Skip to content

Commit fb2934d

Browse files
philipossphiliposs
committed
feat(chart): Add annotations in httproutes, extend readme and update helpers to include httproutes config
1 parent ffba4ca commit fb2934d

5 files changed

Lines changed: 76 additions & 33 deletions

File tree

deployment/chainloop/README.md

Lines changed: 27 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -673,6 +673,7 @@ Once done, you can access with [two predefined users](https://github.com/chainlo
673673
| `controlplane.ingressAPI.extraRules` | Additional rules to be covered with this ingress record | `[]` |
674674
| `controlplane.httpRoute.enabled` | Enable HTTPRoute generation for controlplane | `false` |
675675
| `controlplane.httpRoute.annotations` | Additional annotations for the HTTPRoute resource | `{}` |
676+
| `controlplane.httpRoute.tls` | Indicate if tls is active for this route | `false` |
676677
| `controlplane.httpRoute.labels` | Additional labels for the HTTPRoute resource | `{}` |
677678
| `controlplane.httpRoute.parentRefs` | Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. | `[]` |
678679
| `controlplane.httpRoute.hostnames` | List of hostnames matching HTTP header | `[]` |
@@ -856,6 +857,7 @@ Once done, you can access with [two predefined users](https://github.com/chainlo
856857
| `cas.ingressAPI.secrets` | Custom TLS certificates as secrets | `[]` |
857858
| `cas.ingressAPI.extraRules` | Additional rules to be covered with this ingress record | `[]` |
858859
| `cas.httpRoute.enabled` | Enable HTTPRoute generation for CAS | `false` |
860+
| `cas.httpRoute.tls` | Indicate if tls is active for this route | `false` |
859861
| `cas.httpRoute.annotations` | Additional annotations for the HTTPRoute resource | `{}` |
860862
| `cas.httpRoute.labels` | Additional labels for the HTTPRoute resource | `{}` |
861863
| `cas.httpRoute.parentRefs` | Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. | `[]` |
@@ -944,22 +946,31 @@ Once done, you can access with [two predefined users](https://github.com/chainlo
944946

945947
### Dependencies
946948

947-
| Name | Description | Value |
948-
| ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------------------------------- |
949-
| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` |
950-
| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `false` |
951-
| `postgresql.auth.username` | Name for a custom user to create | `chainloop` |
952-
| `postgresql.auth.password` | Password for the custom user to create | `chainlooppwd` |
953-
| `postgresql.auth.database` | Name for a custom database to create | `chainloop-cp` |
954-
| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` |
955-
| `vault.server.command` | Override default container command | `["/vault-init.sh"]` |
956-
| `vault.server.args` | Override default container args | `[""]` |
957-
| `vault.server.extraVolumes[0].name` | Name of the extra volume | `vault-init` |
958-
| `vault.server.extraVolumes[0].configMap.name` | Name of the ConfigMap to mount | `{{ include "vault.server.fullname" . }}-init` |
959-
| `vault.server.extraVolumes[0].configMap.defaultMode` | Default mode for the ConfigMap files | `755` |
960-
| `vault.server.extraVolumeMounts[0].name` | Name of the volume to mount | `vault-init` |
961-
| `vault.server.extraVolumeMounts[0].mountPath` | Path where the volume should be mounted | `/vault-init.sh` |
962-
| `vault.server.extraVolumeMounts[0].subPath` | Subpath within the volume to mount | `vault-init.sh` |
949+
| Name | Description | Value |
950+
| ---------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- |
951+
| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` |
952+
| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `false` |
953+
| `postgresql.auth.username` | Name for a custom user to create | `chainloop` |
954+
| `postgresql.auth.password` | Password for the custom user to create | `chainlooppwd` |
955+
| `postgresql.auth.database` | Name for a custom database to create | `chainloop-cp` |
956+
| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` |
957+
| `vault.server.command` | Override default container command | `["/vault-init.sh"]` |
958+
| `vault.server.args` | Override default container args | `[""]` |
959+
| `vault.server.extraVolumes[0].name` | Name of the extra volume | `vault-init` |
960+
| `vault.server.extraVolumes[0].configMap.name` | Name of the ConfigMap to mount | `{{ include "vault.server.fullname" . }}-init` |
961+
| `vault.server.extraVolumes[0].configMap.defaultMode` | Default mode for the ConfigMap files | `755` |
962+
| `vault.server.extraVolumeMounts[0].name` | Name of the volume to mount | `vault-init` |
963+
| `vault.server.extraVolumeMounts[0].mountPath` | Path where the volume should be mounted | `/vault-init.sh` |
964+
| `vault.server.extraVolumeMounts[0].subPath` | Subpath within the volume to mount | `vault-init.sh` |
965+
| `dex.dex.redirectURL` | Control Plane URL where Dex will redirect after a successful login | `http(s)://[controlplane http ingress]/auth/callback` |
966+
| `dex.dex.ingress` | Configuration for the Dex ingress record | |
967+
| `dex.dex.ingress.enabled` | Enable ingress record generation for Dex | `false` |
968+
| `dex.dex.ingress.tls` | Enable TLS for the Dex ingress record | `false` |
969+
| `dex.dex.ingress.hostname` | Hostname for the Dex ingress record | `""` |
970+
| `dex.dex.ingress.ingressClassName` | IngressClass that will be be used to implement the Dex Ingress (Kubernetes 1.18+) | `""` |
971+
| `dex.dex.httpRoute.enabled` | Enable HTTPRoute generation for controlplane | `false` |
972+
| `dex.dex.httpRoute.hostnames` | List of hostnames to match for this route WARNING: Please use only one domain | `["dex.[domain]"]` |
973+
| `dex.dex.httpRoute.parentRefs` | Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace. | `[]` |
963974

