Feature: opportunity to set TLS easily by default with ca-certs autogeneration if needed

charts/chatwoot/Chart.lock

@@ -6,4 +6,4 @@ dependencies:
   repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
   version: 14.7.2
 digest: sha256:c144d47d945cba6e4ab54290c7db1ccf4ec6eb0b75a0e0cda89ec3c11d57af7b
-generated: "2022-06-21T17:49:13.18754+05:30"
+generated: "2022-08-09T23:01:04.493373+02:00"

charts/chatwoot/templates/NOTES.txt

@@ -7,9 +7,22 @@ To learn more about the release, try:
   $ helm status {{ .Release.Name }}
   $ helm get all {{ .Release.Name }}
 
+{{- if gt (len .Values.services) 1 }}
+
+There are multiple services:
+
+{{- end}}
+
+{{- range $value := .Values.services}}
+
+# {{ $value.name }}:
+----------------------------------
+
 NOTE: It may take a few minutes for the LoadBalancer IP to be available.
 You can watch the status by running 
-'kubectl get svc -w {{ template "chatwoot.fullname" . }}'
+'kubectl get svc -w {{ $value.name }}'
+
+export SERVICE_IP=$(kubectl get svc --namespace {{ $.Release.Namespace }} {{ $value.name }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+echo http://$SERVICE_IP:{{ $value.targetPort }}
+{{- end}}
 
-export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "chatwoot.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-echo http://$SERVICE_IP:{{ .Values.services.targetPort }}

charts/chatwoot/templates/_helpers.tpl

@@ -88,7 +88,6 @@ Create the name of the service account to use
 {{- end -}}
 {{- end -}}
 
-
 {{/*
 Set postgres host
 */}}
@@ -199,4 +198,4 @@ Set redis URL
 {{- else -}}
     redis://:$(REDIS_PASSWORD)@{{ .Values.redis.host }}:{{ .Values.redis.port }}
 {{- end -}}
-{{- end -}}
+{{- end -}}

charts/chatwoot/templates/env-secret.yaml

@@ -23,4 +23,4 @@ data:
   REDIS_URL: {{ include "chatwoot.redis.url" . | b64enc | quote }}
   {{- range $key, $value := .Values.env}}
   {{ $key }}: {{ $value | toString | b64enc | quote }}
-  {{- end }}
+  {{- end }}

charts/chatwoot/templates/ingress.yaml

@@ -1,6 +1,5 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "chatwoot.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1
 {{- else -}}
@@ -29,7 +28,7 @@ spec:
         {{- range .hosts }}
         - {{ . | quote }}
         {{- end }}
-      secretName: {{ .secretName }}
+      secretName: {{ .label }}
     {{- end }}
   {{- end }}
   rules:

charts/chatwoot/templates/tests/test-connection.yaml

@@ -14,14 +14,18 @@ spec:
   {{- with .Values.tolerations }}
   tolerations:
   {{- toYaml . | nindent 4 }}
-  {{- end }}
   {{- if .Values.nodeSelector }}
   nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 4 }}
   {{- end }}
+  {{- end }}
+
   containers:
+    {{- range $value := .Values.services}}
     - name: wget
       image: busybox
       imagePullPolicy: IfNotPresent
       command: ['wget']
-      args: ['{{ include "chatwoot.fullname" . }}:{{ .Values.services.targetPort }}']
+      args: ['{{ $value.name }}:{{ $value.targetPort }}']
+    {{- end }}
   restartPolicy: Never
+

charts/chatwoot/templates/tls-secret.yaml

@@ -0,0 +1,29 @@
+{{- range $value := .Values.ingress.tls}}
+apiVersion: v1
+kind: Secret
+{{- if and $value.crt $value.key }} 
+metadata:
+  labels:
+    app: {{ template "chatwoot.fullname" $ }}
+    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}"
+    release: "{{ $.Release.Name }}"
+    heritage: "{{ $.Release.Service }}"
+  name: {{ $value.label }}
+data:
+  tls.crt: {{ $value.crt | b64enc | quote }}
+  tls.key: {{ $value.key | b64enc | quote }}
+{{- else }}
+{{- $tlsCert := genSelfSignedCert (index $value.hosts 0) nil $value.hosts 365 }}
+type: kubernetes.io/tls
+metadata:
+  name: {{ $value.label }}
+  labels:
+    app: {{ template "chatwoot.fullname" $ }}
+    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}"
+    release: "{{ $.Release.Name }}"
+    heritage: "{{ $.Release.Service }}"
+data:
+  tls.crt: {{ $tlsCert.Cert | b64enc | quote }}
+  tls.key: {{ $tlsCert.Key | b64enc | quote }}
+{{- end }}
+{{- end }}

charts/chatwoot/templates/web-deployment.yaml

@@ -34,43 +34,45 @@ spec:
       nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
       {{- end }}
       containers:
+        {{- range $index, $value := .Values.services }}
         - args: 
             - bundle
             - exec
             - rails
             - s
             - -p
-            - {{ .Values.services.internlPort | quote}}
+            - {{ $value.internalPort | quote}}
             - -b
             - 0.0.0.0
           command:
             - docker/entrypoints/rails.sh
           env:
-          {{- if .Values.postgresql.existingSecret }}
+          {{- if $.Values.postgresql.existingSecret }}
           - name: POSTGRES_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: {{ .Values.postgresql.existingSecret }}
-                key: {{ default "password" .Values.postgresql.existingSecretKey }}
+                name: {{ $.Values.postgresql.existingSecret }}
+                key: {{ default "password" $.Values.postgresql.existingSecretKey }}
           {{- end }}
-          {{- if .Values.redis.existingSecret }}
+          {{- if $.Values.redis.existingSecret }}
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:
-                name: {{ .Values.redis.existingSecret }}
-                key: {{ default "password" .Values.redis.existingSecretKey }}
+                name: {{ $.Values.redis.existingSecret }}
+                key: {{ default "password" $.Values.redis.existingSecretKey }}
           {{- end }}
           envFrom:
             - secretRef:
-                name: {{ template "chatwoot.fullname" . }}-env
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          name: {{ .Chart.Name }}-web
+                name: {{ template "chatwoot.fullname" $ }}-env
+          image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}"
+          name: {{ $.Chart.Name }}-web-{{ $index }}
           ports:
-            - containerPort: {{ int .Values.services.internlPort }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- with .Values.resources }}
+            - containerPort: {{ int $value.internalPort }}
+          imagePullPolicy: {{ $.Values.image.pullPolicy }}
+          {{- with $.Values.resources }}
           resources:
             {{- toYaml . | nindent 12 }}
             {{- end }}
-      serviceAccountName: {{ include "chatwoot.serviceAccountName" . }}
+          {{- end }}
+      serviceAccountName: {{ include "chatwoot.serviceAccountName" $ }}
 status: {}

charts/chatwoot/templates/web-service.yaml

@@ -1,25 +1,26 @@
+{{- range $value := .Values.services}}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "chatwoot.fullname" . }}
+  name: {{ $value.name }}
   creationTimestamp: null
   labels:
-    app: {{ template "chatwoot.fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-  {{- with .Values.services.annotations }}
+    app: {{ template "chatwoot.fullname" $ }}
+    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}"
+    release: "{{ $.Release.Name }}"
+    heritage: "{{ $.Release.Service }}"
+  {{- with $value.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
   ports:
-    - name: {{ .Values.services.name | quote}}
-      port: {{ int .Values.services.internlPort }}
-      targetPort: {{ int .Values.services.targetPort }}
-  type: {{ .Values.services.type }}
+    - port: {{ int $value.internalPort }}
+      targetPort: {{ int $value.targetPort }}
+  type: {{ $value.type }}
   selector:
-    app: {{ template "chatwoot.fullname" . }}
+    app: {{ template "chatwoot.fullname" $ }}
     role: web
 status:
   loadBalancer: {}
+{{- end}}

charts/chatwoot/values.yaml

@@ -13,11 +13,11 @@ worker:
   replica: 2
 
 services:
-  name: chatwoot
-  internlPort: 3000
-  targetPort: 3000
-  type: LoadBalancer
-  annotations: {}
+  - name: "chatwoot"
+    internalPort: 3000
+    targetPort: 3000
+    type: LoadBalancer
+    annotations: {}
     # For example
     #  service.beta.kubernetes.io/aws-load-balancer-type: external
     #  service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip
@@ -38,45 +38,50 @@ serviceAccount:
 
 podAnnotations: {}
 
-podSecurityContext: {}
+podSecurityContext:
+  {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  {}
   # capabilities:
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true
   # runAsNonRoot: true
   # runAsUser: 1000
 
-service:
-  type: ClusterIP
-  port: 80
-
 ingress:
   enabled: false
   # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
   # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
   # ingressClassName: nginx
-  annotations: {}
+  annotations:
+    {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   hosts:
-    - host: ""
+    - host: "chart-example.local"
       paths:
         - path: /
           pathType: Prefix
           backend:
             service:
-              name: chatwoot
+              name: "chatwoot"
               port:
                 number: 3000
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
+  # It's highly recommended to use TLS protocol to secure
+  # your activities. Before specifying cert and key you should
+  # set ".Values.ingress.enabled" to "true"
+  # tls:
+  #   - crt: "" # If either 'crt' or 'key' is not set, automatic ca-cert generation will be used
+  #     key: ""
+  #     label: "chart-example"
+  #     hosts:
+  #       - "chart-example.local"
+
+resources:
+  {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following