Skip to content

feat: enhance worker deployments with additional packages and CA certificates #1626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

feat: enhance worker deployments with additional packages and CA certificates #1626

wants to merge 5 commits into from

Conversation

patsevanton
Copy link
Contributor

@patsevanton patsevanton commented Dec 8, 2024
edited
Loading

This pull request introduces several enhancements to the Sentry worker deployments:

  1. Additional Package Installation:

    • Workers now have the capability to install additional Python packages during startup. This is controlled by the installAdditionalPackages flag in the values.yaml file.
    • The following packages are installed if the flag is disabled:
      • django-multidb-router
      • sentry-nodestore-elastic
      • sentry-s3-nodestore (from a specific release)

  2. CA Certificates Management:

    • Workers can now manage custom CA certificates by mounting a secret containing the certificates to /usr/local/share/ca-certificates/.
    • The certificates are then copied to the appropriate location and updated using update-ca-certificates.
    • This feature is controlled by the caCertificatesSecret field in the values.yaml file.

Changes

  • Deployment Templates:

    • Modified the command and args sections in the worker deployment templates to include a bash script that handles the installation of additional packages and CA certificates.
    • Added volume mounts and volume definitions for the CA certificates secret.

  • Values Configuration:

    • Introduced new configuration options in the values.yaml file:
      • sentry.worker.installAdditionalPackages: Boolean flag to enable/disable the installation of additional packages.
      • sentry.worker.caCertificatesSecret: Name of the secret containing custom CA certificates.

Check pip packages

pip list | grep -E 'django|nodestore'
django-crispy-forms                1.14.0
django_csp                         3.8
django-multidb-router              0.10
django-pg-zero-downtime-migrations 0.13
djangorestframework                3.15.2
sentry-nodestore-elastic           1.0.1
sentry-s3-nodestore                1.0.3

Check certificates

import os
import ssl
import certifi
import re
from cryptography import x509
from cryptography.hazmat.backends import default_backend

def list_certificates():
    # Get the path to the cacert.pem file
    cacert_path = certifi.where()

    # Open the file containing the certificates
    with open(cacert_path, 'r') as f:
        pem_data = f.read()

    # Use a regular expression to extract certificates
    certificate_pattern = re.compile(r'-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----', re.DOTALL)
    certificates = certificate_pattern.findall(pem_data)

    # Display information about each certificate
    for i, cert_pem in enumerate(certificates):
        try:
            # Load and parse the certificate
            cert = x509.load_pem_x509_certificate(cert_pem.encode(), default_backend())
            subject = cert.subject
            issuer = cert.issuer
            not_valid_before = cert.not_valid_before
            not_valid_after = cert.not_valid_after

            # Print certificate information
            print(f"Certificate #{i + 1}:")
            print(f"  Subject: {subject}")
            print(f"  Issuer: {issuer}")
            print(f"  Valid from: {not_valid_before}")
            print(f"  Valid until: {not_valid_after}")
            print()
        except Exception as e:
            # Print error message if there's an issue with the certificate
            print(f"Error processing certificate #{i + 1}: {e}")

# Example usage
list_certificates()

adonskoy
adonskoy suggested changes Dec 8, 2024
View reviewed changes
@tuandang-diag
Copy link

Can someone continue this PR? @patsevanton @adonskoy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adonskoy adonskoy adonskoy requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@patsevanton @tuandang-diag @adonskoy