Skip to content

Commit

Permalink
Fixed comment formatting, added default values for the connector and …
Browse files Browse the repository at this point in the history 
…cluster TLS properties and changed the volume and paths names to be more descriptive.
  • Loading branch information
@Secchol
Secchol committed Oct 28, 2024
1 parent 0ea0a57 commit 4427df6
Show file tree
Hide file tree
Showing 11 changed files with 330 additions and 317 deletions.
3 changes: 2 additions & 1 deletion templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,9 @@ Renders the HTTP address of each GraphDB node that is part of the cluster, joine
{{- $namespace := include "graphdb.namespace" . -}}
{{- $cluster_domain := .Values.global.clusterDomain -}}
{{- $service_http_port := .Values.headlessService.ports.http -}}
{{- $protocol := ternary "https" "http" (ne .Values.configuration.tls.keystore.existingSecret "") }}
{{- range $i, $node_index := until (int .Values.replicas) -}}
http://{{ $pod_name }}-{{ $node_index }}.{{ $service_name }}.{{ $namespace }}.svc.{{ $cluster_domain }}:{{ $service_http_port }}
{{ $protocol }}://{{ $pod_name }}-{{ $node_index }}.{{ $service_name }}.{{ $namespace }}.svc.{{ $cluster_domain }}:{{ $service_http_port }}
{{- if gt (sub (int $.Values.replicas) 1) $node_index -}}
{{- ", " -}}
{{- end -}}
Expand Down
64 changes: 22 additions & 42 deletions templates/graphdb/configmap-properties.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,76 +20,56 @@ data:
{{- if eq (int .Values.replicas) 1}}
graphdb.external-url={{ include "graphdb.external-url" . }}
{{- end }}
{{- with .Values.configuration.tls }}
{{- if .enabled }}
{{- if .keystore.existingSecret }}
graphdb.connector.SSLEnabled = true
graphdb.connector.scheme = https
graphdb.connector.secure = true
{{- end }}
{{- if .keystore.secretName }}
graphdb.connector.keystoreFile=/etc/graphdb/connector-keystore.jks
{{- end }}
{{- if .keystore.keyAlias }}
graphdb.connector.keystoreFile=/etc/graphdb/connector-keystore/connector-keystore.jks
graphdb.connector.keyAlias={{ .keystore.keyAlias }}
{{- end }}
{{- if .keystore.keystoreProvider }}
graphdb.connector.keystoreProvider={{ .keystore.keystoreProvider }}
{{- end }}
{{- if .keystore.keystoreType }}
graphdb.connector.keystoreType={{ .keystore.keystoreType }}
{{- end }}
{{- if .truststore.secretName }}
graphdb.connector.truststoreFile=/etc/graphdb/connector-truststore.jks
{{- end }}
{{- if .truststore.truststoreProvider }}
{{- if .truststore.existingSecret }}
graphdb.connector.truststoreFile=/etc/graphdb/connector-truststore/connector-truststore.jks
graphdb.connector.truststoreProvider={{ .truststore.truststoreProvider }}
{{- end }}
{{- if .truststore.truststoreType }}
graphdb.connector.truststoreType={{ .truststore.truststoreType }}
{{- end }}
{{- if .certificateRevocationList.secretName }}
graphdb.connector.certificateRevocationListFile=/etc/graphdb/connector-certificate-revocation-list.pem
{{- if .certificateRevocationList.existingSecret}}
graphdb.connector.certificateRevocationListFile=/etc/graphdb/connector-certificate-revocation-list/connector-certificate-revocation-list.pem
{{- end }}
{{- end }}
{{- with .Values.cluster.tls }}
graphdb.raft.security.mode={{ .mode }}
{{- if .privateKey.secretName }}
graphdb.raft.security.certificateKeyFile=/etc/graphdb/private-key.pem
{{- if .privateKey.existingSecret }}
graphdb.raft.security.certificateKeyFile=/etc/graphdb/cluster-private-key/cluster-private-key.pem
{{- end }}
{{- if .certificate.secretName }}
graphdb.raft.security.certificateFile=/etc/graphdb/certificate.pem
{{- if .certificate.existingSecret }}
graphdb.raft.security.certificateFile=/etc/graphdb/cluster-certificate/cluster-certificate.pem
{{- end }}
{{- if .certificateChain.secretName }}
graphdb.raft.security.certificateChainFile=/etc/graphdb/certificate-chain.pem
{{- if .certificateChain.existingSecret }}
graphdb.raft.security.certificateChainFile=/etc/graphdb/cluster-certificate-chain/cluster-certificate-chain.pem
{{- end }}
{{- if .keystore.secretName }}
graphdb.raft.security.keystoreFile=/etc/graphdb/keystore.jks
{{- end }}
{{- if .keystore.keyAlias }}
{{- if .keystore.existingSecret }}
graphdb.raft.security.keystoreFile=/etc/graphdb/cluster-keystore/cluster-keystore.jks
graphdb.raft.security.keyAlias={{ .keystore.keyAlias }}
{{- end }}
{{- if .keystore.keystoreProvider }}
graphdb.raft.security.keystoreProvider={{ .keystore.keystoreProvider }}
{{- end }}
{{- if .keystore.keystoreType }}
graphdb.raft.security.keystoreType={{ .keystore.keystoreType }}
{{- end }}
{{- if .truststore.secretName }}
graphdb.raft.security.truststoreFile=/etc/graphdb/truststore.jks
{{- end }}
{{- if .truststore.truststoreProvider }}
{{- if .truststore.existingSecret }}
graphdb.raft.security.truststoreFile=/etc/graphdb/cluster-truststore/cluster-truststore.jks
graphdb.raft.security.truststoreProvider={{ .truststore.truststoreProvider }}
{{- end }}
{{- if .truststore.truststoreType }}
graphdb.raft.security.truststoreType={{ .truststore.truststoreType }}
{{- end }}
{{- if .rootCerts.secretName }}
graphdb.raft.security.rootCerts=/etc/graphdb/root-certs.pem
{{- if .rootCerts.existingSecret }}
graphdb.raft.security.rootCerts=/etc/graphdb/cluster-root-certs/cluster-root-certs.pem
{{- end }}
{{- if .certificateRevocationList.secretName }}
graphdb.raft.security.certificateRevocationListFile=/etc/graphdb/certificate-revocation-list.pem
{{- if .certificateRevocationList.existingSecret }}
graphdb.raft.security.certificateRevocationListFile=/etc/graphdb/cluster-certificate-revocation-list/cluster-certificate-revocation-list.pem
{{- end }}
{{- end }}
{{- if .Values.configuration.properties }}
##### Overrides from values.yaml #####
{{- range $key, $val := .Values.configuration.properties -}}
Expand Down
180 changes: 100 additions & 80 deletions templates/graphdb/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,57 +127,87 @@ spec:
secretName: {{ (tpl .Values.security.initialUsers.existingSecret .) | default (include "graphdb.fullname.secret.initial-users" .) }}
{{- end }}
{{- with .Values.configuration.tls }}
{{- if .keystore.secretName}}
{{- if .keystore.existingSecret }}
- name: graphdb-connector-keystore
secret:
secretName: {{ .keystore.secretName }}
secretName: {{ .keystore.existingSecret }}
items:
- key: {{ .keystore.keystoreKey }}
path: connector-keystore.jks
{{- end }}
{{- if .truststore.secretName}}
{{- if .truststore.existingSecret }}
- name: graphdb-connector-truststore
secret:
secretName: {{ .truststore.secretName }}
secretName: {{ .truststore.existingSecret }}
items:
- key: {{ .truststore.truststoreKey }}
path: connector-truststore.jks
{{- end }}
{{- if .certificateRevocationList.secretName }}
{{- if .certificateRevocationList.existingSecret }}
- name: graphdb-connector-certificate-revocation-list
secret:
secretName: {{ .certificateRevocationList.secretName }}
secretName: {{ .certificateRevocationList.existingSecret }}
items:
- key: {{ .certificateRevocationList.certificateRevocationListKey }}
path: connector-certificate-revocation-list.pem
{{- end }}
{{- end }}
{{- with .Values.cluster.tls }}
{{- if .keystore.secretName}}
- name: graphdb-keystore
{{- if .keystore.existingSecret }}
- name: graphdb-cluster-keystore
secret:
secretName: {{ .keystore.secretName }}
secretName: {{ .keystore.existingSecret }}
items:
- key: {{ .keystore.keystoreKey }}
path: cluster-keystore.jks
{{- end }}
{{- if .truststore.secretName}}
- name: graphdb-truststore
{{- if .truststore.existingSecret }}
- name: graphdb-cluster-truststore
secret:
secretName: {{ .truststore.secretName }}
secretName: {{ .truststore.existingSecret }}
items:
- key: {{ .truststore.truststoreKey }}
path: cluster-truststore.jks
{{- end }}
{{- if .privateKey.secretName }}
- name: graphdb-private-key
{{- if .privateKey.existingSecret }}
- name: graphdb-cluster-private-key
secret:
secretName: {{ .privateKey.secretName }}
secretName: {{ .privateKey.existingSecret }}
items:
- key: {{ .privateKey.privateKeyKey }}
path: cluster-private-key.pem
{{- end }}
{{- if .certificate.secretName }}
- name: graphdb-certificate
{{- if .certificate.existingSecret }}
- name: graphdb-cluster-certificate
secret:
secretName: {{ .certificate.secretName }}
secretName: {{ .certificate.existingSecret }}
items:
- key: {{ .certificate.certificateKey }}
path: cluster-certificate.pem
{{- end }}
{{- if .certificateChain.secretName }}
- name: graphdb-certificate-chain
{{- if .certificateChain.existingSecret }}
- name: graphdb-cluster-certificate-chain
secret:
secretName: {{ .certificateChain.secretName }}
secretName: {{ .certificateChain.existingSecret }}
items:
- key: {{ .certificateChain.certificateChainKey }}
path: cluster-certificate-chain.pem
{{- end }}
{{- if .rootCerts.secretName }}
- name: graphdb-root-certs
{{- if .rootCerts.existingSecret }}
- name: graphdb-cluster-root-certs
secret:
secretName: {{ .rootCerts.secretName }}
secretName: {{ .rootCerts.existingSecret }}
items:
- key: {{ .rootCerts.rootCertsKey }}
path: cluster-root-certs.pem
{{- end }}
{{- if .certificateRevocationList.secretName }}
- name: graphdb-certificate-revocation-list
{{- if .certificateRevocationList.existingSecret }}
- name: graphdb-cluster-certificate-revocation-list
secret:
secretName: {{ .certificateRevocationList.secretName }}
secretName: {{ .certificateRevocationList.existingSecret }}
items:
- key: {{ .certificateRevocationList.certificateRevocationListKey }}
path: cluster-certificate-revocation-list.pem
{{- end }}
{{- end }}
{{- with .Values.extraVolumes }}
Expand Down Expand Up @@ -391,41 +421,41 @@ spec:
{{- end }}
env:
{{- with .Values.configuration.tls }}
{{- if .keystore.secretName }}
{{- if .keystore.existingSecret }}
- name: graphdb.connector.keystorePass
valueFrom:
secretKeyRef:
name: {{ .keystore.secretName }}
name: {{ .keystore.existingSecret }}
key: {{ .keystore.keystorePasswordKey }}
{{- end }}
{{- if .truststore.secretName }}
{{- if .truststore.existingSecret }}
- name: graphdb.connector.truststorePass
valueFrom:
secretKeyRef:
name: {{ .truststore.secretName }}
name: {{ .truststore.existingSecret }}
key: {{ .truststore.truststorePasswordKey }}
{{- end }}
{{- end }}
{{- with .Values.cluster.tls }}
{{- if .keystore.secretName }}
{{- if .keystore.existingSecret }}
- name: graphdb.raft.security.keystorePass
valueFrom:
secretKeyRef:
name: {{ .keystore.secretName }}
name: {{ .keystore.existingSecret }}
key: {{ .keystore.keystorePasswordKey }}
{{- end }}
{{- if .truststore.secretName }}
{{- if .truststore.existingSecret }}
- name: graphdb.raft.security.truststorePass
valueFrom:
secretKeyRef:
name: {{ .truststore.secretName }}
name: {{ .truststore.existingSecret }}
key: {{ .truststore.truststorePasswordKey }}
{{- end }}
{{- if .privateKey.secretName}}
{{- if .privateKey.existingSecret }}
- name: graphdb.raft.security.certificateKeyPassword
valueFrom:
secretKeyRef:
name: {{ .privateKey.secretName }}
name: {{ .privateKey.existingSecret }}
key: {{ .privateKey.privateKeyPasswordKey }}
{{- end }}
{{- end }}
Expand All @@ -452,57 +482,47 @@ spec:
mountPath: /opt/graphdb/home/graphdb-import
{{- end }}
{{- with .Values.configuration.tls }}
{{- if .keystore.secretName}}
{{- if .keystore.existingSecret }}
- name: graphdb-connector-keystore
mountPath: /etc/graphdb/connector-keystore.jks
subPath: {{ .keystore.keystoreKey }}
mountPath: /etc/graphdb/connector-keystore
{{- end }}
{{- if .truststore.secretName}}
{{- if .truststore.existingSecret }}
- name: graphdb-connector-truststore
mountPath: /etc/graphdb/connector-truststore.jks
subPath: {{ .truststore.truststoreKey }}
mountPath: /etc/graphdb/connector-truststore
{{- end }}
{{- if .certificateRevocationList.secretName }}
{{- if .certificateRevocationList.existingSecret }}
- name: graphdb-connector-certificate-revocation-list
