From f760568ac5fab5dff24220ff4a5410ab99054fbc Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Sun, 31 May 2026 18:44:21 +0200 Subject: [PATCH] fix(service)!: migrate services.http to service --- README.md | 98 +++++++++---------- templates/_backendTLSPolicy.tpl | 2 +- templates/_httpRoute.tpl | 2 +- templates/{_services.tpl => _service.tpl} | 18 ++-- templates/backendTLSPolicy.yaml | 2 +- templates/httpRoute.yaml | 4 +- templates/ingress.yaml | 8 +- templates/service.yaml | 57 +++++++++++ templates/serviceHTTP.yaml | 57 ----------- .../backendTLSPolicy/backendTLSPolicy.yaml | 20 ++-- .../clientSettingsPolicy.yaml | 24 ++--- unittests/httpRoute/httpRoute.yaml | 24 ++--- unittests/ingress/ingress.yaml | 8 +- .../http.yaml => service/service.yaml} | 40 ++++---- values.yaml | 61 ++++++------ 15 files changed, 212 insertions(+), 213 deletions(-) rename templates/{_services.tpl => _service.tpl} (52%) create mode 100644 templates/service.yaml delete mode 100644 templates/serviceHTTP.yaml rename unittests/{services/http.yaml => service/service.yaml} (82%) diff --git a/README.md b/README.md index 9e63bf7..c65edc9 100644 --- a/README.md +++ b/README.md @@ -426,7 +426,7 @@ spec: | `config.downloadMode.configMap.annotations` | Additional annotations of the config map containing the download mode file. | `{}` | | `config.downloadMode.configMap.labels` | Additional labels of the config map containing the download mode file. | `{}` | | `config.gitConfig.enabled` | Enable mounting of a .gitconfig file into the container file system. | `false` | -| `config.gitConfig.addSHASumAnnotation` | Add an pod annotation with the sha sum of the config map containing the git config. | `true` | +| `config.gitConfig.addSHASumAnnotation` | Add an pod annotation with the sha sum of the config map containing the Git config. | `true` | | `config.gitConfig.existingConfigMap.enabled` | Enable to use an external config map for mounting the .gitconfig file. | `false` | | `config.gitConfig.existingConfigMap.configMapName` | The name of the existing config map which should be used to mount the .gitconfig file. | `""` | | `config.gitConfig.existingConfigMap.gitConfigKey` | The name of the key inside the config map where the content of the .gitconfig file is stored. | `nil` | @@ -500,6 +500,30 @@ spec: | `deployment.topologySpreadConstraints` | TopologySpreadConstraints of the athens-proxy deployment. | `[]` | | `deployment.volumes` | Additional volumes to mount into the pods of the athens-proxy deployment. | `[]` | +### GatewayAPI + +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `gatewayAPI.enabled` | Enable the Gateway API resources. Requires Kubernetes v1.19 or higher, the CRD's and a compatible gateway controller. | `false` | +| `gatewayAPI.core.backendTLSPolicy.enabled` | Enable the BackendTLSPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` | +| `gatewayAPI.core.backendTLSPolicy.annotations` | Additional annotations for the BackendTLSPolicy. | `{}` | +| `gatewayAPI.core.backendTLSPolicy.labels` | Additional labels for the BackendTLSPolicy. | `{}` | +| `gatewayAPI.core.backendTLSPolicy.validation` | Validation configuration for the BackendTLSPolicy. For example, you can specify a trusted CA certificate to validate the TLS connection between the gateway and the athens-proxy pod. | `{}` | +| `gatewayAPI.core.httpRoute.enabled` | Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `service.enabled` to be `true`. | `false` | +| `gatewayAPI.core.httpRoute.annotations` | Additional annotations for the HTTPRoute. | `{}` | +| `gatewayAPI.core.httpRoute.labels` | Additional labels for the HTTPRoute. | `{}` | +| `gatewayAPI.core.httpRoute.hostnames` | Hostnames for the HTTPRoute. | `[]` | +| `gatewayAPI.core.httpRoute.parentRefs` | ParentRefs for the HTTPRoute. You can specify parentRefs to bind the HTTPRoute to specific Gateway resources. | `[]` | +| `gatewayAPI.nginx.clientSettingsPolicy.enabled` | Enable the ClientSettingsPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` | +| `gatewayAPI.nginx.clientSettingsPolicy.annotations` | Additional annotations for the ClientSettingsPolicy. | `{}` | +| `gatewayAPI.nginx.clientSettingsPolicy.labels` | Additional labels for the ClientSettingsPolicy. | `{}` | +| `gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize` | ClientMaxBodySize sets the maximum allowed size of the client request body. If not specified, the default of the nginx gateway controller is used. | `""` | +| `gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout` | ClientBodyTimeout sets the timeout for reading the client request body. If not specified, the default of the nginx gateway controller is used. | `""` | +| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests` | KeepaliveRequests sets the maximum number of requests that can be served through one keepalive connection. If not specified, the default of the nginx gateway controller is used. | `nil` | +| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime` | KeepaliveTime sets the time a keepalive connection is kept open. If not specified, the default of the nginx gateway controller is used. | `""` | +| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout` | KeepaliveTimeout sets the time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` | +| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout` | KeepaliveMinTimeout sets the minimum time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` | + ### Horizontal Pod Autoscaler (HPA) | Name | Description | Value | @@ -513,14 +537,14 @@ spec: ### Ingress -| Name | Description | Value | -| --------------------- | -------------------------------------------------------------------------------------------------------------------- | ------- | -| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` | -| `ingress.className` | Ingress class. | `nginx` | -| `ingress.annotations` | Additional ingress annotations. | `{}` | -| `ingress.labels` | Additional ingress labels. | `{}` | -| `ingress.hosts` | Ingress specific configuration. Specification only required when another ingress controller is used instead of `t1k. | `[]` | -| `ingress.tls` | Ingress TLS settings. Specification only required when another ingress controller is used instead of `t1k``. | `[]` | +| Name | Description | Value | +| --------------------- | ---------------------------------------------------------------------------------------- | ------- | +| `ingress.enabled` | Enable creation of an ingress resource. Requires, that the http service is also enabled. | `false` | +| `ingress.className` | Ingress class. | `nginx` | +| `ingress.annotations` | Additional ingress annotations. | `{}` | +| `ingress.labels` | Additional ingress labels. | `{}` | +| `ingress.hosts` | Ingress specific configuration. | `[]` | +| `ingress.tls` | Ingress TLS settings. | `[]` | ### Persistence @@ -553,48 +577,24 @@ spec: | `networkPolicy.egress` | Concrete egress network policy implementation. | `[]` | | `networkPolicy.ingress` | Concrete ingress network policy implementation. | `[]` | -### GatewayAPI - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `gatewayAPI.enabled` | Enable the Gateway API resources. Requires Kubernetes v1.19 or higher, the CRD's and a compatible gateway controller. | `false` | -| `gatewayAPI.core.backendTLSPolicy.enabled` | Enable the BackendTLSPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` | -| `gatewayAPI.core.backendTLSPolicy.annotations` | Additional annotations for the BackendTLSPolicy. | `{}` | -| `gatewayAPI.core.backendTLSPolicy.labels` | Additional labels for the BackendTLSPolicy. | `{}` | -| `gatewayAPI.core.backendTLSPolicy.validation` | Validation configuration for the BackendTLSPolicy. For example, you can specify a trusted CA certificate to validate the TLS connection between the gateway and the athens-proxy pod. | `{}` | -| `gatewayAPI.core.httpRoute.enabled` | Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `services.http.enabled` to be `true`. | `false` | -| `gatewayAPI.core.httpRoute.annotations` | Additional annotations for the HTTPRoute. | `{}` | -| `gatewayAPI.core.httpRoute.labels` | Additional labels for the HTTPRoute. | `{}` | -| `gatewayAPI.core.httpRoute.hostnames` | Hostnames for the HTTPRoute. | `[]` | -| `gatewayAPI.core.httpRoute.parentRefs` | ParentRefs for the HTTPRoute. You can specify parentRefs to bind the HTTPRoute to specific Gateway resources. | `[]` | -| `gatewayAPI.nginx.clientSettingsPolicy.enabled` | Enable the ClientSettingsPolicy resource. Requires also `gatewayAPI.enabled` to be `true`. | `false` | -| `gatewayAPI.nginx.clientSettingsPolicy.annotations` | Additional annotations for the ClientSettingsPolicy. | `{}` | -| `gatewayAPI.nginx.clientSettingsPolicy.labels` | Additional labels for the ClientSettingsPolicy. | `{}` | -| `gatewayAPI.nginx.clientSettingsPolicy.clientMaxBodySize` | ClientMaxBodySize sets the maximum allowed size of the client request body. If not specified, the default of the nginx gateway controller is used. | `""` | -| `gatewayAPI.nginx.clientSettingsPolicy.clientBodyTimeout` | ClientBodyTimeout sets the timeout for reading the client request body. If not specified, the default of the nginx gateway controller is used. | `""` | -| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveRequests` | KeepaliveRequests sets the maximum number of requests that can be served through one keepalive connection. If not specified, the default of the nginx gateway controller is used. | `nil` | -| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTime` | KeepaliveTime sets the time a keepalive connection is kept open. If not specified, the default of the nginx gateway controller is used. | `""` | -| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveTimeout` | KeepaliveTimeout sets the time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` | -| `gatewayAPI.nginx.clientSettingsPolicy.keepaliveMinTimeout` | KeepaliveMinTimeout sets the minimum time a client has to wait for the response of a request until the connection is closed. If not specified, the default of the nginx gateway controller is used. | `""` | - ### Service -| Name | Description | Value | -| ---------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| `services.http.enabled` | Enable the service. | `true` | -| `services.http.annotations` | Additional service annotations. | `{}` | -| `services.http.externalIPs` | External IPs for the service. | `[]` | -| `services.http.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` | -| `services.http.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` | -| `services.http.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` | -| `services.http.labels` | Additional service labels. | `{}` | -| `services.http.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` | -| `services.http.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` | -| `services.http.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` | -| `services.http.port` | Port to forward the traffic to. | `3000` | -| `services.http.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` | -| `services.http.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` | -| `services.http.type` | Kubernetes service type for the traffic. | `ClusterIP` | +| Name | Description | Value | +| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `service.enabled` | Enable the service. | `true` | +| `service.annotations` | Additional service annotations. | `{}` | +| `service.externalIPs` | External IPs for the service. | `[]` | +| `service.externalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. | `Cluster` | +| `service.internalTrafficPolicy` | If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. | `Cluster` | +| `service.ipFamilies` | IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. | `[]` | +| `service.labels` | Additional service labels. | `{}` | +| `service.loadBalancerClass` | LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. | `""` | +| `service.loadBalancerIP` | LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. | `""` | +| `service.loadBalancerSourceRanges` | Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. | `[]` | +| `service.port` | Port to forward the traffic to. | `3000` | +| `service.sessionAffinity` | Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. | `None` | +| `service.sessionAffinityConfig` | Contains the configuration of the session affinity. | `{}` | +| `service.type` | Kubernetes service type for the traffic. | `ClusterIP` | ### ServiceAccount diff --git a/templates/_backendTLSPolicy.tpl b/templates/_backendTLSPolicy.tpl index 5f3b0c6..52eb7a3 100644 --- a/templates/_backendTLSPolicy.tpl +++ b/templates/_backendTLSPolicy.tpl @@ -14,7 +14,7 @@ {{- define "athens-proxy.backendTLSPolicy.enabled" -}} {{- if and .Values.gatewayAPI.enabled .Values.gatewayAPI.core.backendTLSPolicy.enabled - .Values.services.http.enabled + .Values.service.enabled -}} true {{- else -}} diff --git a/templates/_httpRoute.tpl b/templates/_httpRoute.tpl index dcc47bd..bbef1f6 100644 --- a/templates/_httpRoute.tpl +++ b/templates/_httpRoute.tpl @@ -14,7 +14,7 @@ {{- define "athens-proxy.httpRoute.enabled" -}} {{- if and .Values.gatewayAPI.enabled .Values.gatewayAPI.core.httpRoute.enabled - .Values.services.http.enabled + .Values.service.enabled -}} true {{- else -}} diff --git a/templates/_services.tpl b/templates/_service.tpl similarity index 52% rename from templates/_services.tpl rename to templates/_service.tpl index 9eba677..e0748ca 100644 --- a/templates/_services.tpl +++ b/templates/_service.tpl @@ -2,28 +2,28 @@ {{/* annotations */}} -{{- define "athens-proxy.services.http.annotations" -}} +{{- define "athens-proxy.service.annotations" -}} {{ include "athens-proxy.annotations" . }} -{{- if .Values.services.http.annotations }} -{{ toYaml .Values.services.http.annotations }} +{{- if .Values.service.annotations }} +{{ toYaml .Values.service.annotations }} {{- end }} {{- end }} {{/* labels */}} -{{- define "athens-proxy.services.http.labels" -}} +{{- define "athens-proxy.service.labels" -}} {{ include "athens-proxy.labels" . }} {{/* Add label to select the correct service via `selector.matchLabels` of the serviceMonitor resource. */}} app.kubernetes.io/service-name: http -{{- if .Values.services.http.labels }} -{{ toYaml .Values.services.http.labels }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels }} {{- end }} {{- end }} {{/* names */}} -{{- define "athens-proxy.services.http.name" -}} -{{- if .Values.services.http.enabled -}} +{{- define "athens-proxy.service.name" -}} +{{- if .Values.service.enabled -}} {{ include "athens-proxy.fullname" . }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/templates/backendTLSPolicy.yaml b/templates/backendTLSPolicy.yaml index 82f7f3a..77cd418 100644 --- a/templates/backendTLSPolicy.yaml +++ b/templates/backendTLSPolicy.yaml @@ -17,7 +17,7 @@ spec: targetRefs: - group: "" kind: Service - name: {{ include "athens-proxy.services.http.name" . }} + name: {{ include "athens-proxy.service.name" . }} {{- with .Values.gatewayAPI.core.backendTLSPolicy.validation }} validation: {{- toYaml . | nindent 4 }} diff --git a/templates/httpRoute.yaml b/templates/httpRoute.yaml index 892c538..186e4f4 100644 --- a/templates/httpRoute.yaml +++ b/templates/httpRoute.yaml @@ -25,9 +25,9 @@ spec: rules: - backendRefs: - kind: Service - name: {{ include "athens-proxy.services.http.name" . }} + name: {{ include "athens-proxy.service.name" . }} namespace: {{ .Release.Namespace }} - port: {{ .Values.services.http.port }} + port: {{ .Values.service.port }} weight: 1 {{- with .Values.gatewayAPI.core.httpRoute.matches }} matches: diff --git a/templates/ingress.yaml b/templates/ingress.yaml index dcec043..a1ddfbb 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.services.http.enabled .Values.ingress.enabled }} +{{- if and .Values.service.enabled .Values.ingress.enabled }} --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -27,9 +27,9 @@ spec: {{- end }} backend: service: - name: {{ include "athens-proxy.services.http.name" $ }} + name: {{ include "athens-proxy.service.name" $ }} port: - number: {{ $.Values.services.http.port }} + number: {{ $.Values.service.port }} {{- end }} {{- end }} {{- if .Values.ingress.tls }} @@ -42,4 +42,4 @@ spec: secretName: {{ .secretName | quote }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 0000000..b40e3ff --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,57 @@ +{{- if .Values.service.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + {{- with (include "athens-proxy.service.annotations" . | fromYaml) }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with (include "athens-proxy.service.labels" . | fromYaml) }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "athens-proxy.service.name" . }} + namespace: {{ .Release.Namespace }} +spec: + {{- if not (empty .Values.service.externalIPs) }} + externalIPs: + {{- range .Values.service.externalIPs }} + - {{ . }} + {{- end }} + {{- end }} + {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") ) .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} + internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.service.internalTrafficPolicy }} + {{- if .Values.service.ipFamilies }} + ipFamilies: + {{- range .Values.service.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerClass }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: + {{- range .Values.service.loadBalancerSourceRanges }} + - {{ . }} + {{- end }} + {{- end }} + ports: + - name: http + protocol: TCP + port: {{ required "No service port defined!" .Values.service.port }} + selector: + {{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }} + sessionAffinity: {{ required "No session affinity defined!" .Values.service.sessionAffinity }} + {{- with .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: + {{- toYaml . | nindent 4}} + {{- end }} + type: {{ required "No service type defined!" .Values.service.type }} +{{- end }} diff --git a/templates/serviceHTTP.yaml b/templates/serviceHTTP.yaml deleted file mode 100644 index 5baeaf5..0000000 --- a/templates/serviceHTTP.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.services.http.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - {{- with (include "athens-proxy.services.http.annotations" . | fromYaml) }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with (include "athens-proxy.services.http.labels" . | fromYaml) }} - labels: - {{- toYaml . | nindent 4 }} - {{- end }} - name: {{ include "athens-proxy.services.http.name" . }} - namespace: {{ .Release.Namespace }} -spec: - {{- if not (empty .Values.services.http.externalIPs) }} - externalIPs: - {{- range .Values.services.http.externalIPs }} - - {{ . }} - {{- end }} - {{- end }} - {{- if and (or (eq .Values.services.http.type "LoadBalancer") (eq .Values.services.http.type "NodePort") ) .Values.services.http.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.services.http.externalTrafficPolicy }} - {{- end }} - internalTrafficPolicy: {{ required "No internal traffic policy defined!" .Values.services.http.internalTrafficPolicy }} - {{- if .Values.services.http.ipFamilies }} - ipFamilies: - {{- range .Values.services.http.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} - {{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerClass }} - loadBalancerClass: {{ .Values.services.http.loadBalancerClass }} - {{- end }} - {{- if and (eq .Values.services.http.type "LoadBalancer") .Values.services.http.loadBalancerIP }} - loadBalancerIP: {{ .Values.services.http.loadBalancerIP }} - {{- end }} - {{- if eq .Values.services.http.type "LoadBalancer" }} - loadBalancerSourceRanges: - {{- range .Values.services.http.loadBalancerSourceRanges }} - - {{ . }} - {{- end }} - {{- end }} - ports: - - name: http - protocol: TCP - port: {{ required "No service port defined!" .Values.services.http.port }} - selector: - {{- include "athens-proxy.pod.selectorLabels" . | nindent 4 }} - sessionAffinity: {{ required "No session affinity defined!" .Values.services.http.sessionAffinity }} - {{- with .Values.services.http.sessionAffinityConfig }} - sessionAffinityConfig: - {{- toYaml . | nindent 4}} - {{- end }} - type: {{ required "No service type defined!" .Values.services.http.type }} -{{- end }} \ No newline at end of file diff --git a/unittests/backendTLSPolicy/backendTLSPolicy.yaml b/unittests/backendTLSPolicy/backendTLSPolicy.yaml index df2369d..dc3fd4a 100644 --- a/unittests/backendTLSPolicy/backendTLSPolicy.yaml +++ b/unittests/backendTLSPolicy/backendTLSPolicy.yaml @@ -12,7 +12,7 @@ tests: set: gatewayAPI.enabled: false gatewayAPI.core.backendTLSPolicy.enabled: false - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -21,7 +21,7 @@ tests: set: gatewayAPI.enabled: true gatewayAPI.core.backendTLSPolicy.enabled: false - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -30,7 +30,7 @@ tests: set: gatewayAPI.enabled: false gatewayAPI.core.backendTLSPolicy.enabled: true - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -39,7 +39,7 @@ tests: set: gatewayAPI.enabled: false gatewayAPI.core.backendTLSPolicy.enabled: false - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 0 @@ -48,7 +48,7 @@ tests: set: gatewayAPI.enabled: true gatewayAPI.core.backendTLSPolicy.enabled: false - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 0 @@ -57,7 +57,7 @@ tests: set: gatewayAPI.enabled: true gatewayAPI.core.backendTLSPolicy.enabled: true - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -66,7 +66,7 @@ tests: set: gatewayAPI.enabled: true gatewayAPI.core.backendTLSPolicy.enabled: true - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 1 @@ -80,7 +80,7 @@ tests: content: group: "" kind: Service - name: athens-proxy-unittest-http + name: athens-proxy-unittest - notExists: path: spec.validation.caCertificateRefs @@ -93,7 +93,7 @@ tests: foo: bar labels: bar: foo - services.http.enabled: true + service.enabled: true asserts: - equal: path: metadata.annotations @@ -119,7 +119,7 @@ tests: kind: Secret name: athens-proxy-ca hostname: athens-proxy.svc.cluster.local - services.http.enabled: true + service.enabled: true asserts: - isSubset: path: spec.validation diff --git a/unittests/clientSettingsPolicy/clientSettingsPolicy.yaml b/unittests/clientSettingsPolicy/clientSettingsPolicy.yaml index 6d034b9..abab117 100644 --- a/unittests/clientSettingsPolicy/clientSettingsPolicy.yaml +++ b/unittests/clientSettingsPolicy/clientSettingsPolicy.yaml @@ -13,7 +13,7 @@ tests: gatewayAPI.enabled: false gatewayAPI.core.httpRoute.enabled: false gatewayAPI.nginx.clientSettingsPolicy.enabled: false - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -23,7 +23,7 @@ tests: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: false gatewayAPI.nginx.clientSettingsPolicy.enabled: false - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -33,7 +33,7 @@ tests: gatewayAPI.enabled: false gatewayAPI.core.httpRoute.enabled: true gatewayAPI.nginx.clientSettingsPolicy.enabled: false - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -43,7 +43,7 @@ tests: gatewayAPI.enabled: false gatewayAPI.core.httpRoute.enabled: false gatewayAPI.nginx.clientSettingsPolicy.enabled: true - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -53,7 +53,7 @@ tests: gatewayAPI.enabled: false gatewayAPI.core.httpRoute.enabled: false gatewayAPI.nginx.clientSettingsPolicy.enabled: false - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 0 @@ -63,7 +63,7 @@ tests: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: true gatewayAPI.nginx.clientSettingsPolicy.enabled: false - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -73,7 +73,7 @@ tests: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: false gatewayAPI.nginx.clientSettingsPolicy.enabled: true - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -83,7 +83,7 @@ tests: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: false gatewayAPI.nginx.clientSettingsPolicy.enabled: false - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 0 @@ -93,7 +93,7 @@ tests: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: true gatewayAPI.nginx.clientSettingsPolicy.enabled: true - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 1 @@ -133,7 +133,7 @@ tests: foo: "bar" labels: bar: "foo" - services.http.enabled: true + service.enabled: true asserts: - equal: path: metadata.annotations @@ -157,7 +157,7 @@ tests: enabled: true clientMaxBodySize: 10m clientBodyTimeout: 30s - services.http.enabled: true + service.enabled: true asserts: - isSubset: path: spec.body @@ -177,7 +177,7 @@ tests: keepaliveTime: 60s keepaliveTimeout: 60s keepaliveMinTimeout: 10s - services.http.enabled: true + service.enabled: true asserts: - notExists: path: spec.body diff --git a/unittests/httpRoute/httpRoute.yaml b/unittests/httpRoute/httpRoute.yaml index b228e72..dfcb382 100644 --- a/unittests/httpRoute/httpRoute.yaml +++ b/unittests/httpRoute/httpRoute.yaml @@ -12,7 +12,7 @@ tests: set: gatewayAPI.enabled: false gatewayAPI.core.httpRoute.enabled: false - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -21,7 +21,7 @@ tests: set: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: false - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -30,7 +30,7 @@ tests: set: gatewayAPI.enabled: false gatewayAPI.core.httpRoute.enabled: true - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -39,7 +39,7 @@ tests: set: gatewayAPI.enabled: false gatewayAPI.core.httpRoute.enabled: false - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 0 @@ -48,7 +48,7 @@ tests: set: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: false - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 0 @@ -57,7 +57,7 @@ tests: set: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: true - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -66,7 +66,7 @@ tests: set: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: true - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 1 @@ -93,7 +93,7 @@ tests: path: spec.rules[0].backendRefs content: kind: Service - name: athens-proxy-unittest-http + name: athens-proxy-unittest namespace: testing port: 3000 weight: 1 @@ -113,7 +113,7 @@ tests: foo: bar labels: bar: foo - services.http.enabled: true + service.enabled: true asserts: - hasDocuments: count: 1 @@ -135,7 +135,7 @@ tests: set: gatewayAPI.enabled: true gatewayAPI.core.httpRoute.enabled: true - services.http: + service: enabled: true port: 9090 asserts: @@ -152,7 +152,7 @@ tests: - path: type: PathPrefix value: /foo - services.http.enabled: true + service.enabled: true asserts: - contains: path: spec.rules[0].matches @@ -173,7 +173,7 @@ tests: namespace: testing kind: Gateway sectionName: athens-proxy-debug-gateway - services.http.enabled: true + service.enabled: true asserts: - lengthEqual: path: spec.hostnames diff --git a/unittests/ingress/ingress.yaml b/unittests/ingress/ingress.yaml index 337e0ac..f488eb2 100644 --- a/unittests/ingress/ingress.yaml +++ b/unittests/ingress/ingress.yaml @@ -15,7 +15,7 @@ tests: - it: Skip ingress, when service is disabled. set: - services.http.enabled: false + service.enabled: false ingress.enabled: true asserts: - hasDocuments: @@ -65,7 +65,7 @@ tests: pathType: Prefix backend: service: - name: athens-proxy-unittest-http + name: athens-proxy-unittest port: number: 3000 - contains: @@ -92,7 +92,7 @@ tests: - secretName: athens-proxy-http-tls hosts: - athens-proxy.example.local - services.http.port: 8080 + service.port: 8080 asserts: - hasDocuments: @@ -128,7 +128,7 @@ tests: pathType: Prefix backend: service: - name: athens-proxy-unittest-http + name: athens-proxy-unittest port: number: 8080 - contains: diff --git a/unittests/services/http.yaml b/unittests/service/service.yaml similarity index 82% rename from unittests/services/http.yaml rename to unittests/service/service.yaml index 3d3cf42..88bf913 100644 --- a/unittests/services/http.yaml +++ b/unittests/service/service.yaml @@ -6,11 +6,11 @@ release: name: athens-proxy-unittest namespace: testing templates: -- templates/serviceHTTP.yaml +- templates/service.yaml tests: - it: Skip service when disabled. set: - services.http.enabled: false + service.enabled: false asserts: - hasDocuments: count: 0 @@ -22,7 +22,7 @@ tests: - containsDocument: apiVersion: v1 kind: Service - name: athens-proxy-unittest-http + name: athens-proxy-unittest namespace: testing - notExists: path: metadata.annotations @@ -75,37 +75,37 @@ tests: - it: Require internalTrafficPolicy. set: - services.http.internalTrafficPolicy: "" + service.internalTrafficPolicy: "" asserts: - failedTemplate: errorMessage: No internal traffic policy defined! - it: Require port. set: - services.http.port: "" + service.port: "" asserts: - failedTemplate: errorMessage: No service port defined! - it: Require sessionAffinity. set: - services.http.sessionAffinity: "" + service.sessionAffinity: "" asserts: - failedTemplate: errorMessage: No session affinity defined! - it: Require service type. set: - services.http.type: "" + service.type: "" asserts: - failedTemplate: errorMessage: No service type defined! - it: Render service with custom annotations and labels. set: - services.http.annotations: + service.annotations: foo: bar - services.http.labels: + service.labels: bar: foo asserts: - equal: @@ -125,19 +125,19 @@ tests: - it: Change defaults set: - services.http.externalIPs: + service.externalIPs: - "10.11.12.13/32" - services.http.externalTrafficPolicy: Local - services.http.internalTrafficPolicy: Local - services.http.ipFamilies: + service.externalTrafficPolicy: Local + service.internalTrafficPolicy: Local + service.ipFamilies: - IPv4 - services.http.loadBalancerClass: aws - services.http.loadBalancerIP: "11.12.13.14" - services.http.loadBalancerSourceRanges: + service.loadBalancerClass: aws + service.loadBalancerIP: "11.12.13.14" + service.loadBalancerSourceRanges: - "11.12.0.0/17" - services.http.port: 10443 - services.http.sessionAffinity: ClientIP - services.http.type: LoadBalancer + service.port: 10443 + service.sessionAffinity: ClientIP + service.type: LoadBalancer asserts: - equal: path: spec.externalIPs @@ -171,4 +171,4 @@ tests: value: ClientIP - equal: path: spec.type - value: LoadBalancer \ No newline at end of file + value: LoadBalancer diff --git a/values.yaml b/values.yaml index 5b7ab1a..c958c05 100644 --- a/values.yaml +++ b/values.yaml @@ -543,7 +543,7 @@ gatewayAPI: # name: "athens-proxy-ca" # hostname: "athens-proxy" - ## @param gatewayAPI.core.httpRoute.enabled Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `services.http.enabled` to be `true`. + ## @param gatewayAPI.core.httpRoute.enabled Enable the HTTPRoute resource. Requires also `gatewayAPI.enabled` and `service.enabled` to be `true`. ## @param gatewayAPI.core.httpRoute.annotations Additional annotations for the HTTPRoute. ## @param gatewayAPI.core.httpRoute.labels Additional labels for the HTTPRoute. ## @param gatewayAPI.core.httpRoute.hostnames Hostnames for the HTTPRoute. @@ -749,36 +749,35 @@ networkPolicy: # protocol: TCP ## @section Service -## @param services.http.enabled Enable the service. -## @param services.http.annotations Additional service annotations. -## @param services.http.externalIPs External IPs for the service. -## @param services.http.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. -## @param services.http.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. -## @param services.http.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. -## @param services.http.labels Additional service labels. -## @param services.http.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. -## @param services.http.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. -## @param services.http.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. -## @param services.http.port Port to forward the traffic to. -## @param services.http.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. -## @param services.http.sessionAffinityConfig Contains the configuration of the session affinity. -## @param services.http.type Kubernetes service type for the traffic. -services: - http: - enabled: true - annotations: {} - externalIPs: [] - externalTrafficPolicy: "Cluster" - internalTrafficPolicy: "Cluster" - ipFamilies: [] - labels: {} - loadBalancerClass: "" - loadBalancerIP: "" - loadBalancerSourceRanges: [] - port: 3000 - sessionAffinity: "None" - sessionAffinityConfig: {} - type: "ClusterIP" +## @param service.enabled Enable the service. +## @param service.annotations Additional service annotations. +## @param service.externalIPs External IPs for the service. +## @param service.externalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster external traffic. Furthermore, this enables source IP preservation. +## @param service.internalTrafficPolicy If `service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to tell kube-proxy to only use node local endpoints for cluster internal traffic. +## @param service.ipFamilies IPFamilies is list of IP families (e.g. `IPv4`, `IPv6`) assigned to this service. This field is usually assigned automatically based on cluster configuration and only required for customization. +## @param service.labels Additional service labels. +## @param service.loadBalancerClass LoadBalancerClass is the class of the load balancer implementation this Service belongs to. Requires service from type `LoadBalancer`. +## @param service.loadBalancerIP LoadBalancer will get created with the IP specified in this field. Requires service from type `LoadBalancer`. +## @param service.loadBalancerSourceRanges Source range filter for LoadBalancer. Requires service from type `LoadBalancer`. +## @param service.port Port to forward the traffic to. +## @param service.sessionAffinity Supports `ClientIP` and `None`. Enable client IP based session affinity via `ClientIP`. +## @param service.sessionAffinityConfig Contains the configuration of the session affinity. +## @param service.type Kubernetes service type for the traffic. +service: + enabled: true + annotations: {} + externalIPs: [] + externalTrafficPolicy: "Cluster" + internalTrafficPolicy: "Cluster" + ipFamilies: [] + labels: {} + loadBalancerClass: "" + loadBalancerIP: "" + loadBalancerSourceRanges: [] + port: 3000 + sessionAffinity: "None" + sessionAffinityConfig: {} + type: "ClusterIP" ## @section ServiceAccount serviceAccount: