diff --git a/library/common-test/ci/basic-values.yaml b/library/common-test/ci/basic-values.yaml index 60c195cf..a5ea17aa 100644 --- a/library/common-test/ci/basic-values.yaml +++ b/library/common-test/ci/basic-values.yaml @@ -1,7 +1,7 @@ image: - repository: traefik/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent - tag: latest + tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 service: main: diff --git a/library/common-test/ci/codeserver-values.yaml b/library/common-test/ci/codeserver-values.yaml index b9cacbda..e058c0dd 100644 --- a/library/common-test/ci/codeserver-values.yaml +++ b/library/common-test/ci/codeserver-values.yaml @@ -1,5 +1,5 @@ image: - repository: ghcr.io/truecharts/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 diff --git a/library/common-test/ci/daemonset-values.yaml b/library/common-test/ci/daemonset-values.yaml index dd678d27..a6e588ef 100644 --- a/library/common-test/ci/daemonset-values.yaml +++ b/library/common-test/ci/daemonset-values.yaml @@ -1,7 +1,7 @@ image: - repository: traefik/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent - tag: latest + tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 controller: # -- Enable the controller. diff --git a/library/common-test/ci/extra-containers-values.yaml b/library/common-test/ci/extra-containers-values.yaml index 429139e9..b85dad7a 100644 --- a/library/common-test/ci/extra-containers-values.yaml +++ b/library/common-test/ci/extra-containers-values.yaml @@ -1,7 +1,7 @@ image: - repository: traefik/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent - tag: latest + tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 service: main: diff --git a/library/common-test/ci/ingress-values.yaml b/library/common-test/ci/ingress-values.yaml index a1b732c0..9afc57ef 100644 --- a/library/common-test/ci/ingress-values.yaml +++ b/library/common-test/ci/ingress-values.yaml @@ -1,8 +1,12 @@ image: - repository: ghcr.io/truecharts/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 +global: + ixChartContext: + something: something + service: main: ports: @@ -48,21 +52,50 @@ ingress: port: tls: [] -# TODO: Enable when SCALE Certs are readded -# scalecert: -# enabled: true -# hosts: -# - host: scalecert.chart-example.local -# paths: -# - path: / -# pathType: Prefix -# service: -# name: -# port: -# tls: -# - scaleCert: "1" -# hosts: -# - scalecert.chart-example.local + scalecert: + enabled: true + hosts: + - host: scalecert.chart-example.local + paths: + - path: / + pathType: Prefix + service: + name: + port: + tls: + - scaleCert: "1" + hosts: + - scalecert.chart-example.local + + certificateissuer: + enabled: true + certificateIssuer: someissuer + hosts: + - host: ci.chart-example.local + paths: + - path: / + pathType: Prefix + service: + name: + port: + tls: + - hosts: + - ci.chart-example.local + + tlscertificateissuer: + enabled: true + hosts: + - host: citls.chart-example.local + paths: + - path: / + pathType: Prefix + service: + name: + port: + tls: + - certificateIssuer: sometlsissuer + hosts: + - citls.chart-example.local label: enabled: true diff --git a/library/common-test/ci/job-cron-values.yaml b/library/common-test/ci/job-cron-values.yaml index 8452a5b4..ddb8833b 100644 --- a/library/common-test/ci/job-cron-values.yaml +++ b/library/common-test/ci/job-cron-values.yaml @@ -1,7 +1,7 @@ image: - repository: traefik/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent - tag: latest + tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 service: main: diff --git a/library/common-test/ci/manifest-values.yaml b/library/common-test/ci/manifest-values.yaml index 3697e31f..f1d0a0a4 100644 --- a/library/common-test/ci/manifest-values.yaml +++ b/library/common-test/ci/manifest-values.yaml @@ -1,5 +1,5 @@ image: - repository: ghcr.io/truecharts/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 diff --git a/library/common-test/ci/metrics-values.yaml b/library/common-test/ci/metrics-values.yaml index 1cd92b84..c51ad8bd 100644 --- a/library/common-test/ci/metrics-values.yaml +++ b/library/common-test/ci/metrics-values.yaml @@ -1,5 +1,5 @@ image: - repository: ghcr.io/truecharts/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 @@ -13,4 +13,56 @@ args: - --port - '8080' -# TODO: add metrics test values +manifests: + enabled: false + staging: false + +probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + + +metrics: + main: + enabled: true + type: "servicemonitor" + matchLabels: "" + endpoints: + - port: "8080" + interval: "10s" + scrapeTimeout: "10s" + path: / + honorLabels: false + prometheusRule: + enabled: false + podmon: + enabled: true + type: "podmonitor" + matchLabels: "" + endpoints: + - port: "8080" + interval: "10s" + scrapeTimeout: "10s" + path: / + honorLabels: false + prometheusRule: + enabled: false + promrule: + enabled: true + type: "servicemonitor" + matchLabels: "" + endpoints: + - port: "8080" + interval: "10s" + scrapeTimeout: "10s" + path: / + honorLabels: false + prometheusRule: + enabled: true + groups: + somegroup: + rules: [] diff --git a/library/common-test/ci/networkPolicy-values.yaml b/library/common-test/ci/networkPolicy-values.yaml index 96aadad2..21059788 100644 --- a/library/common-test/ci/networkPolicy-values.yaml +++ b/library/common-test/ci/networkPolicy-values.yaml @@ -1,5 +1,5 @@ image: - repository: ghcr.io/truecharts/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 diff --git a/library/common-test/ci/persistence-values.yaml b/library/common-test/ci/persistence-values.yaml index 4ed998ef..1500c4fb 100644 --- a/library/common-test/ci/persistence-values.yaml +++ b/library/common-test/ci/persistence-values.yaml @@ -1,7 +1,7 @@ image: - repository: traefik/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent - tag: latest + tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 service: main: diff --git a/library/common-test/ci/rbac-values.yaml b/library/common-test/ci/rbac-values.yaml index e52e23f2..3b14806b 100644 --- a/library/common-test/ci/rbac-values.yaml +++ b/library/common-test/ci/rbac-values.yaml @@ -1,7 +1,7 @@ image: - repository: traefik/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent - tag: latest + tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 service: main: diff --git a/library/common-test/ci/secrets-values.yaml b/library/common-test/ci/secrets-values.yaml index e1a90a96..52021d19 100644 --- a/library/common-test/ci/secrets-values.yaml +++ b/library/common-test/ci/secrets-values.yaml @@ -1,7 +1,7 @@ image: - repository: traefik/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent - tag: latest + tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 service: main: diff --git a/library/common-test/ci/stagingmanifest-values.yaml b/library/common-test/ci/stagingmanifest-values.yaml index fee62545..5f4fb432 100644 --- a/library/common-test/ci/stagingmanifest-values.yaml +++ b/library/common-test/ci/stagingmanifest-values.yaml @@ -1,5 +1,5 @@ image: - repository: ghcr.io/truecharts/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 diff --git a/library/common-test/ci/statefulset-values.yaml b/library/common-test/ci/statefulset-values.yaml index e1bfd363..a5146a05 100644 --- a/library/common-test/ci/statefulset-values.yaml +++ b/library/common-test/ci/statefulset-values.yaml @@ -1,7 +1,7 @@ image: - repository: traefik/whoami + repository: tccr.io/truecharts/whoami pullPolicy: IfNotPresent - tag: latest + tag: 1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772 controller: # -- Enable the controller. diff --git a/library/common-test/templates/NOTES.txt b/library/common-test/templates/NOTES.txt new file mode 100644 index 00000000..b6fca4d5 --- /dev/null +++ b/library/common-test/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.util.notes" . }} diff --git a/library/common/templates/class/_certificate.tpl b/library/common/templates/class/_certificate.tpl new file mode 100644 index 00000000..1bd5a379 --- /dev/null +++ b/library/common/templates/class/_certificate.tpl @@ -0,0 +1,30 @@ +{{/* +This template serves as a blueprint for all Cert-Manager Certificate objects that are created +within the common library. +*/}} +{{- define "tc.v1.common.class.certificate" -}} +{{- $root := .root -}} +{{- $name := .name -}} +{{- $hosts := .hosts -}} +{{- $certificateIssuer := .certificateIssuer }} +--- +apiVersion: {{ include "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" $ }} +kind: Certificate +metadata: + name: {{ $name }} +spec: + secretName: {{ $name }} + dnsNames: + {{- range $hosts }} + - {{ tpl . $root | quote }} + {{- end }} + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: {{ tpl $certificateIssuer $root | quote }} + kind: ClusterIssuer + group: cert-manager.io + + +{{- end -}} diff --git a/library/common/templates/class/_ingress.tpl b/library/common/templates/class/_ingress.tpl index 98b36765..a7d0d7ea 100644 --- a/library/common/templates/class/_ingress.tpl +++ b/library/common/templates/class/_ingress.tpl @@ -15,9 +15,8 @@ within the common library. {{- $ingressLabels := $values.labels -}} {{- $ingressAnnotations := $values.annotations -}} - {{- if and (hasKey $values "nameOverride") $values.nameOverride -}} - {{- $ingressName = printf "%v-%v" $ingressName $values.nameOverride -}} - {{- end -}} + {{- $ingressName = $values.name -}} + {{/* Get the name of the primary service, if any */}} {{- $primarySeriviceName := (include "ix.