From f5c8e3e1f0fd2e193d43f02c416e1881e46c62a7 Mon Sep 17 00:00:00 2001 From: mbabris Date: Wed, 5 Feb 2025 10:27:36 -0600 Subject: [PATCH 1/3] Helm chart remove hardcoded secret names and allow custom --- k8s_helm_charts/zdm/templates/_helpers.tpl | 14 ++++++++++++++ k8s_helm_charts/zdm/templates/cdm.yaml | 19 +++++++++++-------- k8s_helm_charts/zdm/templates/deployment.yaml | 16 +++++++++------- k8s_helm_charts/zdm/values.yaml | 5 +++++ 4 files changed, 39 insertions(+), 15 deletions(-) diff --git a/k8s_helm_charts/zdm/templates/_helpers.tpl b/k8s_helm_charts/zdm/templates/_helpers.tpl index 7ae5c2dc..5239da32 100644 --- a/k8s_helm_charts/zdm/templates/_helpers.tpl +++ b/k8s_helm_charts/zdm/templates/_helpers.tpl @@ -58,3 +58,17 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Create name of the secret from which container environment variables will be populated +*/}} +{{- define "zdm.secretName" -}} +{{- .Values.secretNameOverride | default "zdmproxy" }} +{{- end }} + +{{/* +Create name of the secret from which containers will be configured with SCB values +*/}} +{{- define "zdm.secretScbName" -}} +{{- .Values.secretScbNameOverride | default "zdmproxy-scb" }} +{{- end }} \ No newline at end of file diff --git a/k8s_helm_charts/zdm/templates/cdm.yaml b/k8s_helm_charts/zdm/templates/cdm.yaml index 81f972e7..b5b99465 100644 --- a/k8s_helm_charts/zdm/templates/cdm.yaml +++ b/k8s_helm_charts/zdm/templates/cdm.yaml @@ -1,3 +1,6 @@ +{{ $zdm_secretName := include "zdm.secretName" . -}} +{{- $zdm_secretScbName := include "zdm.secretScbName" . -}} + apiVersion: apps/v1 kind: Deployment metadata: @@ -34,32 +37,32 @@ spec: - name: ZDM_ORIGIN_CONTACT_POINTS valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: origin_contact_points - name: ZDM_ORIGIN_PORT valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: origin_port - name: ZDM_ORIGIN_USERNAME valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: origin_username - name: ZDM_ORIGIN_PASSWORD valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: origin_password - name: ZDM_TARGET_USERNAME valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: target_username - name: ZDM_TARGET_PASSWORD valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: target_password volumeMounts: - name: scb @@ -68,7 +71,7 @@ spec: volumes: - name: scb secret: - secretName: zdmproxy-scb + secretName: {{ $zdm_secretScbName }} items: - key: secure-connect-target.zip - path: target.zip + path: target.zip \ No newline at end of file diff --git a/k8s_helm_charts/zdm/templates/deployment.yaml b/k8s_helm_charts/zdm/templates/deployment.yaml index a00f4e77..767442f3 100644 --- a/k8s_helm_charts/zdm/templates/deployment.yaml +++ b/k8s_helm_charts/zdm/templates/deployment.yaml @@ -2,6 +2,8 @@ {{ $zdm_fullname := include "zdm.fullname" . -}} {{- $zdm_labels := include "zdm.labels" . -}} {{- $zdm_selectorLabels := include "zdm.selectorLabels" . -}} +{{- $zdm_secretName := include "zdm.secretName" . -}} +{{- $zdm_secretScbName := include "zdm.secretScbName" . -}} # calculate a variable that contains all proxy service addresses {{ $service_addresses := "" -}} @@ -66,32 +68,32 @@ spec: - name: ZDM_ORIGIN_CONTACT_POINTS valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: origin_contact_points - name: ZDM_ORIGIN_PORT valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: origin_port - name: ZDM_ORIGIN_USERNAME valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: origin_username - name: ZDM_ORIGIN_PASSWORD valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: origin_password - name: ZDM_TARGET_USERNAME valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: target_username - name: ZDM_TARGET_PASSWORD valueFrom: secretKeyRef: - name: zdmproxy + name: {{ $zdm_secretName }} key: target_password ports: - containerPort: 9042 @@ -102,7 +104,7 @@ spec: volumes: - name: scb secret: - secretName: zdmproxy-scb + secretName: {{ $zdm_secretScbName }} items: - key: secure-connect-target.zip path: target.zip diff --git a/k8s_helm_charts/zdm/values.yaml b/k8s_helm_charts/zdm/values.yaml index ded8d0ef..8a016729 100644 --- a/k8s_helm_charts/zdm/values.yaml +++ b/k8s_helm_charts/zdm/values.yaml @@ -41,6 +41,11 @@ cdm: nameOverride: "" fullnameOverride: "" +# Overrides expected secret name "zdmproxy" +secretNameOverride: "" +# Overrides expected secret name "zdmproxy-scb" +secretScbNameOverride: "" + service: type: ClusterIP port: 9942 From badc77761583c50c2c6f3b2ac8267a61950127b3 Mon Sep 17 00:00:00 2001 From: mbabris Date: Wed, 5 Feb 2025 10:31:45 -0600 Subject: [PATCH 2/3] Make cdm deployment optional --- k8s_helm_charts/zdm/templates/_helpers.tpl | 7 +++++++ k8s_helm_charts/zdm/templates/cdm.yaml | 4 +++- k8s_helm_charts/zdm/values.yaml | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/k8s_helm_charts/zdm/templates/_helpers.tpl b/k8s_helm_charts/zdm/templates/_helpers.tpl index 5239da32..072196b5 100644 --- a/k8s_helm_charts/zdm/templates/_helpers.tpl +++ b/k8s_helm_charts/zdm/templates/_helpers.tpl @@ -71,4 +71,11 @@ Create name of the secret from which containers will be configured with SCB valu */}} {{- define "zdm.secretScbName" -}} {{- .Values.secretScbNameOverride | default "zdmproxy-scb" }} +{{- end }} + +{{/* +Determine whether CDM should be created +*/}} +{{- define "cdm.enabled" -}} +{{- .Values.cdm.enabled | default "true" | toString }} {{- end }} \ No newline at end of file diff --git a/k8s_helm_charts/zdm/templates/cdm.yaml b/k8s_helm_charts/zdm/templates/cdm.yaml index b5b99465..25174700 100644 --- a/k8s_helm_charts/zdm/templates/cdm.yaml +++ b/k8s_helm_charts/zdm/templates/cdm.yaml @@ -1,6 +1,7 @@ {{ $zdm_secretName := include "zdm.secretName" . -}} {{- $zdm_secretScbName := include "zdm.secretScbName" . -}} +{{- if eq (include "cdm.enabled" .) "true" }} apiVersion: apps/v1 kind: Deployment metadata: @@ -74,4 +75,5 @@ spec: secretName: {{ $zdm_secretScbName }} items: - key: secure-connect-target.zip - path: target.zip \ No newline at end of file + path: target.zip +{{- end -}} \ No newline at end of file diff --git a/k8s_helm_charts/zdm/values.yaml b/k8s_helm_charts/zdm/values.yaml index 8a016729..29e02683 100644 --- a/k8s_helm_charts/zdm/values.yaml +++ b/k8s_helm_charts/zdm/values.yaml @@ -27,6 +27,7 @@ proxy: tag: "" cdm: + enabled: "true" resources: limits: cpu: 16000m From 699511212331844244e0807ce3bd0372af4e8c76 Mon Sep 17 00:00:00 2001 From: mbabris Date: Wed, 5 Feb 2025 15:38:55 -0600 Subject: [PATCH 3/3] Make scb volume mount optional --- k8s_helm_charts/zdm/templates/_helpers.tpl | 7 +++++ k8s_helm_charts/zdm/templates/cdm.yaml | 14 ++++++++- k8s_helm_charts/zdm/templates/deployment.yaml | 31 +++++++++++++------ k8s_helm_charts/zdm/values.yaml | 4 +++ 4 files changed, 45 insertions(+), 11 deletions(-) diff --git a/k8s_helm_charts/zdm/templates/_helpers.tpl b/k8s_helm_charts/zdm/templates/_helpers.tpl index 072196b5..a4df6958 100644 --- a/k8s_helm_charts/zdm/templates/_helpers.tpl +++ b/k8s_helm_charts/zdm/templates/_helpers.tpl @@ -78,4 +78,11 @@ Determine whether CDM should be created */}} {{- define "cdm.enabled" -}} {{- .Values.cdm.enabled | default "true" | toString }} +{{- end }} + +{{/* +Determine whether SCB volume & mounts should be created from expected secret +*/}} +{{- define "scb.enabled" -}} +{{- .Values.scb.enabled | default "true" | toString }} {{- end }} \ No newline at end of file diff --git a/k8s_helm_charts/zdm/templates/cdm.yaml b/k8s_helm_charts/zdm/templates/cdm.yaml index 25174700..35d90846 100644 --- a/k8s_helm_charts/zdm/templates/cdm.yaml +++ b/k8s_helm_charts/zdm/templates/cdm.yaml @@ -1,7 +1,9 @@ {{ $zdm_secretName := include "zdm.secretName" . -}} {{- $zdm_secretScbName := include "zdm.secretScbName" . -}} +{{- $cdm_enabled := include "cdm.enabled" . -}} +{{- $scb_enabled := include "scb.enabled" . -}} -{{- if eq (include "cdm.enabled" .) "true" }} +{{- if eq $cdm_enabled "true" }} apiVersion: apps/v1 kind: Deployment metadata: @@ -33,8 +35,16 @@ spec: - configMapRef: name: {{ include "zdm.fullname" . }} env: + {{- if eq ($scb_enabled) "true" }} - name: ZDM_TARGET_SECURE_CONNECT_BUNDLE_PATH value: /tmp/scb/target.zip + {{- else }} + - name: ZDM_TARGET_CONTACT_POINTS + valueFrom: + secretKeyRef: + name: {{ $zdm_secretName }} + key: target_contact_points + {{- end }} - name: ZDM_ORIGIN_CONTACT_POINTS valueFrom: secretKeyRef: @@ -65,6 +75,7 @@ spec: secretKeyRef: name: {{ $zdm_secretName }} key: target_password + {{- if eq ($scb_enabled) "true" }} volumeMounts: - name: scb mountPath: "/tmp/scb" @@ -76,4 +87,5 @@ spec: items: - key: secure-connect-target.zip path: target.zip + {{- end }} {{- end -}} \ No newline at end of file diff --git a/k8s_helm_charts/zdm/templates/deployment.yaml b/k8s_helm_charts/zdm/templates/deployment.yaml index 767442f3..73bb0574 100644 --- a/k8s_helm_charts/zdm/templates/deployment.yaml +++ b/k8s_helm_charts/zdm/templates/deployment.yaml @@ -4,6 +4,7 @@ {{- $zdm_selectorLabels := include "zdm.selectorLabels" . -}} {{- $zdm_secretName := include "zdm.secretName" . -}} {{- $zdm_secretScbName := include "zdm.secretScbName" . -}} +{{- $scb_enabled := include "scb.enabled" . -}} # calculate a variable that contains all proxy service addresses {{ $service_addresses := "" -}} @@ -63,8 +64,16 @@ spec: value: {{ $index | quote }} - name: ZDM_PROXY_TOPOLOGY_ADDRESSES value: {{ $service_addresses }} + {{- if eq ($scb_enabled) "true" }} - name: ZDM_TARGET_SECURE_CONNECT_BUNDLE_PATH value: /tmp/scb/target.zip + {{- else }} + - name: ZDM_TARGET_CONTACT_POINTS + valueFrom: + secretKeyRef: + name: {{ $zdm_secretName }} + key: target_contact_points + {{- end }} - name: ZDM_ORIGIN_CONTACT_POINTS valueFrom: secretKeyRef: @@ -97,16 +106,18 @@ spec: key: target_password ports: - containerPort: 9042 + {{- if eq ($scb_enabled) "true" }} volumeMounts: - - name: scb - mountPath: "/tmp/scb" - readOnly: true + - name: scb + mountPath: "/tmp/scb" + readOnly: true volumes: - - name: scb - secret: - secretName: {{ $zdm_secretScbName }} - items: - - key: secure-connect-target.zip - path: target.zip + - name: scb + secret: + secretName: {{ $zdm_secretScbName }} + items: + - key: secure-connect-target.zip + path: target.zip + {{- end }} --- -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/k8s_helm_charts/zdm/values.yaml b/k8s_helm_charts/zdm/values.yaml index 29e02683..2708a6f0 100644 --- a/k8s_helm_charts/zdm/values.yaml +++ b/k8s_helm_charts/zdm/values.yaml @@ -42,6 +42,10 @@ cdm: nameOverride: "" fullnameOverride: "" +# Enables connection via expected Secure Connect Bundle secret +scb: + enabled: "true" + # Overrides expected secret name "zdmproxy" secretNameOverride: "" # Overrides expected secret name "zdmproxy-scb"