Make baseDomain and managementCluster required values (#1538)

fiunchinho · web-flow · commit 450255f88a4e · 2025-10-27T10:54:52.000Z
* Make baseDomain and managementCluster required values

* Move required values to central place
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+- Make `global.baseDomain` and `global.managementCluster` required values. These values will be passed to the chart when deploying it from the `cluster-app-installation-values` ConfigMap in the default namespace.
+- Extract required values to its own central file to avoid repeating the `required` keyword and error messages. This is normally done automatically by a Kyverno policy.
 - Change the default root disk size for Karpenter node pools. Karpenter will choose the cheapest instances, and certain instances, like `g6f.xlarge` come with some drivers that require a larger disk.
 - Chart: Update `cluster` to v4.3.0.
 
diff --git a/helm/cluster-aws/ci/ci-values.yaml b/helm/cluster-aws/ci/ci-values.yaml
@@ -1,6 +1,7 @@
 global:
   release:
     version: 29.1.0
+  managementCluster: test
   metadata:
     name: test-wc
     organization: "test"
diff --git a/helm/cluster-aws/ci/test-eni-mode-values.yaml b/helm/cluster-aws/ci/test-eni-mode-values.yaml
@@ -1,6 +1,7 @@
 global:
   release:
     version: 29.1.0
+  managementCluster: test
   metadata:
     name: test-wc
     organization: "test"
diff --git a/helm/cluster-aws/ci/test-multiple-service-account-issuers-values.yaml b/helm/cluster-aws/ci/test-multiple-service-account-issuers-values.yaml
@@ -1,6 +1,7 @@
 global:
   release:
     version: v27.0.0-alpha.1
+  managementCluster: test
   metadata:
     name: test-wc
     organization: "test"
diff --git a/helm/cluster-aws/ci/test-multiple-vpc-cidrs-eni-mode-values.yaml b/helm/cluster-aws/ci/test-multiple-vpc-cidrs-eni-mode-values.yaml
@@ -1,6 +1,7 @@
 global:
   release:
     version: 29.1.0
+  managementCluster: test
   metadata:
     name: test-wc-multiple-vpc-cidrs-eni-mode
     organization: "test"
diff --git a/helm/cluster-aws/ci/test-spot-instances-values.yaml b/helm/cluster-aws/ci/test-spot-instances-values.yaml
@@ -1,6 +1,7 @@
 global:
   release:
     version: 29.1.0
+  managementCluster: test
   metadata:
     name: test-wc-minimal
     organization: test
diff --git a/helm/cluster-aws/ci/test-subnet-tags-values.yaml b/helm/cluster-aws/ci/test-subnet-tags-values.yaml
@@ -1,6 +1,7 @@
 global:
   release:
     version: v29.1.0
+  managementCluster: test
   metadata:
     name: test-wc
     organization: "test"
diff --git a/helm/cluster-aws/files/etc/systemd/network/99-unmanaged-devices.network b/helm/cluster-aws/files/etc/systemd/network/99-unmanaged-devices.network
@@ -1,4 +1,4 @@
-{{- if eq (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "eni" -}}
+{{- if eq .Values.global.connectivity.cilium.ipamMode "eni" -}}
 # https://docs.cilium.io/en/latest/network/concepts/ipam/eni/#node-configuration
 #
 # For ENI mode, this ensures the Cilium-created network interfaces are not managed, so that they
diff --git a/helm/cluster-aws/files/opt/bin/kubelet-aws-config.sh b/helm/cluster-aws/files/opt/bin/kubelet-aws-config.sh
@@ -6,7 +6,7 @@ err_report() {
 }
 trap 'err_report ${LINENO}' ERR
 
-{{- if ne (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "eni" }}
+{{- if ne .Values.global.connectivity.cilium.ipamMode "eni" }}
 
 echo "Skipping setting --max-pods based on instance type because Cilium ENI mode is not used and thus no such restrictions apply."
 exit 0
diff --git a/helm/cluster-aws/templates/_aws_cluster.tpl b/helm/cluster-aws/templates/_aws_cluster.tpl
@@ -1,5 +1,5 @@
 {{- define "aws-cluster" }}
-{{- if and (regexMatch "\\.internal$" (required "global.connectivity.baseDomain is required" .Values.global.connectivity.baseDomain)) (eq (required "global.connectivity.dns.mode required" .Values.global.connectivity.dns.mode) "public") }}
+{{- if and (regexMatch "\\.internal$" .Values.global.connectivity.baseDomain) (eq (required "global.connectivity.dns.mode required" .Values.global.connectivity.dns.mode) "public") }}
 {{- fail "global.connectivity.dns.mode=public cannot be combined with a '*.internal' baseDomain since reserved-as-private TLDs are not propagated to public DNS servers and therefore crucial DNS records such as api.<baseDomain> cannot be looked up" }}
 {{- end }}
 {{- $region := include "aws-region" . }}
@@ -65,51 +65,51 @@ spec:
       cidrBlocks: {{- toYaml ((concat .Values.global.controlPlane.loadBalancerIngressAllowCidrBlocks (list "95.179.153.65/32" "185.102.95.187/32")) | uniq) | nindent 6 }}
     {{- end }}
   network:
-    {{- if eq (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "eni" }}
+    {{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
     additionalControlPlaneIngressRules:
       - description: "Allow traffic from pods to control plane nodes for access of applications to Kubernetes API"
         protocol: "-1" # all
         fromPort: -1
         toPort: -1
 
         # We could also use `sourceSecurityGroupIds` here, but the ID of the "<cluster>-pods" security group isn't known yet
-        cidrBlocks: {{ required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
+        cidrBlocks: {{ .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
     additionalNodeIngressRules:
       - description: "Allow traffic from Pods to the Cilium Relay port running on the nodes"
         protocol: "tcp"
         fromPort: 4244
         toPort: 4244
-        cidrBlocks: {{ required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
+        cidrBlocks: {{ .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
       - description: "Allow traffic from Pods to Chart Operator running on the nodes"
         protocol: "tcp"
         fromPort: 8000
         toPort: 8000
-        cidrBlocks: {{ required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
+        cidrBlocks: {{ .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
       - description: "Allow traffic from Pods to EBS CSI Controller running on the nodes"
         protocol: "tcp"
         fromPort: 8610
         toPort: 8610
-        cidrBlocks: {{ required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
+        cidrBlocks: {{ .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
       - description: "Allow traffic from Pods to Cilium Operator and Envoy running on the nodes"
         protocol: "tcp"
         fromPort: 9963
         toPort: 9964
-        cidrBlocks: {{ required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
+        cidrBlocks: {{ .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
       - description: "Allow traffic from Pods to the Kubelet API running on the nodes"
         protocol: "tcp"
         fromPort: 10250
         toPort: 10250
-        cidrBlocks: {{ required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
+        cidrBlocks: {{ .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
       - description: "Allow traffic from Pods to Node Exporter running on the nodes"
         protocol: "tcp"
         fromPort: 10300
         toPort: 10300
-        cidrBlocks: {{ required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
+        cidrBlocks: {{ .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
       - description: "Allow traffic from Pods to Kubernetes Resource Count Exporter running on the nodes"
         protocol: "tcp"
         fromPort: 10999
         toPort: 10999
-        cidrBlocks: {{ required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
+        cidrBlocks: {{ .Values.global.connectivity.network.pods.cidrBlocks | toYaml | nindent 10 }}
     {{- end }}
     cni:
       cniIngressRules:
@@ -139,10 +139,10 @@ spec:
       {{- if .Values.global.connectivity.network.internetGatewayId }}
       internetGatewayId: {{ .Values.global.connectivity.network.internetGatewayId }}
       {{- end }}
-      {{- if eq (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "eni" }}
+      {{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
       secondaryCidrBlocks:
         # Managed by Cilium in ENI mode
-        {{- if not (required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks | first | regexMatch "/(1[6-9]|2[0-8])$") }}
+        {{- if not (.Values.global.connectivity.network.pods.cidrBlocks | first | regexMatch "/(1[6-9]|2[0-8])$") }}
           {{ fail (printf "You have set `global.connectivity.cilium.ipamMode=eni`, but the pod CIDR %s is not supported as AWS VPC CIDR (see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html: /16 to /28 sizes are supported). Please change `global.connectivity.network.pods.cidrBlocks` to a valid value (see https://github.com/giantswarm/cluster-aws/tree/main/helm/cluster-aws#connectivity)." (.Values.global.connectivity.network.pods.cidrBlocks | first | quote)) }}
         {{- end }}
         - ipv4CidrBlock: {{ .Values.global.connectivity.network.pods.cidrBlocks | first | quote }}
@@ -163,7 +163,7 @@ spec:
         {{ end }}
       {{- end }}
     {{- $allCidrs := concat $vpcCidrs ($.Values.global.connectivity.network.nodePortIngressRuleCidrBlocks | default (list)) }}
-    {{- if eq (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "eni" }}
+    {{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
     {{- $allCidrs = concat $allCidrs ($.Values.global.connectivity.network.pods.cidrBlocks | default (list)) }}
     {{- end }}
     {{- $seen := dict }}
@@ -230,7 +230,7 @@ spec:
     {{- end }}
     {{- end }}
 
-    {{- if eq (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "eni" }}
+    {{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
     {{- range $j, $subnet := .Values.global.connectivity.eniModePodSubnets }}
     {{- range $i, $cidr := $subnet.cidrBlocks }}
     - id: "{{ include "resource.default.name" $ }}-subnet-secondary-{{ if eq (len $cidr.availabilityZone) 1 }}{{ include "aws-region" $ }}{{ end }}{{ $cidr.availabilityZone }}"
diff --git a/helm/cluster-aws/templates/_cilium_helmrelease_config.yaml b/helm/cluster-aws/templates/_cilium_helmrelease_config.yaml
@@ -4,7 +4,7 @@
 provider: capa
 image:
   registry: {{ include "awsContainerImageRegistry" $ }}
-{{- if eq (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "eni" }}
+{{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
 # https://docs.cilium.io/en/v1.14/network/concepts/routing/#id5
 ipam:
   mode: eni
@@ -33,7 +33,7 @@ cniCustomConf:
 extraEnv:
   - name: CNI_CONF_NAME
     value: "21-cilium.conflist"
-{{- else if eq (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "kubernetes" }}
+{{- else if eq .Values.global.connectivity.cilium.ipamMode "kubernetes" }}
 {{- /* Use default from `cluster` chart */}}
 {{- end }}
 
diff --git a/helm/cluster-aws/templates/_control_plane.tpl b/helm/cluster-aws/templates/_control_plane.tpl
@@ -40,7 +40,7 @@ instanceMetadataOptions:
 {{- if $.Values.global.providerSpecific.instanceMetadataOptions.httpPutResponseHopLimit }}
   httpPutResponseHopLimit: {{ $.Values.global.providerSpecific.instanceMetadataOptions.httpPutResponseHopLimit }}
 {{- else }}
-{{- if eq (required "global.connectivity.cilium.ipamMode is required" .Values.global.connectivity.cilium.ipamMode) "eni" }}
+{{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
   httpPutResponseHopLimit: 2
 {{- else }}
   httpPutResponseHopLimit: 3
diff --git a/helm/cluster-aws/templates/_helpers.tpl b/helm/cluster-aws/templates/_helpers.tpl
@@ -32,7 +32,7 @@ app: {{ include "name" . | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
 cluster.x-k8s.io/cluster-name: {{ include "resource.default.name" . | quote }}
 giantswarm.io/cluster: {{ include "resource.default.name" . | quote }}
-giantswarm.io/organization: {{ required "You must provide an existing organization name in .global.metadata.organization" .Values.global.metadata.organization | quote }}
+giantswarm.io/organization: {{ .Values.global.metadata.organization | quote }}
 cluster.x-k8s.io/watch-filter: capi
 {{- end -}}
 
@@ -119,7 +119,7 @@ sts.amazonaws.com{{ if hasPrefix "cn-" (include "aws-region" .) }}.cn{{ end }}
 {{- if hasPrefix "cn-" (include "aws-region" .) -}}
 https://s3.{{include "aws-region" .}}.amazonaws.com.cn/{{ include "aws-account-id" .}}-g8s-{{include "resource.default.name" $}}-oidc-pod-identity-v3
 {{- else -}}
-https://irsa.{{ include "resource.default.name" $ }}.{{ required "global.connectivity.baseDomain value is required" .Values.global.connectivity.baseDomain }}
+https://irsa.{{ include "resource.default.name" $ }}.{{ .Values.global.connectivity.baseDomain }}
 {{- end }}
 {{- end }}
 
diff --git a/helm/cluster-aws/templates/_karpenter_machine_pools.tpl b/helm/cluster-aws/templates/_karpenter_machine_pools.tpl
@@ -7,7 +7,7 @@ metadata:
   labels:
     giantswarm.io/machine-pool: {{ include "resource.default.name" $ }}-{{ $name }}
     {{- include "labels.common" $ | nindent 4 }}
-    {{- if (required "global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers is required" $.Values.global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers) }}
+    {{- if $.Values.global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers }}
     alpha.aws.giantswarm.io/reduced-instance-permissions-workers: "true"
     {{- end }}
     app.kubernetes.io/version: {{ $.Chart.Version | quote }}
@@ -39,7 +39,7 @@ spec:
         deleteOnTermination: true
     instanceProfile: nodes-{{ $name }}-{{ include "resource.default.name" $ }}
     metadataOptions:
-      {{- if eq (required "global.connectivity.cilium.ipamMode is required" $.Values.global.connectivity.cilium.ipamMode) "eni" }}
+      {{- if eq $.Values.global.connectivity.cilium.ipamMode "eni" }}
       httpPutResponseHopLimit: 2
       {{- else }}
       httpPutResponseHopLimit: 3
diff --git a/helm/cluster-aws/templates/_machine_pools.tpl b/helm/cluster-aws/templates/_machine_pools.tpl
@@ -7,10 +7,10 @@ metadata:
   labels:
     giantswarm.io/machine-pool: {{ include "resource.default.name" $ }}-{{ $name }}
     {{- include "labels.common" $ | nindent 4 }}
-    {{- if (required "global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers is required" $.Values.global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers) }}
+    {{- if $.Values.global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers }}
     alpha.aws.giantswarm.io/reduced-instance-permissions-workers: "true"
     {{- end }}
-    {{- if eq (required "global.connectivity.cilium.ipamMode is required" $.Values.global.connectivity.cilium.ipamMode) "eni" }}
+    {{- if eq $.Values.global.connectivity.cilium.ipamMode "eni" }}
     alpha.aws.giantswarm.io/ipam-mode: "eni"
     {{- end }}
     app.kubernetes.io/version: {{ $.Chart.Version | quote }}
@@ -77,7 +77,7 @@ spec:
       {{- if $.Values.global.providerSpecific.instanceMetadataOptions.httpPutResponseHopLimit }}
       httpPutResponseHopLimit: {{ $.Values.global.providerSpecific.instanceMetadataOptions.httpPutResponseHopLimit }}
       {{- else }}
-      {{- if eq (required "global.connectivity.cilium.ipamMode is required" $.Values.global.connectivity.cilium.ipamMode) "eni" }}
+      {{- if eq $.Values.global.connectivity.cilium.ipamMode "eni" }}
       httpPutResponseHopLimit: 2
       {{- else }}
       httpPutResponseHopLimit: 3
diff --git a/helm/cluster-aws/templates/cilium-cleanup/job.yaml b/helm/cluster-aws/templates/cilium-cleanup/job.yaml
@@ -1,4 +1,4 @@
-{{- if eq (required "global.connectivity.cilium.ipamMode is required" .Values.global.connectivity.cilium.ipamMode) "eni" }}
+{{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
 #
 # When working in eni mode and ENIs need to be deleted (e.g. on cluster deletion), Cilium first needs to detach
 # the ENIs from the EC2 instance, and then delete them.
diff --git a/helm/cluster-aws/templates/cilium-cleanup/role.yaml b/helm/cluster-aws/templates/cilium-cleanup/role.yaml
@@ -1,4 +1,4 @@
-{{- if eq (required "global.connectivity.cilium.ipamMode is required" .Values.global.connectivity.cilium.ipamMode) "eni" }}
+{{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
diff --git a/helm/cluster-aws/templates/cilium-cleanup/rolebinding.yaml b/helm/cluster-aws/templates/cilium-cleanup/rolebinding.yaml
@@ -1,4 +1,4 @@
-{{- if eq (required "global.connectivity.cilium.ipamMode is required" .Values.global.connectivity.cilium.ipamMode) "eni" }}
+{{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
diff --git a/helm/cluster-aws/templates/cilium-cleanup/serviceaccount.yaml b/helm/cluster-aws/templates/cilium-cleanup/serviceaccount.yaml
@@ -1,4 +1,4 @@
-{{- if eq (required "global.connectivity.cilium.ipamMode is required" .Values.global.connectivity.cilium.ipamMode) "eni" }}
+{{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
diff --git a/helm/cluster-aws/templates/cilium-crossplane-resources-app.yaml b/helm/cluster-aws/templates/cilium-crossplane-resources-app.yaml
@@ -1,4 +1,4 @@
-{{- if eq (required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode) "eni" }}
+{{- if eq .Values.global.connectivity.cilium.ipamMode "eni" }}
 apiVersion: v1
 data:
   values: |
diff --git a/helm/cluster-aws/templates/irsa_claim.yaml b/helm/cluster-aws/templates/irsa_claim.yaml
@@ -11,7 +11,7 @@ spec:
   name: {{ include "resource.default.name" $ }}
   bucketName: {{ include "aws-account-id" . }}-g8s-{{ include "resource.default.name" $ }}-oidc-pod-identity-v3
   {{- if not (hasPrefix "cn-" (include "aws-region" .)) }}
-  domain: {{ include "resource.default.name" $ }}.{{ required "global.connectivity.baseDomain value is required" .Values.global.connectivity.baseDomain }}
+  domain: {{ include "resource.default.name" $ }}.{{ .Values.global.connectivity.baseDomain }}
   {{- end }}
   providerConfigRef: {{ include "resource.default.name" $ }}
   region: {{ include "aws-region" . }}
diff --git a/helm/cluster-aws/templates/karpenter-helmrelease.yaml b/helm/cluster-aws/templates/karpenter-helmrelease.yaml
@@ -6,7 +6,7 @@ additionalLabels:
   giantswarm.io/managed-by: {{ .Release.Name | quote }}
   giantswarm.io/service-type: managed
 settings:
-  clusterEndpoint: {{ printf "%s.%s.%s" "http://api" (include "resource.default.name" $) (required "global.connectivity.baseDomain is required" .Values.global.connectivity.baseDomain) }}
+  clusterEndpoint: {{ printf "%s.%s.%s" "http://api" (include "resource.default.name" $) .Values.global.connectivity.baseDomain }}
   clusterName: {{ include "resource.default.name" $ }}
   interruptionQueue: {{ include "resource.default.name" $ }}-karpenter
 controller:
diff --git a/helm/cluster-aws/templates/required.yaml b/helm/cluster-aws/templates/required.yaml
@@ -0,0 +1,6 @@
+{{- $_ := required "global.connectivity.baseDomain is required. The values from the 'cluster-app-installation-values' ConfigMap in the default namespace should be passed when deploying this chart by adding a reference to the ConfigMap in your App custom resource. This is normally done automatically by kyverno" .Values.global.connectivity.baseDomain }}
+{{- $_ := required "global.managementCluster is required. The values from the 'cluster-app-installation-values' ConfigMap in the default namespace should be passed when deploying this chart" .Values.global.managementCluster }}
+{{- $_ := required "global.connectivity.cilium.ipamMode is required"  .Values.global.connectivity.cilium.ipamMode }}
+{{- $_ := required "global.connectivity.network.pods.cidrBlocks is required" .Values.global.connectivity.network.pods.cidrBlocks }}
+{{- $_ := required "You must provide an existing organization name in .global.metadata.organization" .Values.global.metadata.organization }}
+{{- $_ := required "global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers is required" $.Values.global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers }}
diff --git a/helm/cluster-aws/values.schema.json b/helm/cluster-aws/values.schema.json
@@ -1197,6 +1197,7 @@
             "title": "Global",
             "description": "Properties that are available to all charts and subcharts.",
             "required": [
+                "managementCluster",
                 "metadata",
                 "release"
             ],
@@ -1640,6 +1641,9 @@
                 "connectivity": {
                     "type": "object",
                     "title": "Connectivity",
+                    "required": [
+                        "baseDomain"
+                    ],
                     "additionalProperties": false,
                     "properties": {
                         "availabilityZoneUsageLimit": {

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-{{- if eq (required "global.connectivity.cilium.ipamMode is required" .Values.global.connectivity.cilium.ipamMode) "eni" -}}`
	`1`	`+{{- if eq .Values.global.connectivity.cilium.ipamMode "eni" -}}`
`2`	`2`	`# https://docs.cilium.io/en/latest/network/concepts/ipam/eni/#node-configuration`
`3`	`3`	`#`
`4`	`4`	`# For ENI mode, this ensures the Cilium-created network interfaces are not managed, so that they`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ err_report() {`
`6`	`6`	`}`
`7`	`7`	`trap 'err_report ${LINENO}' ERR`
`8`	`8`
`9`		`-{{- if ne (required "global.connectivity.cilium.ipamMode is required" .Values.global.connectivity.cilium.ipamMode) "eni" }}`
	`9`	`+{{- if ne .Values.global.connectivity.cilium.ipamMode "eni" }}`
`10`	`10`
`11`	`11`	`echo "Skipping setting --max-pods based on instance type because Cilium ENI mode is not used and thus no such restrictions apply."`
`12`	`12`	`exit 0`