Skip to content

fix: tls and missing env variables #242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rauny-henrique wants to merge 8 commits into
base: main
Choose a base branch
from
Open

fix: tls and missing env variables #242

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2c4aeee
fix: tls appsec secret name; added missing env AGENTS_ALLOWED_OU vari…
rauny-henrique Feb 7, 2025
9115be9
fix: appsec wrong Values reference
rauny-henrique Feb 10, 2025
bbfd0d6
fix: wrong values reference
rauny-henrique Feb 10, 2025
ffecb38
Update Chart.yaml
rauny-henrique Feb 11, 2025
d22d4cd
Update agent-daemonSet.yaml
rauny-henrique Feb 11, 2025
9f75c0b
Update agent-deployment.yaml
rauny-henrique Feb 11, 2025
d4c822b
Update agent-deployment.yaml
rauny-henrique Feb 11, 2025
25ffe4b
Merge branch 'main' into main
mmetc Apr 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/crowdsec/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.17.1
version: 0.17.2

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
8 changes: 4 additions & 4 deletions charts/crowdsec/templates/agent-daemonSet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,10 @@ spec:
mountPath: /tmp_config
{{- end }}
env:
- name: LAPI_HOST
value: "{{ .Values.agent.lapiHost | default (printf "%s-service.%s" .Release.Name .Release.Namespace) }}"
- name: LAPI_PORT
value: "{{ .Values.agent.lapiPort | default "8080" }}"
{{- if or (not .Values.tls.enabled) (not .Values.tls.agent.tlsClientAuth) }}
- name: REGISTRATION_TOKEN
valueFrom:
Expand All @@ -85,10 +89,6 @@ spec:
- name: LAPI_URL
value: "{{ .Values.agent.lapiURL | default (printf "http://%s-service.%s:8080" .Release.Name .Release.Namespace) }}"
{{- end }}
- name: LAPI_HOST
value: "{{ .Values.agent.lapiHost | default (printf "%s-service.%s" .Release.Name .Release.Namespace) }}"
- name: LAPI_PORT
value: "{{ .Values.agent.lapiPort | default "8080" }}"
{{- if .Values.agent.extraInitContainers }}
{{- toYaml .Values.agent.extraInitContainers | nindent 6 }}
{{- end }}
Expand Down
12 changes: 7 additions & 5 deletions charts/crowdsec/templates/agent-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,13 @@ spec:
volumeMounts:
- name: crowdsec-config
mountPath: /tmp_config
{{- end }}
env:
- name: LAPI_HOST
value: "{{ .Values.agent.lapiHost | default (printf "%s-service.%s" .Release.Name .Release.Namespace) }}"
- name: LAPI_PORT
value: "{{ .Values.agent.lapiPort | default "8080" }}"
{{- if or (not .Values.tls.enabled) (not .Values.tls.agent.tlsClientAuth) }}
- name: REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
Expand All @@ -84,11 +90,7 @@ spec:
fieldPath: metadata.name
- name: LAPI_URL
value: "{{ .Values.agent.lapiURL | default (printf "http://%s-service.%s:8080" .Release.Name .Release.Namespace) }}"
- name: LAPI_HOST
value: "{{ .Values.agent.lapiHost | default (printf "%s-service.%s" .Release.Name .Release.Namespace) }}"
- name: LAPI_PORT
value: "{{ .Values.agent.lapiPort | default "8080" }}"
{{- end }}
{{- end }}
{{- if .Values.agent.extraInitContainers }}
{{- toYaml .Values.agent.extraInitContainers | nindent 6 }}
{{- end }}
Expand Down
2 changes: 1 addition & 1 deletion charts/crowdsec/templates/appsec-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ spec:
mountPath: /tmp_config
{{- end }}
env:
{{- if or (not .Values.tls.enabled) (not .Values.tls.agent.tlsClientAuth) }}
{{- if or (not .Values.tls.enabled) (not .Values.tls.appsec.tlsClientAuth) }}
- name: REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
Expand Down
2 changes: 2 additions & 0 deletions charts/crowdsec/templates/lapi-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ spec:
{{- if .Values.tls.enabled }}
- name: LOCAL_API_URL
value: https://localhost:8080
- name: AGENTS_ALLOWED_OU
value: agent-ou,appsec-ou
{{- else }}
- name: LOCAL_API_URL
value: http://localhost:8080
Expand Down
2 changes: 1 addition & 1 deletion charts/crowdsec/templates/tls/bouncer-certificate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
duration: {{ .Values.tls.certManager.duration }}
renewBefore: {{ .Values.tls.certManager.renewBefore }}
secretTemplate:
{{ if or .Values.tls.agent.reflector.namespaces .Values.tls.certManager.secretTemplate.annotations }}
{{ if or .Values.tls.bouncer.reflector.namespaces .Values.tls.certManager.secretTemplate.annotations }}
annotations:
{{ if .Values.tls.bouncer.reflector.namespaces }}
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
Expand Down
2 changes: 1 addition & 1 deletion charts/crowdsec/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ tls:
namespaces: []
appsec:
tlsClientAuth: true
secret: "{{ .Release.Name }}-agent-tls"
secret: "{{ .Release.Name }}-appsec-tls"
reflector:
namespaces: []
lapi:
Expand Down