most portal work done

This commit is contained in:
Kjeld Schouten-Lebbing
2023-02-20 23:42:11 +01:00
parent 4b1c89ca56
commit 1b1fd5799a
3 changed files with 234 additions and 88 deletions

View File

@@ -0,0 +1,124 @@
ixChartContext:
something: something
workload:
main:
enabled: true
podSpec:
containers:
main:
enabled: true
args:
- --port
- "8080"
probes:
liveness:
enabled: true
readiness:
enabled: true
startup:
enabled: true
service:
main:
enabled: true
ports:
main:
enabled: true
port: 8080
protocol: http
autolink:
enabled: true
ports:
autolink:
enabled: true
protocol: http
port: 8081
manifestManager:
enabled: false
staging: false
# -- Configure the ingresses for the chart here.
# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
# @default -- See below
ingress:
main:
enabled: true
hosts:
- host: chart-example.local
paths:
- path: /
pathType: Prefix
service:
name:
port:
tls: []
"ixCertificateAuthorities": {}
"ixCertificates":
"1":
"CA_type_existing": false
"CA_type_intermediate": false
"CA_type_internal": false
"CSR": ""
"DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost"
"cert_type": "CERTIFICATE"
"cert_type_CSR": false
"cert_type_existing": true
"cert_type_internal": false
"certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n"
"certificate_path": "/etc/certificates/freenas_default.crt"
"chain": false
"chain_list": [
"-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n"
]
"city": "Maryville"
"common": "localhost"
"country": "US"
"csr_path": "/etc/certificates/freenas_default.csr"
"digest_algorithm": "SHA256"
"email": "info@ixsystems.com"
"extensions":
"ExtendedKeyUsage": "TLS Web Server Authentication"
"SubjectAltName": "DNS:localhost"
"fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B"
"from": "Fri Sep 25 16:05:38 2020"
"id": 1
"internal": "NO"
"issuer": "external"
"key_length": 2048
"key_type": "RSA"
"lifetime": 825
"name": "freenas_default"
"organization": "iXsystems"
"organizational_unit": ""
"parsed": true
"privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n"
"privatekey_path": "/etc/certificates/freenas_default.key"
"revoked": false
"revoked_date": ""
"root_path": "/etc/certificates"
"san": [
"DNS:localhost"
]
"serial": 1
"signedby": ""
"state": "Tennessee"
"subject_name_hash": 3193428416
"type": 8
"until": "Thu Dec 29 15:05:38 2022"
portal:
open:
enabled: false
override:
protocol:
host:
port:
urlSuffix: ""
targetSelector:
ingress: ""
service: ""
port: ""

View File

@@ -48,4 +48,6 @@
{{- include "tc.v1.common.lib.util.autoperms" . | nindent 0 -}}
{{- include "tc.v1.common.spawner.portal" . | nindent 0 -}}
{{- end -}}

View File

@@ -4,104 +4,124 @@
*/}}
{{- define "tc.v1.common.spawner.portal" -}}
{{- if .Values.ixChartContext -}}
{{- range $name, $portal := .Values.portal -}}
{{- range $name, $portal := .Values.portal -}}
{{- if $portal.enabled -}}
{{- if $portal.enabled -}}
{{/* Create a copy of the portal */}}
{{- $objectData := (mustDeepCopy $portal) -}}
{{/* Create a copy of the portal */}}
{{- $objectData := (mustDeepCopy $portal) -}}
{{/* Create defaults */}}
{{- $protocol := "https" -}}
{{- $host := "$node_ip" -}}
{{- $port := "443" -}}
{{- $suffix := $objectData.urlSuffix -}}
{{- $url := "" -}}
{{/* Create defaults */}}
{{- $protocol := "https" -}}
{{- $host := "$node_ip" -}}
{{- $port := "443" -}}
{{- $suffix := $objectData.urlSuffix -}}
{{- $url := "" -}}
{{/* Get service, default to primary */}}
{{- $serviceData := dict "targetSelector" $objectData.targetSelector.service -}}
{{- $selectedService := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $ "objectData" $serviceData)) }}
{{/* Get service, default to primary */}}
{{- $selectedService := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $ "objectData" $objectData.targetSeleector.service ) ) -}}
{{/* read loadbalancer IP's for metallb */}}
{{- if eq $selectedService.type "LoadBalancer" -}}
{{- with $selectedService.loadBalancerIP -}}
{{- $host = toString . -}}
{{/* read loadbalancer IP's for metallb */}}
{{- if eq $selectedService.type "LoadBalancer" -}}
{{- with $selectedService.loadBalancerIP -}}
{{- $host = toString . -}}
{{- end -}}
{{/* set temporary storage for port name and port */}}
{{- $targetPort := "" -}}
{{- $selectedPort := "" -}}
{{/* Fetch port values */}}
{{- if $objectData.targetSelector.port -}}
{{- $targetPort := $objectData.targetSeleector.port -}}
{{- else -}}
{{- $targetPort := include "tc.v1.common.lib.util.service.ports.primary" $selectedService -}}
{{- end -}}
{{/* set temporary storage for port name and port */}}
{{- $targetPort := "" -}}
{{- $selectedPort := "" -}}
{{- $selectedPort = get $selectedService.port $targetPort -}}
{{/* store port number */}}
{{- $port = $selectedPort.port -}}
{{- end -}}
{{/* set temporary storage for ingress name and port */}}
{{- $targetIngress := "" -}}
{{- $selectedIngress := "" -}}
{{/* Fetch ingress values */}}
{{- if $objectData.targetSelector.ingress -}}
{{- $targetIngress := $objectData.targetSelector.ingress -}}
{{- else -}}
{{- $targetIngress := include "tc.v1.common.lib.util.service.ingress.primary" $ -}}
{{- end -}}
{{- $selectedIngress = get .Values.ingress $targetIngress -}}
{{/* store host from ingress number */}}
{{- if $selectedIngress.enabled -}}
{{- with (index $selectedIngress.hosts 0) }}
{{- $host = .host -}}
{{- end }}
{{- end }}
{{/* TODO: grab ports via portal */}}
{{/* Apply overrides */}}
{{- if $objectData.override.protocol -}}
{{- $protocol = $objectData.override.protocol -}}
{{- end -}}
{{- if $objectData.override.host -}}
{{- $host = $objectData.override.host -}}
{{- end -}}
{{- if $objectData.override.port -}}
{{- $port = $objectData.override.port -}}
{{- end -}}
{{/* sanitise */}}
{{- if eq $port "443" -}}
{{- $protocol = "https" -}}
{{- end -}}
{{- if eq $port "80" -}}
{{- $protocol = "http" -}}
{{- end -}}
{{- if or ( eq $protocol "https" ) ( eq $protocol "http" ) -}}
{{- $port = "" -}}
{{- end -}}
{{/* Construct URL*/}}
{{- if $port -}}
{{- $url = printf "%s://%s:%s/%s" $protocol $host $port $suffix -}}
{{- else -}}
{{- $url = printf "%s://%s/%s" $protocol $host $suffix -}}
{{- end -}}
{{/* create configmap entry*/}}
{{- $portalData := dict "protocol" $protocol "host" $host "port" $port "suffix" $suffix "url" $url -}}
{{/* construct configmap */}}
{{- $objectName := "tcportal" -}}
{{- $configMap := dict "enabled" true "name" $objectName "shortName" $objectName "data" $portalData -}}
{{/* Perform validations */}}
{{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}}
{{- include "tc.v1.common.lib.configmap.validation" (dict "objectData" $configMap) -}}
{{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $configMap "caller" "ConfigMap") -}}
{{/* Call class to create the object */}}
{{- include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $configMap) -}}
{{/* Fetch port values */}}
{{- if $objectData.targetSelector.port -}}
{{- $targetPort := $objectData.targetSeleector.port -}}
{{- else -}}
{{- $targetPort := include "tc.v1.common.lib.util.service.ports.primary" $selectedService -}}
{{- end -}}
{{- $selectedPort = get $selectedService.port $targetPort -}}
{{/* store port number */}}
{{- $port = $selectedPort.port -}}
{{- end -}}
{{/* set temporary storage for ingress name and port */}}
{{- $targetIngress := "" -}}
{{- $selectedIngress := "" -}}
{{/* Fetch ingress values */}}
{{- if $objectData.targetSelector.ingress -}}
{{- $targetIngress := $objectData.targetSelector.ingress -}}
{{- else -}}
{{- $targetIngress := include "tc.v1.common.lib.util.service.ingress.primary" $ -}}
{{- end -}}
{{- $selectedIngress = get .Values.ingress $targetIngress -}}
{{/* store host from ingress number */}}
{{- if $selectedIngress.enabled -}}
{{- with (index $selectedIngress.hosts 0) }}
{{- $host = .host -}}
{{- end }}
{{- end }}
{{/* Apply overrides */}}
{{- if $objectData.override.protocol -}}
{{- $protocol = $objectData.override.protocol -}}
{{- end -}}
{{- if $objectData.override.host -}}
{{- $host = $objectData.override.host -}}
{{- end -}}
{{- if $objectData.override.port -}}
{{- $port = $objectData.override.port -}}
{{- end -}}
{{/* sanitise */}}
{{- if eq $port "443" -}}
{{- $protocol = "https" -}}
{{- end -}}
{{- if eq $port "80" -}}
{{- $protocol = "http" -}}
{{- end -}}
{{- if or ( eq $protocol "https" ) ( eq $protocol "http" ) -}}
{{- $port = "" -}}
{{- end -}}
{{/* Construct URL*/}}
{{- if $port -}}
{{- $url = printf "%s://%s:%s/%s" $protocol $host $port $suffix -}}
{{- else -}}
{{- $url = printf "%s://%s/%s" $protocol $host $suffix -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}