master-group/charts
2
0
Fork 0
mirror of https://github.com/k8s-at-home/charts.git synced 2025-02-03 07:49:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding secretName variable to customCert (#22453)

Browse Source 
Adding possibility to expose certificate and its key via k8s secret/tls.
Since secret/tls keeps cert under tls.crt and key under tls.key modified
default values for customCert.certName and customCert.keyName to be
more compatible with k8s native way of storing certificates.

Signed-off-by: Marcin Iwinski <marcin.iwinski@gmail.com>
This commit is contained in:
Marcin Iwiński 2020-05-20 13:20:18 +02:00 committed by Jeff Billimek
parent 576ff487df
commit ca6493faf3
No known key found for this signature in database
GPG Key ID: 214B3EF39B4956B7
4 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/unifi/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: 5.12.35 appVersion: 5.12.35
description: Ubiquiti Network's Unifi Controller description: Ubiquiti Network's Unifi Controller
name: unifi name: unifi
version: 0.8.0 version: 0.8.1
keywords: keywords:
- ubiquiti - ubiquiti
- unifi - unifi

5
charts/unifi/README.md
View File

@ -102,8 +102,9 @@ The following tables lists the configurable parameters of the Unifi chart and th
| `GID` | `999` | Run the controller as group GID | | `GID` | `999` | Run the controller as group GID |
| `customCert.enabled` | `false` | Define whether you are using s custom certificate | | `customCert.enabled` | `false` | Define whether you are using s custom certificate |
| `customCert.isChain` | `false` | If you are using a Let's Encrypt certificate which already includes the full chain set this to `true` | | `customCert.isChain` | `false` | If you are using a Let's Encrypt certificate which already includes the full chain set this to `true` |
| `customCert.certName` | `cert.pem` | Name of the the certificate file in `<unifi-data>/cert` | | `customCert.certName` | `tls.crt` | Name of the the certificate file in `<unifi-data>/cert` |
| `customCert.keyName` | `privkey.pem` | Name of the the private key file in `<unifi-data>/cert` | | `customCert.keyName` | `tls.key` | Name of the the private key file in `<unifi-data>/cert` |
| `customCert.secretName` | `unifi-tls` | Name of the the k8s tls secret where the certificate and its key are stored. |
| `mongodb.enabled` | `false` | Use external MongoDB for data storage | | `mongodb.enabled` | `false` | Use external MongoDB for data storage |
| `mongodb.dbUri` | `mongodb://mongo/unifi` | external MongoDB URI | | `mongodb.dbUri` | `mongodb://mongo/unifi` | external MongoDB URI |
| `mongodb.statDbUri` | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI | | `mongodb.statDbUri` | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI |

25
charts/unifi/templates/deployment.yaml
View File

@ -101,6 +101,14 @@ spec:
- name: DB_NAME - name: DB_NAME
value: "{{ .Values.mongodb.databaseName }}" value: "{{ .Values.mongodb.databaseName }}"
{{- end }} {{- end }}
{{- if and .Values.customCert .Values.customCert.enabled }}
- name: CERT_IS_CHAIN
value: "{{ .Values.customCert.isChain }}"
- name: CERTNAME
value: "{{ .Values.customCert.certName }}"
- name: CERT_PRIVATE_NAME
value: "{{ .Values.customCert.keyName }}"
{{- end }}
volumeMounts: volumeMounts:
- mountPath: /unifi/data - mountPath: /unifi/data
name: unifi-data name: unifi-data
@ -109,8 +117,12 @@ spec:
name: unifi-data name: unifi-data
subPath: {{ ternary "log" (printf "%s/%s" .Values.persistence.subPath "log") (empty .Values.persistence.subPath) }} subPath: {{ ternary "log" (printf "%s/%s" .Values.persistence.subPath "log") (empty .Values.persistence.subPath) }}
- mountPath: /unifi/cert - mountPath: /unifi/cert
{{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }}
name: unifi-cert-secret
{{- else }}
name: unifi-data name: unifi-data
subPath: {{ ternary "cert" (printf "%s/%s" .Values.persistence.subPath "cert") (empty .Values.persistence.subPath) }} subPath: {{ ternary "cert" (printf "%s/%s" .Values.persistence.subPath "cert") (empty .Values.persistence.subPath) }}
{{- end }}
- mountPath: /unifi/init.d - mountPath: /unifi/init.d
name: unifi-data name: unifi-data
subPath: {{ ternary "init.d" (printf "%s/%s" .Values.persistence.subPath "init.d") (empty .Values.persistence.subPath) }} subPath: {{ ternary "init.d" (printf "%s/%s" .Values.persistence.subPath "init.d") (empty .Values.persistence.subPath) }}
@ -118,14 +130,6 @@ spec:
- name: extra-config - name: extra-config
mountPath: /configmap mountPath: /configmap
{{- end }} {{- end }}
{{- if and .Values.customCert .Values.customCert.enabled }}
- name: CERT_IS_CHAIN
value: "{{ .Values.customCert.isChain }}"
- name: CERTNAME
value: "{{ .Values.customCert.certName }}"
- name: CERT_PRIVATE_NAME
value: "{{ .Values.customCert.keyName }}"
{{- end }}
resources: resources:
{{ toYaml .Values.resources | indent 12 }} {{ toYaml .Values.resources | indent 12 }}
volumes: volumes:
@ -141,6 +145,11 @@ spec:
configMap: configMap:
name: {{ template "unifi.fullname" . }} name: {{ template "unifi.fullname" . }}
{{- end }} {{- end }}
{{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }}
- name: unifi-cert-secret
secret:
secretName: "{{ .Values.customCert.certSecret }}"
{{- end }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{ toYaml . | indent 8 }} {{ toYaml . | indent 8 }}

7
charts/unifi/values.yaml
View File

@ -185,8 +185,11 @@ GID: 999
customCert: customCert:
enabled: false enabled: false
isChain: false isChain: false
certName: cert.pem certName: tls.crt
keyName: privkey.pem keyName: tls.key
# If you want to store certificate and its key as a Kubernetes tls secret
# you can pass the name of that secret using certSecret variable
# certSecret: unifi-tls
# define an external mongoDB instead of using the built-in mongodb # define an external mongoDB instead of using the built-in mongodb
mongodb: mongodb: