Use Common Helm Templates

.github/workflows/pull-request.yaml

@@ -43,6 +43,8 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Touch
       run: make touch
+    - name: Build Helm Chart
+      run: helm dependency update charts/region
     - name: Golang CI/Helm Lint
       run: make lint
     - name: Build Images

.github/workflows/release.yaml

@@ -41,6 +41,8 @@ jobs:
       run: |
         git config user.name "$GITHUB_ACTOR"
         git config user.email "[email protected]"
+    - name: Build Helm Chart
+      run: helm dependency update charts/region
     - name: Release Helm Chart
       uses: unikorn-cloud/chart-release-action@v1
       env:

.gitignore

@@ -1,5 +1,7 @@
 /bin
 /sboms
+/charts/region/Chart.lock
+/charts/region/charts
 *.swp
 cover.out
 cover.html

charts/region/Chart.yaml

@@ -4,7 +4,12 @@ description: A Helm chart for deploying Unikorn's Region Controller
 
 type: application
 
-version: v0.1.12
-appVersion: v0.1.12
+version: v0.1.13
+appVersion: v0.1.13
 
 icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png
+
+dependencies:
+- name: unikorn-common
+  version: v0.1.5
+  repository: https://unikorn-cloud.github.io/helm-common

charts/region/templates/_helpers.tpl

@@ -1,97 +1,10 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "unikorn.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "unikorn.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "unikorn.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "unikorn.labels" -}}
-helm.sh/chart: {{ include "unikorn.chart" . }}
-{{ include "unikorn.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "unikorn.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "unikorn.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "unikorn.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "unikorn.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
 {{/*
 Create the container images
 */}}
-{{- define "unikorn.defaultRepositoryPath" -}}
-{{- if .Values.repository }}
-{{- printf "%s/%s" .Values.repository .Values.organization }}
-{{- else }}
-{{- .Values.organization }}
-{{- end }}
-{{- end }}
-
 {{- define "unikorn.regionImage" -}}
 {{- .Values.image | default (printf "%s/unikorn-region-controller:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }}
 {{- end }}
 
-{{/*
-Create Prometheus labels
-*/}}
-{{- define "unikorn.prometheusServiceSelector" -}}
-prometheus.unikorn-cloud.org/app: unikorn
-{{- end }}
-
-{{- define "unikorn.prometheusJobLabel" -}}
-prometheus.unikorn-cloud.org/job
-{{- end }}
-
-{{- define "unikorn.prometheusLabels" -}}
-{{ include "unikorn.prometheusServiceSelector" . }}
-{{ include "unikorn.prometheusJobLabel" . }}: {{ .job }}
-{{- end }}
-
 {{/*
 Create image pull secrets
 */}}
@@ -103,57 +16,3 @@ Create image pull secrets
 - name: docker-config
 {{- end }}
 {{- end }}
-
-{{/*
-Creates predicatable Kubernetes name compatible UUIDs from name.
-Note we always start with a letter (kubernetes DNS label requirement),
-group 3 starts with "4" (UUIDv4 aka "random") and group 4 with "8"
-(the variant aka RFC9562).
-*/}}
-{{ define "resource.id" -}}
-{{- $sum := sha256sum . -}}
-{{ printf "f%s-%s-4%s-8%s-%s" (substr 1 8 $sum) (substr 8 12 $sum) (substr 13 16 $sum) (substr 17 20 $sum) (substr 20 32 $sum) }}
-{{- end }}
-
-{{/*
-Abstractions to allow an all-in-one chart
-*/}}
-{{- define "unikorn.identity.host" -}}
-{{- if (and .Values.global .Values.global.identity .Values.global.identity.host) -}}
-{{- .Values.global.identity.host }}
-{{- else }}
-{{- .Values.identity.host }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.region.host" -}}
-{{- if (and .Values.global .Values.global.region .Values.global.region.host) -}}
-{{- .Values.global.region.host }}
-{{- else }}
-{{- .Values.host }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.ingress.clusterIssuer" -}}
-{{- if (and .Values.global .Values.global.ingress .Values.global.ingress.clusterIssuer) -}}
-{{- .Values.global.ingress.clusterIssuer }}
-{{- else if .Values.ingress.clusterIssuer }}
-{{- .Values.ingress.clusterIssuer }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.identity.ca.secretNamespace" -}}
-{{- if (and .Values.global .Values.global.ca .Values.global.ca .Values.global.ca.secretNamespace) -}}
-{{- .Values.global.ca.secretNamespace }}
-{{- else if .Values.identity.caSecretNamespace }}
-{{- .Values.identity.caSecretNamespace }}
-{{- end }}
-{{- end }}
-
-{{- define "unikorn.identity.ca.secretName" -}}
-{{- if (and .Values.global .Values.global.ca .Values.global.ca .Values.global.ca.secretName) -}}
-{{- .Values.global.ca.secretName }}
-{{- else if .Values.identity.caSecretName }}
-{{- .Values.identity.caSecretName }}
-{{- end }}
-{{- end }}

