Skip to content

Commit a9b33cf

Browse files
chrissetochrisseto
committed
charts/redpanda: refactor console integration
Refactor the redpanda console integration to first convert `redpanda.RenderState` into a `StaticConfiguration`. The `StaticConfiguration` is then transformed into a `PartialConsoleValues` which is then merged into the subchart values to perform the final rendering. This is done to allow allow the charts' integration to be leveraged by the upcoming console controller. Notable changes include: - Using the bootstrap user for console's auth instead of the first listed SASL user. - Generating a partial version of Console's config to add typing to the configuration code. - The introduction of `operator/pkg/ir` to host non-user facing datastructures. These structs may evolve without impact to our public APIs and help resolve cyclic imports.
1 parent 2379697 commit a9b33cf

File tree

22 files changed

+3908
-3465
lines changed

22 files changed

+3908
-3465
lines changed

.changes/unreleased/charts-redpanda-Changed-20250908-112422.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
project: charts/redpanda
2+
kind: Changed
3+
body: The console integration (`console.enabled=true`) now uses the chart managed bootstrap user rather than the first user from `auth.sasl.users`.
4+
time: 2025-09-08T11:24:22.515452-04:00

charts/console/chart/templates/_console.config.tpl

Lines changed: 302 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,302 @@
1+
{{- /* GENERATED FILE DO NOT EDIT */ -}}
2+
{{- /* Transpiled by gotohelm from "github.com/redpanda-data/redpanda-operator/charts/console/v3/config.go" */ -}}
3+
4+
{{- define "console.StaticConfigurationSourceToPartialRenderValues" -}}
5+
{{- $src := (index .a 0) -}}
6+
{{- range $_ := (list 1) -}}
7+
{{- $_is_returning := false -}}
8+
{{- $mapper := (mustMergeOverwrite (dict "Volumes" (coalesce nil) "Env" (coalesce nil)) (dict "Volumes" (mustMergeOverwrite (dict "Name" "" "Dir" "" "Secrets" (coalesce nil) "ConfigMaps" (coalesce nil)) (dict "Name" "redpanda-certificates" "Dir" "/etc/tls/certs" "Secrets" (dict) "ConfigMaps" (dict))))) -}}
9+
{{- $cfg := (get (fromJson (include "console.configMapper.toConfig" (dict "a" (list $mapper $src)))) "r") -}}
10+
{{- $_is_returning = true -}}
11+
{{- (dict "r" (mustMergeOverwrite (dict) (dict "config" $cfg "extraEnv" $mapper.Env "extraVolumes" (get (fromJson (include "console.volumes.Volumes" (dict "a" (list $mapper.Volumes)))) "r") "extraVolumeMounts" (get (fromJson (include "console.volumes.VolumeMounts" (dict "a" (list $mapper.Volumes)))) "r")))) | toJson -}}
12+
{{- break -}}
13+
{{- end -}}
14+
{{- end -}}
15+
16+
{{- define "console.configMapper.toConfig" -}}
17+
{{- $m := (index .a 0) -}}
18+
{{- $src := (index .a 1) -}}
19+
{{- range $_ := (list 1) -}}
20+
{{- $_is_returning := false -}}
21+
{{- $cfg := (mustMergeOverwrite (dict) (dict)) -}}
22+
{{- $kafka_1 := (get (fromJson (include "console.configMapper.configureKafka" (dict "a" (list $m $src)))) "r") -}}
23+
{{- if (ne (toJson $kafka_1) "null") -}}
24+
{{- $_ := (set $cfg "kafka" $kafka_1) -}}
25+
{{- end -}}
26+
{{- $admin_2 := (get (fromJson (include "console.configMapper.configureAdmin" (dict "a" (list $m $src.admin)))) "r") -}}
27+
{{- if (ne (toJson $admin_2) "null") -}}
28+
{{- $_ := (set $cfg "redpanda" (mustMergeOverwrite (dict) (dict "adminApi" $admin_2))) -}}
29+
{{- end -}}
30+
{{- if (eq (toJson $cfg.redpanda) "null") -}}
31+
{{- $_ := (set $cfg "redpanda" (mustMergeOverwrite (dict) (dict))) -}}
32+
{{- end -}}
33+
{{- $_is_returning = true -}}
34+
{{- (dict "r" $cfg) | toJson -}}
35+
{{- break -}}
36+
{{- end -}}
37+
{{- end -}}
38+
39+
{{- define "console.configMapper.configureAdmin" -}}
40+
{{- $m := (index .a 0) -}}
41+
{{- $admin := (index .a 1) -}}
42+
{{- range $_ := (list 1) -}}
43+
{{- $_is_returning := false -}}
44+
{{- if (eq (toJson $admin) "null") -}}
45+
{{- $_is_returning = true -}}
46+
{{- (dict "r" (coalesce nil)) | toJson -}}
47+
{{- break -}}
48+
{{- end -}}
49+
{{- $cfg := (mustMergeOverwrite (dict) (dict "enabled" true "urls" $admin.urls)) -}}
50+
{{- if (ne (toJson $admin.tls) "null") -}}
51+
{{- $_ := (set $cfg "tls" (mustMergeOverwrite (dict) (dict "enabled" true))) -}}
52+
{{- if $admin.tls.insecureSkipTlsVerify -}}
53+
{{- $_ := (set $cfg.tls "insecureSkipTlsVerify" $admin.tls.insecureSkipTlsVerify) -}}
54+
{{- end -}}
55+
{{- $ca_3 := (get (fromJson (include "console.volumes.MaybeAdd" (dict "a" (list $m.Volumes $admin.tls.caCertSecretRef)))) "r") -}}
56+
{{- if (ne (toJson $ca_3) "null") -}}
57+
{{- $_ := (set $cfg.tls "caFilepath" $ca_3) -}}
58+
{{- end -}}
59+
{{- $cert_4 := (get (fromJson (include "console.volumes.MaybeAddSecret" (dict "a" (list $m.Volumes $admin.tls.certSecretRef)))) "r") -}}
60+
{{- if (ne (toJson $cert_4) "null") -}}
61+
{{- $_ := (set $cfg.tls "certFilepath" $cert_4) -}}
62+
{{- end -}}
63+
{{- $key_5 := (get (fromJson (include "console.volumes.MaybeAddSecret" (dict "a" (list $m.Volumes $admin.tls.keySecretRef)))) "r") -}}
64+
{{- if (ne (toJson $key_5) "null") -}}
65+
{{- $_ := (set $cfg.tls "keyFilepath" $key_5) -}}
66+
{{- end -}}
67+
{{- end -}}
68+
{{- if (ne (toJson $admin.sasl) "null") -}}
69+
{{- $_ := (set $cfg "username" $admin.sasl.username) -}}
70+
{{- $_ := (get (fromJson (include "console.configMapper.addEnv" (dict "a" (list $m "REDPANDA_ADMINAPI_PASSWORD" $admin.sasl.passwordSecretRef)))) "r") -}}
71+
{{- end -}}
72+
{{- $_is_returning = true -}}
73+
{{- (dict "r" $cfg) | toJson -}}
74+
{{- break -}}
75+
{{- end -}}
76+
{{- end -}}
77+
78+
{{- define "console.configMapper.configureKafka" -}}
79+
{{- $m := (index .a 0) -}}
80+
{{- $src := (index .a 1) -}}
81+
{{- range $_ := (list 1) -}}
82+
{{- $_is_returning := false -}}
83+
{{- if (eq (toJson $src.kafka) "null") -}}
84+
{{- $_is_returning = true -}}
85+
{{- (dict "r" (coalesce nil)) | toJson -}}
86+
{{- break -}}
87+
{{- end -}}
88+
{{- $cfg := (mustMergeOverwrite (dict) (dict "brokers" $src.kafka.brokers "schemaRegistry" (get (fromJson (include "console.configMapper.configureSchemaRegistry" (dict "a" (list $m $src.schemaRegistry)))) "r"))) -}}
89+
{{- if (ne (toJson $src.kafka.tls) "null") -}}
90+
{{- $_ := (set $cfg "tls" (mustMergeOverwrite (dict) (dict "enabled" true))) -}}
91+
{{- if $src.kafka.tls.insecureSkipTlsVerify -}}
92+
{{- $_ := (set $cfg.tls "insecureSkipTlsVerify" $src.kafka.tls.insecureSkipTlsVerify) -}}
93+
{{- end -}}
94+
{{- $ca_6 := (get (fromJson (include "console.volumes.MaybeAdd" (dict "a" (list $m.Volumes $src.kafka.tls.caCertSecretRef)))) "r") -}}
95+
{{- if (ne (toJson $ca_6) "null") -}}
96+
{{- $_ := (set $cfg.tls "caFilepath" $ca_6) -}}
97+
{{- end -}}
98+
