Fix *.ingress.tls templating (#10)

jessebot · web-flow · commit 2961946f9780 · 2023-07-25T15:31:10.000+02:00
* fix tls templating to allow for less complexity

* fix ingress.tls to be rendered automatically
diff --git a/charts/matrix/Chart.yaml b/charts/matrix/Chart.yaml
@@ -8,7 +8,7 @@ sources:
 
 type: application
 
-version: 4.0.2
+version: 4.0.3
 appVersion: v1.88.0
 
 maintainers:
diff --git a/charts/matrix/README.md b/charts/matrix/README.md
@@ -1,6 +1,6 @@
 # matrix
 
-![Version: 4.0.2](https://img.shields.io/badge/Version-4.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.88.0](https://img.shields.io/badge/AppVersion-v1.88.0-informational?style=flat-square)
+![Version: 4.0.3](https://img.shields.io/badge/Version-4.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.88.0](https://img.shields.io/badge/AppVersion-v1.88.0-informational?style=flat-square)
 
 A Helm chart to deploy a Matrix homeserver stack into Kubernetes
 
@@ -117,9 +117,8 @@ A Helm chart to deploy a Matrix homeserver stack into Kubernetes
 | element.ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-staging"` | required for TLS certs issued by cert-manager |
 | element.ingress.annotations."nginx.ingress.kubernetes.io/configuration-snippet" | string | `"proxy_intercept_errors off;\n"` |  |
 | element.ingress.enabled | bool | `true` | enable ingress for element |
-| element.ingress.hosts | string | `"element.chart-example.local"` | the hostname to use for element |
-| element.ingress.tls[0].hosts | list | `["element.chart-example.local"]` | the hostname to use for element if using TLS certs |
-| element.ingress.tls[0].secretName | string | `"element-tls"` |  |
+| element.ingress.host | string | `"element.chart-example.local"` | the hostname to use for element |
+| element.ingress.tls.enabled | bool | `true` |  |
 | element.integrations.api | string | `"https://scalar.vector.im/api"` | API for the integration server |
 | element.integrations.enabled | bool | `true` | enables the Integrations menu, including:    widgets, bots, and other plugins to Element |
 | element.integrations.ui | string | `"https://scalar.vector.im/"` | UI to load when a user selects the Integrations button at the top-right    of a room |
@@ -170,8 +169,7 @@ A Helm chart to deploy a Matrix homeserver stack into Kubernetes
 | matrix.federation.ingress.annotations."nginx.ingress.kubernetes.io/configuration-snippet" | string | `"proxy_intercept_errors off;\n"` | required for the Nginx ingress provider. You can remove it if you use a different ingress provider |
 | matrix.federation.ingress.enabled | bool | `true` |  |
 | matrix.federation.ingress.host | string | `"matrix-fed.chart-example.local"` |  |
-| matrix.federation.ingress.tls[0].hosts[0] | string | `"matrix-fed.chart-example.local"` |  |
-| matrix.federation.ingress.tls[0].secretName | string | `"federation-tls"` |  |
+| matrix.federation.ingress.tls.enabled | bool | `true` |  |
 | matrix.federation.whitelist | list | `[]` | Allow list of domains to federate with (comment for all domains    except blacklisted) |
 | matrix.homeserverExtra | object | `{}` | Contents will be appended to the end of the default configuration |
 | matrix.homeserverOverride | object | `{}` | Replace homeserver.yaml will be replaced with these contents |
@@ -235,8 +233,7 @@ A Helm chart to deploy a Matrix homeserver stack into Kubernetes
 | synapse.ingress.annotations."nginx.ingress.kubernetes.io/configuration-snippet" | string | `"proxy_intercept_errors off;\n"` | This annotation is required for the Nginx ingress provider. You can remove it if you use a different ingress provider |
 | synapse.ingress.enabled | bool | `true` |  |
 | synapse.ingress.host | string | `"matrix.chart-example.local"` |  |
-| synapse.ingress.tls[0].hosts[0] | string | `"matrix.chart-example.local"` |  |
-| synapse.ingress.tls[0].secretName | string | `"matrix-tls"` |  |
+| synapse.ingress.tls.enabled | bool | `true` |  |
 | synapse.labels | object | `{"component":"synapse"}` | Labels to be appended to all Synapse resources |
 | synapse.metrics.annotations | bool | `true` |  |
 | synapse.metrics.enabled | bool | `true` | Whether Synapse should capture metrics on an additional endpoint |
diff --git a/charts/matrix/templates/element/ingress.yaml b/charts/matrix/templates/element/ingress.yaml
@@ -10,25 +10,21 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-{{- if .Values.element.ingress.tls }}
+{{- if .Values.element.ingress.tls.enabled }}
   tls:
-    {{- range .Values.element.ingress.tls }}
     - hosts:
-      {{- range .hosts }}
-      - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
+      - {{ .Values.element.ingress.host }}
+      secretName: element-tls
 {{- end }}
   rules:
     - host: {{ .Values.element.ingress.host }}
       http:
         paths:
           - path: "/"
+            pathType: ImplementationSpecific
             backend:
               service:
                 name: "{{ include "matrix.fullname" . }}-element"
                 port: 
                   number: {{ .Values.element.service.port }}
-            pathType: ImplementationSpecific
 {{- end }}
diff --git a/charts/matrix/templates/synapse/synapse-federation-ingress.yaml b/charts/matrix/templates/synapse/synapse-federation-ingress.yaml
@@ -10,25 +10,21 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-{{- if .Values.matrix.federation.ingress.tls }}
+{{- if .Values.matrix.federation.ingress.tls.enabled }}
   tls:
-    {{- range .Values.matrix.federation.ingress.tls }}
     - hosts:
-      {{- range .hosts }}
-      - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
+      - {{ .Values.matrix.federation.ingress.host }}
+      secretName: matrix-federation-tls
 {{- end }}
   rules:
     - host: {{ .Values.matrix.federation.ingress.host }}
       http:
         paths:
           - path: "/"
+            pathType: ImplementationSpecific
             backend:
               service:
                 name: "{{ include "matrix.fullname" . }}-synapse-federation"
                 port: 
                   number: {{ .Values.synapse.service.federation.port }}
-            pathType: ImplementationSpecific
 {{- end }}
diff --git a/charts/matrix/templates/synapse/synapse-ingress.yaml b/charts/matrix/templates/synapse/synapse-ingress.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.synapse.ingress.enabled -}}
+{{- if .Values.synapse.ingress.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -10,25 +10,21 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-{{- if .Values.synapse.ingress.tls }}
-  tls:
-    {{- range .Values.synapse.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-      - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-{{- end }}
   rules:
     - host: {{ .Values.synapse.ingress.host }}
       http:
         paths:
           - path: "/"
+            pathType: ImplementationSpecific
             backend:
               service:
                 name: "{{ include "matrix.fullname" . }}-synapse"
                 port:
                   number: {{ .Values.synapse.service.port }}
-            pathType: ImplementationSpecific
+{{- if .Values.synapse.ingress.tls.enabled }}
+  tls:
+    - secretName: matrix-tls
+      hosts:
+        - {{ .Values.synapse.ingress.host }}
+{{- end }}
 {{- end }}
diff --git a/charts/matrix/values.yaml b/charts/matrix/values.yaml
@@ -77,9 +77,7 @@ matrix:
     ingress:
       enabled: true
       tls:
-        - secretName: federation-tls
-          hosts:
-            - matrix-fed.chart-example.local
+        enabled: true
       host: matrix-fed.chart-example.local
       annotations:
         # -- required for the Nginx ingress provider. You can remove it if you
@@ -347,9 +345,7 @@ synapse:
     enabled: true
     host: matrix.chart-example.local
     tls:
-      - secretName: matrix-tls
-        hosts:
-          - matrix.chart-example.local
+      enabled: true
     annotations:
       # -- This annotation is required for the Nginx ingress provider. You can
       # remove it if you use a different ingress provider
@@ -422,12 +418,9 @@ element:
     # -- enable ingress for element
     enabled: true
     tls:
-      - secretName: element-tls
-        # -- the hostname to use for element if using TLS certs
-        hosts:
-          - element.chart-example.local
+      enabled: true
     # -- the hostname to use for element
-    hosts: element.chart-example.local
+    host: element.chart-example.local
     annotations:
       # This annotation is required for the Nginx ingress provider. You can
       # remove it if you use a different ingress provider