charts/region/templates/region-controller/deployment.yaml

@@ -19,24 +19,9 @@ spec:
         image: {{ include "unikorn.regionImage" . }}
         args:
         - --namespace={{ .Release.Namespace }}
-        {{- with $cors := .Values.cors }}
-          {{- range $origin := $cors.allowOrigin }}
-            {{ printf "- --cors-allow-origin=%s" $origin | nindent 8 }}
-          {{- end }}
-          {{- if $cors.maxAge }}
-            {{ printf "- --cors-max-age=%s" $cors.maxAge | nindent 8 }}
-          {{- end }}
-        {{- end }}
-        - --identity-host=https://{{ include "unikorn.identity.host" . }}
-        {{- with $identitiyCaSecretNamespace := ( include "unikorn.identity.ca.secretNamespace" . ) -}}
-          {{ printf "- --identity-ca-secret-namespace=%s" $identitiyCaSecretNamespace | nindent 8 }}
-        {{- end }}
-        {{- with $identitiyCaSecretName := ( include "unikorn.identity.ca.secretName" . ) -}}
-          {{ printf "- --identity-ca-secret-name=%s" $identitiyCaSecretName | nindent 8 }}
-        {{- end }}
-        {{- if .Values.otlpEndpoint }}
-          {{ printf "- --otlp-endpoint=%s" .Values.otlpEndpoint | nindent 8 }}
-        {{- end }}
+        {{- include "unikorn.cors.flags" . | nindent 8 }}
+        {{- include "unikorn.otlp.flags" . | nindent 8 }}
+        {{- include "unikorn.identity.flags" . | nindent 8 }}
         ports:
         - name: http
           containerPort: 6080

charts/region/templates/region-controller/ingress.yaml

@@ -8,9 +8,6 @@ metadata:
   {{- with $clusterIssuer := ( include "unikorn.ingress.clusterIssuer" . ) }}
     cert-manager.io/cluster-issuer: {{ $clusterIssuer }}
   {{- end }}
-  {{- if .Values.ingress.issuer }}
-    cert-manager.io/issuer: {{ .Values.ingress.issuer }}
-  {{- end }}
   {{- if .Values.ingress.externalDns }}
     external-dns.alpha.kubernetes.io/hostname: {{ include "unikorn.region.host" . }}
   {{- end }}

charts/region/templates/region-controller/service.yaml

@@ -4,7 +4,6 @@ metadata:
   name: unikorn-region
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
-    {{- include "unikorn.prometheusLabels" (dict "job" "unikorn-region") | nindent 4 }}
 spec:
   selector:
     app: unikorn-region

charts/region/values.yaml

@@ -70,16 +70,13 @@ imagePullSecret:
 image:
 
 # Sets the DNS hosts/X.509 Certs.
-host: region.unikorn-cloud.org
+region:
+  host: region.unikorn-cloud.org
 
 ingress:
   # Sets the ingress class to use.
   # class: nginx
 
-  # Cert Manager certificate issuer to use.  If not specified it will generate a
-  # self signed one.
-  issuer: ~
-
   # clusterIssuer to use.
   clusterIssuer: unikorn-issuer
 
@@ -97,9 +94,11 @@ identity:
   # OIDC issuer used to discover OIDC configuration and verify access tokens.
   host: identity.unikorn-cloud.org
 
-  # CA certificate to use to verify connections to the issuer, used in development only.
-  # caSecretNamespace: ~
-  # caSecretName: ~
+# CA certificate to use to verify connections to the issuer, used in development only.
+# ca:
+#   secretNamespace: ~
+#   secretName: ~
 
 # Sets the OTLP endpoint for shipping spans.
-# otlpEndpoint: jaeger-collector.default:4318
+# otlp:
+#   endpoint: jaeger-collector.default:4318