mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-16 18:07:08 -05:00
a87b7894db
* add current chart add current helm chart * disable service controller for aws ccm * add new iam roles * doc AWS internet LB + add to LB test * pass clusterName to helm for AWS LB * fix update-aws-lb chart to also include .helmignore * move chart outside services * working state * add subnet tags for AWS subnet discovery * fix .helmignore load rule with file in subdirectory * upgrade iam profile * revert new loader impl since cilium is not correctly loaded * install chart if not already present during `upgrade apply` * cleanup PR + fix build + add todos cleanup PR + add todos * shared helm pkg for cli install and bootstrapper * add link to eks docs * refactor iamMigrationCmd * delete unused helm.symwallk * move iammigrate to upgrade pkg * fixup! delete unused helm.symwallk * add to upgradecheck * remove nodeSelector from go code (Otto) * update iam docs and sort permission + remove duplicate roles * fix bug in `upgrade check` * better upgrade check output when svc version upgrade not possible * pr feedback * remove force flag in upgrade_test * use upgrader.GetUpgradeID instead of extra type * remove todos + fix check * update doc lb (leo) * remove bootstrapper helm package * Update cli/internal/cmd/upgradecheck.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * final nits * add docs for e2e upgrade test setup * Apply suggestions from code review Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/helm/loader.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/cmd/tfmigrationclient.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * fix daniel review * link to the iam permissions instead of manually updating them (agreed with leo) * disable iam upgrade in upgrade apply --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Malte Poll
130 lines
4.6 KiB
Smarty
130 lines
4.6 KiB
Smarty
{{/* vim: set filetype=mustache: */}}
|
|
{{/*
|
|
Expand the name of the chart.
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.name" -}}
|
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create a default fully qualified app name.
|
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
If release name contains chart name it will be used as a full name.
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.fullname" -}}
|
|
{{- if .Values.fullnameOverride -}}
|
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
|
{{- else -}}
|
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
|
{{- if contains $name .Release.Name -}}
|
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
|
{{- else -}}
|
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create chart name and version as used by the chart label.
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.chart" -}}
|
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Chart name prefix for resource names
|
|
Strip the "-controller" suffix from the default .Chart.Name if the nameOverride is not specified.
|
|
This enables using a shorter name for the resources, for example aws-load-balancer-webhook.
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.namePrefix" -}}
|
|
{{- $defaultNamePrefix := .Chart.Name | trimSuffix "-controller" -}}
|
|
{{- default $defaultNamePrefix .Values.nameOverride | trunc 42 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Common labels
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.labels" -}}
|
|
helm.sh/chart: {{ include "aws-load-balancer-controller.chart" . }}
|
|
{{ include "aws-load-balancer-controller.selectorLabels" . }}
|
|
{{- if .Chart.AppVersion }}
|
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
|
{{- end }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
{{- if .Values.additionalLabels }}
|
|
{{ toYaml .Values.additionalLabels }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Selector labels
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.selectorLabels" -}}
|
|
app.kubernetes.io/name: {{ include "aws-load-balancer-controller.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create the name of the service account to use
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.serviceAccountName" -}}
|
|
{{- if .Values.serviceAccount.create -}}
|
|
{{ default (include "aws-load-balancer-controller.fullname" .) .Values.serviceAccount.name }}
|
|
{{- else -}}
|
|
{{ default "default" .Values.serviceAccount.name }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create the name of the webhook service
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.webhookService" -}}
|
|
{{- printf "%s-webhook-service" (include "aws-load-balancer-controller.namePrefix" .) -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create the name of the webhook cert secret
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.webhookCertSecret" -}}
|
|
{{- printf "%s-tls" (include "aws-load-balancer-controller.namePrefix" .) -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Generate certificates for webhook
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.webhookCerts" -}}
|
|
{{- $serviceName := (include "aws-load-balancer-controller.webhookService" .) -}}
|
|
{{- $secretName := (include "aws-load-balancer-controller.webhookCertSecret" .) -}}
|
|
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName -}}
|
|
{{- if (and .Values.webhookTLS.caCert .Values.webhookTLS.cert .Values.webhookTLS.key) -}}
|
|
caCert: {{ .Values.webhookTLS.caCert | b64enc }}
|
|
clientCert: {{ .Values.webhookTLS.cert | b64enc }}
|
|
clientKey: {{ .Values.webhookTLS.key | b64enc }}
|
|
{{- else if and .Values.keepTLSSecret $secret -}}
|
|
caCert: {{ index $secret.data "ca.crt" }}
|
|
clientCert: {{ index $secret.data "tls.crt" }}
|
|
clientKey: {{ index $secret.data "tls.key" }}
|
|
{{- else -}}
|
|
{{- $altNames := list (printf "%s.%s" $serviceName .Release.Namespace) (printf "%s.%s.svc" $serviceName .Release.Namespace) (printf "%s.%s.svc.%s" $serviceName .Release.Namespace .Values.cluster.dnsDomain) -}}
|
|
{{- $ca := genCA "aws-load-balancer-controller-ca" 3650 -}}
|
|
{{- $cert := genSignedCert (include "aws-load-balancer-controller.fullname" .) nil $altNames 3650 $ca -}}
|
|
caCert: {{ $ca.Cert | b64enc }}
|
|
clientCert: {{ $cert.Cert | b64enc }}
|
|
clientKey: {{ $cert.Key | b64enc }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Convert map to comma separated key=value string
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.convertMapToCsv" -}}
|
|
{{- range $key, $value := . -}} {{ $key }}={{ $value }}, {{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create the name of the ingressClassParams
|
|
*/}}
|
|
{{- define "aws-load-balancer-controller.ingressClassParamsName" -}}
|
|
{{ default .Values.ingressClass .Values.ingressClassParams.name }}
|
|
{{- end -}}
|