Cleanup "charts.platform.env.clients" template partial. Use one global

field for platform to shoreline external auth calls.

Author: lostlevels

charts/tidepool/charts/data/templates/1-deployment.yaml

@@ -19,7 +19,6 @@ spec:
       app.kubernetes.io/name: {{ include "charts.name" . }}
       app.kubernetes.io/instance: {{ .Release.Name }}
   replicas: {{ .Values.deployment.replicas }}
-  strategy: {}
   template:
     metadata:
       labels:

charts/tidepool/charts/glooingress/templates/2-http-internal-virtual-service.yaml

@@ -2,7 +2,15 @@
 {{- $internal := .Values.virtualServices.httpInternal }}
 {{- $spec := .Values.virtualServices.http }}
 {{- $port := $spec.port | default "80" }}
-{{ if or (not $spec.enabled) ($spec.redirect) }}
+# The reason for using a "disabled" field instead of the "enabled" field that
+# we conventionally use elsewhere is because by default an internal
+# VirtualService is created if the http VirtualService is not enabled or it has
+# an https redirect. This means there's no way to NOT have any VirtualService.
+# This way, we can disable all VirtualServices for a Release. The field name is
+# "disabled" just in case some service actually depends on the original logic
+# of an internal VirtualService being created. This is used for shadowed clusters
+# where no VirtualServices are needed.
+{{ if and (or (not $spec.enabled) ($spec.redirect)) (not $internal.disabled) }}
 ---
 apiVersion: gateway.solo.io/v1
 kind: VirtualService

charts/tidepool/charts/jellyfish/templates/1-deployment.yaml

@@ -73,11 +73,11 @@ spec:
               name: server
               key: ServiceAuth
         - name: TIDEPOOL_AUTH_CLIENT_ADDRESS
-          value: "shoreline:{{.Values.global.ports.shoreline}}"
+          value: "{{ .Values.global.hostnames.shoreline }}:{{ .Values.global.ports.shoreline }}"
         - name: TIDEPOOL_SEAGULL_CLIENT_ADDRESS
-          value: "seagull:{{.Values.global.ports.seagull}}"
+          value: "{{ .Values.global.hostnames.seagull }}:{{ .Values.global.ports.seagull }}"
         - name: TIDEPOOL_PERMISSION_CLIENT_ADDRESS
-          value: "gatekeeper:{{.Values.global.ports.gatekeeper}}"
+          value: "{{ .Values.global.hostnames.gatekeeper }}:{{ .Values.global.ports.gatekeeper }}"
         image: "{{ .Values.deployment.image }}"
         securityContext:
           {{- .Values.podSecurityContext | toYaml | nindent 10 }}

charts/tidepool/charts/tidewhisperer/templates/1-deployment.yaml

@@ -69,18 +69,18 @@ spec:
           value: |
             {
                 "auth": {
-                  "address": "http://auth:{{.Values.global.ports.auth}}",
+                  "address": "http://{{.Values.global.hostnames.shoreline}}:{{.Values.global.ports.shoreline}}",
                   "userAgent": "Tidepool-TideWhisperer"
                 },
-                "gatekeeper": {"serviceSpec": {"type": "static", "hosts": ["http://gatekeeper:{{.Values.global.ports.gatekeeper}}"]}},
+                "gatekeeper": {"serviceSpec": {"type": "static", "hosts": ["http://{{.Values.global.hostnames.gatekeeper}}:{{.Values.global.ports.gatekeeper}}"]}},
                 "hakken": {
                   "host": "hakken",
                   "skipHakken": true
                   },
-                "seagull": {"serviceSpec": {"type": "static", "hosts": ["http://seagull:{{.Values.global.ports.seagull}}"]}},
+                "seagull": {"serviceSpec": {"type": "static", "hosts": ["http://{{ .Values.global.hostnames.seagull }}:{{ .Values.global.ports.seagull }}"]}},
                 "shoreline": {
                     "name": "tide-whisperer",
-                    "serviceSpec": {"type": "static", "hosts": ["http://shoreline:{{.Values.global.ports.shoreline}}"]},
+                    "serviceSpec": {"type": "static", "hosts": ["http://{{ .Values.global.hostnames.shoreline }}:{{ .Values.global.ports.shoreline }}"]},
                     "tokenRefreshInterval": "1h"
                 }
             }

charts/tidepool/templates/_helpers.tpl

@@ -57,22 +57,24 @@ Create environment variables used by all platform services.
 
 {{ define "charts.platform.env.clients" }}
         - name: TIDEPOOL_AUTH_CLIENT_ADDRESS
-          value: http://{{.Values.global.hostnames.auth}}:{{.Values.global.ports.auth}}
+          value: "http://{{ .Values.global.hostnames.auth }}:{{ .Values.global.ports.auth }}"
         - name: TIDEPOOL_AUTH_CLIENT_EXTERNAL_ADDRESS
-          value: "http://{{ include "hostname.internal" .}}"
+          value: "http://{{ .Values.global.hostnames.shoreline }}:{{ .Values.global.ports.shoreline }}"
         - name: TIDEPOOL_AUTH_CLIENT_EXTERNAL_SERVER_SESSION_TOKEN_SECRET
           valueFrom:
             secretKeyRef:
               name: server
               key: ServiceAuth
+        - name: TIDEPOOL_AUTH_CLIENT_EXTERNAL_PATH_PREFIX
+          value: {{ .Values.global.platformExternalAuthPathPrefix | quote }}
         - name: TIDEPOOL_BLOB_CLIENT_ADDRESS
-          value: http://{{.Values.global.hostnames.blob}}:{{.Values.global.ports.blob}}
+          value: "http://{{ .Values.global.hostnames.blob }}:{{ .Values.global.ports.blob }}"
         - name: TIDEPOOL_DATA_CLIENT_ADDRESS
-          value: http://{{.Values.global.hostnames.data}}:{{.Values.global.ports.data}}
+          value: "http://{{ .Values.global.hostnames.data }}:{{ .Values.global.ports.data }}"
         - name: TIDEPOOL_DATA_SOURCE_CLIENT_ADDRESS
-          value: http://{{.Values.global.hostnames.data}}:{{.Values.global.ports.data}}
+          value: "http://{{ .Values.global.hostnames.data }}:{{ .Values.global.ports.data }}"
         - name: TIDEPOOL_DEVICES_CLIENT_ADDRESS
-          value: {{.Values.global.hostnames.devices}}:{{.Values.global.ports.devices_grpc}}
+          value: "http://{{ .Values.global.hostnames.devices }}:{{ .Values.global.ports.devices_grpc }}"
         - name: TIDEPOOL_DEXCOM_CLIENT_ADDRESS
           valueFrom:
             configMapKeyRef:
@@ -86,11 +88,11 @@ Create environment variables used by all platform services.
         - name: TIDEPOOL_METRIC_CLIENT_ADDRESS
           value: "http://{{ include "hostname.internal" .}}"
         - name: TIDEPOOL_PERMISSION_CLIENT_ADDRESS
-          value: http://{{.Values.global.hostnames.gatekeeper}}:{{.Values.global.ports.gatekeeper}}
+          value: "http://{{ .Values.global.hostnames.gatekeeper }}:{{ .Values.global.ports.gatekeeper }}"
         - name: TIDEPOOL_CONFIRMATION_CLIENT_ADDRESS
-          value: "http://{{.Values.global.hostnames.hydrophone}}:{{.Values.global.ports.hydrophone}}"
+          value: "http://{{ .Values.global.hostnames.hydrophone }}:{{ .Values.global.ports.hydrophone }}"
         - name: TIDEPOOL_TASK_CLIENT_ADDRESS
-          value: http://{{.Values.global.hostnames.task}}:{{.Values.global.ports.task}}
+          value: "http://{{ .Values.global.hostnames.task }}:{{ .Values.global.ports.task }}"
         - name: TIDEPOOL_USER_CLIENT_ADDRESS
           value: "http://{{ include "hostname.internal" .}}"
         - name: TIDEPOOL_CLINIC_CLIENT_ADDRESS

charts/tidepool/values.yaml

@@ -56,6 +56,8 @@ global:
   linkerdsupport:
     # -- whether to include linkerdsupport subchart with Linkerd service profiles
     enabled: true
+  # -- for a shadowed cluster only, what URL path prefix should platform services add (if any) when calling out to shoreline
+  platformExternalAuthPathPrefix: ''
   # -- service hostnames
   hostnames:
     # -- auth service hostname
@@ -76,6 +78,8 @@ global:
     internal: "internal"
     # -- metric service hostname
     metric: "highwater"
+    # -- seagull service hostname
+    seagull: "seagull"
     # -- shoreline service hostname
     shoreline: "shoreline"
     # -- task service hostname