diff options
author | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-24 14:02:35 +0300 |
---|---|---|
committer | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-30 16:08:30 +0300 |
commit | 11edbcccef37f08b089386c41d3914df7f48a677 (patch) | |
tree | 3017e5e2904d11023075c5e84ddba5320e2b623f /app/models/clusters | |
parent | ce897f11a0650b0d6938cb506a030ef00160ab7a (diff) |
Get mutual SSL working with helm tiller
Diffstat (limited to 'app/models/clusters')
-rw-r--r-- | app/models/clusters/applications/helm.rb | 38 | ||||
-rw-r--r-- | app/models/clusters/concerns/application_data.rb | 17 |
2 files changed, 51 insertions, 4 deletions
diff --git a/app/models/clusters/applications/helm.rb b/app/models/clusters/applications/helm.rb index 06d85a69b29..f08224e94c2 100644 --- a/app/models/clusters/applications/helm.rb +++ b/app/models/clusters/applications/helm.rb @@ -1,13 +1,40 @@ +require 'openssl' + module Clusters module Applications class Helm < ActiveRecord::Base self.table_name = 'clusters_applications_helm' + attr_encrypted :ca_key, + mode: :per_attribute_iv, + key: Settings.attr_encrypted_db_key_base_truncated, + algorithm: 'aes-256-cbc' + include ::Clusters::Concerns::ApplicationCore include ::Clusters::Concerns::ApplicationStatus default_value_for :version, Gitlab::Kubernetes::Helm::HELM_VERSION + before_create :create_keys_and_certs + + def create_keys_and_certs + ca_cert = Gitlab::Kubernetes::Helm::Certificate.generate_root + self.ca_key = ca_cert.key_string + self.ca_cert = ca_cert.cert_string + end + + def ca_cert_obj + return unless has_ssl? + + Gitlab::Kubernetes::Helm::Certificate + .from_strings(ca_key, ca_cert) + end + + def issue_cert + ca_cert_obj + .issue + end + def set_initial_status return unless not_installable? @@ -15,11 +42,20 @@ module Clusters end def install_command + tiller_cert = issue_cert Gitlab::Kubernetes::Helm::InitCommand.new( name: name, - files: {} + files: { + 'ca.pem': ca_cert, + 'cert.pem': tiller_cert.cert_string, + 'key.pem': tiller_cert.key_string + } ) end + + def has_ssl? + ca_key.present? && ca_cert.present? + end end end end diff --git a/app/models/clusters/concerns/application_data.rb b/app/models/clusters/concerns/application_data.rb index 215a299dd03..7738138e753 100644 --- a/app/models/clusters/concerns/application_data.rb +++ b/app/models/clusters/concerns/application_data.rb @@ -13,9 +13,20 @@ module Clusters end def files - { - 'values.yaml': values - } + @files ||= begin + files = { 'values.yaml': values } + if cluster.application_helm.has_ssl? + ca_cert = cluster.application_helm.ca_cert + helm_cert = cluster.application_helm.issue_cert + files.merge!({ + 'ca.pem': ca_cert, + 'cert.pem': helm_cert.cert_string, + 'key.pem': helm_cert.key_string + }) + end + + files + end end private |