fix: proxyprotocol for private-ingress re-added, refactor of istio-ingress template

This commit is contained in:
Stefan Reimer 2021-08-26 15:00:03 +02:00
parent 70503ae483
commit e016c87680
3 changed files with 38 additions and 43 deletions

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero name: kubezero
description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart
type: application type: application
version: 1.20.8 version: 1.20.8-1
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

View File

@ -5,16 +5,19 @@ ACTION=$1
ARTIFACTS=($(echo $2 | tr "," "\n")) ARTIFACTS=($(echo $2 | tr "," "\n"))
CLUSTER=$3 CLUSTER=$3
LOCATION=${4:-""} LOCATION=${4:-""}
KUBEZERO_VERSION=${5:-""}
which yq || { echo "yq not found!"; exit 1; } which yq || { echo "yq not found!"; exit 1; }
which helm || { echo "helm not found!"; exit 1; } which helm || { echo "helm not found!"; exit 1; }
helm_version=$(helm version --short) helm_version=$(helm version --short)
echo $helm_version | grep -qe "^v3.[3-9]" || { echo "Helm version >= 3.3 required!"; exit 1; } echo $helm_version | grep -qe "^v3.[5-9]" || { echo "Helm version >= 3.5 required!"; exit 1; }
# Simulate well-known CRDs being available # Simulate well-known CRDs being available
API_VERSIONS="-a monitoring.coreos.com/v1" API_VERSIONS="-a monitoring.coreos.com/v1"
KUBE_VERSION="--kube-version $(kubectl version -o json | jq -r .serverVersion.gitVersion)" KUBE_VERSION="--kube-version $(kubectl version -o json | jq -r .serverVersion.gitVersion)"
[ -n "$KUBEZERO_VERSION" ] && KUBEZERO_VERSION="--version $KUBEZERO_VERSION"
TMPDIR=$(mktemp -d kubezero.XXX) TMPDIR=$(mktemp -d kubezero.XXX)
[ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT [ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT
@ -143,7 +146,7 @@ function get_namespace() {
function update_kubezero_argo() { function update_kubezero_argo() {
helm template $(chart_location kubezero) -f ${VALUES%%,} --set installKubeZero=true > $TMPDIR/kubezero-argocd.yaml helm template $(chart_location kubezero) -f ${VALUES%%,} --set installKubeZero=true $KUBEZERO_VERSION > $TMPDIR/kubezero-argocd.yaml
kubectl apply -f $TMPDIR/kubezero-argocd.yaml kubectl apply -f $TMPDIR/kubezero-argocd.yaml
} }
@ -203,7 +206,7 @@ function argocd-post() {
# First lets generate kubezero.yaml # First lets generate kubezero.yaml
# Add all yaml files in $CLUSTER # Add all yaml files in $CLUSTER
VALUES="$(find $CLUSTER -maxdepth 1 -name '*.yaml' | sort | tr '\n' ',')" VALUES="$(find $CLUSTER -maxdepth 1 -name '*.yaml' | sort | tr '\n' ',')"
helm template $(chart_location kubezero) -f ${VALUES%%,} > $TMPDIR/kubezero.yaml helm template $(chart_location kubezero) -f ${VALUES%%,} $KUBEZERO_VERSION > $TMPDIR/kubezero.yaml
# Resolve all the all enabled artifacts in order of their appearance # Resolve all the all enabled artifacts in order of their appearance
if [ ${ARTIFACTS[0]} == "all" ]; then if [ ${ARTIFACTS[0]} == "all" ]; then

View File

@ -1,3 +1,28 @@
{{- define "_ingress" }}
# reuse values for the two sub-charts Public and Private
enabled: {{ .enabled }}
{{- with .gateway }}
gateways:
istio-ingressgateway:
{{- toYaml . | nindent 6 }}
{{- end }}
certificates:
{{- with .dnsNames }}
- name: ingress-cert
dnsNames:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- range $cert := .certificates }}
- name: {{ $cert.name }}
dnsNames:
{{- toYaml $cert.dnsNames | nindent 4 }}
{{- end }}
{{- with .proxyProtocol }}
proxyProtocol: {{ . }}
{{- end }}
{{- end }}
{{- define "istio-ingress-values" }} {{- define "istio-ingress-values" }}
{{- with index .Values "istio-ingress" "global" }} {{- with index .Values "istio-ingress" "global" }}
@ -5,51 +30,18 @@ global:
{{- toYaml . | nindent 2 }} {{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
{{- if index .Values "istio-ingress" "public" }} {{- with index .Values "istio-ingress" "public" }}
istio-ingress: istio-ingress:
enabled: {{ index .Values "istio-ingress" "public" "enabled" }}
telemetry: telemetry:
enabled: {{ .Values.metrics.enabled }} enabled: {{ $.Values.metrics.enabled }}
{{- with index .Values "istio-ingress" "public" "gateway" }} {{- include "_ingress" . | nindent 2 }}
gateways:
istio-ingressgateway:
{{- toYaml . | nindent 6 }}
{{- end }}
certificates:
{{- with index .Values "istio-ingress" "public" "dnsNames" }}
- name: ingress-cert
dnsNames:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- range $cert := (index .Values "istio-ingress" "public" "certificates") }}
- name: {{ $cert.name }}
dnsNames:
{{- toYaml $cert.dnsNames | nindent 4 }}
{{- end }}
{{- end }} {{- end }}
{{- if index .Values "istio-ingress" "private" }} {{- with index .Values "istio-ingress" "private" }}
istio-private-ingress: istio-private-ingress:
enabled: {{ index .Values "istio-ingress" "private" "enabled" }}
telemetry: telemetry:
enabled: {{ .Values.metrics.enabled }} enabled: {{ $.Values.metrics.enabled }}
{{- with index .Values "istio-ingress" "private" "gateway" }} {{- include "_ingress" . | nindent 2 }}
gateways:
istio-ingressgateway:
{{- toYaml . | nindent 6 }}
{{- end }}
certificates:
{{- with index .Values "istio-ingress" "private" "dnsNames" }}
- name: private-ingress-cert
dnsNames:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- range $cert := (index .Values "istio-ingress" "private" "certificates") }}
- name: {{ $cert.name }}
dnsNames:
{{- toYaml $cert.dnsNames | nindent 4 }}
{{- end }}
proxyProtocol: {{ default false (index .Values "istio-ingress" "private" "proxyProtocol") }}
{{- end }} {{- end }}
{{- end }} {{- end }}