Add Console as subchart in Redpanda chart

redpanda-data · Oct 10, 2024 · 30da9f7 · 30da9f7
1 parent 6f567fc
commit 30da9f7
Show file tree

Hide file tree

Showing 11 changed files with 340 additions and 257 deletions.
diff --git a/charts/console/deployment.go b/charts/console/deployment.go
@@ -58,7 +58,7 @@ func Deployment(dot *helmette.Dot) *appsv1.Deployment {
 		replicas = ptr.To(values.ReplicaCount)
 	}
 
-	var initContainers []corev1.Container
+	initContainers := []corev1.Container{}
 	if !helmette.Empty(values.InitContainers.ExtraInitContainers) {
 		initContainers = helmette.UnmarshalYamlArray[corev1.Container](helmette.Tpl(*values.InitContainers.ExtraInitContainers, dot))
 	}

diff --git a/charts/console/templates/_deployment.go.tpl b/charts/console/templates/_deployment.go.tpl
@@ -38,7 +38,7 @@
 {{- if (not $values.autoscaling.enabled) -}}
 {{- $replicas = ($values.replicaCount | int) -}}
 {{- end -}}
-{{- $initContainers := (coalesce nil) -}}
+{{- $initContainers := (list ) -}}
 {{- if (not (empty $values.initContainers.extraInitContainers)) -}}
 {{- $initContainers = (fromYamlArray (tpl $values.initContainers.extraInitContainers $dot)) -}}
 {{- end -}}

diff --git a/charts/redpanda/Chart.lock b/charts/redpanda/Chart.lock
@@ -6,4 +6,4 @@ dependencies:
   repository: https://charts.redpanda.com
   version: 0.1.13
 digest: sha256:3023f8ca61cf80050d0f0e73f9e86b73ae796717c651be8765c9db90996e5462
-generated: "2024-09-26T22:13:55.854012+02:00"
+generated: "2024-10-10T16:19:23.795965+02:00"
diff --git a/charts/redpanda/chart.go b/charts/redpanda/chart.go
@@ -21,6 +21,7 @@ import (
 
 	certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
+	"github.com/redpanda-data/helm-charts/charts/console"
 	"github.com/redpanda-data/helm-charts/pkg/gotohelm"
 	"github.com/redpanda-data/helm-charts/pkg/gotohelm/helmette"
 	"github.com/redpanda-data/helm-charts/pkg/kube"
@@ -40,7 +41,7 @@ var (
 	defaultValuesYAML []byte
 
 	// Chart is the go version of the redpanda helm chart.
-	Chart = gotohelm.MustLoad(chartYAML, defaultValuesYAML, render)
+	Chart = gotohelm.MustLoad(chartYAML, defaultValuesYAML, render, console.Chart)
 )
 
 // +gotohelm:ignore=true
@@ -114,6 +115,8 @@ func render(dot *helmette.Dot) []kube.Object {
 		manifests = append(manifests, obj)
 	}
 
+	manifests = append(manifests, renderConsole(dot)...)
+
 	// NB: This slice may contain nil interfaces!
 	// Filtering happens elsewhere, don't call this function directly if you
 	// can avoid it.

diff --git a/charts/redpanda/chart_test.go b/charts/redpanda/chart_test.go
@@ -14,6 +14,7 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+	"github.com/redpanda-data/helm-charts/charts/console"
 	"github.com/redpanda-data/helm-charts/charts/redpanda"
 	"github.com/redpanda-data/helm-charts/pkg/gotohelm/helmette"
 	"github.com/redpanda-data/helm-charts/pkg/helm"
@@ -685,7 +686,7 @@ func TestLabels(t *testing.T) {
 		values := &redpanda.PartialValues{
 			CommonLabels: labels,
 			// This guarantee does not currently extend to console.
-			Console: &redpanda.PartialConsole{Enabled: ptr.To(false)},
+			Console: &console.PartialValues{Enabled: ptr.To(false)},
 			// Nor connectors.
 			Connectors: &redpanda.PartialConnectors{Enabled: ptr.To(false)},
 		}
@@ -748,7 +749,16 @@ func TestGoHelmEquivalence(t *testing.T) {
 		Enabled: ptr.To(false),
 	}
 
-	values.Console = &redpanda.PartialConsole{Enabled: ptr.To(false)}
+	values.Console = &console.PartialValues{
+		Enabled: ptr.To(true),
+		Secret: &console.PartialSecretConfig{
+			Login: &console.PartialLoginSecrets{JWTSecret: ptr.To("SECRET")},
+		},
+		Ingress: &console.PartialIngressConfig{
+			Enabled: ptr.To(true),
+		},
+		Tests: &console.PartialEnableable{Enabled: ptr.To(false)},
+	}
 	values.Connectors = &redpanda.PartialConnectors{Enabled: ptr.To(false)}
 
 	goObjs, err := redpanda.Chart.Render(kube.Config{}, helmette.Release{
@@ -780,7 +790,7 @@ func TestGoHelmEquivalence(t *testing.T) {
 		return strings.Compare(aStr, bStr)
 	})
 
-	const stsIdx = 7
+	const stsIdx = 12
 
 	// resource.Quantity is a special object. To Ensure they compare correctly,
 	// we'll round trip it through JSON so the internal representations will

diff --git a/charts/redpanda/console.tpl.go b/charts/redpanda/console.tpl.go
@@ -20,10 +20,192 @@ import (
 	"fmt"
 
 	"github.com/redpanda-data/console/backend/pkg/config"
+	"github.com/redpanda-data/helm-charts/charts/console"
 	"github.com/redpanda-data/helm-charts/pkg/gotohelm/helmette"
+	"github.com/redpanda-data/helm-charts/pkg/kube"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/utils/ptr"
 )
 
-func ConsoleConfig(dot *helmette.Dot) any {
+// To connect Console with Redpanda the values are adjusted.
+func renderConsole(dot *helmette.Dot) []kube.Object {
+	v := helmette.UnmarshalInto[Values](dot.Values)
+
+	if !ptr.Deref(v.Console.Enabled, true) {
+		return nil
+	}
+
+	consoleDot := dot.Subcharts["console"]
+
+	consoleValue := helmette.UnmarshalInto[console.Values](consoleDot.Values)
+	if !ptr.Deref(v.Console.Secret.Create, false) {
+		consoleValue.Secret.Create = true
+		if license := GetLicenseLiteral(dot); license != "" {
+			consoleValue.Secret.Enterprise = console.EnterpriseSecrets{License: ptr.To(license)}
+		}
+	}
+
+	if !ptr.Deref(v.Console.ConfigMap.Create, false) {
+		consoleValue.ConfigMap.Create = true
+		consoleValue.Console.Config = ConsoleConfig(dot)
+	}
+
+	if !ptr.Deref(v.Console.Deployment.Create, false) {
+		consoleValue.Deployment.Create = true
+		extraVolumes := []corev1.Volume{}
+		extraVolumeMounts := []corev1.VolumeMount{}
+		extraEnvVars := []corev1.EnvVar{}
+		if v.Auth.IsSASLEnabled() {
+			command := append([]string{},
+				"sh",
+				"-c",
+				"set -e; IFS=':' read -r KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM < <(grep \"\" $(find /mnt/users/* -print));",
+				fmt.Sprintf(" KAFKA_SASL_MECHANISM=${KAFKA_SASL_MECHANISM:-%s};", SASLMechanism(dot)),
+				" export KAFKA_SASL_USERNAME KAFKA_SASL_PASSWORD KAFKA_SASL_MECHANISM;",
+				" export KAFKA_SCHEMAREGISTRY_USERNAME=$KAFKA_SASL_USERNAME;",
+				" export KAFKA_SCHEMAREGISTRY_PASSWORD=$KAFKA_SASL_PASSWORD;",
+				" export REDPANDA_ADMINAPI_USERNAME=$KAFKA_SASL_USERNAME;",
+				" export REDPANDA_ADMINAPI_PASSWORD=$KAFKA_SASL_PASSWORD;",
+				" /app/console $@",
+				" --")
+			consoleValue.Deployment.Command = command
+			extraVolumes = append(extraVolumes, corev1.Volume{
+				Name: fmt.Sprintf("%s-users", Fullname(dot)),
+				VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName: v.Auth.SASL.SecretRef,
+					},
+				},
+			})
+			extraVolumeMounts = append(extraVolumeMounts, corev1.VolumeMount{
+				Name:      fmt.Sprintf("%s-users", Fullname(dot)),
+				MountPath: "/mnt/users",
+				ReadOnly:  true,
+			})
+		}
+
+		if v.Listeners.Kafka.TLS.IsEnabled(&v.TLS) {
+			certName := v.Listeners.Kafka.TLS.Cert
+			cert := v.TLS.Certs.MustGet(certName)
+			secretName := fmt.Sprintf("%s-%s-cert", Fullname(dot), certName)
+			if cert.SecretRef != nil {
+				secretName = cert.SecretRef.Name
+			}
+			if cert.CAEnabled {
+				// TODO (Rafal) That could be removed as Config could be defined in ConfigMap
+				extraEnvVars = append(extraEnvVars, corev1.EnvVar{
+					Name:  "KAFKA_TLS_CAFILEPATH",
+					Value: fmt.Sprintf("/mnt/cert/kafka/%s/ca.crt", certName),
+				})
+				extraVolumes = append(extraVolumes, corev1.Volume{
+					Name: fmt.Sprintf("kafka-%s-cert", certName),
+					VolumeSource: corev1.VolumeSource{
+						Secret: &corev1.SecretVolumeSource{
+							DefaultMode: ptr.To[int32](0o420),
+							SecretName:  secretName,
+						},
+					},
+				})
+				extraVolumeMounts = append(extraVolumeMounts, corev1.VolumeMount{
+					Name:      fmt.Sprintf("kafka-%s-cert", certName),
+					MountPath: fmt.Sprintf("/mnt/cert/kafka/%s", certName),
+					ReadOnly:  true,
+				})
+			}
+		}
+
+		if v.Listeners.SchemaRegistry.TLS.IsEnabled(&v.TLS) {
+			certName := v.Listeners.SchemaRegistry.TLS.Cert
+			cert := v.TLS.Certs.MustGet(certName)
+			secretName := fmt.Sprintf("%s-%s-cert", Fullname(dot), certName)
+			if cert.SecretRef != nil {
+				secretName = cert.SecretRef.Name
+			}
+			if cert.CAEnabled {
+				// TODO (Rafal) That could be removed as Config could be defined in ConfigMap
+				extraEnvVars = append(extraEnvVars, corev1.EnvVar{
+					Name:  "KAFKA_SCHEMAREGISTRY_TLS_CAFILEPATH",
+					Value: fmt.Sprintf("/mnt/cert/schemaregistry/%s/ca.crt", certName),
+				})
+				extraVolumes = append(extraVolumes, corev1.Volume{
+					Name: fmt.Sprintf("schemaregistry-%s-cert", certName),
+					VolumeSource: corev1.VolumeSource{
+						Secret: &corev1.SecretVolumeSource{
+							DefaultMode: ptr.To[int32](0o420),
+							SecretName:  secretName,
+						},
+					},
+				})
+				extraVolumeMounts = append(extraVolumeMounts, corev1.VolumeMount{
+					Name:      fmt.Sprintf("schemaregistry-%s-cert", certName),
+					MountPath: fmt.Sprintf("/mnt/cert/schemaregistry/%s", certName),
+					ReadOnly:  true,
+				})
+			}
+		}
+
+		if v.Listeners.Admin.TLS.IsEnabled(&v.TLS) {
+			certName := v.Listeners.Admin.TLS.Cert
+			cert := v.TLS.Certs.MustGet(certName)
+			secretName := fmt.Sprintf("%s-%s-cert", Fullname(dot), certName)
+			if cert.SecretRef != nil {
+				secretName = cert.SecretRef.Name
+			}
+			if cert.CAEnabled {
+				extraVolumes = append(extraVolumes, corev1.Volume{
+					Name: fmt.Sprintf("adminapi-%s-cert", certName),
+					VolumeSource: corev1.VolumeSource{
+						Secret: &corev1.SecretVolumeSource{
+							DefaultMode: ptr.To[int32](0o420),
+							SecretName:  secretName,
+						},
+					},
+				})
+				extraVolumeMounts = append(extraVolumeMounts, corev1.VolumeMount{
+					Name:      fmt.Sprintf("adminapi-%s-cert", certName),
+					MountPath: fmt.Sprintf("/mnt/cert/adminapi/%s", certName),
+					ReadOnly:  true,
+				})
+			}
+		}
+
+		if secret := GetLicenseSecretReference(dot); secret != nil {
+			consoleValue.Enterprise = console.Enterprise{
+				LicenseSecretRef: console.SecretKeyRef{
+					Name: secret.Name,
+					Key:  secret.Key,
+				},
+			}
+		}
+
+		consoleValue.ExtraEnv = extraEnvVars
+		consoleValue.ExtraVolumes = extraVolumes
+		consoleValue.ExtraVolumeMounts = extraVolumeMounts
+
+		consoleDot.Values = helmette.UnmarshalInto[helmette.Values](consoleValue)
+		cfg := console.ConfigMap(consoleDot)
+		if consoleValue.PodAnnotations == nil {
+			consoleValue.PodAnnotations = map[string]string{}
+		}
+		consoleValue.PodAnnotations["checksum-redpanda-chart/config"] = helmette.Sha256Sum(helmette.ToYaml(cfg))
+
+	}
+
+	consoleDot.Values = helmette.UnmarshalInto[helmette.Values](consoleValue)
+
+	manifests := []kube.Object{
+		console.Secret(consoleDot),
+		console.ConfigMap(consoleDot),
+		console.Deployment(consoleDot),
+	}
+
+	// NB: This slice may contain nil interfaces!
+	// Filtering happens elsewhere, don't call this function directly if you
+	// can avoid it.
+	return manifests
+}
+
+func ConsoleConfig(dot *helmette.Dot) map[string]any {
 	values := helmette.Unwrap[Values](dot.Values)
 
 	var schemaURLs []string
@@ -48,7 +230,7 @@ func ConsoleConfig(dot *helmette.Dot) any {
 			"sasl": map[string]any{
 				"enabled": values.Auth.IsSASLEnabled(),
 			},
-			"tls": values.Listeners.Kafka.ConsolemTLS(&values.TLS),
+			"tls": values.Listeners.Kafka.ConsoleTLS(&values.TLS),
 			"schemaRegistry": map[string]any{
 				"enabled": values.Listeners.SchemaRegistry.Enabled,
 				"urls":    schemaURLs,
@@ -105,6 +287,12 @@ func ConsoleConfig(dot *helmette.Dot) any {
 		}
 	}
 
+	if values.Console.Console == nil {
+		values.Console.Console = &console.PartialConsole{
+			Config: map[string]any{},
+		}
+	}
+
 	return helmette.Merge(values.Console.Console.Config, c)
 }
 

diff --git a/charts/redpanda/templates/_chart.go.tpl b/charts/redpanda/templates/_chart.go.tpl
@@ -53,6 +53,7 @@
 {{- if $_is_returning -}}
 {{- break -}}
 {{- end -}}
+{{- $manifests = (concat (default (list ) $manifests) (default (list ) (get (fromJson (include "redpanda.renderConsole" (dict "a" (list $dot) ))) "r"))) -}}
 {{- $_is_returning = true -}}
 {{- (dict "r" $manifests) | toJson -}}
 {{- break -}}