Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-13 14:57:24 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7f33aefe10e35ff9924475998faec182ccfdbff3
charts/bitnami/kiam/templates/_helpers.tpl
Miguel Ruiz 0788e258fa [bitnami/kiam] Hotfix kiam certificates (#14685) 
Signed-off-by: Miguel Ruiz <miruiz@vmware.com>
2023-02-02 12:56:23 +01:00

103 lines
4.8 KiB
Smarty
Raw Blame History

{{/*
Return the proper kiam image name
*/}}
{{- define "kiam.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "kiam.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}}
{{- end -}}
{{/*
Create the name of the service account to use (server)
*/}}
{{- define "kiam.server.serviceAccountName" -}}
{{- if .Values.server.serviceAccount.create -}}
{{ default (printf "%s-server" (include "common.names.fullname" .)) .Values.server.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.server.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use (agent)
*/}}
{{- define "kiam.agent.serviceAccountName" -}}
{{- if .Values.agent.serviceAccount.create -}}
{{ default (printf "%s-agent" (include "common.names.fullname" .)) .Values.agent.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.agent.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Generate certificates for kiam agent and server
*/}}
{{- define "kiam.agent.gen-certs" -}}
{{- $ca := .ca | default (genCA "kiam-ca" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- $cert := genSignedCert "Kiam Agent" nil nil 365 $ca -}}
{{- $secretName := printf "%s-agent" (include "common.names.fullname" .) -}}
{{ .Values.agent.tlsCerts.certFileName }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.agent.tlsCerts.certFileName "defaultValue" $cert.Cert "context" $) }}
{{ .Values.agent.tlsCerts.keyFileName }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.agent.tlsCerts.keyFileName "defaultValue" $cert.Key "context" $) }}
{{ .Values.agent.tlsCerts.caFileName }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.agent.tlsCerts.caFileName "defaultValue" $ca.Cert "context" $) }}
{{- end -}}
{{- define "kiam.server.gen-certs" -}}
{{- $altNames := list (printf "%s-server" (include "common.names.fullname" .)) (printf "%s-server:%d" (include "common.names.fullname" .) .Values.server.service.port ) (printf "127.0.0.1:%d" .Values.server.containerPort) -}}
{{- $ca := .ca | default (genCA "kiam-ca" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- $cert := genSignedCert "Kiam Server" (list "127.0.0.1") $altNames 365 $ca -}}
{{- $secretName := printf "%s-server" (include "common.names.fullname" .) -}}
{{ .Values.server.tlsCerts.certFileName }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.server.tlsCerts.certFileName "defaultValue" $cert.Cert "context" $) }}
{{ .Values.server.tlsCerts.keyFileName }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.server.tlsCerts.keyFileName "defaultValue" $cert.Key "context" $) }}
{{ .Values.server.tlsCerts.caFileName }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.server.tlsCerts.caFileName "defaultValue" $ca.Cert "context" $) }}
{{- end -}}
{{/*
Compile all warnings into a single message.
*/}}
{{- define "kiam.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "kiam.validateValues.ports" .) -}}
{{- $messages := append $messages (include "kiam.validateValues.nodeploy" .) -}}
{{- $messages := append $messages (include "kiam.validateValues.resourceType" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message -}}
{{- end -}}
{{- end -}}
{{/* Validate values of Kiam - ports */}}
{{- define "kiam.validateValues.ports" -}}
{{- if and .Values.server.enabled .Values.server.metrics.enabled (eq .Values.server.containerPort .Values.server.metrics.port) -}}
kiam: server-ports-conflict
You enabled the metrics endpoint with the same port as the kiam server port, {{ .Values.server.containerPort }} == {{ .Values.server.metrics.port }}.
Please use a different port by setting server.metrics.port and server.containerPort with different values.
{{- end -}}
{{- end -}}
{{/* Validate values of Kiam - no deployment */}}
{{- define "kiam.validateValues.nodeploy" -}}
{{- if and (not .Values.server.enabled) (not .Values.agent.enabled) -}}
kiam: nothing-deployed
You did not deploy neither the server nor the agents. Please set at least one of the following values
server.enabled=true
agent.enabled=true
{{- end -}}
{{- end -}}
{{/* Validate values of Kiam - resource type */}}
{{- define "kiam.validateValues.resourceType" -}}
{{- if and (not (eq .Values.server.resourceType "daemonset")) (not (eq .Values.server.resourceType "deployment")) -}}
kiam: server-resource-type
Server resource type {{ .Values.server.resourceType }} is not valid, only "daemonset" and "deployment" are allowed
{{- end -}}
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink