Simplified lookup service subpackage and overlay

carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml

@@ -1,7 +1,26 @@
 #@ load("@ytt:data", "data")
 #@ load("@ytt:library", "library")
 #@ load("@ytt:template", "template")
+#@ load("/00-package.star", "image_reference", "image_pull_policy")
+
+#@ ingress_certificate = getattr(data.values.clusterIngress.tlsCertificate, "tls.crt")
+#@ ingress_private_key = getattr(data.values.clusterIngress.tlsCertificate, "tls.key")
+#@ image =  image_reference("lookup-service")
+
+#@ if data.values.clusterIngress.tlsCertificateRef.name != None:
+#@   ingress_secret = data.values.clusterIngress.tlsCertificateRef.name
+#@ elif (ingress_certificate and ingress_private_key):
+#@   ingress_secret = "{}-tls".format(data.values.clusterIngress.domain)
+#@ end
+
+
+#@ def lookup_service_values():
+tld: #@ "{}.{}".format(data.values.lookupService.ingressPrefix, data.values.clusterIngress.domain)
+certName: #@ ingress_secret
+image: #@ image
+imagePullPolicy: #@ image_pull_policy(image)
+#@ end
 
 #@ if data.values.lookupService.enabled:
---- #@ template.replace(library.get("lookup-service").with_data_values(data.values, plain=True).eval())
+--- #@ template.replace(library.get("lookup-service").with_data_values(lookup_service_values(), plain=True).eval())
 #@ end

carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/00-package.star

@@ -40,16 +40,16 @@ def image_pull_policy(image):
   return always and "Always" or "IfNotPresent"
 end
 
-def image_pull_secrets():
-  return [item["name"] for item in data.values.clusterSecrets.pullSecretRefs]
-end
-
-def docker_config_json(host, username, password):
-  return json.encode({
-    "auths": {
-      host: {
-        "auth": base64.encode("{}:{}".format(username, password))
-      }
-    }
-  })
-end
+#! def image_pull_secrets():
+#!   return [item["name"] for item in data.values.clusterSecrets.pullSecretRefs]
+#! end
+#! 
+#! def docker_config_json(host, username, password):
+#!   return json.encode({
+#!     "auths": {
+#!       host: {
+#!         "auth": base64.encode("{}:{}".format(username, password))
+#!       }
+#!     }
+#!   })
+#! end

carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-image.yaml

@@ -1,6 +1,5 @@
 #@ load("@ytt:overlay", "overlay")
 #@ load("@ytt:data", "data")
-#@ load("/00-package.star", "image_reference", "image_pull_policy")
 
 #@overlay/match by=overlay.subset({"kind":"Deployment"})
 ---
@@ -10,6 +9,5 @@ spec:
       containers:
       #@overlay/match by="name"
       - name: lookup-service
-        #@ image = image_reference("lookup-service")
-        image: #@ image
-        imagePullPolicy: #@ image_pull_policy(image)
+        image: #@ data.values.image
+        imagePullPolicy: #@ data.values.imagePullPolicy

carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-ingress.yaml

@@ -1,29 +1,15 @@
 #@ load("@ytt:overlay", "overlay")
 #@ load("@ytt:data", "data")
 
-#@ if (hasattr(data.values.clusterIngress, "clusterIssuer") and data.values.clusterIngress.clusterIssuer != None):
-#@ ingress_secret = "wildcard"
-#@ elif data.values.clusterIngress.tlsCertificateRef.name != None:
-#@ ingress_secret = data.values.clusterIngress.tlsCertificateRef.name
-#@ else:
-#@ ingress_secret = "{}-tls".format(data.values.clusterIngress.domain)
-#@ end
-
 #@overlay/match by=overlay.subset({"kind":"Ingress"})
 ---
-#@ if/end hasattr(data.values.clusterIngress, "clusterIssuer") and data.values.clusterIngress.clusterIssuer != None:
-metadata:
-  #@overlay/match missing_ok=True
-  annotations:
-    #@overlay/match missing_ok=True
-    cert-manager.io/cluster-issuer: #@ data.values.clusterIngress.clusterIssuer
 spec:
   rules:
   #@overlay/match by=overlay.index(0)
-  - host: #@ "{}.{}".format(data.values.lookupService.ingressPrefix, data.values.clusterIngress.domain)
+  - host: #@ data.values.tld
   #@overlay/match missing_ok=True
-  #@ if/end (hasattr(data.values.clusterIngress, "clusterIssuer") and data.values.clusterIngress.clusterIssuer != None) or (data.values.clusterIngress.tlsCertificateRef.name != None):
+  #@ if/end data.values.certName != None:
   tls:
   - hosts:
-    - #@ "{}.{}".format(data.values.lookupService.ingressPrefix, data.values.clusterIngress.domain)
-    secretName: #@ ingress_secret
+    - #@ data.values.tld
+    secretName: #@ data.values.certName

carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/values-schema.yaml

@@ -0,0 +1,8 @@
+#@data/values-schema
+---
+#! Ingress
+tld: ""
+certName: ""
+#! Images
+image: ""
+imagePullPolicy: ""

carvel-packages/installer/bundle/config/ytt/config.yaml

@@ -27,6 +27,9 @@
 #@ for overlayToApply in getOverlaysFromLibrary():
 #@   overlayedValues = struct.encode(yaml.decode(yaml.encode(overlay.apply(overlayedValues, overlayToApply))))
 #@ end
+
+#! TODO: Here would be nice to calculate all the certificate specifics and then pass them to the overlayedValues
+
 #@ if data.values.debug:
 --- #@ overlayedValues
 #@ else:

carvel-packages/installer/bundle/config/ytt/values-schema.yaml

@@ -107,8 +107,8 @@ clusterInfrastructure:
       #@schema/example "[email protected]"
       #@schema/validation ("workloadIdentity for cert-manager is required for gcp based providers",lambda v: len(v) >= 1)
       cert-manager: ""
-  #@schema/title "Additional CA Certificate"
-  #@schema/desc "Additional CA Certificates to inject to the cluster. Currently only supported when provider is set to kind"
+  #@schema/title "CA Certificate"
+  #@schema/desc "CA Certificates to inject to the cluster. When provider is set to kind it'll configure cert-manager to generate certs. CA Issuers must be configured with a certificate (tls.crt) and private key (tls.key) stored in the Kubernetes secret"
   #@schema/nullable
   caCertificateRef:
     #@schema/validation min_len=1