Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-13 18:04:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
949186e5d7
constellation/internal/helm/charts/cilium/templates/validate.yaml
Moritz Sanft 968cdc1a38
cli: move cli/internal libraries (#2623) 
* cli: move internal packages

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: fix buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: fix exclude dir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: move back libraries that will not be used by TF provider

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-22 14:52:56 +01:00

99 lines
5.7 KiB
YAML
Raw Blame History

{{/* validate hubble config */}}
{{- if and .Values.hubble.ui.enabled (not .Values.hubble.ui.standalone.enabled) }}
{{- if not .Values.hubble.relay.enabled }}
{{ fail "Hubble UI requires .Values.hubble.relay.enabled=true" }}
{{- end }}
{{- end }}
{{- if and .Values.hubble.ui.enabled .Values.hubble.ui.standalone.enabled .Values.hubble.relay.tls.server.enabled }}
{{- if not .Values.hubble.ui.standalone.tls.certsVolume }}
{{ fail "Hubble UI in standalone with Hubble Relay server TLS enabled requires providing .Values.hubble.ui.standalone.tls.certsVolume for mounting client certificates in the backend pod" }}
{{- end }}
{{- end }}
{{- if .Values.hubble.relay.enabled }}
{{- if not .Values.hubble.enabled }}
{{ fail "Hubble Relay requires .Values.hubble.enabled=true" }}
{{- end }}
{{- end }}
{{/* validate service monitoring CRDs */}}
{{- if or (and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled) (and .Values.operator.prometheus.enabled .Values.operator.prometheus.serviceMonitor.enabled) (and .Values.proxy.prometheus.enabled .Values.envoy.prometheus.enabled .Values.envoy.prometheus.serviceMonitor.enabled) (and .Values.proxy.prometheus.enabled .Values.hubble.relay.prometheus.enabled .Values.hubble.relay.prometheus.serviceMonitor.enabled) }}
{{- if not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") }}
{{- if not .Values.prometheus.serviceMonitor.trustCRDsExist }}
{{ fail "Service Monitor requires monitoring.coreos.com/v1 CRDs. Please refer to https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml or set .Values.prometheus.serviceMonitor.trustCRDsExist=true" }}
{{- end }}
{{- end }}
{{- end }}
{{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "certmanager") }}
{{- if not .Values.hubble.tls.auto.certManagerIssuerRef }}
{{ fail "Hubble TLS certgen method=certmanager requires that user specifies .Values.hubble.tls.auto.certManagerIssuerRef" }}
{{- end }}
{{- end }}
{{- if and .Values.hubble.redact.http.headers.allow .Values.hubble.redact.http.headers.deny }}
{{ fail "Only one of .Values.hubble.redact.http.headers.allow, .Values.hubble.redact.http.headers.deny can be specified"}}
{{- end }}
{{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "certmanager") }}
{{- if not .Values.clustermesh.apiserver.tls.auto.certManagerIssuerRef }}
{{ fail "ClusterMesh TLS certgen method=certmanager requires that user specifies .Values.clustermesh.apiserver.tls.auto.certManagerIssuerRef" }}
{{- end }}
{{- end }}
{{/* validate hubble-ui specific config */}}
{{- if and .Values.hubble.ui.enabled
(ne .Values.hubble.ui.backend.image.tag "latest")
(ne .Values.hubble.ui.frontend.image.tag "latest") }}
{{- if regexReplaceAll "@.*$" .Values.hubble.ui.backend.image.tag "" | trimPrefix "v" | semverCompare "<0.9.0" }}
{{ fail "Hubble UI requires hubble.ui.backend.image.tag to be '>=v0.9.0'" }}
{{- end }}
{{- if regexReplaceAll "@.*$" .Values.hubble.ui.frontend.image.tag "" | trimPrefix "v" | semverCompare "<0.9.0" }}
{{ fail "Hubble UI requires hubble.ui.frontend.image.tag to be '>=v0.9.0'" }}
{{- end }}
{{- end }}
{{- if or .Values.ingressController.enabled .Values.gatewayAPI.enabled (eq .Values.loadBalancer.l7.backend "envoy") }}
{{- if hasKey .Values "l7Proxy" }}
{{- if not .Values.l7Proxy }}
{{ fail "Ingress or Gateway API controller or Envoy L7 Load Balancer requires .Values.l7Proxy to be set to 'true'" }}
{{- end }}
{{- end }}
{{- end }}
{{- if or .Values.envoyConfig.enabled .Values.ingressController.enabled .Values.gatewayAPI.enabled }}
{{- if or (eq (toString .Values.kubeProxyReplacement) "disabled") (and (not (hasKey .Values "kubeProxyReplacement")) (not (semverCompare ">=1.14" (default "1.14" .Values.upgradeCompatibility)))) }}
{{ fail "Ingress/Gateway API controller and EnvoyConfig require .Values.kubeProxyReplacement to be explicitly set to 'false' or 'true'" }}
{{- end }}
{{- end }}
{{- if .Values.authentication.mutual.spire.enabled }}
{{- if not .Values.authentication.enabled }}
{{ fail "SPIRE integration requires .Values.authentication.enabled=true and .Values.authentication.mutual.spire.enabled=true" }}
{{- end }}
{{- end }}
{{/* validate Cilium operator */}}
{{- if eq .Values.enableCiliumEndpointSlice true }}
{{- if eq .Values.disableEndpointCRD true }}
{{ fail "if Cilium Endpoint Slice is enabled (.Values.enableCiliumEndpointSlice=true), it requires .Values.disableEndpointCRD=false" }}
{{- end }}
{{- end }}
{{/* validate clustermesh-apiserver */}}
{{- if .Values.clustermesh.useAPIServer }}
{{- if ne .Values.identityAllocationMode "crd" }}
{{ fail (printf "The clustermesh-apiserver cannot be enabled in combination with .Values.identityAllocationMode=%s. To establish a Cluster Mesh, directly configure the parameters to access the remote kvstore through .Values.clustermesh.config" .Values.identityAllocationMode ) }}
{{- end }}
{{- if .Values.disableEndpointCRD }}
{{ fail "The clustermesh-apiserver cannot be enabled in combination with .Values.disableEndpointCRD=true" }}
{{- end }}
{{- end }}
{{- if .Values.externalWorkloads.enabled }}
{{- if ne .Values.identityAllocationMode "crd" }}
{{ fail (printf "External workloads support cannot be enabled in combination with .Values.identityAllocationMode=%s" .Values.identityAllocationMode ) }}
{{- end }}
{{- if .Values.disableEndpointCRD }}
{{ fail "External workloads support cannot be enabled in combination with .Values.disableEndpointCRD=true" }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink