--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International
+.. License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2020 Orange. All rights reserved.
+
+.. _developer-guide-label:
+
+
+Current given templating functions
+==================================
+
+
+In order to have a consistent deployments of ONAP components, several templating
+functions are proposed in `kubernets/common/common/templates` folder.
+This file list them and gives examples for the most used.
+All these templating functions have a description in their own file, here we
+only give an overview.
+
+* conditional functions
+
+ +----------------------------------------------------+-----------------------+
+ | Function | File |
+ +----------------------------------------------------+-----------------------+
+ | `common.needPV` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.onServiceMesh` | `_serviceMesh.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.common.needTLS` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+
+* template generation functions
+
+ +----------------------------------------------------+-----------------------+
+ | Function | File |
+ +----------------------------------------------------+-----------------------+
+ | `common.masterPassword` | `_createPassword.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.createPassword` | `_createPassword.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.genName` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.getSecretName` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.envFromSecret` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.port` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.annotations.ssl` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.annotations` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.ingress` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.labels` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.matchLabels` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.resourceMetadata` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.templateMetadata` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.selectors` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.name` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.fullname` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.fullnameExplicit` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.release` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.chart` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.namespace` | `_namespace.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.repository` | `_repository.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.repository.secret` | `_repository.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.flavor` | `_resources.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.resources` | `_resources.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.storageClass` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.replicaPV` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.servicename` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.serviceMetadata` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.servicePorts` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.genericService` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.service` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.headlessService` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.rootPassUID` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.rootPassSecretName` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.userCredentialsUID` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.userCredentialsSecretName` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbService` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbPort` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbSecret` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbSecretParam` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.rootPassUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.rootPassSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.userCredentialsUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.userCredentialsSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.primaryPasswordUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.primaryPasswordSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.tplValue` | `_tplValue.tpl` |
+ +----------------------------------------------------+-----------------------+
+
+
+Passwords
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_createPassword.tpl`.
+
+* `common.masterPassword`: Resolve the master password to be used to derive
+ other passwords.
+* `common.createPassword`: Generate a new password based on masterPassword.
+
+Secrets
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_secret.yaml`.
+
+* `common.secret.genName`: Generate a secret name based on provided name or UID.
+* `common.secret.getSecretName`: Get the real secret name by UID or name, based
+ on the configuration provided by user.
+* `common.secret.envFromSecret`: Convenience template which can be used to
+ easily set the value of environment variable to the value of a key in a
+ secret.
+* `common.secret`: Define secrets to be used by chart.
+
+The most widely use templates is the last (`common.secret`).
+It should be the only (except license part) line of your secret file:
+
+.. code-block:: yaml
+
+ {{ include "common.secret" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from mariadb configuration):
+
+.. code-block:: yaml
+
+ secrets:
+ - uid: 'db-root-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.dbRootPassword }}'
+ - uid: 'db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.dbSdnctlPassword }}'
+
+Ingress
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_ingress.tpl`.
+
+* `ingress.config.port`: generate the port path on an Ingress resource.
+* `ingress.config.annotations.ssl`: generate the ssl annotations of an Ingress
+ resource.
+* `ingress.config.annotations`: generate the annotations of an Ingress resource.
+* `common.ingress`: generate an Ingress resource (if needed).
+
+The most widely use templates is the last (`common.ingress`) .
+
+It should be the only (except license part) line of your ingress file:
+
+.. code-block:: yaml
+
+ {{ include "common.ingress" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from clamp configuration):
+
+.. code-block:: yaml
+
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "clamp"
+ name: "clamp"
+ port: 443
+ config:
+ ssl: "redirect"
+
+Labels
+------
+
+These functions are defined in `kubernetes/common/common/templates/_labels.tpl`.
+
+The goal of these functions is to always create the right labels for all the
+resource in a consistent way.
+
+* `common.labels`: generate the common labels for a resource
+* `common.matchLabels`: generate the labels to match (to be used in conjunction
+ with `common.labels` or `common.resourceMetadata`)
+* `common.resourceMetadata`: generate the "top" metadatas for a resource
+ (Deployment, StatefulSet, Service, ConfigMap, ...)
+* `common.templateMetadata`: generate the metadata put in the template part
+ (for example `spec.template.metadata` for a Deployment)
+* `common.selectors`: generate the right selectors for Service / Deployment /
+ StatefulSet, ... (to be used in conjunction with `common.labels` or
+ `common.resourceMetadata`)
+
+
+Here's an example of use of these functions in a Deployment template (example
+taken on nbi):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ ...
+
+Name
+----
+
+These functions are defined in `kubernetes/common/common/templates/_name.tpl`.
+
+The goal of these functions is to always name the resource the same way.
+
+* `common.name`: Generate the name for a chart.
+* `common.fullname`: Create a default fully qualified application name.
+* `common.fullnameExplicit`: The same as common.full name but based on passed
+ dictionary instead of trying to figure out chart name on its own.
+* `common.release`: Retrieve the "original" release from the component release.
+* `common.chart`: Generate the chart name
+
+Here's an example of use of these functions in a Deployment template (example
+taken on mariadb-galera):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1beta1
+ kind: StatefulSet
+ ...
+ spec:
+ serviceName: {{ .Values.service.name }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ ...
+ spec:
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+ {{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.externalConfig }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-external-config
+ {{- end}}
+ ...
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ ...
+
+Namespace
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_namespace.tpl`.
+
+The goal of these functions is to always retrieve the namespace the same way.
+
+* `common.namespace`: Generate the namespace for a chart. Shouldn't be used
+ directly but use `common.resourceMetadata` (which uses it).
+
+
+Repository
+----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_repository.tpl`.
+
+The goal of these functions is to generate image name the same way.
+
+* `common.repository`: Resolve the name of the common image repository.
+* `common.repository.secret`: Resolve the image repository secret token.
+
+
+Resources
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_resources.tpl`.
+
+The goal of these functions is to generate resources for pods the same way.
+
+* `common.flavor`: Resolve the name of the common resource limit/request flavor.
+ Shouldn't be used alone.
+* `common.resources`: Resolve the resource limit/request flavor using the
+ desired flavor value.
+
+
+Storage
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_storage.tpl`.
+
+The goal of these functions is to generate storage part of Deployment /
+Statefulset and storage resource (PV, PVC, ...) in a consistent way.
+
+* `common.storageClass`: Expand the name of the storage class.
+* `common.needPV`: Calculate if we need a PV. If a storageClass is provided,
+ then we don't need.
+* `common.replicaPV`: Generate N PV for a statefulset
+
+
+Pod
+---
+
+These functions are defined in `kubernetes/common/common/templates/_pod.tpl`.
+
+* `common.containerPorts`: generate the port list for containers. See Service
+ part to know how to declare the port list.
+
+Here's an example of use of these functions in a Deployment template (example
+taken on nbi):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: Deployment
+ ...
+ spec:
+ ...
+ template:
+ ...
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ ports: {{- include "common.containerPorts" . | nindent 8 }
+
+
+Service
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_service.tpl`.
+
+The goal of these functions is to generate services in a consistent way.
+
+* `common.servicename`: Expand the service name for a chart.
+* `common.serviceMetadata`: Define the metadata of Service. Shouldn't be used
+ directly but used through `common.service` or `common.headlessService`.
+* `common.servicePorts`: Define the ports of Service. Shouldn't be used directly
+ but used through `common.service` or `common.headlessService`.
+* `common.genericService`: Template for creating any Service. Shouldn't be used
+ directly but used through `common.service` or `common.headlessService`. May be
+ used if you want to create a Service with some specificities (on the ports for
+ example).
+* `common.needTLS`: Calculate if we need to use TLS ports on services
+* `common.service`: Create service template.
+* `common.headlessService`: Create headless service template
+
+
+The most widely used templates are the two last (`common.service` and
+`common.headlessService`).
+It should use with only one (except license part) line of your service (or
+service-headless) file:
+
+.. code-block:: yaml
+
+ {{ include "common.service" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from nbi configuration + other
+part):
+
+.. code-block:: yaml
+
+ service:
+ type: NodePort
+ name: nbi
+ annotations:
+ my: super-annotation
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 74
+ - name: tcp-raw
+ port: 8459
+ nodePort: 89
+
+
+would generate:
+
+.. code-block:: yaml
+
+ apiVersion: v1
+ kind: Service
+ metadata:
+ annotations:
+ my: super-annotation
+ name: nbi
+ namespace: default
+ labels:
+ app.kubernetes.io/name: nbi
+ helm.sh/chart: nbi-5.0.0
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Tiller
+ spec:
+ ports:
+ - port: 8443
+ targetPort: api
+ name: https-api
+ nodePort: 30274
+ - port: 8459
+ targetPort: tcp-raw
+ name: tcp-raw
+ nodePort: 30289
+ type: NodePort
+ selector:
+ app.kubernetes.io/name: nbi
+ app.kubernetes.io/instance: release
+
+
+`plain_port` is used only if we mandate to use http (see ServiceMesh part).
+Today a port can be http or https but not both.
+headless configuration is equivalent (example taken from cassandra):
+
+.. code-block:: yaml
+
+ service:
+ name: cassandra
+ headless:
+ suffix: ""
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ publishNotReadyAddresses: true
+ headlessPorts:
+ - name: tcp-intra
+ port: 7000
+ - name: tls
+ port: 7001
+ - name: tcp-jmx
+ port: 7199
+ - name: tcp-cql
+ port: 9042
+ - name: tcp-thrift
+ port: 9160
+ - name: tcp-agent
+ port: 61621
+
+
+ServiceMesh
+-----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_serviceMesh.tpl`.
+
+The goal of these functions is to handle onboarding of ONAP on service mesh.
+
+* `common.onServiceMesh`: Calculate if we if we are on service mesh
+
+
+
+MariaDB
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_mariadb.tpl`.
+
+The goal of these functions is to simplify use of mariadb and its different
+values.
+
+* `common.mariadb.secret.rootPassUID`: UID of mariadb root password
+* `common.mariadb.secret.rootPassSecretName`: Name of mariadb root password
+ secret
+* `common.mariadb.secret.userCredentialsUID`: UID of mariadb user credentials
+* `common.mariadb.secret.userCredentialsSecretName`: Name of mariadb user
+ credentials secret
+* `common.mariadbService`: Choose the name of the mariadb service to use
+* `common.mariadbPort`: Choose the value of mariadb port to use
+* `common.mariadbSecret`: Choose the value of secret to retrieve user value
+* `common.mariadbSecretParam`: Choose the value of secret param to retrieve user
+ value
+
+PostgreSQL
+----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_postgres.tpl`.
+
+The goal of these functions is to simplify use of postgres and its different
+values.
+
+* `common.postgres.secret.rootPassUID`: UID of postgres root password
+* `common.postgres.secret.rootPassSecretName`: Name of postgres root password
+ secret
+* `common.postgres.secret.userCredentialsUID`: UID of postgres user credentials
+* `common.postgres.secret.userCredentialsSecretName`: Name of postgres user
+ credentials secret
+* `common.postgres.secret.primaryPasswordUID`: UID of postgres primary password
+* `common.postgres.secret.primaryPasswordSecretName`: Name of postgres primary
+ credentials secret
+
+
+Utilities
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_tplValue.tpl`.
+
+The goal of these functions is provide utility function, usually used in other
+templating functions.
+
+* `common.tplValue`: Renders a value that contains template.
- .dot : environment (.)
- .suffix : a string which will be added at the end of the name (with a '-').
- .annotations: the annotations to add
+ - .msb_informations: msb information in order to create msb annotation
Usage example:
{{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }}
{{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
-{{- if $annotations -}}
-annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2 }}
+ {{- $msb_informations := default "" .msb_informations -}}
+{{- if or $annotations $msb_informations -}}
+annotations:
+{{- if $annotations }}
+{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }}
+{{- end }}
+{{- if $msb_informations }}
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "{{ include "common.servicename" $dot }}",
+ "version": "{{ default "v1" $msb_informations.version }}",
+ "url": "{{ default "/" $msb_informations.url }}",
+ "protocol": "{{ default "REST" $msb_informations.protocol }}",
+ "port": "{{ $msb_informations.port }}",
+ "visualRange":"{{ default "1" $msb_informations.visualRange }}"
+ }
+ ]'
+{{- end}}
{{- end }}
name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
namespace: {{ include "common.namespace" $dot }}
The function takes three arguments (inside a dictionary):
- .dot : environment (.)
- .ports : an array of ports
- - .portType: the type of the service
- - .prefix: NodePort prefix to be used
-
+ - .serviceType: the type of the service
+ - .add_plain_port: add tls port AND plain port
*/}}
{{- define "common.servicePorts" -}}
-{{- $portType := .portType -}}
-{{- $dot := .dot -}}
-{{- range $index, $port := .ports }}
-{{- $portPrefix := default "nodePortPrefix" $port.prefix }}
+{{- $serviceType := .serviceType }}
+{{- $dot := .dot }}
+{{- $add_plain_port := default false .add_plain_port }}
+{{- range $index, $port := .ports }}
+{{- if (include "common.needTLS" $dot) }}
- port: {{ $port.port }}
targetPort: {{ $port.name }}
- {{- if (eq $portType "NodePort") }}
- nodePort: {{ index $dot.Values "global" $portPrefix | default (index $dot.Values $portPrefix) }}{{ $port.nodePort }}
- {{- end }}
+{{- if $port.port_protocol }}
+ name: {{ printf "%ss-%s" $port.port_protocol $port.name }}
+{{- else }}
name: {{ $port.name }}
-{{- end -}}
+{{- end }}
+{{- if (eq $serviceType "NodePort") }}
+ nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }}
+{{- end }}
+{{- else }}
+- port: {{ default $port.port $port.plain_port }}
+ targetPort: {{ $port.name }}
+{{- if $port.port_protocol }}
+ name: {{ printf "%s-%s" $port.port_protocol $port.name }}
+{{- else }}
+ name: {{ $port.name }}
+{{- end }}
+{{- end }}
+{{- if (and (and (include "common.needTLS" $dot) $add_plain_port) $port.plain_port) }}
+{{- if (eq $serviceType "ClusterIP") }}
+- port: {{ $port.plain_port }}
+ targetPort: {{ $port.name }}-plain
+{{- if $port.port_protocol }}
+ name: {{ printf "%s-%s" $port.port_protocol $port.name }}
+{{- else }}
+ name: {{ $port.name }}-plain
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/* Create generic service template
The function takes several arguments (inside a dictionary):
- .dot : environment (.)
