diff --git a/library/common-test/ci/route-values.yaml b/library/common-test/ci/route-values.yaml new file mode 100644 index 00000000..18040596 --- /dev/null +++ b/library/common-test/ci/route-values.yaml @@ -0,0 +1,111 @@ +global: + ixChartContext: + something: something + +workload: + main: + enabled: true + podSpec: + containers: + main: + enabled: true + args: + - --port + - "8080" + probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + +service: + main: + enabled: true + ports: + main: + enabled: true + port: 8080 + protocol: http + autolink: + enabled: true + ports: + autolink: + enabled: true + protocol: http + port: 8081 + +manifestManager: + enabled: false + staging: false + +route: + main: + enabled: true + hostnames: + - chart-example.local + parentRefs: + - # Group of the referent resource. + group: gateway.networking.k8s.io + # Kind of the referent resource. + kind: Gateway + # Name of the referent resource + name: test + # Namespace of the referent resource + namespace: test + + +"ixCertificateAuthorities": {} +"ixCertificates": + "1": + "CA_type_existing": false + "CA_type_intermediate": false + "CA_type_internal": false + "CSR": "" + "DN": "/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost" + "cert_type": "CERTIFICATE" + "cert_type_CSR": false + "cert_type_existing": true + "cert_type_internal": false + "certificate": "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" + "certificate_path": "/etc/certificates/freenas_default.crt" + "chain": false + "chain_list": [ + "-----BEGIN CERTIFICATE-----\nMIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMx\nEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZI\nhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3NlZTES\nMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIwMDkyNTE0MDUzOFoXDTIyMTIyOTE0MDUz\nOFowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNVBAMM\nCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29tMRIw\nEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBALpoGliii6X8DeoFdLcR7jjsfJIn3nC8f1pT\nLQ3RURHUOEyhPT3Z6TkhaHeHoj8D6kiXROhyJJq3kw5OeqGZisfpGQhkxjpxkfh9\nfAhlvhuLwCWHaMvSh1TaT+h9+eHfcx3un5CIaH8b1KYRBMH+jmKFpr7jkPNkBXLS\nMA7jKIIa8pD9R6lF4gAsbqJafCbT3R7bqkd9xp3n3j2YhqQzETU2lmu4fra3BPio\nofK47kSkguUC6mtk6VrDf2+QtCKlY0dtbF3e2ZBNWo1aj86sjCtoEmqOCMsPRLc/\nXwQcfEqHY4XfafXwqk0G0UxV2ce18xKoR/pN3MpLBZ65NzPnpn0CAwEAAaMtMCsw\nFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG\nSIb3DQEBCwUAA4IBAQBFW1R037y7wllg/gRk9p2T1stiG8iIXosblmL4Ak1YToTQ\n/0to5GY2ZYW29+rbA4SDTS5eeu2YqZ0A/fF3wey7ggzMS7KyNBOvx5QBJRw3PJGn\n+THfhXvdfkOyeUC6KWRGLgl+/zBFvgh6vFDq3jmv0NI4ehVBTBMCJn7r6577S16T\nwtgKMCooizII0Odu5HIF10gTieFIH3PQYm9JBji9iyemb9Ht3wn7fXQptfGadz/l\nWz/Dv9+a6IOr7JVJMHnqAIvPzpkav4efuVPOX1zbhjg4K5g+nRYfjr5F5upOd0Y3\nznWTUBUyI7CXRkpHtSDXfEqKgnk/8uv7GWw+hyKr\n-----END CERTIFICATE-----\n" + ] + "city": "Maryville" + "common": "localhost" + "country": "US" + "csr_path": "/etc/certificates/freenas_default.csr" + "digest_algorithm": "SHA256" + "email": "info@ixsystems.com" + "extensions": + "ExtendedKeyUsage": "TLS Web Server Authentication" + "SubjectAltName": "DNS:localhost" + "fingerprint": "9C:5A:1D:1B:E7:9E:0B:89:2B:37:F4:19:83:ED:3C:6B:D8:14:0D:9B" + "from": "Fri Sep 25 16:05:38 2020" + "id": 1 + "internal": "NO" + "issuer": "external" + "key_length": 2048 + "key_type": "RSA" + "lifetime": 