feat: Use Cert Manager to Create Certificates for News Aggregator Server

Dockerfile

@@ -19,13 +19,10 @@ RUN go build -o go-gator .
 FROM alpine:3.20
 
 ENV PORT=443
-ENV CERT_FILE=/app/cmd/server/certs/certificate.pem
-ENV CERT_KEY=/app/cmd/server/certs/key.pem
 ENV STORAGE_PATH=./data
 
+COPY --from=build /app/cmd/server/certs ./cmd/server/certs
 COPY --from=build /app/cmd/parsers/data $STORAGE_PATH
 COPY --from=build /app/go-gator .
-COPY --from=build $CERT_FILE $CERT_FILE
-COPY --from=build $CERT_KEY $CERT_KEY
 
-ENTRYPOINT /go-gator -p=$PORT -c=$CERT_FILE -k=$CERT_KEY -fs=$STORAGE_PATH
+ENTRYPOINT /go-gator -p=$PORT -fs=$STORAGE_PATH

cmd/server/certs/.gitignore

@@ -0,0 +1 @@
+*.pem

cmd/server/start_server.go

@@ -14,29 +14,31 @@ import (
 var (
 	// defaultCertsPath is default path to server
 	defaultCertsPath = filepath.Join("cmd", "server", "certs")
+
+	// defaultDataDirPath is a default path to the directory where all data will be stored
+	defaultDataDirPath = filepath.Join("cmd", "parsers", "data")
 )
 
 const (
 	// defaultServerPort is a default port on which this server will be running
 	defaultServerPort = 443
 
-	// defaultCertName represents default name of server's certificate file
-	defaultCertName = "certificate.pem"
-
 	// defaultPrivateKey identifies the default name of server's private key
-	defaultPrivateKey = "key.pem"
+	defaultPrivateKey = "tls.key"
+
+	// defaultCertName represents default name of server's certificate file
+	defaultCertName = "tls.crt"
 
 	// errNotSpecified helps us to check if error was related to initializing sources file
-	errNotSpecified = "The system cannot find the file specified."
+	errNotSpecified = "no such file or directory"
 
 	// errInitializingSources is thrown when func responsible for initialization of sources fails
 	errInitializingSources = "Error initializing sources file: "
 )
 
 // ConfAndRun initializes and runs an HTTPS server using the Gin framework.
 // This function sets up server routes and handlers, and starts the server
-// on a user-specified port or defaults to port 443. It also launches a concurrent job
-// which is fetching news feeds at a specified frequency.
+// on a user-specified port or defaults to port 443.
 //
 // Optional parameters (specified via flags):
 // / -p (serverPort): Specifies the port on which the server will run. Defaults to 443 if not specified.
@@ -71,12 +73,10 @@ func ConfAndRun() error {
 		"Absolute path to the certificate for the HTTPs server")
 	flag.StringVar(&keyFile, "k", filepath.Join(cwdPath, defaultCertsPath, defaultPrivateKey),
 		"Absolute path to the private key for the HTTPs server")
-	flag.StringVar(&storagePath, "fs", filepath.Join(parsers.CmdDir, parsers.ParsersDir, parsers.DataDir),
+	flag.StringVar(&storagePath, "fs", defaultDataDirPath,
 		"Path to directory where all data will be stored")
 	flag.Parse()
 
-	parsers.StoragePath = storagePath
-
 	err = parsers.LoadSourcesFile()
 	if err != nil {
 		if strings.Contains(err.Error(), errNotSpecified) {
@@ -94,7 +94,6 @@ func ConfAndRun() error {
 	err = server.RunTLS(fmt.Sprintf(":%d", serverPort),
 		certFile,
 		keyFile)
-
 	if err != nil {
 		return err
 	}

go-gator/.gitignore

@@ -1,2 +1,3 @@
 
-charts
+charts
+Chart.lock

go-gator/Chart.yaml

@@ -6,7 +6,5 @@ version: 0.1.0
 appVersion: "1.16.0"
 dependencies:
   - name: cert-manager
-    version: v1.15.3
-    repository: https://charts.jetstack.io
-    alias: cert-manager
-    condition: cert-manager.enabled
+    version: 1.15.3
+    repository: https://charts.jetstack.io

go-gator/templates/_go_gator_issuer.yaml

@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ .Values.issuer.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  selfSigned: {}

go-gator/templates/cert_secret.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.certSecret.name }}
+  namespace: {{ .Values.namespace }}

go-gator/templates/go_gator_cert.yaml

@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.certificate.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  isCA: false
+  commonName: go-gator-server
+  secretName: cert-secret
+  privateKey:
+    algorithm: {{ .Values.certificate.privateKey.algorithm }}
+    size: {{ .Values.certificate.privateKey.size }}
+  usages:
+    - server auth
+    - client auth
+  issuerRef:
+    name: {{ .Values.issuer.name }}

go-gator/templates/go_gator_secret.yaml

@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: go-gator-server
+  namespace: {{ .Values.namespace }}
+spec:
+  isCA: false
+  commonName: go-gator-server
+  secretName: {{ .Values.certSecret.name }}
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+    - "go-gator-server"
+  issuerRef:
+    name: {{ .Values.issuer.name }}

go-gator/values.yaml

@@ -64,6 +64,18 @@ resources:
      cpu: 100m
      memory: 128Mi
 
+issuer:
+  name: go-gator-issuer
+
+certSecret:
+  name: cert-secret
+
+certificate:
+  name: go-gator-server
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+
 autoscaling:
   enabled: false
   minReplicas: 1
@@ -74,7 +86,12 @@ volumes:
   - name: go-gator-pv
     persistentVolumeClaim:
       claimName: go-gator-pvc
+  - name: cert-secret
+    secret:
+      secretName: cert-secret
 
 volumeMounts:
   - mountPath: /tmp/
-    name: go-gator-pv
+    name: go-gator-pv
+  - mountPath: /cmd/server/certs
+    name: cert-secret

go.mod

@@ -8,41 +8,89 @@ require (
 	github.com/PuerkitoBio/goquery v1.9.2
 	github.com/gin-gonic/gin v1.10.0
 	github.com/jarcoal/httpmock v1.3.1
-	github.com/spf13/cobra v1.8.0
+	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
 )
 
 require (
 	github.com/andybalholm/cascadia v1.3.2 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bytedance/sonic v1.11.6 // indirect
 	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/zapr v1.3.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.20.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_golang v1.19.1 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
 	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.23.0 // indirect
-	golang.org/x/net v0.25.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
-	golang.org/x/text v0.15.0 // indirect
-	google.golang.org/protobuf v1.34.1 // indirect
+	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/term v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/api v0.31.0 // indirect
+	k8s.io/apiextensions-apiserver v0.31.0 // indirect
+	k8s.io/apimachinery v0.31.0 // indirect
+	k8s.io/client-go v0.31.0 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
+	sigs.k8s.io/controller-runtime v0.19.0 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )