@flowfuse/driver-kubernetes 1.15.1-51d5f79-202312211334.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ #### 2.0.0: Release
2
+
3
+ - Add support for using cert manager (#131) @hardillb
4
+
1
5
  #### 1.15.0: Release
2
6
 
3
7
  - #3174: Enable Multi-Core CPU Support for Node-RED Projects (#129) @elenaviter
package/README.md CHANGED
@@ -17,6 +17,7 @@ driver:
17
17
  projectNamespace: flowforge
18
18
  cloudProvider: aws
19
19
  privateCA: ff-ca-certs
20
+ certManagerIssuer: lets-encrypt
20
21
  k8sDelay: 1000
21
22
  k8sRetries: 10
22
23
  ```
@@ -28,6 +29,7 @@ should run on
28
29
  - `cloudProvider` can be left unset for none `aws` deployments. This triggers the adding of
29
30
  AWS EKS specific annotation for ALB Ingress.
30
31
  - `privateCA` name of ConfigMap holding PEM CA Cert Bundle (file name `certs.pem`) Optional
32
+ - `certManagerIssuer` name of the ClusterIssuer to use to create HTTPS certs for instances (default not set)
31
33
  - `k8sRetries` how many times to retry actions against the K8s API
32
34
  - `k8sDelay` how long to wait (in ms) between retries to the K8s API
33
35
 
package/kubernetes.js CHANGED
@@ -360,6 +360,18 @@ const createIngress = async (project, options) => {
360
360
 
361
361
  const localIngress = JSON.parse(JSON.stringify(ingressTemplate))
362
362
 
363
+ if (this._certManagerIssuer) {
364
+ localIngress.metadata.annotations['cert-manager.io/cluster-issuer'] = this._certManagerIssuer
365
+ localIngress.spec.tls = [
366
+ {
367
+ hosts: [
368
+ url.host
369
+ ],
370
+ secretName: project.safeName
371
+ }
372
+ ]
373
+ }
374
+
363
375
  // process annotations with potential replacements
364
376
  Object.keys(localIngress.metadata.annotations).forEach((key) => {
365
377
  localIngress.metadata.annotations[key] = mustache(localIngress.metadata.annotations[key], exposedData)
@@ -593,6 +605,7 @@ module.exports = {
593
605
  this._namespace = this._app.config.driver.options.projectNamespace || 'flowforge'
594
606
  this._k8sDelay = this._app.config.driver.options.k8sDelay || 1000
595
607
  this._k8sRetries = this._app.config.driver.options.k8sRetries || 10
608
+ this._certManagerIssuer = this._app.config.driver.options._certManagerIssuer
596
609
 
597
610
  const kc = new k8s.KubeConfig()
598
611
 
@@ -753,6 +766,14 @@ module.exports = {
753
766
  this._app.log.error(`[k8s] Project ${project.id} - error deleting ingress: ${err.toString()}`)
754
767
  }
755
768
 
769
+ if (this._certManagerIssuer) {
770
+ try {
771
+ await this._k8sApi.deleteNamespacedSecret(project.safeName, this._namespace)
772
+ } catch (err) {
773
+ this._app.log.error(`[k8s] Project ${project.id} - error deleting tls secret: ${err.toString()}`)
774
+ }
775
+ }
776
+
756
777
  // Note that, regardless, the main objective is to delete deployment (runnable)
757
778
  // Even if some k8s resources like ingress or service are still not deleted (maybe because of
758
779
  // k8s service latency), the most important thing is to get to deployment.
@@ -851,6 +872,13 @@ module.exports = {
851
872
  } catch (err) {
852
873
  this._app.log.error(`[k8s] Project ${project.id} - error deleting ingress: ${err.toString()}`)
853
874
  }
875
+ if (this._certManagerIssuer) {
876
+ try {
877
+ await this._k8sApi.deleteNamespacedSecret(project.safeName, this._namespace)
878
+ } catch (err) {
879
+ this._app.log.error(`[k8s] Project ${project.id} - error deleting tls secret: ${err.toString()}`)
880
+ }
881
+ }
854
882
  try {
855
883
  if (project.safeName.match(/^[0-9]/)) {
856
884
  await this._k8sApi.deleteNamespacedService('srv-' + project.safeName, this._namespace)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@flowfuse/driver-kubernetes",
3
- "version": "1.15.1-51d5f79-202312211334.0",
3
+ "version": "2.0.0",
4
4
  "description": "Kubernetes driver for FlowFuse",
5
5
  "main": "kubernetes.js",
6
6
  "scripts": {