From d5c07b7600d29c2ae584b3f2d2e3fe3c9f1337af Mon Sep 17 00:00:00 2001 From: Philipp Eder Date: Mon, 23 Oct 2023 18:00:34 +0200 Subject: [PATCH] Change: add https definition --- .github/workflows/helm-build-chart.yml | 13 ++++--------- charts/Makefile | 13 +++++++++++++ charts/openvasd/README.md | 6 +++--- charts/openvasd/mtls-wo-ingress.yaml | 7 +++++++ charts/openvasd/templates/deployment.yaml | 7 ++++++- charts/openvasd/templates/service.yaml | 6 +++++- 6 files changed, 38 insertions(+), 14 deletions(-) create mode 100644 charts/Makefile create mode 100644 charts/openvasd/mtls-wo-ingress.yaml diff --git a/.github/workflows/helm-build-chart.yml b/.github/workflows/helm-build-chart.yml index eb88806098..48e15f20a3 100644 --- a/.github/workflows/helm-build-chart.yml +++ b/.github/workflows/helm-build-chart.yml @@ -18,22 +18,17 @@ jobs: metrics-enabled: false - name: deploy openvasd run: | - helm uninstall openvasd --namespace openvasd|| true - helm install --namespace openvasd --create-namespace openvasd charts/openvasd/ --values charts/openvasd/values.yaml + helm uninstall openvasd --namespace openvasd|| true + helm install --namespace openvasd --create-namespace openvasd charts/openvasd/ --values charts/openvasd/values.yaml --values charts/openvasd/https-root.yaml kubectl rollout status --watch --timeout 600s deployment/openvasd --namespace openvasd - sleep 5 - - id: smoketest - run: echo "POD_NAME=$(kubectl get pods --namespace openvasd |grep openvasd | awk '{print $1;}')" >> $GITHUB_OUTPUT - name: forward port run: | - echo "POD_NAME: ${{ steps.smoketest.outputs.POD_NAME }}" - echo "$(kubectl get pods)" - kubectl --namespace openvasd port-forward ${{ steps.smoketest.outputs.POD_NAME }} 8080:3000 & + kubectl --namespace openvasd port-forward deployment/openvasd 8443:443& - name: smoketest working-directory: rust/smoketest env: API_KEY: changeme - OPENVASD_SERVER: https://127.0.0.1:8080 + OPENVASD_SERVER: https://127.0.0.1:8443 SCAN_CONFIG: configs/simple_scan_ssh_only.json CLIENT_KEY: configs/client_sample.key CLIENT_CERT: configs/client_sample.cert diff --git a/charts/Makefile b/charts/Makefile new file mode 100644 index 0000000000..105fbab2c0 --- /dev/null +++ b/charts/Makefile @@ -0,0 +1,13 @@ +_PHONY: install-http install-mtls uninstall log-openvasd + +install-http: + helm install --namespace openvasd --create-namespace openvasd openvasd/ --values openvasd/values.yaml --values openvasd/http-root.yaml + +install-mtls: + helm install --namespace openvasd --create-namespace openvasd openvasd/ --values openvasd/values.yaml --values openvasd/mtls-wo-ingress.yaml + +uninstall: + helm uninstall -n openvasd openvasd + +log-openvasd: + kubectl logs -n openvasd deployment/openvasd -c openvasd diff --git a/charts/openvasd/README.md b/charts/openvasd/README.md index 6855aacc51..1c99a9d687 100644 --- a/charts/openvasd/README.md +++ b/charts/openvasd/README.md @@ -61,14 +61,14 @@ Once you installed the containers, run the following commands to rollout the pod `kubectl rollout status --watch --timeout 600s deployment/openvasd` Get the pod name -`export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=openvasd,app.kubernetes.io/instance=openvasd" -o jsonpath="{.items[0].metadata.name}")` +`export POD_NAME=$(kubectl get pods --namespace openvasd -l "app.kubernetes.io/name=openvasd,app.kubernetes.io/instance=openvasd" -o jsonpath="{.items[0].metadata.name}")` Forward the port -`kubectl --namespace default port-forward $POD_NAME 8080:3000` +`kubectl --namespace openvasd port-forward $POD_NAME 8443:443` For testing, you can use the following command: -`curl --verbose --key $CLIENT_KEY --cert $CLIENT_CERT --insecure --request HEAD https://127.0.0.1:8080 -H "X-API-KEY: changeme"` +`curl --verbose --key $CLIENT_KEY --cert $CLIENT_CERT --insecure --request HEAD https://127.0.0.1:8443 -H "X-API-KEY: changeme"` # Design decisions diff --git a/charts/openvasd/mtls-wo-ingress.yaml b/charts/openvasd/mtls-wo-ingress.yaml new file mode 100644 index 0000000000..b93d1e30c0 --- /dev/null +++ b/charts/openvasd/mtls-wo-ingress.yaml @@ -0,0 +1,7 @@ +ingress: + enabled: false +openvasd: + tls: + certificates: + deploy_server: true + deploy_client: true diff --git a/charts/openvasd/templates/deployment.yaml b/charts/openvasd/templates/deployment.yaml index dac5d24aae..eee601d7cc 100644 --- a/charts/openvasd/templates/deployment.yaml +++ b/charts/openvasd/templates/deployment.yaml @@ -169,8 +169,13 @@ spec: - containerPort: 3000 protocol: TCP env: + {{- if eq .Values.openvasd.tls.certificates.deploy_server true }} + - name: LISTENING + value: "0.0.0.0:443" + {{ else }} - name: LISTENING - value: "0.0.0.0:3000" + value: "0.0.0.0:80" + {{ end }} - name: OSPD_SOCKET value: /run/ospd/ospd-openvas.sock - name: OPENVASD_LOG diff --git a/charts/openvasd/templates/service.yaml b/charts/openvasd/templates/service.yaml index 17f62de8a7..0593e3cb9a 100644 --- a/charts/openvasd/templates/service.yaml +++ b/charts/openvasd/templates/service.yaml @@ -8,7 +8,11 @@ spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} - targetPort: 3000 + {{- if eq .Values.openvasd.tls.certificates.deploy_server true }} + targetPort: 443 + {{ else }} + targetPort: 80 + {{ end }} protocol: TCP name: http selector: