Skip to content

Commit

Permalink
Added fields for ca certificate configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@OlivierCazade
OlivierCazade committed Jul 27, 2023
1 parent 0e58e62 commit 1634e2f
Show file tree
Hide file tree
Showing 11 changed files with 344 additions and 12 deletions.
11 changes: 11 additions & 0 deletions api/v1alpha1/flowcollector_webhook.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ func (r *FlowCollector) ConvertTo(dstRaw conversion.Hub) error {

dst.Spec.Loki.StatusTLS = restored.Spec.Loki.StatusTLS

dst.Spec.Processor.Metrics.Server.TLS.InsecureSkipVerify = restored.Spec.Processor.Metrics.Server.TLS.InsecureSkipVerify
dst.Spec.Processor.Metrics.Server.TLS.ProvidedCaFile = restored.Spec.Processor.Metrics.Server.TLS.ProvidedCaFile

if restored.Spec.Exporters != nil {
for _, restoredExp := range restored.Spec.Exporters {
if !isExporterIn(restoredExp, dst.Spec.Exporters) {
Expand Down Expand Up @@ -139,3 +142,11 @@ func Convert_v1beta1_FlowCollectorLoki_To_v1alpha1_FlowCollectorLoki(in *v1beta1
func Convert_v1beta1_FlowCollectorExporter_To_v1alpha1_FlowCollectorExporter(in *v1beta1.FlowCollectorExporter, out *FlowCollectorExporter, s apiconversion.Scope) error {
return autoConvert_v1beta1_FlowCollectorExporter_To_v1alpha1_FlowCollectorExporter(in, out, s)
}

// // This function need to be manually created because conversion-gen not able to create it intentionally because
// // we have new defined fields in v1beta1 not in v1alpha1
// // nolint:golint,stylecheck,revive
// func Convert_v1beta1_CertificateReference_To_v1alpha1_CertificateReference(in *v1beta1.CertificateReference, out *CertificateReference, s apiconversion.Scope) error {
func Convert_v1beta1_ServerTLS_To_v1alpha1_ServerTLS(in *v1beta1.ServerTLS, out *ServerTLS, s apiconversion.Scope) error {
return autoConvert_v1beta1_ServerTLS_To_v1alpha1_ServerTLS(in, out, s)
}
17 changes: 7 additions & 10 deletions api/v1alpha1/zz_generated.conversion.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 27 additions & 0 deletions api/v1beta1/flowcollector_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,15 @@ type ServerTLS struct {
// TLS configuration.
// +optional
Provided *CertificateReference `json:"provided"`

//+kubebuilder:default:=false
// insecureSkipVerify allows skipping client-side verification of the provided certificate
// If set to true, ProvidedCaFile field will be ignored
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`

// Reference to the CA file will be ignored
// +optional
ProvidedCaFile *FileReference `json:"providedCaFile,omitempty"`
}

// MetricsServerConfig define the metrics server endpoint configuration for Prometheus scraper
Expand Down Expand Up @@ -658,6 +667,24 @@ const (
RefTypeConfigMap MountableType = "configmap"
)

type FileReference struct {
//+kubebuilder:validation:Enum=configmap;secret
// type for the file reference: "configmap" or "secret"
Type MountableType `json:"type,omitempty"`

// name of the config map or secret containing the file
Name string `json:"name,omitempty"`

// namespace of the config map or secret containing the file. If omitted, assumes same namespace as where NetObserv is deployed.
// If the namespace is different, the config map or the secret will be copied so that it can be mounted as required.
// +optional
//+kubebuilder:default:=""
Namespace string `json:"namespace,omitempty"`

// file defines the file name within the config map or secret
File string `json:"file,omitempty"`
}

type CertificateReference struct {
//+kubebuilder:validation:Enum=configmap;secret
// type for the certificate reference: "configmap" or "secret"
Expand Down
20 changes: 20 additions & 0 deletions api/v1beta1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

108 changes: 108 additions & 0 deletions bundle/manifests/flows.netobserv.io_flowcollectors.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3225,6 +3225,12 @@ spec:
description: caCert defines the reference of the certificate
for the Certificate Authority
properties:
caFile:
default: ""
description: caFile defines the path to the CA file
name within the config map or secret. Omit when
the ca file is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3234,6 +3240,12 @@ spec:
private key file name within the config map or
secret. Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping
client-side verification of the server certificate
If set to true, CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3270,6 +3282,12 @@ spec:
used for mTLS (you can ignore it when using regular,
one-way TLS)
properties:
caFile:
default: ""
description: caFile defines the path to the CA file
name within the config map or secret. Omit when
the ca file is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3279,6 +3297,12 @@ spec:
private key file name within the config map or
secret. Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping
client-side verification of the server certificate
If set to true, CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3341,6 +3365,12 @@ spec:
description: caCert defines the reference of the certificate
for the Certificate Authority
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3350,6 +3380,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3385,6 +3421,12 @@ spec:
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3394,6 +3436,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3491,6 +3539,12 @@ spec:
description: caCert defines the reference of the certificate
for the Certificate Authority
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3500,6 +3554,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3535,6 +3595,12 @@ spec:
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3544,6 +3610,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3592,6 +3664,12 @@ spec:
description: caCert defines the reference of the certificate
for the Certificate Authority
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3601,6 +3679,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -3636,6 +3720,12 @@ spec:
used for mTLS (you can ignore it when using regular, one-way
TLS)
properties:
caFile:
default: ""
description: caFile defines the path to the CA file name
within the config map or secret. Omit when the ca file
is not necessary.
type: string
certFile:
description: certFile defines the path to the certificate
file name within the config map or secret
Expand All @@ -3645,6 +3735,12 @@ spec:
private key file name within the config map or secret.
Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping client-side
verification of the server certificate If set to true,
CACert field will be ignored
type: boolean
name:
description: name of the config map or secret containing
certificates
Expand Down Expand Up @@ -4369,6 +4465,12 @@ spec:
provided:
description: TLS configuration.
properties:
caFile:
default: ""
description: caFile defines the path to the CA
file name within the config map or secret. Omit
when the ca file is not necessary.
type: string
certFile:
description: certFile defines the path to the
certificate file name within the config map
Expand All @@ -4379,6 +4481,12 @@ spec:
private key file name within the config map
or secret. Omit when the key is not necessary.
type: string
insecureSkipVerify:
default: false
description: insecureSkipVerify allows skipping
client-side verification of the server certificate
If set to true, CACert field will be ignored
type: boolean
name:
description: name of the config map or secret
containing certificates
Expand Down

0 comments on commit 1634e2f

Please sign in to comment.