From 710605100f5a6fc40bb4e3599387184639bc4c30 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Wed, 21 Aug 2024 11:55:46 +0200 Subject: [PATCH] Add opportunity to override values for tenant Kubernetes clusters (#297) Signed-off-by: Andrei Kvapil Signed-off-by: Andrei Kvapil --- packages/apps/kubernetes/README.md | 15 +++++++++------ .../templates/helmreleases/cert-manager.yaml | 17 +++++++++++++++++ .../templates/helmreleases/fluxcd.yaml | 17 +++++++++++++++++ .../templates/helmreleases/ingress-nginx.yaml | 17 +++++++++++++++++ packages/apps/kubernetes/values.schema.json | 15 +++++++++++++++ packages/apps/kubernetes/values.yaml | 6 ++++++ 6 files changed, 81 insertions(+), 6 deletions(-) diff --git a/packages/apps/kubernetes/README.md b/packages/apps/kubernetes/README.md index 39e05db0..fdbad05c 100644 --- a/packages/apps/kubernetes/README.md +++ b/packages/apps/kubernetes/README.md @@ -40,10 +40,13 @@ kubectl get secret -n kubernetes--admin-kubeconfig -o g ### Cluster Addons -| Name | Description | Value | -| ----------------------------- | ---------------------------------------------------------------------------------- | ------- | -| `addons.certManager.enabled` | Enables the cert-manager | `false` | -| `addons.ingressNginx.enabled` | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role) | `false` | -| `addons.ingressNginx.hosts` | List of domain names that should be passed through to the cluster by upper cluster | `[]` | -| `addons.fluxcd.enabled` | Enables Flux CD | `false` | +| Name | Description | Value | +| ------------------------------------ | ---------------------------------------------------------------------------------- | ------- | +| `addons.certManager.enabled` | Enables the cert-manager | `false` | +| `addons.certManager.valuesOverride` | Custom values to override | `{}` | +| `addons.ingressNginx.enabled` | Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role) | `false` | +| `addons.ingressNginx.valuesOverride` | Custom values to override | `{}` | +| `addons.ingressNginx.hosts` | List of domain names that should be passed through to the cluster by upper cluster | `[]` | +| `addons.fluxcd.enabled` | Enables Flux CD | `false` | +| `addons.fluxcd.valuesOverride` | Custom values to override | `{}` | diff --git a/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml b/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml index f8e02559..9e31721a 100644 --- a/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml @@ -29,6 +29,13 @@ spec: upgrade: remediation: retries: -1 + {{- if .Values.addons.certManager.valuesOverride }} + valuesFrom: + - kind: Secret + name: {{ .Release.Name }}-cert-manager-values-override + valuesKey: values + {{- end }} + dependsOn: {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }} - name: {{ .Release.Name }} @@ -37,3 +44,13 @@ spec: - name: {{ .Release.Name }}-cilium namespace: {{ .Release.Namespace }} {{- end }} +{{- if .Values.addons.certManager.valuesOverride }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-cert-manager-values-override +stringData: + values: | + {{- toYaml .Values.addons.certManager.valuesOverride | nindent 4 }} +{{- end }} diff --git a/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml b/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml index c4ca6fd3..fde18212 100644 --- a/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml @@ -72,6 +72,12 @@ spec: upgrade: remediation: retries: -1 + {{- if .Values.addons.fluxcd.valuesOverride }} + valuesFrom: + - kind: Secret + name: {{ .Release.Name }}-fluxcd-values-override + valuesKey: values + {{- end }} dependsOn: {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }} - name: {{ .Release.Name }} @@ -82,3 +88,14 @@ spec: - name: {{ .Release.Name }}-fluxcd-operator namespace: {{ .Release.Namespace }} {{- end }} + +{{- if .Values.addons.fluxcd.valuesOverride }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-fluxcd-values-override +stringData: + values: | + {{- toYaml .Values.addons.fluxcd.valuesOverride | nindent 4 }} +{{- end }} diff --git a/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml b/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml index 573fb601..0bb7f022 100644 --- a/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml @@ -39,6 +39,12 @@ spec: enabled: false nodeSelector: node-role.kubernetes.io/ingress-nginx: "" + {{- if .Values.addons.ingressNginx.valuesOverride }} + valuesFrom: + - kind: Secret + name: {{ .Release.Name }}-ingress-nginx-values-override + valuesKey: values + {{- end }} dependsOn: {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }} - name: {{ .Release.Name }} @@ -47,3 +53,14 @@ spec: - name: {{ .Release.Name }}-cilium namespace: {{ .Release.Namespace }} {{- end }} + +{{- if .Values.addons.ingressNginx.valuesOverride }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-ingress-nginx-values-override +stringData: + values: | + {{- toYaml .Values.addons.ingressNginx.valuesOverride | nindent 4 }} +{{- end }} diff --git a/packages/apps/kubernetes/values.schema.json b/packages/apps/kubernetes/values.schema.json index 57f4d43e..5539dbaa 100644 --- a/packages/apps/kubernetes/values.schema.json +++ b/packages/apps/kubernetes/values.schema.json @@ -32,6 +32,11 @@ "type": "boolean", "description": "Enables the cert-manager", "default": false + }, + "valuesOverride": { + "type": "object", + "description": "Custom values to override", + "default": {} } } }, @@ -43,6 +48,11 @@ "description": "Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role)", "default": false }, + "valuesOverride": { + "type": "object", + "description": "Custom values to override", + "default": {} + }, "hosts": { "type": "array", "description": "List of domain names that should be passed through to the cluster by upper cluster", @@ -58,6 +68,11 @@ "type": "boolean", "description": "Enables Flux CD", "default": false + }, + "valuesOverride": { + "type": "object", + "description": "Custom values to override", + "default": {} } } } diff --git a/packages/apps/kubernetes/values.yaml b/packages/apps/kubernetes/values.yaml index eb9f9392..bdfcc4c1 100644 --- a/packages/apps/kubernetes/values.yaml +++ b/packages/apps/kubernetes/values.yaml @@ -30,12 +30,15 @@ addons: ## certManager: ## @param addons.certManager.enabled Enables the cert-manager + ## @param addons.certManager.valuesOverride Custom values to override enabled: false + valuesOverride: {} ## Ingress-NGINX Controller ## ingressNginx: ## @param addons.ingressNginx.enabled Enable Ingress-NGINX controller (expect nodes with 'ingress-nginx' role) + ## @param addons.ingressNginx.valuesOverride Custom values to override ## enabled: false ## @param addons.ingressNginx.hosts List of domain names that should be passed through to the cluster by upper cluster @@ -45,10 +48,13 @@ addons: ## - foo.example.net ## hosts: [] + valuesOverride: {} ## Flux CD ## fluxcd: ## @param addons.fluxcd.enabled Enables Flux CD + ## @param addons.fluxcd.valuesOverride Custom values to override ## enabled: false + valuesOverride: {}