rename property, disable by default

cryostatio · Nov 14, 2024 · 1be0c37 · 1be0c37
1 parent cba0709
commit 1be0c37
Show file tree

Hide file tree

Showing 12 changed files with 39 additions and 24 deletions.
diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md
diff --git a/charts/cryostat/templates/NOTES.txt b/charts/cryostat/templates/NOTES.txt
@@ -39,7 +39,7 @@
   kubectl -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.deploymentName" . }}
 
   export SVC_NAME=$(kubectl get services -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=cryostat" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}")
-{{- if or .Values.authentication.openshift.enabled .Values.oauth2Proxy.service.tls.enableSelfSigned }}
+{{- if or .Values.authentication.openshift.enabled .Values.oauth2Proxy.service.tls.selfSigned.enabled }}
   kubectl -n {{ .Release.Namespace }} port-forward svc/$SVC_NAME 8443:cryostat-https
 {{- else }}
   kubectl -n {{ .Release.Namespace }} port-forward svc/$SVC_NAME 8080:cryostat-http
@@ -63,6 +63,6 @@
 {{- else if contains "LoadBalancer" .Values.core.service.type }}
   echo http://$SERVICE_IP:{{ .Values.core.service.httpPort }}
 {{- else if contains "ClusterIP" .Values.core.service.type }}
-  {{ ternary "https" "http" (or .Values.authentication.openshift.enabled .Values.oauth2Proxy.service.tls.enableSelfSigned) }}://localhost:{{ ternary "8443" "8080" (or .Values.authentication.openshift.enabled .Values.oauth2Proxy.service.tls.enableSelfSigned) }}
+  {{ ternary "https" "http" (or .Values.authentication.openshift.enabled .Values.oauth2Proxy.service.tls.selfSigned.enabled) }}://localhost:{{ ternary "8443" "8080" (or .Values.authentication.openshift.enabled .Values.oauth2Proxy.service.tls.selfSigned.enabled) }}
 {{- end }}
   ```
diff --git a/charts/cryostat/templates/_oauth2Proxy.tpl b/charts/cryostat/templates/_oauth2Proxy.tpl
@@ -47,7 +47,7 @@ Create OAuth2 Proxy container. Configurations defined in alpha_config.yaml
       mountPath: /etc/oauth2_proxy/basicauth
       readOnly: true
     {{- end }}
-    {{- if .Values.oauth2Proxy.service.tls.enableSelfSigned }}
+    {{- if .Values.oauth2Proxy.service.tls.selfSigned.enabled }}
     - name: {{ .Release.Name }}-oauth2proxy-tls
       mountPath: /etc/tls/private
     {{- end }}

diff --git a/charts/cryostat/templates/alpha_config.yaml b/charts/cryostat/templates/alpha_config.yaml
@@ -12,7 +12,7 @@ data:
   alpha_config.yaml: |-
     server:
       BindAddress: http://0.0.0.0:4180
-      {{- if .Values.oauth2Proxy.service.tls.enableSelfSigned }}
+      {{- if .Values.oauth2Proxy.service.tls.selfSigned.enabled }}
       SecureBindAddress: https://0.0.0.0:8443
       {{- end}}
       TLS:

diff --git a/charts/cryostat/templates/cryostat_deployment.yaml b/charts/cryostat/templates/cryostat_deployment.yaml
@@ -204,7 +204,7 @@ spec:
       - name: {{ .Release.Name }}-proxy-tls
         secret:
           secretName: {{ .Release.Name }}-proxy-tls
-      {{- else if .Values.oauth2Proxy.service.tls.enableSelfSigned }}
+      {{- else if .Values.oauth2Proxy.service.tls.selfSigned.enabled }}
       - name: {{ .Release.Name }}-oauth2proxy-tls
         secret:
           secretName: {{ .Release.Name }}-oauth2proxy-tls

diff --git a/charts/cryostat/templates/cryostat_service.yaml b/charts/cryostat/templates/cryostat_service.yaml
@@ -18,7 +18,7 @@ spec:
       targetPort: 4180
       protocol: TCP
       name: cryostat-http
-    {{- if or (.Values.authentication.openshift).enabled .Values.oauth2Proxy.service.tls.enableSelfSigned }}
+    {{- if or (.Values.authentication.openshift).enabled .Values.oauth2Proxy.service.tls.selfSigned.enabled }}
     - port: 443
       targetPort: 8443
       protocol: TCP

diff --git a/charts/cryostat/templates/cryostat_tls_secret.yaml b/charts/cryostat/templates/cryostat_tls_secret.yaml
@@ -1,4 +1,4 @@
-{{- if (and (not (.Values.authentication.openshift).enabled) (.Values.oauth2Proxy.service.tls.enableSelfSigned)) }}
+{{- if (and (not (.Values.authentication.openshift).enabled) (.Values.oauth2Proxy.service.tls.selfSigned.enabled)) }}
 {{- $fullName := include "cryostat.fullname" . }}
 {{- $cert := genSelfSignedCert $fullName nil nil 365 }}
 apiVersion: v1

diff --git a/charts/cryostat/templates/tests/test-core-connection.yaml b/charts/cryostat/templates/tests/test-core-connection.yaml
@@ -5,6 +5,7 @@ metadata:
   labels:
     {{- include "cryostat.labels" . | nindent 4 }}
     app.kubernetes.io/component: test-core-connection
+    helm-test: cryostat
   annotations:
     "helm.sh/hook": test
 spec:

diff --git a/charts/cryostat/templates/tests/test-grafana-connection.yaml b/charts/cryostat/templates/tests/test-grafana-connection.yaml
@@ -5,6 +5,7 @@ metadata:
   labels:
     {{- include "cryostat.labels" . | nindent 4 }}
     app.kubernetes.io/component: test-grafana-connection
+    helm-test: cryostat
   annotations:
     "helm.sh/hook": test
 spec:

diff --git a/charts/cryostat/tests/notes_test.yaml b/charts/cryostat/tests/notes_test.yaml
@@ -107,7 +107,13 @@ tests:
               echo http://$SERVICE_IP:8181
               ```
 
-  - it: should render correct notes for ClusterIP service without ingress or route
+  - it: should render correct notes for ClusterIP service without ingress or route and TLS enabled
+    set:
+      oauth2Proxy:
+        service:
+          tls:
+            selfSigned:
+              enabled: true
     asserts:
       - equalRaw:
           value: |
@@ -135,7 +141,8 @@ tests:
       oauth2Proxy:
         service:
           tls:
-            enableSelfSigned: false
+            selfSigned:
+              enabled: false
     asserts:
       - equalRaw:
           value: |

diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json
@@ -745,10 +745,15 @@
                         "tls": {
                             "type": "object",
                             "properties": {
-                                "enableSelfSigned": {
-                                    "type": "boolean",
-                                    "description": "Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used.",
-                                    "default": true
+                                "selfSigned": {
+                                    "type": "object",
+                                    "properties": {
+                                        "enabled": {
+                                            "type": "boolean",
+                                            "description": "Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used.",
+                                            "default": true
+                                        }
+                                    }
                                 }
                             }
                         }

diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml
@@ -269,8 +269,9 @@ oauth2Proxy:
     tag: "latest"
   service:
     tls:
-      ## @param oauth2Proxy.service.tls.enableSelfSigned Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used.
-      enableSelfSigned: true
+      selfSigned:
+        ## @param oauth2Proxy.service.tls.selfSigned.enabled Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used.
+        enabled: false
   resources:
     requests:
       ## @param oauth2Proxy.resources.requests.cpu CPU resource request for the OAuth2 Proxy container.