def create_tekton_dashboard_helm_values(
tekton_dashboard_ingress_config: TektonDashboardIngressConfig,
ingress_config: IngressConfig,
config_factory,
):
oauth2_proxy_config = global_ctx().cfg_factory().oauth2_proxy(
tekton_dashboard_ingress_config.oauth2_proxy_config_name())
helm_values = {
'external_url':
tekton_dashboard_ingress_config.external_url(),
'ingress_host':
tekton_dashboard_ingress_config.ingress_host(config_factory),
'ingress_issuer_name':
ingress_config.issuer_name(),
'ingress_tls_hosts':
ingress_config.tls_host_names(),
'ingress_ttl':
str(ingress_config.ttl()),
'serviceName':
tekton_dashboard_ingress_config.service_name(),
'servicePort':
tekton_dashboard_ingress_config.service_port(),
'oauthProxyAuthUrl':
oauth2_proxy_config.external_url(),
}
return helm_values
def create_oauth2_proxy_helm_values(
oauth2_proxy_config: Oauth2ProxyConfig,
ingress_config: IngressConfig,
deployment_name: str,
):
oauth2_proxy_chart_config = oauth2_proxy_config.oauth2_proxy_chart_config()
github_oauth_cfg = oauth2_proxy_config.github_oauth_config()
github_cfg = global_ctx().cfg_factory().github(
github_oauth_cfg.github_cfg_name())
ingress_host = oauth2_proxy_config.ingress_host()
helm_values = {
'config': {
'clientID':
github_oauth_cfg.client_id(),
'clientSecret':
github_oauth_cfg.client_secret(),
'cookieSecret':
oauth2_proxy_chart_config.cookie_secret(),
# configFile is expected with yamls '|-' syntax, i.e. newlines except for the last line
'configFile':
'\n'.join([
'provider = "github"',
'email_domains = [ "*" ]',
'upstreams = [ "file:///dev/null" ]',
f'cookie_name = "{oauth2_proxy_chart_config.cookie_name()}"',
f'github_org = "{github_oauth_cfg.github_org()}"',
f'github_team = "{github_oauth_cfg.github_team()}"',
f'login_url = "{github_cfg.http_url()}/login/oauth/authorize"',
f'redeem_url = "{github_cfg.http_url()}/login/oauth/access_token"',
f'validate_url = "{github_cfg.api_url()}"',
f'ssl_insecure_skip_verify = {str(github_oauth_cfg.no_ssl_verify()).lower()}',
'whitelist_domains = ".gardener.cloud"',
])
},
'ingress': {
'enabled':
True,
'path':
"/",
'annotations': {
'kubernetes.io/ingress.class': 'nginx',
'kubernetes.io/tls-acme': "true",
'cert.gardener.cloud/issuer': ingress_config.issuer_name(),
'cert.gardener.cloud/purpose': 'managed',
'dns.gardener.cloud/class': 'garden',
'dns.gardener.cloud/dnsnames': ingress_host,
'dns.gardener.cloud/ttl': str(ingress_config.ttl()),
},
'hosts': [ingress_host,
oauth2_proxy_config.external_url()],
'tls': [{
'hosts': ingress_config.tls_host_names(),
'secretName': f'{deployment_name}-tls'
}],
},
}
return helm_values
def create_gardenlinux_cache_helm_values(
gardenlinux_cache_config: GardenlinuxCacheConfig,
ingress_config: IngressConfig,
):
helm_values = {
'external_url': gardenlinux_cache_config.external_url(),
'imageReference': gardenlinux_cache_config.image_reference(),
'imageTag': gardenlinux_cache_config.image_tag(),
'ingress_host': gardenlinux_cache_config.ingress_host(),
'ingress_issuer_name': ingress_config.issuer_name(),
'ingress_tls_hosts': ingress_config.tls_host_names(),
'ingress_ttl': str(ingress_config.ttl()),
'replicas': gardenlinux_cache_config.replicas(),
'serviceName': gardenlinux_cache_config.service_name(),
'servicePort': gardenlinux_cache_config.service_port(),
'storageSize': gardenlinux_cache_config.volume_size(),
}
return helm_values
def generate_monitoring_ingress_object(
basic_auth_secret_name: str,
tls_secret_name: str,
namespace: str,
external_url: str,
ingress_host: str,
service_name: str,
service_port: int,
ingress_config: IngressConfig,
managed_dns: bool,
) -> V1beta1Ingress:
ingress_path = "/" + service_name + "(/|$)(.*)"
if managed_dns:
ingress_annotations = {
"cert.gardener.cloud/issuer": ingress_config.issuer_name(),
"cert.gardener.cloud/purpose": "managed",
"dns.gardener.cloud/class": "garden",
"dns.gardener.cloud/dnsnames": ingress_host,
"dns.gardener.cloud/ttl": str(ingress_config.ttl()),
"nginx.ingress.kubernetes.io/auth-type": "basic",
"nginx.ingress.kubernetes.io/auth-secret": basic_auth_secret_name,
"nginx.ingress.kubernetes.io/rewrite-target": "/$2",
}
else:
ingress_annotations = {
"cert.gardener.cloud/issuer": ingress_config.issuer_name(),
"cert.gardener.cloud/purpose": "managed",
"nginx.ingress.kubernetes.io/auth-type": "basic",
"nginx.ingress.kubernetes.io/auth-secret": basic_auth_secret_name,
"nginx.ingress.kubernetes.io/rewrite-target": "/$2",
}
return V1beta1Ingress(
kind='Ingress',
metadata=V1ObjectMeta(
annotations=ingress_annotations,
name=service_name,
namespace=namespace,
),
spec=V1beta1IngressSpec(
rules=[
V1beta1IngressRule(
host=external_url,
http=V1beta1HTTPIngressRuleValue(
paths=[
V1beta1HTTPIngressPath(
path=ingress_path,
backend=V1beta1IngressBackend(
service_name=service_name,
service_port=service_port,
)
)
]
)
),
V1beta1IngressRule(
host=ingress_host,
http=V1beta1HTTPIngressRuleValue(
paths=[
V1beta1HTTPIngressPath(
path=ingress_path,
backend=V1beta1IngressBackend(
service_name=service_name,
service_port=service_port,
)
)
]
)
)
],
tls=[
V1beta1IngressTLS(
hosts=ingress_config.tls_host_names(),
secret_name=tls_secret_name,
)
]
)
)