diff --git a/.github/workflows/console.yml b/.github/workflows/console.yml index db813596..1f46bfcf 100644 --- a/.github/workflows/console.yml +++ b/.github/workflows/console.yml @@ -33,8 +33,10 @@ on: jobs: build: - + name: Console Build (Node ${{ matrix.node-version }}) runs-on: ubuntu-latest + permissions: + contents: read strategy: matrix: node-version: ["20.19", "22.13"] @@ -42,23 +44,69 @@ jobs: steps: - name: Checkout Polaris Tools project uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - - name: Set up Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: 'npm' cache-dependency-path: console/package.json - - name: Install dependencies working-directory: console run: make install - - name: Lint working-directory: console run: make lint - - name: Build working-directory: console run: make build + helm-tests: + name: Helm Tests (Helm ${{ matrix.helm-version }}) + runs-on: ubuntu-latest + timeout-minutes: 60 + permissions: + contents: read + strategy: + matrix: + include: + - helm-version: 'v3.20.0' + - helm-version: 'v4.0.5' + - helm-version: 'v4.1.1' + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + fetch-depth: 0 + persist-credentials: false + - name: Set up Helm + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + with: + version: ${{ matrix.helm-version }} + - name: Set up chart-testing + run: | + CT_VERSION=3.14.0 + ARCH=$(uname -m) + case "$ARCH" in + x86_64|amd64) ARCH=amd64 ;; + aarch64|arm64) ARCH=arm64 ;; + esac + curl -sSLo ct.tar.gz "https://github.com/helm/chart-testing/releases/download/v${CT_VERSION}/chart-testing_${CT_VERSION}_linux_${ARCH}.tar.gz" + sudo tar -xzf ct.tar.gz -C /usr/local/bin ct + mkdir -p .ct + tar -xzf ct.tar.gz --strip-components=1 -C .ct etc + rm ct.tar.gz + pip install yamllint yamale + - name: Install Helm plugins + run: make console-helm-install-plugins + - name: Verify Helm schema is up to date + run: make console-helm-schema-verify + - name: Run 'helm template' validation + run: | + cd console/helm + helm template --debug --namespace polaris-ns --values values.yaml . + - name: Run Helm unit tests + run: make console-helm-unittest + - name: Run chart-testing (lint) + env: + DEFAULT_BRANCH: ${{ github.base_ref || github.event.repository.default_branch }} + run: ct lint --target-branch "${DEFAULT_BRANCH}" --debug --charts ./console/helm --validate-maintainers=false diff --git a/Makefile b/Makefile index 8cebe949..31c4f6d2 100644 --- a/Makefile +++ b/Makefile @@ -101,6 +101,32 @@ console-lint-fix: ## Fix linting issues in the console project console-version: ## Display version for console project @$(MAKE) -C console version +##@ Console Helm + +.PHONY: console-helm +console-helm: ## Run most Helm targets (schema, unittest, and lint) + @$(MAKE) -C console helm + +.PHONY: console-helm-install-plugins +console-helm-install-plugins: ## Install required Helm plugins (unittest, schema) + @$(MAKE) -C console helm-install-plugins + +.PHONY: console-helm-lint +console-helm-lint: ## Run Helm chart lint check + @$(MAKE) -C console helm-lint + +.PHONY: console-helm-schema-generate +console-helm-schema-generate: ## Generate Helm chart JSON schema from values.yaml + @$(MAKE) -C console helm-schema-generate + +.PHONY: console-helm-schema-verify +console-helm-schema-verify: ## Verify Helm chart JSON schema is up to date + @$(MAKE) -C console helm-schema-verify + +.PHONY: console-helm-unittest +console-helm-unittest: ## Run Helm chart unittest + @$(MAKE) -C console helm-unittest + ##@ MCP .PHONY: mcp-build diff --git a/console/LICENSE b/console/LICENSE index f49a4e16..f4e2129b 100644 --- a/console/LICENSE +++ b/console/LICENSE @@ -198,4 +198,15 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. \ No newline at end of file + limitations under the License. + +-------------------------------------------------------------------------------- + +This product includes code from Project Nessie. + +* helm/templates/_helpers.tpl +* helm/templates/serviceaccount.yaml + +Copyright: Copyright 2015-2025 Dremio Corporation +Home page: https://projectnessie.org/ +License: https://www.apache.org/licenses/LICENSE-2.0 \ No newline at end of file diff --git a/console/Makefile b/console/Makefile index d3076847..98f20c25 100644 --- a/console/Makefile +++ b/console/Makefile @@ -89,3 +89,143 @@ lint-fix: format-fix ## Fix linting issues in the console project @echo "--- Fixing linting issues in the console project ---" @npm run lint -- --fix @echo "--- Linting issues in the console project fixed ---" + +##@ Helm + +.PHONY: helm +helm: helm-schema-generate helm-lint helm-unittest ## Run most Helm targets (schema, unittest, and lint) + +helm-install-plugins: DEPENDENCIES := helm +.PHONY: helm-install-plugins +helm-install-plugins: check-dependencies ## Install required Helm plugins (unittest, schema) + @echo "--- Installing Helm plugins ---" + @HELM_MAJOR_VERSION=$$(helm version --short | sed 's/^v//' | cut -d. -f1); \ + if [ "$$HELM_MAJOR_VERSION" -ge 4 ] 2>/dev/null; then \ + HELM_PLUGIN_FLAGS="--verify=false"; \ + else \ + HELM_PLUGIN_FLAGS=""; \ + fi; \ + if helm plugin list | grep -q "^unittest"; then \ + echo "Plugin 'unittest' is already installed."; \ + else \ + echo "Installing 'unittest' plugin..."; \ + helm plugin install $$HELM_PLUGIN_FLAGS https://github.com/helm-unittest/helm-unittest.git; \ + fi; \ + if helm plugin list | grep -q "^schema"; then \ + echo "Plugin 'schema' is already installed."; \ + else \ + echo "Installing 'schema' plugin..."; \ + helm plugin install $$HELM_PLUGIN_FLAGS https://github.com/losisin/helm-values-schema-json.git; \ + fi + @echo "--- Helm plugins installed ---" + +helm-lint: DEPENDENCIES := ct yamllint +.PHONY: helm-lint +helm-lint: check-dependencies ## Run Helm chart lint check + @echo "--- Running Helm chart linting ---" + @ct lint --charts helm/ --validate-maintainers=false + @echo "--- Helm chart linting complete ---" + +helm-schema-generate: DEPENDENCIES := helm +.PHONY: helm-schema-generate +helm-schema-generate: helm-install-plugins ## Generate Helm chart JSON schema from values.yaml + @echo "--- Generating Helm values schema ---" + @helm schema -f helm/values.yaml -o helm/values.schema.json --use-helm-docs --draft 7 + @echo "--- Helm values schema generated ---" + +helm-schema-verify: DEPENDENCIES := helm git +.PHONY: helm-schema-verify +helm-schema-verify: helm-schema-generate ## Verify Helm chart JSON schema is up to date + @echo "--- Verifying Helm values schema is up to date ---" + @if ! git diff --exit-code helm/values.schema.json; then \ + echo "ERROR: Helm schema is out of date. Please run 'make helm-schema-generate' and commit the changes."; \ + exit 1; \ + fi + @echo "--- Helm values schema is up to date ---" + +helm-unittest: DEPENDENCIES := helm +.PHONY: helm-unittest +helm-unittest: helm-install-plugins ## Run Helm chart unittest + @echo "--- Running Helm chart unittest ---" + @helm unittest helm/ + @echo "--- Helm chart unittest complete ---" + +##@ Dependencies + +.PHONY: check-dependencies +check-dependencies: ## Check if all requested dependencies are present + @echo "--- Checking for requested dependencies ---" + @for dependency in $(DEPENDENCIES); do \ + echo "Checking for $$dependency..."; \ + if [ "$$dependency" = "java21" ]; then \ + if java --version | head -n1 | cut -d' ' -f2 | grep -q '^21\.'; then \ + echo "Java 21 is installed."; \ + else \ + echo "Java 21 is NOT installed."; \ + echo "--- ERROR: Dependency 'Java 21' is missing. Please install it to proceed. Exiting. ---"; \ + exit 1; \ + fi ; \ + elif command -v $$dependency >/dev/null 2>&1; then \ + echo "$$dependency is installed."; \ + else \ + echo "$$dependency is NOT installed."; \ + echo "--- ERROR: Dependency '$$dependency' is missing. Please install it to proceed. Exiting. ---"; \ + exit 1; \ + fi; \ + done + @echo "--- All checks complete. ---" + +.PHONY: check-brew +check-brew: + @echo "--- Checking Homebrew installation ---" + @if command -v brew >/dev/null 2>&1; then \ + echo "--- Homebrew is installed ---"; \ + else \ + echo "--- Homebrew is not installed. Aborting ---"; \ + exit 1; \ + fi + +.PHONY: install-dependencies-brew +install-dependencies-brew: check-brew ## Install dependencies if not present via Brew + @echo "--- Checking and installing dependencies for this target ---" + @for dependency in $(DEPENDENCIES); do \ + case $$dependency in \ + java21) \ + if java -version 2>&1 | grep -q '21'; then \ + :; \ + else \ + echo "Java 21 is not installed. Installing openjdk@21 and jenv..."; \ + brew install openjdk@21 jenv; \ + $(shell brew --prefix jenv)/bin/jenv add $(shell brew --prefix openjdk@21); \ + jenv local 21; \ + echo "Java 21 installed."; \ + fi ;; \ + docker|podman) \ + if command -v $$dependency >/dev/null 2>&1; then \ + :; \ + else \ + echo "$$dependency is not installed. Manual installation required"; \ + fi ;; \ + ct) \ + if command -v ct >/dev/null 2>&1; then \ + :; \ + else \ + echo "ct is not installed. Installing with Homebrew..."; \ + brew install chart-testing; \ + echo "ct installed."; \ + fi ;; \ + *) \ + if command -v $$dependency >/dev/null 2>&1; then \ + :; \ + else \ + echo "$$dependency is not installed. Installing with Homebrew..."; \ + brew install $$dependency; \ + echo "$$dependency installed."; \ + fi ;; \ + esac; \ + done + @echo "--- All requested dependencies checked/installed ---" + +install-optional-dependencies-brew: DEPENDENCIES := $(OPTIONAL_DEPENDENCIES) +.PHONY: install-optional-dependencies-brew +install-optional-dependencies-brew: install-dependencies-brew ## Install optional dependencies if not present via Brew diff --git a/console/NOTICE b/console/NOTICE index 9a5b012c..0ec62d39 100644 --- a/console/NOTICE +++ b/console/NOTICE @@ -2,4 +2,12 @@ Apache Polaris Copyright 2026 The Apache Software Foundation This product includes software developed at -The Apache Software Foundation (http://www.apache.org/). \ No newline at end of file +The Apache Software Foundation (http://www.apache.org/). + +-------------------------------------------------------------------------------- + +This project includes code from Project Nessie, developed at Dremio, +with the following copyright notice: + +| Nessie +| Copyright 2015-2025 Dremio Corporation \ No newline at end of file diff --git a/console/README.md b/console/README.md index d9d9c30e..1c9247d2 100644 --- a/console/README.md +++ b/console/README.md @@ -140,7 +140,7 @@ The console supports OpenID Connect (OIDC) authentication with PKCE flow. When c Set these environment variables to enable OIDC: ```env -VITE_OIDC_ISSUER_URL=http://localhost:8080/realms/EXTERNAL +VITE_OIDC_ISSUER_URL=http://keycloak:18080/realms/EXTERNAL VITE_OIDC_CLIENT_ID=polaris-console VITE_OIDC_REDIRECT_URI=http://localhost:5173/auth/callback VITE_OIDC_SCOPE=openid profile email @@ -162,7 +162,7 @@ VITE_OIDC_SCOPE=openid profile email 5. Enable **Standard Flow** (Authorization Code Flow) 6. Configure token claims to include user principal information -**Note:** Both the console and Polaris server must use the same OIDC provider. +**Note:** Both the console and Polaris server must use the same OIDC provider. Also, use port `18080` for Keycloak, as port `8080` is being used by the Polaris console. ## Project Structure @@ -238,7 +238,7 @@ make build-docker Then, you run Polaris Console using: ```bash -docker run -p 4000:4000 \ +docker run -p 8080:8080 \ -e VITE_POLARIS_API_URL=http://polaris:8181 \ -e VITE_POLARIS_REALM=POLARIS \ -e VITE_POLARIS_PRINCIPAL_SCOPE=PRINCIPAL_ROLE:ALL \ @@ -248,11 +248,11 @@ docker run -p 4000:4000 \ To enable OIDC authentication, add OIDC environment variables: ```bash -docker run -p 4000:4000 \ +docker run -p 8080:8080 \ -e VITE_POLARIS_API_URL=http://polaris:8181 \ -e VITE_POLARIS_REALM=POLARIS \ -e VITE_POLARIS_PRINCIPAL_SCOPE=PRINCIPAL_ROLE:ALL \ - -e VITE_OIDC_ISSUER_URL=http://keycloak:8080/realms/EXTERNAL \ + -e VITE_OIDC_ISSUER_URL=http://keycloak:18080/realms/EXTERNAL \ -e VITE_OIDC_CLIENT_ID=polaris-console \ -e VITE_OIDC_REDIRECT_URI=http://localhost:8080/auth/callback \ -e VITE_OIDC_SCOPE="openid profile email" \ @@ -286,29 +286,32 @@ and start Polaris instance in `polaris` namespace via helm. 4. **Access the console:** ```bash - kubectl port-forward svc/polaris-console 4000:4000 -n polaris + kubectl port-forward svc/polaris-console 8080:8080 -n polaris ``` - Open http://localhost:4000 in your browser. + Open http://localhost:8080 in your browser. ### Configuration Customize the deployment by creating a `values.yaml` file: ```yaml -env: - polarisApiUrl: "http://polaris:8181" - polarisRealm: "POLARIS" - oauthTokenUrl: "http://polaris:8181/api/catalog/v1/oauth/tokens" - +config: + api: + polarisApiUrl: "http://polaris:8181" + polarisRealm: "POLARIS" + oauthTokenUrl: "http://polaris:8181/api/catalog/v1/oauth/tokens" # OIDC Configuration (optional) - oidcIssuerUrl: "http://keycloak:8080/realms/EXTERNAL" - oidcClientId: "polaris-console" - oidcRedirectUri: "http://localhost:4000/auth/callback" - oidcScope: "openid profile email" + oidc: + issuerUrl: "http://keycloak:18080/realms/EXTERNAL" + clientId: "polaris-console" + redirectUri: "http://localhost:8080/auth/callback" + scope: "openid profile email" service: type: ClusterIP - port: 4000 + ports: + - name: http + port: 8080 replicaCount: 1 ``` diff --git a/console/docker/Dockerfile b/console/docker/Dockerfile index 9f282d07..6758d9b0 100644 --- a/console/docker/Dockerfile +++ b/console/docker/Dockerfile @@ -58,8 +58,8 @@ COPY --chown=10000:10001 --chmod=744 docker/generate-config.sh /generate-config. COPY --from=builder /app/dist /opt/app-root/src RUN chown -R polaris:polaris /opt/app-root -# Expose port 4040 -EXPOSE 4040 +# Expose port 8080 +EXPOSE 8080 RUN chown -R polaris:polaris /var/log/nginx \ && chown -R polaris:polaris /etc/nginx/conf.d \ && chown -R polaris:polaris /var/lib/nginx \ diff --git a/console/docker/nginx.conf b/console/docker/nginx.conf index 490420ee..0d9f9492 100644 --- a/console/docker/nginx.conf +++ b/console/docker/nginx.conf @@ -16,7 +16,7 @@ # under the License. server { - listen 4000; + listen 8080; server_name localhost; root /opt/app-root/src; index index.html; diff --git a/console/helm/.helmignore b/console/helm/.helmignore index 1fa3dd3e..be7fd14f 100644 --- a/console/helm/.helmignore +++ b/console/helm/.helmignore @@ -1,5 +1,46 @@ -node_modules -dist -.git -*.tgz -.DS_Store \ No newline at end of file +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Helm chart testing, CI and release management +ci/ +tests/ +artifacthub-repo.yml diff --git a/console/helm/Chart.yaml b/console/helm/Chart.yaml index 2e333158..35a882bf 100644 --- a/console/helm/Chart.yaml +++ b/console/helm/Chart.yaml @@ -19,7 +19,30 @@ apiVersion: v2 name: polaris-console +description: A Helm chart for Apache Polaris Console type: application -description: Apache Polaris Console -version: 0.1.0 -appVersion: "0.1.0" +version: 1.6.0-SNAPSHOT +appVersion: 1.6.0-SNAPSHOT +home: https://polaris.apache.org/ +icon: https://raw.githubusercontent.com/apache/polaris/main/site/static/img/logos/polaris-brandmark.png +sources: + - https://github.com/apache/polaris-tools +keywords: + - polaris + - iceberg +maintainers: + - name: Apache Polaris PMC + email: dev@polaris.apache.org + url: https://polaris.apache.org/ +annotations: + artifacthub.io/links: | + - name: Homepage + url: https://polaris.apache.org/ + - name: Source Code + url: https://github.com/apache/polaris-tools + - name: Documentation + url: https://polaris.apache.org/ + - name: Support + url: https://github.com/apache/polaris-tools/issues + artifacthub.io/license: Apache-2.0 + artifacthub.io/category: database diff --git a/console/helm/LICENSE b/console/helm/LICENSE new file mode 100644 index 00000000..261eeb9e --- /dev/null +++ b/console/helm/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/console/helm/NOTICE b/console/helm/NOTICE new file mode 100644 index 00000000..3aceaadc --- /dev/null +++ b/console/helm/NOTICE @@ -0,0 +1,5 @@ +Apache Polaris Console +Copyright 2026 The Apache Software Foundation + +This product includes software developed at +The Apache Software Foundation (http://www.apache.org/). diff --git a/console/helm/README.md b/console/helm/README.md new file mode 100644 index 00000000..d394967b --- /dev/null +++ b/console/helm/README.md @@ -0,0 +1,46 @@ + + +# Helm Chart for Apache Polaris Console + +The Apache Polaris Console is a web UI for [Apache Polaris](https://polaris.apache.org/). + +## Requirements + +- Kubernetes 1.29+ cluster +- Helm 3.x or 4.x +- A reachable Apache Polaris API endpoint + +## Features + +* Web-based administration UI for Apache Polaris, an open-source catalog platform +* Centralized catalog, namespace, and table management through an intuitive interface +* Centralized security and governance with principals, roles, and fine-grained privileges +* OIDC login via the Authorization Code + PKCE flow (no client secret required) +* Kubernetes-native deployment with support for horizontal scaling, Ingress, and Gateway API +* Production-ready security defaults (non-root user, dropped capabilities, seccomp `RuntimeDefault`) +* Open source and vendor neutral, governed by the Apache Polaris PMC under the Apache Software Foundation + +## Documentation + +Full documentation for Helm Chart lives [on the website](https://github.com/apache/polaris-tools/tree/main/console/). + +## Contributing + +See the [Apache Polaris contributing guidelines](https://polaris.apache.org/community/contributing-guidelines/). diff --git a/console/helm/artifacthub-repo.yml b/console/helm/artifacthub-repo.yml new file mode 100644 index 00000000..51f619ca --- /dev/null +++ b/console/helm/artifacthub-repo.yml @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# Artifact Hub repository metadata file +repositoryID: apache-polaris-console # TODO: Update this with the actual repository ID later +owners: + - name: Apache Polaris PMC + email: dev@polaris.apache.org \ No newline at end of file diff --git a/console/helm/templates/_helpers.tpl b/console/helm/templates/_helpers.tpl index 001b948a..771b022f 100644 --- a/console/helm/templates/_helpers.tpl +++ b/console/helm/templates/_helpers.tpl @@ -19,15 +19,18 @@ */}} + {{/* -Expand the name of the chart. + Expand the name of the chart. */}} {{- define "polaris-console.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} {{/* -Create a default fully qualified app name. + Create a default fully qualified app name. + We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). + If release name contains chart name it will be used as a full name. */}} {{- define "polaris-console.fullname" -}} {{- if .Values.fullnameOverride }} @@ -43,14 +46,14 @@ Create a default fully qualified app name. {{- end }} {{/* -Create chart name and version as used by the chart label. + Create chart name and version as used by the chart label. */}} {{- define "polaris-console.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* -Common labels + Common labels */}} {{- define "polaris-console.labels" -}} helm.sh/chart: {{ include "polaris-console.chart" . }} @@ -62,7 +65,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* -Selector labels + Selector labels */}} {{- define "polaris-console.selectorLabels" -}} app.kubernetes.io/name: {{ include "polaris-console.name" . }} @@ -70,11 +73,24 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* -Validate that only one of ingress or httproute is enabled + Validate that only one of ingress or httproute is enabled */}} {{- define "polaris-console.validateRouting" -}} {{- if and .Values.ingress.enabled .Values.httproute.enabled }} {{- fail "Cannot enable both ingress and httproute. Please enable only one." }} {{- end }} +{{- if and (not .Values.httproute.enabled) .Values.gateway.enabled }} +{{- fail "In order to use the gateway please enable the httproute and disable the ingress."}} +{{- end }} {{- end }} +{{/* + Create the name of the service account to use +*/}} +{{- define "polaris-console.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "polaris-console.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/console/helm/templates/configmap.yaml b/console/helm/templates/configmap.yaml new file mode 100644 index 00000000..c0d7913b --- /dev/null +++ b/console/helm/templates/configmap.yaml @@ -0,0 +1,57 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "polaris-console.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "polaris-console.labels" . | nindent 4 }} + {{- if .Values.configMapLabels }} + {{- tpl (toYaml .Values.configMapLabels) . | nindent 4 }} + {{- end }} +data: + {{- with .Values.config.api.polarisApiUrl }} + VITE_POLARIS_API_URL: {{ . | quote }} + {{- end }} + {{- with .Values.config.api.polarisRealm }} + VITE_POLARIS_REALM: {{ . | quote }} + {{- end }} + {{- with .Values.config.api.polarisPrincipalScope }} + VITE_POLARIS_PRINCIPAL_SCOPE: {{ . | quote }} + {{- end }} + {{- with .Values.config.api.polarisRealmHeaderName }} + VITE_POLARIS_REALM_HEADER_NAME: {{ . | quote }} + {{- end }} + {{- with .Values.config.api.oauthTokenUrl }} + VITE_OAUTH_TOKEN_URL: {{ . | quote }} + {{- end }} + {{- with .Values.config.oidc.issuerUrl }} + VITE_OIDC_ISSUER_URL: {{ . | quote }} + {{- end }} + {{- with .Values.config.oidc.clientId }} + VITE_OIDC_CLIENT_ID: {{ . | quote }} + {{- end }} + {{- with .Values.config.oidc.redirectUri }} + VITE_OIDC_REDIRECT_URI: {{ . | quote }} + {{- end }} + {{- with .Values.config.oidc.scope }} + VITE_OIDC_SCOPE: {{ . | quote }} + {{- end }} diff --git a/console/helm/templates/deployment.yaml b/console/helm/templates/deployment.yaml index 8ecfc73c..ff65c6f1 100644 --- a/console/helm/templates/deployment.yaml +++ b/console/helm/templates/deployment.yaml @@ -1,76 +1,164 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "polaris-console.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "polaris-console.labels" . | nindent 4 }} + {{- if .Values.podLabels }} + {{- tpl (toYaml .Values.podLabels) . | nindent 4 }} + {{- end }} + {{- if .Values.deploymentAnnotations }} + annotations: + {{- tpl (toYaml .Values.deploymentAnnotations) . | nindent 4 }} + {{- end }} spec: + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} + {{- end }} + {{- if not (has (quote .Values.revisionHistoryLimit) (list "" (quote ""))) }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- end }} selector: matchLabels: - app: {{ include "polaris-console.fullname" . }} + {{- include "polaris-console.selectorLabels" . | nindent 6 }} template: metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.podAnnotations }} + {{- tpl (toYaml .Values.podAnnotations) . | nindent 8 }} + {{- end }} labels: - app: {{ include "polaris-console.fullname" . }} + {{- include "polaris-console.selectorLabels" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- tpl (toYaml .Values.podLabels) . | nindent 8 }} + {{- end }} spec: + {{- if .Values.imagePullSecrets }} imagePullSecrets: - {{- if .Values.image.pullSecrets }} - {{- toYaml .Values.image.pullSecrets | nindent 6 }} + {{- range .Values.imagePullSecrets }} + - name: {{ . | quote }} {{- end }} + {{- end }} + serviceAccountName: {{ include "polaris-console.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ tpl .Values.priorityClassName . | quote }} + {{- end }} + {{- if (kindIs "bool" .Values.hostUsers) }} + hostUsers: {{ .Values.hostUsers }} + {{- end }} + {{- if .Values.podSecurityContext }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- tpl (toYaml .Values.podSecurityContext) . | nindent 8 }} + {{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + {{- tpl (toYaml .Values.extraInitContainers) . | nindent 8 }} + {{- end }} + {{- if ne .Values.terminationGracePeriodSeconds nil }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} containers: - - name: polaris-console + - name: {{ .Chart.Name }} + {{- if .Values.containerSecurityContext }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - containerPort: {{ .Values.service.targetPort | default 80 }} + {{- tpl (toYaml .Values.containerSecurityContext) . | nindent 12 }} + {{- end }} + {{- if .Values.containerLifecycle }} + lifecycle: + {{- tpl (toYaml .Values.containerLifecycle) . | nindent 12 }} + {{- end }} + image: "{{ tpl .Values.image.repository . }}:{{ tpl (default .Chart.AppVersion .Values.image.tag) . }}" + imagePullPolicy: {{ tpl .Values.image.pullPolicy . }} + {{- if .Values.extraEnv }} env: - - name: VITE_POLARIS_API_URL - value: {{ .Values.env.polarisApiUrl | quote }} - - name: VITE_POLARIS_REALM - value: {{ .Values.env.polarisRealm | quote }} - - name: VITE_POLARIS_PRINCIPAL_SCOPE - value: {{ .Values.env.polarisPrincipalScope | quote }} - - name: VITE_OAUTH_TOKEN_URL - value: {{ .Values.env.oauthTokenUrl | quote }} - readinessProbe: + {{- tpl (toYaml .Values.extraEnv) . | nindent 12 }} + {{- end }} + envFrom: + - configMapRef: + name: {{ include "polaris-console.fullname" . }} + {{- if .Values.envFrom }} + {{- tpl (toYaml .Values.envFrom) . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ default .Values.service.port .Values.service.targetPort }} + protocol: {{ .Values.service.protocol | default "TCP" }} + livenessProbe: httpGet: path: /health - port: {{ .Values.service.targetPort | default 80 }} - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 3 - livenessProbe: + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- if ne .Values.livenessProbe.terminationGracePeriodSeconds nil }} + terminationGracePeriodSeconds: {{ .Values.livenessProbe.terminationGracePeriodSeconds }} + {{- end }} + readinessProbe: httpGet: path: /health - port: {{ .Values.service.targetPort | default 80 }} - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 5 + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- if .Values.extraVolumeMounts }} + volumeMounts: + {{- tpl (toYaml .Values.extraVolumeMounts) . | nindent 12 }} + {{- end }} {{- if .Values.resources }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- tpl (toYaml .Values.resources) . | nindent 12 }} {{- end }} + {{- if .Values.extraVolumes }} + volumes: + {{- tpl (toYaml .Values.extraVolumes) . | nindent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- range .Values.topologySpreadConstraints }} + - maxSkew: {{ .maxSkew }} + topologyKey: {{ .topologyKey }} + whenUnsatisfiable: {{ .whenUnsatisfiable }} + labelSelector: + matchLabels: + {{- include "polaris-console.selectorLabels" $ | nindent 14 }} + {{- end }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: + {{- tpl (toYaml .Values.nodeSelector) . | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- tpl (toYaml .Values.affinity) . | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- tpl (toYaml .Values.tolerations) . | nindent 8 }} + {{- end }} diff --git a/console/helm/templates/gateway.yaml b/console/helm/templates/gateway.yaml new file mode 100644 index 00000000..bbaa8584 --- /dev/null +++ b/console/helm/templates/gateway.yaml @@ -0,0 +1,58 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} + +{{- if .Values.gateway.enabled }} +{{- $fullName := include "polaris-console.fullname" . }} + +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "polaris-console.labels" . | nindent 4 }} + {{- with .Values.gateway.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + gatewayClassName: {{ .Values.gateway.className }} + listeners: + {{- range .Values.gateway.listeners }} + - name: {{ .name }} + protocol: {{ .protocol }} + port: {{ .port }} + {{- if .hostname }} + hostname: {{ .hostname | quote }} + {{- end }} + {{- if .allowedRoutes }} + allowedRoutes: + {{- toYaml .allowedRoutes | nindent 8 }} + {{- end }} + {{- if and (eq .protocol "HTTPS") .tls }} + tls: + {{- toYaml .tls | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.gateway.addresses }} + addresses: + {{- toYaml . | nindent 4 }} + {{- end }} + +{{- end }} \ No newline at end of file diff --git a/console/helm/templates/hpa.yaml b/console/helm/templates/hpa.yaml new file mode 100644 index 00000000..45bd9d6b --- /dev/null +++ b/console/helm/templates/hpa.yaml @@ -0,0 +1,52 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} + +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "polaris-console.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "polaris-console.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "polaris-console.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/console/helm/templates/httproute.yaml b/console/helm/templates/httproute.yaml index 2bc0d9ae..fdba5526 100644 --- a/console/helm/templates/httproute.yaml +++ b/console/helm/templates/httproute.yaml @@ -1,21 +1,22 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} + {{- include "polaris-console.validateRouting" . }} {{- if .Values.httproute.enabled }} {{- $fullName := include "polaris-console.fullname" . }} @@ -24,6 +25,7 @@ apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: {{ $fullName }} + namespace: {{ .Release.Namespace }} labels: {{- include "polaris-console.labels" . | nindent 4 }} {{- with .Values.httproute.annotations }} @@ -31,20 +33,15 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - hostnames: {{ .Values.httproute.hosts }} + hostnames: {{ .Values.httproute.hosts | toJson }} parentRefs: - - name: {{ .Values.httproute.gatewayName}} - group: {{ .Values.httproute.gatewayGroup }} - kind: {{ .Values.httproute.gatewayKind }} + - name: {{ .Values.httproute.gatewayName }} namespace: {{ .Values.httproute.gatewayNamespace }} {{- if .Values.httproute.sectionName }} sectionName: {{ .Values.httproute.sectionName }} {{- end }} rules: - # We don't specify a matches block here, so the default is a prefix path match on "/" (match every HTTP request) - # The backend (Service) to send matching requests to - backendRefs: - name: {{ $fullName }} - port: {{ .Values.httproute.port }} - -{{- end }} \ No newline at end of file + port: {{ .Values.service.port }} +{{- end }} diff --git a/console/helm/templates/ingress.yaml b/console/helm/templates/ingress.yaml index fa3362d2..df785a3e 100644 --- a/console/helm/templates/ingress.yaml +++ b/console/helm/templates/ingress.yaml @@ -1,49 +1,51 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} + {{- include "polaris-console.validateRouting" . }} {{- if .Values.ingress.enabled }} {{- $fullName := include "polaris-console.fullname" . }} - +{{- $svcPort := .Values.service.port }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ .Release.Namespace }} labels: {{- include "polaris-console.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + {{- if .Values.ingress.