From 1b1fd5799addfe77f2abcf2df810c7b7963cc2f0 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Mon, 20 Feb 2023 23:42:11 +0100 Subject: [PATCH] most portal work done --- library/common-test/ci/portal-values.yaml | 124 ++++++++++++ library/common/templates/loader/_apply.tpl | 2 + library/common/templates/spawner/_portal.tpl | 196 ++++++++++--------- 3 files changed, 234 insertions(+), 88 deletions(-) create mode 100644 library/common-test/ci/portal-values.yaml diff --git a/library/common-test/ci/portal-values.yaml b/library/common-test/ci/portal-values.yaml new file mode 100644 index 00000000..05b899ab --- /dev/null +++ b/library/common-test/ci/portal-values.yaml @@ -0,0 +1,124 @@ +ixChartContext: + something: something + +workload: + main: + enabled: true + podSpec: + containers: + main: + enabled: true + args: + - --port + - "8080" + probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + +service: + main: + enabled: true + ports: + main: + enabled: true + port: 8080 + protocol: http + autolink: + enabled: true + ports: + autolink: + enabled: true + protocol: http + port: 8081 + +manifestManager: + enabled: false + staging: false + + +# -- Configure the ingresses for the chart here. +# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. +# @default -- See below +ingress: + main: + enabled: true + hosts: + - host: chart-example.local + paths: + - path: / + pathType: Prefix + service: + name: + port: + tls: [] + +"ixCertificateAuthorities": {} +"ixCertificates": + "1": + "CA_type_existing": false + "CA_type_intermediate": false + "CA_type_internal": false + "CSR": "" + "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" + "cert_type": "CERTIFICATE" + "cert_type_CSR": false + "cert_type_existing": true + "cert_type_internal": false + "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" + "certificate_path": "/etc/certificates/freenas_default.crt" + "chain": false + "chain_list": [ + "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" + ] + "city": "Maryville" + "common": "localhost" + "country": "US" + "csr_path": "/etc/certificates/freenas_default.csr" + "digest_algorithm": "SHA256" + "email": "info@ixsystems.com" + "extensions": + "ExtendedKeyUsage": "TLS Web Server Authentication" + "SubjectAltName": "DNS:localhost" + "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" + "from": "Fri Sep 25 16:05:38 2020" + "id": 1 + "internal": "NO" + "issuer": "external" + "key_length": 2048 + "key_type": "RSA" + "lifetime": 825 + "name": "freenas_default" + "organization": "iXsystems" + "organizational_unit": "" + "parsed": true + "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" + "privatekey_path": "/etc/certificates/freenas_default.key" + "revoked": false + "revoked_date": "" + "root_path": "/etc/certificates" + "san": [ + "DNS:localhost" + ] + "serial": 1 + "signedby": "" + "state": "Tennessee" + "subject_name_hash": 3193428416 + "type": 8 + "until": "Thu Dec 29 15:05:38 2022" + +portal: + open: + enabled: false + override: + protocol: + host: + port: + urlSuffix: "" + targetSelector: + ingress: "" + service: "" + port: "" diff --git a/library/common/templates/loader/_apply.tpl b/library/common/templates/loader/_apply.tpl index 5110aba1..9cc02941 100644 --- a/library/common/templates/loader/_apply.tpl +++ b/library/common/templates/loader/_apply.tpl @@ -48,4 +48,6 @@ {{- include "tc.v1.common.lib.util.autoperms" . | nindent 0 -}} + {{- include "tc.v1.common.spawner.portal" . | nindent 0 -}} + {{- end -}} diff --git a/library/common/templates/spawner/_portal.tpl b/library/common/templates/spawner/_portal.tpl index b4587249..e5a56c41 100644 --- a/library/common/templates/spawner/_portal.tpl +++ b/library/common/templates/spawner/_portal.tpl @@ -4,104 +4,124 @@ */}} {{- define "tc.v1.common.spawner.portal" -}} + {{- if .Values.ixChartContext -}} - {{- range $name, $portal := .Values.portal -}} + {{- range $name, $portal := .Values.portal -}} + {{- if $portal.enabled -}} - {{- if $portal.enabled -}} + {{/* Create a copy of the portal */}} + {{- $objectData := (mustDeepCopy $portal) -}} - {{/* Create a copy of the portal */}} - {{- $objectData := (mustDeepCopy $portal) -}} + {{/* Create defaults */}} + {{- $protocol := "https" -}} + {{- $host := "$node_ip" -}} + {{- $port := "443" -}} + {{- $suffix := $objectData.urlSuffix -}} + {{- $url := "" -}} - {{/* Create defaults */}} - {{- $protocol := "https" -}} - {{- $host := "$node_ip" -}} - {{- $port := "443" -}} - {{- $suffix := $objectData.urlSuffix -}} - {{- $url := "" -}} + {{/* Get service, default to primary */}} + {{- $serviceData := dict "targetSelector" $objectData.targetSelector.service -}} + {{- $selectedService := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $ "objectData" $serviceData)) }} - {{/* Get service, default to primary */}} - {{- $selectedService := fromYaml ( include "tc.v1.common.lib.helpers.getSelectedServiceValues" (dict "rootCtx" $ "objectData" $objectData.targetSeleector.service ) ) -}} - {{/* read loadbalancer IP's for metallb */}} - {{- if eq $selectedService.type "LoadBalancer" -}} - {{- with $selectedService.loadBalancerIP -}} - {{- $host = toString . -}} + + {{/* read loadbalancer IP's for metallb */}} + {{- if eq $selectedService.type "LoadBalancer" -}} + {{- with $selectedService.loadBalancerIP -}} + {{- $host = toString . -}} + {{- end -}} + + {{/* set temporary storage for port name and port */}} + {{- $targetPort := "" -}} + {{- $selectedPort := "" -}} + + {{/* Fetch port values */}} + {{- if $objectData.targetSelector.port -}} + {{- $targetPort := $objectData.targetSeleector.port -}} + {{- else -}} + {{- $targetPort := include "tc.v1.common.lib.util.service.ports.primary" $selectedService -}} {{- end -}} - {{/* set temporary storage for port name and port */}} - {{- $targetPort := "" -}} - {{- $selectedPort := "" -}} + {{- $selectedPort = get $selectedService.port $targetPort -}} + + {{/* store port number */}} + {{- $port = $selectedPort.port -}} + {{- end -}} + + + {{/* set temporary storage for ingress name and port */}} + {{- $targetIngress := "" -}} + {{- $selectedIngress := "" -}} + + {{/* Fetch ingress values */}} + {{- if $objectData.targetSelector.ingress -}} + {{- $targetIngress := $objectData.targetSelector.ingress -}} + {{- else -}} + {{- $targetIngress := include "tc.v1.common.lib.util.service.ingress.primary" $ -}} + {{- end -}} + {{- $selectedIngress = get .Values.ingress $targetIngress -}} + + {{/* store host from ingress number */}} + {{- if $selectedIngress.enabled -}} + {{- with (index $selectedIngress.hosts 0) }} + {{- $host = .host -}} + {{- end }} + {{- end }} + + {{/* TODO: grab ports via portal */}} + + + {{/* Apply overrides */}} + {{- if $objectData.override.protocol -}} + {{- $protocol = $objectData.override.protocol -}} + {{- end -}} + + {{- if $objectData.override.host -}} + {{- $host = $objectData.override.host -}} + {{- end -}} + + {{- if $objectData.override.port -}} + {{- $port = $objectData.override.port -}} + {{- end -}} + + + + {{/* sanitise */}} + {{- if eq $port "443" -}} + {{- $protocol = "https" -}} + {{- end -}} + + {{- if eq $port "80" -}} + {{- $protocol = "http" -}} + {{- end -}} + + {{- if or ( eq $protocol "https" ) ( eq $protocol "http" ) -}} + {{- $port = "" -}} + {{- end -}} + + {{/* Construct URL*/}} + {{- if $port -}} + {{- $url = printf "%s://%s:%s/%s" $protocol $host $port $suffix -}} + {{- else -}} + {{- $url = printf "%s://%s/%s" $protocol $host $suffix -}} + {{- end -}} + + {{/* create configmap entry*/}} + {{- $portalData := dict "protocol" $protocol "host" $host "port" $port "suffix" $suffix "url" $url -}} + + {{/* construct configmap */}} + {{- $objectName := "tcportal" -}} + {{- $configMap := dict "enabled" true "name" $objectName "shortName" $objectName "data" $portalData -}} + + {{/* Perform validations */}} + {{- include "tc.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "tc.v1.common.lib.configmap.validation" (dict "objectData" $configMap) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $configMap "caller" "ConfigMap") -}} + + {{/* Call class to create the object */}} + {{- include "tc.v1.common.class.configmap" (dict "rootCtx" $ "objectData" $configMap) -}} - {{/* Fetch port values */}} - {{- if $objectData.targetSelector.port -}} - {{- $targetPort := $objectData.targetSeleector.port -}} - {{- else -}} - {{- $targetPort := include "tc.v1.common.lib.util.service.ports.primary" $selectedService -}} {{- end -}} - - {{- $selectedPort = get $selectedService.port $targetPort -}} - - {{/* store port number */}} - {{- $port = $selectedPort.port -}} - {{- end -}} - - - {{/* set temporary storage for ingress name and port */}} - {{- $targetIngress := "" -}} - {{- $selectedIngress := "" -}} - - {{/* Fetch ingress values */}} - {{- if $objectData.targetSelector.ingress -}} - {{- $targetIngress := $objectData.targetSelector.ingress -}} - {{- else -}} - {{- $targetIngress := include "tc.v1.common.lib.util.service.ingress.primary" $ -}} - {{- end -}} - {{- $selectedIngress = get .Values.ingress $targetIngress -}} - - {{/* store host from ingress number */}} - {{- if $selectedIngress.enabled -}} - {{- with (index $selectedIngress.hosts 0) }} - {{- $host = .host -}} - {{- end }} - {{- end }} - - {{/* Apply overrides */}} - {{- if $objectData.override.protocol -}} - {{- $protocol = $objectData.override.protocol -}} - {{- end -}} - - {{- if $objectData.override.host -}} - {{- $host = $objectData.override.host -}} - {{- end -}} - - {{- if $objectData.override.port -}} - {{- $port = $objectData.override.port -}} - {{- end -}} - - - - {{/* sanitise */}} - {{- if eq $port "443" -}} - {{- $protocol = "https" -}} - {{- end -}} - - {{- if eq $port "80" -}} - {{- $protocol = "http" -}} - {{- end -}} - - {{- if or ( eq $protocol "https" ) ( eq $protocol "http" ) -}} - {{- $port = "" -}} - {{- end -}} - - {{/* Construct URL*/}} - {{- if $port -}} - {{- $url = printf "%s://%s:%s/%s" $protocol $host $port $suffix -}} - {{- else -}} - {{- $url = printf "%s://%s/%s" $protocol $host $suffix -}} - {{- end -}} - {{- end -}} - {{- end -}} - {{- end -}}