784aad7778
This change adds support for mTLS authentication when connecting through
proxies that require client certificates (e.g., corporate proxies like Kraken).
Changes:
- Add ProxyTLSConfig type with fields for:
- clientCertSecretRef: K8s secret with tls.crt and tls.key
- caCertSecretRef: K8s secret with ca.crt
- caCertConfigMapRef: ConfigMap with ca.crt (alternative)
- insecureSkipVerify: Skip server cert verification (testing only)
- Update ProxyServerConfig to include optional TLS configuration
- Add proxyTLSVolumesAndMounts helper to create volumes and mounts
for proxy TLS certificates
- Update listener pod creation to mount proxy TLS certs at
/etc/proxy-tls/{http,https}-proxy/{client,ca}/
- Update runner pod creation to mount proxy TLS certs
- Update Helm values.yaml with mTLS configuration examples
- Update Helm templates to pass TLS config to CRD
- Regenerate CRDs with new ProxyTLSConfig schema
Note: This provides the infrastructure to mount certificates. The actual
TLS client configuration in ghalistener requires corresponding changes
in the github.com/actions/scaleset library to use these certificates.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| ci | ||
| templates | ||
| tests | ||
| .helmignore | ||
| Chart.yaml | ||
| values.yaml | ||