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- tpl (toYaml .Values.ingress.annotations) . | nindent 4 }} {{- end }} spec: {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className | quote }} {{- end }} - {{- if .Values.ingress.tls }} tls: {{- range .Values.ingress.tls }} + {{- if and .secretName .hosts }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} - {{- end }} + {{- end }} rules: {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} @@ -56,8 +58,7 @@ spec: service: name: {{ $fullName }} port: - number: {{ $.Values.service.port }} + number: {{ $svcPort }} {{- end }} {{- end }} - {{- end }} diff --git a/console/helm/templates/poddisruptionbudget.yaml b/console/helm/templates/poddisruptionbudget.yaml new file mode 100644 index 00000000..46c40b0c --- /dev/null +++ b/console/helm/templates/poddisruptionbudget.yaml @@ -0,0 +1,45 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} + +{{- if .Values.podDisruptionBudget.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "polaris-console.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "polaris-console.labels" . | nindent 4 }} + {{- if .Values.podDisruptionBudget.annotations }} + annotations: + {{- tpl (toYaml .Values.podDisruptionBudget.annotations) . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.podDisruptionBudget.minAvailable .Values.podDisruptionBudget.maxUnavailable }} + {{- fail "podDisruptionBudget.minAvailable and podDisruptionBudget.maxUnavailable cannot be both set." -}} + {{- end }} + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "polaris-console.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/console/helm/templates/service.yaml b/console/helm/templates/service.yaml index bd3a6af2..ad67eb48 100644 --- a/console/helm/templates/service.yaml +++ b/console/helm/templates/service.yaml @@ -1,33 +1,57 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} apiVersion: v1 kind: Service metadata: name: {{ include "polaris-console.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "polaris-console.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort | default 80 }} - protocol: TCP selector: - app: {{ include "polaris-console.fullname" . }} + {{- include "polaris-console.selectorLabels" . | nindent 4 }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.port }} + targetPort: {{ default .Values.service.port .Values.service.targetPort }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + protocol: {{ .Values.service.protocol | default "TCP" }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and .Values.service.externalTrafficPolicy (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} + {{- if .Values.service.internalTrafficPolicy }} + internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy }} + {{- end }} + {{- if and .Values.service.trafficDistribution (ge (int .Capabilities.KubeVersion.Minor) 31) }} + trafficDistribution: {{ .Values.service.trafficDistribution }} + {{- end }} diff --git a/console/helm/templates/serviceaccount.yaml b/console/helm/templates/serviceaccount.yaml new file mode 100644 index 00000000..4aa9cd29 --- /dev/null +++ b/console/helm/templates/serviceaccount.yaml @@ -0,0 +1,29 @@ +{{/* + Copyright (C) 2024 Dremio + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "polaris-console.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "polaris-console.labels" . | nindent 4 }} + {{- if .Values.serviceAccount.annotations }} + annotations: + {{- tpl (toYaml .Values.serviceAccount.annotations) . | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/console/helm/templates/tests/test-connection.yaml b/console/helm/templates/tests/test-connection.yaml new file mode 100644 index 00000000..f78f37c3 --- /dev/null +++ b/console/helm/templates/tests/test-connection.yaml @@ -0,0 +1,44 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/}} + +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "polaris-console.fullname" . }}-test-connection" + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ include "polaris-console.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- if .Chart.AppVersion }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + {{- end }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: check-connection + image: busybox + command: ['sh', '-c'] + args: + - | + for i in $(seq 1 10); do + wget --spider '{{ include "polaris-console.fullname" .}}:{{ .Values.service.port }}/health' && exit 0 || sleep 3; + done; + exit 1 + restartPolicy: Never \ No newline at end of file diff --git a/console/helm/tests/configmap_test.yaml b/console/helm/tests/configmap_test.yaml new file mode 100644 index 00000000..e53ce087 --- /dev/null +++ b/console/helm/tests/configmap_test.yaml @@ -0,0 +1,142 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +chart: + version: 1.2.3 + appVersion: 4.5.6 + +release: + name: polaris-console-release + namespace: polaris-ns + +templates: + - configmap.yaml + +tests: + + # metadata.name + - it: should set config map name + asserts: + - equal: + path: metadata.name + value: polaris-console-release + - it: should set config map name with override + set: + nameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-release-polaris-console-override + - it: should set config map name with full override + set: + fullnameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + + # metadata.namespace + - it: should set config map namespace + asserts: + - equal: + path: metadata.namespace + value: polaris-ns + + # metadata.labels + - it: should set config map default labels + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + app.kubernetes.io/version: 4.5.6 + app.kubernetes.io/managed-by: Helm + helm.sh/chart: polaris-console-1.2.3 + - it: should set include podLabels in deployment labels + set: + configMapLabels: + app.kubernetes.io/component: polaris-console + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/component: polaris-console + + - it: should render default api config keys + asserts: + - equal: + path: data.VITE_POLARIS_API_URL + value: "http://polaris:8181" + - equal: + path: data.VITE_POLARIS_REALM + value: "POLARIS" + - equal: + path: data.VITE_POLARIS_PRINCIPAL_SCOPE + value: "PRINCIPAL_ROLE:ALL" + - equal: + path: data.VITE_POLARIS_REALM_HEADER_NAME + value: "Polaris-Realm" + - equal: + path: data.VITE_OAUTH_TOKEN_URL + value: "http://polaris:8181/api/catalog/v1/oauth/tokens" + + - it: should omit ODIC keys when their values are empty + asserts: + - notExists: + path: data.VITE_OIDC_ISSUER_URL + - notExists: + path: data.VITE_OIDC_CLIENT_ID + - notExists: + path: data.VITE_OIDC_REDIRECT_URI + - notExists: + path: data.VITE_OIDC_SCOPE + + - it: should render OIDC keys when set + set: + config: + oidc: + issuerUrl: "http://localhost:8080/realms/EXTERNAL" + clientId: "polaris-console" + redirectUri: "http://localhost:5173/auth/callback" + scope: "openid profile email" + asserts: + - equal: + path: data.VITE_OIDC_ISSUER_URL + value: "http://localhost:8080/realms/EXTERNAL" + - equal: + path: data.VITE_OIDC_CLIENT_ID + value: "polaris-console" + - equal: + path: data.VITE_OIDC_REDIRECT_URI + value: "http://localhost:5173/auth/callback" + - equal: + path: data.VITE_OIDC_SCOPE + value: "openid profile email" + + - it: should omit API keys that are explicitly cleared + set: + config: + api: + oauthTokenUrl: "" + asserts: + - notExists: + path: data.VITE_OAUTH_TOKEN_URL + - exists: + path: data.VITE_POLARIS_REALM diff --git a/console/helm/tests/deployment_test.yaml b/console/helm/tests/deployment_test.yaml new file mode 100644 index 00000000..0571d1c6 --- /dev/null +++ b/console/helm/tests/deployment_test.yaml @@ -0,0 +1,765 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +chart: + version: 1.2.3 + appVersion: 4.5.6 + +release: + name: polaris-console-release + namespace: polaris-ns + +templates: + - deployment.yaml + - configmap.yaml + +tests: + + # metadata.name + - it: should set deployment name + template: deployment.yaml + asserts: + - equal: + path: metadata.name + value: polaris-console-release + - it: should set deployment name with override + template: deployment.yaml + set: + nameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-release-polaris-console-override + - it: should set deployment name with full override + template: deployment.yaml + set: + fullnameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + + # metadata.namespace + - it: should set deployment namespace + template: deployment.yaml + asserts: + - equal: + path: metadata.namespace + value: polaris-ns + + # metadata.labels + - it: should set deployment default labels + template: deployment.yaml + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + app.kubernetes.io/version: 4.5.6 + app.kubernetes.io/managed-by: Helm + helm.sh/chart: polaris-console-1.2.3 + - it: should set podLabels in deployment labels + template: deployment.yaml + set: + podLabels: + app.kubernetes.io/component: polaris-console + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/component: polaris-console + + # metadata.annotations + - it: should not set deployment annotations by default + template: deployment.yaml + asserts: + - notExists: + path: metadata.annotations + - it: should set deployment annotations + template: deployment.yaml + set: + deploymentAnnotations: + foo: bar + baz: qux + asserts: + - isSubset: + path: metadata.annotations + content: + foo: bar + baz: qux + + # spec.replicas + - it: should set default replicas + template: deployment.yaml + asserts: + - equal: + path: spec.replicas + value: 1 + - it: should set replicas + template: deployment.yaml + set: + replicaCount: 3 + asserts: + - equal: + path: spec.replicas + value: 3 + - it: should not set replicas if autoscaling is enabled + template: deployment.yaml + set: + replicaCount: 3 + autoscaling: + enabled: true + asserts: + - notExists: + path: spec.replicas + + # spec.revisionHistoryLimit + - it: should not set revisionHistoryLimit by default with null + template: deployment.yaml + asserts: + - notExists: + path: spec.revisionHistoryLimit + - it: should set revisionHistoryLimit + template: deployment.yaml + set: + revisionHistoryLimit: 1 + asserts: + - equal: + path: spec.revisionHistoryLimit + value: 1 + - it: should set revisionHistoryLimit (disabled revision history) + template: deployment.yaml + set: + revisionHistoryLimit: 0 + asserts: + - equal: + path: spec.revisionHistoryLimit + value: 0 + + # spec.selector.matchLabels + spec.template.metadata.labels + - it: should set deployment selector labels + template: deployment.yaml + asserts: + - isSubset: + path: spec.selector.matchLabels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + - isSubset: + path: spec.template.metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + - it: should include podLabels in spec.template.metadata.labels only + template: deployment.yaml + set: + podLabels: + app.kubernetes.io/component: polaris-console + asserts: + - isNotSubset: + path: spec.selector.matchLabels + content: + app.kubernetes.io/component: polaris-console + - isSubset: + path: spec.template.metadata.labels + content: + app.kubernetes.io/component: polaris-console + + # spec.template.metadata.annotations + - it: should only set checksum annotation by default + template: deployment.yaml + asserts: + - exists: + path: spec.template.metadata.annotations.checksum/config + - matchRegex: + path: spec.template.metadata.annotations.checksum/config + pattern: "^[a-f0-9]{64}$" + - it: should set pod annotations + template: deployment.yaml + set: + podAnnotations: + foo: bar + asserts: + - isSubset: + path: spec.template.metadata.annotations + content: + foo: bar + + # spec.template.spec.imagePullSecrets + - it: should not set imagePullSecrets by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.imagePullSecrets + - it: should set imagePullSecrets + template: deployment.yaml + set: + imagePullSecrets: + - test-secret + asserts: + - contains: + path: spec.template.spec.imagePullSecrets + content: + name: test-secret + + # spec.template.spec.serviceAccountName + - it: should set default service account name + template: deployment.yaml + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: polaris-console-release + - it: should set service account name when serviceAccount.create is true + template: deployment.yaml + set: + serviceAccount: + create: true + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: polaris-console-release + - it: should set custom service account name when serviceAccount.create is true + template: deployment.yaml + set: + serviceAccount: + create: true + name: polaris-sa + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: polaris-sa + - it: should set service account name to default when serviceAccount.create is false + template: deployment.yaml + set: + serviceAccount: + create: false + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: default + - it: should set custom service account name when serviceAccount.create is false + template: deployment.yaml + set: + serviceAccount: + create: false + name: polaris-console-sa + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: polaris-console-sa + + # spec.template.spec.priorityClassName + - it: should not set priorityClassName by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.priorityClassName + - it: should set custom priorityClassName + template: deployment.yaml + set: + priorityClassName: polaris-high-priority + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: polaris-high-priority + + # spec.template.spec.hostUsers + - it: should not set hostUsers by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.hostUsers + - it: should set hostUsers + template: deployment.yaml + set: + hostUsers: false + asserts: + - equal: + path: spec.template.spec.hostUsers + value: false + - it: should set hostUsers + template: deployment.yaml + set: + hostUsers: true + asserts: + - equal: + path: spec.template.spec.hostUsers + value: true + + # spec.template.spec.securityContext + - it: should set securityContext by default + template: deployment.yaml + asserts: + - isSubset: + path: spec.template.spec.securityContext + content: + fsGroup: 10001 + seccompProfile: + type: RuntimeDefault + - it: should set custom securityContext + template: deployment.yaml + set: + podSecurityContext: + fsGroup: 1234 + asserts: + - isSubset: + path: spec.template.spec.securityContext + content: + fsGroup: 1234 + + # spec.template.spec.containers + - it: should set container name + template: deployment.