[charts] Refactoring some of the templates (#361)

deploy/charts/admin/templates/admin/admin-cert.yaml

@@ -1,8 +1,3 @@
-{{- $admin := .Values -}}
-{{- if not (eq (empty $admin.controlPlane.tls.general.caBundle) (empty $admin.controlPlane.tls.general.secretName)) }}
- {{ fail "You need to send both or neither of controlPlane.tls.general.caBundle and controlPlane.tls.general.secretName"}}
-{{- end }}
-{{- $caBundle := $admin.controlPlane.tls.general.caBundle }}
 {{/*
 Generate certificates
 see: https://masterminds.github.io/sprig/crypto.html
@@ -12,13 +7,16 @@ see: https://github.com/networkservicemesh/networkservicemesh/blob/804ad5026bb5d
 We only autogenerate certs if user did not chose their own secret.
 We only autogenerate certs if the cert is not yet generated. This way we keep the secrets between HELM upgrades.
 */}}
-
+{{- $admin := .Values -}}
+{{- if not (eq (empty $admin.cp.tls.caBundle) (empty $admin.cp.tls.secretName)) }}
+ {{ print "You need to send both or neither of controlPlane.tls.general.caBundle and controlPlane.tls.general.secretName"}}
+{{- end }}
+{{- $caBundle := $admin.cp.tls.caBundle }}
 {{- $namespace := include "admin.namespace" . -}}
-{{- if eq $admin.controlPlane.tls.general.secretName "" -}}
+{{- if eq $admin.cp.tls.secretName "" -}}
 {{- $cert := "" }}
 {{- $key := "" }}
 {{- $secretName := print (include "admin.name" .) "-tls-cert" }}
-
 {{- $secret := (lookup "v1" "Secret" $namespace $secretName) -}}
 {{- if $secret -}}
  {{- $cert = index $secret.data "tls.crt" -}}
@@ -38,11 +36,11 @@ We only autogenerate certs if the cert is not yet generated. This way we keep th
 ---
 apiVersion: v1
 kind: Secret
-type: kubernetes.io/tls
 metadata:
  name: {{ $secretName }}
  namespace: {{ .Release.Namespace }}
  labels: {{ include "admin.labels" . | nindent 4 }}
+type: kubernetes.io/tls
 data:
  tls.crt: {{ $cert }}
  tls.key: {{ $key }}

deploy/charts/admin/templates/admin/admin-cm.yaml

@@ -0,0 +1,17 @@
+{{ $adminCpLabels := include "admin.labels" . }}
+{{- $admin := .Values -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "admin.name" . }}-control-plane-config
+ namespace: {{ template "admin.namespace" . }}
+ labels:
+ {{- include "admin.labels" . | nindent 4 }}
+ {{- with $admin.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+data:
+ config.yaml: |
+ {{ if $admin.cp }}
+ {{ toYaml $admin.cp | nindent 4 | trim }}
+ {{ end }}

deploy/charts/admin/templates/admin/admin-dep.yaml

@@ -1,5 +1,5 @@
 {{- $admin := .Values -}}
-{{- $cp := .Values.controlPlane -}}
+{{- $cp := .Values.cp -}}
 {{- $zoo := .Values.zookeeper -}}
 {{- $nacos := .Values.nacos -}}
 {{- $observable := $admin.observable -}}
@@ -117,7 +117,7 @@ spec:
  mountPath: /var/run/secrets/dubbo.io/tls-cert/tls.key
  subPath: tls.key
  readOnly: true
- - name: general-tls-cert{{- if $cp.tls.general.caSecretName }}-ca{{- end }}
+ - name: general-tls-cert{{- if $cp.tls.caSecretName }}-ca{{- end }}
  mountPath: /var/run/secrets/dubbo.io/tls-cert/ca.crt
  subPath: ca.crt
  readOnly: true
@@ -151,19 +151,19 @@ spec:
  - name: {{ include "admin.name" . }}-control-plane-config
  configMap:
  name: {{ include "admin.name" . }}-control-plane-config
- {{- if $cp.tls.general.secretName }}
+ {{- if $cp.tls.secretName }}
  - name: general-tls-cert
  secret:
- secretName: {{ $cp.tls.general.secretName }}
+ secretName: {{ $cp.tls.secretName }}
  {{- else }}
  - name: general-tls-cert
  secret:
  secretName: {{ include "admin.name" . }}-tls-cert
  {{- end }}
- {{- if $cp.tls.general.caSecretName }}
+ {{- if $cp.tls.caSecretName }}
  - name: general-tls-cert-ca
  secret:
- secretName: {{ $cp.tls.general.caSecretName }}
+ secretName: {{ $cp.tls.caSecretName }}
  {{- end }}
  - name: storage
  {{- if $admin.persistence.enabled }}

deploy/charts/admin/templates/admin/admin-svc.yaml

@@ -35,11 +35,11 @@ spec:
  {{- end }}
  ports:
  - name: admin-http
- port: {{ $svc.web.port }}
+ port:
  targetPort: admin-http
- appProtocol: {{ $svc.web.protocol }}
+ appProtocol:
  - name: admin-xds-grpc
- port: {{ $svc.xds.port }}
+ port:
  targetPort: admin-xds-grpc
  selector:
  app: {{ template "admin.selector" . }}
@@ -85,12 +85,13 @@ spec:
  {{- end }}
  ports:
  - name: admin-http
- port: {{ $svc.web.port }}
+ port: {{ template "admin.web.port" . }}
  targetPort: admin-http
- appProtocol: {{ $svc.web.protocol }}
+ appProtocol: tcp
  - name: admin-xds-grpc
- port: {{ $svc.xds.port }}
+ port: {{ template "admin.xds.Port" . }}
  targetPort: admin-xds-grpc
+ appProtocol: tcp
  selector:
  app: {{ template "admin.selector" . }}
 {{- end -}}

deploy/charts/admin/templates/custom/_services.tpl

@@ -5,13 +5,27 @@ Return Admin Port to use.
 {{- printf "8080" -}}
 {{- end -}}
 
+{{/*
+Return xds Port to use.
+*/}}
+{{- define "admin.xds.Port" -}}
+{{- print "5678" -}}
+{{- end -}}
+
 {{/*
 Return xds Container Port to use.
 */}}
 {{- define "admin.xds.containerPort" -}}
 {{- print "5678" -}}
 {{- end -}}
 
+{{/*
+Return Admin Port to use.
+*/}}
+{{- define "admin.web.port" -}}
+{{- printf "8888" -}}
+{{- end -}}
+
 {{/*
 Return Admin Container Port to use.
 */}}

deploy/charts/admin/values.yaml

@@ -13,17 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-controlPlane:
- config:
- deployMode: universal
- mode: zone
-
- tls:
- general:
- secretName: ""
- caSecretName: ""
- caBundle: ""
-
 ## Specifies the type of Kubernetes resource, such as "Deployment" or "StatefulSet."
 deployType: Deployment
 
@@ -191,14 +180,6 @@ service:
  # Set to 'true' to publish endpoints for not-ready pods.
  publishNotReadyAddresses: true
 
- # Define the ports for the service.
- web:
- protocol: http
- port: 8888
-
- xds:
- port: 5678
-
 resources:
  # Maximum CPU and memory resources allowed for the container.
  limits:
@@ -334,6 +315,14 @@ jobs:
  # Image pull policy, available options are: Always, IfNotPresent, Never.
  pullPolicy: IfNotPresent
 
+cp:
+ mode: universal
+ topology: zone
+ tls:
+ secretName: ""
+ caSecretName: ""
+ caBundle: ""
+
 auth:
  ## Whether to enable the control-plane auth control.
  enabled: false