{{- $cert_7 := (get (fromJson (include "console.volumes.MaybeAddSecret" (dict "a" (list $m.Volumes $src.kafka.tls.certSecretRef)))) "r") -}}
99+
{{- if (ne (toJson $cert_7) "null") -}}
100+
{{- $_ := (set $cfg.tls "certFilepath" $cert_7) -}}
101+
{{- end -}}
102+
{{- $key_8 := (get (fromJson (include "console.volumes.MaybeAddSecret" (dict "a" (list $m.Volumes $src.kafka.tls.keySecretRef)))) "r") -}}
103+
{{- if (ne (toJson $key_8) "null") -}}
104+
{{- $_ := (set $cfg.tls "keyFilepath" $key_8) -}}
105+
{{- end -}}
106+
{{- end -}}
107+
{{- if (ne (toJson $src.kafka.sasl) "null") -}}
108+
{{- $_ := (set $cfg "sasl" (mustMergeOverwrite (dict) (dict "enabled" true "username" $src.kafka.sasl.username "mechanism" (toString $src.kafka.sasl.mechanism)))) -}}
109+
{{- $_ := (get (fromJson (include "console.configMapper.addEnv" (dict "a" (list $m "KAFKA_SASL_PASSWORD" $src.kafka.sasl.passwordSecretRef)))) "r") -}}
110+
{{- end -}}
111+
{{- $_is_returning = true -}}
112+
{{- (dict "r" $cfg) | toJson -}}
113+
{{- break -}}
114+
{{- end -}}
115+
{{- end -}}
116+
117+
{{- define "console.configMapper.configureSchemaRegistry" -}}
118+
{{- $m := (index .a 0) -}}
119+
{{- $schema := (index .a 1) -}}
120+
{{- range $_ := (list 1) -}}
121+
{{- $_is_returning := false -}}
122+
{{- if (eq (toJson $schema) "null") -}}
123+
{{- $_is_returning = true -}}
124+
{{- (dict "r" (coalesce nil)) | toJson -}}
125+
{{- break -}}
126+
{{- end -}}
127+
{{- $cfg := (mustMergeOverwrite (dict) (dict "enabled" true "urls" $schema.urls)) -}}
128+
{{- if (ne (toJson $schema.tls) "null") -}}
129+
{{- $_ := (set $cfg "tls" (mustMergeOverwrite (dict) (dict "enabled" true))) -}}
130+
{{- if $schema.tls.insecureSkipTlsVerify -}}
131+
{{- $_ := (set $cfg.tls "insecureSkipTlsVerify" $schema.tls.insecureSkipTlsVerify) -}}
132+
{{- end -}}
133+
{{- $ca_9 := (get (fromJson (include "console.volumes.MaybeAdd" (dict "a" (list $m.Volumes $schema.tls.caCertSecretRef)))) "r") -}}
134+
{{- if (ne (toJson $ca_9) "null") -}}
135+
{{- $_ := (set $cfg.tls "caFilepath" $ca_9) -}}
136+
{{- end -}}
137+
{{- $cert_10 := (get (fromJson (include "console.volumes.MaybeAddSecret" (dict "a" (list $m.Volumes $schema.tls.certSecretRef)))) "r") -}}
138+
{{- if (ne (toJson $cert_10) "null") -}}
139+
{{- $_ := (set $cfg.tls "certFilepath" $cert_10) -}}
140+
{{- end -}}
141+
{{- $key_11 := (get (fromJson (include "console.volumes.MaybeAddSecret" (dict "a" (list $m.Volumes $schema.tls.keySecretRef)))) "r") -}}
142+
{{- if (ne (toJson $key_11) "null") -}}
143+
{{- $_ := (set $cfg.tls "keyFilepath" $key_11) -}}
144+
{{- end -}}
145+
{{- end -}}
146+
{{- if (ne (toJson $schema.sasl) "null") -}}
147+
{{- $_ := (set $cfg "username" $schema.sasl.username) -}}
148+
{{- $_ := (get (fromJson (include "console.configMapper.addEnv" (dict "a" (list $m "KAFKA_SCHEMA_PASSWORD" $schema.sasl.passwordSecretRef)))) "r") -}}
149+
{{- $_ := (get (fromJson (include "console.configMapper.addEnv" (dict "a" (list $m "KAFKA_SCHEMA_BEARERTOKEN" $schema.sasl.token)))) "r") -}}
150+
{{- end -}}
151+
{{- $_is_returning = true -}}
152+
{{- (dict "r" $cfg) | toJson -}}
153+
{{- break -}}
154+
{{- end -}}
155+
{{- end -}}
156+
157+
{{- define "console.configMapper.addEnv" -}}
158+
{{- $m := (index .a 0) -}}
159+
{{- $name := (index .a 1) -}}
160+
{{- $ref := (index .a 2) -}}
161+
{{- range $_ := (list 1) -}}
162+
{{- $_is_returning := false -}}
163+
{{- if (or (eq $ref.key "") (eq $ref.name "")) -}}
164+
{{- $_is_returning = true -}}
165+
{{- (dict "r" (list)) | toJson -}}
166+
{{- break -}}
167+
{{- end -}}
168+
{{- $_ := (set $m "Env" (concat (default (list) $m.Env) (list (mustMergeOverwrite (dict "name" "") (dict "name" $name "valueFrom" (mustMergeOverwrite (dict) (dict "secretKeyRef" (mustMergeOverwrite (dict "key" "") (mustMergeOverwrite (dict) (dict "name" $ref.name)) (dict "key" $ref.key))))))))) -}}
169+
{{- end -}}
170+
{{- end -}}
171+
172+
{{- define "console.volumes.MaybeAdd" -}}
173+
{{- $v := (index .a 0) -}}
174+
{{- $ref := (index .a 1) -}}
175+
{{- range $_ := (list 1) -}}
176+
{{- $_is_returning := false -}}
177+
{{- if (eq (toJson $ref) "null") -}}
178+
{{- $_is_returning = true -}}
179+
{{- (dict "r" (coalesce nil)) | toJson -}}
180+
{{- break -}}
181+
{{- end -}}
182+
{{- $cmr_12 := $ref.configMapKeyRef -}}
183+
{{- if (ne (toJson $cmr_12) "null") -}}
184+
{{- $_is_returning = true -}}
185+
{{- (dict "r" (get (fromJson (include "console.volumes.MaybeAddConfigMap" (dict "a" (list $v $cmr_12)))) "r")) | toJson -}}
186+
{{- break -}}
187+
{{- end -}}
188+
{{- $skr_13 := $ref.secretKeyRef -}}
189+
{{- if (ne (toJson $skr_13) "null") -}}
190+
{{- $_is_returning = true -}}
191+
{{- (dict "r" (get (fromJson (include "console.volumes.MaybeAddSecret" (dict "a" (list $v (mustMergeOverwrite (dict "name" "") (dict "name" $skr_13.name "key" $skr_13.key)))))) "r")) | toJson -}}
192+
{{- break -}}
193+
{{- end -}}
194+
{{- $_is_returning = true -}}
195+
{{- (dict "r" (coalesce nil)) | toJson -}}
196+
{{- break -}}
197+
{{- end -}}
198+
{{- end -}}
199+
200+
{{- define "console.volumes.MaybeAddConfigMap" -}}
201+
{{- $v := (index .a 0) -}}
202+
{{- $ref := (index .a 1) -}}
203+
{{- range $_ := (list 1) -}}
204+
{{- $_is_returning := false -}}
205+
{{- if (or (eq (toJson $ref) "null") ((and (eq $ref.key "") (eq $ref.name "")))) -}}
206+
{{- $_is_returning = true -}}
207+
{{- (dict "r" (coalesce nil)) | toJson -}}
208+
{{- break -}}
209+
{{- end -}}
210+
{{- $_242___ok_14 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $v.ConfigMaps $ref.name (coalesce nil))))) "r") -}}
211+
{{- $_ := (index $_242___ok_14 0) -}}
212+
{{- $ok_14 := (index $_242___ok_14 1) -}}
213+
{{- if (not $ok_14) -}}
214+
{{- $_ := (set $v.ConfigMaps $ref.name (dict)) -}}
215+
{{- end -}}
216+
{{- $_ := (set (index $v.ConfigMaps $ref.name) $ref.key true) -}}
217+
{{- $_is_returning = true -}}
218+
{{- (dict "r" (printf "%s/configmaps/%s/%s" $v.Dir $ref.name $ref.key)) | toJson -}}
219+
{{- break -}}
220+
{{- end -}}
221+
{{- end -}}
222+
223+
{{- define "console.volumes.MaybeAddSecret" -}}
224+
{{- $v := (index .a 0) -}}
225+
{{- $ref := (index .a 1) -}}
226+
{{- range $_ := (list 1) -}}
227+
{{- $_is_returning := false -}}
228+
{{- if (or (eq (toJson $ref) "null") ((and (eq $ref.key "") (eq $ref.name "")))) -}}
229+
{{- $_is_returning = true -}}
230+
{{- (dict "r" (coalesce nil)) | toJson -}}
231+
{{- break -}}
232+
{{- end -}}
233+
{{- $_254___ok_15 := (get (fromJson (include "_shims.dicttest" (dict "a" (list $v.Secrets $ref.name (coalesce nil))))) "r") -}}
234+
{{- $_ := (index $_254___ok_15 0) -}}
235+
{{- $ok_15 := (index $_254___ok_15 1) -}}
236+
{{- if (not $ok_15) -}}
237+
{{- $_ := (set $v.Secrets $ref.name (dict)) -}}
238+
{{- end -}}
239+
{{- $_ := (set (index $v.Secrets $ref.name) $ref.key true) -}}
240+
{{- $_is_returning = true -}}
241+
{{- (dict "r" (printf "%s/secrets/%s/%s" $v.Dir $ref.name $ref.key)) | toJson -}}
242+
{{- break -}}
243+
{{- end -}}
244+
{{- end -}}
245+
246+
{{- define "console.volumes.VolumeMounts" -}}
247+
{{- $v := (index .a 0) -}}
248+
{{- range $_ := (list 1) -}}
249+
{{- $_is_returning := false -}}
250+
{{- if (and (eq ((get (fromJson (include "_shims.len" (dict "a" (list $v.Secrets)))) "r") | int) (0 | int)) (eq ((get (fromJson (include "_shims.len" (dict "a" (list $v.ConfigMaps)))) "r") | int) (0 | int))) -}}
251+
{{- $_is_returning = true -}}
252+
{{- (dict "r" (coalesce nil)) | toJson -}}
253+
{{- break -}}
254+
{{- end -}}
255+
{{- $_is_returning = true -}}
256+
{{- (dict "r" (list (mustMergeOverwrite (dict "name" "" "mountPath" "") (dict "name" $v.Name "mountPath" $v.Dir)))) | toJson -}}
257+
{{- break -}}
258+
{{- end -}}
259+
{{- end -}}
260+
261+
{{- define "console.volumes.Volumes" -}}
262+
{{- $v := (index .a 0) -}}
263+
{{- range $_ := (list 1) -}}
264+
{{- $_is_returning := false -}}
265+
{{- if (and (eq ((get (fromJson (include "_shims.len" (dict "a" (list $v.Secrets)))) "r") | int) (0 | int)) (eq ((get (fromJson (include "_shims.len" (dict "a" (list $v.ConfigMaps)))) "r") | int) (0 | int))) -}}
266+
{{- $_is_returning = true -}}
267+
{{- (dict "r" (coalesce nil)) | toJson -}}
268+
{{- break -}}
269+
{{- end -}}
270+
{{- $sources := (coalesce nil) -}}
271+
{{- range $_, $secret := (sortAlpha (keys $v.Secrets)) -}}
272+
{{- $items := (coalesce nil) -}}
273+
{{- range $_, $key := (sortAlpha (keys (index $v.Secrets $secret))) -}}
274+
{{- $items = (concat (default (list) $items) (list (mustMergeOverwrite (dict "key" "" "path" "") (dict "key" $key "path" (printf "secrets/%s/%s" $secret $key))))) -}}
275+
{{- end -}}
276+
{{- if $_is_returning -}}
277+
{{- break -}}
278+
{{- end -}}
279+
{{- $sources = (concat (default (list) $sources) (list (mustMergeOverwrite (dict) (dict "secret" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" $secret)) (dict "items" $items)))))) -}}
280+
{{- end -}}
281+
{{- if $_is_returning -}}
282+
{{- break -}}
283+
{{- end -}}
284+
{{- range $_, $configmap := (sortAlpha (keys $v.ConfigMaps)) -}}
285+
{{- $items := (coalesce nil) -}}
286+
{{- range $_, $key := (sortAlpha (keys (index $v.ConfigMaps $configmap))) -}}
287+
{{- $items = (concat (default (list) $items) (list (mustMergeOverwrite (dict "key" "" "path" "") (dict "key" $key "path" (printf "configmaps/%s/%s" $configmap $key))))) -}}
288+
{{- end -}}
289+
{{- if $_is_returning -}}
290+
{{- break -}}
291+
{{- end -}}
292+
{{- $sources = (concat (default (list) $sources) (list (mustMergeOverwrite (dict) (dict "configMap" (mustMergeOverwrite (dict) (mustMergeOverwrite (dict) (dict "name" $configmap)) (dict "items" $items)))))) -}}
293+
{{- end -}}
294+
{{- if $_is_returning -}}
295+
{{- break -}}
296+
{{- end -}}
297+
{{- $_is_returning = true -}}
298+
{{- (dict "r" (list (mustMergeOverwrite (dict "name" "") (mustMergeOverwrite (dict) (dict "projected" (mustMergeOverwrite (dict "sources" (coalesce nil)) (dict "sources" $sources)))) (dict "name" $v.Name)))) | toJson -}}
299+
{{- break -}}
300+
{{- end -}}
301+
{{- end -}}
302+

0 commit comments

Comments
 (0)