Enable all components to be enabled or disabled (#17)

Chart.yaml

@@ -19,26 +19,34 @@ dependencies:
   - name: traefik
     version: 10.19.*
     repository: https://helm.traefik.io/traefik
+    condition: traefik.enabled
   - name: sealed-secrets
     version: 2.8.1
     repository: https://bitnami-labs.github.io/sealed-secrets/
+    condition: sealed-secrets.enabled
   - name: loki
     version: 4.8.0
     repository: https://grafana.github.io/helm-charts
+    condition: loki.enabled
   - name: promtail
     version: 6.9.3
     repository: https://grafana.github.io/helm-charts
+    condition: loki.enabled
   - name: grafana
     version: 6.52.4
     repository: https://grafana.github.io/helm-charts
+    condition: grafana.enabled
     # This pulls from my personal repository because the official helm chart doesn't have CRDs in the `crds` directory
     # https://github.com/minio/operator/pull/1564
   - name: operator
     repository: https://alexgodbehere.github.io/helm-repository
     version: 5.0.4
+    condition: minio.enabled
   - name: tenant
     repository: https://operator.min.io
     version: 5.0.3
+    condition: minio.enabled
   - name: influxdb2
     version: 2.1.1
-    repository: https://helm.influxdata.com/
+    repository: https://helm.influxdata.com/
+    condition: influxdb2.enabled

crds/kerberos-keys-crd.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.identity.enabled }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -86,4 +87,5 @@ spec:
                                     type: string
                                     pattern: "^[a-z0-9.-]+/[a-zA-Z0-9._-]+$"
             subresources:
-                status: {}
+                status: {}
+{{- end -}}

crds/kubegres-crd.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.postgres.enabled }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -2112,4 +2113,5 @@ spec:
       served: true
       storage: true
       subresources:
-        status: {}
+        status: {}
+{{- end -}}

templates/auth/auth.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.auth.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -155,4 +156,5 @@ spec:
       port: 80
       targetPort: 8080
   selector:
-    factory-plus.service: auth
+    factory-plus.service: auth
+{{- end -}}

templates/auth/ingress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.auth.enabled }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -18,4 +19,5 @@ spec:
     secretName: {{ .Values.acs.tlsSecretName | required "values.acs.tlsSecretName is required!" }}
     domains:
       - main: auth.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}
-  {{- end -}}
+  {{- end -}}
+{{- end -}}

templates/auth/principals/operators.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.identity.enabled }}
 # Operator (cluster administration) Kerberos principals.
 
 # This principal has root level access to some services, in particular the authentication database (if enabled).
@@ -21,4 +22,5 @@ metadata:
     namespace: {{ .Release.Namespace }}
 spec:
     type: Random
-    principal: op1pgadmin@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+    principal: op1pgadmin@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}

templates/auth/principals/service-clients.yaml

@@ -13,7 +13,7 @@
   ## krb5-presets secret. This option should only be used for services that can't pull
   ## their password from a k8s secret, like Canary.
   #
----
+{{- if .Values.auth.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -22,7 +22,9 @@ metadata:
 spec:
   type: Random
   principal: sv1auth@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.cmdesc.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -31,7 +33,9 @@ metadata:
 spec:
   type: Random
   principal: sv1cmdesc@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.configdb.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -40,7 +44,9 @@ metadata:
 spec:
   type: Random
   principal: sv1configdb@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.directory.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -49,7 +55,9 @@ metadata:
 spec:
   type: Random
   principal: sv1directory@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.mqtt.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -58,7 +66,9 @@ metadata:
 spec:
   type: Password
   principal: sv1mqtt@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.manager.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -68,12 +78,15 @@ spec:
   type: Random
   principal: sv1manager@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
   secret: manager-keytab/client-keytab
+{{- end -}}
 ---
+{{- if .Values.warehouse.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
   name: sv1warehouse
   namespace: {{ .Release.Namespace }}
 spec:
   type: Random
-  principal: sv1warehouse@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+  principal: sv1warehouse@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}

templates/auth/principals/services.yaml

@@ -10,7 +10,7 @@
   # /etc/services; HTTP is in caps because Microsoft. A principal name must be added for
   # each FQDN the service can potentially be contacted at.
 