mountPath: /etc/graphdb/connector-certificate-revocation-list.pem
subPath: {{ .certificateRevocationList.certificateRevocationListKey }}
mountPath: /etc/graphdb/connector-certificate-revocation-list
{{- end }}
{{- end }}
{{- with .Values.cluster.tls }}
{{- if .keystore.secretName}}
- name: graphdb-keystore
mountPath: /etc/graphdb/keystore.jks
subPath: {{ .keystore.keystoreKey }}
{{- end }}
{{- if .truststore.secretName}}
- name: graphdb-truststore
mountPath: /etc/graphdb/truststore.jks
subPath: {{ .truststore.truststoreKey }}
{{- end }}
{{- if .privateKey.secretName }}
- name: graphdb-private-key
mountPath: /etc/graphdb/private-key.pem
subPath: {{ .privateKey.privateKeyKey }}
{{- end }}
{{- if .certificate.secretName }}
- name: graphdb-certificate
mountPath: /etc/graphdb/certificate.pem
subPath: {{ .certificate.certificateKey }}
{{- end }}
{{- if .certificateChain.secretName }}
- name: graphdb-certificate-chain
mountPath: /etc/graphdb/certificate-chain.pem
subPath: {{ .certificateChain.certificateChainKey }}
{{- end }}
{{- if .rootCerts.secretName }}
- name: graphdb-root-certs
mountPath: /etc/graphdb/root-certs.pem
subPath: {{ .rootCerts.rootCertsKey }}
{{- end }}
{{- if .certificateRevocationList.secretName }}
- name: graphdb-certificate-revocation-list
mountPath: /etc/graphdb/certificate-revocation-list.pem
subPath: {{ .certificateRevocationList.certificateRevocationListKey }}
{{- if .keystore.existingSecret }}
- name: graphdb-cluster-keystore
mountPath: /etc/graphdb/cluster-keystore
{{- end }}
{{- if .truststore.existingSecret }}
- name: graphdb-cluster-truststore
mountPath: /etc/graphdb/cluster-truststore
{{- end }}
{{- if .privateKey.existingSecret }}
- name: graphdb-cluster-private-key
mountPath: /etc/graphdb/cluster-private-key
{{- end }}
{{- if .certificate.existingSecret }}
- name: graphdb-cluster-certificate
mountPath: /etc/graphdb/cluster-certificate
{{- end }}
{{- if .certificateChain.existingSecret }}
- name: graphdb-cluster-certificate-chain
mountPath: /etc/graphdb/cluster-certificate-chain
{{- end }}
{{- if .rootCerts.existingSecret }}
- name: graphdb-cluster-root-certs
mountPath: /etc/graphdb/cluster-root-certs
{{- end }}
{{- if .certificateRevocationList.existingSecret }}
- name: graphdb-cluster-certificate-revocation-list
mountPath: /etc/graphdb/cluster-certificate-revocation-list
{{- end }}
{{- end }}
{{- with .Values.extraVolumeMounts }}
Expand Down
2 changes: 1 addition & 1 deletion templates/jobs/job-create-cluster.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ spec:
- name: GRAPHDB_SERVICE_PORT
value: {{ .Values.headlessService.ports.http | quote }}
- name: GRAPHDB_PROTOCOL
value: "{{ if .Values.configuration.tls.enabled }}https{{ else }}http{{ end }}"
value: {{ ternary "https" "http" (ne .Values.configuration.tls.keystore.existingSecret "") }}
- name: GRAPHDB_AUTH_TOKEN
valueFrom:
secretKeyRef:
Expand Down
2 changes: 1 addition & 1 deletion templates/jobs/job-patch-cluster.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ spec:
- name: GRAPHDB_PROXY_SERVICE_PORT
value: {{ .Values.proxy.headlessService.ports.http | quote }}
- name: GRAPHDB_PROTOCOL
value: "{{ if .Values.configuration.tls.enabled }}https{{ else }}http{{ end }}"
value: {{ ternary "https" "http" (ne .Values.configuration.tls.keystore.existingSecret "") }}
- name: GRAPHDB_AUTH_TOKEN
valueFrom:
secretKeyRef:
Expand Down
2 changes: 1 addition & 1 deletion templates/jobs/job-provision-repositories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ spec:
- name: GRAPHDB_SERVICE_PORT
value: {{ .Values.headlessService.ports.http | quote }}
- name: GRAPHDB_PROTOCOL
value: "{{ if .Values.configuration.tls.enabled }}https{{ else }}http{{ end }}"
value: {{ ternary "https" "http" (ne .Values.configuration.tls.keystore.existingSecret "") }}
- name: GRAPHDB_AUTH_TOKEN
valueFrom:
secretKeyRef:
Expand Down
Loading

0 comments on commit 4427df6

Please sign in to comment.