diff --git a/charts/linstor-cluster/Chart.yaml b/charts/linstor-cluster/Chart.yaml index cd6e384..d6a971b 100644 --- a/charts/linstor-cluster/Chart.yaml +++ b/charts/linstor-cluster/Chart.yaml @@ -13,5 +13,5 @@ home: https://github.com/dtrdnk/dtrdnk-helm-charts sources: - https://github.com/piraeusdatastore/linstor-cluster -version: 0.0.2 +version: 0.0.3 appVersion: "v2.2.0" diff --git a/charts/linstor-cluster/templates/NOTES.txt b/charts/linstor-cluster/templates/NOTES.txt index c841a11..51db498 100644 --- a/charts/linstor-cluster/templates/NOTES.txt +++ b/charts/linstor-cluster/templates/NOTES.txt @@ -1,5 +1,9 @@ LinstorCluser: {{ include "linstor-cluster.fullname" $ }} -{{- range .Values.linstorSatelliteConfiguration }} -LinstorSatelliteConfiguration: {{ .name }} +{{- if (include "linstor-cluster.createPassPhraseSecret" .) }} +Secret with MASTER_PASSPHRASE: {{ include "linstor-cluster.fullname" $ }}-passphrase {{- end }} -successfully deployed! +{{- range .Values.linstorSatelliteConfigurations }} +linstorSatelliteConfigurations: {{ .name }} +{{- end }} + +Successfully deployed! \ No newline at end of file diff --git a/charts/linstor-cluster/templates/_helpers.tpl b/charts/linstor-cluster/templates/_helpers.tpl index 003d6ed..e78a36e 100644 --- a/charts/linstor-cluster/templates/_helpers.tpl +++ b/charts/linstor-cluster/templates/_helpers.tpl @@ -51,12 +51,12 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* -Return true, if apiTLS enabled and cert published via cert-manager +Return true, if apiTLS enabled */}} {{- define "linstor-cluster.createApiTLSCert" -}} {{- if .Values.linstorCluster }} {{- if .Values.linstorCluster.apiTLS }} - {{- if .Values.linstorCluster.apiTLS.certManager }} + {{- if .Values.linstorCluster.apiTLS.enabled }} {{- true -}} {{- end }} {{- end }} @@ -64,12 +64,12 @@ Return true, if apiTLS enabled and cert published via cert-manager {{- end }} {{/* -Return true, if internalTLS enabled and cert published via cert-manager +Return true, if internalTLS enabled */}} {{- define "linstor-cluster.createInternalTLSCert" -}} {{- if .Values.linstorCluster }} {{- if .Values.linstorCluster.internalTLS }} - {{- if .Values.linstorCluster.internalTLS.certManager }} + {{- if .Values.linstorCluster.internalTLS.enabled }} {{- true -}} {{- end }} {{- end }} @@ -77,9 +77,32 @@ Return true, if internalTLS enabled and cert published via cert-manager {{- end }} {{/* -Define the internalTLS content +Retur true, if Secret with MASTER_PASSPHRASE will be created from this chart */}} -{{- define "linstor-cluster.internalTLS" -}} -{{- $internalTLS := default "" .Values.linstorCluster.internalTLS }} -{{- $internalTLS | toYaml }} +{{- define "linstor-cluster.createPassPhraseSecret" }} +{{- if .Values.linstorCluster }} + {{- if .Values.linstorCluster.linstorPassphraseSecret }} + {{- if .Values.linstorCluster.linstorPassphraseSecret.masterPassPhrase }} + {{- true -}} + {{- end }} + {{- if and (.Values.linstorCluster.linstorPassphraseSecret.masterPassPhrase) (.Values.linstorCluster.linstorPassphraseSecret.existingSecretName) }} + {{ fail "Values of masterPassPhrase and existingSecretName was defined! Expected only one" }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Define name of secret with MASTER_PASSPHRASE in linstorCluter +*/}} +{{- define "linstor-cluster.passPhraseSecretName" }} +{{- if .Values.linstorCluster }} + {{- if .Values.linstorCluster.linstorPassphraseSecret }} + {{- if .Values.linstorCluster.linstorPassphraseSecret.masterPassPhrase }} + {{- printf "%s-passphrase" (include "linstor-cluster.fullname" .) }} + {{- else if .Values.linstorCluster.linstorPassphraseSecret.existingSecretName }} + {{- .Values.linstorCluster.linstorPassphraseSecret.existingSecretName }} + {{- end }} + {{- end }} +{{- end }} {{- end }} diff --git a/charts/linstor-cluster/templates/certificate.yaml b/charts/linstor-cluster/templates/certificate.yaml index 9be7e4e..d81f02d 100644 --- a/charts/linstor-cluster/templates/certificate.yaml +++ b/charts/linstor-cluster/templates/certificate.yaml @@ -3,12 +3,12 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ .Values.linstorCluster.apiTLS.certManager.name }} + name: {{ include "linstor-cluster.fullname" $ }}-api-tls labels: {{- include "linstor-cluster.labels" $ | nindent 4 }} spec: - commonName: {{ .Values.linstorCluster.apiTLS.certManager.name }} - secretName: {{ .Values.linstorCluster.apiTLS.certManager.name }} + commonName: {{ include "linstor-cluster.fullname" $ }}-api-tls + secretName: {{ include "linstor-cluster.fullname" $ }}-api-tls duration: 87600h0m0s # 10 years isCA: true usages: @@ -24,12 +24,12 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ .Values.linstorCluster.internalTLS.certManager.name }} + name: {{ include "linstor-cluster.fullname" $ }}-internal-tls labels: {{- include "linstor-cluster.labels" $ | nindent 4 }} spec: - commonName: {{ .Values.linstorCluster.internalTLS.certManager.name }} - secretName: {{ .Values.linstorCluster.internalTLS.certManager.name }} + commonName: {{ include "linstor-cluster.fullname" $ }}-internal-tls + secretName: {{ include "linstor-cluster.fullname" $ }}-internal-tls duration: 87600h0m0s # 10 years isCA: true usages: diff --git a/charts/linstor-cluster/templates/issuer.yaml b/charts/linstor-cluster/templates/issuer.yaml index 7368acc..a866d98 100644 --- a/charts/linstor-cluster/templates/issuer.yaml +++ b/charts/linstor-cluster/templates/issuer.yaml @@ -14,22 +14,22 @@ spec: apiVersion: cert-manager.io/v1 kind: Issuer metadata: - name: {{ .Values.linstorCluster.internalTLS.certManager.name }} + name: {{ include "linstor-cluster.fullname" $ }}-internal-tls labels: {{- include "linstor-cluster.labels" . | nindent 4 }} spec: ca: - secretName: {{ .Values.linstorCluster.internalTLS.certManager.name }} + secretName: {{ include "linstor-cluster.fullname" $ }}-internal-tls {{- end }} {{- if (include "linstor-cluster.createApiTLSCert" .) }} --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: - name: {{ .Values.linstorCluster.apiTLS.certManager.name }} + name: {{ include "linstor-cluster.fullname" $ }}-api-tls labels: {{- include "linstor-cluster.labels" . | nindent 4 }} spec: ca: - secretName: {{ .Values.linstorCluster.apiTLS.certManager.name }} + secretName: {{ include "linstor-cluster.fullname" $ }}-api-tls {{- end }} diff --git a/charts/linstor-cluster/templates/linstorcluster.yaml b/charts/linstor-cluster/templates/linstorcluster.yaml index 5952cff..ee5600a 100644 --- a/charts/linstor-cluster/templates/linstorcluster.yaml +++ b/charts/linstor-cluster/templates/linstorcluster.yaml @@ -6,14 +6,20 @@ metadata: {{- include "linstor-cluster.labels" $ | nindent 4 }} {{- with .Values.linstorCluster }} spec: - {{- with (dig "apiTLS" (dict) .) }} - apiTLS: {{- toYaml . | nindent 4 }} + {{- if (include "linstor-cluster.createApiTLSCert" $ ) }} + apiTLS: + certManager: + name: {{ include "linstor-cluster.fullname" $ }}-api-tls + kind: Issuer {{- end }} - {{- with (dig "internalTLS" (dict) .) }} - internalTLS: {{- toYaml . | nindent 4 }} + {{- if (include "linstor-cluster.createInternalTLSCert" $) }} + internalTLS: + certManager: + name: {{ include "linstor-cluster.fullname" $ }}-internal-tls + kind: Issuer {{- end }} - {{- if dig "linstorPassphraseSecret" "" . }} - linstorPassphraseSecret: {{ dig "linstorPassphraseSecret" "" . }} + {{- if (include "linstor-cluster.passPhraseSecretName" $) }} + linstorPassphraseSecret: {{ include "linstor-cluster.passPhraseSecretName" $ | trim}} {{- end }} {{- with (dig "nodeSelector" (dict) .) }} nodeSelector: {{- toYaml . | nindent 4 }} diff --git a/charts/linstor-cluster/templates/linstorsatelliteconfiguration.yaml b/charts/linstor-cluster/templates/linstorsatelliteconfiguration.yaml index e32a030..ad5d327 100644 --- a/charts/linstor-cluster/templates/linstorsatelliteconfiguration.yaml +++ b/charts/linstor-cluster/templates/linstorsatelliteconfiguration.yaml @@ -1,15 +1,16 @@ -{{- range .Values.linstorSatelliteConfiguration }} -{{- $internalTLS := include "linstor-cluster.internalTLS" $ }} +{{- range .Values.linstorSatelliteConfigurations }} apiVersion: piraeus.io/v1 kind: LinstorSatelliteConfiguration metadata: - name: {{ .name }} + name: {{ include "linstor-cluster.fullname" $ }}-{{ .name }} labels: {{- include "linstor-cluster.labels" $ | nindent 4 }} spec: - {{- if $internalTLS }} + {{- if (include "linstor-cluster.createInternalTLSCert" $ ) }} internalTLS: - {{- $internalTLS | nindent 4 }} + certManager: + name: {{ include "linstor-cluster.fullname" $ }}-internal-tls + kind: Issuer {{- end }} {{- with (dig "nodeSelector" (dict) .) }} nodeSelector: {{- toYaml . | nindent 4 }} diff --git a/charts/linstor-cluster/templates/secret.yaml b/charts/linstor-cluster/templates/secret.yaml new file mode 100644 index 0000000..4c3f2ed --- /dev/null +++ b/charts/linstor-cluster/templates/secret.yaml @@ -0,0 +1,10 @@ +{{- if (include "linstor-cluster.createPassPhraseSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "linstor-cluster.fullname" $ }}-passphrase + labels: + {{- include "linstor-cluster.labels" . | nindent 4 }} +stringData: + MASTER_PASSPHRASE: {{ .Values.linstorCluster.linstorPassphraseSecret.masterPassPhrase }} +{{- end }} diff --git a/charts/linstor-cluster/values.schema.json b/charts/linstor-cluster/values.schema.json new file mode 100644 index 0000000..6172978 --- /dev/null +++ b/charts/linstor-cluster/values.schema.json @@ -0,0 +1,126 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "linstorCluster": { + "type": "object", + "properties": { + "apiTLS": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "internalTLS": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "linstorPassphraseSecret": { + "type": "object", + "properties": { + "masterPassPhrase": { + "type": "string" + }, + "existingSecretName": { + "type": "string" + } + } + }, + "nodeSelector": { + "type": "object" + } + } + }, + "linstorSatelliteConfigurations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "patches": { + "type": "array", + "items": { + "type": "object", + "properties": { + "patch": { + "type": "string" + }, + "target": { + "type": "object", + "properties": { + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + } + } + } + } + }, + "properties": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "storagePools": { + "type": "array", + "items": { + "type": "object" + } + } + } + } + }, + "storageClasses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "allowVolumeExpansion": { + "type": "boolean" + }, + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + }, + "parameters": { + "type": "object" + }, + "provisioner": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string" + }, + "volumeBindingMode": { + "type": "string" + } + } + } + } + } +} diff --git a/charts/linstor-cluster/values.yaml b/charts/linstor-cluster/values.yaml index 6bf0cdd..dbf3993 100644 --- a/charts/linstor-cluster/values.yaml +++ b/charts/linstor-cluster/values.yaml @@ -1,23 +1,24 @@ # Definition of LinstorCluster # Ref https://github.com/piraeusdatastore/piraeus-operator/blob/v2/docs/reference/linstorcluster.md linstorCluster: {} +# # TLS options requires cert-manager (cert-manager.io) to be installed in a cluster # apiTLS: -# certManager: -# name: linstor-cluster-api-ca -# kind: Issuer +# enabled: true # internalTLS: -# certManager: -# name: linstor-cluster-internal-ca -# kind: Issuer -# # name of the secret in the namespace of the installed application. Encrypting snapshot by the passphrase. Necessary for backup on S3 -# linstorPassphraseSecret: linstor-cluster-passphrase +# enabled: true +# # This MASTER_PASSPHRASE required for encrypting and storing snapshot on S3. +# # Either define masterPassPhrase or define name of existingSecret +# linstorPassphraseSecret: +# masterPassPhrase: "shhhSuPerSecRetPassWoRd!11" +# # If you would like use existing secret, then comment out 'masterPassPhrase', end uncomment string below +# #existingSecretName: "linstor-extra-secret" # # Run the linstor-cluster on workers, which have "piraeus.io/autoplace: 'yes'" label # nodeSelector: # piraeus.io/autoplace: 'yes' -# Definition of LinstorSatelliteConfiguration +# Definition of linstorSatelliteConfigurations # Ref https://github.com/piraeusdatastore/piraeus-operator/blob/v2/docs/reference/linstorsatelliteconfiguration.md -linstorSatelliteConfiguration: [] +linstorSatelliteConfigurations: [] # # Satellites configuration list # - name: storage-satellites # # Definition of pools and devices