Use Common Helm Templates (#89)

.github/workflows/pull-request.yaml

@@ -43,6 +43,8 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Touch
       run: make touch
+    - name: Build Helm Chart
+      run: helm dependency update charts/kubernetes
     - name: Golang CI/Helm Lint
       run: make lint
     - name: Build Images

.gitignore

@@ -1,5 +1,7 @@
 /bin
 /sboms
+/charts/kubernetes/Chart.lock
+/charts/kubernetes/charts
 *.swp
 cover.out
 cover.html

charts/kubernetes/Chart.yaml

@@ -4,7 +4,12 @@ description: A Helm chart for deploying Unikorn Kubernetes Service
 
 type: application
 
-version: v0.2.15
-appVersion: v0.2.15
+version: v0.2.16
+appVersion: v0.2.16
 
 icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png
+
+dependencies:
+- name: unikorn-common
+  version: v0.1.5
+  repository: https://unikorn-cloud.github.io/helm-common

charts/kubernetes/templates/_helpers.tpl

@@ -1,77 +1,6 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "unikorn.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "unikorn.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "unikorn.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "unikorn.labels" -}}
-helm.sh/chart: {{ include "unikorn.chart" . }}
-{{ include "unikorn.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "unikorn.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "unikorn.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "unikorn.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "unikorn.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
 {{/*
 Create the container images
 */}}
-{{- define "unikorn.defaultRepositoryPath" -}}
-{{- if .Values.repository }}
-{{- printf "%s/%s" .Values.repository .Values.organization }}
-{{- else }}
-{{- .Values.organization }}
-{{- end }}
-{{- end }}
-
 {{- define "unikorn.clusterManagerControllerImage" -}}
 {{- .Values.clusterManagerController.image | default (printf "%s/unikorn-cluster-manager-controller:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }}
 {{- end }}
@@ -88,22 +17,6 @@ Create the container images
 {{- .Values.server.image | default (printf "%s/unikorn-server:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }}
 {{- end }}
 
-{{/*
-Create Prometheus labels
-*/}}
-{{- define "unikorn.prometheusServiceSelector" -}}
-prometheus.unikorn-cloud.org/app: unikorn
-{{- end }}
-
-{{- define "unikorn.prometheusJobLabel" -}}
-prometheus.unikorn-cloud.org/job
-{{- end }}
-
-{{- define "unikorn.prometheusLabels" -}}
-{{ include "unikorn.prometheusServiceSelector" . }}
-{{ include "unikorn.prometheusJobLabel" . }}: {{ .job }}
-{{- end }}
-
 {{/*
 Create image pull secrets
 */}}
@@ -115,81 +28,3 @@ Create image pull secrets
 - name: docker-config
 {{- end }}
 {{- end }}
-
-{{/*
-Creates predicatable Kubernetes name compatible UUIDs from name.
-Note we always start with a letter (kubernetes DNS label requirement),
-group 3 starts with "4" (UUIDv4 aka "random") and group 4 with "8"
-(the variant aka RFC9562).
-*/}}
-{{ define "resource.id" -}}
-{{- $sum := sha256sum . -}}
-{{ printf "f%s-%s-4%s-8%s-%s" (substr 1 8 $sum) (substr 8 12 $sum) (substr 13 16 $sum) (substr 17 20 $sum) (substr 20 32 $sum) }}
-{{- end }}
-
-{{/*
-Abstractions to allow an all-in-one chart
-*/}}
-{{- define "unikorn.identity.host" -}}
-{{- if (and .Values.global .Values.global.identity .Values.global.identity.host) -}}
-{{- .Values.global.identity.host }}
-{{- else }}
-{{- .Values.identity.host }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.region.host" -}}
-{{- if (and .Values.global .Values.global.region .Values.global.region.host) -}}
-{{- .Values.global.region.host }}
-{{- else }}
-{{- .Values.region.host }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.kubernetes.host" -}}
-{{- if (and .Values.global .Values.global.kubernetes .Values.global.kubernetes.host) -}}
-{{- .Values.global.kubernetes.host }}
-{{- else }}
-{{- .Values.host }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.ingress.clusterIssuer" -}}
-{{- if (and .Values.global .Values.global.ingress .Values.global.ingress.clusterIssuer) -}}
-{{- .Values.global.ingress.clusterIssuer }}
-{{- else if .Values.ingress.clusterIssuer }}
-{{- .Values.ingress.clusterIssuer }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.identity.ca.secretNamespace" -}}
-{{- if (and .Values.global .Values.global.ca .Values.global.ca .Values.global.ca.secretNamespace) -}}
-{{- .Values.global.ca.secretNamespace }}
-{{- else if .Values.identity.caSecretNamespace }}
-{{- .Values.identity.caSecretNamespace }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.identity.ca.secretName" -}}
-{{- if (and .Values.global .Values.global.ca .Values.global.ca .Values.global.ca.secretName) -}}
-{{- .Values.global.ca.secretName }}
-{{- else if .Values.identity.caSecretName }}
-{{- .Values.identity.caSecretName }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.region.ca.secretNamespace" -}}
-{{- if (and .Values.global .Values.global.ca .Values.global.ca .Values.global.ca.secretNamespace) -}}
-{{- .Values.global.ca.secretNamespace }}
-{{- else if .Values.region.caSecretNamespace }}
-{{- .Values.region.caSecretNamespace }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.region.ca.secretName" -}}
-{{- if (and .Values.global .Values.global.ca .Values.global.ca .Values.global.ca.secretName) -}}
-{{- .Values.global.ca.secretName }}
-{{- else if .Values.region.caSecretName }}
-{{- .Values.region.caSecretName }}
-{{- end }}
-{{- end }}

