From c088a305c902046123615e61d1b55b30c7b6f0b4 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 4 Jun 2026 08:51:16 +0200 Subject: [PATCH 1/7] Add support to set tls certificates --- custom_types.yaml | 7 +++++++ templates/kubernetes.yaml | 10 +++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/custom_types.yaml b/custom_types.yaml index d5a75290..5d54938d 100644 --- a/custom_types.yaml +++ b/custom_types.yaml @@ -753,6 +753,12 @@ node_types: required: no type: string default: "jhondoe@server.com" + tls_certificates: + required: no + type: map + entry_schema: + type: tosca.datatypes.grycap.TLSCertificate + default: {} public_dns_name: required: no type: string @@ -840,6 +846,7 @@ node_types: kube_nvidia_support: { get_property: [ SELF, nvidia_support ] } kube_cert_manager: { get_property: [ SELF, cert_manager ] } kube_cert_user_email: { get_property: [ SELF, cert_user_email ] } + kube_tls_certificates: { get_attribute: [ HOST, endpoint, tls_certificates ] } kube_public_dns_name: { get_property: [ SELF, public_dns_name ] } kube_public_additional_dns_names: { get_property: [ SELF, public_additional_dns_names ] } kube_cert_manager_challenge: { get_property: [ SELF, cert_manager_challenge ] } diff --git a/templates/kubernetes.yaml b/templates/kubernetes.yaml index 0bd5e6e5..7e594849 100644 --- a/templates/kubernetes.yaml +++ b/templates/kubernetes.yaml @@ -7,7 +7,7 @@ description: Deploy a Kubernetes Virtual Cluster. metadata: template_name: Kubernetes - template_version: "1.3.0" + template_version: "1.3.1" display_name: Deploy a Kubernetes Virtual Cluster icon: images/kubernetes.png order: 3 @@ -177,6 +177,12 @@ topology_template: type: string description: DNS name to set to the Kubernetes Front-end default: "" + kube_tls_certificates: + type: map + description: TLS certificates map keyed by DNS name (cert/key PEM) + entry_schema: + type: tosca.datatypes.grycap.TLSCertificate + default: {} kube_ingress_type: type: string @@ -236,6 +242,7 @@ topology_template: nvidia_support: { get_input: fe_kube_nvidia_support } cert_manager: { get_input: kube_cert_manager } cert_user_email: { get_input: kube_cert_user_email } + tls_certificates: { get_input: kube_tls_certificates } public_dns_name: { get_input: kube_public_dns_name} cri_runtime: { get_input: kube_cri_runtime } csi_driver: { get_input: kube_csi_driver } @@ -251,6 +258,7 @@ topology_template: endpoint: properties: dns_name: kubeserver + tls: true additional_dns_names: - { get_input: kube_public_dns_name} network_name: PUBLIC From 39ce794abd58e225cc84b5c26299e092d144c845 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 4 Jun 2026 08:59:28 +0200 Subject: [PATCH 2/7] Add support to set tls certificates --- templates/kubernetes.yaml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/templates/kubernetes.yaml b/templates/kubernetes.yaml index 7e594849..bfb6f6e3 100644 --- a/templates/kubernetes.yaml +++ b/templates/kubernetes.yaml @@ -177,12 +177,6 @@ topology_template: type: string description: DNS name to set to the Kubernetes Front-end default: "" - kube_tls_certificates: - type: map - description: TLS certificates map keyed by DNS name (cert/key PEM) - entry_schema: - type: tosca.datatypes.grycap.TLSCertificate - default: {} kube_ingress_type: type: string @@ -242,7 +236,7 @@ topology_template: nvidia_support: { get_input: fe_kube_nvidia_support } cert_manager: { get_input: kube_cert_manager } cert_user_email: { get_input: kube_cert_user_email } - tls_certificates: { get_input: kube_tls_certificates } + tls_certificates: { get_attribute: [ HOST, endpoint, tls_certificates ] } public_dns_name: { get_input: kube_public_dns_name} cri_runtime: { get_input: kube_cri_runtime } csi_driver: { get_input: kube_csi_driver } From 8a68e8267c47f78a6b3381f02c275ece8f6198cf Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 4 Jun 2026 09:01:01 +0200 Subject: [PATCH 3/7] Add support to set tls certificates --- custom_types.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/custom_types.yaml b/custom_types.yaml index 5d54938d..728f96a9 100644 --- a/custom_types.yaml +++ b/custom_types.yaml @@ -846,7 +846,7 @@ node_types: kube_nvidia_support: { get_property: [ SELF, nvidia_support ] } kube_cert_manager: { get_property: [ SELF, cert_manager ] } kube_cert_user_email: { get_property: [ SELF, cert_user_email ] } - kube_tls_certificates: { get_attribute: [ HOST, endpoint, tls_certificates ] } + kube_tls_certificates: { get_property: [ SELF, tls_certificates ] } kube_public_dns_name: { get_property: [ SELF, public_dns_name ] } kube_public_additional_dns_names: { get_property: [ SELF, public_additional_dns_names ] } kube_cert_manager_challenge: { get_property: [ SELF, cert_manager_challenge ] } From 61e308baf17981496577ef802faa92620dcb2c25 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 4 Jun 2026 09:12:50 +0200 Subject: [PATCH 4/7] Add support to set tls certificates --- templates/kubernetes.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/templates/kubernetes.yaml b/templates/kubernetes.yaml index bfb6f6e3..ce7940b0 100644 --- a/templates/kubernetes.yaml +++ b/templates/kubernetes.yaml @@ -7,7 +7,7 @@ description: Deploy a Kubernetes Virtual Cluster. metadata: template_name: Kubernetes - template_version: "1.3.1" + template_version: "1.4.0" display_name: Deploy a Kubernetes Virtual Cluster icon: images/kubernetes.png order: 3 @@ -210,6 +210,13 @@ topology_template: default: false constraints: - valid_values: [ false, true ] + + kube_gen_tls_certificates: + type: boolean + description: Flag to generate self-signed TLS certificates for the cluster + default: false + constraints: + - valid_values: [ false, true ] node_templates: @@ -252,7 +259,7 @@ topology_template: endpoint: properties: dns_name: kubeserver - tls: true + tls: { get_input: kube_gen_tls_certificates } additional_dns_names: - { get_input: kube_public_dns_name} network_name: PUBLIC From 8bafeddf2b1674c8f114af426818f910317ef741 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 4 Jun 2026 09:18:01 +0200 Subject: [PATCH 5/7] Fix lint --- templates/kubernetes.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/kubernetes.yaml b/templates/kubernetes.yaml index ce7940b0..8bfc48df 100644 --- a/templates/kubernetes.yaml +++ b/templates/kubernetes.yaml @@ -210,7 +210,7 @@ topology_template: default: false constraints: - valid_values: [ false, true ] - + kube_gen_tls_certificates: type: boolean description: Flag to generate self-signed TLS certificates for the cluster From 896957fd9d14675221c417c6ac416c17745a1132 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 4 Jun 2026 09:21:43 +0200 Subject: [PATCH 6/7] Set k8s_tls branch in import --- templates/kubernetes.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/kubernetes.yaml b/templates/kubernetes.yaml index 8bfc48df..852eff6c 100644 --- a/templates/kubernetes.yaml +++ b/templates/kubernetes.yaml @@ -1,7 +1,7 @@ tosca_definitions_version: tosca_simple_yaml_1_0 imports: - - grycap_custom_types: https://raw.githubusercontent.com/grycap/tosca/main/custom_types.yaml + - grycap_custom_types: https://raw.githubusercontent.com/grycap/tosca/k8s_tls/custom_types.yaml description: Deploy a Kubernetes Virtual Cluster. From 295c6406d2234a11200be56e02f93b61dedda56e Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 4 Jun 2026 09:32:53 +0200 Subject: [PATCH 7/7] Use my tosca-parser branch --- .github/workflows/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 0b87b2b7..7b55f4be 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -21,7 +21,7 @@ jobs: python-version: '3.10' - name: Install dependencies - run: pip install --no-color tosca-parser yamllint + run: pip install --no-color git+https://github.com/micafer/tosca-parser@im yamllint - name: Check Yamllint in templates run: |