----
+{{- if .Values.auth.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -21,7 +21,9 @@ spec:
   principal: HTTP/auth.{{ .Release.Namespace }}.svc.cluster.local@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
   additionalPrincipals:
     - HTTP/auth.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.cmdesc.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -32,7 +34,9 @@ spec:
   principal: HTTP/cmdesc.{{ .Release.Namespace }}.svc.cluster.local@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
   additionalPrincipals:
     - HTTP/cmdesc.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.configdb.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -43,7 +47,9 @@ spec:
   principal: HTTP/configdb.{{ .Release.Namespace }}.svc.cluster.local@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
   additionalPrincipals:
     - HTTP/configdb.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.directory.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -54,7 +60,9 @@ spec:
   principal: HTTP/directory.{{ .Release.Namespace }}.svc.cluster.local@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
   additionalPrincipals:
     - HTTP/directory.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.mqtt.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -65,7 +73,9 @@ spec:
   principal: mqtt/mqtt.{{ .Release.Namespace }}.svc.cluster.local@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
   additionalPrincipals:
     - mqtt/mqtt.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.manager.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -77,7 +87,9 @@ spec:
   additionalPrincipals:
     - HTTP/manager.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
   secret: manager-keytab/keytab
+{{- end -}}
 ---
+{{- if .Values.postgres.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -86,7 +98,9 @@ metadata:
 spec:
   type: Random
   principal: postgres/postgres.{{ .Release.Namespace }}.svc.cluster.local@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}
 ---
+{{- if .Values.warehouse.enabled }}
 apiVersion: factoryplus.app.amrc.co.uk/v1
 kind: KerberosKey
 metadata:
@@ -96,4 +110,5 @@ spec:
   type: Random
   principal: HTTP/warehouse.{{ .Release.Namespace }}.svc.cluster.local@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
   additionalPrincipals:
-    - HTTP/warehouse.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+    - HTTP/warehouse.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}@{{ .Values.identity.realm | required "values.identity.realm is required!" }}
+{{- end -}}

templates/cmdesc/cmdesc.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.cmdesc.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -79,3 +80,4 @@ spec:
       targetPort: 8080
   selector:
     factory-plus.service: cmdescd
+{{- end -}}

templates/cmdesc/ingress.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.cmdesc.enabled }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -18,4 +19,5 @@ spec:
     secretName: {{ .Values.acs.tlsSecretName | required "values.acs.tlsSecretName is required!" }}
     domains:
       - main: cmdesc.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}
-  {{- end -}}
+  {{- end -}}
+{{- end -}}

templates/configdb/configdb.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.configdb.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -152,3 +153,4 @@ spec:
       targetPort: 8080
   selector:
     factory-plus.service: configdb
+{{- end -}}

templates/configdb/ingress.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.configdb.enabled }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -18,4 +19,5 @@ spec:
     secretName: {{ .Values.acs.tlsSecretName | required "values.acs.tlsSecretName is required!" }}
     domains:
       - main: configdb.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}
-  {{- end -}}
+  {{- end -}}
+{{- end -}}

templates/directory/directory-mqtt.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.directory.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -96,4 +97,5 @@ spec:
             - mountPath: /config/krb5-conf
               name: krb5-conf
             - mountPath: /keytabs
-              name: krb5-keytabs
+              name: krb5-keytabs
+{{- end -}}

templates/directory/directory-webapi.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.directory.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -113,4 +114,5 @@ spec:
       port: 80
       targetPort: 8080
   selector:
-    factory-plus.service: directory-webapi
+    factory-plus.service: directory-webapi
+{{- end -}}

templates/directory/ingress.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.directory.enabled }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -19,3 +20,4 @@ spec:
     domains:
       - main: directory.{{.Values.acs.baseUrl | required "values.acs.baseUrl is required"}}
   {{- end -}}
+{{- end -}}

templates/directory/storage.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.directory.enabled }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
@@ -10,4 +11,5 @@ spec:
     requests:
       storage: 5Gi
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteOnce
+{{- end -}}