constellation/internal/helm/charts/cilium/templates/clustermesh-config/_helpers.tpl

{{- define "clustermesh-config-generate-etcd-cfg" }}
{{- $cluster := index . 0 -}}
{{- $domain := index . 1 -}}
{{- $override := index . 2 -}}
{{- /* The parenthesis around $cluster.tls are required, since it can be null: https://stackoverflow.com/a/68807258 */}}
{{- $prefix := ternary "common-" (printf "%s." $cluster.name) (or (ne $override "") (empty ($cluster.tls).cert) (empty ($cluster.tls).key)) -}}

endpoints:
{{- if ne $override "" }}
- {{ $override }}
{{- else if $cluster.ips }}
- https://{{ $cluster.name }}.{{ $domain }}:{{ $cluster.port }}
{{- else }}
- https://{{ $cluster.address | required "missing clustermesh.apiserver.config.clusters.address" }}:{{ $cluster.port }}
{{- end }}
{{- if not (empty ($cluster.tls).caCert) }}
{{- /* The custom CA configuration takes effect only if a custom certificate and key are also set */}}
trusted-ca-file: /var/lib/cilium/clustermesh/{{ $prefix }}etcd-client-ca.crt
{{- else }}
trusted-ca-file: /var/lib/cilium/clustermesh/common-etcd-client-ca.crt
{{- end }}
key-file: /var/lib/cilium/clustermesh/{{ $prefix }}etcd-client.key
cert-file: /var/lib/cilium/clustermesh/{{ $prefix }}etcd-client.crt
{{- end }}
deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00			`{{- define "clustermesh-config-generate-etcd-cfg" }}`
			`{{- $cluster := index . 0 -}}`
			`{{- $domain := index . 1 -}}`
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork. 2023-10-16 19:14:53 +02:00			`{{- $override := index . 2 -}}`
			`{{- /* The parenthesis around $cluster.tls are required, since it can be null: https://stackoverflow.com/a/68807258 */}}`
			`{{- $prefix := ternary "common-" (printf "%s." $cluster.name) (or (ne $override "") (empty ($cluster.tls).cert) (empty ($cluster.tls).key)) -}}`
deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00
			`endpoints:`
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork. 2023-10-16 19:14:53 +02:00			`{{- if ne $override "" }}`
			`- {{ $override }}`
			`{{- else if $cluster.ips }}`
deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00			`- https://{{ $cluster.name }}.{{ $domain }}:{{ $cluster.port }}`
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork. 2023-10-16 19:14:53 +02:00			`{{- else }}`
deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00			`- https://{{ $cluster.address \| required "missing clustermesh.apiserver.config.clusters.address" }}:{{ $cluster.port }}`
			`{{- end }}`
deps: update cilium Bumping Cilium to also enable node-to-node encryption and node-to-node strict mode. Since the second is not upstream we use our fork. 2023-10-16 19:14:53 +02:00			`{{- if not (empty ($cluster.tls).caCert) }}`
			`{{- /* The custom CA configuration takes effect only if a custom certificate and key are also set */}}`
			`trusted-ca-file: /var/lib/cilium/clustermesh/{{ $prefix }}etcd-client-ca.crt`
			`{{- else }}`
			`trusted-ca-file: /var/lib/cilium/clustermesh/common-etcd-client-ca.crt`
			`{{- end }}`
			`key-file: /var/lib/cilium/clustermesh/{{ $prefix }}etcd-client.key`
			`cert-file: /var/lib/cilium/clustermesh/{{ $prefix }}etcd-client.crt`
deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00			`{{- end }}`