Skip to content

Commit

Permalink
Change: add https definition
Browse files Browse the repository at this point in the history
  • Loading branch information
nichtsfrei committed Oct 25, 2023
1 parent 7975972 commit d5c07b7
Show file tree
Hide file tree
Showing 6 changed files with 38 additions and 14 deletions.
13 changes: 4 additions & 9 deletions .github/workflows/helm-build-chart.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,22 +18,17 @@ jobs:
metrics-enabled: false
- name: deploy openvasd
run: |
helm uninstall openvasd --namespace openvasd|| true
helm install --namespace openvasd --create-namespace openvasd charts/openvasd/ --values charts/openvasd/values.yaml
helm uninstall openvasd --namespace openvasd|| true
helm install --namespace openvasd --create-namespace openvasd charts/openvasd/ --values charts/openvasd/values.yaml --values charts/openvasd/https-root.yaml
kubectl rollout status --watch --timeout 600s deployment/openvasd --namespace openvasd
sleep 5
- id: smoketest
run: echo "POD_NAME=$(kubectl get pods --namespace openvasd |grep openvasd | awk '{print $1;}')" >> $GITHUB_OUTPUT
- name: forward port
run: |
echo "POD_NAME: ${{ steps.smoketest.outputs.POD_NAME }}"
echo "$(kubectl get pods)"
kubectl --namespace openvasd port-forward ${{ steps.smoketest.outputs.POD_NAME }} 8080:3000 &
kubectl --namespace openvasd port-forward deployment/openvasd 8443:443&
- name: smoketest
working-directory: rust/smoketest
env:
API_KEY: changeme
OPENVASD_SERVER: https://127.0.0.1:8080
OPENVASD_SERVER: https://127.0.0.1:8443
SCAN_CONFIG: configs/simple_scan_ssh_only.json
CLIENT_KEY: configs/client_sample.key
CLIENT_CERT: configs/client_sample.cert
Expand Down
13 changes: 13 additions & 0 deletions charts/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
_PHONY: install-http install-mtls uninstall log-openvasd

install-http:
helm install --namespace openvasd --create-namespace openvasd openvasd/ --values openvasd/values.yaml --values openvasd/http-root.yaml

install-mtls:
helm install --namespace openvasd --create-namespace openvasd openvasd/ --values openvasd/values.yaml --values openvasd/mtls-wo-ingress.yaml

uninstall:
helm uninstall -n openvasd openvasd

log-openvasd:
kubectl logs -n openvasd deployment/openvasd -c openvasd
6 changes: 3 additions & 3 deletions charts/openvasd/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,14 @@ Once you installed the containers, run the following commands to rollout the pod
`kubectl rollout status --watch --timeout 600s deployment/openvasd`

Get the pod name
`export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=openvasd,app.kubernetes.io/instance=openvasd" -o jsonpath="{.items[0].metadata.name}")`
`export POD_NAME=$(kubectl get pods --namespace openvasd -l "app.kubernetes.io/name=openvasd,app.kubernetes.io/instance=openvasd" -o jsonpath="{.items[0].metadata.name}")`

Forward the port
`kubectl --namespace default port-forward $POD_NAME 8080:3000`
`kubectl --namespace openvasd port-forward $POD_NAME 8443:443`

For testing, you can use the following command:

`curl --verbose --key $CLIENT_KEY --cert $CLIENT_CERT --insecure --request HEAD https://127.0.0.1:8080 -H "X-API-KEY: changeme"`
`curl --verbose --key $CLIENT_KEY --cert $CLIENT_CERT --insecure --request HEAD https://127.0.0.1:8443 -H "X-API-KEY: changeme"`


# Design decisions
Expand Down
7 changes: 7 additions & 0 deletions charts/openvasd/mtls-wo-ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
ingress:
enabled: false
openvasd:
tls:
certificates:
deploy_server: true
deploy_client: true
7 changes: 6 additions & 1 deletion charts/openvasd/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -169,8 +169,13 @@ spec:
- containerPort: 3000
protocol: TCP
env:
{{- if eq .Values.openvasd.tls.certificates.deploy_server true }}
- name: LISTENING
value: "0.0.0.0:443"
{{ else }}
- name: LISTENING
value: "0.0.0.0:3000"
value: "0.0.0.0:80"
{{ end }}
- name: OSPD_SOCKET
value: /run/ospd/ospd-openvas.sock
- name: OPENVASD_LOG
Expand Down
6 changes: 5 additions & 1 deletion charts/openvasd/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,11 @@ spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: 3000
{{- if eq .Values.openvasd.tls.certificates.deploy_server true }}
targetPort: 443
{{ else }}
targetPort: 80
{{ end }}
protocol: TCP
name: http
selector:
Expand Down

0 comments on commit d5c07b7

Please sign in to comment.