From 7ed13b11cf80d92ed2c343c8519a3d8b5e9231c8 Mon Sep 17 00:00:00 2001 From: ddalvi Date: Sat, 27 Apr 2024 17:28:56 -0400 Subject: [PATCH] Update integration tests to use tls enabled DB/storage --- .github/resources/mariadb/certs-secret.yaml | 9 +++++ .github/resources/mariadb/deployment.yaml | 32 ++++++++++++++-- .github/resources/mariadb/kustomization.yaml | 3 ++ .../mariadb/self-signed-ca-configmap.yaml | 37 +++++++++++++++++++ .../mariadb/tls-config-configmap.yaml | 16 ++++++++ .../resources/minio/cabundle-configmap.yaml | 29 +++++++++++++++ .github/resources/minio/certs-secret.yaml | 9 +++++ .github/resources/minio/deployment.yaml | 22 +++++++++++ .github/resources/minio/kustomization.yaml | 2 + .github/resources/tls/root-ca-configmap.yaml | 36 ++++++++++++++++++ .github/workflows/kind-integration.yml | 10 ++++- .gitleaks.toml | 10 +++++ tests/resources/dspa-external-lite.yaml | 10 ++--- 13 files changed, 215 insertions(+), 10 deletions(-) create mode 100644 .github/resources/mariadb/certs-secret.yaml create mode 100644 .github/resources/mariadb/self-signed-ca-configmap.yaml create mode 100644 .github/resources/mariadb/tls-config-configmap.yaml create mode 100644 .github/resources/minio/cabundle-configmap.yaml create mode 100644 .github/resources/minio/certs-secret.yaml create mode 100644 .github/resources/tls/root-ca-configmap.yaml create mode 100644 .gitleaks.toml diff --git a/.github/resources/mariadb/certs-secret.yaml b/.github/resources/mariadb/certs-secret.yaml new file mode 100644 index 00000000..56a0fbb8 --- /dev/null +++ b/.github/resources/mariadb/certs-secret.yaml @@ -0,0 +1,9 @@ +kind: Secret +apiVersion: v1 +metadata: + name: mariadb-certs + namespace: test-mariadb +data: + private.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKSndJQkFBS0NBZ0VBMFp2WnpoY1FDS1B4TVVHZG1VL0Z2YUhoU1lUd3RqcjhubitXQTFBcWUvK1d1OHVKCm9tUmRNRTZuZUlFcm1JeVRkcy9XRCtGeGE2R0hEbDNFNXNyam41SFhiZWFlMStFQlBJaWtWOWZoS3FBc3g5Zm8KZzRMb0JvSkVJYmcwajhLQTFlanR2a3NGZTU4Snl6b3FlK3BtTjlGSU1BYnBSaTVDc21FTFhkaE9CTGVGZkFhcgo3VE1lTm5uRTRWVzZSdkdBOU5FVDUyblNFU0JxY01rUjFkeFFGemJrb01iaXQ2d0NTaDhRajZ4VlJ2elZ5RzU4CnJUcVFDNFpia2VidmtNUjlybWUxZWF1Sk4xS2U2dm0waU5lemdIR0RKM2RJLytCT0FKc2EyTGExZGozK3cyZGUKSVNlbVhXb1JlTWl1d01rS29ZdmozSVlMMzdJTWJwekJoMXF3K1Y3bTYyUEFhNW04L2Q3QjJLRUtzRnBZQ1lpSQpTTnNMaFJZL0w3dlJJTGVoRUt5ME9FQ3k2SERxbGhENGVYSXFWdVhDZUhrY1lkcE1GT2prYmFXRXZFcGx6aVlXCldTTE1aQjBHWVkyZFdKMjlMZVhLZUw1ZVZjY0c5Nm1ZMUlxa3QxN3ZlK1JjVXVvQStmNTB2aklQQXRhdkxubnQKaG9ZVXRaUnZncTZVZ2dyVXZUcERucENFK1p2Wk9kMnVDc29wYXhMUFlLUnJyNlJwZU1SbWhROEYvbkZvOUlRMwpuWnZxUXVRS0pwb1I0cXNsazZYY3UyanpaczhIMHg4aWl0c3N0OVRkYW9EK3R0NkI4Wk43cmkybTVxeEhjNisrClZSa3pWSU1mNkJZU2J6NEdQREEzOWxGOFB4MEpxWGZrN05nR3V0QWNxOTBBYzkraTFuL0dhZHhLYnIwQ0F3RUEKQVFLQ0FnQllIU29jWnJtSXlGSTJJSjA5dTdrbWxJeCtPWEp2U0xDMWVIRDVoNU8wZUtkRzNyTkhIdVhGenVxNwp6NkVpQ2NaYjVkYlk2aTZoems5V0RMa2ZSQjhZRDFqK2pEb3VDaHBZOWlBUUJXSlVadTBzUFdrekQ2NjJQY0NpClpDdEVXOEdKS3RmMmJOY3JOcG9KWXJSRlR5NFZQTmNaeVczNjRLdU5EUnFZSXJ2NVk2U3JsS3BsbGwyWERPMWsKeElNQUc3bllNS1FyWGVLKzdGK1NkaFFYVVB3aUppTktLeEZYb09sOWV6MmRDQmI1Tm9Rd003SVpxRXF4YlpQRQo2ODI5ajd3OXVyOGhIS2tjSnBGRHVpRFlmY1NwdEE0c1l3cSs5ZTRVZHg5OEJxS1Z5RTMybXRlSkhIL2xPUmVMCkxPRzVqVW40eXpQSW1sa1hlbU9iaEM0ZTFsTWFYZlFwQjN5dzRPTHowemprR2g4b0M4UGNjR0RCNDJoQmdncXUKb1JqUms1eUNXNlFHekZkNStabW1Lb09IQXdQeFpCbU9INlBXTTNDczhqOVhkTUI1L09SOG5ycXFTSGU4RVZ6YwpHNHM2R1lURkpKeUlWOS9ORmxTVml4V3p3L0dCRTNKYXhENnQ1NGI5WmhKYmJ6TzQ0SW1FVGk1cldxeXlOYndJCnpRMGJQVFoyNkRnYWpka3UvbVFOZ2xzTTI1ejdxT3FEME1rUVBPRGZxUnExRDJuU0ZHQlc0NFRnZmV3YWs5VnMKdHZVN1gxMWFva0hKeStJU2lscVR5LzMyazd4MkdnQmhhYjQ3YlU4VkRpNDV5OCtlQWdjQk04SGpHdlJQeXhHMwpnRVJkNjJTTnFHclB6RUJFYmZzcGc0TWVTS2JSZ3NIam5rTXA5Sk10QVU2WjdSaEZTUUtDQVFFQS9RWSs4RVNECkpwZDdCajEvNHNVVXhmYldHTXVlNVJXOUZHUExxNDR4RWJVU056aXFsS0RqRU5vcnpmY1VHTzVVMy84VjB6Q2UKY1JNYkh0WFh6NEExcHNvV0dtSDVDZzRpYzJoMmFJY0ROQ0x6ZkN3NkxHUE45RjVFRDlwQlBYeCtidW1BUVJqTQp1bjBIZEhTVU1UTjljeFNVaEZOTmZQb1JsY0p2STdCa0lkbjZFY3gyNXpzaW1hUmJQV0ZGNHdzeXVKKzFnbVhXCmpCUjg3S01RZnNCLzZiVUQxRjR6VE9qT0FMdnc3Um12bmtuVWhjWjRPZmFrTERCUkVaY0YyQ3ZFYm1TYnRCOVgKOFFXUUY0TWU4ZjJHTTNuT0xYREF6WmFpaTMrdjlWWFVxQmhMcEh1Y0FyWVNQOHZqY21ZcHVRSDZNbmxwbnNsMwpDeDFFUndvRlVDUHNwd0tDQVFFQTFCTGw2dFhvcUh3ODVIcUtWZWlxWnNHQTIxa2ExMEhnT0U2NEtQSlpFc25XCkRoZ1Y3Zk1UTmVzUUNITHA3TEZUeitEVzYyaUtXRmI4WnE3OWJLNlZ0NGE5M3JNb2NjZmxsZFdlOGZMOVRBYlAKaFZsY25nNmhRNEdvTEpyMXRZUG9pRjFycUsxT0hWVGlGUDdlSlYxMlh0ZTN0ejY4ZEVlZ0RRb2ZsLzV5dnE4bwo4RHovUnlETU53MEJ6WGtzc01LYkY1UC9zc2wrdUQyR2RzbG1td1lOUm1TNHhJM3hwcnl3a0I4cTMrUXBrUStkCm1rdER2bjlMQ3FUVHRScW11Z05lUmxxRlRFRFZ4M1VjWlBPWkFoTDAybHlwRzNjcHd3V3dwMDhFekVXYk00Q0sKeVlzSEhUVjlTNC9pVWJqenFtMnRxZVB5a2dFcVNqNU56dGgvM28xQit3S0NBUUFwUExCYlJqODl0ZWgxL3VYdAoxb0xwTks1MkFoR1djbkdMZGl4R2ZIa2cwcXJ5VndqdUNqNlhpNGNpSFVlb1BJZVdyaU1uZFVBTlc3akswTDFJCmN6UExTQnBNR0hXWEh2Q2NjSVVEeWlWS2hQdTczQlZyRUtVTFU2V3lFN2NZUjBidjJweHRmNVkyT3BSUmRZS0YKZGtmV3pwN1o1aDIxNWFlaUNidEZUTVUxQXlxUFpneG02U3RkY1B6eHh2MjE0Q2hYRUtoclpSK1BXdk4xT2FwQgpqaXdLc2RhNjhOTlprSU9xZVBidUhZYVN2S09uWGM1UVhCTXJwSUJCNXFRc05BM2lsQUVRWFI5ZkI3SVJNdXlECk1mZUNRakxKRXh4SkpXaStaWVFPN3ZzbW5qY055cHVGa1pqdHp0UDEzQkttdFZ6S2h5RWdvT01HNjdFcUJzY1EKNVpuM0FvSUJBR1JYRExHdnhBVHp3MXZYSHR6RzJOa0ZkUkpUZG4raWk1UVlxc20wNExBakQwUmI0UVJVbmlKRQp0YkZKcmFSdndsZjQ2YmM0SHp6czZ6OHFUSDIvbk5iWXliMDB4MDRPWm5JZVFMWDVZaDgybWJsZUxwUWFGL0w0CnhibFZHQ3hwM1B1b04rZjNGNTZKS3U4RUo5ZEdBVnVlZFM0ZVlNd2psM2FUODU3V3BUUFRiR3MrY1FvV1dva3gKZmtqWnJHdDFxQ3ZmdW51OUdsZlJ4RzB2blh4N3dJd3QyNzRqNnRJWk5QRDd6aTFncHNvYnVWWG5ob1g3ZEdYMAoxclk1aGVrODdyNGExamJkOWtnSkFRWkN1NEpmdGJvYlhXZkJXZUVNTUNqNUdpd01Rd0o3THk5c3VGRDVuZTdDCmhUSmxiK1NUUURmQndtT1NhWS8zS3BsVGxpeVdhVUVDZ2dFQUpoeHdKeE12dHpQZTliVDU5NWFqVDN1aVpsQ1AKVTJIbTRtQUwrWlFZaG9hcGM5WWhnR2dhbDF0ZlJsNmxBd1pSdlFqSlF1enBoM2FSQlpGbkZaVUxCSjZ5QU9LKwozLy9FYUdrSXphU2tablAvUjFteklrVkExeWRHMG5mNTJONFJjdzEzV054R2phVFA3M0hqV2VydnVhNkt4N29jClR5WG42Tm9KSVpTQW8rT0liaU9lUVc1dlc2L0g5d0VTV1QyYmYwY0tGaGxmZDF0SE5OZHgzejFUVnloZ3FjLzEKNlNMbXpBUzdWeXRMeTBGRTF4azlNek9CMThRZFhWenQ3b051cFZjSzhOMmJZdWQxazh1UzloYTRqZ1BKbnY0SAovdGNiZjNna0h2QTV1VnRLWU9hVWc3WDF4NmhOaFRWN2JvdXRKays4ZndGVjZQS2pPRzF1Si9ic293PT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K + public.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZPekNDQXlPZ0F3SUJBZ0lVZlV6SllBSU1VZjUvS2R3VnpJNG0vUkJnaERNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0pqRUxNQWtHQTFVRUJoTUNXRmd4RnpBVkJnTlZCQU1NRG5Kb0xXUnpjQzFrWlhaekxtbHZNQjRYRFRJMApNRFF5TXpBd01UZ3pPVm9YRFRNME1EUXlNVEF3TVRnek9Wb3dKakVMTUFrR0ExVUVCaE1DV0ZneEZ6QVZCZ05WCkJBTU1EbTFoY21saFpHSXRjMlZqZFhKbE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0MKQWdFQTBadlp6aGNRQ0tQeE1VR2RtVS9GdmFIaFNZVHd0anI4bm4rV0ExQXFlLytXdTh1Sm9tUmRNRTZuZUlFcgptSXlUZHMvV0QrRnhhNkdIRGwzRTVzcmpuNUhYYmVhZTErRUJQSWlrVjlmaEtxQXN4OWZvZzRMb0JvSkVJYmcwCmo4S0ExZWp0dmtzRmU1OEp5em9xZStwbU45RklNQWJwUmk1Q3NtRUxYZGhPQkxlRmZBYXI3VE1lTm5uRTRWVzYKUnZHQTlORVQ1Mm5TRVNCcWNNa1IxZHhRRnpia29NYml0NndDU2g4UWo2eFZSdnpWeUc1OHJUcVFDNFpia2VidgprTVI5cm1lMWVhdUpOMUtlNnZtMGlOZXpnSEdESjNkSS8rQk9BSnNhMkxhMWRqMyt3MmRlSVNlbVhXb1JlTWl1CndNa0tvWXZqM0lZTDM3SU1icHpCaDFxdytWN202MlBBYTVtOC9kN0IyS0VLc0ZwWUNZaUlTTnNMaFJZL0w3dlIKSUxlaEVLeTBPRUN5NkhEcWxoRDRlWElxVnVYQ2VIa2NZZHBNRk9qa2JhV0V2RXBsemlZV1dTTE1aQjBHWVkyZApXSjI5TGVYS2VMNWVWY2NHOTZtWTFJcWt0MTd2ZStSY1V1b0ErZjUwdmpJUEF0YXZMbm50aG9ZVXRaUnZncTZVCmdnclV2VHBEbnBDRStadlpPZDJ1Q3NvcGF4TFBZS1JycjZScGVNUm1oUThGL25GbzlJUTNuWnZxUXVRS0pwb1IKNHFzbGs2WGN1Mmp6WnM4SDB4OGlpdHNzdDlUZGFvRCt0dDZCOFpON3JpMm01cXhIYzYrK1ZSa3pWSU1mNkJZUwpiejRHUERBMzlsRjhQeDBKcVhmazdOZ0d1dEFjcTkwQWM5K2kxbi9HYWR4S2JyMENBd0VBQWFOaE1GOHdId1lEClZSMGpCQmd3Rm9BVWwwdFg1QXVFY20yTkVjWnJlNUpIa0pqVStHQXdDUVlEVlIwVEJBSXdBREF4QmdOVkhSRUUKS2pBb2dpWnRZWEpwWVdSaUxuUmxjM1F0YldGeWFXRmtZaTV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiREFOQmdrcQpoa2lHOXcwQkFRc0ZBQU9DQWdFQVZtYzdjM2NFeTZnOEVSR0ZLNXZmZnd6UFVuS0hsbjZwa2RBdUxzYURLcjdMCm8zUEdqVTAwRW52MTBTU21HZGxVSFRqd1ZCMnpqUmNoU29LKzVaYUpGT213djF3RFNoRDJybmxDVTI4ZFZGNFEKRmpUc2ptcThoSnFMKy81T0FlSXZ1MkFZUXh6TVBHbHhiWVhoTm9GalB1RWdSKy9kV3d1SnN3Q3huRDRkVjRBSwpHSmRsRHBmSytjdnlMK09XYkowVXd1bnQyNjZya2M3a244LzM2bVg1Q1BuV0FLQWplYkxsU21mZjJGRlR0Tm15CkUwM3BZbVFlTWJvTjhmVVgvU3NTbjBldndubmt3NW1FaHl5RUVsQnZRU0U4SlhGdlN3bEJuMHdaQnYvQ2pSTHoKOHcvVmxQSGhWMmlxVkxZd2VKbklRV2RCb0d3MHFFSHpUSFEvVXhQQnNJdVFiMG5SazdueFdIUHR4MGRUQU9EYgpsQ1ZrUmg5KzBybWh2YU5ydjU1Vk5wanE4enRUVFRpQ1Jsd3FPdCsreWNrS092RE5YaXBtVi9tTWNtSXoxYXc2CmlJOHBIWXZnS1U5REdmejMvRnc0dXZHbjhESFkraWhBdXZieks2bjljWXBxTlFlMEYxQ0s4dGZ5RlhoV0pQYmMKbzVRbHI0Q3ZQRGhqcmVGSjBTQ2FWM3dyd3ZqbE84NkVZODkxaXJGYkhYcm1xQlhyb01IL24yenpCK1B0aGF0VApoeStMZDl3K2FvWG42a050VmpGWEJUMzREcWx2R3h4MjlPa0ZmK2dJZWxBS3ZDaGtpekxpYUkwbmh2aUJXbUpkClBnUmJjZmJqWjRZL1dYSjh3K2s0cDVzL3J4MndRN1JNVVJmc0RBdi90ZExkZEJRWWI1OG53Q1EzaElIQWRJTT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= +type: Opaque diff --git a/.github/resources/mariadb/deployment.yaml b/.github/resources/mariadb/deployment.yaml index 5c79d94e..05482299 100644 --- a/.github/resources/mariadb/deployment.yaml +++ b/.github/resources/mariadb/deployment.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: mariadb - image: quay.io/centos7/mariadb-103-centos7:ea07c0dade9571d78a272b453fd2dea92077dc7f + image: quay.io/centos7/mariadb-105-centos7:centos7 ports: - containerPort: 3306 readinessProbe: @@ -31,8 +31,7 @@ spec: - "-i" - "-c" - >- - MYSQL_PWD=$MYSQL_PASSWORD mysql -h 127.0.0.1 -u $MYSQL_USER -D - $MYSQL_DATABASE -e 'SELECT 1' + MYSQL_PWD=$MYSQL_PASSWORD mysql -u $MYSQL_USER -e 'SELECT 1' failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 @@ -68,7 +67,34 @@ spec: volumeMounts: - name: mariadb-persistent-storage mountPath: /var/lib/mysql + - name: mariadb-certs + mountPath: /.mariadb/certs + - name: tls-config + mountPath: /etc/my.cnf.d/z-custom-my.cnf + subPath: z-custom-my.cnf + - name: ca-bundle + mountPath: /.mariadb/certs/CAs volumes: + - name: mariadb-certs + secret: + secretName: mariadb-certs + items: + - key: public.crt + path: public.crt + - key: private.key + path: private.key + defaultMode: 420 - name: mariadb-persistent-storage persistentVolumeClaim: claimName: mariadb-test + - name: tls-config + configMap: + name: tls-config + defaultMode: 420 + - name: ca-bundle + configMap: + name: self-signed-ca + items: + - key: public.crt + path: public.crt + defaultMode: 420 diff --git a/.github/resources/mariadb/kustomization.yaml b/.github/resources/mariadb/kustomization.yaml index b62f2cc4..d7d2b046 100644 --- a/.github/resources/mariadb/kustomization.yaml +++ b/.github/resources/mariadb/kustomization.yaml @@ -6,3 +6,6 @@ resources: - pvc.yaml - secret.yaml - service.yaml + - certs-secret.yaml + - self-signed-ca-configmap.yaml + - tls-config-configmap.yaml diff --git a/.github/resources/mariadb/self-signed-ca-configmap.yaml b/.github/resources/mariadb/self-signed-ca-configmap.yaml new file mode 100644 index 00000000..fe7beaf6 --- /dev/null +++ b/.github/resources/mariadb/self-signed-ca-configmap.yaml @@ -0,0 +1,37 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: self-signed-ca + namespace: test-mariadb +data: + public.crt: | + -----BEGIN CERTIFICATE----- + MIIFLTCCAxWgAwIBAgIUbQHREiryzhsD5JHSCXocioe5nZQwDQYJKoZIhvcNAQEL + BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 + MDQxNjIxMTgzOFoXDTM0MDQxNDIxMTgzOFowJjELMAkGA1UEBhMCWFgxFzAVBgNV + BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC + AgEA+KcyWD91S2IPiFYhqlvoPV929moRx+FZV1BO4eukYWd56mckKhw7sSlnFNNP + FC/HnyROh5dKeNuP/qJi4VPfXRGqaDr2tGbuFanGnCRy4vtfgjWMT7/NzbZTzw9w + 8KiTqG0E1rxIU/FpLSWHgo+u+uOLZ2MoJd09+QSwZWPqDTeR2Kc8/3H+wSwmJrbk + 9XleOdttbDL1R+RWscNcnLyLX2/BqXmPE+ALHH+hFINmHbpm+D5GAjubUqlSyJjN + rvzrgnxoyPjmWzX6dyYxEz/WioUvc6c3UsDhH7KCoZcxpmNDjvwP2VVIeSAaRSBi + EEI69CXSDUGBKKBU2sTkr7Os6HEMS8zpVtStS7kOXth4wBFhJxVC17DlAUy3lBFe + MoSgw4rpVmiSqH75JlseUjdScuDcs6V+gkSTYXj19N2b4nE9Go229nGGvw2GLevN + VsT2bjZq8QURRnToiA/ATdm3T8HXsYUBvRdNt+h47spb9dgGsGqlrKeKYer3xngD + OkE8VrrvL8FJQD1YKeOpi6qtJAoUOBY/XMaD0buNGH0M0CCfts1nTbRqcNIWUXka + hZT8uY/0bqQIt7ELJYJK1LopFWdco6NeDMchYNu823rCTouRoUZE1+pEaJU/WBd1 + chkeRtrppcppaCfOpfg/dvnMrwbGLGBTdRo1Adej2Nv7aFsCAwEAAaNTMFEwHQYD + VR0OBBYEFJdLV+QLhHJtjRHGa3uSR5CY1PhgMB8GA1UdIwQYMBaAFJdLV+QLhHJt + jRHGa3uSR5CY1PhgMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB + ANTD/yGpKOP7OlJLh61cBpP7lq5GNP3z5+BPq0UU8noVmiSkfG8DUBX0nCd1FFX3 + 87cS+1knp6pW1SooxGD2xzmGxrlxeoltHlU1WuC1U2GSSlZJnBcfMzk0nWxNT6jk + 4K7sKOuk+0tUQ6v+qPpydZDiC3Pq7bPqqHz0wyw0SWRFBIL/UML+MOBxMMza8kZ6 + ucVSNdoaPKOvCcXxFsoD8f/ncOufBeW3JZtL832A60aSw8BEzxhm/t1gZHpiyxea + iNtE0IDy3+yte7J5g210n4tCxN4x3+nDAsiZ7O+ckcJwVRcT37hrQDVJkbih3e6Q + nlyf4OCRGXtOD6KvWhR7jgVdKMlnyBDzs9D8BfdI/99ijU/utJDsLySZsJE1lCuk + xOo44kbPvXs49Cr39DMW1YcS4COzqLamhQqpLiiqOYlqKud8UlCQ3kMFVQLqrTCz + 21z3i7MlIyRAoqPw3n5M9YWW2M7Oo48xRFTchbEnAk9ARlzGBJipwEUDDQZ7gMDp + JAsM2Fbu3Up3eyakUBjKYuWdmshm5QrCWzUiYGMuVgKarwFN4zV393KjtsqtGfBJ + eFWo51LzoK7sH3vq+zCSAGzHkHVEkMmn3mTJtMghmguX/vwRpxUEKmExwvJ6qvMo + Oza6GUl11howSA7rNnesv+brJOFJqAS48B1G7Mrl04od + -----END CERTIFICATE----- diff --git a/.github/resources/mariadb/tls-config-configmap.yaml b/.github/resources/mariadb/tls-config-configmap.yaml new file mode 100644 index 00000000..fab3cc69 --- /dev/null +++ b/.github/resources/mariadb/tls-config-configmap.yaml @@ -0,0 +1,16 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: tls-config + namespace: test-mariadb + managedFields: + - manager: kubectl-create + operation: Update + apiVersion: v1 +data: + z-custom-my.cnf: | + [mariadb] + ssl_cert = /.mariadb/certs/public.crt + ssl_key = /.mariadb/certs/private.key + ssl_capath = /.mariadb/certs/CAs + require_secure_transport = on diff --git a/.github/resources/minio/cabundle-configmap.yaml b/.github/resources/minio/cabundle-configmap.yaml new file mode 100644 index 00000000..c31a70e8 --- /dev/null +++ b/.github/resources/minio/cabundle-configmap.yaml @@ -0,0 +1,29 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + annotations: + service.beta.openshift.io/inject-cabundle: 'true' + name: config-service-cabundle + namespace: test-minio +data: + service-ca.crt: | + -----BEGIN CERTIFICATE----- + MIIDUTCCAjmgAwIBAgIIfb5THW7z1V0wDQYJKoZIhvcNAQELBQAwNjE0MDIGA1UE + Awwrb3BlbnNoaWZ0LXNlcnZpY2Utc2VydmluZy1zaWduZXJAMTcwNDgzNTI5MDAe + Fw0yNDAxMDkyMTIxMjlaFw0yNjAzMDkyMTIxMzBaMDYxNDAyBgNVBAMMK29wZW5z + aGlmdC1zZXJ2aWNlLXNlcnZpbmctc2lnbmVyQDE3MDQ4MzUyOTAwggEiMA0GCSqG + SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9CkH6LdzFqMSKNFAxPfsPJAXJekUJjts4 + I85PcL8bQpAFnswZoHyjfBbtw9QdLBFFxAS/3mPH9oTgBFYZY9sQmKXbdcjbQZ0C + LlqLIlK3yDoRg/NLBY0Sv0mbOdDrESaz2T0/HUkalM1e5+zuQluNy8MY+ysBuJjJ + CpmeGEpCNf7SfsP1j9VHpjFkBgMqCmLI0oKUH/Ez9MjwrA7yQnquW6a3QbNlm1T/ + UyulJejBdHuktwiEMuDc9BNumfGNU/OPV1zo5hz8WCpVunoXKEXqHODc29MxY3o9 + gBdeA4/dEJqsIbyBdqnphVS0duX7u+po+0GAaoVANMhcW48OGY0NAgMBAAGjYzBh + MA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTsuxk/ + WaxmQIo6OUsYm1ks6jAUBDAfBgNVHSMEGDAWgBTsuxk/WaxmQIo6OUsYm1ks6jAU + BDANBgkqhkiG9w0BAQsFAAOCAQEAdKkXhYTpJNTrlp0S8UIjLwAHTqWUQOHMoiPm + LYTzkWCA+yIhcwhw8Y+AbV6/hNEkQdkgVI+cexz1rkGm9Jxz1OL00mGunWgUMgJr + umu4qZnyS2ErpeaMqOZMKpeQmiwkwnT1OUdUAI8kJN21tQ+uD6F47QseJwdKTMc/ + YeZ7Zyo9LYJMWGKKlYYM/u7PDPwHZxT8v+15SXqR72eBM1kWNdVB5NeUK2bLxUok + 1RcDfiLDiVy3ctZqm4Tx4WTr/uRxsss0ctLdRvltF+kSgdAQFympeFgTF7MGsoft + OIfz84aEwS656SHPKBaqgPNYrnseSrpxtc30pfs7GUPG+FqFOQ== + -----END CERTIFICATE----- diff --git a/.github/resources/minio/certs-secret.yaml b/.github/resources/minio/certs-secret.yaml new file mode 100644 index 00000000..d4cae58a --- /dev/null +++ b/.github/resources/minio/certs-secret.yaml @@ -0,0 +1,9 @@ +kind: Secret +apiVersion: v1 +metadata: + name: minio-certs + namespace: test-minio +data: + private.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBcFlUMDliNWtvSUI1YklEenpwdzBEV0Irc3o2SUgwT0hMaXYyWWYrMG12cDV0MGNVCkh2eGNzVmdBZmJZN2pmOHdVblZmY2QzYytzdk5iOVgvY0djeDdza2g3eEQ2bE5tT1JxV3dsUnhUcS81ak1iZ2EKcVBHd3BHUi9ieW54bTFNSk9wRTkvdS82cnNaU1hLNDZVQm15L1QySisrQXIrSmV1ZTVaZTdnZjRuVzJSam8vcgpnb3orSEZWcVA3UDNOa2xiNHhEcS9XUWpkZU9xYWs1aWxhWGpyQnRmbVRKS2lOQ2Qxamd3YWthVlRndzQzeGZECnBSVzg0RlFHazhqQjRKTytaZDNCTzJUMngvTmJvbW95WkRlR3ErMkpScmhQVm9IRFdqaUtpS1JXRUlwdnlnbWEKRGVjZGpPdk96bG01Zis3eW9yWXkzTG5MbnQ3NnlCQXBqajVDN05QcGJFdkdTeHNzMm0yaDJOSVp2M3BjV2VhMwp5SlMvQmpwMXAwVUkvQnROZDMxRjFIbzVwVnNINFM1R2NNUnVyMFJNcURXU3pVWU8rNHZxT3RnRmRycGgxakwrClR6ZlZ1cUNuOFdQTThFWEY4dzJQclhrRnAzUW1OS1J3NzQ3T0dpczdPRHE1SDg1Lzd1ZllEQVFCNmlkdTVZUG8KblErYUR3L055a2ttSnVodGs3N1BmVU9lZDlPdXFDOVlhTTd3ZlA5eTloQW5yejFHemg1T1BzcGcyaVAwZ3MxRgpjTFBkUGlndHBTVEp6K1dOK1BPb1B6ancxOGpndU9TNEVQRENMcHpsTzBLRkR4aGxqbEJKZkE1VStPWkd2amMwCjRvN3dlamdOQ0N2VXh3aWhldTYySS9qSDZrZXB0dUVoUnc4TXhKWmtzRk1HZHVoYU5BMVh3WkZTWThjQ0F3RUEKQVFLQ0FnQUUzVUZ0cjJpNXBzenF1V2R3M1BwU29sRlc1ekdNNmFraFhEMWpaK1pnMzVlUUlWQ2dFSDZRMzZzMApCcFQ5ZVZCc08vTFFIOXNNcTh5ZnlzUTFBM05lTng3K0xadVBvRTBrR2w1MEkxNzZJUUc5UmxIU1FUZ1Z2TFphCkIvdUh1d3I4WTZSVXg2eXdVamU5YllsZExVUXJXUkdqQzFWL2VzV3Y4QjFlRlhIaS9vTldremd5bi80Znl3clMKVUhHbGNNWjRoOWpBRlo5TkthR3FlaDgva3A1OFFsbXU0T0Y3MzlXanBBY1lPSGJPMG1FaGZVdE1vTFRxU3MzZQpyZm0wcGVMa2ozM01SdzFSbHY5TWFKNk9mMnMveGoxUWpMNFlKcndjL0tobGw1N0g0YW1qWUdEY283d2tsaEYvCjB2YzJvVWtVS3hLWGxnWTc1d1dydDMzaEprZEZMbURPY3pzZUZjRUpGcFRuWWtiWUtLNEtrM2FqeDNpR09qeWQKKzRTb0ZkUzFjY3lOTTVWa0RCcXM0NEFSQUF6d29qNUkvc1FENjVhOThka3YvNE0zaktsLzYvS29NQVJTeWxYKwp4M1VKRXBhKzlnRFBUWDZtb2dkYVdkZTJUaStFTjNzUXluS2xtTTVFb3RTbVEwdDZGKzdQM29tcHlCc0Q4UnBvCjcyNVBVdTEyQjRMTnZobWJqVzMzOEhGMTVaS0JnTnFnYTVJazFzeGNHVTBpczQwWGxLQkdQRWZpcmFER3ZTbVcKMjNSYVVQZFM0K0prV3hKN1doWjcwOHVlV2VQa0tjMEk4ajR4cXkyellybVlYSWdITnVOT2kwZlkwVTQ0d080ZgpneDRhcEhKSjV6MllvekZkMWpRNVRSNVd1ZFExOFR6S1dZbTYrMm9BMGdTditEY0gwUUtDQVFFQTF3MXpOcDZ6CnhkdFYreHF5ai9oay9oWWlDQko0czlYdE1QeVFqODFBM09vZ1pZVENxZ1F2QXJQZSt6Nkh6KzRuWjNWenpiVkwKWXlEcTZyTVZ4YzhKSG1XR29WZmZCYjlua1pBTERtZ3QzSDNVKzlOZ2c3NVhtbjhockdmOEl2djkxOGRSam1lNQpCZDJuMUxBcGI3MklWcFNjQmhjcmZhODhpQnUybDBxRGZHaXRMWUprVVk0WWZrZXBldEFaajFJd1JJc29FSTlRClNmd00xdTM0QkF5UnRIWnJ0UzBaU01IUXh1RDlkLzNwaTJFb3pwM04rRXJsTE52Q3VmYmxOVUZ0UnZKYXBMaE4KRlFVQ2tDTmNpck8vYm05MDVmcEU2NGVVV2Zydjk4cHdvVVNPaUY4S1hlS2t3UThUam1QR0JLYmpUNGJWMFY3MwpKb1hGby9DeldmcnI4d0tDQVFFQXhRa09GQ1lXU1hrRDFXdUIwSmFIZVpiZGpTTnJQclhVNGNCTnQ4NkdpeHZ0Ck9Qdnp3WUpXZ3dnZEJvSmswYTkrSXFJamhMVUNWbnNGSHM0bzl6T2c3b1Zua1U2eHhINnd6N2hSQWE0UFNhdmQKb3kyamxJVThGb2ZydTJwK00zeTVUVzhVZGltRktXcUd1cm8zSDFWNkZkbUVEOUwvQm9ObjZnSVdvOTUyVk1sOQo5d0Z1OU04RjMvZHRnUXBDRmRRZkYyWXNXQXNvVkNtc0RwYkZ3TVl0RjRVblBIK2Z5bGxSZWJaMGZ1bHdKVkpRCnBoRU9ic3JYcnk1eGVsQXJ6RGZvdUdvamIreXJnQ05VSW1DNmVzNHZQcDN3KzAvZW5XeFlqalFRRURRYkRKYlUKUlhGdkdXN1dkcVZXVVhWN3M1eG9JUVZBaXphM0tpd2dRTXVMQ2dSQjNRS0NBUUVBdDdaRHdGdGZGQjFGbkZlNApSd2xaclQzWElMSTI3dHBINEZ0Q1c3WnFQTTY5a2p3UjJBL3U0UTRyNU5JTVQzTVJzbTVCMlcrUTBVUWpxeEFGCi80L1lLR0Z1MjVJbmNjK0xlR3huSlkyVjhCQ0d6QUpOSnY2SjgrKzdJbjlLZzlCbGo5bzBMOFVuNkh6c2pPTlkKNHA0MVJGRjc0REFXOVMyb05sWUdhOFE2QXlPaEhZbVFqYU1vQldqT3ZaM2MxL1RNU3lIZHZoZlA3UVFuSzh6cQozUHFuMWxSN3VyQ21NdU52cVJZM01qUjFPSjV0citSYk9rc3c4RnRrUkYxSWZYQkJIQ1NaanJIckY1UEtGcncrCnFEYlp5RXZxdnpSSGdEVzRaQTNjeGYvb3E3dlhUMlJ4aExiRExESG04UE1IREo1TS9Ya2dXOVlXcUpBS3dQdzEKR3g4aVJRS0NBUUE5MUFLVDlnT21XSkFJWjJ6YjNIQjBpZy9KbXlTckQvbldRVGJpQjYrV2RWUHlQcldWc21XZApSbTE5UG11T2xPZ2F6QkFqTTMyaFQ0Y2l6SVIwVmNJWk5zbHlBbVNzQ1NsSWRVa09JdVZ2TTd3ZjJWRnNhSWFiCmQxbFVmUzFPME1PQTlldFF6T1NaUTNFMXBQdHBITFJycU03VS9GdkVXblhBSzVtWklGUzNkR2JQbkthSnNYRGgKZjgzZjRTMHRsbHVQUnlPQkdUYzFlY0lnN2RUdUVnSFNVSmtvVmMvNWVoK2o5c29GalJFQTFSeXpqOFNjcFpBYQp5NU1XVTVQNnlFeUJtZVMyMldoVGxFSnhhekw1R0R3aEJRUzZoNnlPYjVJMlJVWUpINkNoU2E4Z2YyRGlkVEpkCkZyTElhdm8vT1VRL29GdEpsQWpUOWZiRS9sb0o4WjROQW9JQkFGR3hNclB1SiszanprbWpkM1NWUDFEeE9tc3kKRG1nV0h3d291eUlzemRZKzhGc3FIV3lrazdTTXlDKy9HZi9FaWlNSjRieDNmV1FWeEZCOHVGRmpMSG5tSlhUNgpLaXJGWG8rcEUvNDJXWVRYNFlZZ2xpL3pVUXlxMGtPa3JNVFZMZ3gyZjN2VHdmQkJzOE9ZSDBBQ1AyamNzV200ClpiYmN4NzZOM0NpMSthbW1JSTEyR3lQS2I1cmR4KzlpTkZsMzI3UFppUFV3R1Y3Z0tHeVp5azQxajhqeDJCcHEKMTlEVHZZa3o5MkloNkROOTlSTnZxRnFIZTF4UUN6SDlUY2lsTEYxcFQ3L01TeFc2b0Uwb0cyL0hFSVhaT0drWQpYV1pndDVOaEZQWW5YOHhJM1czL01CcDllSndkbldTQ0Y0L1pHdXQ1dEs1NDdUZnQyVlR3SG1nQ0NyWT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K + public.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZOVENDQXgyZ0F3SUJBZ0lVZlV6SllBSU1VZjUvS2R3VnpJNG0vUkJnaERRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0pqRUxNQWtHQTFVRUJoTUNXRmd4RnpBVkJnTlZCQU1NRG5Kb0xXUnpjQzFrWlhaekxtbHZNQjRYRFRJMApNRFF5TXpFM01Ua3pOVm9YRFRNME1EUXlNVEUzTVRrek5Wb3dKREVMTUFrR0ExVUVCaE1DV0ZneEZUQVRCZ05WCkJBTU1ERzFwYm1sdkxYTmxZM1Z5WlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUIKQUtXRTlQVytaS0NBZVd5QTg4NmNOQTFnZnJNK2lCOURoeTRyOW1IL3RKcjZlYmRIRkI3OFhMRllBSDIyTzQzLwpNRkoxWDNIZDNQckx6Vy9WLzNCbk1lN0pJZThRK3BUWmprYWxzSlVjVTZ2K1l6RzRHcWp4c0tSa2YyOHA4WnRUCkNUcVJQZjd2K3E3R1VseXVPbEFac3YwOWlmdmdLL2lYcm51V1h1NEgrSjF0a1k2UDY0S00vaHhWYWorejl6WkoKVytNUTZ2MWtJM1hqcW1wT1lwV2w0NndiWDVreVNvalFuZFk0TUdwR2xVNE1PTjhYdzZVVnZPQlVCcFBJd2VDVAp2bVhkd1R0azlzZnpXNkpxTW1RM2hxdnRpVWE0VDFhQncxbzRpb2lrVmhDS2I4b0ptZzNuSFl6cnpzNVp1WC91CjhxSzJNdHk1eTU3ZStzZ1FLWTQrUXV6VDZXeEx4a3NiTE5wdG9kalNHYjk2WEZubXQ4aVV2d1k2ZGFkRkNQd2IKVFhkOVJkUjZPYVZiQitFdVJuREVicTlFVEtnMWtzMUdEdnVMNmpyWUJYYTZZZFl5L2s4MzFicWdwL0ZqelBCRgp4Zk1OajYxNUJhZDBKalNrY08rT3pob3JPemc2dVIvT2YrN24yQXdFQWVvbmJ1V0Q2SjBQbWc4UHpjcEpKaWJvCmJaTyt6MzFEbm5mVHJxZ3ZXR2pPOEh6L2N2WVFKNjg5UnM0ZVRqN0tZTm9qOUlMTlJYQ3ozVDRvTGFVa3ljL2wKamZqenFEODQ4TmZJNExqa3VCRHd3aTZjNVR0Q2hROFlaWTVRU1h3T1ZQam1ScjQzTk9LTzhIbzREUWdyMU1jSQpvWHJ1dGlQNHgrcEhxYmJoSVVjUERNU1daTEJUQm5ib1dqUU5WOEdSVW1QSEFnTUJBQUdqWFRCYk1COEdBMVVkCkl3UVlNQmFBRkpkTFYrUUxoSEp0alJIR2EzdVNSNUNZMVBoZ01Ba0dBMVVkRXdRQ01BQXdMUVlEVlIwUkJDWXcKSklJaWJXbHVhVzh1ZEdWemRDMXRhVzVwYnk1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQgpBUXNGQUFPQ0FnRUFJM29zRDN0cG4yTzlKekxEaDl4ZkNWZnIySCtuU0hwejBqT29BYXZyc3hOZ3RjV3puS1hiClh5VHBSVmtVWldGWnVoUWlGRERVQUxpbXlhdiswakxrK0NiRkpFMDFsWDJmTzdMUXlMRTIwZmo4NGx1bkxkM04KenQyb1FpcVBuOGVSMlpleWdzNjQyUVFkYUFCZGFSWllmVG94cXd4UStrdm0yR2RHRUd4c1hTRGZrTWJzK2FJcQprT0JVeHIya2wzdlMraWJNaW0wQmNKUjhUMm1QYy9ZZ0J3Q2VmMUVCUE1BZkNGNDllcG1QSGFxQzRybFhGTW1mCmFDSWd6NjVFQVQwdldUUEFRWUlYYUtEQStmeElHTmEzZ2pYRHJMeVFIM1hlWDR0NjUrZGw2MEdSeEpVTFFTYzIKQjREbk9PVlBXd3N6d2hUZFhzQitEVUxhLzhSQTcvMyt4T2NxdFNRamVCbXpPOCsyLytYQWJBMXE1YUdmWUJhVwpLVGlWWTBKZ0NVb1hnNmtHQ2Fsa0lhWnBsTHhiMVBGZkUyVTFadEw2WFUvUDI0ZkpGdGVwbjFaZHQ5dmRuVVRsCkFnMjBlOWNtOXBRN2xLajVJTk5oMWV6bUdBWVBkc0pkdUJmOG9tTmd0MGkrZmdCWUt6SWxwcU5IMzh4STRIQncKRnBlbStXQmxJT3JIcTlZOG1HVWFSLzBNcDFLdXRDUmIyb0lGRHY1YUhPdlFRVTZOVnVob2s3bDl6dWNnME5hegpUZDdQbmUxdkdkUitDRTZXTkNkaXdKcHpNYkR2Vm5jV3M1RGhKeFRwUXo0M2Q1Nmlkd2tCbGpWSjVRWHZqY2xHClhCMU5VNnlDTEI0dEdhcVhKdElGNGVUNzlBOTZibFU4NHA0Z251YkMxc05ScWxvdlNybVVrV3M9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K +type: Opaque diff --git a/.github/resources/minio/deployment.yaml b/.github/resources/minio/deployment.yaml index ebcf3191..61f98f01 100644 --- a/.github/resources/minio/deployment.yaml +++ b/.github/resources/minio/deployment.yaml @@ -16,6 +16,22 @@ spec: - name: data persistentVolumeClaim: claimName: minio + - name: cabundle + configMap: + name: config-service-cabundle + items: + - key: service-ca.crt + path: public.crt + defaultMode: 420 + - name: minio-certs + secret: + secretName: minio-certs + items: + - key: public.crt + path: public.crt + - key: private.key + path: private.key + defaultMode: 420 containers: - resources: limits: @@ -44,11 +60,17 @@ spec: - name: data mountPath: /data subPath: minio + - name: minio-certs + mountPath: /.minio/certs + - name: cabundle + mountPath: /.minio/certs/CAs image: 'quay.io/minio/minio:RELEASE.2023-10-16T04-13-43Z' args: - server - /data - --console-address - ":9001" + - --certs-dir + - /.minio/certs strategy: type: Recreate diff --git a/.github/resources/minio/kustomization.yaml b/.github/resources/minio/kustomization.yaml index 73f80550..b14063ca 100644 --- a/.github/resources/minio/kustomization.yaml +++ b/.github/resources/minio/kustomization.yaml @@ -6,3 +6,5 @@ resources: - service.yaml - pvc.yaml - secret.yaml + - certs-secret.yaml + - cabundle-configmap.yaml diff --git a/.github/resources/tls/root-ca-configmap.yaml b/.github/resources/tls/root-ca-configmap.yaml new file mode 100644 index 00000000..d2770d30 --- /dev/null +++ b/.github/resources/tls/root-ca-configmap.yaml @@ -0,0 +1,36 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: root-ca +data: + public.crt: | + -----BEGIN CERTIFICATE----- + MIIFLTCCAxWgAwIBAgIUbQHREiryzhsD5JHSCXocioe5nZQwDQYJKoZIhvcNAQEL + BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 + MDQxNjIxMTgzOFoXDTM0MDQxNDIxMTgzOFowJjELMAkGA1UEBhMCWFgxFzAVBgNV + BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC + AgEA+KcyWD91S2IPiFYhqlvoPV929moRx+FZV1BO4eukYWd56mckKhw7sSlnFNNP + FC/HnyROh5dKeNuP/qJi4VPfXRGqaDr2tGbuFanGnCRy4vtfgjWMT7/NzbZTzw9w + 8KiTqG0E1rxIU/FpLSWHgo+u+uOLZ2MoJd09+QSwZWPqDTeR2Kc8/3H+wSwmJrbk + 9XleOdttbDL1R+RWscNcnLyLX2/BqXmPE+ALHH+hFINmHbpm+D5GAjubUqlSyJjN + rvzrgnxoyPjmWzX6dyYxEz/WioUvc6c3UsDhH7KCoZcxpmNDjvwP2VVIeSAaRSBi + EEI69CXSDUGBKKBU2sTkr7Os6HEMS8zpVtStS7kOXth4wBFhJxVC17DlAUy3lBFe + MoSgw4rpVmiSqH75JlseUjdScuDcs6V+gkSTYXj19N2b4nE9Go229nGGvw2GLevN + VsT2bjZq8QURRnToiA/ATdm3T8HXsYUBvRdNt+h47spb9dgGsGqlrKeKYer3xngD + OkE8VrrvL8FJQD1YKeOpi6qtJAoUOBY/XMaD0buNGH0M0CCfts1nTbRqcNIWUXka + hZT8uY/0bqQIt7ELJYJK1LopFWdco6NeDMchYNu823rCTouRoUZE1+pEaJU/WBd1 + chkeRtrppcppaCfOpfg/dvnMrwbGLGBTdRo1Adej2Nv7aFsCAwEAAaNTMFEwHQYD + VR0OBBYEFJdLV+QLhHJtjRHGa3uSR5CY1PhgMB8GA1UdIwQYMBaAFJdLV+QLhHJt + jRHGa3uSR5CY1PhgMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB + ANTD/yGpKOP7OlJLh61cBpP7lq5GNP3z5+BPq0UU8noVmiSkfG8DUBX0nCd1FFX3 + 87cS+1knp6pW1SooxGD2xzmGxrlxeoltHlU1WuC1U2GSSlZJnBcfMzk0nWxNT6jk + 4K7sKOuk+0tUQ6v+qPpydZDiC3Pq7bPqqHz0wyw0SWRFBIL/UML+MOBxMMza8kZ6 + ucVSNdoaPKOvCcXxFsoD8f/ncOufBeW3JZtL832A60aSw8BEzxhm/t1gZHpiyxea + iNtE0IDy3+yte7J5g210n4tCxN4x3+nDAsiZ7O+ckcJwVRcT37hrQDVJkbih3e6Q + nlyf4OCRGXtOD6KvWhR7jgVdKMlnyBDzs9D8BfdI/99ijU/utJDsLySZsJE1lCuk + xOo44kbPvXs49Cr39DMW1YcS4COzqLamhQqpLiiqOYlqKud8UlCQ3kMFVQLqrTCz + 21z3i7MlIyRAoqPw3n5M9YWW2M7Oo48xRFTchbEnAk9ARlzGBJipwEUDDQZ7gMDp + JAsM2Fbu3Up3eyakUBjKYuWdmshm5QrCWzUiYGMuVgKarwFN4zV393KjtsqtGfBJ + eFWo51LzoK7sH3vq+zCSAGzHkHVEkMmn3mTJtMghmguX/vwRpxUEKmExwvJ6qvMo + Oza6GUl11howSA7rNnesv+brJOFJqAS48B1G7Mrl04od + -----END CERTIFICATE----- diff --git a/.github/workflows/kind-integration.yml b/.github/workflows/kind-integration.yml index b3ab2fc6..9e2f919d 100644 --- a/.github/workflows/kind-integration.yml +++ b/.github/workflows/kind-integration.yml @@ -23,11 +23,11 @@ concurrency: env: IMAGE_REPO_DSPO: data-science-pipelines-operator DSPA_NAMESPACE: test-dspa - DSPA_EXTERNAL_NAMESPACE: test-dspa-external + DSPA_EXTERNAL_NAMESPACE: dspa-ext MINIO_NAMESPACE: test-minio MARIADB_NAMESPACE: test-mariadb DSPA_NAME: test-dspa - DSPA_EXTERNAL_NAME: test-dspa-external + DSPA_EXTERNAL_NAME: dspa-ext DSPA_DEPLOY_WAIT_TIMEOUT: 300 INTEGRATION_TESTS_DIR: ${{ github.workspace }}/tests DSPA_PATH: ${{ github.workspace }}/tests/resources/dspa-lite.yaml @@ -123,6 +123,12 @@ jobs: password=$(kubectl get secret ds-pipeline-db-test -n test-mariadb -o jsonpath="{.data.password}" | base64 --decode) kubectl create secret generic ds-pipeline-db-test --from-literal=password="$password" -n ${{ env.DSPA_EXTERNAL_NAMESPACE }} + - name: Apply rootCA ConfigMap + env: + RESOURCES_DIR: ${{ github.workspace }}/.github/resources + run: | + kubectl apply -f ${{ env.RESOURCES_DIR }}/tls/root-ca-configmap.yaml -n ${{ env.DSPA_EXTERNAL_NAMESPACE }} + - name: Run tests working-directory: ${{ github.workspace }} env: diff --git a/.gitleaks.toml b/.gitleaks.toml new file mode 100644 index 00000000..a6dd2d5b --- /dev/null +++ b/.gitleaks.toml @@ -0,0 +1,10 @@ +[allowlist] + description = "Allowlist for files and paths" + files = [ + ".github/resources/mariadb/certs-secret.yaml", + ".github/resources/mariadb/self-signed-ca-configmap.yaml", + ".github/resources/mariadb/tls-config-configmap.yaml", + ".github/resources/minio/certs-secret.yaml", + ".github/resources/minio/cabundle-configmap.yaml", + ".github/resources/tls/root-ca-configmap.yaml" + ] diff --git a/tests/resources/dspa-external-lite.yaml b/tests/resources/dspa-external-lite.yaml index 975d16f8..a86e2a7d 100644 --- a/tests/resources/dspa-external-lite.yaml +++ b/tests/resources/dspa-external-lite.yaml @@ -1,7 +1,7 @@ apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1 kind: DataSciencePipelinesApplication metadata: - name: test-dspa-external + name: dspa-ext spec: dspVersion: v2 apiServer: @@ -9,8 +9,8 @@ spec: enableOauth: false enableSamplePipeline: true cABundle: - configMapName: kube-root-ca.crt - configMapKey: ca.crt + configMapName: root-ca + configMapKey: public.crt resources: limits: cpu: 20m @@ -55,7 +55,7 @@ spec: cpu: 20m memory: 100Mi database: - customExtraParams: '{"tls":"false"}' + customExtraParams: '{"tls":"true"}' externalDB: host: mariadb.test-mariadb.svc.cluster.local port: "3306" @@ -74,4 +74,4 @@ spec: accessKey: accesskey secretKey: secretkey secretName: minio - scheme: http + scheme: https