diff --git a/charts/sn-platform-slim/templates/toolset/_toolset.tpl b/charts/sn-platform-slim/templates/toolset/_toolset.tpl index 303f63997..1680257c7 100644 --- a/charts/sn-platform-slim/templates/toolset/_toolset.tpl +++ b/charts/sn-platform-slim/templates/toolset/_toolset.tpl @@ -157,6 +157,106 @@ Define toolset TLS certificate secret name {{- end -}} {{- end -}} +{{/* +Define the proxy service host for toolset (ingress when proxy ingress is enabled, else headless). +Toolset uses this so pulsar-admin and client commands reach the proxy via the ingress service. +*/}} +{{- define "toolset.proxy.service.host" -}} +{{- if and .Values.ingress.proxy.enabled (ne .Values.ingress.proxy.type "IstioGateway") -}} +{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-ingress +{{- else -}} +{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless +{{- end -}} +{{- end -}} + +{{/* +Whether toolset resolves the proxy through the ingress service. +*/}} +{{- define "toolset.proxy.service.usesIngress" -}} +{{- if and .Values.ingress.proxy.enabled (ne .Values.ingress.proxy.type "IstioGateway") -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy web service scheme. +*/}} +{{- define "toolset.proxy.web.service.scheme" -}} +{{- if eq (include "toolset.proxy.service.usesIngress" .) "true" -}} +{{- if or (and .Values.tls.enabled .Values.tls.proxy.enabled) .Values.ingress.proxy.tls.enabled -}} +https +{{- else -}} +http +{{- end -}} +{{- else -}} +{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} +https +{{- else -}} +http +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy web service port. +*/}} +{{- define "toolset.proxy.web.service.port" -}} +{{- if eq (include "toolset.proxy.service.usesIngress" .) "true" -}} +{{- if eq (include "toolset.proxy.web.service.scheme" .) "https" -}} +{{ .Values.proxy.ports.https }} +{{- else if .Values.ingress.proxy.httpPortOverride -}} +{{ .Values.ingress.proxy.httpPortOverride }} +{{- else -}} +{{ .Values.proxy.ports.http }} +{{- end -}} +{{- else -}} +{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} +{{ .Values.proxy.ports.https }} +{{- else -}} +{{ .Values.proxy.ports.http }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy broker service scheme. +*/}} +{{- define "toolset.proxy.broker.service.scheme" -}} +{{- if eq (include "toolset.proxy.service.usesIngress" .) "true" -}} +{{- if or (and .Values.tls.enabled .Values.tls.proxy.enabled) .Values.ingress.proxy.tls.enabled -}} +pulsar+ssl +{{- else -}} +pulsar +{{- end -}} +{{- else -}} +{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} +pulsar+ssl +{{- else -}} +pulsar +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy broker service port. +*/}} +{{- define "toolset.proxy.broker.service.port" -}} +{{- if eq (include "toolset.proxy.broker.service.scheme" .) "pulsar+ssl" -}} +{{ .Values.proxy.ports.pulsarssl }} +{{- else -}} +{{ .Values.proxy.ports.pulsar }} +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy broker service url. +*/}} +{{- define "toolset.proxy.broker.service.url" -}} +{{ template "toolset.proxy.broker.service.scheme" . }}://{{ template "toolset.proxy.service.host" . }}:{{ template "toolset.proxy.broker.service.port" . }} +{{- end -}} + {{/* Define the toolset web service url */}} @@ -168,11 +268,7 @@ https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Va http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} {{- end -}} {{- else -}} -{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} -https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.https }} -{{- else -}} -http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.http }} -{{- end -}} +{{ template "toolset.proxy.web.service.scheme" . }}://{{ template "toolset.proxy.service.host" . }}:{{ template "toolset.proxy.web.service.port" . }} {{- end -}} {{- end -}} @@ -210,4 +306,4 @@ Define toolset pulsarctl config volumes {{- else -}} {{ .Values.toolset.serviceAccount.name }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/sn-platform-slim/templates/toolset/toolset-configmap.yaml b/charts/sn-platform-slim/templates/toolset/toolset-configmap.yaml index 14b74ab71..2de1a4e73 100644 --- a/charts/sn-platform-slim/templates/toolset/toolset-configmap.yaml +++ b/charts/sn-platform-slim/templates/toolset/toolset-configmap.yaml @@ -29,10 +29,10 @@ data: {{- end }} {{- end }} {{- if .Values.toolset.useProxy }} - # talk to proxy - {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} - webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless:{{ .Values.proxy.ports.https }}/" - brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless:{{ .Values.proxy.ports.pulsarssl }}/" + # talk to proxy (use proxy-ingress when ingress enabled so pulsar-admin works from Toolset pod) + webServiceUrl: "{{ template "toolset.web.service.url" . }}/" + brokerServiceUrl: "{{ template "toolset.proxy.broker.service.url" . }}/" + {{- if or (and .Values.tls.enabled .Values.tls.proxy.enabled) .Values.ingress.proxy.tls.enabled }} useTls: "true" tlsAllowInsecureConnection: "false" {{- if .Values.tls.proxy.untrustedCa }} @@ -40,10 +40,6 @@ data: {{- end }} tlsEnableHostnameVerification: "false" {{- end }} - {{- if not (and .Values.tls.enabled .Values.tls.proxy.enabled) }} - webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless:{{ .Values.proxy.ports.http }}/" - brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless:{{ .Values.proxy.ports.pulsar }}/" - {{- end }} {{- end }} # Authentication Settings {{- if .Values.auth.authentication.enabled }} diff --git a/charts/sn-platform/templates/toolset/_toolset.tpl b/charts/sn-platform/templates/toolset/_toolset.tpl index ccc0866ef..30448fb9b 100644 --- a/charts/sn-platform/templates/toolset/_toolset.tpl +++ b/charts/sn-platform/templates/toolset/_toolset.tpl @@ -205,6 +205,106 @@ Define toolset TLS certificate secret name {{- end -}} {{- end -}} +{{/* +Define the proxy service host for toolset (ingress when proxy ingress is enabled, else headless). +Toolset uses this so pulsar-admin and client commands reach the proxy via the ingress service. +*/}} +{{- define "toolset.proxy.service.host" -}} +{{- if and .Values.ingress.proxy.enabled (ne .Values.ingress.proxy.type "IstioGateway") -}} +{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-ingress +{{- else -}} +{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless +{{- end -}} +{{- end -}} + +{{/* +Whether toolset resolves the proxy through the ingress service. +*/}} +{{- define "toolset.proxy.service.usesIngress" -}} +{{- if and .Values.ingress.proxy.enabled (ne .Values.ingress.proxy.type "IstioGateway") -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy web service scheme. +*/}} +{{- define "toolset.proxy.web.service.scheme" -}} +{{- if eq (include "toolset.proxy.service.usesIngress" .) "true" -}} +{{- if or (and .Values.tls.enabled .Values.tls.proxy.enabled) .Values.ingress.proxy.tls.enabled -}} +https +{{- else -}} +http +{{- end -}} +{{- else -}} +{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} +https +{{- else -}} +http +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy web service port. +*/}} +{{- define "toolset.proxy.web.service.port" -}} +{{- if eq (include "toolset.proxy.service.usesIngress" .) "true" -}} +{{- if eq (include "toolset.proxy.web.service.scheme" .) "https" -}} +{{ .Values.proxy.ports.https }} +{{- else if .Values.ingress.proxy.httpPortOverride -}} +{{ .Values.ingress.proxy.httpPortOverride }} +{{- else -}} +{{ .Values.proxy.ports.http }} +{{- end -}} +{{- else -}} +{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} +{{ .Values.proxy.ports.https }} +{{- else -}} +{{ .Values.proxy.ports.http }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy broker service scheme. +*/}} +{{- define "toolset.proxy.broker.service.scheme" -}} +{{- if eq (include "toolset.proxy.service.usesIngress" .) "true" -}} +{{- if or (and .Values.tls.enabled .Values.tls.proxy.enabled) .Values.ingress.proxy.tls.enabled -}} +pulsar+ssl +{{- else -}} +pulsar +{{- end -}} +{{- else -}} +{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} +pulsar+ssl +{{- else -}} +pulsar +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy broker service port. +*/}} +{{- define "toolset.proxy.broker.service.port" -}} +{{- if eq (include "toolset.proxy.broker.service.scheme" .) "pulsar+ssl" -}} +{{ .Values.proxy.ports.pulsarssl }} +{{- else -}} +{{ .Values.proxy.ports.pulsar }} +{{- end -}} +{{- end -}} + +{{/* +Define the toolset proxy broker service url. +*/}} +{{- define "toolset.proxy.broker.service.url" -}} +{{ template "toolset.proxy.broker.service.scheme" . }}://{{ template "toolset.proxy.service.host" . }}:{{ template "toolset.proxy.broker.service.port" . }} +{{- end -}} + {{/* Define the toolset web service url */}} @@ -216,11 +316,7 @@ https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Va http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }} {{- end -}} {{- else -}} -{{- if and .Values.tls.enabled .Values.tls.proxy.enabled -}} -https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.https }} -{{- else -}} -http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.http }} -{{- end -}} +{{ template "toolset.proxy.web.service.scheme" . }}://{{ template "toolset.proxy.service.host" . }}:{{ template "toolset.proxy.web.service.port" . }} {{- end -}} {{- end -}} @@ -259,4 +355,4 @@ Define toolset pulsarctl config volumes {{- else -}} {{ .Values.toolset.serviceAccount.name }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/sn-platform/templates/toolset/toolset-configmap.yaml b/charts/sn-platform/templates/toolset/toolset-configmap.yaml index 04f949f48..e93455ef1 100644 --- a/charts/sn-platform/templates/toolset/toolset-configmap.yaml +++ b/charts/sn-platform/templates/toolset/toolset-configmap.yaml @@ -29,10 +29,10 @@ data: {{- end }} {{- end }} {{- if .Values.toolset.useProxy }} - # talk to proxy - {{- if and .Values.tls.enabled .Values.tls.proxy.enabled }} - webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless:{{ .Values.proxy.ports.https }}/" - brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless:{{ .Values.proxy.ports.pulsarssl }}/" + # talk to proxy (use proxy-ingress when ingress enabled so pulsar-admin works from Toolset pod) + webServiceUrl: "{{ template "toolset.web.service.url" . }}/" + brokerServiceUrl: "{{ template "toolset.proxy.broker.service.url" . }}/" + {{- if or (and .Values.tls.enabled .Values.tls.proxy.enabled) .Values.ingress.proxy.tls.enabled }} useTls: "true" tlsAllowInsecureConnection: "false" {{- if .Values.tls.proxy.untrustedCa }} @@ -40,10 +40,6 @@ data: {{- end }} tlsEnableHostnameVerification: "false" {{- end }} - {{- if not (and .Values.tls.enabled .Values.tls.proxy.enabled) }} - webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless:{{ .Values.proxy.ports.http }}/" - brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}-headless:{{ .Values.proxy.ports.pulsar }}/" - {{- end }} {{- end }} # Authentication Settings {{- if .Values.auth.authentication.enabled }}