Merge branch 'feature/vault' of P129679/molgenis-ops-docker-helm into master

2018-09-10 15:37:12 +02:00 · 2018-09-10 15:37:12 +02:00 · 008fd5261e
commit 008fd5261e
parent a5be05c7db 8e39216535
6 changed files with 140 additions and 1 deletions
--- a/molgenis-vault/README.md
+++ b/molgenis-vault/README.md
@ -29,3 +29,24 @@ Define the schedule of the backup job
 | -------------------- | ---------------------------- | ------------- |
 | `backupJob.enable`   | Enable backup cronjob        | `true`        |
 | `backupJob.schedule` | cron schedule for the backup | `0 12 * * 1`  |
 ### UI
 Parameter | Description | Default
 --------- | ----------- | ------- 
 `ui.replicaCount` | desired number of Vault UI pod | `1`
 `ui.image.repository` | Vault UI container image repository | `djenriquez/vault-ui`
 `ui.image.tag` | Vault UI container image tag | `latest`
 `ui.resources` | Vault UI pod resource requests & limits | `{}`
 `ui.nodeSelector` | node labels for Vault UI pod assignment | `{}`
 `ui.ingress.enabled` | If true, Vault UI Ingress will be created | `true`
 `ui.ingress.annotations` | Vault UI Ingress annotations | `{}`
 `ui.ingress.host` | Vault UI Ingress hostname | `vault.molgenis.org`
 `ui.ingress.tls` | Vault UI Ingress TLS configuration (YAML) | `[]`
 `ui.vault.url` | Vault UI default vault url | `https://vault.vault-operator:8200`
 `ui.vault.auth` | Vault UI login method | `GITHUB`
 `ui.service.name` | Vault UI service name | `vault-ui`
 `ui.service.type` | type of ui service to create | `ClusterIP`
 `ui.service.externalPort` | Vault UI service target port | `8000`
 `ui.service.internalPort` | Vault UI container port | `8000`
 `ui.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0`
--- a/molgenis-vault/templates/_helpers.tpl
+++ b/molgenis-vault/templates/_helpers.tpl
@ -1,3 +1,17 @@
 {{/*
 Define vault ui fullname
 */}}
 {{- define "vault.ui.fullname" -}}
 {{- printf "%s-ui" .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Define vault service url for the ui
 */}}
 {{- define "vault.service.url" -}}
 {{- printf "https://%s:8200" .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/* See https://github.com/helm/helm/issues/4535 */}}
 {{- define "call-nested" }}
 {{- $dot := index . 0 }}
--- a/molgenis-vault/templates/ui-ingress.yaml
+++ b/molgenis-vault/templates/ui-ingress.yaml
@ -0,0 +1,30 @@
 {{- if .Values.ui.ingress.enabled -}}
 {{- $serviceName := include "vault.ui.fullname" . -}}
 {{- $servicePort := .Values.ui.service.externalPort -}}
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: {{ template "vault.ui.fullname" . }}
  labels:
    app: {{ template "molgenis-vault.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
  annotations:
    {{- range $key, $value := .Values.ui.ingress.annotations }}
      {{ $key }}: {{ $value | quote }}
    {{- end }}
 spec:
  rules:
    - host: {{ .Values.ui.ingress.host }}
      http:
        paths:
          - path:
            backend:
              serviceName: {{ $serviceName }}
              servicePort: {{ $servicePort }}
  {{- if .Values.ui.ingress.tls }}
  tls:
 {{ toYaml .Values.ui.ingress.tls | indent 4 }}
  {{- end -}}
 {{- end -}}
--- a/molgenis-vault/templates/ui-service.yaml
+++ b/molgenis-vault/templates/ui-service.yaml
@ -0,0 +1,23 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "vault.ui.fullname" . }}
  labels:
    app: {{ template "vault-operator.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  type: {{ .Values.ui.service.type }}
  ports:
    - port: {{ .Values.ui.service.externalPort }}
      targetPort: {{ .Values.ui.service.internalPort }}
      protocol: TCP
      name: {{ .Values.ui.service.name }}
    {{- if .Values.ui.service.nodePort }}
      nodePort: {{ .Values.ui.service.nodePort }}
    {{- end }}
  selector:
    app: {{ template "vault-operator.name" . }}
    release: {{ .Release.Name }}
    component: {{ .Values.ui.name }}
--- a/molgenis-vault/templates/vault-ui-deployment.yaml
+++ b/molgenis-vault/templates/vault-ui-deployment.yaml
@ -0,0 +1,50 @@
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
  name: {{ template "vault.ui.fullname" . }}
  labels:
    app: {{ template "vault-operator.name" . }}
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
    component: {{ .Values.ui.name }}
 spec:
  replicas: {{ .Values.ui.replicaCount }}
  template:
    metadata:
      labels:
        app: {{ template "vault-operator.name" . }}
        release: {{ .Release.Name }}
        component: {{ .Values.ui.name }}
    spec:
      containers:
        - name: {{ .Values.ui.name }}
          image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}"
          imagePullPolicy: {{ .Values.imagePullPolicy }}
          env:
          - name: VAULT_URL_DEFAULT
          {{- if .Values.ui.vault.url }}
            value: {{ .Values.ui.vault.url }}
          {{ else }}
            value: {{ template "vault.service.url" . }}
          {{- end }}
          - name: VAULT_AUTH_DEFAULT
            value: {{ .Values.ui.vault.auth }}
          - name: NODE_TLS_REJECT_UNAUTHORIZED
            value: '0'
          ports:
            - containerPort: {{ .Values.ui.service.internalPort }}
          livenessProbe:
            httpGet:
              path: /
              port: {{ .Values.ui.service.internalPort }}
          readinessProbe:
            httpGet:
              path: /
              port: {{ .Values.ui.service.internalPort }}
          resources:
 {{ toYaml .Values.ui.resources | indent 12 }}
    {{- if .Values.ui.nodeSelector }}
      nodeSelector:
 {{ toYaml .Values.ui.nodeSelector | indent 8 }}
    {{- end }}
--- a/molgenis-vault/values.yaml
+++ b/molgenis-vault/values.yaml
@ -75,4 +75,5 @@ ui:
    #  memory: 128Mi
  nodeSelector: {}
  vault:
-    auth: TOKEN
+    auth: GITHUB
    url: https://vault.vault-operator:8200