This repository has been archived by the owner on Jan 7, 2021. It is now read-only.
GitHub ci & automatic insecure installation #6
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
I added GitHub Actions ci steps to test this chart.
I couldn't test it because of the manual steps so I added jobs & a PVC to handle manual steps artifacts creation.
I couldn't test it either because chart-testing for some reason cannot handle files in a root directory so I moved the chart in
charts/k8s-ovpn-chart
. This modification could turn this repository in asuda/charts
repository where you could host other charts.I want to keep the original way still relevant because of the security obviously. Could you tell me if I missed something
?
extraOptions not yet ready, but not yet necessary ? Edit: fixed in 16e4f9a
I hope it is clear enough that the automatic way is insecure because of the passwordless CA key, though I need help to find a way to provide a password from maybe an environment variable to the job oven_initpki Job, I know this is possible for some binaries to handle such behavior but couldn't make it work like this:
$ echo 'some_password' | docker run --net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_initpki -
Adding a CI is mostly a first step towards a fully automatic & secure way of installing this chart, creating client ovpn files (with password as arguments) via a sidecar container in the deployment serving an http api to handle crud operations on client ovpn files...
Maybe @kylemanna could provide some input (can't seem to be able to notify from here), Edit: (seems to work).