If you want to configure your Kubernetes installation to use CA certificates, use a ConfigMap.
A ConfigMap containing the required certificates can be mounted and referenced in your crane configuration.
While BlazeMeter provides auto-generated commands and configurations for easy installation of Docker and Kubernetes agents, we recommend using the manual installation approach when configuring a Kubernetes installation to use CA certificates.
Create a ConfigMap
The easiest way to create a ConfigMap for the purpose of using CA certificates in BlazeMeter is to create it from the certificate file:
$ kubectl create configmap <cm-name> --from-file=<cert-filename>
Tip: An example of creating ConfigMaps from files can be seen in this Kubernetes documentation.
In addition to the usual environment variables REQUEST_CA_BUNDLE and AWS_CA_BUNDLE, this approach requires another environment variable called KUBERNETES_CA_BUNDLE_MOUNT. The value of this environment variable takes the form of
<env var>=<cm-name>[=<subpath>]:<env var>=<cm-name>[=<subpath>]
where:
<env var>is the name of the environment variable you want to pass from crane to other components (REQUEST_CA_BUNDLE or AWS_CA_BUNDLE)<cm-name>is the name of the ConfigMap mounted as volume in crane deployment[=<subpath>]is the optional subpath of the certificate file.
Your environment variable configuration might look like this:
REQUESTS_CA_BUNDLE=/some/where.crt
AWS_CA_BUNDLE=/some/where-else.crt
KUBERNETES_CA_BUNDLE_MOUNT=REQUESTS_CA_BUNDLE=ConfigMapName=where.crt:AWS_CA_BUNDLE=ConfigMapName=where-else.crt
Note that REQUEST_CA_BUNDLE and AWS_CA_BUNDLE reference the file in the pod where the ConfigMap is mounted, and KUBERNETES_CA_BUNDLE_MOUNT may need to reference both the ConfigMap name and the subpath for both _CA_BUNDLE environment variables. If the subpath is missing, it will mount the whole ConfigMap as directory at the path in the value of respective env variable.
Use ConfigMap in Your Deployment
To use a ConfigMap in your deployment, reference it as a volume and then mount that volume.
Follow these steps:
- Follow the same process as for manually installing a Kubernetes agent.
-
Add your ConfigMap name under the
volumessection of the Pod specification. See an example in this Kubernetes Documentation. - Add your ConfigMap data to a specific path in the volume. See an example in this Kubernetes Documentation.
The full configuration looks like this:apiVersion: apps/v1 kind: Deployment metadata: labels: role: role-crane name: crane namespace: <namespace_name> spec: replicas: 1 selector: matchLabels: role: role-crane crane: ready strategy: type: Recreate template: metadata: labels: role: role-crane crane: ready spec: serviceAccountName: default automountServiceAccountToken: true containers: - env: - name: AUTH_TOKEN value: <auth_token> - name: HARBOR_ID value: <harbour_ID> - name: SHIP_ID value: <ship_ID> - name: CONTAINER_MANAGER_TYPE value: KUBERNETES - name: IMAGE_OVERRIDES value: '{}' - name: DOCKER_REGISTRY value: gcr.io/verdant-bulwark-278 - name: AUTO_KUBERNETES_UPDATE value: 'true' - name: REQUEST_CA_BUNDLE value: /var/cm/where.crt - name: AWS_CA_BUNDLE value: /var/cm/where.crt - name: KUBERNETES_CA_BUNDLE_MOUNT value: REQUESTS_CA_BUNDLE=release-name-configmap=where.crt:AWS_CA_BUNDLE=release-name-configmap=where.crt image: gcr.io/verdant-bulwark-278/blazemeter/crane:latest-master imagePullPolicy: Always name: crane-container volumeMounts: - name: volume-cm mountPath: /var/cm volumes: - name: volume-cm configMap: name: <cm-name> restartPolicy: Always terminationGracePeriodSeconds: 30 - Once you have made the edits above, you can return to the Kubernetes installation steps to finish your installation.
0 Comments