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: polaris-console + + # spec.template.spec.containers[0].securityContext + - it: should set container securityContext by default + template: deployment.yaml + asserts: + - isSubset: + path: spec.template.spec.containers[0].securityContext + content: + allowPrivilegeEscalation: false + runAsNonRoot: true + runAsUser: 10000 + capabilities: + drop: [ "ALL" ] + seccompProfile: + type: RuntimeDefault + - it: should set custom container securityContext + template: deployment.yaml + set: + containerSecurityContext: + allowPrivilegeEscalation: true + runAsNonRoot: false + runAsUser: 1234 + asserts: + - isSubset: + path: spec.template.spec.containers[0].securityContext + content: + allowPrivilegeEscalation: true + runAsNonRoot: false + runAsUser: 1234 + + # spec.template.spec.containers[0].lifecycle + - it: should not set container lifecycle by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.containers[0].lifecycle + - it: should set container lifecycle with preStop hook + template: deployment.yaml + set: + containerLifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 60"] + asserts: + - isSubset: + path: spec.template.spec.containers[0].lifecycle + content: + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 60"] + + # spec.template.spec.terminationGracePeriodSeconds + - it: should not set terminationGracePeriodSeconds by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.terminationGracePeriodSeconds + - it: should set terminationGracePeriodSeconds + template: deployment.yaml + set: + terminationGracePeriodSeconds: 90 + asserts: + - equal: + path: spec.template.spec.terminationGracePeriodSeconds + value: 90 + - it: should set terminationGracePeriodSeconds to zero + template: deployment.yaml + set: + terminationGracePeriodSeconds: 0 + asserts: + - equal: + path: spec.template.spec.terminationGracePeriodSeconds + value: 0 + + # spec.template.spec.containers[0].image + - it: should set container image + template: deployment.yaml + set: + image: + repository: test-repo + tag: test-tag + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: test-repo:test-tag + - it: should set container image with template + template: deployment.yaml + set: + image: + repository: test-repo-{{ .Chart.Version }} + tag: test-tag-{{ .Release.Name }} + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: test-repo-1.2.3:test-tag-polaris-console-release + - it: should set container image with chart app version if no tag provided + template: deployment.yaml + set: + image: + repository: test-repo + tag: "" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: test-repo:4.5.6 + + # spec.template.spec.containers[0].imagePullPolicy + - it: should set container pull policy + template: deployment.yaml + set: + image: + pullPolicy: Always + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + # spec.template.spec.containers[0].env + - it: should not set container env by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.containers[0].env + - it: should set container env + template: deployment.yaml + set: + extraEnv: + - name: foo + value: bar + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: foo + value: bar + + # spec.template.spec.containers[0].ports + - it: should set container ports by default + template: deployment.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].ports + count: 1 + - contains: + path: spec.template.spec.containers[0].ports + content: + name: http + containerPort: 8080 + protocol: TCP + + - it: should use targetPort if defined + template: deployment.yaml + set: + service: + port: 8080 + targetPort: 8080 + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].ports + count: 1 + - contains: + path: spec.template.spec.containers[0].ports + content: + name: http + containerPort: 8080 + protocol: TCP + + - it: should set port protocol + template: deployment.yaml + set: + service: + protocol: UDP + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].ports + count: 1 + - contains: + path: spec.template.spec.containers[0].ports + content: + name: http + containerPort: 8080 + protocol: UDP + + # spec.template.spec.containers[0].livenessProbe + - it: should set container livenessProbe by default + template: deployment.yaml + set: + livenessProbe: + initialDelaySeconds: 11 + periodSeconds: 22 + successThreshold: 33 + failureThreshold: 44 + timeoutSeconds: 55 + terminationGracePeriodSeconds: 66 + asserts: + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 11 + periodSeconds: 22 + successThreshold: 33 + failureThreshold: 44 + timeoutSeconds: 55 + terminationGracePeriodSeconds: 66 + + # spec.template.spec.containers[0].readinessProbe + - it: should set container readinessProbe by default + template: deployment.yaml + set: + readinessProbe: + initialDelaySeconds: 11 + periodSeconds: 22 + successThreshold: 33 + failureThreshold: 44 + timeoutSeconds: 55 + asserts: + - equal: + path: spec.template.spec.containers[0].readinessProbe + value: + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 11 + periodSeconds: 22 + successThreshold: 33 + failureThreshold: 44 + timeoutSeconds: 55 + + # spec.template.spec.containers[0].resources + - it: should not set container resources by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.containers[0].resources + - it: should set container resources + template: deployment.yaml + set: + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 256Mi + asserts: + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 256Mi + + # spec.template.spec.nodeSelector + - it: should not set nodeSelector by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.nodeSelector + - it: should set nodeSelector + template: deployment.yaml + set: + nodeSelector: + disktype: ssd + asserts: + - equal: + path: spec.template.spec.nodeSelector + value: + disktype: ssd + + # spec.template.spec.affinity + - it: should not set affinity by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.affinity + - it: should set affinity + template: deployment.yaml + set: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: zone + operator: In + values: + - zone1 + - zone2 + asserts: + - equal: + path: spec.template.spec.affinity + value: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: zone + operator: In + values: + - zone1 + - zone2 + + # spec.template.spec.tolerations + - it: should not set tolerations by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.tolerations + - it: should set tolerations + template: deployment.yaml + set: + tolerations: + - key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + asserts: + - equal: + path: spec.template.spec.tolerations + value: + - key: "key" + operator: "Equal" + value: "value" + effect: "NoSchedule" + + - it: should set extra env + template: deployment.yaml + set: + extraEnv: + - name: foo + value: bar + - name: baz + valueFrom: + secretKeyRef: + name: secret + key: key + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: foo + value: bar + - contains: + path: spec.template.spec.containers[0].env + content: + name: baz + valueFrom: + secretKeyRef: + name: secret + key: key + + - it: should set envFrom + template: deployment.yaml + set: + envFrom: + - secretRef: + name: polaris-env-secret + - configMapRef: + name: polaris-env-configmap + asserts: + - contains: + path: spec.template.spec.containers[0].envFrom + content: + secretRef: + name: polaris-env-secret + - contains: + path: spec.template.spec.containers[0].envFrom + content: + configMapRef: + name: polaris-env-configmap + + - it: should not set any environment variables by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.containers[0].env + + - it: should include extra volumes and volume mounts + template: deployment.yaml + set: + extraVolumes: + - name: extra-volume + emptyDir: {} + extraVolumeMounts: + - name: extra-volume + mountPath: /extra + readOnly: false + asserts: + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: extra-volume + mountPath: /extra + readOnly: false + - contains: + path: spec.template.spec.volumes + content: + name: extra-volume + emptyDir: {} + + - it: should not set topologySpreadConstraints by default + template: deployment.yaml + asserts: + - notExists: + path: spec.template.spec.topologySpreadConstraints + + - it: should set topologySpreadConstraints and inject label selector + template: deployment.yaml + set: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: DoNotSchedule + asserts: + - equal: + path: spec.template.spec.topologySpreadConstraints + value: + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release diff --git a/console/helm/tests/gateway_test.yaml b/console/helm/tests/gateway_test.yaml new file mode 100644 index 00000000..d2d188b4 --- /dev/null +++ b/console/helm/tests/gateway_test.yaml @@ -0,0 +1,227 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +chart: + version: 1.2.3 + appVersion: 4.5.6 + +release: + name: polaris-console-release + namespace: polaris-ns + +templates: + - gateway.yaml + +tests: + + # kind + - it: should not create gateway by default + asserts: + - containsDocument: + kind: Gateway + apiVersion: gateway.networking.k8s.io/v1 + not: true + - it: should create gateway with enabled + set: + gateway.enabled: true + gateway.className: istio + asserts: + - containsDocument: + kind: Gateway + apiVersion: gateway.networking.k8s.io/v1 + + # metadata.name (with gateway enabled) + - it: should set gateway name + set: + gateway.enabled: true + gateway.className: istio + asserts: + - equal: + path: metadata.name + value: polaris-console-release + - it: should set gateway name with override + set: + gateway.enabled: true + gateway.className: istio + nameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-release-polaris-console-override + - it: should set gateway name with full override + set: + gateway.enabled: true + gateway.className: istio + fullnameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + + # metadata.namespace (with gateway enabled) + - it: should set gateway namespace + set: + gateway.enabled: true + gateway.className: istio + asserts: + - equal: + path: metadata.namespace + value: polaris-ns + + # metadata.labels (with gateway enabled) + - it: should set gateway default labels + set: + gateway.enabled: true + gateway.className: istio + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + app.kubernetes.io/version: 4.5.6 + app.kubernetes.io/managed-by: Helm + helm.sh/chart: polaris-console-1.2.3 + + # metadata.annotations (with gateway enabled) + - it: should not set gateway annotations by default + set: + gateway.enabled: true + gateway.className: istio + asserts: + - notExists: + path: metadata.annotations + - it: should set gateway annotations + set: + gateway.enabled: true + gateway.className: istio + gateway.annotations: + custom.annotation: value + asserts: + - isSubset: + path: metadata.annotations + content: + custom.annotation: value + + # spec.gatewayClassName (with gateway enabled) + - it: should set gateway class name + set: + gateway.enabled: true + gateway.className: istio + asserts: + - equal: + path: spec.gatewayClassName + value: istio + + # spec.listeners (with gateway enabled) + - it: should set default http listener + set: + gateway.enabled: true + gateway.className: istio + asserts: + - equal: + path: spec.listeners[0].name + value: http + - equal: + path: spec.listeners[0].protocol + value: HTTP + - equal: + path: spec.listeners[0].port + value: 80 + - it: should set multiple listeners + set: + gateway.enabled: true + gateway.className: istio + gateway.listeners: + - name: http + protocol: HTTP + port: 80 + - name: https + protocol: HTTPS + port: 443 + tls: + mode: Terminate + certificateRefs: + - name: my-cert + asserts: + - equal: + path: spec.listeners + value: + - name: http + protocol: HTTP + port: 80 + - name: https + protocol: HTTPS + port: 443 + tls: + mode: Terminate + certificateRefs: + - name: my-cert + - it: should set listener with hostname + set: + gateway.enabled: true + gateway.className: istio + gateway.listeners: + - name: http + protocol: HTTP + port: 80 + hostname: "*.example.com" + asserts: + - equal: + path: spec.listeners[0].hostname + value: "*.example.com" + - it: should set listener with allowed routes + set: + gateway.enabled: true + gateway.className: istio + gateway.listeners: + - name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: Same + asserts: + - equal: + path: spec.listeners[0].allowedRoutes + value: + namespaces: + from: Same + + # spec.addresses (with gateway enabled) + - it: should not set addresses by default + set: + gateway.enabled: true + gateway.className: istio + asserts: + - notExists: + path: spec.addresses + - it: should set addresses when configured + set: + gateway.enabled: true + gateway.className: istio + gateway.addresses: + - type: IPAddress + value: 192.168.1.1 + asserts: + - equal: + path: spec.addresses + value: + - type: IPAddress + value: 192.168.1.1 diff --git a/console/helm/tests/hpa_test.yaml b/console/helm/tests/hpa_test.yaml new file mode 100644 index 00000000..dcd1bff5 --- /dev/null +++ b/console/helm/tests/hpa_test.yaml @@ -0,0 +1,209 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +chart: + version: 1.2.3 + appVersion: 4.5.6 + +release: + name: polaris-console-release + namespace: polaris-ns + +templates: + - hpa.yaml + +tests: + + # kind + - it: should not create HPA by default + asserts: + - containsDocument: + kind: HorizontalPodAutoscaler + apiVersion: autoscaling/v2 + not: true + - it: should create HPA when enabled + set: + autoscaling.enabled: true + asserts: + - containsDocument: + kind: HorizontalPodAutoscaler + apiVersion: autoscaling/v2 + + # metadata.name (with autoscaling enabled) + - it: should set HPA name + set: + autoscaling.enabled: true + asserts: + - equal: + path: metadata.name + value: polaris-console-release + - it: should set HPA name with override + set: + autoscaling.enabled: true + nameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-release-polaris-console-override + - it: should set HPA name with full override + set: + autoscaling.enabled: true + fullnameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + + # metadata.namespace (with autoscaling enabled) + - it: should set HPA namespace + set: + autoscaling.enabled: true + asserts: + - equal: + path: metadata.namespace + value: polaris-ns + + # metadata.labels (with autoscaling enabled) + - it: should set HPA default labels + set: + autoscaling.enabled: true + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + app.kubernetes.io/version: 4.5.6 + app.kubernetes.io/managed-by: Helm + helm.sh/chart: polaris-console-1.2.3 + + # spec.scaleTargetRef.name (with autoscaling enabled) + - it: should set target deployment name + set: + autoscaling.enabled: true + asserts: + - equal: + path: spec.scaleTargetRef.name + value: polaris-console-release + - it: should set target deployment name with override + set: + autoscaling.enabled: true + nameOverride: polaris-console-override + asserts: + - equal: + path: spec.scaleTargetRef.name + value: polaris-console-release-polaris-console-override + - it: should set target deployment name with full override + set: + autoscaling.enabled: true + fullnameOverride: polaris-console-override + asserts: + - equal: + path: spec.scaleTargetRef.name + value: polaris-console-override + + # spec.maxReplicas (with autoscaling enabled) + - it: should set default min replicas + set: + autoscaling.enabled: true + asserts: + - equal: + path: spec.minReplicas + value: 1 + - it: should set min replicas + set: + autoscaling.enabled: true + autoscaling.minReplicas: 2 + asserts: + - equal: + path: spec.minReplicas + value: 2 + + # spec.maxReplicas (with autoscaling enabled) + - it: should set default max replicas + set: + autoscaling.enabled: true + asserts: + - equal: + path: spec.maxReplicas + value: 3 + - it: should set max replicas + set: + autoscaling.enabled: true + autoscaling.maxReplicas: 4 + asserts: + - equal: + path: spec.maxReplicas + value: 4 + + # spec.metrics (with autoscaling enabled) + - it: should set default CPU utilization percentage + set: + autoscaling.enabled: true + asserts: + - contains: + path: spec.metrics + content: + type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 80 + - it: should set CPU utilization percentage + set: + autoscaling.enabled: true + autoscaling.targetCPUUtilizationPercentage: 90 + asserts: + - contains: + path: spec.metrics + content: + type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 90 + - it: should not set default memory utilization percentage + set: + autoscaling.enabled: true + asserts: + - notContains: + path: spec.metrics + content: + type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: + - it: should set memory utilization percentage + set: + autoscaling.enabled: true + autoscaling.targetMemoryUtilizationPercentage: 80 + asserts: + - contains: + path: spec.metrics + content: + type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: 80 diff --git a/console/helm/tests/httproute_test.yaml b/console/helm/tests/httproute_test.yaml new file mode 100644 index 00000000..fc58a1a8 --- /dev/null +++ b/console/helm/tests/httproute_test.yaml @@ -0,0 +1,193 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +chart: + version: 1.2.3 + appVersion: 4.5.6 + +release: + name: polaris-console-release + namespace: polaris-ns + +templates: + - httproute.yaml + +tests: + + # kind + - it: should not create httproute by default + asserts: + - containsDocument: + kind: HTTPRoute + apiVersion: gateway.networking.k8s.io/v1 + not: true + - it: should create httproute with enabled + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + asserts: + - containsDocument: + kind: HTTPRoute + apiVersion: gateway.networking.k8s.io/v1 + + # metadata.name (with httproute enabled) + - it: should set httproute name + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + asserts: + - equal: + path: metadata.name + value: polaris-console-release + - it: should set httproute name with override + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + nameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-release-polaris-console-override + - it: should set httproute name with full override + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + fullnameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + + # metadata.namespace (with httproute enabled) + - it: should set httproute namespace + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + asserts: + - equal: + path: metadata.namespace + value: polaris-ns + + # metadata.labels (with httproute enabled) + - it: should set httproute default labels + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + app.kubernetes.io/version: 4.5.6 + app.kubernetes.io/managed-by: Helm + helm.sh/chart: polaris-console-1.2.3 + + # metadata.annotations (with httproute enabled) + - it: should not set httproute annotations by default + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + asserts: + - notExists: + path: metadata.annotations + - it: should set httproute annotations + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + httproute.annotations: + custom.annotation: value + asserts: + - isSubset: + path: metadata.annotations + content: + custom.annotation: value + + # spec.hostnames (with httproute enabled) + - it: should set httproute hostnames from values + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + httproute.hosts: + - example.com + - api.example.com + asserts: + - equal: + path: spec.hostnames + value: + - example.com + - api.example.com + + # spec.parentRefs (with httproute enabled) + - it: should set httproute parent refs with gateway name and namespace + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + httproute.gatewayNamespace: gateway-ns + asserts: + - equal: + path: spec.parentRefs[0].name + value: my-gateway + - equal: + path: spec.parentRefs[0].namespace + value: gateway-ns + - it: should set httproute parent refs with section name + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + httproute.gatewayNamespace: default + httproute.sectionName: http + asserts: + - equal: + path: spec.parentRefs[0].sectionName + value: http + - it: should not set section name when empty + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + httproute.sectionName: "" + asserts: + - notExists: + path: spec.parentRefs[0].sectionName + + # spec.rules (with httproute enabled) + - it: should set httproute rules with backend service + set: + httproute.enabled: true + httproute.gatewayName: my-gateway + asserts: + - lengthEqual: + path: spec.rules + count: 1 + - equal: + path: spec.rules[0].backendRefs[0].name + value: polaris-console-release + - equal: + path: spec.rules[0].backendRefs[0].port + value: 8080 + + # validation + - it: should fail when both ingress and httproute are enabled + set: + ingress.enabled: true + httproute.enabled: true + httproute.gatewayName: my-gateway + asserts: + - failedTemplate: + errorMessage: "Cannot enable both ingress and httproute. Please enable only one." diff --git a/console/helm/tests/ingress_test.yaml b/console/helm/tests/ingress_test.yaml new file mode 100644 index 00000000..81e6e719 --- /dev/null +++ b/console/helm/tests/ingress_test.yaml @@ -0,0 +1,195 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +chart: + version: 1.2.3 + appVersion: 4.5.6 + +release: + name: polaris-console-release + namespace: polaris-ns + +templates: + - ingress.yaml + +tests: + + # kind + - it: should not create ingress by default + asserts: + - containsDocument: + kind: Ingress + apiVersion: networking.k8s.io/v1 + not: true + - it: should create ingress with enabled + set: + ingress.enabled: true + asserts: + - containsDocument: + kind: Ingress + apiVersion: networking.k8s.io/v1 + + # metadata.name (with ingress enabled) + - it: should set ingress name + set: + ingress.enabled: true + asserts: + - equal: + path: metadata.name + value: polaris-console-release + - it: should set ingress name with override + set: + ingress.enabled: true + nameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-release-polaris-console-override + - it: should set ingress name with full override + set: + ingress.enabled: true + fullnameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + + # metadata.namespace (with ingress enabled) + - it: should set ingress namespace + set: + ingress.enabled: true + asserts: + - equal: + path: metadata.namespace + value: polaris-ns + + # metadata.labels (with ingress enabled) + - it: should set ingress default labels + set: + ingress.enabled: true + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + app.kubernetes.io/version: 4.5.6 + app.kubernetes.io/managed-by: Helm + helm.sh/chart: polaris-console-1.2.3 + + # metadata.annotations (with ingress enabled) + - it: should not set ingress annotations by default + set: + ingress.enabled: true + asserts: + - notExists: + path: metadata.annotations + - it: should set ingress annotations + set: + ingress.enabled: true + ingress.annotations: + nginx.ingress.kubernetes.io/upstream-hash-by: "$binary_remote_addr" + asserts: + - isSubset: + path: metadata.annotations + content: + nginx.ingress.kubernetes.io/upstream-hash-by: "$binary_remote_addr" + + # spec.ingressClassName (with ingress enabled) + - it: should not set ingress class by default + set: + ingress.enabled: true + asserts: + - notExists: + path: spec.ingressClassName + - it: should set ingress class + set: + ingress.enabled: true + ingress.className: nginx + asserts: + - equal: + path: spec.ingressClassName + value: nginx + + # spec.tls (with ingress enabled) + - it: should not set ingress TLS by default + set: + ingress.enabled: true + asserts: + - isNullOrEmpty: + path: spec.tls + - it: should set ingress TLS + set: + ingress.enabled: true + ingress.tls: + - hosts: + - chart-example1.local + - chart-example2.local + secretName: secret1 + asserts: + - equal: + path: spec.tls + value: + - hosts: + - "chart-example1.local" + - "chart-example2.local" + secretName: secret1 + + # spec.rules (with ingress enabled - default values) + - it: should set ingress with default values + set: + ingress.enabled: true + asserts: + - equal: + path: spec.rules + value: + - host: chart-example.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: polaris-console-release + port: + number: 8080 + + # spec.rules (with ingress enabled - custom paths) + - it: should set ingress with custom paths + set: + ingress.enabled: true + ingress.hosts: + - host: console-chart-example.local + paths: + - path: /api + pathType: Prefix + asserts: + - equal: + path: spec.rules + value: + - host: console-chart-example.local + http: + paths: + - path: /api + pathType: Prefix + backend: + service: + name: polaris-console-release + port: + number: 8080 diff --git a/console/helm/tests/poddisruptionbudget_test.yaml b/console/helm/tests/poddisruptionbudget_test.yaml new file mode 100644 index 00000000..d0047b5a --- /dev/null +++ b/console/helm/tests/poddisruptionbudget_test.yaml @@ -0,0 +1,210 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +chart: + version: 1.2.3 + appVersion: 4.5.6 + +release: + name: polaris-console-release + namespace: polaris-ns + +templates: + - poddisruptionbudget.yaml + +tests: + + # kind + - it: should not create PDB by default + asserts: + - containsDocument: + kind: PodDisruptionBudget + apiVersion: policy/v1 + not: true + - it: should create PDB when enabled + set: + podDisruptionBudget.enabled: true + asserts: + - containsDocument: + kind: PodDisruptionBudget + apiVersion: policy/v1 + + # metadata.name (with PDB enabled) + - it: should set PDB name + set: + podDisruptionBudget.enabled: true + asserts: + - equal: + path: metadata.name + value: polaris-console-release + - it: should set PDB name with override + set: + podDisruptionBudget.enabled: true + nameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-release-polaris-console-override + - it: should set PDB name with full override + set: + podDisruptionBudget.enabled: true + fullnameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + + # metadata.namespace (with PDB enabled) + - it: should set PDB namespace + set: + podDisruptionBudget.enabled: true + asserts: + - equal: + path: metadata.namespace + value: polaris-ns + + # metadata.labels (with PDB enabled) + - it: should set PDB default labels + set: + podDisruptionBudget.enabled: true + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + app.kubernetes.io/version: 4.5.6 + app.kubernetes.io/managed-by: Helm + helm.sh/chart: polaris-console-1.2.3 + + # metadata.annotations (with PDB enabled) + - it: should not set annotations by default + set: + podDisruptionBudget.enabled: true + asserts: + - isNull: + path: metadata.annotations + - it: should set custom annotations + set: + podDisruptionBudget.enabled: true + podDisruptionBudget.annotations: + example.com/policy: "critical" + kubernetes.io/description: "PDB for Polaris" + asserts: + - equal: + path: metadata.annotations + value: + example.com/policy: "critical" + kubernetes.io/description: "PDB for Polaris" + - it: should template annotations + set: + podDisruptionBudget.enabled: true + podDisruptionBudget.annotations: + app.example.com/release: "{{ .Release.Name }}" + asserts: + - equal: + path: metadata.annotations + value: + app.example.com/release: "polaris-console-release" + + - it: should set custom maxUnavailable + set: + podDisruptionBudget.enabled: true + podDisruptionBudget.maxUnavailable: 2 + asserts: + - equal: + path: spec.maxUnavailable + value: 2 + - isNull: + path: spec.minAvailable + - it: should set maxUnavailable percentage + set: + podDisruptionBudget.enabled: true + podDisruptionBudget.maxUnavailable: "50%" + asserts: + - equal: + path: spec.maxUnavailable + value: "50%" + - isNull: + path: spec.minAvailable + + # spec.minAvailable + - it: should set minAvailable and unset maxUnavailable + set: + podDisruptionBudget.enabled: true + podDisruptionBudget.minAvailable: 2 + podDisruptionBudget.maxUnavailable: null + asserts: + - equal: + path: spec.minAvailable + value: 2 + - isNull: + path: spec.maxUnavailable + - it: should set minAvailable percentage + set: + podDisruptionBudget.enabled: true + podDisruptionBudget.minAvailable: "75%" + podDisruptionBudget.maxUnavailable: null + asserts: + - equal: + path: spec.minAvailable + value: "75%" + - isNull: + path: spec.maxUnavailable + + # spec.selector.matchLabels + - it: should set selector labels to match deployment + set: + podDisruptionBudget.enabled: true + asserts: + - equal: + path: spec.selector.matchLabels + value: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + - it: should set selector labels with name override + set: + podDisruptionBudget.enabled: true + nameOverride: polaris-override + asserts: + - equal: + path: spec.selector.matchLabels + value: + app.kubernetes.io/name: polaris-override + app.kubernetes.io/instance: polaris-console-release + - it: should set selector labels with full name override + set: + podDisruptionBudget.enabled: true + fullnameOverride: polaris-console-override + asserts: + - equal: + path: spec.selector.matchLabels + value: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + + # validation tests + - it: should fail when both minAvailable and maxUnavailable are set + set: + podDisruptionBudget.enabled: true + podDisruptionBudget.minAvailable: 1 + podDisruptionBudget.maxUnavailable: 1 + asserts: + - failedTemplate: + errorMessage: "podDisruptionBudget.minAvailable and podDisruptionBudget.maxUnavailable cannot be both set." diff --git a/console/helm/tests/service_test.yaml b/console/helm/tests/service_test.yaml new file mode 100644 index 00000000..428a0128 --- /dev/null +++ b/console/helm/tests/service_test.yaml @@ -0,0 +1,294 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +chart: + version: 1.2.3 + appVersion: 4.5.6 + +release: + name: polaris-console-release + namespace: polaris-ns + +templates: + - service.yaml + +tests: + # metadata.name + - it: should set service name + asserts: + - equal: + path: metadata.name + value: polaris-console-release + - it: should set service name with override + set: + nameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-release-polaris-console-override + - it: should set service name with full override + set: + fullnameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + + # metadata.namespace + - it: should set service namespace + asserts: + - equal: + path: metadata.namespace + value: polaris-ns + + # metadata.labels + - it: should set service default labels + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + app.kubernetes.io/version: 4.5.6 + app.kubernetes.io/managed-by: Helm + helm.sh/chart: polaris-console-1.2.3 + + # metadata.annotations + - it: should not set service annotations by default + asserts: + - notExists: + path: metadata.annotations + - it: should set service annotations + set: + service.annotations: + foo: bar + asserts: + - isSubset: + path: metadata.annotations + content: + foo: bar + + # spec.type + - it: should set service default type + asserts: + - equal: + path: spec.type + value: ClusterIP + - it: should set service type + set: + service.type: NodePort + asserts: + - equal: + path: spec.type + value: NodePort + + # spec.selector + - it: should set service default selector + asserts: + - isSubset: + path: spec.selector + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + + # spec.ports + - it: should set service default ports + asserts: + - equal: + path: spec.ports + value: + - port: 8080 + targetPort: 8080 + protocol: TCP + name: http + - it: should set service port + set: + service: + port: 18080 + asserts: + - equal: + path: spec.ports + value: + - port: 18080 + targetPort: 18080 + protocol: TCP + name: http + - it: should set service targetPort + set: + service: + port: 18080 + targetPort: 9090 + asserts: + - equal: + path: spec.ports + value: + - port: 18080 + targetPort: 9090 + protocol: TCP + name: http + - it: should set service protocol + set: + service: + protocol: UDP + asserts: + - equal: + path: spec.ports + value: + - port: 8080 + targetPort: 8080 + protocol: UDP + name: http + + # node port + - it: should set nodeport only when service type is NodePort + set: + service: + type: NodePort + port: 18181 + nodePort: 30081 + asserts: + - equal: + path: spec.type + value: NodePort + - equal: + path: spec.ports + value: + - port: 18181 + targetPort: 18181 + protocol: TCP + name: http + nodePort: 30081 + - it: should not set nodeport when service type is NodePort and nodePort value is empty + set: + service: + type: NodePort + port: 18181 + asserts: + - equal: + path: spec.type + value: NodePort + - equal: + path: spec.ports + value: + - port: 18181 + targetPort: 18181 + protocol: TCP + name: http + + # spec.sessionAffinity + - it: should set service session affinity by default + asserts: + - equal: + path: spec.sessionAffinity + value: None + - it: should set service session affinity + set: + service.sessionAffinity: ClientIP + asserts: + - equal: + path: spec.sessionAffinity + value: ClientIP + + # spec.clusterIP + - it: should not set service cluster IP by default + asserts: + - notExists: + path: spec.clusterIP + - it: should set service cluster IP + set: + service.clusterIP: 1.2.3.4 + asserts: + - equal: + path: spec.clusterIP + value: 1.2.3.4 + + # spec.externalTrafficPolicy + - it: should not set service external traffic policy by default + asserts: + - notExists: + path: spec.externalTrafficPolicy + - it: should set service external traffic policy by default if LoadBalancer + set: + service.type: LoadBalancer + asserts: + - equal: + path: spec.externalTrafficPolicy + value: Cluster + - it: should set service external traffic policy if LoadBalancer + set: + service.externalTrafficPolicy: Local + service.type: LoadBalancer + asserts: + - equal: + path: spec.externalTrafficPolicy + value: Local + - it: should set service external traffic policy if NodePort + set: + service.externalTrafficPolicy: Local + service.type: NodePort + asserts: + - equal: + path: spec.externalTrafficPolicy + value: Local + - it: should set service external traffic policy if ClusterIP + set: + service.externalTrafficPolicy: Local + service.type: ClusterIP + asserts: + - notExists: + path: spec.externalTrafficPolicy + + # spec.internalTrafficPolicy + - it: should set service internal traffic policy by default + asserts: + - equal: + path: spec.internalTrafficPolicy + value: Cluster + - it: should set service internal traffic policy + set: + service.internalTrafficPolicy: Local + asserts: + - equal: + path: spec.internalTrafficPolicy + value: Local + + # spec.trafficDistribution + - it: should not set service traffic distribution by default + asserts: + - notExists: + path: spec.trafficDistribution + - it: should set service traffic distribution if Kubernetes version >= 1.31 + capabilities: + majorVersion: 1 + minorVersion: 31 + set: + service.trafficDistribution: PreferClose + asserts: + - equal: + path: spec.trafficDistribution + value: PreferClose + - it: should not set service traffic distribution if Kubernetes version < 1.31 + capabilities: + majorVersion: 1 + minorVersion: 30 + set: + service.trafficDistribution: PreferClose + asserts: + - notExists: + path: spec.trafficDistribution diff --git a/console/helm/tests/serviceaccount_test.yaml b/console/helm/tests/serviceaccount_test.yaml new file mode 100644 index 00000000..592832c3 --- /dev/null +++ b/console/helm/tests/serviceaccount_test.yaml @@ -0,0 +1,108 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +chart: + version: 1.2.3 + appVersion: 4.5.6 + +release: + name: polaris-console-release + namespace: polaris-ns + +templates: + - serviceaccount.yaml + +tests: + + # Kind + - it: should create service account by default + asserts: + - containsDocument: + kind: ServiceAccount + apiVersion: v1 + - it: should not create service account when disabled + set: + serviceAccount.create: false + asserts: + - containsDocument: + kind: ServiceAccount + apiVersion: v1 + not: true + + # metadata.name + - it: should set service account name + asserts: + - equal: + path: metadata.name + value: polaris-console-release + - it: should set service account name with override + set: + nameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-release-polaris-console-override + - it: should set service account name with full override + set: + fullnameOverride: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + - it: should set service account name with defined name + set: + serviceAccount.name: polaris-console-override + asserts: + - equal: + path: metadata.name + value: polaris-console-override + + # metadata.namespace + - it: should set service account namespace + asserts: + - equal: + path: metadata.namespace + value: polaris-ns + + # metadata.labels + - it: should set service account default labels + asserts: + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: polaris-console + app.kubernetes.io/instance: polaris-console-release + app.kubernetes.io/version: 4.5.6 + app.kubernetes.io/managed-by: Helm + helm.sh/chart: polaris-console-1.2.3 + + # metadata.annotations + - it: should not set service account annotations by default + asserts: + - notExists: + path: metadata.annotations + - it: should set service account annotations + set: + serviceAccount.annotations: + foo: bar + asserts: + - isSubset: + path: metadata.annotations + content: + foo: bar diff --git a/console/helm/values.schema.json b/console/helm/values.schema.json new file mode 100644 index 00000000..29f1f44f --- /dev/null +++ b/console/helm/values.schema.json @@ -0,0 +1,629 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "affinity": { + "description": "Affinity and anti-affinity for polaris console pods. See [Affinity and Anti-Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).", + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "description": "Specifies whether automatic horizontal scaling should be enabled. Do not enable this when using in-memory version store type. See [Scaling](https://polaris.apache.org/in-dev/unreleased/helm-chart/production/#scaling) for production recommendations.", + "type": "boolean" + }, + "maxReplicas": { + "description": "The maximum number of replicas to maintain.", + "type": "integer" + }, + "minReplicas": { + "description": "The minimum number of replicas to maintain.", + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "description": "Optional; set to zero or empty to disable.", + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "description": "Optional; set to zero or empty to disable.", + "type": "integer" + } + } + }, + "config": { + "type": "object", + "properties": { + "api": { + "type": "object", + "properties": { + "oauthTokenUrl": { + "description": "OAuth token endpoint used for internal authentication (sets VITE_OAUTH_TOKEN_URL).", + "type": "string" + }, + "polarisApiUrl": { + "description": "Base URL of the Polaris API server (sets VITE_POLARIS_API_URL).", + "type": "string" + }, + "polarisPrincipalScope": { + "description": "Default principal scope (sets VITE_POLARIS_PRINCIPAL_SCOPE).", + "type": "string" + }, + "polarisRealm": { + "description": "Polaris realm name (sets VITE_POLARIS_REALM).", + "type": "string" + }, + "polarisRealmHeaderName": { + "description": "HTTP header used to convey the realm to the Polaris server (sets VITE_POLARIS_REALM_HEADER_NAME).", + "type": "string" + } + } + }, + "oidc": { + "type": "object", + "properties": { + "clientId": { + "description": "OIDC client ID (sets VITE_OIDC_CLIENT_ID).", + "type": "string" + }, + "issuerUrl": { + "description": "OIDC issuer URL (sets VITE_OIDC_ISSUER_URL). Leave empty to disable OIDC.", + "type": "string" + }, + "redirectUri": { + "description": "OIDC redirect URI (sets VITE_OIDC_REDIRECT_URI).", + "type": "string" + }, + "scope": { + "description": "OIDC scopes, space-separated (sets VITE_OIDC_SCOPE).", + "type": "string" + } + } + } + } + }, + "configMapLabels": { + "description": "Additional Labels to apply to polaris console configmap.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "containerLifecycle": { + "description": "Lifecycle hooks for the polaris console container. See [Container Lifecycle Hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Use this to configure a preStop hook for graceful shutdown, e.g.: containerLifecycle: preStop: exec: command: [\"/bin/sh\", \"-c\", \"sleep 30\"]", + "type": "object" + }, + "containerSecurityContext": { + "description": "Security context for the polaris container. See [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).", + "type": "object" + }, + "deploymentAnnotations": { + "description": "Additional Annotations to apply to polaris console deployment.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "envFrom": { + "description": "Bulk import environment variables from Secrets or ConfigMaps. Defines sources to populate environment variables using Kubernetes `envFrom`. Each referenced Secret or ConfigMap will expose all its key-value pairs as environment variables inside the Polaris container. [EnvFrom API](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envfromsource-v1-core)", + "type": "array", + "items": { + "type": "object" + } + }, + "extraEnv": { + "description": "Advanced configuration via Environment Variables. Extra environment variables to add to the Polaris server container. You can pass here any valid EnvVar object: [EnvVar API](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) This can be useful to get configuration values from Kubernetes secrets or config maps.", + "type": "array", + "items": { + "type": "object" + } + }, + "extraInitContainers": { + "description": "Add additional init containers to the polaris console pods See [Init Containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).", + "type": "array", + "items": { + "type": "object" + } + }, + "extraVolumeMounts": { + "description": "Extra volume mounts to add to the polaris console container. See [Volumes](https://kubernetes.io/docs/concepts/storage/volumes/).", + "type": "array", + "items": { + "type": "object" + } + }, + "extraVolumes": { + "description": "Extra volumes to add to the polaris console pods. See [Volumes](https://kubernetes.io/docs/concepts/storage/volumes/).", + "type": "array", + "items": { + "type": "object" + } + }, + "gateway": { + "type": "object", + "properties": { + "addresses": { + "description": "Optional addresses to request for the Gateway.", + "type": "array", + "items": { + "type": "object" + } + }, + "annotations": { + "description": "Annotations to add to the Gateway.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "className": { + "description": "The name of the GatewayClass to use.", + "type": "string" + }, + "enabled": { + "description": "Specifies whether a Gateway should be created. See [Networking](https://polaris.apache.org/in-dev/unreleased/helm-chart/networking/) for more information.", + "type": "boolean" + }, + "listeners": { + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "allowedRoutes": { + "description": "AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present.", + "type": "object" + }, + "hostname": { + "description": "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched.", + "type": "string" + }, + "name": { + "description": "The name of the listener. Required.", + "type": "string" + }, + "port": { + "description": "The port number to use for the listener.", + "type": "integer" + }, + "protocol": { + "description": "Protocol specifies the network protocol this listener expects to receive.", + "type": "string" + } + } + } + } + } + }, + "hostUsers": { + "description": "Specifies whether a pod should use the host's user namespace (Linux-only feature). See [User Namespaces](https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/).", + "type": [ + "boolean", + "null" + ] + }, + "httproute": { + "type": "object", + "required": [ + "gatewayName", + "gatewayNamespace" + ], + "properties": { + "annotations": { + "description": "Annotations to add to the HTTPRoute.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "enabled": { + "description": "Specifies whether an HTTPRoute should be created. See [Networking](https://polaris.apache.org/in-dev/unreleased/helm-chart/networking/) for more information.", + "type": "boolean" + }, + "gatewayName": { + "description": "Name of the Gateway resource to attach to. Required.", + "type": "string" + }, + "gatewayNamespace": { + "description": "Namespace where the Gateway is deployed. Required.", + "type": "string" + }, + "hosts": { + "description": "A list of hostnames that the HTTPRoute should match.", + "type": "array", + "items": { + "type": "string" + } + }, + "sectionName": { + "description": "Section name within the gateway to use (optional).", + "type": "string" + } + } + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "The image pull policy.", + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] + }, + "repository": { + "description": "The image repository to pull from.", + "type": "string" + }, + "tag": { + "description": "The image tag.", + "type": "string" + } + } + }, + "imagePullSecrets": { + "description": "References to secrets in the same namespace to use for pulling any of the images used by this chart. Each entry is a string referring to an existing secret in the namespace. The secret must contain a `.dockerconfigjson` key with a base64-encoded Docker configuration file. See [Pulling from Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) for more information.", + "type": "array", + "items": { + "type": "string" + } + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "description": "Annotations to add to the ingress.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "className": { + "description": "Specifies the ingressClassName; leave empty if you don't want to customize it. See [Networking](https://polaris.apache.org/in-dev/unreleased/helm-chart/networking/) for more information.", + "type": "string" + }, + "enabled": { + "description": "Specifies whether an ingress should be created.", + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "required": [ + "host", + "paths" + ], + "properties": { + "host": { + "description": "The host name. Required.", + "type": "string" + }, + "paths": { + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "properties": { + "path": { + "description": "The path to match.", + "type": "string" + }, + "pathType": { + "description": "The type of path. Valid values are: Exact, Prefix, and ImplementationSpecific.", + "type": "string", + "enum": [ + "Exact", + "Prefix", + "ImplementationSpecific" + ] + } + } + } + } + } + } + }, + "tls": { + "type": "array", + "items": { + "type": "object", + "required": [ + "secretName" + ], + "properties": { + "hosts": { + "description": "A list of hosts in the certificate.", + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + }, + "secretName": { + "description": "The name of the TLS secret to use to terminate TLS traffic on port 443. Required.", + "type": "string" + } + } + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.", + "type": "integer", + "minimum": 1 + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. Minimum value is 0.", + "type": "integer", + "minimum": 0 + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Minimum value is 1.", + "type": "integer", + "minimum": 1 + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.", + "type": "integer", + "minimum": 1 + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. Minimum value is 1.", + "type": "integer", + "minimum": 1 + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Minimum value is 1.", + "type": "integer", + "minimum": 1 + } + } + }, + "nodeSelector": { + "description": "Node labels which must match for the polaris console pods to be scheduled on that node. See [Node Selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector).", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "podAnnotations": { + "description": "Annotations to apply to polaris console pods.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "annotations": { + "description": "Annotations to add to the pod disruption budget.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "enabled": { + "description": "Specifies whether a pod disruption budget should be created.", + "type": "boolean" + }, + "maxUnavailable": { + "description": "The maximum number of pods that can be unavailable during disruptions. Can be an absolute number (ex: 5) or a percentage of desired pods (ex: 50%). IMPORTANT: Cannot be used simultaneously with minAvailable.", + "type": [ + "string", + "integer" + ] + }, + "minAvailable": { + "description": "The minimum number of pods that should remain available during disruptions. Can be an absolute number (ex: 5) or a percentage of desired pods (ex: 50%). IMPORTANT: Cannot be used simultaneously with maxUnavailable.", + "type": [ + "string", + "integer" + ] + } + } + }, + "podLabels": { + "description": "Additional labels to apply to polaris console pods.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "podSecurityContext": { + "description": "Security context for the polaris console pods. See [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).", + "type": "object" + }, + "priorityClassName": { + "description": "Priority class name for polaris console pods. See [Pod Priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority)", + "type": "string" + }, + "readinessProbe": { + "type": "object", + "properties": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1.", + "type": "integer", + "minimum": 1 + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before readiness probes are initiated. Minimum value is 0.", + "type": "integer", + "minimum": 0 + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Minimum value is 1.", + "type": "integer", + "minimum": 1 + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.", + "type": "integer", + "minimum": 1 + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Minimum value is 1.", + "type": "integer", + "minimum": 1 + } + } + }, + "replicaCount": { + "description": "The number of replicas to deploy (horizontal scaling).", + "type": "integer", + "minimum": 1 + }, + "resources": { + "description": "Configures the resources requests and limits for polaris console pods. This chart does not specify default resources and leaves this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. See [Resource Management](https://polaris.apache.org/in-dev/unreleased/helm-chart/production/#resource-management) for production recommendations.", + "type": "object" + }, + "revisionHistoryLimit": { + "description": "The number of old ReplicaSets to retain to allow rollback (if not set, the default Kubernetes value is set to 10).", + "type": [ + "integer", + "null" + ] + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "description": "Annotations to add to the service.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterIP": { + "description": "You can specify your own cluster IP address If you define a Service that has the .spec.clusterIP set to \"None\" then Kubernetes does not assign an IP address. Instead, DNS records for the service will return the IP addresses of each pod targeted by the server. This is called a headless service. See [Headless Services](https://kubernetes.io/docs/concepts/services-networking/service/#headless-services).", + "type": "string" + }, + "externalTrafficPolicy": { + "description": "Controls how traffic from external sources is routed. Valid values are Cluster and Local. The default value is Cluster. Set the field to Cluster to route traffic to all ready endpoints. Set the field to Local to only route to ready node-local endpoints. If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy.", + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "internalTrafficPolicy": { + "description": "Controls how traffic from internal sources is routed. Valid values are Cluster and Local. The default value is Cluster. Set the field to Cluster to route traffic to all ready endpoints. Set the field to Local to only route to ready node-local endpoints. If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy.", + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "name": { + "description": "The name of the port.", + "type": "string" + }, + "nodePort": { + "description": "The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If not specified or zero, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail.", + "type": "integer" + }, + "port": { + "description": "The port the service listens on. By default, the HTTP port is 8080.", + "type": "integer" + }, + "protocol": { + "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.", + "type": "string", + "enum": [ + "TCP", + "UDP", + "SCTP" + ] + }, + "sessionAffinity": { + "description": "The session affinity for the service. Valid values are: None, ClientIP. The default value is None. ClientIP enables sticky sessions based on the client's IP address. Also, this setting affects only internal clients, not external ones. If Ingress is enabled, it is recommended to set sessionAffinity to None.", + "type": "string", + "enum": [ + "None", + "ClientIP" + ] + }, + "targetPort": { + "description": "Number of the port to access on the pods targeted by the service. If this is not specified or zero, the value of the 'port' field is used.", + "type": "integer" + }, + "trafficDistribution": { + "description": "The traffic distribution field provides another way to influence traffic routing within a Kubernetes Service. While traffic policies focus on strict semantic guarantees, traffic distribution allows you to express preferences such as routing to topologically closer endpoints. The only valid value is: PreferClose. The default value is implementation-specific.", + "oneOf": [ + { + "type": "string", + "enum": [ + "PreferClose" + ] + }, + { + "type": "null" + } + ] + }, + "type": { + "description": "The type of service to create. Valid values are: ExternalName, ClusterIP, NodePort, and LoadBalancer. The default value is ClusterIP. See [Networking](https://polaris.apache.org/in-dev/unreleased/helm-chart/networking/) for more information.", + "type": "string", + "enum": [ + "ExternalName", + "ClusterIP", + "NodePort", + "LoadBalancer" + ] + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "description": "Annotations to add to the service account.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "create": { + "description": "Specifies whether a service account should be created.", + "type": "boolean" + }, + "name": { + "description": "The name of the service account to use. If not set and create is true, a name is generated using the fullname template.", + "type": "string" + } + } + }, + "terminationGracePeriodSeconds": { + "description": "Duration in seconds the pod needs to terminate gracefully. Must be greater than the preStop hook duration. See [Termination of Pods](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination). When using a preStop hook, set this to at least the preStop sleep time plus the expected request completion time.", + "type": [ + "integer", + "null" + ], + "minimum": 0 + }, + "tolerations": { + "description": "A list of tolerations to apply to polaris console pods. See [Taints and Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/).", + "type": "array", + "items": { + "type": "object" + } + }, + "topologySpreadConstraints": { + "description": "Topology spread constraints for polaris console pods. See [Topology Spread Constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#topologyspreadconstraints-field).", + "type": "array", + "items": { + "type": "object" + } + } + } +} diff --git a/console/helm/values.yaml b/console/helm/values.yaml index 9b1d0c4d..c87844ea 100644 --- a/console/helm/values.yaml +++ b/console/helm/values.yaml @@ -17,66 +17,551 @@ # under the License. # +# @schema minimum: 1 +# -- The number of replicas to deploy (horizontal scaling). +# @section -- Deployment +replicaCount: 1 + image: + # -- The image repository to pull from. + # @section -- Image repository: apache/polaris-console - tag: latest + # @schema enum: [Always, IfNotPresent, Never] + # -- The image pull policy. + # @section -- Image pullPolicy: IfNotPresent - pullSecrets: [] + # -- The image tag. + # @section -- Image + tag: "latest" -replicaCount: 1 +# @schema item: string +# -- References to secrets in the same namespace to use for pulling any of the images used by this +# chart. Each entry is a string referring to an existing secret in the namespace. The secret must +# contain a `.dockerconfigjson` key with a base64-encoded Docker configuration file. See +# [Pulling from Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) +# for more information. +# @section -- Image +imagePullSecrets: [] +# - registry-creds -service: - type: ClusterIP - port: 4000 - targetPort: 4000 +serviceAccount: + # -- Specifies whether a service account should be created. + # @section -- Service Account + create: true + # @schema additionalProperties: {type: string} + # -- Annotations to add to the service account. + # @section -- Service Account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template. + # @section -- Service Account + name: "" -env: - polarisApiUrl: "http://polaris:8181" - polarisRealm: "POLARIS" - oauthTokenUrl: "http://polaris:8181/api/catalog/v1/oauth/tokens" +# @schema additionalProperties: {type: string} +# -- Annotations to apply to polaris console pods. +# @section -- Pod Configuration +podAnnotations: {} -resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi +# @schema type:[boolean, null] +# -- (bool) Specifies whether a pod should use the host's user namespace (Linux-only feature). See [User Namespaces](https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/). +# @section -- Pod Configuration +hostUsers: ~ + +# @schema additionalProperties: {type: string} +# -- Additional labels to apply to polaris console pods. +# @section -- Pod Configuration +podLabels: {} + +# @schema additionalProperties: {type: string} +# -- Additional Labels to apply to polaris console configmap. +# @section -- Pod Configuration +configMapLabels: {} -podSecurityContext: {} - # fsGroup: 2000 +# @schema additionalProperties: {type: string} +# -- Additional Annotations to apply to polaris console deployment. +# @section -- Deployment +deploymentAnnotations: {} + +# Pod disruption budget settings. +podDisruptionBudget: + # -- Specifies whether a pod disruption budget should be created. + # @section -- Pod Configuration + enabled: false + # @schema type:[string, integer] + # -- The minimum number of pods that should remain available during disruptions. + # Can be an absolute number (ex: 5) or a percentage of desired pods (ex: 50%). + # IMPORTANT: Cannot be used simultaneously with maxUnavailable. + # @section -- Pod Configuration + minAvailable: 0 + # @schema type:[string, integer] + # -- The maximum number of pods that can be unavailable during disruptions. + # Can be an absolute number (ex: 5) or a percentage of desired pods (ex: 50%). + # IMPORTANT: Cannot be used simultaneously with minAvailable. + # @section -- Pod Configuration + maxUnavailable: 0 + # @schema additionalProperties: {type: string} + # -- Annotations to add to the pod disruption budget. + # @section -- Pod Configuration + annotations: {} -securityContext: +# @schema type:[integer, null] +# -- (int) The number of old ReplicaSets to retain to allow rollback (if not set, the default Kubernetes value is set to 10). +# @section -- Deployment +revisionHistoryLimit: ~ + +# @schema type: object +# -- Security context for the polaris console pods. See [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). +# @section -- Pod Configuration +podSecurityContext: + # @schema hidden + # GID 10001 is compatible with polaris console OSS default images; change this if you are using a different image. + fsGroup: 10001 + # @schema hidden + seccompProfile: + type: RuntimeDefault + +# @schema type: object +# -- Security context for the polaris container. See [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). +# @section -- Pod Configuration +containerSecurityContext: + # @schema hidden + allowPrivilegeEscalation: false + # @schema hidden + runAsNonRoot: true + # @schema hidden + # UID 10000 is compatible with polaris console OSS default images; change this if you are using a different image. runAsUser: 10000 - runAsGroup: 10001 + # @schema hidden + capabilities: + drop: ["ALL"] + # @schema hidden + seccompProfile: + type: RuntimeDefault + +# @schema type: object +# -- Lifecycle hooks for the polaris console container. See [Container Lifecycle Hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). +# Use this to configure a preStop hook for graceful shutdown, e.g.: +# containerLifecycle: +# preStop: +# exec: +# command: ["/bin/sh", "-c", "sleep 30"] +# @section -- Pod Configuration +containerLifecycle: {} + +# @schema type: [integer, "null"] +# @schema minimum: 0 +# -- (int) Duration in seconds the pod needs to terminate gracefully. Must be greater than the preStop hook duration. +# See [Termination of Pods](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination). +# When using a preStop hook, set this to at least the preStop sleep time plus the expected request completion time. +# @section -- Pod Configuration +terminationGracePeriodSeconds: ~ + +# Polaris Console service settings. +service: + # @schema enum: [ExternalName, ClusterIP, NodePort, LoadBalancer] + # -- The type of service to create. Valid values are: ExternalName, ClusterIP, NodePort, and LoadBalancer. + # The default value is ClusterIP. + # See [Networking](https://polaris.apache.org/in-dev/unreleased/helm-chart/networking/) for more information. + # @section -- Service + type: ClusterIP + # -- The name of the port. + # @section -- Service + name: http + # -- The port the service listens on. By default, the HTTP port is 8080. + # @section -- Service + port: 8080 + # -- Number of the port to access on the pods targeted by the service. + # If this is not specified or zero, the value of the 'port' field is used. + # @section -- Service + targetPort: 0 # 8080 + # -- The port on each node on which this service is exposed when type is NodePort or LoadBalancer. + # Usually assigned by the system. If not specified or zero, a port will be allocated if this + # Service requires one. If this field is specified when creating a Service which does not need + # it, creation will fail. + # @section -- Service + nodePort: 0 # 30000 + # @schema enum: [TCP, UDP, SCTP] + # -- The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. + # @section -- Service + protocol: TCP + # @schema