From 31139b29625da567f86d7e9480f72e19f6736ffd Mon Sep 17 00:00:00 2001 From: Natcha Wattanaarunkij Date: Sun, 10 Mar 2019 16:09:29 +0700 Subject: [PATCH 1/6] Add ingress option to UI service. --- templates/ui-ingress.yaml | 31 +++++++ test/unit/ui-ingress.bats | 164 ++++++++++++++++++++++++++++++++++++++ values.yaml | 21 +++++ 3 files changed, 216 insertions(+) create mode 100644 templates/ui-ingress.yaml create mode 100755 test/unit/ui-ingress.bats diff --git a/templates/ui-ingress.yaml b/templates/ui-ingress.yaml new file mode 100644 index 000000000..e64a78f70 --- /dev/null +++ b/templates/ui-ingress.yaml @@ -0,0 +1,31 @@ +{{- if (and (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.enabled | toString) "-") .Values.ui.enabled) (and (eq (.Values.ui.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.ingress.enabled | toString) "-") .Values.ui.ingress.enabled) (and (eq (.Values.ui.ingress.enabled | toString) "-") .Values.global.enabled))) }} +{{- $serviceName := printf "%s-%s" (include "consul.fullname" .) "ui" -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "consul.fullname" . }}-ingress + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "consul.name" . }} + chart: {{ template "consul.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- if .Values.ui.ingress.annotations }} + annotations: + {{ tpl (toYaml .Values.ui.ingress.annotations) . | nindent 4 | trim }} + {{- end}} +spec: + rules: + {{- range .Values.ui.ingress.hosts }} + - host: {{ . }} + http: + paths: + - backend: + serviceName: {{ $serviceName }} + servicePort: 80 + {{- end -}} + {{- if .Values.ui.ingress.tls }} + tls: + {{ tpl (toYaml .Values.ui.ingress.tls) . | nindent 4 | trim }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/test/unit/ui-ingress.bats b/test/unit/ui-ingress.bats new file mode 100755 index 000000000..3f81bedb2 --- /dev/null +++ b/test/unit/ui-ingress.bats @@ -0,0 +1,164 @@ +#!/usr/bin/env bats + +load _helpers + +@test "ui/Ingress: disabled by default" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "ui/Ingress: enable with global.enabled false" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'global.enabled=false' \ + --set 'server.enabled=true' \ + --set 'ui.enabled=true' \ + --set 'ui.ingress.enabled=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "ui/Ingress: disable with server.enabled" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'server.enabled=false' \ + --set 'ui.ingress.enabled=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "ui/Ingress: disable with ui.enabled" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'ui.enabled=false' \ + --set 'ui.ingress.enabled=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "ui/Ingress: disable with ui.ingress.enabled" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=false' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "ui/Ingress: disable with global.enabled" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'global.enabled=false' \ + --set 'ui.ingress.enabled=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "ui/Ingress: disable with global.enabled and server.enabled on" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-service.yaml \ + --set 'global.enabled=false' \ + --set 'server.enabled=true' \ + --set 'ui.ingress.enabled=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +#-------------------------------------------------------------------- +# hosts + +@test "ui/Ingress: no hosts by default" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.rules' | tee /dev/stderr) + [ "${actual}" = "null" ] +} + +@test "ui/Ingress: hosts can be set" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + --set 'ui.ingress.hosts[0]=foo.com' \ + . | tee /dev/stderr | + yq -r '.spec.rules[0].host' | tee /dev/stderr) + [ "${actual}" = "foo.com" ] +} + +#-------------------------------------------------------------------- +# tls + +@test "ui/Ingress: no tls by default" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.tls' | tee /dev/stderr) + [ "${actual}" = "null" ] +} + +@test "ui/Ingress: tls can be set" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + --set 'ui.ingress.tls[0].hosts[0]=foo.com' \ + . | tee /dev/stderr | + yq -r '.spec.tls[0].hosts[0]' | tee /dev/stderr) + [ "${actual}" = "foo.com" ] +} + +@test "ui/Ingress: tls with secret name can be set" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + --set 'ui.ingress.tls[0].hosts[0]=foo.com' \ + --set 'ui.ingress.tls[0].secretName=testsecret-tls' \ + . | tee /dev/stderr | + yq -r '.spec.tls[0].secretName' | tee /dev/stderr) + [ "${actual}" = "testsecret-tls" ] +} + +#-------------------------------------------------------------------- +# annotations + +@test "ui/Ingress: no annotations by default" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + . | tee /dev/stderr | + yq -r '.metadata.annotations' | tee /dev/stderr) + [ "${actual}" = "null" ] +} + +@test "ui/Ingress: annotations can be set" { + cd `chart_dir` + local actual=$(helm template \ + -x templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + --set 'ui.ingress.annotations.foo=bar' \ + . | tee /dev/stderr | + yq -r '.metadata.annotations.foo' | tee /dev/stderr) + [ "${actual}" = "bar" ] +} diff --git a/values.yaml b/values.yaml index 9d3769c57..f7a210a77 100644 --- a/values.yaml +++ b/values.yaml @@ -941,6 +941,27 @@ ui: # @type: string additionalSpec: null + ## True if you want to create an Ingress for the Consul UI. + ingress: + enabled: false + + # hosts is a list of host name to create Ingress rules. + # The value below is an array of objects, examples are shown below. + hosts: [] + # - sslexample.foo.com + + # tls is a list of hosts and secret name in an Ingress + # which tells the Ingress controller to secure the channel. + # The value below is an array of objects, examples are shown below. + tls: [] + # - hosts: + # - sslexample.foo.com + # secretName: testsecret-tls + + # This should be a multi-line string mapping directly to the a map of + # the annotations to configure some options depending on the Ingress controller + annotations: null + # Configure the catalog sync process to sync K8S with Consul # services. This can run bidirectional (default) or unidirectionally (Consul # to K8S or K8S to Consul only). From 4cda88411c76f5ada0acb2c5880db0ddbd73cc3a Mon Sep 17 00:00:00 2001 From: Natcha Wattanaarunkij Date: Thu, 11 Jul 2019 00:16:00 +0700 Subject: [PATCH 2/6] Remove combination of enabling ingress. --- templates/ui-ingress.yaml | 16 +++++++++---- test/unit/ui-ingress.bats | 48 ++++----------------------------------- 2 files changed, 16 insertions(+), 48 deletions(-) diff --git a/templates/ui-ingress.yaml b/templates/ui-ingress.yaml index e64a78f70..1db461fbf 100644 --- a/templates/ui-ingress.yaml +++ b/templates/ui-ingress.yaml @@ -1,4 +1,4 @@ -{{- if (and (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.enabled | toString) "-") .Values.ui.enabled) (and (eq (.Values.ui.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.ingress.enabled | toString) "-") .Values.ui.ingress.enabled) (and (eq (.Values.ui.ingress.enabled | toString) "-") .Values.global.enabled))) }} +{{- if (and (ne (.Values.ui.ingress.enabled | toString) "-") .Values.ui.ingress.enabled) }} {{- $serviceName := printf "%s-%s" (include "consul.fullname" .) "ui" -}} apiVersion: extensions/v1beta1 kind: Ingress @@ -12,20 +12,26 @@ metadata: release: {{ .Release.Name }} {{- if .Values.ui.ingress.annotations }} annotations: - {{ tpl (toYaml .Values.ui.ingress.annotations) . | nindent 4 | trim }} + {{ tpl .Values.ui.ingress.annotations . | nindent 4 | trim }} {{- end}} spec: rules: - {{- range .Values.ui.ingress.hosts }} + {{- range .Values.ui.ingress.hosts }} - host: {{ . }} http: paths: - backend: serviceName: {{ $serviceName }} servicePort: 80 - {{- end -}} + {{- end -}} {{- if .Values.ui.ingress.tls }} tls: - {{ tpl (toYaml .Values.ui.ingress.tls) . | nindent 4 | trim }} + {{- range $value := .Values.ui.ingress.tls }} + - hosts: + {{- range $value.hosts }} + - {{ . }} + {{- end }} + secretName: {{ $value.secretName }} + {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/test/unit/ui-ingress.bats b/test/unit/ui-ingress.bats index 3f81bedb2..57c6c12b3 100755 --- a/test/unit/ui-ingress.bats +++ b/test/unit/ui-ingress.bats @@ -11,41 +11,16 @@ load _helpers [ "${actual}" = "false" ] } -@test "ui/Ingress: enable with global.enabled false" { +@test "ui/Ingress: enable with ui.ingress.enabled" { cd `chart_dir` local actual=$(helm template \ -x templates/ui-ingress.yaml \ - --set 'global.enabled=false' \ - --set 'server.enabled=true' \ - --set 'ui.enabled=true' \ --set 'ui.ingress.enabled=true' \ . | tee /dev/stderr | yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] } -@test "ui/Ingress: disable with server.enabled" { - cd `chart_dir` - local actual=$(helm template \ - -x templates/ui-ingress.yaml \ - --set 'server.enabled=false' \ - --set 'ui.ingress.enabled=true' \ - . | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] -} - -@test "ui/Ingress: disable with ui.enabled" { - cd `chart_dir` - local actual=$(helm template \ - -x templates/ui-ingress.yaml \ - --set 'ui.enabled=false' \ - --set 'ui.ingress.enabled=true' \ - . | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] -} - @test "ui/Ingress: disable with ui.ingress.enabled" { cd `chart_dir` local actual=$(helm template \ @@ -56,24 +31,11 @@ load _helpers [ "${actual}" = "false" ] } -@test "ui/Ingress: disable with global.enabled" { +@test "ui/Ingress: disable with ui.ingress.enabled dash string" { cd `chart_dir` local actual=$(helm template \ -x templates/ui-ingress.yaml \ - --set 'global.enabled=false' \ - --set 'ui.ingress.enabled=true' \ - . | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] -} - -@test "ui/Ingress: disable with global.enabled and server.enabled on" { - cd `chart_dir` - local actual=$(helm template \ - -x templates/ui-service.yaml \ - --set 'global.enabled=false' \ - --set 'server.enabled=true' \ - --set 'ui.ingress.enabled=true' \ + --set 'ui.ingress.enabled=-' \ . | tee /dev/stderr | yq 'length > 0' | tee /dev/stderr) [ "${actual}" = "false" ] @@ -132,7 +94,7 @@ load _helpers local actual=$(helm template \ -x templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ - --set 'ui.ingress.tls[0].hosts[0]=foo.com' \ + --set 'ui.ingress.tls[0].hosts[0]=sslexample.foo.com' \ --set 'ui.ingress.tls[0].secretName=testsecret-tls' \ . | tee /dev/stderr | yq -r '.spec.tls[0].secretName' | tee /dev/stderr) @@ -157,7 +119,7 @@ load _helpers local actual=$(helm template \ -x templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ - --set 'ui.ingress.annotations.foo=bar' \ + --set 'ui.ingress.annotations=foo: bar' \ . | tee /dev/stderr | yq -r '.metadata.annotations.foo' | tee /dev/stderr) [ "${actual}" = "bar" ] From 0684f9e7cd212717c20a73be06ace44543128095 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Wed, 20 Jan 2021 17:20:38 -0500 Subject: [PATCH 3/6] Add changes to support https traffic to UI - Update BATS to run with latest bats config --- templates/ui-ingress.yaml | 45 +++++++++++++------- test/unit/ui-ingress.bats | 88 ++++++++++++++++++++++++++++----------- values.yaml | 8 +++- 3 files changed, 101 insertions(+), 40 deletions(-) diff --git a/templates/ui-ingress.yaml b/templates/ui-ingress.yaml index 1db461fbf..0b802b824 100644 --- a/templates/ui-ingress.yaml +++ b/templates/ui-ingress.yaml @@ -1,3 +1,4 @@ +{{- if (and (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.enabled | toString) "-") .Values.ui.enabled) (and (eq (.Values.ui.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.service.enabled | toString) "-") .Values.ui.service.enabled) (and (eq (.Values.ui.service.enabled | toString) "-") .Values.global.enabled))) }} {{- if (and (ne (.Values.ui.ingress.enabled | toString) "-") .Values.ui.ingress.enabled) }} {{- $serviceName := printf "%s-%s" (include "consul.fullname" .) "ui" -}} apiVersion: extensions/v1beta1 @@ -10,28 +11,44 @@ metadata: chart: {{ template "consul.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} + component: ui {{- if .Values.ui.ingress.annotations }} annotations: {{ tpl .Values.ui.ingress.annotations . | nindent 4 | trim }} {{- end}} spec: rules: - {{- range .Values.ui.ingress.hosts }} - - host: {{ . }} - http: - paths: - - backend: - serviceName: {{ $serviceName }} - servicePort: 80 - {{- end -}} + {{ $global := .Values.global }} + {{- range .Values.ui.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- if (or (not $global.tls.enabled) (not $global.tls.httpsOnly)) }} + {{- range (.paths | default (list "/")) }} + - backend: + serviceName: {{ $serviceName }} + servicePort: 80 + path: {{ . }} + {{- end }} + {{- end }} + {{- if $global.tls.enabled }} + {{- range (.paths | default (list "/")) }} + - backend: + serviceName: {{ $serviceName }} + servicePort: 443 + path: {{ . }} + {{- end }} + {{- end }} + {{- end -}} {{- if .Values.ui.ingress.tls }} tls: - {{- range $value := .Values.ui.ingress.tls }} - - hosts: - {{- range $value.hosts }} - - {{ . }} - {{- end }} - secretName: {{ $value.secretName }} + {{- range .Values.ui.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} {{- end }} + secretName: {{ .secretName }} + {{- end }} {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/test/unit/ui-ingress.bats b/test/unit/ui-ingress.bats index 57c6c12b3..09c357680 100755 --- a/test/unit/ui-ingress.bats +++ b/test/unit/ui-ingress.bats @@ -4,17 +4,15 @@ load _helpers @test "ui/Ingress: disabled by default" { cd `chart_dir` - local actual=$(helm template \ - -x templates/ui-ingress.yaml \ - . | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] + assert_empty helm template \ + -s templates/ui-ingress.yaml \ + . } @test "ui/Ingress: enable with ui.ingress.enabled" { cd `chart_dir` local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ . | tee /dev/stderr | yq 'length > 0' | tee /dev/stderr) @@ -23,22 +21,18 @@ load _helpers @test "ui/Ingress: disable with ui.ingress.enabled" { cd `chart_dir` - local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + assert_empty helm template \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=false' \ - . | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] + . } @test "ui/Ingress: disable with ui.ingress.enabled dash string" { cd `chart_dir` - local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + assert_empty helm template \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=-' \ - . | tee /dev/stderr | - yq 'length > 0' | tee /dev/stderr) - [ "${actual}" = "false" ] + . } #-------------------------------------------------------------------- @@ -47,7 +41,7 @@ load _helpers @test "ui/Ingress: no hosts by default" { cd `chart_dir` local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.rules' | tee /dev/stderr) @@ -57,21 +51,67 @@ load _helpers @test "ui/Ingress: hosts can be set" { cd `chart_dir` local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ - --set 'ui.ingress.hosts[0]=foo.com' \ + --set 'ui.ingress.hosts[0].host=foo.com' \ . | tee /dev/stderr | yq -r '.spec.rules[0].host' | tee /dev/stderr) [ "${actual}" = "foo.com" ] } +@test "ui/Ingress: port 80 when global.tls.enabled=false enables http port" { + local actual=$(helm template \ + -s templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + --set 'global.tls.enabled=false' \ + --set 'ui.ingress.hosts[0].host=foo.com' \ + . | tee /dev/stderr | + yq -r '.spec.rules[0].http.paths[0].backend.servicePort' | tee /dev/stderr) + [ "${actual}" = "80" ] +} + +@test "ui/Ingress: port 80 when global.tls.enabled=true and global.tls.httpsOnly=true enables https port" { + local actual=$(helm template \ + -s templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + --set 'global.tls.enabled=true' \ + --set 'ui.ingress.hosts[0].host=foo.com' \ + . | tee /dev/stderr | + yq -r '.spec.rules[0].http.paths[0].backend.servicePort' | tee /dev/stderr) + [ "${actual}" = "443" ] +} + +@test "ui/Ingress: port 80 when global.tls.enabled=true and global.tls.httpsOnly=false enables http port" { + local actual=$(helm template \ + -s templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + --set 'global.tls.enabled=true' \ + --set 'global.tls.httpsOnly=false' \ + --set 'ui.ingress.hosts[0].host=foo.com' \ + . | tee /dev/stderr | + yq -r '.spec.rules[0].http.paths[0].backend.servicePort' | tee /dev/stderr) + [ "${actual}" = "80" ] +} + +@test "ui/Ingress: port 80 when global.tls.enabled=true and global.tls.httpsOnly=false enables https port" { + local actual=$(helm template \ + -s templates/ui-ingress.yaml \ + --set 'ui.ingress.enabled=true' \ + --set 'global.tls.enabled=true' \ + --set 'global.tls.httpsOnly=false' \ + --set 'ui.ingress.hosts[0].host=foo.com' \ + . | tee /dev/stderr | + yq -r '.spec.rules[0].http.paths[1].backend.servicePort' | tee /dev/stderr) + [ "${actual}" = "443" ] +} + #-------------------------------------------------------------------- # tls @test "ui/Ingress: no tls by default" { cd `chart_dir` local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ . | tee /dev/stderr | yq -r '.spec.tls' | tee /dev/stderr) @@ -81,7 +121,7 @@ load _helpers @test "ui/Ingress: tls can be set" { cd `chart_dir` local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ --set 'ui.ingress.tls[0].hosts[0]=foo.com' \ . | tee /dev/stderr | @@ -92,7 +132,7 @@ load _helpers @test "ui/Ingress: tls with secret name can be set" { cd `chart_dir` local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ --set 'ui.ingress.tls[0].hosts[0]=sslexample.foo.com' \ --set 'ui.ingress.tls[0].secretName=testsecret-tls' \ @@ -107,7 +147,7 @@ load _helpers @test "ui/Ingress: no annotations by default" { cd `chart_dir` local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ . | tee /dev/stderr | yq -r '.metadata.annotations' | tee /dev/stderr) @@ -117,7 +157,7 @@ load _helpers @test "ui/Ingress: annotations can be set" { cd `chart_dir` local actual=$(helm template \ - -x templates/ui-ingress.yaml \ + -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ --set 'ui.ingress.annotations=foo: bar' \ . | tee /dev/stderr | diff --git a/values.yaml b/values.yaml index f7a210a77..146d341e1 100644 --- a/values.yaml +++ b/values.yaml @@ -955,12 +955,16 @@ ui: # The value below is an array of objects, examples are shown below. tls: [] # - hosts: - # - sslexample.foo.com - # secretName: testsecret-tls + # - host: chart-example.local + # paths: [] + # secretName: testsecret-tls # This should be a multi-line string mapping directly to the a map of # the annotations to configure some options depending on the Ingress controller annotations: null + # | + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" # Configure the catalog sync process to sync K8S with Consul # services. This can run bidirectional (default) or unidirectionally (Consul From a93a27d3573f3821d4ffadd7ef98fc68a3030b6a Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Wed, 20 Jan 2021 18:20:41 -0500 Subject: [PATCH 4/6] Add annotations for new fields --- hack/helm-reference-gen/go.sum | 1 + values.yaml | 42 +++++++++++++++++++++++++--------- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/hack/helm-reference-gen/go.sum b/hack/helm-reference-gen/go.sum index 40c4a5897..23a1485aa 100644 --- a/hack/helm-reference-gen/go.sum +++ b/hack/helm-reference-gen/go.sum @@ -5,6 +5,7 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ= diff --git a/values.yaml b/values.yaml index 146d341e1..df60707a7 100644 --- a/values.yaml +++ b/values.yaml @@ -941,30 +941,50 @@ ui: # @type: string additionalSpec: null - ## True if you want to create an Ingress for the Consul UI. + # Configure Ingress for the Consul UI. ingress: + # This will create an Ingress resource for the Consul UI. + # @type: boolean enabled: false # hosts is a list of host name to create Ingress rules. # The value below is an array of objects, examples are shown below. + # + # ```yaml + # hosts: + # - host: foo.bar + # paths: + # - /example + # - /test + # ``` + # + # @type: array hosts: [] - # - sslexample.foo.com # tls is a list of hosts and secret name in an Ingress # which tells the Ingress controller to secure the channel. # The value below is an array of objects, examples are shown below. + # + # ```yaml + # tls: + # - hosts: + # - host: chart-example.local + # paths: [] + # secretName: testsecret-tls + # ``` + # @type: array tls: [] - # - hosts: - # - host: chart-example.local - # paths: [] - # secretName: testsecret-tls - # This should be a multi-line string mapping directly to the a map of - # the annotations to configure some options depending on the Ingress controller + # Annotations to apply to the UI ingress. + # + # Example: + # + # ```yaml + # annotations: | + # 'annotation-key': annotation-value + # ``` + # @type: string annotations: null - # | - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" # Configure the catalog sync process to sync K8S with Consul # services. This can run bidirectional (default) or unidirectionally (Consul From 79ff8a0a19e4fe58fbec10deee821b879fc3bf83 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Thu, 21 Jan 2021 14:58:27 -0500 Subject: [PATCH 5/6] Update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 465624af0..7d497f359 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ IMPROVEMENTS: * Use `consul-k8s` subcommand to perform `tls-init` job. This allows for server certificates to get rotated on subsequent runs. Consul servers have to be restarted in order for them to update their server certificates [[GH-749](https://github.com/hashicorp/consul-helm/pull/721)] +* Add support for Ingress resource for Consul UI [[GH-774](https://github.com/hashicorp/consul-helm/pull/721)] ## 0.28.0 (Dec 21, 2020) From 2ddc2fd0168ea029dc49e76b05e8b7ea0ac2fed9 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Thu, 21 Jan 2021 18:18:04 -0500 Subject: [PATCH 6/6] Code review suggestions --- CHANGELOG.md | 2 +- templates/ui-ingress.yaml | 14 +++----------- test/unit/ui-ingress.bats | 8 ++++---- values.yaml | 9 +++++---- 4 files changed, 13 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d497f359..363d095d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ IMPROVEMENTS: * Use `consul-k8s` subcommand to perform `tls-init` job. This allows for server certificates to get rotated on subsequent runs. Consul servers have to be restarted in order for them to update their server certificates [[GH-749](https://github.com/hashicorp/consul-helm/pull/721)] -* Add support for Ingress resource for Consul UI [[GH-774](https://github.com/hashicorp/consul-helm/pull/721)] +* Add support for Ingress resource for Consul UI [[GH-774](https://github.com/hashicorp/consul-helm/pull/774)] ## 0.28.0 (Dec 21, 2020) diff --git a/templates/ui-ingress.yaml b/templates/ui-ingress.yaml index 0b802b824..813598b29 100644 --- a/templates/ui-ingress.yaml +++ b/templates/ui-ingress.yaml @@ -1,7 +1,7 @@ {{- if (and (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.enabled | toString) "-") .Values.ui.enabled) (and (eq (.Values.ui.