Skip to content

Commit

Permalink
Refactoring Issuer and helpers. Add Secret with MASTER_PASSPHRASE. Ad…
Browse files Browse the repository at this point in the history
…d values.schema.json
dtrdnk committed Oct 21, 2023
1 parent d31abea commit f718065
Showing 10 changed files with 214 additions and 43 deletions.
2 changes: 1 addition & 1 deletion charts/linstor-cluster/Chart.yaml
Original file line number Diff line number Diff line change
@@ -13,5 +13,5 @@ home: https://github.com/dtrdnk/dtrdnk-helm-charts
sources:
- https://github.com/piraeusdatastore/linstor-cluster

version: 0.0.2
version: 0.0.3
appVersion: "v2.2.0"
10 changes: 7 additions & 3 deletions charts/linstor-cluster/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
LinstorCluser: {{ include "linstor-cluster.fullname" $ }}
{{- range .Values.linstorSatelliteConfiguration }}
LinstorSatelliteConfiguration: {{ .name }}
{{- if (include "linstor-cluster.createPassPhraseSecret" .) }}
Secret with MASTER_PASSPHRASE: {{ include "linstor-cluster.fullname" $ }}-passphrase
{{- end }}
successfully deployed!
{{- range .Values.linstorSatelliteConfigurations }}
linstorSatelliteConfigurations: {{ .name }}
{{- end }}

Successfully deployed!
39 changes: 31 additions & 8 deletions charts/linstor-cluster/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -51,35 +51,58 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Return true, if apiTLS enabled and cert published via cert-manager
Return true, if apiTLS enabled
*/}}
{{- define "linstor-cluster.createApiTLSCert" -}}
{{- if .Values.linstorCluster }}
{{- if .Values.linstorCluster.apiTLS }}
{{- if .Values.linstorCluster.apiTLS.certManager }}
{{- if .Values.linstorCluster.apiTLS.enabled }}
{{- true -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Return true, if internalTLS enabled and cert published via cert-manager
Return true, if internalTLS enabled
*/}}
{{- define "linstor-cluster.createInternalTLSCert" -}}
{{- if .Values.linstorCluster }}
{{- if .Values.linstorCluster.internalTLS }}
{{- if .Values.linstorCluster.internalTLS.certManager }}
{{- if .Values.linstorCluster.internalTLS.enabled }}
{{- true -}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Define the internalTLS content
Retur true, if Secret with MASTER_PASSPHRASE will be created from this chart
*/}}
{{- define "linstor-cluster.internalTLS" -}}
{{- $internalTLS := default "" .Values.linstorCluster.internalTLS }}
{{- $internalTLS | toYaml }}
{{- define "linstor-cluster.createPassPhraseSecret" }}
{{- if .Values.linstorCluster }}
{{- if .Values.linstorCluster.linstorPassphraseSecret }}
{{- if .Values.linstorCluster.linstorPassphraseSecret.masterPassPhrase }}
{{- true -}}
{{- end }}
{{- if and (.Values.linstorCluster.linstorPassphraseSecret.masterPassPhrase) (.Values.linstorCluster.linstorPassphraseSecret.existingSecretName) }}
{{ fail "Values of masterPassPhrase and existingSecretName was defined! Expected only one" }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Define name of secret with MASTER_PASSPHRASE in linstorCluter
*/}}
{{- define "linstor-cluster.passPhraseSecretName" }}
{{- if .Values.linstorCluster }}
{{- if .Values.linstorCluster.linstorPassphraseSecret }}
{{- if .Values.linstorCluster.linstorPassphraseSecret.masterPassPhrase }}
{{- printf "%s-passphrase" (include "linstor-cluster.fullname" .) }}
{{- else if .Values.linstorCluster.linstorPassphraseSecret.existingSecretName }}
{{- .Values.linstorCluster.linstorPassphraseSecret.existingSecretName }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
12 changes: 6 additions & 6 deletions charts/linstor-cluster/templates/certificate.yaml
Original file line number Diff line number Diff line change
@@ -3,12 +3,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Values.linstorCluster.apiTLS.certManager.name }}
name: {{ include "linstor-cluster.fullname" $ }}-api-tls
labels:
{{- include "linstor-cluster.labels" $ | nindent 4 }}
spec:
commonName: {{ .Values.linstorCluster.apiTLS.certManager.name }}
secretName: {{ .Values.linstorCluster.apiTLS.certManager.name }}
commonName: {{ include "linstor-cluster.fullname" $ }}-api-tls
secretName: {{ include "linstor-cluster.fullname" $ }}-api-tls
duration: 87600h0m0s # 10 years
isCA: true
usages:
@@ -24,12 +24,12 @@ spec:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Values.linstorCluster.internalTLS.certManager.name }}
name: {{ include "linstor-cluster.fullname" $ }}-internal-tls
labels:
{{- include "linstor-cluster.labels" $ | nindent 4 }}
spec:
commonName: {{ .Values.linstorCluster.internalTLS.certManager.name }}
secretName: {{ .Values.linstorCluster.internalTLS.certManager.name }}
commonName: {{ include "linstor-cluster.fullname" $ }}-internal-tls
secretName: {{ include "linstor-cluster.fullname" $ }}-internal-tls
duration: 87600h0m0s # 10 years
isCA: true
usages:
8 changes: 4 additions & 4 deletions charts/linstor-cluster/templates/issuer.yaml
Original file line number Diff line number Diff line change
@@ -14,22 +14,22 @@ spec:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ .Values.linstorCluster.internalTLS.certManager.name }}
name: {{ include "linstor-cluster.fullname" $ }}-internal-tls
labels:
{{- include "linstor-cluster.labels" . | nindent 4 }}
spec:
ca:
secretName: {{ .Values.linstorCluster.internalTLS.certManager.name }}
secretName: {{ include "linstor-cluster.fullname" $ }}-internal-tls
{{- end }}
{{- if (include "linstor-cluster.createApiTLSCert" .) }}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ .Values.linstorCluster.apiTLS.certManager.name }}
name: {{ include "linstor-cluster.fullname" $ }}-api-tls
labels:
{{- include "linstor-cluster.labels" . | nindent 4 }}
spec:
ca:
secretName: {{ .Values.linstorCluster.apiTLS.certManager.name }}
secretName: {{ include "linstor-cluster.fullname" $ }}-api-tls
{{- end }}
18 changes: 12 additions & 6 deletions charts/linstor-cluster/templates/linstorcluster.yaml
Original file line number Diff line number Diff line change
@@ -6,14 +6,20 @@ metadata:
{{- include "linstor-cluster.labels" $ | nindent 4 }}
{{- with .Values.linstorCluster }}
spec:
{{- with (dig "apiTLS" (dict) .) }}
apiTLS: {{- toYaml . | nindent 4 }}
{{- if (include "linstor-cluster.createApiTLSCert" $ ) }}
apiTLS:
certManager:
name: {{ include "linstor-cluster.fullname" $ }}-api-tls
kind: Issuer
{{- end }}
{{- with (dig "internalTLS" (dict) .) }}
internalTLS: {{- toYaml . | nindent 4 }}
{{- if (include "linstor-cluster.createInternalTLSCert" $) }}
internalTLS:
certManager:
name: {{ include "linstor-cluster.fullname" $ }}-internal-tls
kind: Issuer
{{- end }}
{{- if dig "linstorPassphraseSecret" "" . }}
linstorPassphraseSecret: {{ dig "linstorPassphraseSecret" "" . }}
{{- if (include "linstor-cluster.passPhraseSecretName" $) }}
linstorPassphraseSecret: {{ include "linstor-cluster.passPhraseSecretName" $ | trim}}
{{- end }}
{{- with (dig "nodeSelector" (dict) .) }}
nodeSelector: {{- toYaml . | nindent 4 }}
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
{{- range .Values.linstorSatelliteConfiguration }}
{{- $internalTLS := include "linstor-cluster.internalTLS" $ }}
{{- range .Values.linstorSatelliteConfigurations }}
apiVersion: piraeus.io/v1
kind: LinstorSatelliteConfiguration
metadata:
name: {{ .name }}
name: {{ include "linstor-cluster.fullname" $ }}-{{ .name }}
labels:
{{- include "linstor-cluster.labels" $ | nindent 4 }}
spec:
{{- if $internalTLS }}
{{- if (include "linstor-cluster.createInternalTLSCert" $ ) }}
internalTLS:
{{- $internalTLS | nindent 4 }}
certManager:
name: {{ include "linstor-cluster.fullname" $ }}-internal-tls
kind: Issuer
{{- end }}
{{- with (dig "nodeSelector" (dict) .) }}
nodeSelector: {{- toYaml . | nindent 4 }}
10 changes: 10 additions & 0 deletions charts/linstor-cluster/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{{- if (include "linstor-cluster.createPassPhraseSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "linstor-cluster.fullname" $ }}-passphrase
labels:
{{- include "linstor-cluster.labels" . | nindent 4 }}
stringData:
MASTER_PASSPHRASE: {{ .Values.linstorCluster.linstorPassphraseSecret.masterPassPhrase }}
{{- end }}
126 changes: 126 additions & 0 deletions charts/linstor-cluster/values.schema.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"properties": {
"linstorCluster": {
"type": "object",
"properties": {
"apiTLS": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
}
}
},
"internalTLS": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
}
}
},
"linstorPassphraseSecret": {
"type": "object",
"properties": {
"masterPassPhrase": {
"type": "string"
},
"existingSecretName": {
"type": "string"
}
}
},
"nodeSelector": {
"type": "object"
}
}
},
"linstorSatelliteConfigurations": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"nodeSelector": {
"type": "object"
},
"patches": {
"type": "array",
"items": {
"type": "object",
"properties": {
"patch": {
"type": "string"
},
"target": {
"type": "object",
"properties": {
"kind": {
"type": "string"
},
"name": {
"type": "string"
}
}
}
}
}
},
"properties": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"value": {
"type": "string"
}
}
}
},
"storagePools": {
"type": "array",
"items": {
"type": "object"
}
}
}
}
},
"storageClasses": {
"type": "array",
"items": {
"type": "object",
"properties": {
"allowVolumeExpansion": {
"type": "boolean"
},
"annotations": {
"type": "object"
},
"name": {
"type": "string"
},
"parameters": {
"type": "object"
},
"provisioner": {
"type": "string"
},
"reclaimPolicy": {
"type": "string"
},
"volumeBindingMode": {
"type": "string"
}
}
}
}
}
}
21 changes: 11 additions & 10 deletions charts/linstor-cluster/values.yaml
Original file line number Diff line number Diff line change
@@ -1,23 +1,24 @@
# Definition of LinstorCluster
# Ref https://github.com/piraeusdatastore/piraeus-operator/blob/v2/docs/reference/linstorcluster.md
linstorCluster: {}
# # TLS options requires cert-manager (cert-manager.io) to be installed in a cluster
# apiTLS:
# certManager:
# name: linstor-cluster-api-ca
# kind: Issuer
# enabled: true
# internalTLS:
# certManager:
# name: linstor-cluster-internal-ca
# kind: Issuer
# # name of the secret in the namespace of the installed application. Encrypting snapshot by the passphrase. Necessary for backup on S3
# linstorPassphraseSecret: linstor-cluster-passphrase
# enabled: true
# # This MASTER_PASSPHRASE required for encrypting and storing snapshot on S3.
# # Either define masterPassPhrase or define name of existingSecret
# linstorPassphraseSecret:
# masterPassPhrase: "shhhSuPerSecRetPassWoRd!11"
# # If you would like use existing secret, then comment out 'masterPassPhrase', end uncomment string below
# #existingSecretName: "linstor-extra-secret"
# # Run the linstor-cluster on workers, which have "piraeus.io/autoplace: 'yes'" label
# nodeSelector:
# piraeus.io/autoplace: 'yes'

# Definition of LinstorSatelliteConfiguration
# Definition of linstorSatelliteConfigurations
# Ref https://github.com/piraeusdatastore/piraeus-operator/blob/v2/docs/reference/linstorsatelliteconfiguration.md
linstorSatelliteConfiguration: []
linstorSatelliteConfigurations: []
# # Satellites configuration list
# - name: storage-satellites
# # Definition of pools and devices

0 comments on commit f718065

Please sign in to comment.