diff --git a/charts/plgd-hub/README.md b/charts/plgd-hub/README.md index 70e19d9b7..307b9229d 100644 --- a/charts/plgd-hub/README.md +++ b/charts/plgd-hub/README.md @@ -77,7 +77,8 @@ global: | certificateauthority.image.repository | string | `"plgd-dev/hub/certificate-authority"` | Image repository | | certificateauthority.image.tag | string | `nil` | Image tag. | | certificateauthority.imagePullSecrets | string | `nil` | Image pull secrets | -| certificateauthority.ingress.annotations | object | `{}` | Ingress annotations | +| certificateauthority.ingress.annotations | object | `{"ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/backend-protocol":"GRPCS","nginx.ingress.kubernetes.io/enable-cors":"true","nginx.org/grpc-services":"{{ include \"plgd-hub.certificateauthority.fullname\" . }}"}` | Pre defined map of Ingress annotation | +| certificateauthority.ingress.customAnnotations | object | `{}` | Custom map of Ingress annotation | | certificateauthority.ingress.enabled | bool | `true` | Enable ingress | | certificateauthority.ingress.paths | list | `["/certificateauthority.pb.CertificateAuthority/SignIdentityCertificate"]` | Paths | | certificateauthority.initContainersTpl | string | `nil` | Init containers definition | @@ -113,7 +114,7 @@ global: | certmanager.coap.cert.key.size | string | `nil` | Certificate key size | | certmanager.coap.cert.renewBefore | string | `nil` | Certificate renew before | | certmanager.coap.issuer.annotations | object | `{}` | Annotations | -| certmanager.coap.issuer.kind | string | `nil` | Kind | +| certmanager.coap.issuer.kind | string | `nil` | Kind of coap issuer | | certmanager.coap.issuer.labels | object | `{}` | Labels | | certmanager.coap.issuer.name | string | `nil` | Name | | certmanager.coap.issuer.spec | string | `nil` | cert-manager issuer spec | @@ -147,7 +148,7 @@ global: | certmanager.external.cert.key.size | string | `nil` | Certificate key size | | certmanager.external.cert.renewBefore | string | `nil` | Certificate renew before | | certmanager.external.issuer.annotations | object | `{}` | Annotations | -| certmanager.external.issuer.kind | string | `nil` | Kind | +| certmanager.external.issuer.kind | string | `nil` | Kind of external issuer | | certmanager.external.issuer.labels | object | `{}` | Labels | | certmanager.external.issuer.name | string | `nil` | Name | | certmanager.external.issuer.spec | string | `nil` | cert-manager issuer spec | @@ -157,7 +158,7 @@ global: | certmanager.internal.cert.renewBefore | string | `nil` | Certificate renew before | | certmanager.internal.issuer | object | `{"annotations":{},"kind":null,"labels":{},"name":null,"spec":null}` | Internal issuer. In case you want to create your own issuer for internal certs | | certmanager.internal.issuer.annotations | object | `{}` | Annotations | -| certmanager.internal.issuer.kind | string | `nil` | Kind | +| certmanager.internal.issuer.kind | string | `nil` | Kind of internal issuer | | certmanager.internal.issuer.labels | object | `{}` | Labels | | certmanager.internal.issuer.name | string | `nil` | Name | | certmanager.internal.issuer.spec | string | `nil` | cert-manager issuer spec | @@ -241,9 +242,10 @@ global: | grpcgateway.image.repository | string | `"plgd-dev/hub/grpc-gateway"` | Image repository | | grpcgateway.image.tag | string | `nil` | Image tag. | | grpcgateway.imagePullSecrets | object | `{}` | Image pull secrets | -| grpcgateway.ingress.annotations | object | `{}` | Ingress annotations | +| grpcgateway.ingress.annotations | object | `{"ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/backend-protocol":"GRPCS","nginx.ingress.kubernetes.io/enable-cors":"true","nginx.org/grpc-services":"{{ include \"plgd-hub.grpcgateway.fullname\" . }}"}` | Ingress annotations | +| grpcgateway.ingress.customAnnotations | object | `{}` | Custom map of Ingress annotation | | grpcgateway.ingress.enabled | bool | `true` | Enable ingress | -| grpcgateway.ingress.paths | list | `["/grpcgateway.pb.GrpcGateway"]` | Default ingress paths | +| grpcgateway.ingress.paths[0] | string | `"/grpcgateway.pb.GrpcGateway"` | | | grpcgateway.initContainersTpl | object | `{}` | Init containers definition | | grpcgateway.livenessProbe | object | `{}` | Liveness probe. grpc-gateway doesn't have any default liveness probe | | grpcgateway.log.encoderConfig.timeEncoder | string | `"rfc3339nano"` | Time format for logs. The supported values are: "rfc3339nano", "rfc3339" | @@ -289,9 +291,16 @@ global: | httpgateway.image.repository | string | `"plgd-dev/hub/http-gateway"` | Image repository | | httpgateway.image.tag | string | `nil` | Image tag. | | httpgateway.imagePullSecrets | object | `{}` | Image pull secrets | -| httpgateway.ingress.annotations | object | `{}` | Ingress annotation | -| httpgateway.ingress.enabled | bool | `true` | Enable ingress | -| httpgateway.ingress.paths | list | `["/api","/.well-known/"]` | Ingress path | +| httpgateway.ingress.api | object | `{"annotations":{"ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/backend-protocol":"HTTPS","nginx.ingress.kubernetes.io/enable-cors":"true","nginx.org/grpc-services":"{{ include \"plgd-hub.httpgateway.fullname\" . }}"},"customAnnotations":{},"enabled":true,"paths":["/api","/.well-known/hub-configuration"]}` | API ingress | +| httpgateway.ingress.api.annotations | object | `{"ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/backend-protocol":"HTTPS","nginx.ingress.kubernetes.io/enable-cors":"true","nginx.org/grpc-services":"{{ include \"plgd-hub.httpgateway.fullname\" . }}"}` | Pre defined map of Ingress annotation | +| httpgateway.ingress.api.customAnnotations | object | `{}` | Custom map of Ingress annotation | +| httpgateway.ingress.api.enabled | bool | `true` | Enable ingress | +| httpgateway.ingress.api.paths | list | `["/api","/.well-known/hub-configuration"]` | Ingress path | +| httpgateway.ingress.ui | object | `{"annotations":{"ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/backend-protocol":"HTTPS","nginx.ingress.kubernetes.io/enable-cors":"true"},"customAnnotations":{},"enabled":true,"paths":["/"]}` | UI ingress | +| httpgateway.ingress.ui.annotations | object | `{"ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/backend-protocol":"HTTPS","nginx.ingress.kubernetes.io/enable-cors":"true"}` | Pre defined map of Ingress annotation | +| httpgateway.ingress.ui.customAnnotations | object | `{}` | Custom map of Ingress annotation | +| httpgateway.ingress.ui.enabled | bool | `true` | Enable ingress | +| httpgateway.ingress.ui.paths | list | `["/"]` | Ingress path | | httpgateway.initContainersTpl | object | `{}` | Init containers definition. Render as template | | httpgateway.livenessProbe | object | `{}` | Liveness probe. http-gateway doesn't have any default liveness probe | | httpgateway.log.encoderConfig.timeEncoder | string | `"rfc3339nano"` | Time format for logs. The supported values are: "rfc3339nano", "rfc3339" | @@ -321,7 +330,7 @@ global: | httpgateway.ui | object | `{"directory":"/usr/local/var/www","enabled":true,"webConfiguration":{"authority":"","deviceOAuthClient":{"audience":null,"clientID":null,"providerName":null,"scopes":[]},"httpGatewayAddress":"","webOAuthClient":{"audience":"","clientID":"","scopes":[]}}}` | For complete http-gateway service configuration see [plgd/http-gateway](https://github.com/plgd-dev/hub/tree/main/http-gateway) | | httpgateway.uiDomain | string | `nil` | Domain for UI Default: {{ global.domain }} | | identitystore.affinity | object | `{}` | Affinity definition | -| identitystore.apis | object | `{"grpc":{"address":null,"authorization":{"audience":null,"authority":null,"http":{"idleConnTimeout":"30s","maxConnsPerHost":32,"maxIdleConns":16,"maxIdleConnsPerHost":16,"timeout":"10s","tls":{"caPool":null,"certFile":null,"keyFile":null,"useSystemCAPool":true}},"ownerClaim":"sub"},"enforcementPolicy":{"minTime":"5s","permitWithoutStream":true},"keepAlive":{"maxConnectionAge":"0s","maxConnectionAgeGrace":"0s","maxConnectionIdle":"0s","time":"2h","timeout":"20s"},"tls":{"caPool":null,"certFile":null,"clientCertificateRequired":true,"keyFile":null}}}` | For complete identity service configuration see [plgd/identity](https://github.com/plgd-dev/hub/tree/main/identity) | +| identitystore.apis | object | `{"grpc":{"address":null,"authorization":{"audience":null,"authority":null,"http":{"idleConnTimeout":"30s","maxConnsPerHost":32,"maxIdleConns":16,"maxIdleConnsPerHost":16,"timeout":"10s","tls":{"caPool":null,"certFile":null,"keyFile":null,"useSystemCAPool":true}},"ownerClaim":null},"enforcementPolicy":{"minTime":"5s","permitWithoutStream":true},"keepAlive":{"maxConnectionAge":"0s","maxConnectionAgeGrace":"0s","maxConnectionIdle":"0s","time":"2h","timeout":"20s"},"tls":{"caPool":null,"certFile":null,"clientCertificateRequired":true,"keyFile":null}}}` | For complete identity service configuration see [plgd/identity](https://github.com/plgd-dev/hub/tree/main/identity) | | identitystore.clients | object | `{"eventBus":{"nats":{"flusherTimeout":"30s","jetstream":false,"tls":{"useSystemCAPool":false},"url":""}},"storage":{"mongoDB":{"database":"ownersDevices","maxConnIdleTime":"4m0s","maxPoolSize":16,"tls":{"caPool":null,"certFile":null,"keyFile":null,"useSystemCAPool":false},"uri":null}}}` | For complete identity service configuration see [plgd/authorization](https://github.com/plgd-dev/hub/tree/main/identity) | | identitystore.config | object | `{"fileName":"service.yaml","mountPath":"/config","volume":"config"}` | yaml configuration | | identitystore.config.fileName | string | `"service.yaml"` | File name | @@ -387,9 +396,10 @@ global: | mockoauthserver.image.tag | string | `nil` | Image tag. | | mockoauthserver.imagePullSecrets | object | `{}` | Image pull secrets | | mockoauthserver.ingress.allowHeaders | string | `"Authortity,Method,Path,Scheme,Accept,Accept-Encoding,Accept-Language,Content-Type,auth0-client,Origin,Refer,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"` | | -| mockoauthserver.ingress.annotations | object | `{}` | Ingress annotation | +| mockoauthserver.ingress.annotations | object | `{"ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/backend-protocol":"HTTPS","nginx.ingress.kubernetes.io/configuration-snippet":"more_set_headers \"Host $host\";\nmore_set_headers \"X-Forwarded-Host $host\";\nmore_set_headers \"X-Forwarded-Proto $scheme\";\nset $cors \"true\";\nif ($request_method = 'OPTIONS') {\n set $cors \"${cors}options\";\n}\nif ($cors = \"trueoptions\") {\n add_header 'Access-Control-Allow-Origin' \"$http_origin\";\n add_header 'Access-Control-Allow-Credentials' 'true';\n add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, PATCH, OPTIONS';\n add_header 'Access-Control-Allow-Headers' '{{ .Values.mockoauthserver.ingress.allowHeaders }}';\n add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';\n add_header 'Access-Control-Max-Age' 1728000;\n add_header 'Content-Type' 'text/plain charset=UTF-8';\n add_header 'Content-Length' 0;\n return 204;\n}\nif ($request_method = 'POST') {\nadd_header 'Access-Control-Allow-Credentials' 'true';\n}\nif ($request_method = 'PUT') {\nadd_header 'Access-Control-Allow-Credentials' 'true';\n}\nif ($request_method = 'GET') {\n add_header 'Access-Control-Allow-Credentials' 'true';\n}\n","nginx.ingress.kubernetes.io/enable-cors":"true"}` | Pre defined map of Ingress annotation | +| mockoauthserver.ingress.customAnnotations | object | `{}` | Custom map of Ingress annotation | | mockoauthserver.ingress.enabled | bool | `true` | Enable ingress | -| mockoauthserver.ingress.paths | list | `["/authorize","/oauth/token","/.well-known","/jwks.json","/.well-known/openid-configuration","/v2/logout","/authorize/userinfo"]` | Ingress path | +| mockoauthserver.ingress.paths | list | `["/authorize","/oauth/token","/.well-known/jwks.json","/.well-known/openid-configuration","/v2/logout","/authorize/userinfo"]` | Ingress path | | mockoauthserver.livenessProbe | object | `{}` | Liveness probe. mock-oauth-server doesn't have any default liveness probe | | mockoauthserver.log.encoderConfig.timeEncoder | string | `"rfc3339nano"` | Time format for logs. The supported values are: "rfc3339nano", "rfc3339" | | mockoauthserver.log.encoding | string | `"json"` | The supported values are: "json", "console" | @@ -513,11 +523,11 @@ global: | resourcedirectory.extraVolumes | object | `{}` | Optional extra volumes | | resourcedirectory.fullnameOverride | string | `nil` | Full name to override | | resourcedirectory.image.command | string | `nil` | Container command | -| resourcedirectory.image.imagePullSecrets | object | `{}` | Image pull secrets | +| resourcedirectory.image.imagePullSecrets | object | `{}` | | | resourcedirectory.image.pullPolicy | string | `"Always"` | Image pull policy | | resourcedirectory.image.registry | string | `"ghcr.io/"` | Image registry | | resourcedirectory.image.repository | string | `"plgd-dev/hub/resource-directory"` | Image repository | -| resourcedirectory.image.tag | string | `nil` | Image tag. | +| resourcedirectory.image.tag | string | `nil` | | | resourcedirectory.initContainersTpl | object | `{}` | Init containers definition. Resolved as template | | resourcedirectory.livenessProbe | object | `{}` | Liveness probe. resource-directory doesn't have any default liveness probe | | resourcedirectory.log | object | `{"encoderConfig":{"timeEncoder":"rfc3339nano"},"encoding":"json","level":"info","stacktrace":{"enabled":false,"level":"warn"}}` | Log section | @@ -539,7 +549,7 @@ global: | resourcedirectory.readinessProbe | object | `{}` | Readiness probe. resource-directory doesn't have aby default readiness probe | | resourcedirectory.replicas | int | `1` | Number of replicas | | resourcedirectory.resources | object | `{}` | Resources limit | -| resourcedirectory.restartPolicy | string | `"Always"` | Restart policy for pod | +| resourcedirectory.restartPolicy | string | `"Always"` | | | resourcedirectory.securityContext | object | `{}` | Security context for pod | | resourcedirectory.service.annotations | object | `{}` | Annotations for resource-directory service | | resourcedirectory.service.labels | object | `{}` | Labels for resource-directory service | @@ -547,5 +557,5 @@ global: | resourcedirectory.tolerations | object | `{}` | Toleration definition | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.6.0](https://github.com/norwoodj/helm-docs/releases/v1.6.0) +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/plgd-hub/templates/_helpers.tpl b/charts/plgd-hub/templates/_helpers.tpl index 28d756119..6447465a1 100644 --- a/charts/plgd-hub/templates/_helpers.tpl +++ b/charts/plgd-hub/templates/_helpers.tpl @@ -322,4 +322,12 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "plgd-hub.wildCardCertName" -}} {{- $fullName := include "plgd-hub.fullname" . -}} {{- printf "%s-wildcard-crt" $fullName -}} -{{- end }} \ No newline at end of file +{{- end }} + +{{- define "plgd-hub.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/plgd-hub/templates/certificate-authority/ingress.yaml b/charts/plgd-hub/templates/certificate-authority/ingress.yaml index 535d2dd8c..b181c3580 100644 --- a/charts/plgd-hub/templates/certificate-authority/ingress.yaml +++ b/charts/plgd-hub/templates/certificate-authority/ingress.yaml @@ -10,14 +10,12 @@ metadata: labels: {{- include "plgd-hub.labels" . | nindent 4 }} annotations: -{{/* kubernetes.io/ingress.class: "nginx"*/}} - nginx.org/grpc-services: {{ $fullname | quote }} - nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" - ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - {{- with .Values.certificateauthority.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} + {{- if .Values.certificateauthority.ingress.annotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.certificateauthority.ingress.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.certificateauthority.ingress.customAnnotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.certificateauthority.ingress.customAnnotations "context" $ ) | nindent 4 }} + {{- end }} spec: tls: - hosts: diff --git a/charts/plgd-hub/templates/coap-gateway/deployment.yaml b/charts/plgd-hub/templates/coap-gateway/deployment.yaml index 0cd606c81..ab5dde548 100644 --- a/charts/plgd-hub/templates/coap-gateway/deployment.yaml +++ b/charts/plgd-hub/templates/coap-gateway/deployment.yaml @@ -32,7 +32,7 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.resourcedirectory.rbac.enabled }} + {{- if .Values.coapgateway.rbac.enabled }} serviceAccountName: {{ .Values.coapgateway.rbac.serviceAccountName }} {{- end }} {{- with .Values.coapgateway.image.imagePullSecrets }} @@ -98,7 +98,7 @@ spec: {{- end }} {{- end }} volumes: - - name: {{ .Values.resourcedirectory.config.volume }} + - name: {{ .Values.coapgateway.config.volume }} configMap: name: {{ include "plgd-hub.coapgateway.configName" . }} {{- if ( include "plgd-hub.coapgateway.createServiceCertByCm" . ) }} diff --git a/charts/plgd-hub/templates/grpc-gateway/ingress.yaml b/charts/plgd-hub/templates/grpc-gateway/ingress.yaml index 22acf797d..58d110cf5 100644 --- a/charts/plgd-hub/templates/grpc-gateway/ingress.yaml +++ b/charts/plgd-hub/templates/grpc-gateway/ingress.yaml @@ -10,14 +10,12 @@ metadata: labels: {{- include "plgd-hub.labels" . | nindent 4 }} annotations: -{{/* kubernetes.io/ingress.class: "nginx"*/}} - nginx.org/grpc-services: {{ $fullname | quote }} - nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" - ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - {{- with .Values.grpcgateway.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} + {{- if .Values.grpcgateway.ingress.annotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.grpcgateway.ingress.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.grpcgateway.ingress.customAnnotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.grpcgateway.ingress.customAnnotations "context" $ ) | nindent 4 }} + {{- end }} spec: tls: - hosts: diff --git a/charts/plgd-hub/templates/http-gateway/ingress.yaml b/charts/plgd-hub/templates/http-gateway/api-ingress.yaml similarity index 56% rename from charts/plgd-hub/templates/http-gateway/ingress.yaml rename to charts/plgd-hub/templates/http-gateway/api-ingress.yaml index 99617167c..198e416b9 100644 --- a/charts/plgd-hub/templates/http-gateway/ingress.yaml +++ b/charts/plgd-hub/templates/http-gateway/api-ingress.yaml @@ -5,44 +5,31 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ $fullname }} + name: {{ $fullname }}-api namespace: {{ .Release.Namespace }} labels: {{- include "plgd-hub.labels" . | nindent 4 }} annotations: -{{/* kubernetes.io/ingress.class: "nginx"*/}} - nginx.org/grpc-services: {{ $fullname | quote }} - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - {{- with .Values.httpgateway.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} + {{- if .Values.httpgateway.ingress.api.annotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.httpgateway.ingress.api.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.httpgateway.ingress.api.customAnnotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.httpgateway.ingress.api.customAnnotations "context" $ ) | nindent 4 }} + {{- end }} spec: tls: - hosts: - {{ include "plgd-hub.httpgateway.apiDomain" . | quote }} - - {{ include "plgd-hub.httpgateway.uiDomain" . | quote }} {{- if $.Values.global.enableWildCartCert }} secretName: {{ include "plgd-hub.wildCardCertName" . | quote }} {{- else }} secretName: {{ include "plgd-hub.httpgateway.domainCertName" . | quote }} {{- end }} rules: - - host: {{ include "plgd-hub.httpgateway.uiDomain" . | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ $fullname }} - port: - number: {{ $port }} - host: {{ include "plgd-hub.httpgateway.apiDomain" . | quote }} http: paths: - {{- range .Values.httpgateway.ingress.paths }} + {{- range .Values.httpgateway.ingress.api.paths }} - path: {{ . }} pathType: Prefix backend: diff --git a/charts/plgd-hub/templates/http-gateway/ui-ingress.yaml b/charts/plgd-hub/templates/http-gateway/ui-ingress.yaml new file mode 100644 index 000000000..4dd3b50ee --- /dev/null +++ b/charts/plgd-hub/templates/http-gateway/ui-ingress.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.httpgateway.enabled .Values.httpgateway.ui.enabled }} +{{- $fullname := include "plgd-hub.httpgateway.fullname" . }} +{{- $domainCrt := include "plgd-hub.httpgateway.domainCertName" . }} +{{- $port := .Values.httpgateway.port }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullname }}-ui + namespace: {{ .Release.Namespace }} + labels: + {{- include "plgd-hub.labels" . | nindent 4 }} + annotations: + {{- if .Values.httpgateway.ingress.ui.annotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.httpgateway.ingress.ui.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.httpgateway.ingress.ui.customAnnotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.httpgateway.ingress.ui.customAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + tls: + - hosts: + - {{ include "plgd-hub.httpgateway.uiDomain" . | quote }} + {{- if $.Values.global.enableWildCartCert }} + secretName: {{ include "plgd-hub.wildCardCertName" . | quote }} + {{- else }} + secretName: {{ include "plgd-hub.httpgateway.domainCertName" . | quote }} + {{- end }} + rules: + - host: {{ include "plgd-hub.httpgateway.uiDomain" . | quote }} + http: + paths: + {{- range .Values.httpgateway.ingress.ui.paths }} + - path: {{ . }} + pathType: Prefix + backend: + service: + name: {{ $fullname }} + port: + number: {{ $port }} + {{- end }} +{{- end }} diff --git a/charts/plgd-hub/templates/mock-oauth-server/ingress.yaml b/charts/plgd-hub/templates/mock-oauth-server/ingress.yaml index ead2110ac..710d9bf36 100644 --- a/charts/plgd-hub/templates/mock-oauth-server/ingress.yaml +++ b/charts/plgd-hub/templates/mock-oauth-server/ingress.yaml @@ -10,41 +10,12 @@ metadata: labels: {{- include "plgd-hub.labels" . | nindent 4 }} annotations: -{{/* kubernetes.io/ingress.class: "nginx"*/}} - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $host"; - more_set_headers "X-Forwarded-Host $host"; - more_set_headers "X-Forwarded-Proto $scheme"; - set $cors "true"; - if ($request_method = 'OPTIONS') { - set $cors "${cors}options"; - } - if ($cors = "trueoptions") { - add_header 'Access-Control-Allow-Origin' "$http_origin"; - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, PATCH, OPTIONS'; - add_header 'Access-Control-Allow-Headers' '{{ .Values.mockoauthserver.ingress.allowHeaders }}'; - add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - if ($request_method = 'POST') { - add_header 'Access-Control-Allow-Credentials' 'true'; - } - if ($request_method = 'PUT') { - add_header 'Access-Control-Allow-Credentials' 'true'; - } - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Credentials' 'true'; - } - {{- with .Values.mockoauthserver.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} + {{- if .Values.mockoauthserver.ingress.annotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.mockoauthserver.ingress.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.mockoauthserver.ingress.customAnnotations }} + {{- include "plgd-hub.tplvalues.render" ( dict "value" .Values.mockoauthserver.ingress.customAnnotations "context" $ ) | nindent 4 }} + {{- end }} spec: tls: - hosts: diff --git a/charts/plgd-hub/templates/resource-directory/config.yaml b/charts/plgd-hub/templates/resource-directory/config.yaml index 6a9f58167..5ede5c490 100644 --- a/charts/plgd-hub/templates/resource-directory/config.yaml +++ b/charts/plgd-hub/templates/resource-directory/config.yaml @@ -73,7 +73,7 @@ data: identityStore: pullFrequency: {{ .clients.identityStore.pullFrequency }} cacheExpiration: {{ .clients.identityStore.cacheExpiration }} - ownerClaim: {{ .clients.identityStore.ownerClaim }} + ownerClaim: {{ .clients.identityStore.ownerClaim | default $.Values.global.ownerClaim | quote }} grpc: {{- $authorizationServer := .clients.identityStore.grpc.address }} address:{{ printf " " }}{{- include "plgd-hub.identityStoreAddress" (list $ $authorizationServer ) | quote }} diff --git a/charts/plgd-hub/values.yaml b/charts/plgd-hub/values.yaml index 08da99a97..4b4b270ff 100644 --- a/charts/plgd-hub/values.yaml +++ b/charts/plgd-hub/values.yaml @@ -156,7 +156,7 @@ certmanager: annotations: {} # -- Name of default issuer name: default-issuer - # --Kind of default issuer + # -- Kind of default issuer kind: Issuer # -- Default issuer specification. spec: @@ -193,7 +193,7 @@ certmanager: annotations: {} # -- Name of root issuer name: ca-issuer - # --Kind of default issuer + # -- Kind of default issuer kind: Issuer # -- Default issuer specification. spec: @@ -207,7 +207,7 @@ certmanager: annotations: {} # -- Name name: - # -- Kind + # -- Kind of internal issuer kind: # -- cert-manager issuer spec spec: @@ -229,7 +229,7 @@ certmanager: annotations: {} # -- Name name: - # -- Kind + # -- Kind of coap issuer kind: # -- cert-manager issuer spec spec: @@ -251,7 +251,7 @@ certmanager: annotations: {} # -- Name name: - # -- Kind + # -- Kind of external issuer kind: # -- cert-manager issuer spec spec: @@ -433,7 +433,7 @@ resourcedirectory: identityStore: pullFrequency: 15s cacheExpiration: 1m - ownerClaim: sub + ownerClaim: grpc: address: "" tls: @@ -951,7 +951,7 @@ identitystore: authorization: authority: audience: - ownerClaim: "sub" + ownerClaim: http: maxIdleConns: 16 maxConnsPerHost: 32 @@ -1059,14 +1059,36 @@ httpgateway: # -- Domain for http-gateway API. Default: api.{{ global.domain }} apiDomain: ingress: - # -- Enable ingress - enabled: true - # -- Ingress annotation - annotations: {} - # -- Ingress path - paths: - - /api - - /.well-known/hub-configuration + # -- API ingress + api: + # -- Enable ingress + enabled: true + # -- Pre defined map of Ingress annotation + annotations: + nginx.org/grpc-services: "{{ include \"plgd-hub.httpgateway.fullname\" . }}" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + # -- Custom map of Ingress annotation + customAnnotations: {} + # -- Ingress path + paths: + - /api + - /.well-known/hub-configuration + # -- UI ingress + ui: + # -- Enable ingress + enabled: true + # -- Pre defined map of Ingress annotation + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + # -- Custom map of Ingress annotation + customAnnotations: {} + # -- Ingress path + paths: + - / # -- Http-gateway service yaml config section config: # -- Name of configuration file @@ -1223,8 +1245,13 @@ grpcgateway: # -- Enable ingress enabled: true # -- Ingress annotations - annotations: {} - # -- Default ingress paths + annotations: + nginx.org/grpc-services: "{{ include \"plgd-hub.grpcgateway.fullname\" . }}" + nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" + ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + # -- Custom map of Ingress annotation + customAnnotations: {} paths: - /grpcgateway.pb.GrpcGateway # -- Service yaml configuration section @@ -1414,8 +1441,14 @@ certificateauthority: ingress: # -- Enable ingress enabled: true - # -- Ingress annotations - annotations: {} + # -- Pre defined map of Ingress annotation + annotations: + nginx.org/grpc-services: "{{ include \"plgd-hub.certificateauthority.fullname\" . }}" + nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" + ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + # -- Custom map of Ingress annotation + customAnnotations: { } # -- Paths paths: - /certificateauthority.pb.CertificateAuthority/SignIdentityCertificate @@ -1575,8 +1608,41 @@ mockoauthserver: ingress: # -- Enable ingress enabled: true - # -- Ingress annotation - annotations: {} + # -- Pre defined map of Ingress annotation + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + more_set_headers "Host $host"; + more_set_headers "X-Forwarded-Host $host"; + more_set_headers "X-Forwarded-Proto $scheme"; + set $cors "true"; + if ($request_method = 'OPTIONS') { + set $cors "${cors}options"; + } + if ($cors = "trueoptions") { + add_header 'Access-Control-Allow-Origin' "$http_origin"; + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, PATCH, OPTIONS'; + add_header 'Access-Control-Allow-Headers' '{{ .Values.mockoauthserver.ingress.allowHeaders }}'; + add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method = 'POST') { + add_header 'Access-Control-Allow-Credentials' 'true'; + } + if ($request_method = 'PUT') { + add_header 'Access-Control-Allow-Credentials' 'true'; + } + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Credentials' 'true'; + } + # -- Custom map of Ingress annotation + customAnnotations: {} # -- Ingress path paths: - /authorize