diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml index fe5f0908..7c436695 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml @@ -1,7 +1,26 @@ #@ load("@ytt:data", "data") #@ load("@ytt:library", "library") #@ load("@ytt:template", "template") +#@ load("/00-package.star", "image_reference", "image_pull_policy") + +#@ ingress_certificate = getattr(data.values.clusterIngress.tlsCertificate, "tls.crt") +#@ ingress_private_key = getattr(data.values.clusterIngress.tlsCertificate, "tls.key") +#@ image = image_reference("lookup-service") + +#@ if data.values.clusterIngress.tlsCertificateRef.name != None: +#@ ingress_secret = data.values.clusterIngress.tlsCertificateRef.name +#@ elif (ingress_certificate and ingress_private_key): +#@ ingress_secret = "{}-tls".format(data.values.clusterIngress.domain) +#@ end + + +#@ def lookup_service_values(): +tld: #@ "{}.{}".format(data.values.lookupService.ingressPrefix, data.values.clusterIngress.domain) +certName: #@ ingress_secret +image: #@ image +imagePullPolicy: #@ image_pull_policy(image) +#@ end #@ if data.values.lookupService.enabled: ---- #@ template.replace(library.get("lookup-service").with_data_values(data.values, plain=True).eval()) +--- #@ template.replace(library.get("lookup-service").with_data_values(lookup_service_values(), plain=True).eval()) #@ end diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/00-package.star b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/00-package.star index a449d45d..43f7bc24 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/00-package.star +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/00-package.star @@ -40,16 +40,16 @@ def image_pull_policy(image): return always and "Always" or "IfNotPresent" end -def image_pull_secrets(): - return [item["name"] for item in data.values.clusterSecrets.pullSecretRefs] -end - -def docker_config_json(host, username, password): - return json.encode({ - "auths": { - host: { - "auth": base64.encode("{}:{}".format(username, password)) - } - } - }) -end +#! def image_pull_secrets(): +#! return [item["name"] for item in data.values.clusterSecrets.pullSecretRefs] +#! end +#! +#! def docker_config_json(host, username, password): +#! return json.encode({ +#! "auths": { +#! host: { +#! "auth": base64.encode("{}:{}".format(username, password)) +#! } +#! } +#! }) +#! end diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-image.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-image.yaml index bbfbdfc2..9b8d0c70 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-image.yaml +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-image.yaml @@ -1,6 +1,5 @@ #@ load("@ytt:overlay", "overlay") #@ load("@ytt:data", "data") -#@ load("/00-package.star", "image_reference", "image_pull_policy") #@overlay/match by=overlay.subset({"kind":"Deployment"}) --- @@ -10,6 +9,5 @@ spec: containers: #@overlay/match by="name" - name: lookup-service - #@ image = image_reference("lookup-service") - image: #@ image - imagePullPolicy: #@ image_pull_policy(image) \ No newline at end of file + image: #@ data.values.image + imagePullPolicy: #@ data.values.imagePullPolicy \ No newline at end of file diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-ingress.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-ingress.yaml index f8b4c3ec..95fd0599 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-ingress.yaml +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/overlays.yaml/overlay-ingress.yaml @@ -1,29 +1,15 @@ #@ load("@ytt:overlay", "overlay") #@ load("@ytt:data", "data") -#@ if (hasattr(data.values.clusterIngress, "clusterIssuer") and data.values.clusterIngress.clusterIssuer != None): -#@ ingress_secret = "wildcard" -#@ elif data.values.clusterIngress.tlsCertificateRef.name != None: -#@ ingress_secret = data.values.clusterIngress.tlsCertificateRef.name -#@ else: -#@ ingress_secret = "{}-tls".format(data.values.clusterIngress.domain) -#@ end - #@overlay/match by=overlay.subset({"kind":"Ingress"}) --- -#@ if/end hasattr(data.values.clusterIngress, "clusterIssuer") and data.values.clusterIngress.clusterIssuer != None: -metadata: - #@overlay/match missing_ok=True - annotations: - #@overlay/match missing_ok=True - cert-manager.io/cluster-issuer: #@ data.values.clusterIngress.clusterIssuer spec: rules: #@overlay/match by=overlay.index(0) - - host: #@ "{}.{}".format(data.values.lookupService.ingressPrefix, data.values.clusterIngress.domain) + - host: #@ data.values.tld #@overlay/match missing_ok=True - #@ if/end (hasattr(data.values.clusterIngress, "clusterIssuer") and data.values.clusterIngress.clusterIssuer != None) or (data.values.clusterIngress.tlsCertificateRef.name != None): + #@ if/end data.values.certName != None: tls: - hosts: - - #@ "{}.{}".format(data.values.lookupService.ingressPrefix, data.values.clusterIngress.domain) - secretName: #@ ingress_secret + - #@ data.values.tld + secretName: #@ data.values.certName diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/values-schema.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/values-schema.yaml new file mode 100644 index 00000000..80465d38 --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/values-schema.yaml @@ -0,0 +1,8 @@ +#@data/values-schema +--- +#! Ingress +tld: "" +certName: "" +#! Images +image: "" +imagePullPolicy: "" diff --git a/carvel-packages/installer/bundle/config/ytt/config.yaml b/carvel-packages/installer/bundle/config/ytt/config.yaml index 22915883..6e5aba88 100644 --- a/carvel-packages/installer/bundle/config/ytt/config.yaml +++ b/carvel-packages/installer/bundle/config/ytt/config.yaml @@ -27,6 +27,9 @@ #@ for overlayToApply in getOverlaysFromLibrary(): #@ overlayedValues = struct.encode(yaml.decode(yaml.encode(overlay.apply(overlayedValues, overlayToApply)))) #@ end + +#! TODO: Here would be nice to calculate all the certificate specifics and then pass them to the overlayedValues + #@ if data.values.debug: --- #@ overlayedValues #@ else: diff --git a/carvel-packages/installer/bundle/config/ytt/values-schema.yaml b/carvel-packages/installer/bundle/config/ytt/values-schema.yaml index 7b00af0c..1416df17 100644 --- a/carvel-packages/installer/bundle/config/ytt/values-schema.yaml +++ b/carvel-packages/installer/bundle/config/ytt/values-schema.yaml @@ -107,8 +107,8 @@ clusterInfrastructure: #@schema/example "cert-manager@my-project.iam.gserviceaccount.com" #@schema/validation ("workloadIdentity for cert-manager is required for gcp based providers",lambda v: len(v) >= 1) cert-manager: "" - #@schema/title "Additional CA Certificate" - #@schema/desc "Additional CA Certificates to inject to the cluster. Currently only supported when provider is set to kind" + #@schema/title "CA Certificate" + #@schema/desc "CA Certificates to inject to the cluster. When provider is set to kind it'll configure cert-manager to generate certs. CA Issuers must be configured with a certificate (tls.crt) and private key (tls.key) stored in the Kubernetes secret" #@schema/nullable caCertificateRef: #@schema/validation min_len=1