feat: update helmchart using new extension discovery annotation and improved tls configuration

joshiste · joshiste · commit cc92aa0cf6f7 · 2023-07-28T18:17:09.000+02:00
diff --git a/charts/steadybit-extension-prometheus/Chart.lock b/charts/steadybit-extension-prometheus/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: extensionlib
   repository: https://steadybit.github.io/helm-charts
-  version: 1.2.0
-digest: sha256:8797b2f7c03291e3115e76a62b43d27827181c28606b49e2d3aeffda3f287bb0
-generated: "2023-04-26T14:12:11.782862+02:00"
+  version: 1.4.0
+digest: sha256:c3931aae14c06eac0b12f52e593eb270c729c263cdea9264d3f9b099c2be72ab
+generated: "2023-07-28T17:40:01.986481+02:00"
diff --git a/charts/steadybit-extension-prometheus/Chart.yaml b/charts/steadybit-extension-prometheus/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: steadybit-extension-prometheus
 description: Steadybit Prometheus extension Helm chart for Kubernetes.
-version: 1.4.7
+version: 1.4.8
 appVersion: latest
 home: https://www.steadybit.com/
 icon: https://steadybit-website-assets.s3.amazonaws.com/logo-symbol-transparent.png
@@ -21,5 +21,5 @@ annotations:
       url: https://hub.steadybit.com
 dependencies:
   - name: extensionlib
-    version: 1.2.0
+    version: ^1.4.0
     repository: https://steadybit.github.io/helm-charts
diff --git a/charts/steadybit-extension-prometheus/charts/extensionlib-1.2.0.tgz b/charts/steadybit-extension-prometheus/charts/extensionlib-1.2.0.tgz
diff --git a/charts/steadybit-extension-prometheus/charts/extensionlib-1.4.0.tgz b/charts/steadybit-extension-prometheus/charts/extensionlib-1.4.0.tgz
diff --git a/charts/steadybit-extension-prometheus/tests/__snapshot__/deployment_test.yaml.snap b/charts/steadybit-extension-prometheus/tests/__snapshot__/deployment_test.yaml.snap
@@ -122,7 +122,7 @@ manifest should match snapshot with extra env vars:
                 runAsUser: 10000
               volumeMounts: null
           volumes: null
-manifest should match snapshot with mutual TLS:
+manifest should match snapshot with mutual TLS using containerPaths:
   1: |
     apiVersion: apps/v1
     kind: Deployment
@@ -147,11 +147,11 @@ manifest should match snapshot with mutual TLS:
                 - name: STEADYBIT_LOG_FORMAT
                   value: text
                 - name: STEADYBIT_EXTENSION_TLS_SERVER_CERT
-                  value: /etc/extension/certificates/server-cert/tls.crt
+                  value: /etc/tls/server.crt
                 - name: STEADYBIT_EXTENSION_TLS_SERVER_KEY
-                  value: /etc/extension/certificates/server-cert/tls.key
+                  value: /etc/tls/server.key
                 - name: STEADYBIT_EXTENSION_TLS_CLIENT_CAS
-                  value: /etc/extension/certificates/client-cert-a/tls.crt,/etc/extension/certificates/client-cert-a/tls.crt
+                  value: /etc/tls/ca.crt,/etc/tls/ca2.crt
                 - name: STEADYBIT_EXTENSION_PROMETHEUS_INSTANCE_0_NAME
                   value: null
                 - name: STEADYBIT_EXTENSION_PROMETHEUS_INSTANCE_0_ORIGIN
@@ -179,22 +179,8 @@ manifest should match snapshot with mutual TLS:
                 runAsGroup: 10000
                 runAsNonRoot: true
                 runAsUser: 10000
-              volumeMounts:
-                - mountPath: /etc/extension/certificates/client-cert-a
-                  name: certificate-client-cert-a
-                  readOnly: true
-                - mountPath: /etc/extension/certificates/server-cert
-                  name: certificate-server-cert
-                  readOnly: true
-          volumes:
-            - name: certificate-client-cert-a
-              secret:
-                optional: false
-                secretName: client-cert-a
-            - name: certificate-server-cert
-              secret:
-                optional: false
-                secretName: server-cert
+              volumeMounts: null
+          volumes: null
 manifest should match snapshot without TLS:
   1: |
     apiVersion: apps/v1
diff --git a/charts/steadybit-extension-prometheus/tests/__snapshot__/service_test.yaml.snap b/charts/steadybit-extension-prometheus/tests/__snapshot__/service_test.yaml.snap
@@ -4,7 +4,8 @@ manifest should match snapshot with TLS:
     kind: Service
     metadata:
       annotations:
-        steadybit.com/extension-auto-discovery: "{\n  \"extensions\": [\n    {\n      \"port\": 8087,\n      \"types\": [\"ACTION\",\"DISCOVERY\"],\n      \"tls\": {\n        \"server\": {\n          \"extraCertsFile\": \"server-cert/tls.crt\"\n        }\n        \n      }\n    }\n  ]\n}\n"
+        steadybit.com/extension-auto-discovery: |
+          {"extensions":[{"port":8087,"protocol":"https","types":["ACTION","DISCOVERY"]}]}
       labels: null
       name: RELEASE-NAME-steadybit-extension-prometheus
       namespace: NAMESPACE
@@ -22,23 +23,25 @@ manifest should match snapshot with mutual TLS:
     metadata:
       annotations:
         steadybit.com/extension-auto-discovery: |
-          {
-            "extensions": [
-              {
-                "port": 8087,
-                "types": ["ACTION","DISCOVERY"],
-                "tls": {
-                  "server": {
-                    "extraCertsFile": "server-cert/tls.crt"
-                  },
-                  "client": {
-                    "certChainFile": "client-cert-a/tls.crt",
