diff --git a/charts/cryostat/templates/NOTES.txt b/charts/cryostat/templates/NOTES.txt index fa9375a..133c8c4 100644 --- a/charts/cryostat/templates/NOTES.txt +++ b/charts/cryostat/templates/NOTES.txt @@ -39,11 +39,7 @@ kubectl -n {{ .Release.Namespace }} wait --for=condition=available --timeout=60s deploy/{{ include "cryostat.deploymentName" . }} export SVC_NAME=$(kubectl get services -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cryostat.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=cryostat" --sort-by=.metadata.creationTimestamp -o jsonpath="{.items[-1:].metadata.name}") -{{- if or .Values.authentication.openshift.enabled .Values.oauth2Proxy.tls.selfSigned.enabled }} - kubectl -n {{ .Release.Namespace }} port-forward svc/$SVC_NAME 8443:https -{{- else }} - kubectl -n {{ .Release.Namespace }} port-forward svc/$SVC_NAME 8080:http -{{- end }} + kubectl -n {{ .Release.Namespace }} port-forward svc/$SVC_NAME {{ include "cryostat.core.service.port" . }}:{{ include "cryostat.core.service.scheme" . }} ``` {{- $listNum = add1 $listNum }} {{- end }} @@ -63,6 +59,6 @@ {{- else if contains "LoadBalancer" .Values.core.service.type }} echo http://$SERVICE_IP:{{ .Values.core.service.httpPort }} {{- else if contains "ClusterIP" .Values.core.service.type }} - {{ ternary "https" "http" (or .Values.authentication.openshift.enabled .Values.oauth2Proxy.tls.selfSigned.enabled) }}://localhost:{{ ternary "8443" "8080" (or .Values.authentication.openshift.enabled .Values.oauth2Proxy.tls.selfSigned.enabled) }} + {{ include "cryostat.core.service.scheme" . }}://localhost:{{ include "cryostat.core.service.port" . }} {{- end }} ``` diff --git a/charts/cryostat/templates/_helpers.tpl b/charts/cryostat/templates/_helpers.tpl index 518e294..0a8e7e5 100644 --- a/charts/cryostat/templates/_helpers.tpl +++ b/charts/cryostat/templates/_helpers.tpl @@ -62,6 +62,27 @@ Create the name of the service account to use. {{- end }} {{- end }} +{{/* +Cryostat service TLS enablement. Returns the string values "true" or "false". +*/}} +{{- define "cryostat.core.service.tls" -}} +{{ or .Values.authentication.openshift.enabled .Values.oauth2Proxy.tls.selfSigned.enabled }} +{{- end }} + +{{/* +Cryostat service protocol. HTTPS if TLS is enabled, HTTP otherwise. +*/}} +{{- define "cryostat.core.service.scheme" -}} +{{ ternary "https" "http" ( include "cryostat.core.service.tls" . | eq "true" ) }} +{{- end }} + +{{/* +Cryostat service port. 8443 if TLS is enabled, 8080 otherwise. +*/}} +{{- define "cryostat.core.service.port" -}} +{{ ternary 8443 8080 ( ( include "cryostat.core.service.scheme" . ) | eq "https" ) }} +{{- end }} + {{/* Get or generate a default connection key for database. */}} diff --git a/charts/cryostat/templates/cryostat_deployment.yaml b/charts/cryostat/templates/cryostat_deployment.yaml index 76db1b5..882c5cb 100644 --- a/charts/cryostat/templates/cryostat_deployment.yaml +++ b/charts/cryostat/templates/cryostat_deployment.yaml @@ -75,7 +75,7 @@ spec: - name: QUARKUS_REST_CLIENT_EXTENSIONS_API_VERIFY_HOST value: "false" - name: QUARKUS_REST_CLIENT_REPORTS_URL - value: {{ printf "%s://cryostat:$(REPORTS_PASS_SECRET_KEY)@%s-reports.%s.svc:%d" (ternary "https" "http" (or (.Values.authentication.openshift).enabled .Values.oauth2Proxy.tls.selfSigned.enabled)) $fullName $.Release.Namespace (int .Values.reports.service.httpPort) }} + value: {{ printf "%s://cryostat:$(REPORTS_PASS_SECRET_KEY)@%s-reports.%s.svc:%d" (include "cryostat.core.service.scheme" .) $fullName $.Release.Namespace (int .Values.reports.service.httpPort) }} {{- end }} - name: QUARKUS_DATASOURCE_USERNAME value: cryostat diff --git a/charts/cryostat/templates/cryostat_service.yaml b/charts/cryostat/templates/cryostat_service.yaml index 7cf7b61..36261e4 100644 --- a/charts/cryostat/templates/cryostat_service.yaml +++ b/charts/cryostat/templates/cryostat_service.yaml @@ -19,7 +19,7 @@ spec: protocol: TCP name: http appProtocol: http - {{- if or (.Values.authentication.openshift).enabled .Values.oauth2Proxy.tls.selfSigned.enabled }} + {{- if ( include "cryostat.core.service.tls" . | eq "true" ) }} - port: 443 targetPort: 8443 protocol: TCP diff --git a/charts/cryostat/templates/cryostat_tls_secret.yaml b/charts/cryostat/templates/cryostat_tls_secret.yaml index 13fea26..0d05745 100644 --- a/charts/cryostat/templates/cryostat_tls_secret.yaml +++ b/charts/cryostat/templates/cryostat_tls_secret.yaml @@ -1,4 +1,4 @@ -{{- if (and (not (.Values.authentication.openshift).enabled) (.Values.oauth2Proxy.tls.selfSigned.enabled)) }} +{{- if ( include "cryostat.core.service.tls" . | eq "true" ) }} {{- $fullName := include "cryostat.fullname" . }} {{- $cert := genSelfSignedCert $fullName nil nil 365 }} apiVersion: v1 diff --git a/charts/cryostat/templates/reports_service.yaml b/charts/cryostat/templates/reports_service.yaml index 6ab4aad..a54836a 100644 --- a/charts/cryostat/templates/reports_service.yaml +++ b/charts/cryostat/templates/reports_service.yaml @@ -11,7 +11,7 @@ spec: type: {{ .Values.reports.service.type }} ports: - port: {{ .Values.reports.service.httpPort }} - targetPort: {{ ternary "https" "http" (or (.Values.authentication.openshift).enabled .Values.oauth2Proxy.tls.selfSigned.enabled) }} + targetPort: {{ include "cryostat.core.service.scheme" . }} selector: {{- include "cryostat.selectorLabels" $ | nindent 4 }} app.kubernetes.io/component: reports diff --git a/charts/cryostat/templates/reports_tls_secret.yaml b/charts/cryostat/templates/reports_tls_secret.yaml index 4828808..a27d0d0 100644 --- a/charts/cryostat/templates/reports_tls_secret.yaml +++ b/charts/cryostat/templates/reports_tls_secret.yaml @@ -1,4 +1,4 @@ -{{- if (and (not (.Values.authentication.openshift).enabled) (.Values.oauth2Proxy.tls.selfSigned.enabled)) }} +{{- if ( include "cryostat.core.service.tls" | eq "true" ) }} {{- $fullName := include "cryostat.fullname" . }} {{- $cert := genSelfSignedCert (printf "%s-reports" $fullName) nil nil 365 }} apiVersion: v1