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" .)) -}} @@ -101,16 +100,20 @@ spec: {{- else if $values.tls }} tls: {{- range $index, $tlsValues := $values.tls }} + {{- $tlsName := ( printf "%v-%v" "tls" $index ) }} - hosts: {{- range $tlsValues.hosts }} - {{ tpl . $ | quote }} {{- end -}} {{- if $tlsValues.certificateIssuer }} - secretName: {{ ( printf "%v-%v-%v" $ingressName "tls" $index ) }} - {{- else if $tlsValues.scaleCert }} - secretName: {{ ( printf "%v-%v-%v-%v-%v-%v" $ingressName "tls" $index "ixcert" $tlsValues.scaleCert $.Release.Revision ) }} + secretName: {{ printf "%v-%v" $ingressName $tlsName }} + {{- else if and ($tlsValues.scaleCert) ($.Values.global.ixChartContext) -}} + {{- $cert := dict }} + {{- $_ := set $cert "id" $tlsValues.scaleCert }} + {{- $_ := set $cert "nameOverride" $tlsName }} + secretName: {{ include "ix.v1.common.names.certificateSecret" (dict "root" $ "certValues" $cert "certName" $cert.nameOverride "certID" $cert.id) }} {{- else if .secretName }} - secretName: {{ tpl .secretName $ | quote}} + secretName: {{ tpl .secretName $ | quote }} {{- end -}} {{- end -}} {{- end }} @@ -137,31 +140,4 @@ spec: {{- end -}} -{{- if and $values.tls ( not $values.certificateIssuer ) -}} -{{- range $index, $tlsValues := $values.tls -}} - -{{- if $tlsValues.certificateIssuer }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ ( printf "%v-%v-%v" $ingressName "tls" $index ) }} -spec: - secretName: {{ ( printf "%v-%v-%v" $ingressName "tls" $index ) }} - dnsNames: - {{- range $tlsValues.hosts }} - - {{ tpl . $ | quote }} - {{- end }} - privateKey: - algorithm: ECDSA - size: 256 - issuerRef: - name: {{ tpl $tlsValues.certificateIssuer $ | quote }} - kind: ClusterIssuer - group: cert-manager.io -{{- end -}} -{{- end -}} -{{- end -}} - - {{- end -}} diff --git a/library/common/templates/class/_podMonitor.tpl b/library/common/templates/class/_podMonitor.tpl index 22aa1355..802c3970 100644 --- a/library/common/templates/class/_podMonitor.tpl +++ b/library/common/templates/class/_podMonitor.tpl @@ -1,10 +1,10 @@ -{{- define "ix.v1.common.class.podmonitor" -}} +{{- define "tc.v1.common.class.podmonitor" -}} {{- $fullName := include "ix.v1.common.names.fullname" . -}} {{- $podmonitorName := $fullName -}} {{- $values := .Values.podmonitor -}} {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.podmonitor -}} + {{- with .ObjectValues.metrics -}} {{- $values = . -}} {{- end -}} {{- end -}} @@ -23,34 +23,21 @@ metadata: {{- with (include "ix.v1.common.util.labels.render" (dict "root" $ "labels" $labels) | trim) }} labels: {{- . | nindent 4 }} - {{- end -}} + {{- end }} {{- $annotations := (mustMerge ($podmonitorAnnotations | default dict) (include "ix.v1.common.annotations" $ | fromYaml)) -}} {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $ "annotations" $annotations) | trim) }} annotations: {{- . | nindent 4 }} - {{- end -}} + {{- end }} spec: jobLabel: app.kubernetes.io/name selector: - {{- if $values.matchLabels }} - {{- tpl (toYaml $values.matchLabels) $ | nindent 4 }} + {{- if $values.selector }} + {{- tpl (toYaml $values.selector) $ | nindent 4 }} {{- else }} - {{- include "ix.v1.common.labels.selectorLabels" . | nindent 4 }} + matchLabels: + {{- include "ix.v1.common.labels.selectorLabels" $ | nindent 6 }} {{- end }} podMetricsEndpoints: - {{- range $values.endpoints }} - - port: {{ .port }} - {{- with .interval }} - interval: {{ . }} - {{- end -}} - {{- with .scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end -}} - {{- with .path }} - path: {{ . }} - {{- end -}} - {{- with .honorLabels }} - honorLabels: {{ . }} - {{- end -}} - {{- end -}} + {{- tpl (toYaml $values.endpoints) $ | nindent 4 }} {{- end -}} diff --git a/library/common/templates/class/_prometheusRule.tpl b/library/common/templates/class/_prometheusRule.tpl index ba5998ce..0a10249f 100644 --- a/library/common/templates/class/_prometheusRule.tpl +++ b/library/common/templates/class/_prometheusRule.tpl @@ -1,10 +1,10 @@ -{{- define "ix.v1.common.class.prometheusrule" -}} +{{- define "tc.v1.common.class.prometheusrule" -}} {{- $fullName := include "ix.v1.common.names.fullname" . -}} {{- $prometheusruleName := $fullName -}} {{- $values := .Values.prometheusrule -}} {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.prometheusrule -}} + {{- with .ObjectValues.metrics -}} {{- $values = . -}} {{- end -}} {{- end -}} @@ -23,12 +23,12 @@ metadata: {{- with (include "ix.v1.common.util.labels.render" (dict "root" $ "labels" $labels) | trim) }} labels: {{- . | nindent 4 }} - {{- end -}} + {{- end }} {{- $annotations := (mustMerge ($prometheusruleAnnotations | default dict) (include "ix.v1.common.annotations" $ | fromYaml)) -}} {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $ "annotations" $annotations) | trim) }} annotations: {{- . | nindent 4 }} - {{- end -}} + {{- end }} spec: groups: {{- range $name, $groupValues := .groups }} @@ -36,19 +36,19 @@ spec: rules: {{- with $groupValues.rules }} {{- toYaml . | nindent 8 }} - {{- end -}} + {{- end }} {{- with $groupValues.additionalrules }} {{- toYaml . | nindent 8 }} - {{- end -}} - {{- end -}} + {{- end }} + {{- end }} {{- range $id, $groupValues := .additionalgroups }} - name: {{ $prometheusruleName }}-{{ if $groupValues.name }}{{ $groupValues.name }}{{ else }}{{ $id }}{{ end }} rules: {{- with $groupValues.rules }} {{- toYaml . | nindent 8 }} - {{- end -}} + {{- end }} {{- with $groupValues.additionalrules }} {{- toYaml . | nindent 8 }} - {{- end -}} - {{- end -}} + {{- end }} + {{- end }} {{- end -}} diff --git a/library/common/templates/class/_serviceMonitor.tpl b/library/common/templates/class/_serviceMonitor.tpl index efa16f5b..ce8bb95f 100644 --- a/library/common/templates/class/_serviceMonitor.tpl +++ b/library/common/templates/class/_serviceMonitor.tpl @@ -1,10 +1,10 @@ -{{- define "ix.v1.common.class.servicemonitor" -}} +{{- define "tc.v1.common.class.servicemonitor" -}} {{- $fullName := include "ix.v1.common.names.fullname" . -}} {{- $servicemonitorName := $fullName -}} {{- $values := .Values.servicemonitor -}} {{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.servicemonitor -}} + {{- with .ObjectValues.metrics -}} {{- $values = . -}} {{- end -}} {{- end -}} @@ -16,41 +16,28 @@ {{- end }} --- apiVersion: {{ include "tc.v1.common.capabilities.servicemonitor.apiVersion" $ }} -kind: PodMonitor +kind: ServiceMonitor metadata: name: {{ $servicemonitorName }} {{- $labels := (mustMerge ($servicemonitorLabels | default dict) (include "ix.v1.common.labels" $ | fromYaml)) -}} {{- with (include "ix.v1.common.util.labels.render" (dict "root" $ "labels" $labels) | trim) }} labels: {{- . | nindent 4 }} - {{- end -}} + {{- end }} {{- $annotations := (mustMerge ($servicemonitorAnnotations | default dict) (include "ix.v1.common.annotations" $ | fromYaml)) -}} {{- with (include "ix.v1.common.util.annotations.render" (dict "root" $ "annotations" $annotations) | trim) }} annotations: {{- . | nindent 4 }} - {{- end -}} + {{- end }} spec: jobLabel: app.kubernetes.io/name selector: - {{- if $values.matchLabels }} - {{- tpl (toYaml $values.matchLabels) $ | nindent 4 }} - {{- else -}} - {{- include "ix.v1.common.labels.selectorLabels" . | nindent 4 -}} - {{- end -}} + {{- if $values.selector }} + {{- tpl (toYaml $values.selector) $ | nindent 4 }} + {{- else }} + matchLabels: + {{- include "ix.v1.common.labels.selectorLabels" $ | nindent 6 }} + {{- end }} endpoints: - {{- range $values.endpoints }} - - port: {{ .port }} - {{- with .interval }} - interval: {{ . }} - {{- end -}} - {{- with .scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end -}} - {{- with .path }} - path: {{ . }} - {{- end -}} - {{- with .honorLabels }} - honorLabels: {{ . }} - {{- end -}} - {{- end -}} + {{- tpl (toYaml $values.endpoints) $ | nindent 4 }} {{- end -}} diff --git a/library/common/templates/lib/general/_tc_capabilities.tpl b/library/common/templates/lib/general/_tc_capabilities.tpl index b0131b20..e4187638 100644 --- a/library/common/templates/lib/general/_tc_capabilities.tpl +++ b/library/common/templates/lib/general/_tc_capabilities.tpl @@ -27,3 +27,8 @@ {{- define "tc.v1.common.capabilities.hpa.apiVersion" -}} {{- print "autoscaling/v2" -}} {{- end -}} + +{{/* Return the appropriate apiVersion for Cert-Manager certificates */}} +{{- define "tc.v1.common.capabilities.cert-manager.certificate.apiVersion" -}} + {{- print "cert-manager.io/v1" -}} +{{- end -}} diff --git a/library/common/templates/lib/portal/_host.tpl b/library/common/templates/lib/portal/_host.tpl index 8efac96c..fb2ea8f9 100644 --- a/library/common/templates/lib/portal/_host.tpl +++ b/library/common/templates/lib/portal/_host.tpl @@ -1,8 +1,13 @@ {{- define "ix.v1.common.portal.host" -}} + {{- $portalName := .portalName -}} + {{- $svcType := .svcType -}} {{- $svcName := .svcName -}} {{- $portName := .portName -}} + {{- $ingressName := .ingressName -}} + {{- $ingress := .ingress -}} {{- $port := .port -}} {{- $root := .root -}} + {{- $portal := get $root.Values.portalGenerator $portalName -}} {{- $portalHost := "$node_ip" -}} @@ -13,20 +18,25 @@ {{- end -}} {{- end -}} - {{/* If ingress is added at any point, here is the place to implement */}} + {{/* Configure portal for Ingress support */}} + {{- if $ingress -}} + {{- with (first $ingress.hosts) }} + {{- if .hostTpl }} + {{ $portalHost = ( tpl .hostTpl $ ) }} + {{- else if .host }} + {{ $portalHost = .host }} + {{- else }} + {{ $portalHost = "$node_ip" }} + {{- end }} + {{- end }} + {{- end -}} - {{/* Check if there are any overrides in .Values.portal */}} - {{- $tmpSVCPortal := get $root.Values.portal $svcName -}} - {{- if $tmpSVCPortal -}} - {{- $tmpPortPortal := get $tmpSVCPortal $portName -}} - {{- if $tmpPortPortal -}} - {{- if (hasKey $tmpPortPortal "host") -}} - {{- if or (kindIs "invalid" $tmpPortPortal.host) (not $tmpPortPortal.host) -}} - {{- fail "You have defined empty in . Define a host or remove the key." -}} - {{- end -}} - {{- $portalHost = (tpl (toString $tmpPortPortal.host) $root) -}} - {{- end -}} + {{/* Check if there are any