diff --git a/molgenis-vault/README.md b/molgenis-vault/README.md index fe03a13..5ebac64 100644 --- a/molgenis-vault/README.md +++ b/molgenis-vault/README.md @@ -29,3 +29,24 @@ Define the schedule of the backup job | -------------------- | ---------------------------- | ------------- | | `backupJob.enable` | Enable backup cronjob | `true` | | `backupJob.schedule` | cron schedule for the backup | `0 12 * * 1` | + +### UI + +Parameter | Description | Default +--------- | ----------- | ------- +`ui.replicaCount` | desired number of Vault UI pod | `1` +`ui.image.repository` | Vault UI container image repository | `djenriquez/vault-ui` +`ui.image.tag` | Vault UI container image tag | `latest` +`ui.resources` | Vault UI pod resource requests & limits | `{}` +`ui.nodeSelector` | node labels for Vault UI pod assignment | `{}` +`ui.ingress.enabled` | If true, Vault UI Ingress will be created | `true` +`ui.ingress.annotations` | Vault UI Ingress annotations | `{}` +`ui.ingress.host` | Vault UI Ingress hostname | `vault.molgenis.org` +`ui.ingress.tls` | Vault UI Ingress TLS configuration (YAML) | `[]` +`ui.vault.url` | Vault UI default vault url | `https://vault.vault-operator:8200` +`ui.vault.auth` | Vault UI login method | `GITHUB` +`ui.service.name` | Vault UI service name | `vault-ui` +`ui.service.type` | type of ui service to create | `ClusterIP` +`ui.service.externalPort` | Vault UI service target port | `8000` +`ui.service.internalPort` | Vault UI container port | `8000` +`ui.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0` \ No newline at end of file diff --git a/molgenis-vault/templates/_helpers.tpl b/molgenis-vault/templates/_helpers.tpl index 81f6497..5c51ec7 100644 --- a/molgenis-vault/templates/_helpers.tpl +++ b/molgenis-vault/templates/_helpers.tpl @@ -1,3 +1,17 @@ +{{/* +Define vault ui fullname +*/}} +{{- define "vault.ui.fullname" -}} +{{- printf "%s-ui" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Define vault service url for the ui +*/}} +{{- define "vault.service.url" -}} +{{- printf "https://%s:8200" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* See https://github.com/helm/helm/issues/4535 */}} {{- define "call-nested" }} {{- $dot := index . 0 }} diff --git a/molgenis-vault/templates/ui-ingress.yaml b/molgenis-vault/templates/ui-ingress.yaml new file mode 100644 index 0000000..d8d8e1f --- /dev/null +++ b/molgenis-vault/templates/ui-ingress.yaml @@ -0,0 +1,30 @@ +{{- if .Values.ui.ingress.enabled -}} +{{- $serviceName := include "vault.ui.fullname" . -}} +{{- $servicePort := .Values.ui.service.externalPort -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "vault.ui.fullname" . }} + labels: + app: {{ template "molgenis-vault.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + {{- range $key, $value := .Values.ui.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ui.ingress.host }} + http: + paths: + - path: + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- if .Values.ui.ingress.tls }} + tls: +{{ toYaml .Values.ui.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/molgenis-vault/templates/ui-service.yaml b/molgenis-vault/templates/ui-service.yaml new file mode 100644 index 0000000..0e26d65 --- /dev/null +++ b/molgenis-vault/templates/ui-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "vault.ui.fullname" . }} + labels: + app: {{ template "vault-operator.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.ui.service.type }} + ports: + - port: {{ .Values.ui.service.externalPort }} + targetPort: {{ .Values.ui.service.internalPort }} + protocol: TCP + name: {{ .Values.ui.service.name }} + {{- if .Values.ui.service.nodePort }} + nodePort: {{ .Values.ui.service.nodePort }} + {{- end }} + selector: + app: {{ template "vault-operator.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.ui.name }} \ No newline at end of file diff --git a/molgenis-vault/templates/vault-ui-deployment.yaml b/molgenis-vault/templates/vault-ui-deployment.yaml new file mode 100644 index 0000000..d13a154 --- /dev/null +++ b/molgenis-vault/templates/vault-ui-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: {{ template "vault.ui.fullname" . }} + labels: + app: {{ template "vault-operator.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: {{ .Values.ui.name }} +spec: + replicas: {{ .Values.ui.replicaCount }} + template: + metadata: + labels: + app: {{ template "vault-operator.name" . }} + release: {{ .Release.Name }} + component: {{ .Values.ui.name }} + spec: + containers: + - name: {{ .Values.ui.name }} + image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}" + imagePullPolicy: {{ .Values.imagePullPolicy }} + env: + - name: VAULT_URL_DEFAULT + {{- if .Values.ui.vault.url }} + value: {{ .Values.ui.vault.url }} + {{ else }} + value: {{ template "vault.service.url" . }} + {{- end }} + - name: VAULT_AUTH_DEFAULT + value: {{ .Values.ui.vault.auth }} + - name: NODE_TLS_REJECT_UNAUTHORIZED + value: '0' + ports: + - containerPort: {{ .Values.ui.service.internalPort }} + livenessProbe: + httpGet: + path: / + port: {{ .Values.ui.service.internalPort }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.ui.service.internalPort }} + resources: +{{ toYaml .Values.ui.resources | indent 12 }} + {{- if .Values.ui.nodeSelector }} + nodeSelector: +{{ toYaml .Values.ui.nodeSelector | indent 8 }} + {{- end }} \ No newline at end of file diff --git a/molgenis-vault/values.yaml b/molgenis-vault/values.yaml index 701417c..aaca8f3 100644 --- a/molgenis-vault/values.yaml +++ b/molgenis-vault/values.yaml @@ -75,4 +75,5 @@ ui: # memory: 128Mi nodeSelector: {} vault: - auth: TOKEN \ No newline at end of file + auth: GITHUB + url: https://vault.vault-operator:8200 \ No newline at end of file