Merge pull request #13 from codefresh-io/CR-14535

+semver: patch upd tunnels-ingress template; added exsitingSecret option; added tls-secret templates

Author: mikhail-klimko

codefresh-tunnel-server/templates/_helpers.tpl

@@ -127,3 +127,45 @@ Ingress url for tunnels
   {{- end -}}
 {{- end -}}
 
+
+{{/*
+Return true if a TLS secret object should be created for tunnels ingress
+*/}}
+{{- define "codefresh-tunnel-server.tunnels.createTlsSecret" -}}
+{{- if and .Values.tunnels.ingress.tls.enabled (not .Values.tunnels.ingress.tls.existingSecret) }}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a TLS secret object should be created for tunnel server
+*/}}
+{{- define "codefresh-tunnel-server.createTlsSecret" -}}
+{{- if and .Values.ingress.tls.enabled (not .Values.ingress.tls.existingSecret) }}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret containing TLS certificates for tunnels ingress
+*/}}
+{{- define "codefresh-tunnel-server.tunnels.tlsSecretName" -}}
+{{- $secretName := .Values.tunnels.ingress.tls.existingSecret -}}
+{{- if $secretName -}}
+    {{- printf "%s" (tpl $secretName $) -}}
+{{- else -}}
+    {{- printf "%s-tunnels-cert" (include "codefresh-tunnel-server.name" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret containing TLS certificates for tunnel server
+*/}}
+{{- define "codefresh-tunnel-server.tlsSecretName" -}}
+{{- $secretName := .Values.ingress.tls.existingSecret -}}
+{{- if $secretName -}}
+    {{- printf "%s" (tpl $secretName $) -}}
+{{- else -}}
+    {{- printf "%s-cert" (include "codefresh-tunnel-server.name" .) -}}
+{{- end -}}
+{{- end -}}

codefresh-tunnel-server/templates/tunnel-server-ingress.yaml

@@ -20,10 +20,6 @@ spec:
   tls:
   - hosts:
     - {{ .Values.ingress.host }}
-    {{- if .Values.ingress.tls.secretName }}
-    secretName: {{ .Values.ingress.tls.secretName }}
-    {{- else }}
-    {{ fail "TLS for ingress is enabled but no secretName provided"}}
-    {{- end }}
+    secretName: {{ include "codefresh-tunnel-server.tlsSecretName" . }}
   {{- end }}
 {{- end }}

codefresh-tunnel-server/templates/tunnel-server-tls-secret.yaml

@@ -0,0 +1,13 @@
+{{- if (include "codefresh-tunnel-server.createTlsSecret" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "codefresh-tunnel-server.tlsSecretName" . }}
+  labels:
+    {{- include "codefresh-tunnel-server.labels" . | nindent 4 }}
+type: kubernetes.io/tls
+data:
+  {{- $tls := buildCustomCert (required "A valid .Values.ingress.tls.cert is required!" .Values.ingress.tls.cert) (required "A valid .Values.ingress.tls.key is required!" .Values.ingress.tls.key) }}
+  tls.crt: {{ b64enc $tls.Cert }}
+  tls.key: {{ b64enc $tls.Key }}
+{{- end }}

codefresh-tunnel-server/templates/tunnels-ingress.yaml

@@ -19,11 +19,7 @@ spec:
   {{- if .Values.tunnels.ingress.tls.enabled }}
   tls:
   - hosts:
-    - {{ .Values.tunnels.ingress.host }}
-    {{- if .Values.tunnels.ingress.tls.secretName }}
-    secretName: {{ .Values.tunnels.ingress.tls.secretName }}
-    {{- else }}
-    {{ fail "TLS for ingress is enabled but no secretName provided"}}
-    {{- end }}
+    - {{ include "codefresh-tunnel-server.tunnels-ingress-host" . }}
+    secretName: {{ include "codefresh-tunnel-server.tunnels.tlsSecretName" . }}
   {{- end }}
 {{- end }}

codefresh-tunnel-server/templates/tunnels-tls-secret.yaml

@@ -0,0 +1,13 @@
+{{- if (include "codefresh-tunnel-server.tunnels.createTlsSecret" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "codefresh-tunnel-server.tunnels.tlsSecretName" . }}
+  labels:
+    {{- include "codefresh-tunnel-server.labels" . | nindent 4 }}
+type: kubernetes.io/tls
+data:
+  {{- $tls := buildCustomCert (required "A valid .Values.tunnels.ingress.tls.cert is required!" .Values.tunnels.ingress.tls.cert) (required "A valid .Values.tunnels.ingress.tls.key is required!" .Values.tunnels.ingress.tls.key) }}
+  tls.crt: {{ b64enc $tls.Cert }}
+  tls.key: {{ b64enc $tls.Key }}
+{{- end }}

codefresh-tunnel-server/tests/server_tls_test.yaml

@@ -0,0 +1,16 @@
+suite: Test tunnels ingress tls secret
+templates:
+  - tunnel-server-ingress.yaml
+  - tunnel-server-tls-secret.yaml
+tests:
+  - it: Should equal to existingSecret when existingSecret is set
+    template: tunnel-server-ingress.yaml
+    set:
+      ingress.enabled: true
+      host: register-tunnels.example.com
+      ingress.tls.enabled: true
+      ingress.tls.existingSecret: my-existing-secret
+    asserts:
+    - equal:
+        path: spec.tls[0].secretName
+        value: "my-existing-secret"

codefresh-tunnel-server/tests/tunnels_ingress_test.yaml

@@ -45,5 +45,3 @@ tests:
     asserts:
       - failedTemplate:
           errorMessage: "subdomainHost or host must be provided for tunnels ingress"
-          
-  

codefresh-tunnel-server/tests/tunnels_tls_test.yaml

@@ -0,0 +1,16 @@
+suite: Test tunnels ingress tls secret
+templates:
+  - tunnels-ingress.yaml
+  - tunnels-tls-secret.yaml
+tests:
+  - it: Should equal to existingSecret when existingSecret is set
+    template: tunnels-ingress.yaml
+    set:
+      tunnels.ingress.enabled: true
+      tunnels.subdomainHost: tunnels.example.com
+      tunnels.ingress.tls.enabled: true
+      tunnels.ingress.tls.existingSecret: my-existing-secret
+    asserts:
+    - equal:
+        path: spec.tls[0].secretName
+        value: "my-existing-secret"

codefresh-tunnel-server/values.yaml

@@ -30,7 +30,12 @@ tunnels:
     # kubernetes.io/tls-acme: "true"
     tls:
       enabled: false
-      secretName:
+      # Existing secret with TLS certificate
+      existingSecret:
+      # Custom certificate (base64 encoded)
+      cert: ""
+      # Custom private key (base64 encoded)
+      key: ""
 
 # The serive of the tunnel server
 service:
@@ -46,7 +51,12 @@ ingress:
   # kubernetes.io/tls-acme: "true"
   tls:
     enabled: false
-    secretName:
+    # Existing secret with TLS certificate
+    existingSecret:
+    # Custom certificate (base64 encoded)
+    cert: ""
+    # Custom private key (base64 encoded)
+    key: ""
 
 serviceAccount:
   create: true