825 + "name": "freenas_default" + "organization": "iXsystems" + "organizational_unit": "" + "parsed": true + "privatekey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6aBpYooul/A3q\nBXS3Ee447HySJ95wvH9aUy0N0VER1DhMoT092ek5IWh3h6I/A+pIl0TociSat5MO\nTnqhmYrH6RkIZMY6cZH4fXwIZb4bi8Alh2jL0odU2k/offnh33Md7p+QiGh/G9Sm\nEQTB/o5ihaa+45DzZAVy0jAO4yiCGvKQ/UepReIALG6iWnwm090e26pHfcad5949\nmIakMxE1NpZruH62twT4qKHyuO5EpILlAuprZOlaw39vkLQipWNHbWxd3tmQTVqN\nWo/OrIwraBJqjgjLD0S3P18EHHxKh2OF32n18KpNBtFMVdnHtfMSqEf6TdzKSwWe\nuTcz56Z9AgMBAAECggEARwcb4uIs7BZbBu0FSCyg5TfXT6m5bKOmszg2VqmHho+i\n1DAsMcEyyP4d3E3mWLSZNQfOzfOQVxPUCQOGXsUuyHXdgAFGN0bHJDRMara59a0O\njj5GhEO4JXD6OdCmwpZuOt2OF3iiuKxWHuElOvZQMuJSYzI7LULTgKjufv23lbsf\nxMO/v9yi57c5EGgnQ8siLKOy/FQZapn4Z9qKn+lVyk5gfaKP0pDsvV4d7nGYMDD2\nYijfkSyNecApFdtWiLE5zLUlvF6oNj8o66z3YrVNKrCPzhA/5Rkkwwk32SNxvKU3\nVZFSNPeOZ60BicxYcWO+b2aAa0WF+uazJAZ4q52gUQKBgQDu88R+0wm76secYkzE\nQglteLNZKFcvth0kI5xH42Hmk9IXkGimFoDJCIrLAuopyGnfNmqmh2is3QUMUPdR\n/wDLnKc4MCezEidNoD2RBC+bzM1hB9oye/b5sOZUDFXSa0k4XSLu1UEuy1yWhkuS\n6JjY1KQfc4FN0K0Fjqqo7UCTCwKBgQDHtKQh/NvMJ2ok4YW+/QAsus4mEK9eCyUy\nOuyDszQYrGvjkS7STKJVNxGLhWb0XKSIAxMZ66b1MwOt+71h7xNn6pcancfVdK7F\n1Xl5J+76SwbXSgQwTZuoMDxPIvZn7v/2ep5Ni/BcOhMcPIcobWb/OmXrFN1brBvo\nlFNQyWWhlwKBgFDAyPMjVvLO0U6kWdUpjA4W8GV9IJnbLdX8wt/4lClcY2/bOcKH\ncFaAMIeTIJemR0FMHpbQxCtHNmGHK03mo9orwsdWXtRBmk69jJDpnT1F5VKZWMAe\n7MRNaEmXMZm+8CvALgIQx8qMp2mnUPsA6Ea+9gg6/MPTdeWe5UXZiC0pAoGAGtSt\nPJfBXBNrklruYjORo3DRo5GYThVHQRFjl2orNKltsVxfIwgCw1ortEgPBgOwY0mu\ndkwP2V+qPeTVk+PQAqUk+gF6yLXtiUzeDiYMWHpeB+y81VSH9jfM0oELA/m7T/03\naYnEmE+BI8kKC6dvMBlDeisKdneQJFZRP0hfrC8CgYEAgYIyCGwcydKpe2Nkj0Fz\nKTtCMC/k4DvJfd5Kb9AbmrPUfKgA9Xj4GT6yPG6uBMi8r5etvLCKJ2x2NtN024a8\nQJLATYPrSsaZkE+9zM0j5nYAgbKpxBhlDzDAzn//3ByVzfgJ25S80XhTI2lfbLH/\nU07ssxdZaQCo+WuD82OvNcg=\n-----END PRIVATE KEY-----\n" + "privatekey_path": "/etc/certificates/freenas_default.key" + "revoked": false + "revoked_date": "" + "root_path": "/etc/certificates" + "san": [ + "DNS:localhost" + ] + "serial": 1 + "signedby": "" + "state": "Tennessee" + "subject_name_hash": 3193428416 + "type": 8 + "until": "Thu Dec 29 15:05:38 2022" diff --git a/library/common/templates/class/_route.tpl b/library/common/templates/class/_route.tpl new file mode 100644 index 00000000..6bae0ff6 --- /dev/null +++ b/library/common/templates/class/_route.tpl @@ -0,0 +1,86 @@ +{{/* +This template serves as a blueprint for all Route objects that are created +within the common library. +*/}} +{{- define "tc.v1.common.class.route" -}} +{{- $values := .Values.route -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.route -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} + + {{- $routeLabels := $values.labels -}} + {{- $routeAnnotations := $values.annotations -}} + +{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} +{{- if and (hasKey $values "nameOverride") $values.nameOverride -}} + {{- $fullName = printf "%v-%v" $fullName $values.nameOverride -}} +{{ end -}} +{{- $routeKind := $values.kind | default "HTTPRoute" -}} + +{{/* Get the name of the primary service, if any */}} +{{- $primarySeriviceName := (include "tc.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}} +{{/* Get service values of the primary service, if any */}} +{{- $primaryService := get .Values.service $primarySeriviceName -}} +{{- $defaultServiceName := $fullName -}} + +{{- if and (hasKey $primaryService "nameOverride") $primaryService.nameOverride -}} + {{- $defaultServiceName = printf "%v-%v" $defaultServiceName $primaryService.nameOverride -}} +{{- end -}} +{{- $defaultServicePort := get $primaryService.ports (include "tc.v1.common.lib.util.service.ports.primary" (dict "svcValues" $primaryService "svcName" $primarySeriviceName )) -}} + +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +{{- if and (ne $routeKind "GRPCRoute") (ne $routeKind "HTTPRoute") (ne $routeKind "TCPRoute") (ne $routeKind "TLSRoute") (ne $routeKind "UDPRoute") }} + {{- fail (printf "Not a valid route kind (%s)" $routeKind) }} +{{- end }} +kind: {{ $routeKind }} +metadata: + name: {{ $fullName }} + {{- $labels := (mustMerge ($routeLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end -}} + {{- $annotations := (mustMerge ($routeAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) }} + annotations: + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + {{- . | nindent 4 }} + {{- end }} +spec: + parentRefs: + {{- range $values.parentRefs }} + - group: {{ default "gateway.networking.k8s.io" .group }} + kind: {{ default "Gateway" .kind }} + name: {{ required (printf "parentRef name is required for %v %v" $routeKind $fullName) .name }} + namespace: {{ required (printf "parentRef namespace is required for %v %v" $routeKind $fullName) .namespace }} + {{- if .sectionName }} + sectionName: {{ .sectionName | quote }} + {{- end }} + {{- end }} + {{- if and (ne $routeKind "TCPRoute") (ne $routeKind "UDPRoute") $values.hostnames }} + hostnames: + {{- with $values.hostnames }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + rules: + {{- range $values.rules }} + - backendRefs: + {{- range .backendRefs }} + - group: {{ default "" .group | quote}} + kind: {{ default "Service" .kind }} + name: {{ default $defaultServiceName .name }} + namespace: {{ default $.Release.Namespace .namespace }} + port: {{ default $defaultServicePort.port .port }} + weight: {{ default 1 .weight }} + {{- end }} + {{- if (eq $routeKind "HTTPRoute") }} + {{- with .matches }} + matches: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/library/common/templates/lib/util/_primary_route.tpl b/library/common/templates/lib/util/_primary_route.tpl new file mode 100644 index 00000000..04da801e --- /dev/null +++ b/library/common/templates/lib/util/_primary_route.tpl @@ -0,0 +1,23 @@ +{{/* Return the name of the primary route object */}} +{{- define "tc.v1.common.lib.util.route.primary" -}} + {{- $routees := $.Values.route -}} + + {{- $enabledroutees := dict -}} + {{- range $name, $route := $routees -}} + {{- if $route.enabled -}} + {{- $_ := set $enabledroutees $name . -}} + {{- end -}} + {{- end -}} + + {{- $result := "" -}} + {{- range $name, $route := $enabledroutees -}} + {{- if and (hasKey $route "primary") $route.primary -}} + {{- $result = $name -}} + {{- end -}} + {{- end -}} + + {{- if not $result -}} + {{- $result = keys $enabledroutees | first -}} + {{- end -}} + {{- $result -}} +{{- end -}} diff --git a/library/common/templates/loader/_apply.tpl b/library/common/templates/loader/_apply.tpl index 9cc02941..9a123fee 100644 --- a/library/common/templates/loader/_apply.tpl +++ b/library/common/templates/loader/_apply.tpl @@ -34,6 +34,9 @@ {{/* Render ingress(s) */}} {{- include "tc.v1.common.spawner.ingress" . | nindent 0 -}} + {{/* Render Gateway API Route(s) */}} + {{- include "tc.v1.common.spawner.routes" . | nindent 0 -}} + {{/* Render Horizontal Pod Autoscalers(s) */}} {{- include "tc.v1.common.spawner.hpa" . | nindent 0 -}} @@ -46,8 +49,10 @@ {{/* Render Cert-Manager Certificates(s) */}} {{- include "tc.v1.common.spawner.certificate" . | nindent 0 -}} + {{/* Ensure automatic permissions containers are injected */}} {{- include "tc.v1.common.lib.util.autoperms" . | nindent 0 -}} + {{/* Render/Set portal configmap, .Values.iXPortals and APPURL */}} {{- include "tc.v1.common.spawner.portal" . | nindent 0 -}} {{- end -}} diff --git a/library/common/templates/spawner/_route.tpl b/library/common/templates/spawner/_route.tpl new file mode 100644 index 00000000..5ecf2104 --- /dev/null +++ b/library/common/templates/spawner/_route.tpl @@ -0,0 +1,18 @@ +{{/* Renders the Route objects required by the chart */}} +{{- define "tc.v1.common.spawner.routes" -}} + {{- /* Generate named routes as required */ -}} + {{- range $name, $route := .Values.route }} + {{- if $route.enabled -}} + {{- $routeValues := $route -}} + + {{/* set defaults */}} + {{- if and (not $routeValues.nameOverride) (ne $name (include "tc.v1.common.lib.util.route.primary" $)) -}} + {{- $_ := set $routeValues "nameOverride" $name -}} + {{- end -}} + + {{- $_ := set $ "ObjectValues" (dict "route" $routeValues) -}} + {{- include "tc.v1.common.class.route" $ | nindent 0 -}} + {{- $_ := unset $.ObjectValues "route" -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/library/common/values.yaml b/library/common/values.yaml index f790b5d8..e9220226 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -430,6 +430,53 @@ ingress: # hosts: # - chart-example.local +# -- BETA: Configure the gateway routes for the chart here. +# Additional routes can be added by adding a dictionary key similar to the 'main' route. +# Please be aware that this is an early beta of this feature, TrueCharts does not guarantee this actually works. +# Being BETA this can/will change in the future without notice, please do not use unless you want to take that risk +# [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2) +# @default -- See below +route: + main: + # -- Enables or disables the route + enabled: false + # -- Set the route kind + # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute + kind: HTTPRoute + # -- Provide additional annotations which may be required. + annotations: {} + # -- Provide additional labels which may be required. + labels: {} + # -- Configure the resource the route attaches to. + parentRefs: + - # Group of the referent resource. + group: gateway.networking.k8s.io + # Kind of the referent resource. + kind: Gateway + # Name of the referent resource + name: + # Namespace of the referent resource + namespace: + # Name of the section within the target resource. + sectionName: + # -- Host addresses + hostnames: [] + # -- Configure rules for routing. Defaults to the primary service. + rules: + - # -- Configure backends where matching requests should be sent. + backendRefs: + - group: "" + kind: Service + name: + namespace: + port: + weight: 1 + ## Configure conditions used for matching incoming requests. Only for HTTPRoutes + matches: + - path: + type: PathPrefix + value: / + metrics: main: enabled: false