This repository has been archived by the owner on Jan 7, 2021. It is now read-only.
GitHub ci & automatic insecure installation #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 6 commits
September 27, 2020 16:48
added GitHub Actions ci & automatic though insecure initialization steps
fixed automatic.extraOptions
k8s-ovpn-chart pvc hotfix
suda
suggested changes
Nov 5, 2020
|
Hello, As I understood how it happened on my side and in github action chart testing, a namespace is created for each release BUT it may be a flag used for the helm command inside the github action only ! So yeah, it will be wiser to revert this change. As of the I pushed this chart a little bit further (automatic secured CA & ovpn binaries tasks such as create/read/delete clients) https://github.com/shokohsc/charts/tree/main/charts/openvpn-server |
|
fixed #7 too |
|
Great! I'm going to merge and release this 👍 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
I added GitHub Actions ci steps to test this chart.
I couldn't test it because of the manual steps so I added jobs & a PVC to handle manual steps artifacts creation.
I couldn't test it either because chart-testing for some reason cannot handle files in a root directory so I moved the chart in
charts/k8s-ovpn-chart. This modification could turn this repository in asuda/chartsrepository where you could host other charts.I want to keep the original way still relevant because of the security obviously. Could you tell me if I missed something
?
extraOptions not yet ready, but not yet necessary ? Edit: fixed in 16e4f9a
I hope it is clear enough that the automatic way is insecure because of the passwordless CA key, though I need help to find a way to provide a password from maybe an environment variable to the job oven_initpki Job, I know this is possible for some binaries to handle such behavior but couldn't make it work like this:
$ echo 'some_password' | docker run --net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_initpki -Adding a CI is mostly a first step towards a fully automatic & secure way of installing this chart, creating client ovpn files (with password as arguments) via a sidecar container in the deployment serving an http api to handle crud operations on client ovpn files...
Maybe @kylemanna could provide some input (can't seem to be able to notify from here), Edit: (seems to work).