wip: commentary around template redesign

Kong · Nov 2, 2023 · bc2610c · bc2610c
1 parent 7479cda
commit bc2610c
Show file tree

Hide file tree

Showing 3 changed files with 723 additions and 1 deletion.
diff --git a/charts/kong/templates/_helpers.tpl b/charts/kong/templates/_helpers.tpl
@@ -460,6 +460,10 @@ The name of the Service which will be used by the controller to update the Ingre
 {{- (printf "%s/%s" ( include "kong.namespace" . ) ( default ( printf "%s-proxy" (include "kong.fullname" . )) $proxyOverride )) -}}
 {{- end -}}
 
+# TODO 921 everything here would need to become relative. some of it relies on
+# external values though, e.g. .Values.ingressController.ingressClass and
+# .Values.ingressController.admissionWebhook.address presumably remain where
+# they are.
 {{- define "kong.ingressController.env" -}}
 {{/*
     ====== AUTO-GENERATED ENVIRONMENT VARIABLES ======
@@ -919,6 +923,84 @@ The name of the Service which will be used by the controller to update the Ingre
   {{- include "controller.adminApiCertVolumeMount" . | nindent 2 }}
 {{- end -}}
 
+{{- define "kong.controller-container-new" -}}
+- name: ingress-controller
+  securityContext:
+{{ toYaml .securityContext | nindent 4 }}
+  args:
+  {{ if .args}}
+  {{- range $val := .args }}
+  - {{ $val }}
+  {{- end }}
+  {{- end }}
+  ports:
+  # TODO 921 would not have global value here, need to pass something in. can
+  # pass in port or null if none--it's the only value here
+  {{- if .Values.ingressController.admissionWebhook.enabled }}
+  - name: webhook
+    containerPort: {{ .Values.ingressController.admissionWebhook.port }}
+    protocol: TCP
+  {{- end }}
+  {{ if (semverCompare ">= 2.0.0" (include "kong.effectiveVersion" .image)) -}}
+  - name: cmetrics
+    containerPort: 10255
+    protocol: TCP
+  {{- end }}
+  env:
+  - name: POD_NAME
+    valueFrom:
+      fieldRef:
+        apiVersion: v1
+        fieldPath: metadata.name
+  - name: POD_NAMESPACE
+    valueFrom:
+      fieldRef:
+        apiVersion: v1
+        fieldPath: metadata.namespace
+# TODO 921 this is not currently designed to be at all relative and relies on
+# external sections
+{{- include "kong.ingressController.env" .  | indent 2 }}
+  image: {{ include "kong.getRepoTag" .image }}
+  imagePullPolicy: {{ .image.pullPolicy }}
+{{/* disableReadiness is a hidden setting to drop this block entirely for use with a debugger
+     Helm value interpretation doesn't let you replace the default HTTP checks with any other
+     check type, and all HTTP checks freeze when a debugger pauses operation.
+     Setting disableReadiness to ANY value disables the probes.
+*/}}
+{{- if (not (hasKey .Values.ingressController "disableProbes")) }}
+  readinessProbe:
+{{ toYaml .readinessProbe | indent 4 }}
+  livenessProbe:
+{{ toYaml .livenessProbe | indent 4 }}
+{{- end }}
+  resources:
+{{ toYaml .resources | indent 4 }}
+  volumeMounts:
+# TODO 921 comes from external, but only needs the single boolean in the
+# initial if
+{{- if .ingressController.admissionWebhook.enabled }}
+  - name: webhook-cert
+    mountPath: /admission-webhook
+    readOnly: true
+{{- end }}
+# TODO 921 would not be in the container context
+{{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
+  - name: {{ template "kong.serviceAccountTokenName" . }}
+    mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+    readOnly: true
+{{- end }}
+  {{- include "kong.userDefinedVolumeMounts" . | nindent 2 }}
+  # TODO 921 relies on some content under .ingressController
+  {{- include "controller.adminApiCertVolumeMount" . | nindent 2 }}
+{{- end -}}
+
+{{- define "secretkeyref" -}}
+valueFrom:
+  secretKeyRef:
+    name: {{ .name }}
+    key: {{ .key }}
+{{- end -}}
+
 {{- define "secretkeyref" -}}
 valueFrom:
   secretKeyRef: