Merge pull request #160 from marklogic/feature/CLD-747-https

Support HTTPs in Helm Chart
Related stories:
CLD-747: HTTPs for Kubernetes Chart
CLD-874: Error Handling
CLD-873: Refactoring
CLD-871: K8s HTTPS template and e2e automated tests

Author: pengzhouml

Jenkinsfile

@@ -6,7 +6,7 @@
 import groovy.json.JsonSlurperClassic
 
 emailList = '[email protected], [email protected], [email protected], [email protected], [email protected], [email protected]'
-gitCredID = 'marklogic-builder'
+gitCredID = 'marklogic-builder-github'
 JIRA_ID = ''
 JIRA_ID_PATTERN = /(?i)(CLD|DEVO|QAINF|BUG|DBI)-\d{3,4}/
 LINT_OUTPUT = ''

charts/templates/_helpers.tpl

@@ -8,18 +8,13 @@ Expand the name of the chart.
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
+The release name will be used as full name
 */}}
 {{- define "marklogic.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
 {{- end }}
 {{- end }}
 
@@ -34,7 +29,7 @@ Create chart name and version as used by the chart label.
 Create headless service name for statefulset
 */}}
 {{- define "marklogic.headlessServiceName" -}}
-{{- printf "%s-headless" (include "marklogic.fullname" .) }}
+{{- include "marklogic.fullname" . }}
 {{- end}}
 
 
@@ -101,3 +96,15 @@ Fully qualified domain name
 {{- define "marklogic.fqdn" -}}
 {{- printf "%s-0.%s.%s.svc.%s" (include "marklogic.fullname" .) (include "marklogic.headlessServiceName" .) .Release.Namespace .Values.clusterDomain }}
 {{- end}}
+
+{{/*
+Validate values file
+*/}}
+{{- define "marklogic.checkInputError" -}}
+{{- $fqdn := include "marklogic.fqdn" . }}
+{{- if gt (len $fqdn) 64}}
+{{- $errorMessage := printf "%s%s%s" "The FQDN: " $fqdn " is longer than 64. Please use a shorter release name and try again."  }}
+{{- fail $errorMessage }}
+{{- end }}
+{{- end }}
+

charts/templates/configmap-haproxy.yaml

@@ -3,7 +3,8 @@
 {{- $releaseName := include "marklogic.fullname" . }}
 {{- $namespace := .Release.Namespace }}
 {{- $clusterDomain := .Values.clusterDomain }}
-{{- $tlsEnabled := .Values.haproxy.tls.enabled }}
+{{- $haproxyTlsEnabled := .Values.haproxy.tls.enabled }}
+{{- $appServerTlsEnabled := .Values.tls.enableOnDefaultAppServers -}}
 {{- $certFileName := .Values.haproxy.tls.certFileName }}
 
 apiVersion: v1
@@ -79,13 +80,13 @@ data:
         mode tcp
         balance leastconn
         {{- range $i := until $replicas }}
-        server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}-headless.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} check resolvers dns init-addr none
+        server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} check resolvers dns init-addr none
         {{- end }}
     {{- else if eq $portType "HTTP" }}
 
     frontend marklogic-{{$portNumber}}
       mode http
-      {{- if $tlsEnabled }}
+      {{- if $haproxyTlsEnabled }}
       bind :{{ $portNumber }} ssl crt /usr/local/etc/ssl/{{ $certFileName }}
       {{- else }}
       bind :{{ $portNumber }}
@@ -105,7 +106,11 @@ data:
       stick match req.cook(SessionId)
       default-server check
       {{- range $i := until $replicas }}
-      server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}-headless.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} resolvers dns init-addr none cookie {{ $releaseName }}-{{ $portNumber }}-{{ $i }}
+      {{- if $appServerTlsEnabled }}
+      server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} resolvers dns init-addr none cookie {{ $releaseName }}-{{ $portNumber }}-{{ $i }} ssl verify none
+      {{- else }}
+      server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} resolvers dns init-addr none cookie {{ $releaseName }}-{{ $portNumber }}-{{ $i }}
+      {{- end }}
       {{- end }}
     {{- end }}
     {{- end }}

charts/templates/configmap.yaml

@@ -7,9 +7,17 @@ metadata:
     {{- include "marklogic.labels" . | nindent 4 }}
 data:
 {{- if ne .Values.bootstrapHostName "" }}
+  MARKLOGIC_CLUSTER_TYPE: "non-bootstrap"
   MARKLOGIC_BOOTSTRAP_HOST: {{ .Values.bootstrapHostName }}
 {{- else }}
+  MARKLOGIC_CLUSTER_TYPE: "bootstrap"
   MARKLOGIC_BOOTSTRAP_HOST: {{ include "marklogic.fqdn" . }}
+{{- end }}
+{{- if .Values.tls.enableOnDefaultAppServers }}
+  MARKLOGIC_JOIN_TLS_ENABLED: "true"
+  MARKLOGIC_JOIN_CACERT_FILE: "marklogic-certs/cacert.pem"
+{{- else }}
+  MARKLOGIC_JOIN_TLS_ENABLED: "false"
 {{- end }}
   MARKLOGIC_FQDN_SUFFIX: {{ include "marklogic.headlessURL" . }}
   MARKLOGIC_INIT: "true"

charts/templates/service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "marklogic.fullname" . }}
+  name: {{ include "marklogic.fullname" . }}-cluster
   namespace: {{ .Values.namespace}}
   labels:
     {{- include "marklogic.labels" . | nindent 4 }}