----END CERTIFICATE------- + -----BEGIN CERTIFICATE----- + .... INTERMEDIATE CERT .... + -----END CERTIFICATE------- + key: | + -----BEGIN PRIVATE KEY----- + .... REAL PRIV KEY ....... + -----END PRIVATE KEY------- diff --git a/values/restund/prod-values.example.yaml b/values/restund/prod-values.example.yaml index a188ebd8b..5946f17f6 100644 --- a/values/restund/prod-values.example.yaml +++ b/values/restund/prod-values.example.yaml @@ -1,5 +1,7 @@ -federate: - dtls: - tls: - key: "key" - crt: "cert" +# If you are using Let's Encrypt and cert-manager, use issuerRef instead +# and comment out key and crt in secrets.yaml +#federate: +# dtls: +# tls: +# issuerRef: +# name: letsencrypt-http01