enum: [None, ClientIP] + # -- The session affinity for the service. Valid values are: None, ClientIP. The default value is None. + # ClientIP enables sticky sessions based on the client's IP address. + # Also, this setting affects only internal clients, not external ones. + # If Ingress is enabled, it is recommended to set sessionAffinity to None. + # @section -- Service + sessionAffinity: None + # -- You can specify your own cluster IP address + # If you define a Service that has the .spec.clusterIP set to "None" then Kubernetes does not assign an IP address. + # Instead, DNS records for the service will return the IP addresses of each pod targeted by the server. This is + # called a headless service. + # See [Headless Services](https://kubernetes.io/docs/concepts/services-networking/service/#headless-services). + # @section -- Service + clusterIP: "" + # @schema enum: [Cluster, Local] + # -- Controls how traffic from internal sources is routed. + # Valid values are Cluster and Local. The default value is Cluster. + # Set the field to Cluster to route traffic to all ready endpoints. + # Set the field to Local to only route to ready node-local endpoints. + # If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy. + # @section -- Service + internalTrafficPolicy: Cluster + # @schema enum: [Cluster, Local] + # -- Controls how traffic from external sources is routed. + # Valid values are Cluster and Local. The default value is Cluster. + # Set the field to Cluster to route traffic to all ready endpoints. + # Set the field to Local to only route to ready node-local endpoints. + # If the traffic policy is Local and there are no node-local endpoints, traffic is dropped by kube-proxy. + # @section -- Service + externalTrafficPolicy: Cluster + # @schema oneOf: [{type: string, enum: [PreferClose]}, {type: "null"}] + # -- The traffic distribution field provides another way to influence traffic routing within a Kubernetes Service. + # While traffic policies focus on strict semantic guarantees, traffic distribution allows you to express preferences + # such as routing to topologically closer endpoints. + # The only valid value is: PreferClose. The default value is implementation-specific. + # @section -- Service + trafficDistribution: ~ + # @schema additionalProperties: {type: string} + # -- Annotations to add to the service. + # @section -- Service + annotations: {} + +# Polaris Console Ingress settings. +# These settings generate an Ingress resource that routes external traffic to the Polaris Console service +# Check your ingress controller's documentation. ingress: - enabled: false + # -- Specifies the ingressClassName; leave empty if you don't want to customize it. + # See [Networking](https://polaris.apache.org/in-dev/unreleased/helm-chart/networking/) for more information. + # @section -- Ingress className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # cert-manager.io/cluster-issuer: letsencrypt-prod + # -- Specifies whether an ingress should be created. + # @section -- Ingress + enabled: false + # @schema additionalProperties: {type: string} + # -- Annotations to add to the ingress. + # @section -- Ingress + annotations: { + # nginx.ingress.kubernetes.io/upstream-hash-by: "$binary_remote_addr" + } + # A list of host paths used to configure the ingress. hosts: - - host: console.example.local + - # @schema required + # -- The host name. Required. + # @section -- Ingress + host: chart-example.local + # @schema required; minItems: 1 + # A list of paths used to configure the ingress. paths: - - path: / + - # -- The path to match. + # @section -- Ingress + path: / + # @schema enum: [Exact, Prefix, ImplementationSpecific] + # -- The type of path. Valid values are: Exact, Prefix, and ImplementationSpecific. + # @section -- Ingress pathType: Prefix - tls: [] - # - secretName: polaris-console-tls - # hosts: - # - console.example.local + # TLS termination configuration. + tls: + - # @schema required + # -- The name of the TLS secret to use to terminate TLS traffic on port 443. Required. + # @section -- Ingress + secretName: "" + # @schema minItems: 1 + # -- A list of hosts in the certificate. + # @section -- Ingress + hosts: + - chart-example1.local + - chart-example2.local + +# Polaris Console Gateway settings. +# These settings generate a Gateway resource for Gateway API-based routing. +# A Gateway can be shared across multiple HTTPRoutes. +gateway: + # -- Specifies whether a Gateway should be created. + # See [Networking](https://polaris.apache.org/in-dev/unreleased/helm-chart/networking/) for more information. + # @section -- Gateway + enabled: false + # @schema additionalProperties: {type: string} + # -- Annotations to add to the Gateway. + # @section -- Gateway + annotations: {} + # -- The name of the GatewayClass to use. + # @section -- Gateway + className: "" + # @schema minItems: 1 + # Gateway listeners configuration. + listeners: + - # @schema required + # -- The name of the listener. Required. + # @section -- Gateway + name: "http" + # -- Protocol specifies the network protocol this listener expects to receive. + # @section -- Gateway + protocol: HTTP + # -- The port number to use for the listener. + # @section -- Gateway + port: 80 + # -- Hostname specifies the virtual hostname to match for protocol types that define this + # concept. When unspecified, all hostnames are matched. + # @section -- Gateway + hostname: "" # *.example.local + # -- AllowedRoutes defines the types of routes that MAY be attached to a Listener and the + # trusted namespaces where those Route resources MAY be present. + # @section -- Gateway + allowedRoutes: {} + # namespaces: + # from: Same + # @schema item: object + # -- Optional addresses to request for the Gateway. + # @section -- Gateway + addresses: [] + # - type: IPAddress + # value: 192.168.1.1 +# Polaris Console HTTPRoute settings. +# These settings generate an HTTPRoute resource for Gateway API-based routing. +# HTTPRoute and Ingress are mutually exclusive; only one can be enabled at a time. httproute: + # -- Specifies whether an HTTPRoute should be created. + # See [Networking](https://polaris.apache.org/in-dev/unreleased/helm-chart/networking/) for more information. + # @section -- HTTPRoute enabled: false + # @schema additionalProperties: {type: string} + # -- Annotations to add to the HTTPRoute. + # @section -- HTTPRoute annotations: {} - port: 80 - gatewayGroup: gateway.networking.k8s.io - gatewayKind: Gateway - # Name of the httpGateway deployment + # @schema required + # -- Name of the Gateway resource to attach to. Required. + # @section -- HTTPRoute gatewayName: "" - # Namespace where the httpGateway is deployed + # @schema required + # -- Namespace where the Gateway is deployed. Required. + # @section -- HTTPRoute gatewayNamespace: default - # Section name within the gateway to use + # -- Section name within the gateway to use (optional). + # @section -- HTTPRoute sectionName: "" + # -- A list of hostnames that the HTTPRoute should match. + # @section -- HTTPRoute hosts: - - example.local + - chart-example.local + +# @schema type: object +# -- Configures the resources requests and limits for polaris console pods. +# This chart does not specify default resources and leaves this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. See [Resource Management](https://polaris.apache.org/in-dev/unreleased/helm-chart/production/#resource-management) for production recommendations. +# @section -- Resources and Autoscaling +resources: + {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + # -- Specifies whether automatic horizontal scaling should be enabled. + # Do not enable this when using in-memory version store type. + # See [Scaling](https://polaris.apache.org/in-dev/unreleased/helm-chart/production/#scaling) for production recommendations. + # @section -- Resources and Autoscaling + enabled: false + # -- The minimum number of replicas to maintain. + # @section -- Resources and Autoscaling + minReplicas: 1 + # -- The maximum number of replicas to maintain. + # @section -- Resources and Autoscaling + maxReplicas: 3 + # -- Optional; set to zero or empty to disable. + # @section -- Resources and Autoscaling + targetCPUUtilizationPercentage: 80 + # -- Optional; set to zero or empty to disable. + # @section -- Resources and Autoscaling + targetMemoryUtilizationPercentage: 0 + +# -- Priority class name for polaris console pods. See [Pod Priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) +# @section -- Scheduling +priorityClassName: "" + +# @schema additionalProperties: {type: string} +# -- Node labels which must match for the polaris console pods to be scheduled on that node. See [Node Selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). +# @section -- Scheduling +nodeSelector: + {} + # kubernetes.io/os: linux + +# @schema item: object +# -- A list of tolerations to apply to polaris console pods. See [Taints and Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/). +# @section -- Scheduling +tolerations: [] +# - key: "node-role.kubernetes.io/control-plane" +# operator: "Exists" +# effect: "NoSchedule" + +# -- Affinity and anti-affinity for polaris console pods. See [Affinity and Anti-Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). +# @section -- Scheduling +affinity: {} +# podAffinity: +# preferredDuringSchedulingIgnoredDuringExecution: +# - weight: 100 +# podAffinityTerm: +# topologyKey: kubernetes.io/hostname +# labelSelector: +# matchExpressions: +# - key: app.kubernetes.io/name +# operator: In +# values: +# - polaris + +# @schema item: object +# -- Topology spread constraints for polaris console pods. See [Topology Spread Constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/#topologyspreadconstraints-field). +# @section -- Scheduling +topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + +# Configures the liveness probe for polaris console pods. +livenessProbe: + # @schema minimum: 0 + # -- Number of seconds after the container has started before liveness probes are initiated. Minimum value is 0. + # @section -- Probes + initialDelaySeconds: 5 + # @schema minimum: 1 + # -- How often (in seconds) to perform the probe. Minimum value is 1. + # @section -- Probes + periodSeconds: 10 + # @schema minimum: 1 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. + # @section -- Probes + successThreshold: 1 + # @schema minimum: 1 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. + # @section -- Probes + failureThreshold: 3 + # @schema minimum: 1 + # -- Number of seconds after which the probe times out. Minimum value is 1. + # @section -- Probes + timeoutSeconds: 10 + # @schema minimum: 1 + # -- Optional duration in seconds the pod needs to terminate gracefully upon probe failure. Minimum value is 1. + # @section -- Probes + terminationGracePeriodSeconds: 30 + +# Configures the readiness probe for polaris console pods. +readinessProbe: + # @schema minimum: 0 + # -- Number of seconds after the container has started before readiness probes are initiated. Minimum value is 0. + # @section -- Probes + initialDelaySeconds: 5 + # @schema minimum: 1 + # -- How often (in seconds) to perform the probe. Minimum value is 1. + # @section -- Probes + periodSeconds: 10 + # @schema minimum: 1 + # -- Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1. + # @section -- Probes + successThreshold: 1 + # @schema minimum: 1 + # -- Minimum consecutive failures for the probe to be considered failed after having succeeded. Minimum value is 1. + # @section -- Probes + failureThreshold: 3 + # @schema minimum: 1 + # -- Number of seconds after which the probe times out. Minimum value is 1. + # @section -- Probes + timeoutSeconds: 10 + +# Runtime configuration for the polaris console pods. These values populate the VITE_* environment +# variables that `generate-config.sh` in the polaris console image consumes at startup to write +# `/opt/app-root/src/config.js`. Empty values are omitted from the rendered ConfigMap so +# the script's built-in defaults remain in effect. +config: + api: + # -- Base URL of the Polaris API server (sets VITE_POLARIS_API_URL). + # @section -- Console Config + polarisApiUrl: "http://polaris:8181" + # -- Polaris realm name (sets VITE_POLARIS_REALM). + # @section -- Console Config + polarisRealm: "POLARIS" + # -- Default principal scope (sets VITE_POLARIS_PRINCIPAL_SCOPE). + # @section -- Console Config + polarisPrincipalScope: "PRINCIPAL_ROLE:ALL" + # -- HTTP header used to convey the realm to the Polaris server + # (sets VITE_POLARIS_REALM_HEADER_NAME). + # @section -- Console Config + polarisRealmHeaderName: "Polaris-Realm" + # -- OAuth token endpoint used for internal authentication + # (sets VITE_OAUTH_TOKEN_URL). + # @section -- Console Config + oauthTokenUrl: "http://polaris:8181/api/catalog/v1/oauth/tokens" + oidc: + # -- OIDC issuer URL (sets VITE_OIDC_ISSUER_URL). Leave empty to disable OIDC. + # @section -- Console Config + issuerUrl: "" + # -- OIDC client ID (sets VITE_OIDC_CLIENT_ID). + # @section -- Console Config + clientId: "" + # -- OIDC redirect URI (sets VITE_OIDC_REDIRECT_URI). + # @section -- Console Config + redirectUri: "" + # -- OIDC scopes, space-separated (sets VITE_OIDC_SCOPE). + # @section -- Console Config + scope: "" + +# @schema item: object +# -- Advanced configuration via Environment Variables. +# Extra environment variables to add to the Polaris server container. +# You can pass here any valid EnvVar object: +# [EnvVar API](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envvar-v1-core) +# This can be useful to get configuration values from Kubernetes secrets or config maps. +# @section -- Advanced Configuration +extraEnv: [] +# - name: AWS_STORAGE_BUCKET +# value: s3://xxxxx/ +# - name: AWS_ACCESS_KEY_ID +# valueFrom: +# secretKeyRef: +# name: aws-secret +# key: access_key_id +# - name: AWS_SECRET_ACCESS_KEY +# valueFrom: +# secretKeyRef: +# name: aws-secret +# key: secret_access_key + +# @schema item: object +# -- Bulk import environment variables from Secrets or ConfigMaps. +# Defines sources to populate environment variables using Kubernetes `envFrom`. +# Each referenced Secret or ConfigMap will expose all its key-value pairs +# as environment variables inside the Polaris container. +# [EnvFrom API](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#envfromsource-v1-core) +# @section -- Advanced Configuration +envFrom: [] +# - secretRef: +# name: polaris-env-secret +# - configMapRef: +# name: polaris-env-configmap + +# @schema item: object +# -- Extra volumes to add to the polaris console pods. See [Volumes](https://kubernetes.io/docs/concepts/storage/volumes/). +# @section -- Advanced Configuration +extraVolumes: [] + # - name: extra-volume + # emptyDir: {} + +# @schema item: object +# -- Extra volume mounts to add to the polaris console container. See [Volumes](https://kubernetes.io/docs/concepts/storage/volumes/). +# @section -- Advanced Configuration +extraVolumeMounts: [] + # - name: extra-volume + # mountPath: /usr/share/extra-volume + +# @schema item: object +# -- Add additional init containers to the polaris console pods See [Init Containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). +# @section -- Advanced Configuration +extraInitContainers: [] + # - name: your-image-name + # image: your-image + # imagePullPolicy: Always + # command: ['sh', '-c', 'echo "hello world"']