CartoDB · alvarorm22 · Jun 3, 2024 · Jun 4, 2024 · Jun 4, 2024 · Jun 4, 2024
diff --git a/chart/README.md b/chart/README.md
diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
@@ -941,17 +941,13 @@ Return the absolute path where the Google Secret will be mounted
 
 {{/*
 Return the proper Carto TLS Secret name
-FIXME: Deprecated in favor of router.tlsCertificates and gateway.tlsCertificates
 TODO: We have to regenerate the secret if the private key changes
 */}}
-{{- define "carto.tlsCerts.secretName" -}}
-{{- include "carto.tlsCerts.duplicatedValueValidator" . -}}
-{{- if .Values.tlsCerts.existingSecret.name -}}
-{{- .Values.tlsCerts.existingSecret.name -}}
+{{- define "carto.router.tlsCertificates.secretName" -}}
+{{- include "carto.router.tlsCertificates.duplicatedValueValidator" . -}}
+{{- if .Values.router.tlsCertificates.existingSecret.name -}}
+{{- .Values.router.tlsCertificates.existingSecret.name -}}
 {{- else if (empty .Values.router.tlsCertificates.certificateValueBase64) -}}
-{{/*
-     Preserved the original behaviour in case someone use the default secret name without explicitly define that parameter
-*/}}
 {{- printf "%s-tls" (include "common.names.fullname" .) -}}
 {{- else -}}
 {{- printf "%s-tls-%s" (include "common.names.fullname" .) (.Values.router.tlsCertificates.certificateValueBase64 | sha256sum | substr 0 5) -}}
@@ -960,35 +956,26 @@ TODO: We have to regenerate the secret if the private key changes
 
 {{/*
 Return the proper Carto TLS secret key for the TLS cert
-FIXME: Deprecated in favor of router.tlsCertificates and gateway.tlsCertificates
 */}}
-{{- define "carto.tlsCerts.secretCertKey" -}}
-{{- if .Values.tlsCerts.existingSecret.name -}}
-{{- .Values.tlsCerts.existingSecret.certKey -}}
+{{- define "carto.router.tlsCertificates.secretCertKey" -}}
+{{- if .Values.router.tlsCertificates.existingSecret.name -}}
+{{- .Values.router.tlsCertificates.existingSecret.certKey -}}
 {{- else -}}
 {{- print "tls.crt" -}}
 {{- end -}}
 {{- end -}}
 
 {{/*
 Return the proper Carto TLS secret key for the TLS key
-FIXME: Deprecated in favor of router.tlsCertificates and gateway.tlsCertificates
 */}}
-{{- define "carto.tlsCerts.secretKeyKey" -}}
-{{- if .Values.tlsCerts.existingSecret.name -}}
-{{- .Values.tlsCerts.existingSecret.keyKey -}}
+{{- define "carto.router.tlsCertificates.secretKeyKey" -}}
+{{- if .Values.router.tlsCertificates.existingSecret.name -}}
+{{- .Values.router.tlsCertificates.existingSecret.keyKey -}}
 {{- else -}}
 {{- print "tls.key" -}}
 {{- end -}}
 {{- end -}}
 
-{{/*
-Return the proper Carto Router TLS Secret name
-*/}}
-{{- define "carto.router.tlsCertificates.secretName" -}}
-{{- printf "%s-tls-%s" (include "common.names.fullname" .) (.Values.router.tlsCertificates.certificateValueBase64 | sha256sum | substr 0 5) -}}
-{{- end -}}
-
 {{/*
 Return the proper Carto Gateway custom TLS Secret name
 */}}

diff --git a/chart/templates/_validators.tpl b/chart/templates/_validators.tpl
@@ -1,5 +1,5 @@
-{{- define "carto.tlsCerts.duplicatedValueValidator" -}}
-  {{- if and (.Values.tlsCerts.existingSecret.name) (not (empty .Values.router.tlsCertificates.certificateValueBase64)) -}}
-      {{- fail "You cannot define both tlsCerts.existingSecret.name and router.tlsCertificates.certificateValueBase64" -}}
+{{- define "carto.router.tlsCertificates.duplicatedValueValidator" -}}
+  {{- if and (.Values.router.tlsCertificates.existingSecret.name) (not (empty .Values.router.tlsCertificates.certificateValueBase64)) -}}
+      {{- fail "You cannot define both router.tlsCertificates.existingSecret.name and router.tlsCertificates.certificateValueBase64" -}}
   {{- end -}}
 {{- end -}}
diff --git a/chart/templates/auto-tls-secret.yaml b/chart/templates/auto-tls-secret.yaml
diff --git a/chart/templates/gateway/gateway-api.yaml b/chart/templates/gateway/gateway-api.yaml
@@ -55,7 +55,7 @@ spec:
         value: {{ .Values.gateway.path }}
     backendRefs:
     - name: {{ template "carto.router.fullname" . }}
-      {{- if .Values.tlsCerts.httpsEnabled }}
+      {{- if .Values.router.httpsEnabled }}
       port: {{ .Values.router.service.ports.https }}
       {{- else }}
       port: {{ .Values.router.service.ports.http }}

diff --git a/chart/templates/router/configmap.yaml b/chart/templates/router/configmap.yaml
@@ -31,11 +31,11 @@ data:
   ROUTER_MAPS_API_INTERNAL_URL: {{ include "carto.mapsApi.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
   # If required, is going to be generated by Helm and inyected as secret
   ROUTER_SSL_AUTOGENERATE: "0"
-  ROUTER_SSL_CERTIFICATE_KEY_PATH: /usr/src/certs/{{ template "carto.tlsCerts.secretKeyKey" . }}
-  ROUTER_SSL_CERTIFICATE_PATH: /usr/src/certs/{{ template "carto.tlsCerts.secretCertKey" . }}
+  ROUTER_SSL_CERTIFICATE_KEY_PATH: /usr/src/certs/{{ template "carto.router.tlsCertificates.secretKeyKey" . }}
+  ROUTER_SSL_CERTIFICATE_PATH: /usr/src/certs/{{ template "carto.router.tlsCertificates.secretCertKey" . }}
   ROUTER_WORKSPACE_API_INTERNAL_URL: {{ include "carto.workspaceApi.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
   ROUTER_WORKSPACE_WWW_INTERNAL_URL: {{ include "carto.workspaceWww.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
-  ROUTER_ENABLE_HTTPS: {{ .Values.tlsCerts.httpsEnabled | quote }}
+  ROUTER_ENABLE_HTTPS: {{ .Values.router.httpsEnabled | quote }}
   ROUTER_METRICS_PUBSUB_PROJECT_ID: {{ .Values.cartoConfigValues.selfHostedGcpProjectId | quote }}
   ROUTER_METRICS_PUBSUB_TOPIC: "data-updates"
   ROUTER_METRICS_HOST: "localhost"

diff --git a/chart/templates/router/custom-tls-secret.yaml b/chart/templates/router/custom-tls-secret.yaml
@@ -1,8 +1,8 @@
-{{- if (and .Values.tlsCerts.httpsEnabled (not (empty .Values.router.tlsCertificates.certificateValueBase64))) }}
+{{- if (and .Values.router.httpsEnabled (not (empty .Values.router.tlsCertificates.certificateValueBase64))) }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "carto.tlsCerts.secretName" . }}
+  name: {{ include "carto.router.tlsCertificates.secretName" . }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
     {{- if .Values.commonLabels }}
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
@@ -12,6 +12,6 @@ metadata:
   {{- end }}
 type: kubernetes.io/tls
 data:
-  {{ template "carto.tlsCerts.secretCertKey" . }}: {{ .Values.router.tlsCertificates.certificateValueBase64 | nindent 4 }}
-  {{ template "carto.tlsCerts.secretKeyKey" . }}: {{ .Values.router.tlsCertificates.privateKeyValueBase64 | nindent 4 }}
+  {{ template "carto.router.tlsCertificates.secretCertKey" . }}: {{ .Values.router.tlsCertificates.certificateValueBase64 | nindent 4 }}
+  {{ template "carto.router.tlsCertificates.secretKeyKey" . }}: {{ .Values.router.tlsCertificates.privateKeyValueBase64 | nindent 4 }}
 {{- end }}
diff --git a/chart/templates/router/deployment.yaml b/chart/templates/router/deployment.yaml
@@ -1,4 +1,3 @@
-{{- if (include "carto.baseUrl" .) }}
 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
@@ -147,13 +146,13 @@ spec:
           lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.router.lifecycleHooks "context" $) | nindent 12 }}
           {{- end }}
           volumeMounts:
-            {{- if .Values.tlsCerts.httpsEnabled }}
+            {{- if .Values.router.httpsEnabled }}
             - name: tls-secret
-              mountPath: /usr/src/certs/{{ template "carto.tlsCerts.secretCertKey" . }}
-              subPath: {{ template "carto.tlsCerts.secretCertKey" . }}
+              mountPath: /usr/src/certs/{{ template "carto.router.tlsCertificates.secretCertKey" . }}
+              subPath: {{ template "carto.router.tlsCertificates.secretCertKey" . }}
             - name: tls-secret
-              mountPath: /usr/src/certs/{{ template "carto.tlsCerts.secretKeyKey" . }}
-              subPath: {{ template "carto.tlsCerts.secretKeyKey" . }}
+              mountPath: /usr/src/certs/{{ template "carto.router.tlsCertificates.secretKeyKey" . }}
+              subPath: {{ template "carto.router.tlsCertificates.secretKeyKey" . }}
             {{- end }}
           {{- if .Values.router.extraVolumeMounts }}
           {{- include "common.tplvalues.render" (dict "value" .Values.router.extraVolumeMounts "context" $) | nindent 12 }}
@@ -240,10 +239,10 @@ spec:
         {{- include "common.tplvalues.render" ( dict "value" .Values.router.sidecars "context" $) | nindent 8 }}
         {{- end }}
       volumes:
-        {{- if .Values.tlsCerts.httpsEnabled }}
+        {{- if .Values.router.httpsEnabled }}
         - name: tls-secret
           secret:
-            secretName: {{ include "carto.tlsCerts.secretName" . }}
+            secretName: {{ include "carto.router.tlsCertificates.secretName" . }}
         {{- end }}
         - name: gcp-default-service-account-key
           secret:
@@ -254,4 +253,3 @@ spec:
         {{- if .Values.router.extraVolumes }}
         {{- include "common.tplvalues.render" (dict "value" .Values.router.extraVolumes "context" $) | nindent 8 }}
         {{- end }}
-{{- end }}
diff --git a/chart/templates/router/ingress.yaml b/chart/templates/router/ingress.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.router.ingress.enabled }}
+{{- if .Values.ingress.enabled }}
 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
@@ -9,31 +9,31 @@ metadata:
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
     {{- end }}
   annotations:
-    {{- if .Values.router.ingress.annotations }}
-    {{- include "common.tplvalues.render" (dict "value" .Values.router.ingress.annotations "context" $) | nindent 4 }}
+    {{- if .Values.ingress.annotations }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
     {{- end }}
     {{- if .Values.commonAnnotations }}
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
     {{- end }}
 spec:
-  {{- if and .Values.router.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
-  ingressClassName: {{ .Values.router.ingress.ingressClassName | quote }}
+  {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
   {{- end }}
   rules:
     {{- if .Values.appConfigValues.selfHostedDomain }}
     - host: {{ .Values.appConfigValues.selfHostedDomain }}
       http:
         paths:
-          - path: {{ .Values.router.ingress.path }}
+          - path: {{ .Values.ingress.path }}
             {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
-            pathType: {{ .Values.router.ingress.pathType }}
+            pathType: {{ .Values.ingress.pathType }}
             {{- end }}
             backend: {{- include "common.ingress.backend" (dict "serviceName" (include "carto.router.fullname" .) "servicePort" "http" "context" $)  | nindent 14 }}
-          {{- if .Values.router.ingress.extraPaths }}
-          {{- toYaml .Values.router.ingress.extraPaths | nindent 10 }}
+          {{- if .Values.ingress.extraPaths }}
+          {{- toYaml .Values.ingress.extraPaths | nindent 10 }}
           {{- end }}
     {{- end }}
-    {{- range (coalesce .Values.router.ingress.extraHosts .Values.router.ingress.hosts) }}
+    {{- range (coalesce .Values.ingress.extraHosts .Values.ingress.hosts) }}
     - host: {{ .name | quote }}
       http:
         paths:
@@ -43,18 +43,18 @@ spec:
             {{- end }}
             backend: {{- include "common.ingress.backend" (dict "serviceName" (include "carto.router.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
     {{- end }}
-    {{- if .Values.router.ingress.extraRules }}
-    {{- include "common.tplvalues.render" (dict "value" .Values.router.ingress.extraRules "context" $) | nindent 4 }}
+    {{- if .Values.ingress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
     {{- end }}
-  {{- if or .Values.router.ingress.tls .Values.router.ingress.extraTls }}
+  {{- if or .Values.ingress.tls .Values.ingress.extraTls }}
   tls:
-     {{- if .Values.router.ingress.tls }}
+     {{- if .Values.ingress.tls }}
     - hosts:
         - {{ .Values.appConfigValues.selfHostedDomain | quote }}
-      secretName: {{ .Values.tlsCerts.existingSecret.name }}
+      secretName: {{ .Values.ingress.existingSecret.name }}
     {{- end }}
-    {{- if .Values.router.ingress.extraTls }}
-    {{- include "common.tplvalues.render" (dict "value" .Values.router.ingress.extraTls "context" $) | nindent 4 }}
+    {{- if .Values.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }}
     {{- end }}
   {{- end }}
 {{- end }}