964975
## License
965976

deployment/chainloop/templates/_helpers.tpl

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -316,11 +316,14 @@ NOTE: Load balancer service type is not supported
316316
{{- define "chainloop.controlplane.external_url" -}}
317317
{{- $service := .Values.controlplane.service }}
318318
{{- $ingress := .Values.controlplane.ingress }}
319+
{{- $httpRoute := .Values.controlplane.httpRoute }}
319320

320321
{{- if .Values.controlplane.auth.oidc.externalURL }}
321322
{{- .Values.controlplane.auth.oidc.externalURL }}
322323
{{- else if (and $ingress $ingress.enabled $ingress.hostname) }}
323-
{{- printf "%s://%s" (ternary "https" "http" $ingress.tls ) $ingress.hostname }}
324+
{{- printf "%s://%s" (ternary "https" "http" $ingress.tls ) $ingress.hostnames }}
325+
{{- else if (and $httpRoute $httpRoute.enabled $httpRoute.hostnames ) }}
326+
{{- printf "%s://%s" (ternary "https" "http" $httpRoute.tls ) ( index $httpRoute.hostnames 0) }}
324327
{{- else if (and (eq $service.type "NodePort") $service.nodePorts (not (empty $service.nodePorts.http))) }}
325328
{{- printf "http://localhost:%s" $service.nodePorts.http }}
326329
{{- else -}}
@@ -407,11 +410,14 @@ NOTE: Load balancer service type is not supported
407410
{{- define "chainloop.cas.external_url" -}}
408411
{{- $service := .Values.cas.service }}
409412
{{- $ingress := .Values.cas.ingress }}
413+
{{- $httpRoute := .Values.cas.httpRoute }}
410414

411415
{{- if .Values.cas.externalURL }}
412416
{{- .Values.cas.externalURL }}
413417
{{- else if (and $ingress $ingress.enabled $ingress.hostname) }}
414418
{{- printf "%s://%s" (ternary "https" "http" $ingress.tls ) $ingress.hostname }}
419+
{{- else if (and $httpRoute $httpRoute.enabled $httpRoute.hostnames) }}
420+
{{- printf "%s://%s" (ternary "https" "http" $httpRoute.tls ) (index $httpRoute.hostnames 0) }}
415421
{{- else if (and (eq $service.type "NodePort") $service.nodePorts (not (empty $service.nodePorts.http))) }}
416422
{{- printf "http://localhost:%s" $service.nodePorts.http }}
417423
{{- end -}}

deployment/chainloop/templates/cas/httproute.yaml

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
{{- if or .Values.cas.httpRoute.enabled .Values.httpRoute.enabled }}
1+
{{- if or .Values.cas.httpRoute.enabled }}
22
{{- /*
33
Copyright Chainloop, Inc. All Rights Reserved.
44
SPDX-License-Identifier: APACHE-2.0
@@ -10,19 +10,14 @@ metadata:
1010
name: {{ $fullName }}
1111
namespace: {{ include "common.names.namespace" . | quote }}
1212
labels: {{- include "chainloop.cas.labels" . | nindent 4 }}
13-
{{- if or .Values.cas.httpRoute.annotations .Values.httpRoute.annotations }}
13+
{{- if or .Values.cas.httpRoute.annotations }}
1414
annotations:
15-
{{- if .Values.cas.httpRoute.annotations }}
1615
{{- include "common.tplvalues.render" ( dict "value" .Values.cas.httpRoute.annotations "context" $) | nindent 4 }}
17-
{{- end }}
18-
{{- if .Values.httpRoute.annotations }}
19-
{{- include "common.tplvalues.render" ( dict "value" .Values.httpRoute.annotations "context" $) | nindent 4 }}
20-
{{- end }}
2116
{{- end }}
2217
spec:
2318
parentRefs:
2419
{{- if .Values.cas.httpRoute.parentRefs }}
25-
{{- include "common.tplvalues.render" (dict "value" .Values.httpRoute.parentRefs "context" .) | nindent 4 }}
20+
{{- include "common.tplvalues.render" (dict "value" .Values.cas.httpRoute.parentRefs "context" .) | nindent 4 }}
2621
{{- else }}
2722
- name: gateway
2823
namespace: {{ include "common.names.namespace" . | quote }}

