Optional Installation Step: Configuring a Kubernetes Installation to Use CA Bundle

If you want to configure your Kubernetes installation to use CA certificates, use a ConfigMap.

A ConfigMap containing the required certificates can be mounted and referenced in your crane configuration.

While BlazeMeter provides auto-generated commands and configurations for easy installation of Docker and Kubernetes agents, we recommend using the manual installation approach when configuring a Kubernetes installation to use CA certificates.

Create a ConfigMap

The easiest way to create a ConfigMap for the purpose of using CA certificates in BlazeMeter is to create it from the certificate file:

$ kubectl create configmap <cm-name> --from-file=<cert-filename>

Tip: An example of creating ConfigMaps from files can be seen in this Kubernetes documentation.

In addition to the usual environment variables REQUEST_CA_BUNDLE and AWS_CA_BUNDLE, this approach requires another environment variable called KUBERNETES_CA_BUNDLE_MOUNT. The value of this environment variable takes the form of

<env var>=<cm-name>[=<subpath>]:<env var>=<cm-name>[=<subpath>]

where:

  • <env var> is the name of the environment variable you want to pass from crane to other components (REQUEST_CA_BUNDLE or AWS_CA_BUNDLE)
  • <cm-name> is the name of the ConfigMap mounted as volume in crane deployment
  • [=<subpath>] is the optional subpath of the certificate file.

Your environment variable configuration might look like this:

REQUESTS_CA_BUNDLE=/some/where.crt
AWS_CA_BUNDLE=/some/where-else.crt
KUBERNETES_CA_BUNDLE_MOUNT=REQUESTS_CA_BUNDLE=ConfigMapName=where.crt:AWS_CA_BUNDLE=ConfigMapName=where-else.crt

Note that REQUEST_CA_BUNDLE and AWS_CA_BUNDLE reference the file in the pod where the ConfigMap is mounted, and KUBERNETES_CA_BUNDLE_MOUNT may need to reference both the ConfigMap name and the subpath for both _CA_BUNDLE environment variables. If the subpath is missing, it will mount the whole ConfigMap as directory at the path in the value of respective env variable.

Use ConfigMap in Your Deployment

To use a ConfigMap in your deployment, reference it as a volume and then mount that volume.

Follow these steps:

  1. Follow the same process as for manually installing a Kubernetes agent.
  2. Add your ConfigMap name under the volumes section of the Pod specification. See an example in this Kubernetes Documentation.
  3. Add your ConfigMap data to a specific path in the volume. See an example in this Kubernetes Documentation.
    The full configuration looks like this:
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        role: role-crane
      name: crane
      namespace: <namespace_name>
    spec:
      replicas: 1
      selector:
        matchLabels:
          role: role-crane
          crane: ready
      strategy:
        type: Recreate
      template:
        metadata:
          labels:
            role: role-crane
            crane: ready
        spec:
          serviceAccountName: default
          automountServiceAccountToken: true
          containers:
          - env:
            - name: AUTH_TOKEN
              value: <auth_token>
            - name: HARBOR_ID
              value: <harbour_ID>
            - name: SHIP_ID
              value: <ship_ID>
            - name: CONTAINER_MANAGER_TYPE
              value: KUBERNETES
            - name: IMAGE_OVERRIDES
              value: '{}'
            - name: DOCKER_REGISTRY
              value: gcr.io/verdant-bulwark-278
            - name: AUTO_KUBERNETES_UPDATE
              value: 'true'
            - name: REQUEST_CA_BUNDLE
              value: /var/cm/where.crt
            - name: AWS_CA_BUNDLE
              value: /var/cm/where.crt
            - name: KUBERNETES_CA_BUNDLE_MOUNT
              value: REQUESTS_CA_BUNDLE=release-name-configmap=where.crt:AWS_CA_BUNDLE=release-name-configmap=where.crt
            image: gcr.io/verdant-bulwark-278/blazemeter/crane:latest-master
            imagePullPolicy: Always
            name: crane-container
            volumeMounts:
            - name: volume-cm
              mountPath: /var/cm
          volumes:
          - name: volume-cm
            configMap:
              name: <cm-name>
          restartPolicy: Always
          terminationGracePeriodSeconds: 30
    
  4. Once you have made the edits above, you can return to the Kubernetes installation steps to finish your installation.