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.service.enabled | toString) "-") .Values.ui.service.enabled) (and (eq (.Values.ui.service.enabled | toString) "-") .Values.global.enabled))) }} {{- if (and (ne (.Values.ui.ingress.enabled | toString) "-") .Values.ui.ingress.enabled) }} {{- $serviceName := printf "%s-%s" (include "consul.fullname" .) "ui" -}} -apiVersion: extensions/v1beta1 +apiVersion: extensions/v1 kind: Ingress metadata: name: {{ template "consul.fullname" . }}-ingress @@ -23,16 +23,14 @@ spec: - host: {{ .host | quote }} http: paths: - {{- if (or (not $global.tls.enabled) (not $global.tls.httpsOnly)) }} {{- range (.paths | default (list "/")) }} + {{- if (or (not $global.tls.enabled) (not $global.tls.httpsOnly)) }} - backend: serviceName: {{ $serviceName }} servicePort: 80 path: {{ . }} {{- end }} - {{- end }} {{- if $global.tls.enabled }} - {{- range (.paths | default (list "/")) }} - backend: serviceName: {{ $serviceName }} servicePort: 443 @@ -42,13 +40,7 @@ spec: {{- end -}} {{- if .Values.ui.ingress.tls }} tls: - {{- range .Values.ui.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} + {{- toYaml .Values.ui.ingress.tls | nindent 4 }} {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/test/unit/ui-ingress.bats b/test/unit/ui-ingress.bats index 09c357680..c23d5795f 100755 --- a/test/unit/ui-ingress.bats +++ b/test/unit/ui-ingress.bats @@ -59,7 +59,7 @@ load _helpers [ "${actual}" = "foo.com" ] } -@test "ui/Ingress: port 80 when global.tls.enabled=false enables http port" { +@test "ui/Ingress: exposes single port 80 when global.tls.enabled=false" { local actual=$(helm template \ -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ @@ -70,7 +70,7 @@ load _helpers [ "${actual}" = "80" ] } -@test "ui/Ingress: port 80 when global.tls.enabled=true and global.tls.httpsOnly=true enables https port" { +@test "ui/Ingress: exposes single port 443 when global.tls.enabled=true and global.tls.httpsOnly=true" { local actual=$(helm template \ -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ @@ -81,7 +81,7 @@ load _helpers [ "${actual}" = "443" ] } -@test "ui/Ingress: port 80 when global.tls.enabled=true and global.tls.httpsOnly=false enables http port" { +@test "ui/Ingress: exposes the port 80 when global.tls.enabled=true and global.tls.httpsOnly=false" { local actual=$(helm template \ -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ @@ -93,7 +93,7 @@ load _helpers [ "${actual}" = "80" ] } -@test "ui/Ingress: port 80 when global.tls.enabled=true and global.tls.httpsOnly=false enables https port" { +@test "ui/Ingress: exposes the port 443 when global.tls.enabled=true and global.tls.httpsOnly=false" { local actual=$(helm template \ -s templates/ui-ingress.yaml \ --set 'ui.ingress.enabled=true' \ diff --git a/values.yaml b/values.yaml index df60707a7..9e92aad5d 100644 --- a/values.yaml +++ b/values.yaml @@ -942,13 +942,16 @@ ui: additionalSpec: null # Configure Ingress for the Consul UI. + # If `global.tls.enabled` is set to `true`, the Ingress will expose + # the port 443 on the UI service. Please ensure the Ingress Controller + # supports SSL pass-through and it is enabled to ensure traffic forwarded + # to port 443 has not been TLS terminated. ingress: # This will create an Ingress resource for the Consul UI. # @type: boolean enabled: false # hosts is a list of host name to create Ingress rules. - # The value below is an array of objects, examples are shown below. # # ```yaml # hosts: @@ -963,13 +966,11 @@ ui: # tls is a list of hosts and secret name in an Ingress # which tells the Ingress controller to secure the channel. - # The value below is an array of objects, examples are shown below. # # ```yaml # tls: # - hosts: - # - host: chart-example.local - # paths: [] + # - chart-example.local # secretName: testsecret-tls # ``` # @type: array