Merge pull request #8169 from OpenMined/yash/helm-tls

Separate out setting a cluster's TLS & hostname
OpenMined · Oct 16, 2023 · ffdb1e3 · ffdb1e3
2 parents 69c2741 + a804bfa
commit ffdb1e3
Show file tree

Hide file tree

Showing 6 changed files with 119 additions and 10 deletions.
diff --git a/packages/grid/helm/helm.py b/packages/grid/helm/helm.py
@@ -65,8 +65,9 @@ def replace_variables(d: Any) -> None:
     if "kubernetes.io/ingress.class" in d:
         d["kubernetes.io/ingress.class"] = "{{ .Values.ingress.ingressClass }}"
 
-    if "kind" in d and d["kind"] == "Ingress" and "spec" in d:
-        d["spec"]["tls"] = [{"hosts": ["{{ .Values.node.settings.hostname }}"]}]
+    # ONLY FOR TLS
+    if d.get("kind") == "Ingress" and "tls" in d.get("spec", {}):
+        d["spec"]["tls"][0]["hosts"][0] = "{{ .Values.node.settings.hostname }}"
         d["spec"]["rules"][0]["host"] = "{{ .Values.node.settings.hostname }}"
 
 
@@ -91,14 +92,34 @@ def get_yaml_name(doc: dict) -> Any:
         return ""
 
 
-def apply_patches(yaml: str, resource_name: str) -> str:
+def ingress_with_tls() -> str:
+    script_path = os.path.dirname(os.path.realpath(__file__))
+    manifest_path = os.path.normpath(
+        os.path.join(script_path, "..", "k8s", "manifests")
+    )
+    ingress_tls = os.path.join(manifest_path, "ingress-tls.yaml")
+
+    with open(ingress_tls) as fp:
+        return fp.read()
+
+
+def apply_patches(yaml: str, resource_name: str, resource_kind: str) -> str:
+    # print(resource_kind, resource_name)
     # apply resource specific patches
     if resource_name.startswith("seaweedfs"):
         yaml = (
             '{{- if ne .Values.node.settings.nodeType "gateway"}}\n'
             + yaml.rstrip()
             + "\n{{ end }}\n"
         )
+    elif resource_kind == "ingress" and resource_name.endswith("tls"):
+        yaml = "{{- if .Values.node.settings.tls }}\n" + yaml.rstrip() + "\n{{ end }}\n"
+    elif resource_kind == "ingress" and not resource_name.endswith("tls"):
+        yaml = (
+            "{{- if not .Values.node.settings.tls }}\n"
+            + yaml.rstrip()
+            + "\n{{ end }}\n"
+        )
 
     # global patches
     yaml = (
@@ -140,6 +161,14 @@ def main() -> None:
 
     # Load the multi-doc yaml file
     try:
+        # append custom docs
+        input_data = "\n---\n".join(
+            [
+                input_data,
+                ingress_with_tls(),
+            ]
+        )
+
         yaml_docs = list(yaml.safe_load_all(input_data))
     except Exception as e:
         print(f"❌ Error while parsing yaml file: {e}")
@@ -169,7 +198,7 @@ def main() -> None:
             # Create new file with name or append if it already exists
             new_file = os.path.join(helm_chart_template_dir, f"{name}-{kind}.yaml")
             yaml_dump = yaml.dump(doc)
-            yaml_dump = apply_patches(yaml_dump, name)
+            yaml_dump = apply_patches(yaml_dump, name, kind)
 
             with open(new_file, "w") as f:
                 f.write(yaml_dump)  # add document separator

diff --git a/packages/grid/helm/manifests.yaml b/packages/grid/helm/manifests.yaml
@@ -277,6 +277,33 @@ spec:
         path: /
         pathType: Prefix
 ---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: ''
+  name: grid-stack-ingress-tls
+spec:
+  defaultBackend:
+    service:
+      name: proxy
+      port:
+        number: 80
+  rules:
+  - host: ''
+    http:
+      paths:
+      - backend:
+          service:
+            name: proxy
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - ''
+---
 apiVersion: v1
 kind: Service
 metadata:

diff --git a/packages/grid/helm/syft/templates/grid-stack-ingress-ingress.yaml b/packages/grid/helm/syft/templates/grid-stack-ingress-ingress.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.node.settings.tls }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -11,8 +12,7 @@ spec:
       port:
         number: 80
   rules:
-  - host: {{ .Values.node.settings.hostname }}
-    http:
+  - http:
       paths:
       - backend:
           service:
@@ -21,6 +21,4 @@ spec:
               number: 80
         path: /
         pathType: Prefix
-  tls:
-  - hosts:
-    - {{ .Values.node.settings.hostname }}
+{{ end }}
diff --git a/packages/grid/helm/syft/templates/grid-stack-ingress-tls-ingress.yaml b/packages/grid/helm/syft/templates/grid-stack-ingress-tls-ingress.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.node.settings.tls }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: {{ .Values.ingress.ingressClass }}
+  name: grid-stack-ingress-tls
+spec:
+  defaultBackend:
+    service:
+      name: proxy
+      port:
+        number: 80
+  rules:
+  - host: {{ .Values.node.settings.hostname }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: proxy
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - {{ .Values.node.settings.hostname }}
+{{ end }}
diff --git a/packages/grid/helm/syft/values.yaml b/packages/grid/helm/syft/values.yaml
@@ -22,7 +22,8 @@ db:
 
 node:
   settings:
-    hostname: "localhost"
+    tls: false
+    hostname: "" # do not make this localhost
     nodeName: "mynode"
     nodeType: "domain"
     versionHash: "abc"

diff --git a/packages/grid/k8s/manifests/ingress-tls.yaml b/packages/grid/k8s/manifests/ingress-tls.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grid-stack-ingress-tls
+  annotations:
+    kubernetes.io/ingress.class: ""
+spec:
+  defaultBackend:
+    service:
+      name: proxy
+      port:
+        number: 80
+  rules:
+    - host: ""
+      http:
+        paths:
+          - backend:
+              service:
+                name: proxy
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - ""