Helm chart improve docs (#521)

Co-authored-by: Rap <peter.rafaj@kistler.com>

Author: rafajpet

charts/plgd-hub/Chart.yaml

@@ -6,7 +6,7 @@ type: application
 
 version: 0.0.1
 
-appVersion: v2next
+appVersion: vnext
 
 dependencies:
   - name: "nats"

charts/plgd-hub/README.md

@@ -17,7 +17,7 @@ Install [cert-manager](https://cert-manager.io/) via [https://artifacthub.io/pac
 global:
   # -- Global domain
   domain:
-  # -- Hub ID. Used by coap-gateway. It must be unique
+  # -- HubID. Used by coap-gateway. It must be unique
   hubId:
   # -- OAuth owner Claim
   ownerClaim: "sub"
@@ -31,14 +31,14 @@ global:
   oauth:
    # -- List of OAuth client's configurations
    device:
-       # -- Name of client
+       # -- Name of provider
      - name:
        # -- Client ID
        clientID:
        # -- clientSecret or clientSecretFile
        clientSecret:
-       clientSecretFile:
-       # -- Redirect URL
+       #clientSecretFile:
+       # -- Redirect URL. In case you are using mobile app, redirectURL should be in format cloud.plgd.mobile://login-callback
        redirectURL:
        # -- Use in httpgateway.ui.webConfiguration.deviceOAuthClient configuration. Default first item in list
        useInUi: true
@@ -47,8 +47,35 @@ global:
     clientID:
 ```
 
+### Setup with OAuth Mock server:
+
+```
+# -- Global config variables
+global:
+  # -- Global domain
+  domain: "domain.com"
+  # -- CloudID. Used by coap-gateway. It must be unique
+  hubId: 1c10a3b6-287c-11ec-ac2d-13054959c274
+mockoauthserver:
+  enabled: true
+```
+
+### NodePort for coap-gateway
+
+In case you install plgd-hub into [microk8s.io/](https://microk8s.io/), it's required to enable also
+nodePort for coap-gateway. For enable nodePort for coap-gateway add config below:
+
+```
+coapgateway:
+  service:
+    nodePort: 5684
+```
+
+> This configuration should be applied only to test environment !!!
+
 {{ template "chart.requirementsSection" . }}
 
 {{ template "chart.valuesSection" . }}
 
 {{ template "helm-docs.versionFooter" . }}
+

charts/plgd-hub/README.md.gotmpl

@@ -1,7 +1,22 @@
-Thank you for installing {{ .Chart.Name }}.
+{{ .Chart.Description }}
 
-For more information about plgd-hub. Please follow: [plgd.dev](https://plgd.dev/)
+For more information about plgd-hub, follow: https://github.com/plgd-dev/hub/
 
-coap-gateway domain: {{ printf "%s:%v" ( required "global.domain is required" ( $.Values.coapgateway.apis.coap.externalAddress  | default $.Values.global.domain )) $.Values.coapgateway.port }}
-Web UI domain: {{ printf "https://%s" ( include "plgd-hub.httpgateway.apiDomain" . ) }}
-API domain: {{ printf "https://%s" ( include "plgd-hub.httpgateway.apiDomain" . ) }}
+PARAMETERS:
+----------------------------------------------------------
+{{- if $.Values.coapgateway.enabled }}
+coap-gateway uri: {{ printf "coap+tcp://%s:%v" ( required "global.domain is required" ( $.Values.coapgateway.apis.coap.externalAddress  | default $.Values.global.domain )) $.Values.coapgateway.port }}
+{{- end }}
+{{- if $.Values.httpgateway.enabled }}
+Web UI uri: {{ printf "https://%s" ( include "plgd-hub.httpgateway.uiDomain" . ) }}
+http-gateway uri: {{ printf "https://%s" ( include "plgd-hub.httpgateway.apiDomain" . ) }}
+{{- end }}
+{{- if $.Values.mockoauthserver.enabled }}
+------- Mock OAuth server enabled !!!!! ------------------
+You enabled mocked version of OAuth Server used only for test/development purpose. Use with extra care. Could not
+be used for production environment !!!
+Mock OAuth server: {{ include "plgd-hub.mockoauthserver.uri" . }}
+----------------------------------------------------------
+{{- else }}
+OAuth server: {{ $.Values.global.authority }}
+{{- end }}

charts/plgd-hub/templates/NOTES.txt

@@ -102,11 +102,30 @@ If release name contains chart name it will be used as a full name.
   {{- $authoriztion := index . 1 }}
   {{- $prefix := index . 2 }}
   ownerClaim:{{ printf " " }}{{ required (printf "%s.apis.grpc.authorization.ownerClaim or global.ownerClaim is required " $prefix) ( $authoriztion.ownerClaim | default $.Values.global.ownerClaim ) | quote }}
+  {{- if not $.Values.mockoauthserver.enabled }}
   authority:{{ printf " " }}{{ required (printf "%s.apis.grpc.authorization.authority or global.authority is required " $prefix) ( $authoriztion.authority | default $.Values.global.authority ) | quote }}
   audience:{{ printf " " }}{{ ( $authoriztion.audience | default $.Values.global.audience ) | quote }}
+  {{- else }}
+  authority:{{ printf " " }}{{ include "plgd-hub.mockoauthserver.uri" $ }}
+  audience:{{ printf " " }}{{ printf "" | quote }}
+  {{- end }}
+{{- end }}
+
+{{- define "plgd-hub.baseAthorizationConfig" }}
+  {{- $ := index . 0 }}
+  {{- $authoriztion := index . 1 }}
+  {{- $prefix := index . 2 }}
+  {{- if not $.Values.mockoauthserver.enabled }}
+  authority:{{ printf " " }}{{ required (printf "%s.apis.grpc.authorization.authority or global.authority is required " $prefix) ( $authoriztion.authority | default $.Values.global.authority ) | quote }}
+  audience:{{ printf " " }}{{ ( $authoriztion.audience | default $.Values.global.audience ) | quote }}
+  {{- else }}
+  authority:{{ printf " " }}{{ include "plgd-hub.mockoauthserver.uri" $ }}
+  audience:{{ printf " " }}{{ printf "" | quote }}
+  {{- end }}
 {{- end }}
 
 
+
 {{- define "plgd-hub.createInternalCertByCm" }}
     {{- $natsTls := .Values.coapgateway.clients.eventBus.nats.tls.certFile }}
     {{- $authClientTls := .Values.coapgateway.clients.identityStore.grpc.tls.certFile }}
@@ -272,3 +291,35 @@ app.kubernetes.io/instance: {{ .Release.Name }}
   {{ required "clientSecret or clientSecretFile for oauth provider is required " ( $provider.clientSecret | default $provider.clientSecretFile ) }}
   {{- end }}
 {{- end }}
+
+{{- define "plgd-hub.enableDefaultIssuer" }}
+    {{- if and .Values.certmanager.enabled .Values.certmanager.default.issuer.enabled }}
+        {{- $nameInternal := .Values.certmanager.internal.issuer.name }}
+        {{- $kindInternal := .Values.certmanager.internal.issuer.kind }}
+        {{- $specInternal := .Values.certmanager.internal.issuer.spec }}
+
+        {{- $nameCoap := .Values.certmanager.coap.issuer.name }}
+        {{- $kindCoap := .Values.certmanager.coap.issuer.kind }}
+        {{- $specCoap := .Values.certmanager.coap.issuer.spec }}
+
+        {{- $nameExternal := .Values.certmanager.external.issuer.name }}
+        {{- $kindExternal := .Values.certmanager.external.issuer.kind }}
+        {{- $specExternal := .Values.certmanager.external.issuer.spec }}
+
+        {{- $internalIssuer := or ( and $nameInternal $kindInternal ) $specInternal }}
+        {{- $coapIssuer := or ( and $nameCoap $kindCoap ) $specCoap }}
+        {{- $externalIssuer := or ( and $nameExternal $kindExternal ) $specExternal }}
+        {{- printf "%t" ( not ( and $internalIssuer $coapIssuer $externalIssuer )) }}
+    {{- else }}
+        {{- printf "false" }}
+    {{- end }}
+{{- end }}
+
+{{- define "plgd-hub.wildCardCertDomain" -}}
+    {{- printf "*.%s" .Values.global.domain }}
+{{- end }}
+
+{{- define "plgd-hub.wildCardCertName" -}}
+  {{- $fullName := include "plgd-hub.fullname" . -}}
+  {{- printf "%s-wildcard-crt" $fullName -}}
+{{- end }}

charts/plgd-hub/templates/_helpers.tpl

@@ -104,7 +104,7 @@ spec:
         {{- if and ( not $customCaDefined ) .Values.certificateauthority.enabled }}
         - name: {{ .Values.certificateauthority.ca.volume.name }}
           secret:
-            secretName: {{ .Values.certificateauthority.ca.secret.name | default .Values.certificateauthority.ca.default.secret.name }}
+            secretName: {{ .Values.certificateauthority.ca.secret.name | default $.Values.certmanager.default.ca.secret.name }}
         {{- end }}
         {{- with .Values.certificateauthority.extraVolumeMounts }}
         {{- toYaml . | nindent 8 }}

charts/plgd-hub/templates/certificate-authority/deployment.yaml

@@ -1,5 +1,5 @@
 {{- $domainCrt := include "plgd-hub.certificateauthority.domainCertName" . }}
-{{- if and $domainCrt .Values.certmanager.enabled .Values.certificateauthority.enabled }}
+{{- if and $domainCrt .Values.certmanager.enabled .Values.certificateauthority.enabled (not $.Values.global.enableWildCartCert ) }}
 {{- $serviceDns := include "plgd-hub.certificateauthority.fullname" . }}
 apiVersion: cert-manager.io/v1
 kind: Certificate

charts/plgd-hub/templates/certificate-authority/domain-crt.yaml

@@ -10,6 +10,7 @@ metadata:
   labels:
     {{- include "plgd-hub.labels" . | nindent 4 }}
   annotations:
+{{/*    kubernetes.io/ingress.class: "nginx"*/}}
     nginx.org/grpc-services: {{ $fullname | quote }}
     nginx.ingress.kubernetes.io/backend-protocol: "GRPCS"
     ingress.kubernetes.io/force-ssl-redirect: "true"
@@ -21,7 +22,11 @@ spec:
   tls:
     - hosts:
         - {{ include "plgd-hub.certificateauthority.domain" . | quote }}
+      {{- if $.Values.global.enableWildCartCert }}
+      secretName: {{ include "plgd-hub.wildCardCertName" . | quote }}
+      {{- else }}
       secretName: {{ include "plgd-hub.certificateauthority.domainCertName" . | quote }}
+      {{- end }}
   rules:
   - host: {{ include "plgd-hub.certificateauthority.domain" . | quote }}
     http:

charts/plgd-hub/templates/certificate-authority/ingress.yaml

@@ -0,0 +1,17 @@
+{{- if and ( include "plgd-hub.enableDefaultIssuer" . ) ( $.Values.certmanager.default.ca.issuer.enabled ) }}
+apiVersion: cert-manager.io/v1
+kind: {{ .Values.certmanager.default.ca.issuer.kind  }}
+metadata:
+  name: {{ .Values.certmanager.default.ca.issuer.name  }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "plgd-hub.labels" . | nindent 4 }}
+  {{- if .Values.certmanager.default.ca.issuer.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.certmanager.default.ca.issuer.annotations }}
+     {{ $key }}: {{ $value | quote }}
+  {{- end }}
+  {{- end }}
+spec:
+{{- .Values.certmanager.default.ca.issuer.spec | toYaml | nindent 2 }}
+{{- end }}