viking-test-app chart supports BAsic/Proxy Authentication.

f438bbd1 · Geoff Simmons · ef6a7016 · f438bbd1 · f438bbd1 · f438bbd1
Commit f438bbd1 authored Aug 27, 2020 by Geoff Simmons
4 changed files
--- a/charts/viking-test-app/templates/_helpers.tpl
+++ b/charts/viking-test-app/templates/_helpers.tpl
@@ -41,3 +41,12 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+Create the k8s name of a Secret for authentication (Basic or Proxy)
+*/}}
+{{- define "viking-ingress.authSecretName" -}}
+{{- $n := printf "%s-%s-creds" ( include "viking-ingress.fullname" .dot ) .auth.realm | trunc 63 | lower -}}
+{{- $name := mustRegexReplaceAll "[^[:alnum:].-]" $n "-" -}}
+{{- trimSuffix "-" $name -}}
+{{- end }}
--- a/charts/viking-test-app/templates/auth-secrets.yaml
+++ b/charts/viking-test-app/templates/auth-secrets.yaml
+{{- range $auth := .Values.auth }}
+{{- if not $auth.creds -}}
+  {{- fail "auth element must have a non-empty creds field" -}}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "viking-ingress.authSecretName" ( dict "dot" $ "auth" $auth ) }}
+  labels:
+    app.kubernetes.io/name: {{ include "viking-ingress.authSecretName" ( dict "dot" $ "auth" $auth ) }}
+    app.kubernetes.io/component: authSecret
+    viking.uplex.de/secret: auth
+    {{- include "viking-ingress.labels" $ | nindent 4 }}
+data:
+  {{- range $name, $secret := $auth.creds }}
+  {{ $name }}: {{ $secret | b64enc }}
+  {{- end }}
+---
+{{- end }}
--- a/charts/viking-test-app/templates/varnishconfig.yaml
+++ b/charts/viking-test-app/templates/varnishconfig.yaml
-{{ if coalesce .Values.acls .Values.vcl (hasKey .Values "selfSharding") -}}
+{{ if coalesce .Values.acls .Values.vcl (hasKey .Values "selfSharding") .Values.auth -}}
 {{ if empty .Values.vikingAdmSvc -}}
  {{ fail "Viking admin Service must be specified" -}}
 {{ end -}}
@@ -26,4 +26,18 @@ spec:
  self-sharding:
    {{ toYaml .Values.selfSharding | nindent 4 }}
  {{- end }}
+  {{- if .Values.auth }}
+  auth:
+    {{- range $auth := .Values.auth }}
+      {{- if not $auth.realm -}}
+        {{- fail "auth element must have a realm field" -}}
+      {{- end }}
+    - secretName: {{ include "viking-ingress.authSecretName" ( dict "dot" $ "auth" $auth ) }}
+      {{- range $k, $v := $auth -}}
+      {{- if ne $k "creds" -}}
+      {{ toYaml (dict $k $v) | nindent 6 }}
+      {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
 {{- end }}
--- a/charts/viking-test-app/values.yaml
+++ b/charts/viking-test-app/values.yaml
@@ -47,3 +47,7 @@ vcl: ""
 ## Configuration for a sharded cache, specify the empty object for default
 ## config.
 # selfSharding: {}
+
+# Authentication (Basic or Proxy) for VarnishConfig.
+# Include a field "creds" with a name-value map for credentials.
+auth: []