Skip to content

add values for certificates and mtls #39

add values for certificates and mtls

add values for certificates and mtls #39

Workflow file for this run

name: Lint & Test Charts
on: pull_request
jobs:
pull_request:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v4
- name: Set up kubectl
uses: azure/setup-kubectl@v4
- uses: actions/setup-python@v5
with:
python-version: 3.13
- name: Set up chart-testing
uses: helm/[email protected]
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
if [[ -n "$changed" ]]; then
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Run chart-testing (lint)
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --target-branch ${{ github.event.repository.default_branch }}
- name: Create kind cluster
if: steps.list-changed.outputs.changed == 'true'
uses: helm/kind-action@v1
- name: Generate Certificate for TLS testing
run: |
mkdir /tmp/certificates
cd /tmp/certificates
mkdir -p ca/private
chmod 700 ca/private
# Generate CA
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout ca/private/ca_key.pem -out ca/ca_cert.pem -subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=example.com"
# Create server private key and certificate request
mkdir -p server/private
chmod 700 ca/private
openssl genrsa -out server/private/server_key.pem 4096
openssl req -new -key server/private/server_key.pem -out server/server.csr -subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=WarpStream Agent" -addext 'subjectAltName = DNS:playground-sts-cert.default.svc.cluster.local, DNS:*.playground-sts-cert-headless.default.svc.cluster.local'
# Create client private key and certificate request
mkdir -p client/private
chmod 700 client/private
openssl genrsa -out client/private/client_key.pem 4096
openssl req -new -key client/private/client_key.pem -out client/client.csr -subj "/C=US/ST=Acme State/L=Acme City/O=Acme Inc./CN=WarpStream Client"
# Generate certificates
openssl x509 -req -days 1460 -in server/server.csr -CA ca/ca_cert.pem -CAkey ca/private/ca_key.pem -CAcreateserial -out server/server_cert.pem -copy_extensions copyall
openssl x509 -req -days 1460 -in client/client.csr -CA ca/ca_cert.pem -CAkey ca/private/ca_key.pem -CAcreateserial -out client/client_cert.pem -copy_extensions copyall
kubectl create secret tls ci-certificate --cert=server/server_cert.pem --key=server/private/server_key.pem
kubectl create secret tls ci-certificate-client --cert=client/client_cert.pem --key=client/private/client_key.pem
kubectl create secret generic ci-certificate-ca --from-file=ca.crt=ca/ca_cert.pem
- name: Run chart-testing (install)
if: steps.list-changed.outputs.changed == 'true'
run: ct install --namespace default --target-branch ${{ github.event.repository.default_branch }} --upgrade --skip-missing-values