diff --git a/README.md b/README.md index 28a1051..7c2a146 100644 --- a/README.md +++ b/README.md @@ -348,15 +348,15 @@ Note that this configuration is trivial and does not follow production recommand | ingress.className | string | `"nginx"` | | | ingress.enabled | bool | `true` | | | ingress.tlsSecretName | string | `"myingress-cert"` | | -| init-cs.enabled | bool | `true` | | -| init-secrets.enabled | bool | `true` | | -| init-secrets.rbac.create | bool | `true` | | -| init-secrets.serviceAccount.create | bool | `true` | | -| init-secrets.serviceAccount.enabled | bool | `true` | | -| init-secrets.serviceAccount.name | string | `nil` | | -| init-sql.enabled | bool | `true` | | -| init-sql.env | object | `{}` | | +| initCs.enabled | bool | `true` | | | initOs.enabled | bool | `true` | | +| initSecrets.enabled | bool | `true` | | +| initSecrets.rbac.create | bool | `true` | | +| initSecrets.serviceAccount.create | bool | `true` | | +| initSecrets.serviceAccount.enabled | bool | `true` | | +| initSecrets.serviceAccount.name | string | `nil` | | +| initSql.enabled | bool | `true` | | +| initSql.env | object | `{}` | | | jaeger.agent.enabled | bool | `false` | | | jaeger.allInOne.enabled | bool | `true` | | | jaeger.collector.enabled | bool | `false` | | diff --git a/diracx/charts/cert-manager-issuer/templates/_helpers.tpl b/diracx/charts/cert-manager-issuer/templates/_helpers.tpl index 7a1904f..06d440a 100644 --- a/diracx/charts/cert-manager-issuer/templates/_helpers.tpl +++ b/diracx/charts/cert-manager-issuer/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "cert-manager-issuer.name" -}} +{{- define "certManagerIssuer.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -10,7 +10,7 @@ Expand the name of the chart. Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} -{{- define "cert-manager-issuer.fullname" -}} +{{- define "certManagerIssuer.fullname" -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -22,7 +22,7 @@ upgrades don't cause errors trying to create the already ran job. Due to the helm delete not cleaning up these jobs, we add a random value to reduce collision */}} -{{- define "cert-manager-issuer.jobname" -}} +{{- define "certManagerIssuer.jobname" -}} {{- $name := printf "%s-issuer" .Release.Name | trunc 55 | trimSuffix "-" -}} {{- printf "%s-%d" $name .Release.Revision | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -32,7 +32,7 @@ Returns the http01 solver's ingress class field. Takes the IngressClass as param If the IngressClass is "none", the field is not set. See: https://cert-manager.io/docs/configuration/acme/http01/#class */}} -{{- define "cert-manager-issuer.http01.ingress.class.field" -}} +{{- define "certManagerIssuer.http01.ingress.class.field" -}} {{- $ingressClass := . | default "" -}} {{- if ne "none" $ingressClass -}} class: {{ $ingressClass }} diff --git a/diracx/charts/cert-manager-issuer/templates/_issuer.yaml b/diracx/charts/cert-manager-issuer/templates/_issuer.yaml index 72cf058..8529c38 100644 --- a/diracx/charts/cert-manager-issuer/templates/_issuer.yaml +++ b/diracx/charts/cert-manager-issuer/templates/_issuer.yaml @@ -11,7 +11,7 @@ spec: # The ACME server URL server: {{ .Values.acme.server | quote }} # Email address used for ACME registration - email: {{ required "You must provide an email to associate with your TLS certificates. Please set certmanager-issuer.email" .Values.acme.email | quote }} + email: {{ required "You must provide an email to associate with your TLS certificates. Please set cert-manager-issuer.email" .Values.acme.email | quote }} # Name of a secret used to store the ACME account private key privateKeySecretRef: name: {{ .Release.Name }}-acme-key @@ -20,7 +20,7 @@ spec: - selector: {} http01: ingress: - {{ include "cert-manager-issuer.http01.ingress.class.field" $ingressClassName -}} + {{ include "certManagerIssuer.http01.ingress.class.field" $ingressClassName -}} {{- end }} --- {{- if index .Values "self-signed" "enabled" }} diff --git a/diracx/charts/cert-manager-issuer/templates/issuer-job.yaml b/diracx/charts/cert-manager-issuer/templates/issuer-job.yaml index fb084f3..aa9f0fd 100644 --- a/diracx/charts/cert-manager-issuer/templates/issuer-job.yaml +++ b/diracx/charts/cert-manager-issuer/templates/issuer-job.yaml @@ -1,7 +1,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ template "cert-manager-issuer.jobname" . }} + name: {{ template "certManagerIssuer.jobname" . }} namespace: {{ $.Release.Namespace }} spec: ttlSecondsAfterFinished: {{ .Values.global.batchJobTTL }} diff --git a/diracx/templates/_helpers.tpl b/diracx/templates/_helpers.tpl index 7d2bd18..2429644 100644 --- a/diracx/templates/_helpers.tpl +++ b/diracx/templates/_helpers.tpl @@ -70,102 +70,102 @@ Create the name of the service account to use {{- end }} {{/* -Return the fullname template for the init-cs job. +Return the fullname template for the initCs job. */}} -{{- define "init-cs.fullname" -}} +{{- define "initCs.fullname" -}} {{- printf "%s-init-cs" .Release.Name -}} {{- end -}} {{/* -Create a default fully qualified job name for init-cs. +Create a default fully qualified job name for initCs. Due to the job only being allowed to run once, we add the chart revision so helm upgrades don't cause errors trying to create the already ran job. Due to the helm delete not cleaning up these jobs, we add a random value to reduce collisions. */}} -{{- define "init-cs.jobname" -}} -{{- $name := include "init-cs.fullname" . | trunc 55 | trimSuffix "-" -}} +{{- define "initCs.jobname" -}} +{{- $name := include "initCs.fullname" . | trunc 55 | trimSuffix "-" -}} {{- $rand := randAlphaNum 3 | lower }} {{- printf "%s-%d-%s" $name .Release.Revision $rand | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Return the fullname template for the init-secrets job. +Return the fullname template for the initSecrets job. */}} -{{- define "init-secrets.fullname" -}} +{{- define "initSecrets.fullname" -}} {{- printf "%s-init-secrets" .Release.Name -}} {{- end -}} {{/* Return the name template for shared-secrets job. */}} -{{- define "init-secrets.name" -}} -{{- $sharedSecretValues := index .Values "init-secrets" -}} +{{- define "initSecrets.name" -}} +{{- $sharedSecretValues := index .Values "initSecrets" -}} {{- default "init-secrets" $sharedSecretValues.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Create a default fully qualified job name for init-secrets. +Create a default fully qualified job name for initSecrets. Due to the job only being allowed to run once, we add the chart revision so helm upgrades don't cause errors trying to create the already ran job. Due to the helm delete not cleaning up these jobs, we add a random value to reduce collisions. */}} -{{- define "init-secrets.jobname" -}} -{{- $name := include "init-secrets.fullname" . | trunc 55 | trimSuffix "-" -}} +{{- define "initSecrets.jobname" -}} +{{- $name := include "initSecrets.fullname" . | trunc 55 | trimSuffix "-" -}} {{- $rand := randAlphaNum 3 | lower }} {{- printf "%s-%d-%s" $name .Release.Revision $rand | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Create the name of the service account to use for init-secrets job +Create the name of the service account to use for initSecrets job */}} -{{- define "init-secrets.serviceAccountName" -}} -{{- $initSecretsValues := index .Values "init-secrets" -}} +{{- define "initSecrets.serviceAccountName" -}} +{{- $initSecretsValues := index .Values "initSecrets" -}} {{- if $initSecretsValues.serviceAccount.create -}} - {{ default (include "init-secrets.fullname" .) $initSecretsValues.serviceAccount.name }} + {{ default (include "initSecrets.fullname" .) $initSecretsValues.serviceAccount.name }} {{- else -}} {{ coalesce $initSecretsValues.serviceAccount.name .Values.global.serviceAccount.name "default" }} {{- end -}} {{- end -}} {{/* -Return the fullname template for the init-sql job. +Return the fullname template for the initSql job. */}} -{{- define "init-sql.fullname" -}} +{{- define "initSql.fullname" -}} {{- printf "%s-init-sql" .Release.Name -}} {{- end -}} {{/* -Create a default fully qualified job name for init-sql. +Create a default fully qualified job name for initSql. Due to the job only being allowed to run once, we add the chart revision so helm upgrades don't cause errors trying to create the already ran job. Due to the helm delete not cleaning up these jobs, we add a random value to reduce collisions. */}} -{{- define "init-sql.jobname" -}} -{{- $name := include "init-sql.fullname" . | trunc 55 | trimSuffix "-" -}} +{{- define "initSql.jobname" -}} +{{- $name := include "initSql.fullname" . | trunc 55 | trimSuffix "-" -}} {{- $rand := randAlphaNum 3 | lower }} {{- printf "%s-%d-%s" $name .Release.Revision $rand | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Return the fullname template for the init-os job. +Return the fullname template for the initOs job. */}} -{{- define "init-os.fullname" -}} +{{- define "initOs.fullname" -}} {{- printf "%s-init-os" .Release.Name -}} {{- end -}} {{/* -Create a default fully qualified job name for init-os. +Create a default fully qualified job name for initOs. Due to the job only being allowed to run once, we add the chart revision so helm upgrades don't cause errors trying to create the already ran job. Due to the helm delete not cleaning up these jobs, we add a random value to reduce collisions. */}} -{{- define "init-os.jobname" -}} -{{- $name := include "init-os.fullname" . | trunc 55 | trimSuffix "-" -}} +{{- define "initOs.jobname" -}} +{{- $name := include "initOs.fullname" . | trunc 55 | trimSuffix "-" -}} {{- $rand := randAlphaNum 3 | lower }} {{- printf "%s-%d-%s" $name .Release.Revision $rand | trunc 63 | trimSuffix "-" -}} {{- end -}} diff --git a/diracx/templates/diracx/init-cs/configmap.yaml b/diracx/templates/diracx/init-cs/configmap.yaml index 263f091..d0d7708 100644 --- a/diracx/templates/diracx/init-cs/configmap.yaml +++ b/diracx/templates/diracx/init-cs/configmap.yaml @@ -1,9 +1,8 @@ -{{- $initCSValues := index .Values "init-cs" "enabled" -}} -{{- if $initCSValues -}} +{{- if .Values.initCs.enabled -}} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "init-cs.fullname" . }} + name: {{ template "initCs.fullname" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install diff --git a/diracx/templates/diracx/init-cs/job.yaml b/diracx/templates/diracx/init-cs/job.yaml index e83a7b7..e7a0093 100644 --- a/diracx/templates/diracx/init-cs/job.yaml +++ b/diracx/templates/diracx/init-cs/job.yaml @@ -1,5 +1,4 @@ -{{- $initCSValues := index .Values "init-cs" -}} -{{- if $initCSValues.enabled }} +{{- if .Values.initCs.enabled }} {{/* Define common volume mounts for reusability */}} {{- $commonVolumeMounts := list }} @@ -23,7 +22,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ template "init-cs.jobname" . }} + name: {{ template "initCs.jobname" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install @@ -33,7 +32,7 @@ spec: template: metadata: annotations: - {{- range $key, $value := $initCSValues.annotations }} + {{- range $key, $value := .Values.initCs.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: @@ -49,11 +48,11 @@ spec: - name: scripts mountPath: /scripts resources: - {{- toYaml $initCSValues.resources | nindent 12 }} + {{- toYaml .Values.initCs.resources | nindent 12 }} volumes: - name: scripts configMap: - name: {{ template "init-cs.fullname" . }} + name: {{ template "initCs.fullname" . }} - name: cs-store-mount persistentVolumeClaim: claimName: pvc-cs-store diff --git a/diracx/templates/diracx/init-os/configmap.yaml b/diracx/templates/diracx/init-os/configmap.yaml index 7fffc65..c8d7525 100644 --- a/diracx/templates/diracx/init-os/configmap.yaml +++ b/diracx/templates/diracx/init-os/configmap.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "init-os.fullname" . }} + name: {{ template "initOs.fullname" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-install,pre-upgrade diff --git a/diracx/templates/diracx/init-os/job.yaml b/diracx/templates/diracx/init-os/job.yaml index decf861..1c80c72 100644 --- a/diracx/templates/diracx/init-os/job.yaml +++ b/diracx/templates/diracx/init-os/job.yaml @@ -22,7 +22,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ template "init-os.jobname" . }} + name: {{ template "initOs.jobname" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-install,pre-upgrade @@ -67,7 +67,7 @@ spec: volumes: - name: scripts configMap: - name: {{ template "init-os.fullname" . }} + name: {{ template "initOs.fullname" . }} {{- if and .Values.developer.enabled .Values.developer.mountedPythonModulesToInstall }} - name: diracx-code-mount persistentVolumeClaim: diff --git a/diracx/templates/diracx/init-secrets/configmap.yaml b/diracx/templates/diracx/init-secrets/configmap.yaml index d333791..0956a43 100644 --- a/diracx/templates/diracx/init-secrets/configmap.yaml +++ b/diracx/templates/diracx/init-secrets/configmap.yaml @@ -1,9 +1,8 @@ -{{- $initSecretsValues := index .Values "init-secrets" "enabled" -}} -{{- if $initSecretsValues -}} +{{- if .Values.initSecrets.enabled -}} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "init-secrets.fullname" . }} + name: {{ template "initSecrets.fullname" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade diff --git a/diracx/templates/diracx/init-secrets/job.yaml b/diracx/templates/diracx/init-secrets/job.yaml index 72514f8..f6ae345 100644 --- a/diracx/templates/diracx/init-secrets/job.yaml +++ b/diracx/templates/diracx/init-secrets/job.yaml @@ -1,10 +1,9 @@ -{{- $initSecretsValues := index .Values "init-secrets" -}} -{{- if $initSecretsValues.enabled }} +{{- if .Values.initSecrets.enabled }} apiVersion: batch/v1 kind: Job metadata: - name: {{ template "init-secrets.jobname" . }} + name: {{ template "initSecrets.jobname" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade @@ -15,12 +14,12 @@ spec: template: metadata: annotations: - {{- range $key, $value := $initSecretsValues.annotations }} + {{- range $key, $value := .Values.initSecrets.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: restartPolicy: Never - serviceAccountName: {{ template "init-secrets.serviceAccountName" . }} + serviceAccountName: {{ template "initSecrets.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: ghcr.io/diracgrid/diracx/secret-generation:latest @@ -30,9 +29,9 @@ spec: - name: scripts mountPath: /scripts resources: - {{- toYaml $initSecretsValues.resources | nindent 12 }} + {{- toYaml .Values.initSecrets.resources | nindent 12 }} volumes: - name: scripts configMap: - name: {{ template "init-secrets.fullname" . }} + name: {{ template "initSecrets.fullname" . }} {{- end }} diff --git a/diracx/templates/diracx/init-secrets/rbac-config.yaml b/diracx/templates/diracx/init-secrets/rbac-config.yaml index 789ded6..f4a1a7c 100644 --- a/diracx/templates/diracx/init-secrets/rbac-config.yaml +++ b/diracx/templates/diracx/init-secrets/rbac-config.yaml @@ -1,10 +1,9 @@ -{{- $initSecretsValues := index .Values "init-secrets" }} -{{- if and $initSecretsValues.enabled $initSecretsValues.rbac.create -}} -{{- if $initSecretsValues.serviceAccount.create -}} +{{- if and .Values.initSecrets.enabled .Values.initSecrets.rbac.create -}} +{{- if .Values.initSecrets.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "init-secrets.serviceAccountName" . }} + name: {{ template "initSecrets.serviceAccountName" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install,pre-upgrade @@ -15,11 +14,11 @@ metadata: kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ template "init-secrets.fullname" . }} + name: {{ template "initSecrets.fullname" . }} namespace: {{ .Release.Namespace }} labels: - app: {{ template "init-secrets.name" . }} - chart: init-secrets-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "initSecrets.name" . }} + chart: initSecrets-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: @@ -34,11 +33,11 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "init-secrets.fullname" . }} + name: {{ template "initSecrets.fullname" . }} namespace: {{ .Release.Namespace }} labels: - app: {{ template "init-secrets.name" . }} - chart: init-secrets-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "initSecrets.name" . }} + chart: initSecrets-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: @@ -48,9 +47,9 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "init-secrets.fullname" . }} + name: {{ template "initSecrets.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "init-secrets.serviceAccountName" . }} + name: {{ template "initSecrets.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end}} diff --git a/diracx/templates/diracx/init-sql/configmap.yaml b/diracx/templates/diracx/init-sql/configmap.yaml index 99ad57e..4577a74 100644 --- a/diracx/templates/diracx/init-sql/configmap.yaml +++ b/diracx/templates/diracx/init-sql/configmap.yaml @@ -1,9 +1,8 @@ -{{- $initSQLValues := index .Values "init-sql" "enabled" -}} -{{- if $initSQLValues -}} +{{- if .Values.initSql.enabled -}} apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "init-sql.fullname" . }} + name: {{ template "initSql.fullname" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-install,pre-upgrade diff --git a/diracx/templates/diracx/init-sql/job.yaml b/diracx/templates/diracx/init-sql/job.yaml index 4aadffe..3dd7eb5 100644 --- a/diracx/templates/diracx/init-sql/job.yaml +++ b/diracx/templates/diracx/init-sql/job.yaml @@ -1,5 +1,4 @@ -{{- $initSQLValues := index .Values "init-sql" -}} -{{- if $initSQLValues.enabled }} +{{- if .Values.initSql.enabled }} {{/* Define common volume mounts for reusability */}} {{- $commonVolumeMounts := list }} @@ -22,7 +21,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ template "init-sql.jobname" . }} + name: {{ template "initSql.jobname" . }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-install,pre-upgrade @@ -32,7 +31,7 @@ spec: template: metadata: annotations: - {{- range $key, $value := $initSQLValues.annotations }} + {{- range $key, $value := .Values.initSql.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} spec: @@ -63,11 +62,11 @@ spec: key: DIRACX_DB_URL_{{ $dbName | upper }} {{- end }} resources: - {{- toYaml $initSQLValues.resources | nindent 12 }} + {{- toYaml .Values.initSql.resources | nindent 12 }} volumes: - name: scripts configMap: - name: {{ template "init-sql.fullname" . }} + name: {{ template "initSql.fullname" . }} {{- if and .Values.developer.enabled .Values.developer.mountedPythonModulesToInstall }} - name: diracx-code-mount persistentVolumeClaim: diff --git a/diracx/values.yaml b/diracx/values.yaml index 1f225aa..1332188 100644 --- a/diracx/values.yaml +++ b/diracx/values.yaml @@ -61,11 +61,11 @@ securityContext: ################# -init-cs: +initCs: # Automatically initialize the repository in the CS volume enabled: true -init-secrets: +initSecrets: enabled: true rbac: create: true @@ -74,7 +74,7 @@ init-secrets: create: true name: # Specify a pre-existing ServiceAccount name -init-sql: +initSql: # Should DiracX include an init container which manages the SQL DB schema? enabled: true env: {}