-                    "certKeyFile": "client-cert-a/tls.key"
-                  }
-                }
-              }
-            ]
-          }
+          {"extensions":[{"port":8087,"protocol":"https","types":["ACTION","DISCOVERY"]}]}
+      labels: null
+      name: RELEASE-NAME-steadybit-extension-prometheus
+      namespace: NAMESPACE
+    spec:
+      ports:
+        - port: 8087
+          protocol: TCP
+          targetPort: 8087
+      selector:
+        app.kubernetes.io/name: steadybit-extension-prometheus
+manifest should match snapshot with mutual TLS using containerPaths:
+  1: |
+    apiVersion: v1
+    kind: Service
+    metadata:
+      annotations:
+        steadybit.com/extension-auto-discovery: |
+          {"extensions":[{"port":8087,"protocol":"https","types":["ACTION","DISCOVERY"]}]}
       labels: null
       name: RELEASE-NAME-steadybit-extension-prometheus
       namespace: NAMESPACE
@@ -55,7 +58,8 @@ manifest should match snapshot without TLS:
     kind: Service
     metadata:
       annotations:
-        steadybit.com/extension-auto-discovery: "{\n  \"extensions\": [\n    {\n      \"port\": 8087,\n      \"types\": [\"ACTION\",\"DISCOVERY\"],\n      \"tls\": {\n        \n      }\n    }\n  ]\n}\n"
+        steadybit.com/extension-auto-discovery: |
+          {"extensions":[{"port":8087,"protocol":"http","types":["ACTION","DISCOVERY"]}]}
       labels: null
       name: RELEASE-NAME-steadybit-extension-prometheus
       namespace: NAMESPACE
diff --git a/charts/steadybit-extension-prometheus/tests/deployment_test.yaml b/charts/steadybit-extension-prometheus/tests/deployment_test.yaml
@@ -23,6 +23,31 @@ tests:
             fromSecrets:
               - client-cert-a
               - client-cert-a
+  - it: manifest should match snapshot with mutual TLS using containerPaths
+    set:
+      tls:
+        server:
+          certificate:
+            path: /etc/tls/server.crt
+            key:
+              path: /etc/tls/server.key
+        client:
+          certificates:
+            paths:
+              - /etc/tls/ca.crt
+              - /etc/tls/ca2.crt
+    asserts:
+      - matchSnapshot: {}
+  - it: manifest should match snapshot with extra env vars
+    set:
+      extraEnv:
+        - name: FOO
+          value: "bar"
+      extraEnvFrom:
+       - configMapRef:
+         name: env-configmap
+       - secretRef:
+         name: env-secrets
     asserts:
       - matchSnapshot: {}
   - it: manifest should match snapshot with extra env vars
diff --git a/charts/steadybit-extension-prometheus/tests/service_test.yaml b/charts/steadybit-extension-prometheus/tests/service_test.yaml
@@ -3,15 +3,15 @@ templates:
 tests:
   - it: manifest should match snapshot without TLS
     asserts:
-      - matchSnapshot: { }
+      - matchSnapshot: {}
   - it: manifest should match snapshot with TLS
     set:
       tls:
         server:
           certificate:
             fromSecret: server-cert
     asserts:
-      - matchSnapshot: { }
+      - matchSnapshot: {}
   - it: manifest should match snapshot with mutual TLS
     set:
       tls:
@@ -25,3 +25,18 @@ tests:
               - client-cert-a
     asserts:
       - matchSnapshot: {}
+  - it: manifest should match snapshot with mutual TLS using containerPaths
+    set:
+      tls:
+        server:
+          certificate:
+            path: /etc/tls/server.crt
+            key:
+              path: /etc/tls/server.key
+        client:
+          certificates:
+            paths:
+              - /etc/tls/ca.crt
+              - /etc/tls/ca2.crt
+    asserts:
+      - matchSnapshot: {}
diff --git a/charts/steadybit-extension-prometheus/values.yaml b/charts/steadybit-extension-prometheus/values.yaml
@@ -20,15 +20,22 @@ image:
 tls:
   server:
     certificate:
-      # tls.server.certificate.fromSecret -- The name of the secret containing the TLS certificate for the extension. The extension will then create
-      # an HTTPS server instead of an HTTP server.
+      # tls.server.certificate.fromSecret -- The name of the secret containing the TLS certificate for the extension.
+      #  The extension will then create an HTTPS server instead of an HTTP server.
       fromSecret: null
+      # tls.server.certificate.path --Path to the TLS certificate for the extension.
+      path: null
+      key:
+        # tls.server.certificate.key-path --Path to the key for the TLS certificate for the extension.
+        path: null
   client:
     certificates:
-      # tls.client.certificates.fromSecrets -- List of secret names containing TLS certificates for the extension to trust. The extension will require
-      # clients to authenticate using one of these certificates. In essence, this will enable mutual TLS.
+      # tls.client.certificates.fromSecrets -- List of secret names containing TLS certificates for the extension to trust.
+      #  The extension will require clients to authenticate using one of these certificates. In essence, this will enable mutual TLS.
       fromSecrets: []
-
+      # tls.client.certificates.paths -- List paths containing TLS certificates for the extension to trust.
+      #  The extension will require clients to authenticate using one of these certificates. In essence, this will enable mutual TLS.
+      paths: []
 logging:
   # logging.level -- The active log level. Valid values are: TRACE, DEBUG, INFO, WARN, ERROR
   level: INFO