deployment/chainloop/templates/controlplane/httproute.yaml

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
{{- if or .Values.controlplane.httpRoute.enabled .Values.httpRoute.enabled }}
1+
{{- if or .Values.controlplane.httpRoute.enabled}}
22
{{- /*
33
Copyright Chainloop, Inc. All Rights Reserved.
44
SPDX-License-Identifier: APACHE-2.0
@@ -10,19 +10,14 @@ metadata:
1010
name: {{ $fullName }}
1111
namespace: {{ include "common.names.namespace" . | quote }}
1212
labels: {{- include "chainloop.controlplane.labels" . | nindent 4 }}
13-
{{- if or .Values.controlplane.httpRoute.annotations .Values.httpRoute.annotations }}
13+
{{- if or .Values.controlplane.httpRoute.annotations }}
1414
annotations:
15-
{{- if .Values.controlplane.httpRoute.annotations }}
1615
{{- include "common.tplvalues.render" ( dict "value" .Values.controlplane.httpRoute.annotations "context" $) | nindent 4 }}
17-
{{- end }}
18-
{{- if .Values.httpRoute.annotations }}
19-
{{- include "common.tplvalues.render" ( dict "value" .Values.httpRoute.annotations "context" $) | nindent 4 }}
20-
{{- end }}
2116
{{- end }}
2217
spec:
2318
parentRefs:
2419
{{- if .Values.controlplane.httpRoute.parentRefs }}
25-
{{- include "common.tplvalues.render" (dict "value" .Values.httpRoute.parentRefs "context" .) | nindent 4 }}
20+
{{- include "common.tplvalues.render" (dict "value" .Values.controlplane.httpRoute.parentRefs "context" .) | nindent 4 }}
2621
{{- else }}
2722
- name: gateway
2823
namespace: {{ include "common.names.namespace" . | quote }}

deployment/chainloop/values.yaml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -610,6 +610,8 @@ controlplane:
610610
enabled: false
611611
## @param controlplane.httpRoute.annotations Additional annotations for the HTTPRoute resource
612612
##
613+
## @param controlplane.httpRoute.tls Indicate if tls is active for this route
614+
tls: false
613615
annotations: {}
614616
## @param controlplane.httpRoute.labels Additional labels for the HTTPRoute resource
615617
##
@@ -1410,6 +1412,8 @@ cas:
14101412
## @param cas.httpRoute.enabled Enable HTTPRoute generation for CAS
14111413
##
14121414
enabled: false
1415+
## @param cas.httpRoute.tls Indicate if tls is active for this route
1416+
tls: false
14131417
## @param cas.httpRoute.annotations Additional annotations for the HTTPRoute resource
14141418
##
14151419
annotations: {}
@@ -1892,3 +1896,35 @@ vault:
18921896
- name: vault-init
18931897
mountPath: /vault-init.sh
18941898
subPath: vault-init.sh
1899+
1900+
## Dex chart configuration
1901+
## @param dex.dex.redirectURL Control Plane URL where Dex will redirect after a successful login
1902+
## @extra dex.dex.ingress Configuration for the Dex ingress record
1903+
## @param dex.dex.ingress.enabled Enable ingress record generation for Dex
1904+
## @param dex.dex.ingress.tls Enable TLS for the Dex ingress record
1905+
## @param dex.dex.ingress.hostname Hostname for the Dex ingress record
1906+
## @param dex.dex.ingress.ingressClassName IngressClass that will be be used to implement the Dex Ingress (Kubernetes 1.18+)
1907+
## @param dex.dex.httpRoute.enabled Enable HTTPRoute generation for controlplane
1908+
## @param dex.dex.httpRoute.hostnames List of hostnames to match for this route WARNING: Please use only one domain
1909+
## @param dex.dex.httpRoute.parentRefs Gateways the HTTPRoute is attached to. If unspecified, it'll be attached to Gateway named 'gateway' in the same namespace.
1910+
1911+
## Used only if .Values.development is true
1912+
## Yes, dex.dex, since we are overriding the dex section in the dex subchart
1913+
dex:
1914+
dex:
1915+
# Point to the [controlplane http ingress]/auth/callback
1916+
redirectURL: http(s)://[controlplane http ingress]/auth/callback
1917+
httpRoute:
1918+
enabled: false
1919+
hostnames:
1920+
- dex.[domain]
1921+
parentRefs: []
1922+
# - name: your-gateway
1923+
# sectionName: http
1924+
# namespace: your-namespace
1925+
# Expose the dex instance to the outside world
1926+
ingress:
1927+
enabled: false
1928+
tls: false
1929+
hostname: ""
1930+
ingressClassName: ""

0 commit comments

Comments
 (0)