Adapt gerrit-chart to follow same ingress config pattern as gerrit-replica
Change-Id: Ie4f3ae3d65e0ad72ccd47e6452336013abe65422
diff --git a/helm-charts/gerrit/README.md b/helm-charts/gerrit/README.md
index b430ff5..4aa9b8a 100644
--- a/helm-charts/gerrit/README.md
+++ b/helm-charts/gerrit/README.md
@@ -38,7 +38,7 @@
## Installing the Chart
***note
-**ATTENTION:** The value for `gerrit.ingress.host` is required for rendering
+**ATTENTION:** The value for `ingress.host` is required for rendering
the chart's templates. The nature of the value does not allow defaults.
Thus a custom `values.yaml`-file setting this value is required!
***
@@ -184,6 +184,19 @@
|-----------|----------------------------------------------------------------------------|---------|
| `caCert` | CA certificate for TLS verification (if not set, the default will be used) | `None` |
+### Ingress
+
+| Parameter | Description | Default |
+|---------------------------------|-------------------------------------------------------------------|-----------------------------------|
+| `ingress.enabled` | Whether to enable the Ingress | `false` |
+| `ingress.host` | REQUIRED: Host name to use for the Ingress (required for Ingress) | `nil` |
+| `ingress.additionalAnnotations` | Additional annotations for the Ingress | `nil` |
+| `ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
+| `ingress.tls.secret.create` | Whether to create a TLS-secret | `true` |
+| `ingress.tls.secret.name` | Name of an external secret that will be used as a TLS-secret | `nil` |
+| `ingress.tls.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
+| `ingress.tls.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
+
### Git garbage collection
| Parameter | Description | Default |
@@ -230,13 +243,6 @@
| `gerrit.networkPolicy.egress` | Custom egress-network policy for gerrit pods | `nil` |
| `gerrit.service.type` | Which kind of Service to deploy | `NodePort` |
| `gerrit.service.http.port` | Port over which to expose HTTP | `80` |
-| `gerrit.ingress.host` | REQUIRED: Host name to use for the Ingress (required for Ingress) | `nil` |
-| `gerrit.ingress.additionalAnnotations` | Additional annotations for the Ingress | `nil` |
-| `gerrit.ingress.tls.enabled` | Whether to enable TLS termination in the Ingress | `false` |
-| `gerrit.ingress.tls.secret.create` | Whether to create a TLS-secret | `true` |
-| `gerrit.ingress.tls.secret.name` | Name of an external secret that will be used as a TLS-secret | `nil` |
-| `gerrit.ingress.tls.secret.cert` | Public SSL server certificate | `-----BEGIN CERTIFICATE-----` |
-| `gerrit.ingress.tls.secret.key` | Private SSL server certificate | `-----BEGIN RSA PRIVATE KEY-----` |
| `gerrit.keystore` | base64-encoded Java keystore (`cat keystore.jks | base64`) to be used by Gerrit, when using SSL | `nil` |
| `gerrit.index.type` | Index type used by Gerrit (either `lucene` or `elasticsearch`) | `lucene` |
| `gerrit.plugins.packaged` | List of Gerrit plugins that are packaged into the Gerrit-war-file to install | `["commit-message-length-validator", "download-commands", "replication", "reviewnotes"]` |
diff --git a/helm-charts/gerrit/templates/NOTES.txt b/helm-charts/gerrit/templates/NOTES.txt
index 7b6d808..b71b3b0 100644
--- a/helm-charts/gerrit/templates/NOTES.txt
+++ b/helm-charts/gerrit/templates/NOTES.txt
@@ -1,4 +1,4 @@
A primary Gerrit instance has been deployed.
==================================
-Gerrit may be accessed under: {{ .Values.gerrit.ingress.host }}
+Gerrit may be accessed under: {{ .Values.ingress.host }}
diff --git a/helm-charts/gerrit/templates/gerrit.ingress.yaml b/helm-charts/gerrit/templates/gerrit.ingress.yaml
deleted file mode 100644
index c0dae05..0000000
--- a/helm-charts/gerrit/templates/gerrit.ingress.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
- name: {{ .Release.Name }}-gerrit-ingress
- labels:
- app: gerrit
- chart: {{ template "gerrit.chart" . }}
- heritage: {{ .Release.Service }}
- release: {{ .Release.Name }}
- annotations:
- nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.gerrit.ingress.maxBodySize | default "50m" }}
- {{- if .Values.gerrit.ingress.additionalAnnotations }}
-{{ toYaml .Values.gerrit.ingress.additionalAnnotations | indent 4 }}
- {{- end }}
-spec:
- {{ if .Values.gerrit.ingress.tls.enabled -}}
- tls:
- - hosts:
- - {{ .Values.gerrit.ingress.host }}
- {{ if .Values.gerrit.ingress.tls.secret.create -}}
- secretName: {{ .Release.Name }}-gerrit-tls-secret
- {{- else }}
- secretName: {{ .Values.gerrit.ingress.tls.secret.name }}
- {{- end }}
- {{- end }}
- rules:
- - host: {{required "A host URL is required for the Gerrit Ingress. Please set 'gerrit.ingress.host'" .Values.gerrit.ingress.host }}
- http:
- paths:
- - backend:
- serviceName: {{ .Release.Name }}-gerrit-service
- servicePort: {{ .Values.gerrit.service.http.port }}
diff --git a/helm-charts/gerrit/templates/gerrit.secrets.yaml b/helm-charts/gerrit/templates/gerrit.secrets.yaml
index 77c0445..4d67840 100644
--- a/helm-charts/gerrit/templates/gerrit.secrets.yaml
+++ b/helm-charts/gerrit/templates/gerrit.secrets.yaml
@@ -15,21 +15,3 @@
{{ $key }}: {{ $value | b64enc }}
{{- end }}
type: Opaque
----
-{{ if and .Values.gerrit.ingress.tls.enabled .Values.gerrit.ingress.tls.secret.create -}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Release.Name }}-gerrit-tls-secret
- labels:
- app: gerrit
- chart: {{ template "gerrit.chart" . }}
- heritage: {{ .Release.Service }}
- release: {{ .Release.Name }}
-type: kubernetes.io/tls
-data:
- {{ with .Values.gerrit.ingress.tls.secret -}}
- tls.crt: {{ .cert | b64enc }}
- tls.key: {{ .key | b64enc }}
- {{- end }}
-{{- end }}
diff --git a/helm-charts/gerrit/templates/ingress.yaml b/helm-charts/gerrit/templates/ingress.yaml
new file mode 100644
index 0000000..46d60d8
--- /dev/null
+++ b/helm-charts/gerrit/templates/ingress.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: {{ .Release.Name }}-gerrit-ingress
+ labels:
+ app: gerrit
+ chart: {{ template "gerrit.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ annotations:
+ nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.ingress.maxBodySize | default "50m" }}
+ {{- if .Values.ingress.additionalAnnotations }}
+{{ toYaml .Values.ingress.additionalAnnotations | indent 4 }}
+ {{- end }}
+spec:
+ {{ if .Values.ingress.tls.enabled -}}
+ tls:
+ - hosts:
+ - {{ .Values.ingress.host }}
+ {{ if .Values.ingress.tls.secret.create -}}
+ secretName: {{ .Release.Name }}-gerrit-tls-secret
+ {{- else }}
+ secretName: {{ .Values.ingress.tls.secret.name }}
+ {{- end }}
+ {{- end }}
+ rules:
+ - host: {{required "A host URL is required for the Gerrit Ingress. Please set 'ingress.host'" .Values.ingress.host }}
+ http:
+ paths:
+ - backend:
+ serviceName: {{ .Release.Name }}-gerrit-service
+ servicePort: {{ .Values.gerrit.service.http.port }}
+{{- end }}
+---
+{{ if and .Values.ingress.tls.enabled .Values.ingress.tls.secret.create -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-gerrit-tls-secret
+ labels:
+ app: gerrit
+ chart: {{ template "gerrit.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+type: kubernetes.io/tls
+data:
+ {{ with .Values.ingress.tls -}}
+ tls.crt: {{ .cert | b64enc }}
+ tls.key: {{ .key | b64enc }}
+ {{- end }}
+{{- end }}
diff --git a/helm-charts/gerrit/values.yaml b/helm-charts/gerrit/values.yaml
index 496daa7..506227a 100644
--- a/helm-charts/gerrit/values.yaml
+++ b/helm-charts/gerrit/values.yaml
@@ -57,6 +57,35 @@
caCert:
+ingress:
+ enabled: false
+ host:
+ # The maximum body size to allow for requests. Use "0" to allow unlimited
+ # reuqest body sizes.
+ maxBodySize: 50m
+ additionalAnnotations: {}
+ # nginx.ingress.kubernetes.io/server-alias: example.com
+ # nginx.ingress.kubernetes.io/whitelist-source-range: xxx.xxx.xxx.xxx
+ tls:
+ enabled: false
+ secret:
+ create: true
+ # `name` will only be used, if `create` is set to false to bind an
+ # existing secret. Otherwise the name will be automatically generated to
+ # avoid conflicts between multiple chart installations.
+ name:
+ # `cert`and `key` will only be used, if the secret will be created by
+ # this chart.
+ cert: |-
+ -----BEGIN CERTIFICATE-----
+
+ -----END CERTIFICATE-----
+ key: |-
+ -----BEGIN RSA PRIVATE KEY-----
+
+ -----END RSA PRIVATE KEY-----
+
+
gitGC:
image: k8sgerrit/git-gc
@@ -126,33 +155,6 @@
http:
port: 80
- ingress:
- host:
- # The maximum body size to allow for requests. Use "0" to allow unlimited
- # reuqest body sizes.
- maxBodySize: 50m
- additionalAnnotations: {}
- # nginx.ingress.kubernetes.io/server-alias: example.com
- # nginx.ingress.kubernetes.io/whitelist-source-range: xxx.xxx.xxx.xxx
- tls:
- enabled: false
- secret:
- create: true
- # `name` will only be used, if `create` is set to false to bind an
- # existing secret. Otherwise the name will be automatically generated to
- # avoid conflicts between multiple chart installations.
- name:
- # `cert`and `key` will only be used, if the secret will be created by
- # this chart.
- cert: |-
- -----BEGIN CERTIFICATE-----
-
- -----END CERTIFICATE-----
- key: |-
- -----BEGIN RSA PRIVATE KEY-----
-
- -----END RSA PRIVATE KEY-----
-
# `gerrit.keystore` expects a base64-encoded Java-keystore
# Since Java keystores are binary files, adding the unencoded content and
# automatic encoding using helm does not work here.
diff --git a/tests/helm-charts/gerrit/conftest.py b/tests/helm-charts/gerrit/conftest.py
index 2091700..51844f9 100644
--- a/tests/helm-charts/gerrit/conftest.py
+++ b/tests/helm-charts/gerrit/conftest.py
@@ -81,7 +81,8 @@
chart_opts = {
"images.registry.name": request.config.getoption("--registry"),
"images.version": docker_tag,
- "gerrit.ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
+ "ingress.enabled": True,
+ "ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
}
chart = gerrit_deployment_factory(chart_opts)
diff --git a/tests/helm-charts/gerrit/test_chart_gerrit_plugins.py b/tests/helm-charts/gerrit/test_chart_gerrit_plugins.py
index 1b27040..efd52bc 100644
--- a/tests/helm-charts/gerrit/test_chart_gerrit_plugins.py
+++ b/tests/helm-charts/gerrit/test_chart_gerrit_plugins.py
@@ -73,7 +73,8 @@
"images.registry.name": request.config.getoption("--registry"),
"images.version": docker_tag,
"images.ImagePullPolicy": "IfNotPresent",
- "gerrit.ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
+ "ingress.enabled": True,
+ "ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
"gerrit.plugins.packaged": plugins_opts_string,
}
chart = gerrit_deployment_with_plugins_factory(chart_opts)
@@ -99,7 +100,8 @@
"images.registry.name": request.config.getoption("--registry"),
"images.version": docker_tag,
"images.ImagePullPolicy": "IfNotPresent",
- "gerrit.ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
+ "ingress.enabled": True,
+ "ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
}
selected_plugins = plugin_list[: request.param]
for counter, plugin in enumerate(selected_plugins):
@@ -122,7 +124,8 @@
"images.registry.name": request.config.getoption("--registry"),
"images.version": docker_tag,
"images.ImagePullPolicy": "IfNotPresent",
- "gerrit.ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
+ "ingress.enabled": True,
+ "ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
}
plugin = plugin_list[0]
chart_opts["gerrit.plugins.downloaded[0].name"] = plugin["name"]
diff --git a/tests/helm-charts/gerrit/test_chart_gerrit_ssl.py b/tests/helm-charts/gerrit/test_chart_gerrit_ssl.py
index 20c9674..306df73 100644
--- a/tests/helm-charts/gerrit/test_chart_gerrit_ssl.py
+++ b/tests/helm-charts/gerrit/test_chart_gerrit_ssl.py
@@ -44,10 +44,11 @@
"images.registry.name": request.config.getoption("--registry"),
"images.version": docker_tag,
"images.ImagePullPolicy": "IfNotPresent",
- "gerrit.ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
- "gerrit.ingress.tls.enabled": "true",
- "gerrit.ingress.tls.cert": ssl_certificate.get_cert().decode(),
- "gerrit.ingress.tls.key": ssl_certificate.get_key().decode(),
+ "ingress.enabled": True,
+ "ingress.host": "primary.%s" % request.config.getoption("--ingress-url"),
+ "ingress.tls.enabled": "true",
+ "ingress.tls.cert": ssl_certificate.get_cert().decode(),
+ "ingress.tls.key": ssl_certificate.get_key().decode(),
}
chart = gerrit_deployment_factory(chart_opts)
pod_labels = "app=gerrit,release=%s" % chart["name"]
