feat(chart): update values & doc to get started easier (#312)

* feat(chart): add documentation to all values * feat(chart): add autogenerated doc * feat(chart): make cert-manager not required and remove default datastore tls
padok-team · Jul 17, 2024 · a9df138 · a9df138
1 parent 6281786
commit a9df138
Show file tree

Hide file tree

Showing 8 changed files with 305 additions and 35 deletions.
diff --git a/deploy/charts/burrito/README.md b/deploy/charts/burrito/README.md
diff --git a/deploy/charts/burrito/templates/config.yaml b/deploy/charts/burrito/templates/config.yaml
@@ -26,9 +26,13 @@ Datastore Authorized Service Accounts
 {{- $server := printf "%s/%s" .Release.Namespace "burrito-server" }}
 {{- $datastoreAuthorizedServiceAccounts = append $datastoreAuthorizedServiceAccounts $server }}
 {{- $_ := set $config.datastore "serviceAccounts" $datastoreAuthorizedServiceAccounts }}
+{{- if .Values.hermitcrab.tls.certManager.use }}
 {{- $_ := set $config.hermitcrab "certificateSecretName" .Values.hermitcrab.tls.certManager.certificate.spec.secretName }}
+{{- else }}
+{{- $_ := set $config.hermitcrab "certificateSecretName" .Values.hermitcrab.tls.secretName }}
+{{- end }}
 {{- $_ := set $config.hermitcrab "enabled" .Values.hermitcrab.enabled }}
-{{- $_ := set $config.datastore "tls" .Values.datastore.tls.certManager.use }}
+{{- $_ := set $config.datastore "tls" .Values.datastore.tls.enabled }}
 
 
 apiVersion: v1

diff --git a/deploy/charts/burrito/templates/controllers.yaml b/deploy/charts/burrito/templates/controllers.yaml
@@ -63,7 +63,7 @@ spec:
             - name: burrito-token
               mountPath: /var/run/secrets/token
               readOnly: true
-            {{- if $.Values.datastore.tls.certManager.use }}
+            {{- if $.Values.datastore.tls.enabled }}
             - name: burrito-ca
               mountPath: /etc/ssl/certs/burrito-ca.crt
               subPath: burrito-ca.crt
@@ -92,13 +92,20 @@ spec:
                 audience: burrito
                 expirationSeconds: 3600
                 path: burrito
-        {{- if $.Values.datastore.tls.certManager.use }}
+        {{- if and $.Values.datastore.tls.enabled $.Values.datastore.tls.certManager.use }}
         - name: burrito-ca
           secret:
             secretName: {{ $.Values.datastore.tls.certManager.certificate.spec.secretName }}
             items:
               - key: ca.crt
                 path: burrito-ca.crt
+        {{- else if $.Values.datastore.tls.enabled }}
+        - name: burrito-ca
+          secret:
+            secretName: {{ $.Values.datastore.tls.secretName }}
+            items:
+              - key: {{ $.Values.datastore.tls.caKey }}
+                path: burrito-ca.crt
         {{- end }}
 {{- if .service.enabled }}
 ---

diff --git a/deploy/charts/burrito/templates/datastore.yaml b/deploy/charts/burrito/templates/datastore.yaml
@@ -1,7 +1,7 @@
 {{ $configChecksum := (include (print $.Template.BasePath "/config.yaml") . | sha256sum) }}
 
 {{- with mergeOverwrite (deepCopy .Values.global) .Values.datastore }}
-{{- if .tls.certManager.use }}
+{{- if .tls.enabled }}
 {{- $_ := set .deployment.livenessProbe.httpGet "scheme" "HTTPS" }}
 {{- $_ := set .deployment.readinessProbe.httpGet "scheme" "HTTPS" }}
 {{- else }}
@@ -64,7 +64,7 @@ spec:
             - name: burrito-config
               mountPath: /etc/burrito
               readOnly: true
-            {{- if .tls.certManager.use }}
+            {{- if .tls.enabled }}
             - name: burrito-datastore-tls
               mountPath: /etc/burrito/tls
               readOnly: true
@@ -85,10 +85,14 @@ spec:
         - name: burrito-config
           configMap:
             name: burrito-config
-        {{- if .tls.certManager.use }}
+        {{- if and .tls.enabled .tls.certManager.use }}
         - name: burrito-datastore-tls
           secret:
             secretName: {{ .tls.certManager.certificate.spec.secretName }}
+        {{- else if .tls.enabled }}
+        - name: burrito-datastore-tls
+          secret:
+            secretName: {{ .tls.secretName }}
         {{- end }}
 {{- if .service.enabled }}
 ---
@@ -136,7 +140,7 @@ subjects:
     name: burrito-datastore
     namespace: {{ $.Release.Namespace }}
 ---
-{{- if .tls.certManager.use }}
+{{- if and .tls.enabled .tls.certManager.use }}
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:

diff --git a/deploy/charts/burrito/templates/hermitcrab.yaml b/deploy/charts/burrito/templates/hermitcrab.yaml
@@ -48,21 +48,16 @@ spec:
             {{- toYaml .deployment.livenessProbe | nindent 12 }}
           readinessProbe:
             {{- toYaml .deployment.readinessProbe | nindent 12 }}
-          {{- if or .storage.emptyDir.enabled .storage.ephemeral.enabled .tls.certManager.use .deployment.extraVolumeMounts }}
           volumeMounts:
             {{- if or .storage.emptyDir.enabled .storage.ephemeral.enabled }}
             - name: provider-cache
               mountPath: /var/run/hermitcrab
             {{- end }}
-            {{- if .tls.certManager.use }}
             - name: burrito-hermitcrab-tls
               mountPath: /etc/hermitcrab/tls
-            {{- end }}
             {{- if .deployment.extraVolumeMounts }}
             {{- toYaml .deployment.extraVolumeMounts | nindent 12 }}
             {{- end }}
-          {{- end }}
-      {{- if or .storage.emptyDir.enabled .storage.ephemeral.enabled .tls.certManager.use .deployment.extraVolumes }}
       volumes:
         {{- if or .storage.emptyDir.enabled .storage.ephemeral.enabled }}
         - name: provider-cache
@@ -85,11 +80,14 @@ spec:
         - name: burrito-hermitcrab-tls
           secret:
             secretName: {{ .tls.certManager.certificate.spec.secretName }}
+        {{- else }}
+        - name: burrito-hermitcrab-tls
+          secret:
+            secretName: {{ .tls.secretName }}
         {{- end }}
         {{- if .deployment.extraVolumes }}
         {{- toYaml .deployment.extraVolumes | nindent 8 }}
         {{- end }}
-      {{- end }}
       tolerations:
         {{- toYaml .deployment.tolerations | nindent 8 }}
       nodeSelector:

diff --git a/deploy/charts/burrito/templates/issuer.yaml b/deploy/charts/burrito/templates/issuer.yaml
@@ -1,3 +1,4 @@
+{{- if or (and .Values.hermitcrab.enabled .Values.hermitcrab.tls.certManager.use) (and .Values.datastore.tls.enabled .Values.datastore.tls.certManager.use) }}
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
@@ -28,3 +29,4 @@ metadata:
 spec:
   ca:
     secretName: burrito-ca
+{{- end }}
diff --git a/deploy/charts/burrito/templates/server.yaml b/deploy/charts/burrito/templates/server.yaml
@@ -62,7 +62,7 @@ spec:
             - name: burrito-token
               mountPath: /var/run/secrets/token
               readOnly: true
-            {{- if $.Values.datastore.tls.certManager.use }}
+            {{- if $.Values.datastore.tls.enabled }}
             - name: burrito-ca
               mountPath: /etc/ssl/certs/burrito-ca.crt
               subPath: burrito-ca.crt
@@ -91,13 +91,20 @@ spec:
                 audience: burrito
                 expirationSeconds: 3600
                 path: burrito
-        {{- if $.Values.datastore.tls.certManager.use }}
+        {{- if and $.Values.datastore.tls.enabled $.Values.datastore.tls.certManager.use }}
         - name: burrito-ca
           secret:
             secretName: {{ $.Values.datastore.tls.certManager.certificate.spec.secretName }}
             items:
               - key: ca.crt
                 path: burrito-ca.crt
+        {{- else if $.Values.datastore.tls.enabled }}
+        - name: burrito-ca
+          secret:
+            secretName: {{ $.Values.datastore.tls.secretName }}
+            items:
+              - key: ca.crt
+                path: burrito-ca.crt
         {{- end }}
 {{- if .service.enabled }}
 ---