From 8e7328e79b127e93fd7834475448e66ffab9beb2 Mon Sep 17 00:00:00 2001 From: Marc Friedhoff Date: Mon, 6 Nov 2023 10:35:40 +0100 Subject: [PATCH] Minor fixes, extra labels, optional secrets --- apigateway/helm/templates/NOTES.txt | 2 + apigateway/helm/templates/_helper.tpl | 7 ++ apigateway/helm/templates/configmap.yaml | 14 ++-- apigateway/helm/templates/deployment.yaml | 6 ++ apigateway/helm/templates/elasticsearch.yaml | 15 +++- apigateway/helm/templates/ingress.yaml | 3 + apigateway/helm/templates/kibana.yaml | 9 +++ apigateway/helm/templates/license.yaml | 5 +- .../helm/templates/nginx-configmap.yaml | 4 +- .../helm/templates/nginx-deployment.yaml | 6 ++ apigateway/helm/templates/nginx-svc.yaml | 3 + apigateway/helm/templates/secret.yaml | 22 +++++- apigateway/helm/templates/service.yaml | 9 +++ apigateway/helm/values.yaml | 79 ++++++++++++++++--- 14 files changed, 164 insertions(+), 20 deletions(-) diff --git a/apigateway/helm/templates/NOTES.txt b/apigateway/helm/templates/NOTES.txt index 03c6ae5..0bbc892 100644 --- a/apigateway/helm/templates/NOTES.txt +++ b/apigateway/helm/templates/NOTES.txt @@ -17,6 +17,8 @@ echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} +{{- if .Values.secrets.generateAdminSecret }} 2. Get the admin password: {{- $name := (printf "%s%s" (include "common.names.fullname" .) "-admin-password") }} echo "Admin Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ $name }} -o jsonpath="{.data.password}" | base64 --decode)" +{{- end }} diff --git a/apigateway/helm/templates/_helper.tpl b/apigateway/helm/templates/_helper.tpl index 1617f39..28bdeb3 100644 --- a/apigateway/helm/templates/_helper.tpl +++ b/apigateway/helm/templates/_helper.tpl @@ -49,4 +49,11 @@ Build the tls secret name, which holds the jks trust and keystore for API Gatewa */}} {{- define "apigateway.elastictls" -}} {{- default (printf "%s%s" (include "common.names.fullname" .) "-es-tls-secret") .Values.elasticsearch.tlsSecretName }} +{{- end }} + +{{/* +Build the admin secret name, which holds the Administrator password +*/}} +{{- define "apigateway.adminsecret" -}} +{{- default (printf "%s%s" (include "common.names.fullname" .) "-admin-password") .Values.apigw.adminSecretName }} {{- end }} \ No newline at end of file diff --git a/apigateway/helm/templates/configmap.yaml b/apigateway/helm/templates/configmap.yaml index f5ca79c..80b8518 100644 --- a/apigateway/helm/templates/configmap.yaml +++ b/apigateway/helm/templates/configmap.yaml @@ -23,6 +23,9 @@ metadata: name: {{ include "common.names.fullname" . }}-config labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} data: config-sources.yml: | sources: @@ -64,12 +67,11 @@ data: {{ $key }}: {{ (tpl $value $) }} {{- end }} {{- end }} - - + {{ if .Values.apigw.applicationProperties -}} - application.properties: | - {{- nindent 6 .Values.applicationProperties }} + application.properties: | + {{- printf "%s" (tpl .Values.apigw.applicationProperties .) | nindent 4 }} {{ else -}} - application.properties: | - user.Administrator.password=$env{ADMINISTRATOR_PASSWORD} + application.properties: | + user.Administrator.password=$env{ADMINISTRATOR_PASSWORD} {{- end}} \ No newline at end of file diff --git a/apigateway/helm/templates/deployment.yaml b/apigateway/helm/templates/deployment.yaml index d7c7888..6157994 100644 --- a/apigateway/helm/templates/deployment.yaml +++ b/apigateway/helm/templates/deployment.yaml @@ -22,6 +22,9 @@ metadata: name: {{ include "common.names.fullname" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -39,6 +42,9 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} labels: {{- include "common.labels.matchLabels" . | nindent 8 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: diff --git a/apigateway/helm/templates/elasticsearch.yaml b/apigateway/helm/templates/elasticsearch.yaml index be8133c..3535563 100644 --- a/apigateway/helm/templates/elasticsearch.yaml +++ b/apigateway/helm/templates/elasticsearch.yaml @@ -22,6 +22,10 @@ apiVersion: elasticsearch.k8s.elastic.co/v1 kind: Elasticsearch metadata: name: {{ include "common.names.fullname" . }} + labels: + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} spec: version: {{ .Values.elasticsearch.version }} {{- if .Values.elasticsearch.image }} @@ -50,7 +54,16 @@ spec: {{- if not .Values.elasticsearch.defaultNodeSet.memoryMapping }} node.store.allow_mmap: false {{- end }} - podTemplate: + podTemplate: + metadata: + labels: + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 12 }} + {{- end }} + annotations: + {{- with .Values.elasticsearch.defaultNodeSet.annotations -}} + {{ toYaml . | nindent 12 }} + {{- end }} spec: initContainers: {{- if and .Values.elasticsearch.defaultNodeSet.setMaxMapCount .Values.elasticsearch.defaultNodeSet.memoryMapping }} diff --git a/apigateway/helm/templates/ingress.yaml b/apigateway/helm/templates/ingress.yaml index 10999d6..9e93be7 100644 --- a/apigateway/helm/templates/ingress.yaml +++ b/apigateway/helm/templates/ingress.yaml @@ -41,6 +41,9 @@ metadata: name: {{ include "common.names.fullname" $ }}- {{- $name }} labels: {{- $labels | nindent 4 }} + {{- with $.Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} {{- with .annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/apigateway/helm/templates/kibana.yaml b/apigateway/helm/templates/kibana.yaml index 1f3c4ab..19f7039 100644 --- a/apigateway/helm/templates/kibana.yaml +++ b/apigateway/helm/templates/kibana.yaml @@ -43,6 +43,15 @@ spec: elasticsearchRef: name: {{ include "common.names.fullname" . }} podTemplate: + metadata: + labels: + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 8 }} + {{- end }} + annotations: + {{- with .Values.kibana.annotations -}} + {{ toYaml . | nindent 8 }} + {{- end }} spec: containers: - name: kibana diff --git a/apigateway/helm/templates/license.yaml b/apigateway/helm/templates/license.yaml index f031451..7fdd707 100644 --- a/apigateway/helm/templates/license.yaml +++ b/apigateway/helm/templates/license.yaml @@ -25,8 +25,11 @@ metadata: name: {{ include "common.names.fullname" . }}-license labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} annotations: - helm.sh/resource-policy: keep + helm.sh/resource-policy: keep data: licensekey: {{ .Values.license | toYaml }} diff --git a/apigateway/helm/templates/nginx-configmap.yaml b/apigateway/helm/templates/nginx-configmap.yaml index 8c09cc8..cfc8c25 100644 --- a/apigateway/helm/templates/nginx-configmap.yaml +++ b/apigateway/helm/templates/nginx-configmap.yaml @@ -25,7 +25,9 @@ metadata: name: {{ include "common.names.fullname" . }}-nginx-conf labels: {{- include "common.labels.standard" . | nindent 4 }} - + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} data: nginx.conf: | user nginx; diff --git a/apigateway/helm/templates/nginx-deployment.yaml b/apigateway/helm/templates/nginx-deployment.yaml index ccb9a78..453f66f 100644 --- a/apigateway/helm/templates/nginx-deployment.yaml +++ b/apigateway/helm/templates/nginx-deployment.yaml @@ -24,6 +24,9 @@ kind: Deployment metadata: labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} name: {{ include "common.names.fullname" . }}-nginx spec: replicas: 1 @@ -41,6 +44,9 @@ spec: labels: app: nginx {{- include "common.labels.standard" . | nindent 8 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 8 }} + {{- end }} spec: containers: - name: nginx diff --git a/apigateway/helm/templates/nginx-svc.yaml b/apigateway/helm/templates/nginx-svc.yaml index 88fd694..f1d9289 100644 --- a/apigateway/helm/templates/nginx-svc.yaml +++ b/apigateway/helm/templates/nginx-svc.yaml @@ -25,6 +25,9 @@ metadata: name: {{ include "common.names.fullname" . }}-nginx-svc labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.serviceType }} ports: diff --git a/apigateway/helm/templates/secret.yaml b/apigateway/helm/templates/secret.yaml index 46d9daf..6ab7202 100644 --- a/apigateway/helm/templates/secret.yaml +++ b/apigateway/helm/templates/secret.yaml @@ -16,6 +16,7 @@ # * limitations under the License. # * # */ +{{- if .Values.secrets.generateElasticSecrets -}} {{- $name := (printf "%s%s" (include "apigateway.elasticsecret" .) "-es") }} apiVersion: v1 kind: Secret @@ -23,6 +24,10 @@ metadata: name: {{ $name }} annotations: helm.sh/resource-policy: keep + labels: + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} type: kubernetes.io/basic-auth stringData: {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $name ) | default dict }} @@ -41,6 +46,10 @@ metadata: name: {{ $name }} annotations: helm.sh/resource-policy: keep + labels: + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} type: kubernetes.io/basic-auth stringData: {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $name ) | default dict }} @@ -59,23 +68,34 @@ metadata: name: {{ $name }} annotations: helm.sh/resource-policy: keep + labels: + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} type: Opaque stringData: {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $name ) | default dict }} {{- $secretData := (get $secretObj "data") | default dict }} {{- $password := get $secretData "password" | b64dec | default (randAlphaNum 12) }} password: {{ $password }} +{{- end }} +{{- if .Values.secrets.generateAdminSecret }} --- -{{- $name := (printf "%s%s" (include "common.names.fullname" .) "-admin-password") }} +{{- $name := (include "apigateway.adminsecret" .) }} apiVersion: v1 kind: Secret metadata: name: {{ $name }} annotations: helm.sh/resource-policy: keep + labels: + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} type: Opaque stringData: {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace $name ) | default dict }} {{- $secretData := get $secretObj "data" | default dict }} {{- $password := get $secretData "password" | b64dec | default (randAlphaNum 12) }} password: {{ $password | quote }} +{{- end -}} \ No newline at end of file diff --git a/apigateway/helm/templates/service.yaml b/apigateway/helm/templates/service.yaml index 10bc1e8..3387b84 100644 --- a/apigateway/helm/templates/service.yaml +++ b/apigateway/helm/templates/service.yaml @@ -23,6 +23,9 @@ metadata: name: {{ include "common.names.fullname" . }}-rt labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.serviceType }} ports: @@ -42,6 +45,9 @@ metadata: name: {{ include "common.names.fullname" . }}-admin labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.serviceType }} ports: @@ -61,6 +67,9 @@ metadata: name: {{ include "common.names.fullname" . }}-ui labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.extraLabels -}} + {{ toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.serviceType }} sessionAffinity: ClientIP diff --git a/apigateway/helm/values.yaml b/apigateway/helm/values.yaml index 7f2f04d..982b986 100644 --- a/apigateway/helm/values.yaml +++ b/apigateway/helm/values.yaml @@ -17,6 +17,11 @@ image: imagePullSecrets: - name: regcred +# -- Controls if secrets should be generated automatically. +secrets: + generateAdminSecret: true + generateElasticSecrets: true + # -- Overwrites Chart name of release name in workload name. As default, the workload name is release name + '-' + Chart name. The workload name is at the end release name + '-' + value of `nameOverride`. nameOverride: "" # -- Overwrites full workload name. As default, the workload name is release name + '-' + Chart name. @@ -162,7 +167,19 @@ global: # -- Service name for health check for kibana startup, must same value as apigwAdminService apigwHealthService: "apigw-admin-svc" # -- Port for health check for kibana startup, must same value as apigwAdminPort - apigwHealthPort: 5555 + apigwHealthPort: 5555 + + # -- Elasticsearch global settings + # Required for Prometheus Exporter Sub Chart + elasticsearch: + # -- The elasticsearch http service name that API Gateway uses. + # The default is compiled of the fullname (releasename + chart name) + "-http" + # You MUST override this if you use an external elastic search service and do not deploy the embedded elastic CRD from this chart. + serviceName: "" + port: 9200 + +# -- Extra Labels for API Gateway +extraLabels: {} # -- Exta environment properties to be passed on to the container extraEnvs: {} @@ -240,12 +257,48 @@ apigw: rtExternalService: "apigw-rt-ext-svc" apigwAdminService: "apigw-admin-svc" + # -- The secret that holds the admin password + # Depends on secrets.genereateAdminSecret; if true the setting will be ignored. + adminSecretName: "" + + # -- Application Properties to overwrite default API Gateway settings. Please check + # Handle with care - Most settings should be set via the UI, Admin API, configSources values, or via environment variables. + # By default only the default Administrator password is set through this mechanism if nothing is set here. + # Other examples are extended settings which can be set through this mechanism. + # Examples: + # + # Set the default Administrator password from environment variable + # user.Administrator.password=$env{ADMINISTRATOR_PASSWORD} + # + # Avoid archiving audit log files ... + # settings.watt.server.audit.logFilesToKeep=1 + # + # Avoid archiving server log files ... + # settings.watt.server.serverlogFilesToKeep=1 + # + # Avoid archiving statistic files ... + # settings.watt.server.stats.logFilesToKeep=1 + # + # Value for 1 to 9 to set debug level of server log ... + # settings.watt.debug.level= + # + # Set the maximum number of permitted service threads in the global pool ... + # settings.watt.server.threadPool=750 + # + # Set the default request/response content-type ... + # settings.watt.net.default.content-type=json + # + # Avoid IS internal statistic data collector ... + # statisticsdatacollector.monitorConfig.enabled=false + applicationProperties: | + # -- configuration source files for API Gateway configSources: elasticsearch: tenantId: default - hosts: "{{ .Release.Name }}-{{ .Chart.Name }}-es-http:{{ .Values.elasticsearch.port }}" + hosts: "{{ default (printf \"%s-%s-es-http\" .Release.Name .Chart.Name) .Values.global.elasticsearch.serviceName }}:{{ .Values.global.elasticsearch.port }}" + @@ -317,12 +370,6 @@ elasticsearch: # Make sure that the image corresponds to the version field. image: - # -- The elasticsearch http service name that API Gateway uses. - # The default is compiled of the fullname (releasename + chart name) + "-http" - # You MUST override this if you use an external elastic search service and do not deploy the embedded elastic CRD from this chart. - serviceName: "" - # -- The default elasticsearch instance http communication port - port: 9200 # -- The secret name that holds the sag es user for API Gateway. secretName: "" @@ -364,12 +411,24 @@ elasticsearch: # -- Extra init containers to be started before Elasticsearch nodes are started. # See https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-init-containers-plugin-downloads.html extraInitContainers: {} - + # -- Annotations for Elasticsearch + annotations: {} + kibana: + # -- The ECK version to be used + version: 8.2.3 + + # -- The default Kibana Port port: 5601 + # -- Annotations for Kibana + annotations: {} + +# -- Elasticsearch exporter settings. See https://github.com/prometheus-community/elasticsearch_exporter for details. prometheus-elasticsearch-exporter: es: - uri: "{{ .Release.Name }}-apigateway-es-http:9200" \ No newline at end of file + # -- The uri of the elasticsearch service. By default this is the elasticsearch.serviceName + elasticsearch.port + # Overwrite this if you are using an external Elasticsearch instance + uri: "{{ .Values.global.elasticsearch.serviceName }}:{{ .Values.global.elasticsearch.port }}" \ No newline at end of file