Skip to content

Commit 56e7466

Browse files
committed
add grpc-client for testing
Signed-off-by: clyang82 <chuyang@redhat.com>
1 parent 4398944 commit 56e7466

File tree

4 files changed

+44
-12
lines changed

4 files changed

+44
-12
lines changed

charts/maestro-server/templates/deployment.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ spec:
5858
secret:
5959
secretName: maestro-https-certs
6060
{{- end }}
61-
{{- if .Values.server.grpc.tls.enabled }}
61+
{{- if and .Values.server.grpc.enabled .Values.server.grpc.tls.enabled }}
6262
- name: maestro-grpc-cert
6363
secret:
6464
secretName: maestro-grpc-cert
@@ -125,7 +125,7 @@ spec:
125125
mountPath: /secrets/https-certs
126126
readOnly: true
127127
{{- end }}
128-
{{- if .Values.server.grpc.tls.enabled }}
128+
{{- if and .Values.server.grpc.enabled .Values.server.grpc.tls.enabled }}
129129
- name: maestro-grpc-cert
130130
mountPath: /secrets/maestro-grpc-cert
131131
readOnly: true
@@ -158,10 +158,10 @@ spec:
158158
- --https-cert-file=/secrets/https-certs/tls.crt
159159
- --https-key-file=/secrets/https-certs/tls.key
160160
{{- end }}
161-
{{- if .Values.server.grpc.tls.enabled }}
162-
- --grpc-server-tls-cert-file={{ .Values.server.grpc.tls.certFile }}
163-
- --grpc-server-tls-key-file={{ .Values.server.grpc.tls.keyFile }}
164-
- --grpc-server-client-ca-file={{ .Values.server.grpc.tls.clientCAFile }}
161+
{{- if and .Values.server.grpc.enabled .Values.server.grpc.tls.enabled }}
162+
- --grpc-tls-cert-file={{ .Values.server.grpc.tls.certFile }}
163+
- --grpc-tls-key-file={{ .Values.server.grpc.tls.keyFile }}
164+
- --grpc-client-ca-file={{ .Values.server.grpc.tls.clientCAFile }}
165165
{{- end }}
166166
{{- if and (eq .Values.messageBroker.type "grpc") .Values.grpc.tls.enabled }}
167167
- --grpc-broker-tls-cert-file={{ .Values.grpc.tls.certFile }}

charts/maestro-server/templates/grpc.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
{{- if and (eq .Values.messageBroker.type "grpc") .Values.grpc.enabled -}}
2-
32
---
43
apiVersion: v1
54
kind: Secret

test/setup/deploy_server.sh

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,11 @@ server:
7070
grpc:
7171
enabled: true
7272
bindPort: 8090
73+
tls:
74+
enabled: ${tls_enable}
75+
certFile: /secrets/maestro-grpc-cert/server.crt
76+
keyFile: /secrets/maestro-grpc-cert/server.key
77+
clientCAFile: /secrets/maestro-grpc-cert/ca.crt
7378
metrics:
7479
bindPort: 8080
7580
https:
@@ -86,11 +91,6 @@ service:
8691
port: 8000
8792
nodePort: 30080
8893
grpc:
89-
tls:
90-
enabled: ${tls_enable}
91-
certFile: /secrets/maestro-grpc-cert/server.crt
92-
keyFile: /secrets/maestro-grpc-cert/server.key
93-
clientCAFile: /secrets/maestro-grpc-cert/ca.crt
9494
type: NodePort
9595
port: 8090
9696
nodePort: 30090
@@ -173,6 +173,11 @@ kubectl wait deploy/maestro -n $namespace --for condition=Available=True --timeo
173173
# TODO use maestro service health check to ensure the service ready
174174
sleep 30 # wait 30 seconds for the service ready
175175

176+
if [ "$tls_enable" = "true" ]; then
177+
# deploy grpc-client-token for testing
178+
kubectl apply -f "${PWD}/test/setup/grpc-client" -n ${namespace}
179+
fi
180+
176181
# Expose the RESTAPI and gRPC service hosts
177182
# HTTPS is enabled unless Istio is enabled (Istio handles mTLS)
178183
if [ "$enable_istio" = "true" ]; then
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRoleBinding
3+
metadata:
4+
name: grpc-pub-sub
5+
roleRef:
6+
apiGroup: rbac.authorization.k8s.io
7+
kind: ClusterRole
8+
name: grpc-pub-sub
9+
subjects:
10+
- kind: User
11+
name: grpc-client
12+
apiGroup: rbac.authorization.k8s.io
13+
- kind: ServiceAccount
14+
name: grpc-client
15+
namespace: maestro
16+
---
17+
apiVersion: v1
18+
kind: ServiceAccount
19+
metadata:
20+
name: grpc-client
21+
---
22+
apiVersion: v1
23+
kind: Secret
24+
metadata:
25+
name: grpc-client-token
26+
annotations:
27+
kubernetes.io/service-account.name: grpc-client
28+
type: kubernetes.io/service-account-token

0 commit comments

Comments
 (0)