- .ports : an array of ports
- - .portType: the type of the service
+ - .serviceType: the type of the service
- .suffix : a string which will be added at the end of the name (with a '-')
- .annotations: the annotations to add
+ - .msb_informations: msb information in order to create msb annotation
- .publishNotReadyAddresses: if we publish not ready address
- .headless: if the service is headless
+ - .add_plain_port: add tls port AND plain port
*/}}
{{- define "common.genericService" -}}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
+{{- $msb_informations := default "" .msb_informations -}}
{{- $publishNotReadyAddresses := default false .publishNotReadyAddresses -}}
-{{- $portType := .portType -}}
+{{- $serviceType := .serviceType -}}
{{- $ports := .ports -}}
{{- $headless := default false .headless -}}
+{{- $add_plain_port := default false .add_plain_port }}
apiVersion: v1
kind: Service
-metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "dot" $dot ) | nindent 2 }}
+metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot) | nindent 2 }}
spec:
{{- if $headless }}
clusterIP: None
{{- end }}
- ports: {{- include "common.servicePorts" (dict "portType" $portType "ports" $ports "dot" $dot) | nindent 4 }}
+ ports: {{- include "common.servicePorts" (dict "serviceType" $serviceType "ports" $ports "dot" $dot "add_plain_port" $add_plain_port) | nindent 4 }}
{{- if $publishNotReadyAddresses }}
publishNotReadyAddresses: true
{{- end }}
- type: {{ $portType }}
+ type: {{ $serviceType }}
selector: {{- include "common.matchLabels" $dot | nindent 4 }}
{{- end -}}
-{{/* Create service template */}}
+{{/*
+ Create service template
+ Will create one or two service templates according to this table:
+
+ | serviceType | both_tls_and_plain | result |
+ |---------------|--------------------|--------------|
+ | ClusterIP | any | one Service |
+ | Not ClusterIP | not present | one Service |
+ | Not ClusterIP | false | one Service |
+ | Not ClusterIP | true | two Services |
+
+ If two services are created, one is ClusterIP with both crypted and plain
+ ports and the other one is NodePort (or LoadBalancer) with crypted port only.
+*/}}
{{- define "common.service" -}}
-{{- $suffix := default "" .Values.service.suffix -}}
-{{- $annotations := default "" .Values.service.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}}
-{{- $portType := .Values.service.type -}}
-{{- $ports := .Values.service.ports -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" $portType) }}
+{{- $suffix := default "" .Values.service.suffix -}}
+{{- $annotations := default "" .Values.service.annotations -}}
+{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}}
+{{- $msb_informations := default "" .Values.service.msb -}}
+{{- $serviceType := .Values.service.type -}}
+{{- $ports := .Values.service.ports -}}
+{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }}
+{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true) }}
+{{- if (ne $serviceType "ClusterIP") }}
+---
+{{- if $suffix }}
+{{- $suffix = printf "%s-external" $suffix }}
+{{- else }}
+{{- $suffix = "external" }}
+{{- end }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }}
+{{- end }}
+{{- else }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }}
+{{- end }}
{{- end -}}
{{/* Create headless service template */}}
{{- $annotations := default "" .Values.service.headless.annotations -}}
{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}}
{{- $ports := .Values.service.headlessPorts -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" "ClusterIP" "headless" true ) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true ) }}
{{- end -}}
{{/*
{{- print "headless" }}
{{- end }}
{{- end -}}
+
+{{/*
+ Calculate if we need to use TLS ports.
+ We use TLS by default unless we're on service mesh with TLS.
+ We can also override this behavior with override toggles:
+ - .Values.global.tlsEnabled : override default TLS behavior for all charts
+ - .Values.tlsOverride : override global and default TLS on a per chart basis
+
+ this will give these combinations:
+ | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
+ |-------------|-------------------|----------------------------|------------------------|--------|
+ | not present | not present | not present | any | true |
+ | not present | not present | false | any | true |
+ | not present | not present | true | false | true |
+ | not present | not present | true | true | false |
+ | not present | true | any | any | true |
+ | not present | false | any | any | false |
+ | true | any | any | any | true |
+ | false | any | any | any | false |
+
+*/}}
+{{- define "common.needTLS" -}}
+{{- if hasKey .Values "tlsOverride" }}
+{{- if .Values.tlsOverride -}}
+true
+{{- end }}
+{{- else }}
+{{- if hasKey .Values.global "tlsEnabled" }}
+{{- if .Values.global.tlsEnabled }}
+true
+{{- end }}
+{{- else }}
+{{- if not (include "common.onServiceMesh" .) -}}
+true
+{{- else }}
+{{- if not (default false .Values.global.serviceMesh.tls) -}}
+true
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
Code Review / oom.git / commitdiff