charts/kubernetes/templates/cluster-controller/service.yaml

@@ -4,7 +4,6 @@ metadata:
   name: unikorn-cluster-controller
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
-    {{- include "unikorn.prometheusLabels" (dict "job" "unikorn-cluster-controller") | nindent 4 }}
 spec:
   selector:
     app: unikorn-cluster-controller

charts/kubernetes/templates/cluster-manager-controller/service.yaml

@@ -4,7 +4,6 @@ metadata:
   name: unikorn-cluster-manager-controller
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
-    {{- include "unikorn.prometheusLabels" (dict "job" "unikorn-cluster-manager-controller") | nindent 4 }}
 spec:
   selector:
     app: unikorn-cluster-manager-controller

charts/kubernetes/templates/server/deployment.yaml

@@ -19,31 +19,10 @@ spec:
         image: {{ include "unikorn.serverImage" . }}
         args:
         - --namespace={{ .Release.Namespace }}
-        {{- with $cors := .Values.cors -}}
-          {{- range $origin := $cors.allowOrigin }}
-            {{ printf "- --cors-allow-origin=%s" $origin | nindent 8 }}
-          {{- end }}
-          {{- if $cors.maxAge }}
-            {{ printf "- --cors-max-age=%s" $cors.maxAge | nindent 8 }}
-          {{- end }}
-        {{- end }}
-        - --identity-host=https://{{ include "unikorn.identity.host" .}}
-        {{- with $caSecretNamespace := ( include "unikorn.identity.ca.secretNamespace" . ) -}}
-          {{ printf "- --identity-ca-secret-namespace=%s" $caSecretNamespace | nindent 8 }}
-        {{- end }}
-        {{- with $caSecretName := ( include "unikorn.identity.ca.secretName" . ) -}}
-          {{ printf "- --identity-ca-secret-name=%s" $caSecretName | nindent 8 }}
-        {{- end }}
-        - --region-host=https://{{ include "unikorn.region.host" . }}
-        {{- with $caSecretNamespace := ( include "unikorn.region.ca.secretNamespace" . ) -}}
-          {{ printf "- --region-ca-secret-namespace=%s" $caSecretNamespace | nindent 8 }}
-        {{- end }}
-        {{- with $caSecretName := ( include "unikorn.region.ca.secretName" . ) -}}
-          {{ printf "- --region-ca-secret-name=%s" $caSecretName | nindent 8 }}
-        {{- end }}
-        {{- if .Values.otlpEndpoint -}}
-          {{ printf "- --otlp-endpoint=%s" .Values.otlpEndpoint | nindent 8 }}
-        {{- end }}
+        {{- include "unikorn.cors.flags" . | nindent 8 }}
+        {{- include "unikorn.otlp.flags" . | nindent 8 }}
+        {{- include "unikorn.identity.flags" . | nindent 8 }}
+        {{- include "unikorn.region.flags" . | nindent 8 }}
         ports:
         - name: http
           containerPort: 6080

charts/kubernetes/templates/server/ingress.yaml

@@ -6,12 +6,9 @@ metadata:
     {{- include "unikorn.labels" . | nindent 4 }}
   annotations:
   {{- with $clusterIssuer := ( include "unikorn.ingress.clusterIssuer" . ) }}
-    cert-manager.io/cluster-issuer: {{ $clusterIssuer | indent 2 }}
+    cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
   {{- end }} 
   {{- with $ingress := .Values.ingress }}
-    {{- if $ingress.issuer }}
-    cert-manager.io/issuer: {{ $ingress.issuer }}
-    {{- end }}
     {{- if $ingress.externalDns }}
     external-dns.alpha.kubernetes.io/hostname: {{ include "unikorn.kubernetes.host" . }}
     {{- end }}
@@ -29,9 +26,6 @@ spec:
     - {{ include "unikorn.kubernetes.host" . }}
     secretName: unikorn-server-ingress-tls
   rules:
-  # The the UI is written as a JAMstack application, so the API is accessed via
-  # the same host to avoid CORS, and therefore uses routing to hit the correct
-  # service.
   - host: {{ include "unikorn.kubernetes.host" . }}
     http:
       paths:

charts/kubernetes/templates/server/service.yaml

@@ -4,7 +4,6 @@ metadata:
   name: unikorn-server
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
-    {{- include "unikorn.prometheusLabels" (dict "job" "unikorn-server") | nindent 4 }}
 spec:
   selector:
     app: unikorn-server

charts/kubernetes/values.yaml

@@ -35,7 +35,8 @@ monitor:
   image:
 
 # Sets the DNS hosts/X.509 Certs.
-host: unikorn.unikorn-cloud.org
+kubernetes:
+  host: unikorn.unikorn-cloud.org
 
 # REST server specific configuration.
 server:
@@ -46,10 +47,6 @@ ingress:
   # Sets the ingress class to use.
   # class: nginx
 
-  # Cert Manager certificate issuer to use.  If not specified it will generate a
-  # self signed one.
-  issuer: ~
-
   # clusterIssuer to use.
   clusterIssuer: unikorn-issuer
 
@@ -63,24 +60,22 @@ ingress:
 #   # How long to cache the CORS preflight for, mostly useless as browsers override this.
 #   maxAge: 86400
 
+# CA file if using self signed/private certificates.
+# ca:
+#   secretNamespace: ~
+#   secretName: ~
+
 identity:
   # OIDC issuer used to discover OIDC configuration and verify access tokens.
   host: identity.unikorn-cloud.org
 
-  # CA certificate to use to verify connections to the issuer, used in development only.
-  # caSecretNamespace: ~
-  # caSecretName: ~
-
 region:
   # Region controller URL.
   host: region.unikorn-cloud.org
 
-  # CA file if using self signed/private certificates.
-  # caSecretNamespace: ~
-  # caSecretName: ~
-
 # Sets the OTLP endpoint for shipping spans.
-# otlpEndpoint: jaeger-collector.default:4318
+# otlp:
+#   endpoint: jaeger-collector.default:4318
 
 # Defines Prometheus monitoring integration.
 monitoring: