From cee619f62e1d2c6527ed587a9c256f68db7b1ee1 Mon Sep 17 00:00:00 2001 From: Caleb Lloyd Date: Thu, 24 Mar 2022 18:48:14 -0400 Subject: [PATCH] [surveyor helm] make TLS CA optional Signed-off-by: Caleb Lloyd --- helm/charts/surveyor/Chart.yaml | 2 +- helm/charts/surveyor/templates/configmap.yaml | 2 ++ helm/charts/surveyor/templates/deployment.yaml | 2 ++ helm/charts/surveyor/values.yaml | 8 ++++---- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/helm/charts/surveyor/Chart.yaml b/helm/charts/surveyor/Chart.yaml index 70a237c6..e339f13a 100644 --- a/helm/charts/surveyor/Chart.yaml +++ b/helm/charts/surveyor/Chart.yaml @@ -3,5 +3,5 @@ apiVersion: v2 name: surveyor description: NATS Monitoring, Simplified. type: application -version: 0.13.0 +version: 0.13.1 appVersion: 0.2.2 diff --git a/helm/charts/surveyor/templates/configmap.yaml b/helm/charts/surveyor/templates/configmap.yaml index e2781e9d..76ce35c7 100644 --- a/helm/charts/surveyor/templates/configmap.yaml +++ b/helm/charts/surveyor/templates/configmap.yaml @@ -11,7 +11,9 @@ data: { "name": "{{ .name }}", {{- if .tls }} + {{- if .tls.ca }} "tls_ca": "/etc/nats-certs/accounts/{{ .name }}/{{ .tls.ca }}", + {{- end }} "tls_cert": "/etc/nats-certs/accounts/{{ .name }}/{{ .tls.cert }}", "tls_key": "/etc/nats-certs/accounts/{{ .name }}/{{ .tls.key }}" {{- end }} diff --git a/helm/charts/surveyor/templates/deployment.yaml b/helm/charts/surveyor/templates/deployment.yaml index 89d97317..9c91cbef 100644 --- a/helm/charts/surveyor/templates/deployment.yaml +++ b/helm/charts/surveyor/templates/deployment.yaml @@ -53,7 +53,9 @@ spec: {{- end }} {{- with .tls }} + {{- if .ca }} - -tlscacert=/etc/nats-certs/clients/{{ .ca }} + {{- end }} - -tlskey=/etc/nats-certs/clients/{{ .key }} - -tlscert=/etc/nats-certs/clients/{{ .cert }} {{- end }} diff --git a/helm/charts/surveyor/values.yaml b/helm/charts/surveyor/values.yaml index a3a26850..a03e761a 100644 --- a/helm/charts/surveyor/values.yaml +++ b/helm/charts/surveyor/values.yaml @@ -78,17 +78,17 @@ config: # Expected number of servers expectedServers: 1 - # Required if auth is enabled. + # Required if NATS auth is enabled # credentials: # secret: # name: nats-sys-creds # key: sys.creds - # Required if tls is enabled. + # Required for NATS mutual TLS # tls: # secret: # name: nats-client-tls - # ca: "ca.crt" + # ca: "ca.crt" # optional # cert: "tls.crt" # key: "tls.key" @@ -99,6 +99,6 @@ config: # tls: # secret: # name: test-user-tls - # ca: "ca.crt" + # ca: "ca.crt" # optional # cert: "tls.crt" # key: "tls.key"