overrides in .Values.portalGenerator */}} + {{- if $portal.host -}} + {{- if or (kindIs "invalid" $portal.host) (not $portal.host) -}} + {{- fail "You have defined empty in . Define a host or remove the key." -}} {{- end -}} + {{- $portalHost = (tpl (toString $portal.host) $root) -}} {{- end -}} {{- $portalHost -}} diff --git a/library/common/templates/lib/portal/_path.tpl b/library/common/templates/lib/portal/_path.tpl index 6d748457..e3165499 100644 --- a/library/common/templates/lib/portal/_path.tpl +++ b/library/common/templates/lib/portal/_path.tpl @@ -1,27 +1,33 @@ {{- define "ix.v1.common.portal.path" -}} + {{- $portalName := .portalName -}} + {{- $svcType := .svcType -}} {{- $svcName := .svcName -}} {{- $portName := .portName -}} + {{- $ingressName := .ingressName -}} + {{- $ingress := .ingress -}} {{- $port := .port -}} {{- $root := .root -}} + {{- $portal := get $root.Values.portalGenerator $portalName -}} {{- $portalPath := "/" -}} - {{/* If ingress is added at any point, here is the place to implement */}} + {{/* Configure portal for Ingress support */}} + {{- if $ingress -}} + {{- with (first $ingress.hosts) }} + {{- if .paths }} + {{- $portalPath = (first .paths).path }} + {{- end }} + {{- end }} + {{- end -}} - {{/* Check if there are any overrides in .Values.portal */}} - {{- $tmpSVCPortal := get $root.Values.portal $svcName -}} - {{- if $tmpSVCPortal -}} - {{- $tmpPortPortal := get $tmpSVCPortal $portName -}} - {{- if $tmpPortPortal -}} - {{- if (hasKey $tmpPortPortal "path") -}} - {{- if or (kindIs "invalid" $tmpPortPortal.path) (not $tmpPortPortal.path) -}} - {{- fail "You have defined empty in . Define a path or remove the key." -}} - {{- end -}} - {{- $portalPath = (tpl (toString $tmpPortPortal.path) $root) -}} - {{- if not (hasPrefix "/" $portalPath) -}} - {{- fail (printf "Portal path (%s) must start with a forward slash -> / <-" $portalPath) -}} - {{- end -}} - {{- end -}} + {{/* Check if there are any overrides in .Values.portalGenerator */}} + {{- if $portal.path -}} + {{- if or (kindIs "invalid" $portal.path) -}} + {{- fail "You have defined empty in . Define a path or remove the key." -}} + {{- end -}} + {{- $portalPath = (tpl (toString $portal.path) $root) -}} + {{- if not (hasPrefix "/" $portalPath) -}} + {{- fail (printf "Portal path (%s) must start with a forward slash -> / <-" $portalPath) -}} {{- end -}} {{- end -}} diff --git a/library/common/templates/lib/portal/_port.tpl b/library/common/templates/lib/portal/_port.tpl index e51a265d..596d2ceb 100644 --- a/library/common/templates/lib/portal/_port.tpl +++ b/library/common/templates/lib/portal/_port.tpl @@ -1,12 +1,19 @@ {{- define "ix.v1.common.portal.port" -}} + {{- $portalName := .portalName -}} {{- $svcType := .svcType -}} {{- $svcName := .svcName -}} {{- $portName := .portName -}} + {{- $ingressName := .ingressName -}} + {{- $ingress := .ingress -}} {{- $port := .port -}} {{- $root := .root -}} + {{- $portal := get $root.Values.portalGenerator $portalName -}} {{- $portalPort := 443 -}} + + {{/* TODO: port ingress port system from https://github.com/truecharts/library-charts/blob/0898c5dee7b0ff9bb11ab2b4c8c2870cce61a697/charts/common/templates/SCALE/_portal.tpl */}} + {{- if $root.Values.hostNetwork -}} {{- $portalPort = $port.port -}} {{- else if (hasKey $port "hostPort") -}} @@ -17,19 +24,12 @@ {{- $portalPort = $port.port -}} {{- end -}} - {{/* If ingress is added at any point, here is the place to implement */}} - {{/* Check if there are any overrides in .Values.portal */}} - {{- $tmpSVCPortal := get $root.Values.portal $svcName -}} - {{- if $tmpSVCPortal -}} - {{- $tmpPortPortal := get $tmpSVCPortal $portName -}} - {{- if $tmpPortPortal -}} - {{- if (hasKey $tmpPortPortal "port") -}} - {{- $portalPort = (tpl (toString $tmpPortPortal.port) $root) -}} - {{- if or (lt (int $portalPort) 1) (gt (int $portalPort) 65535) (eq (int $portalPort) 0) -}} - {{- fail (printf "Port (%s) in is out of range. Range is 1-65535" $portalPort) -}} - {{- end -}} - {{- end -}} + {{/* Check if there are any overrides in .Values.portalGenerator */}} + {{- if $portal.port -}} + {{- $portalPort = (tpl (toString $portal.port) $root) -}} + {{- if or (lt (int $portalPort) 1) (gt (int $portalPort) 65535) (eq (int $portalPort) 0) -}} + {{- fail (printf "Port (%s) in is out of range. Range is 1-65535" $portalPort) -}} {{- end -}} {{- end -}} diff --git a/library/common/templates/lib/portal/_protocol.tpl b/library/common/templates/lib/portal/_protocol.tpl index d1057077..5c044bde 100644 --- a/library/common/templates/lib/portal/_protocol.tpl +++ b/library/common/templates/lib/portal/_protocol.tpl @@ -1,31 +1,34 @@ {{- define "ix.v1.common.portal.protocol" -}} + {{- $portalName := .portalName -}} {{- $svcType := .svcType -}} {{- $svcName := .svcName -}} {{- $portName := .portName -}} + {{- $ingressName := .ingressName -}} + {{- $ingress := .ingress -}} {{- $port := .port -}} {{- $root := .root -}} + {{- $portal := get $root.Values.portalGenerator $portalName -}} - {{- $portalProtocol := "http" -}} + {{- $portalProtocol := "https" -}} - {{- if $port.protocol -}} - {{- if (mustHas $port.protocol (list "HTTP" "HTTPS")) -}} - {{ $portalProtocol = ($port.protocol | lower) }} + {{- if $port -}} + {{- if $port.protocol -}} + {{- if (mustHas $port.protocol (list "HTTP" "HTTPS")) -}} + {{ $portalProtocol = ($port.protocol | lower) }} + {{- end -}} {{- end -}} {{- end -}} - {{/* If ingress is added at any point, here is the place to implement */}} + {{/* Configure portal for Ingress support */}} + {{- if $ingress -}} + {{ $portalProtocol = "https" }} + {{- end -}} - {{/* Check if there are any overrides in .Values.portal */}} - {{- $tmpSVCPortal := get $root.Values.portal $svcName -}} - {{- if $tmpSVCPortal -}} - {{- $tmpPortPortal := get $tmpSVCPortal $portName -}} - {{- if $tmpPortPortal -}} - {{- if (hasKey $tmpPortPortal "protocol") -}} - {{- $portalProtocol = ((tpl (toString $tmpPortPortal.protocol) $root) | lower) -}} - {{- if not (has $portalProtocol (list "http" "https")) -}} - {{- fail (printf "Invalid protocol (%s). Only HTTP/HTTPS protocols are allowed for " $portalProtocol) -}} - {{- end -}} - {{- end -}} + {{/* Check if there are any overrides in .Values.portalGenerator */}} + {{- if $portal.protocol -}} + {{- $portalProtocol = ((tpl (toString $portal.protocol) $root) | lower) -}} + {{- if not (has $portalProtocol (list "http" "https" "ftp")) -}} + {{- fail (printf "Invalid protocol (%s). Only http/https/ftp protocols are allowed for " $portalProtocol) -}} {{- end -}} {{- end -}} diff --git a/library/common/templates/lib/util/_notes.tpl b/library/common/templates/lib/util/_notes.tpl new file mode 100644 index 00000000..4752d0f8 --- /dev/null +++ b/library/common/templates/lib/util/_notes.tpl @@ -0,0 +1,43 @@ +{{/* +Renderer for NOTES.txt +*/}} +{{- define "ix.v1.common.util.notes" -}} +{{ include "ix.v1.common.util.notes.header" . }} + +{{ include "ix.v1.common.util.notes.custom" . }} + +{{ include "ix.v1.common.util.notes.footer" . }} +{{- end -}} + + + +{{/* +NOTES.txt default header content. +*/}} +{{- define "ix.v1.common.util.notes.header" -}} +Thank you for installing {{ .Chart.Name }}. + +{{ include "ix.v1.common.util.notes.custom" . }} + +Check the docs at: https://truecharts.org +Opensource can only exist with our support. +Please consider sponsoring TrueCharts: https://truecharts.org/sponsor +{{- end -}} + + + +{{/* +NOTES.txt default footer content. +*/}} +{{- define "ix.v1.common.util.notes.footer" -}} +Check the docs at: https://truecharts.org +Opensource can only exist with our support. +Please consider sponsoring TrueCharts: https://truecharts.org/sponsor +{{- end -}} + +{{/* +NOTES.txt content from values.yaml entry. +*/}} +{{- define "ix.v1.common.util.notes.custom" -}} +{{ .Values.notes }} +{{- end -}} diff --git a/library/common/templates/lib/util/_primary_ingress.tpl b/library/common/templates/lib/util/_primary_ingress.tpl index 33e96d08..79a0135e 100644 --- a/library/common/templates/lib/util/_primary_ingress.tpl +++ b/library/common/templates/lib/util/_primary_ingress.tpl @@ -1,7 +1,9 @@ {{/* Return the name of the primary ingress object */}} {{- define "tc.v1.common.lib.util.ingress.primary" -}} + {{- $ingresses := .ingresses -}} + {{- $enabledIngresses := dict -}} - {{- range $name, $ingress := .Values.ingress -}} + {{- range $name, $ingress := $ingresses -}} {{- if $ingress.enabled -}} {{- $_ := set $enabledIngresses $name . -}} {{- end -}} diff --git a/library/common/templates/lib/util/_primary_metrics.tpl b/library/common/templates/lib/util/_primary_metrics.tpl index dd1d01d8..3c4b8c5e 100644 --- a/library/common/templates/lib/util/_primary_metrics.tpl +++ b/library/common/templates/lib/util/_primary_metrics.tpl @@ -1,21 +1,34 @@ {{/* Return the name of the primary metrics object */}} {{- define "tc.v1.common.lib.util.metrics.primary" -}} - {{- $enabledIngresses := dict -}} - {{- range $name, $metrics := .Values.metrics -}} + {{- $metrics := .Values.metrics -}} + + {{- $enabledMetrics := dict -}} + {{- range $name, $metrics := $metrics -}} {{- if $metrics.enabled -}} - {{- $_ := set $enabledIngresses $name . -}} + {{- $_ := set $enabledMetrics $name $metrics -}} {{- end -}} {{- end -}} {{- $result := "" -}} - {{- range $name, $metrics := $enabledIngresses -}} - {{- if and (hasKey $metrics "primary") $metrics.primary -}} - {{- $result = $name -}} + {{- range $name, $metrics := $enabledMetrics -}} + {{- if (hasKey $metrics "primary") -}} + {{- if $metrics.primary -}} + {{- if $result -}} + {{- fail "More than one metrics are set as primary. This is not supported." -}} + {{- end -}} + {{- $result = $name -}} + {{- end -}} {{- end -}} {{- end -}} {{- if not $result -}} - {{- $result = keys $enabledIngresses | first -}} + {{- if eq (len $enabledMetrics) 1 -}} + {{- $result = keys $enabledMetrics | mustFirst -}} + {{- else -}} + {{- if $enabledMetrics -}} + {{- fail "At least one Metric must be set as primary" -}} + {{- end -}} + {{- end -}} {{- end -}} {{- $result -}} {{- end -}} diff --git a/library/common/templates/loader/_tc_apply.tpl b/library/common/templates/loader/_tc_apply.tpl index aff177ec..f21fddc0 100644 --- a/library/common/templates/loader/_tc_apply.tpl +++ b/library/common/templates/loader/_tc_apply.tpl @@ -9,4 +9,6 @@ {{- include "tc.v1.common.lib.util.manifest.manage" . | nindent 0 -}} + {{- include "tc.v1.common.spawner.certificate" . | nindent 0 -}} + {{- end -}} diff --git a/library/common/templates/spawner/_ingress.tpl b/library/common/templates/spawner/_ingress.tpl index a6a9821e..9c9e7fcc 100644 --- a/library/common/templates/spawner/_ingress.tpl +++ b/library/common/templates/spawner/_ingress.tpl @@ -4,27 +4,31 @@ {{- range $name, $ingress := .Values.ingress -}} {{- if $ingress.enabled -}} {{- $ingressValues := $ingress -}} + {{- $ingressName := include "ix.v1.common.names.fullname" $ -}} {{/* set defaults */}} {{- if and (not $ingressValues.nameOverride) (ne $name (include "tc.v1.common.lib.util.ingress.primary" $)) -}} {{- $_ := set $ingressValues "nameOverride" $name -}} {{- end -}} + {{- if $ingressValues.nameOverride -}} + {{- $ingressName = printf "%v-%v" $ingressName $ingressValues.nameOverride -}} + {{- end -}} + + {{- $_ := set $ingressValues "name" $ingressName -}} + {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} {{- include "tc.v1.common.class.ingress" $ -}} {{- if and ( $ingressValues.tls ) ( not $ingressValues.clusterIssuer ) -}} {{- range $index, $tlsValues := $ingressValues.tls -}} - {{- if and ( .scaleCert ) ( $.Values.global.ixChartContext ) -}} - {{- $nameOverride := ( printf "%v-%v" "tls" $index ) -}} - - {{- if $ingressValues.nameOverride -}} - {{- $nameOverride = ( printf "%v-%v-%v" $ingressValues.nameOverride "tls" $index ) -}} - {{- end -}} - - {{- $_ := set $tlsValues "nameOverride" $nameOverride -}} - {{- $_ := set $ "ObjectValues" (dict "certHolder" $tlsValues) -}} - - {{- include "ix.v1.common.scale.cert.secret" $ -}} + {{- $tlsName := ( printf "%v-%v" "tls" $index ) -}} + {{- if $tlsValues.certificateIssuer -}} + {{- include "tc.v1.common.class.certificate" (dict "root" $ "name" ( printf "%v-%v" $ingressName $tlsName ) "certificateIssuer" $tlsValues.certificateIssuer "hosts" $tlsValues.hosts ) -}} + {{- else if and ( $tlsValues.scaleCert ) ( $.Values.global.ixChartContext ) -}} + {{- $cert := dict -}} + {{- $_ := set $cert "nameOverride" $tlsName -}} + {{- $_ := set $cert "id" .scaleCert -}} + {{- include "ix.v1.common.certificate.secret" (dict "root" $ "cert" $cert "name" $cert.nameOverride) -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/library/common/templates/spawner/_portal.tpl b/library/common/templates/spawner/_portal.tpl index 138800ce..b296b4a9 100644 --- a/library/common/templates/spawner/_portal.tpl +++ b/library/common/templates/spawner/_portal.tpl @@ -1,31 +1,51 @@ {{- define "ix.v1.common.spawner.portal" -}} {{- $data := dict -}} {{- $root := . -}} + {{- $fullName := include "ix.v1.common.names.fullname" . -}} + {{- $ingress := dict }} - {{- if .Values.portal -}} - {{- if .Values.portal.enabled -}} - {{- range $svcName, $svc := $root.Values.service -}} - {{- if $svc.enabled -}} - {{- $svcValues := $svc -}} - {{- range $portName, $port := $svc.ports -}} - {{- $portalProtocol := include "ix.v1.common.portal.protocol" (dict "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} - {{- $portalHost := include "ix.v1.common.portal.host" (dict "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} - {{- $portalPort := include "ix.v1.common.portal.port" (dict "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} - {{- $portalPath := include "ix.v1.common.portal.path" (dict "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} - {{- $_ := set $data (printf "protocol-%v-%v" $svcName $portName) ($portalProtocol) -}} - {{- $_ := set $data (printf "host-%v-%v" $svcName $portName) ($portalHost) -}} - {{- $_ := set $data (printf "path-%v-%v" $svcName $portName) ($portalPath) -}} - {{- $_ := set $data (printf "port-%v-%v" $svcName $portName) ($portalPort) -}} - {{- $_ := set $data (printf "url-%v-%v" $svcName $portName) (printf "%v://%v:%v%v" $portalProtocol $portalHost $portalPort $portalPath) -}} - {{- end -}} - {{- end -}} + {{/* Get the name of the primary service, if any */}} + {{- $primaryServiceName := (include "ix.v1.common.lib.util.service.primary" (dict "services" .Values.service "root" $root)) -}} + {{- $primaryIngressName := (include "tc.v1.common.lib.util.ingress.primary" (dict "ingresses" .Values.ingress "root" $root)) -}} + + {{- range $portalName, $portal := .Values.portalGenerator -}} + {{- if $portal.enabled -}} + + + {{- $svcName := $portal.linkedService | default $primaryServiceName -}} + {{- $svc := get $root.Values.service $svcName -}} + {{- $portName := $portal.linkedPort | default (include "ix.v1.common.lib.util.service.ports.primary" (dict "svcValues" $svc "svcName" $svcName )) -}} + {{- $port := get $svc.ports $portName -}} + {{- $ingressName := $portal.linkedIngress | default $primaryIngressName -}} + {{- if $ingressName }} + {{- $ingress = get $root.Values.ingress $ingressName -}} {{- end -}} - {{- if $data -}} - {{/* Create the ConfigMap */}} - {{- $data := toYaml $data -}} - {{- include "ix.v1.common.class.configmap" (dict "root" $root "configName" "portal" "contentType" "yaml" "data" $data) -}} - {{- end -}} + {{- $portalPath := $portal.path | default "/" -}} + + {{- $portalProtocol := include "ix.v1.common.portal.protocol" (dict "ingressName" $ingressName "ingress" $ingress "portalName" $portalName "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} + {{- $portalHost := include "ix.v1.common.portal.host" (dict "ingressName" $ingressName "ingress" $ingress "portalName" $portalName "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} + {{- $portalPort := include "ix.v1.common.portal.port" (dict "ingressName" $ingressName "ingress" $ingress "portalName" $portalName "svcType" $svc.type "svcName" $svcName "portName" $portName "port" $port "root" $root) | trim -}} + {{- $portalPath := include "ix.v1.common.portal.path" (dict "ingressName" $ingressName "ingress" $ingress "portalName" $portalName "root" $root) | trim -}} + + {{- $_ := set $data (printf "portname-%v" $portalName) ($portName) -}} + {{- $_ := set $data (printf "svcname-%v" $portalName) ($svcName) -}} + {{- $_ := set $data (printf "ingressname-%v" $portalName) ($ingressName) -}} + {{- $_ := set $data (printf "protocol-%v" $portalName) ($portalProtocol) -}} + {{- $_ := set $data (printf "host-%v" $portalName) ($portalHost) -}} + {{- $_ := set $data (printf "path-%v" $portalName) ($portalPath) -}} + {{- $_ := set $data (printf "port-%v" $portalName) ($portalPort) -}} + {{- $_ := set $data (printf "url-%v" $portalName) (printf "%v://%v:%v%v" $portalProtocol $portalHost $portalPort $portalPath) -}} + {{/* remove port when 80 or 443 */}} + {{- end -}} {{- end -}} + + {{- if $data -}} + {{/* Create the ConfigMap */}} + {{- $data := toYaml $data -}} + {{- include "ix.v1.common.class.configmap" (dict "root" $root "configName" "portal" "contentType" "yaml" "data" $data) -}} + {{- end -}} + + {{- end -}} diff --git a/library/common/templates/spawner/_tc-certificate.tpl b/library/common/templates/spawner/_tc-certificate.tpl new file mode 100644 index 00000000..6107935d --- /dev/null +++ b/library/common/templates/spawner/_tc-certificate.tpl @@ -0,0 +1,21 @@ +{{/* Renders the certificate objects required by the chart */}} +{{- define "tc.v1.common.spawner.certificate" -}} + {{/* Generate named certs as required */}} + {{- range $name, $cert := .Values.cert -}} + {{- if $cert.enabled -}} + {{- $certValues := $cert -}} + {{- $certName := include "ix.v1.common.names.fullname" $ -}} + + {{/* set defaults */}} + {{- if and (not $certValues.nameOverride) (ne $name (include "tc.v1.common.lib.util.cert.primary" $)) -}} + {{- $_ := set $certValues "nameOverride" $name -}} + {{- end -}} + + {{- if $certValues.nameOverride -}} + {{- $certName = printf "%v-%v" $certName $certValues.nameOverride -}} + {{- end -}} + + {{- include "tc.v1.common.class.certificate" (dict "root" $ "name" $certName "certificateIssuer" $cert.certificateIssuer "hosts" $cert.hosts ) -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/common/values.yaml b/library/common/values.yaml index 2f1cdb79..2e9f6201 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -115,6 +115,9 @@ hostAliases: [] # Binds to host network hostNetwork: false +notes: | + This Chart/App does not have any additional Notes + # Creates a service account serviceAccount: main: @@ -156,6 +159,9 @@ scaleCerts: {} # Used for SCALE / GUI Focused scaleCertsList: [] +# Used to generate custom cert-manager certificates +certificates: {} + # Defines the probes probes: liveness: @@ -165,8 +171,16 @@ probes: startup: enabled: true -portal: - enabled: true +portalGenerator: + main: + enabled: true + # linkedService: "" + # linkedPort: "" + # linkedIngress: "" + # protocol: "" + # host: "" + # port: 80 + # path: "" # Used for SCALE / GUI Focused externalInterfaces: [] @@ -821,16 +835,17 @@ ingress: metrics: main: enabled: false + primary: true # options: servicemonitor, podmonitor type: "servicemonitor" # defaults to selectorLabels - matchLabels: "" + selector: {} endpoints: - port: "" - interval: "" - scrapeTimeout: "" - path: "" - honorLabels: "" + - port: 3000 + interval: 5 + scrapeTimeout: 5 + path: / + honorLabels: false prometheusRule: enabled: false groups: {}