From 700e8e7550f8bcb74e7e32b97af9ef10243ec2de Mon Sep 17 00:00:00 2001 From: Komal Sukhani Date: Wed, 24 Apr 2024 14:04:04 +0530 Subject: [PATCH 1/8] Add a tyk-operator-secret in Tyk OSS Chart --- tyk-oss/templates/NOTES.txt | 14 ++++---------- tyk-oss/templates/_helpers.tpl | 20 ++++++++++++++++++++ tyk-oss/templates/tyk-operator-secret.yaml | 13 +++++++++++++ tyk-oss/values.yaml | 3 +++ 4 files changed, 40 insertions(+), 10 deletions(-) create mode 100644 tyk-oss/templates/tyk-operator-secret.yaml diff --git a/tyk-oss/templates/NOTES.txt b/tyk-oss/templates/NOTES.txt index 2f3e0aa7..65634b75 100644 --- a/tyk-oss/templates/NOTES.txt +++ b/tyk-oss/templates/NOTES.txt @@ -1,17 +1,11 @@ Thank you for installing Tyk OSS Chart. Your release is named {{ .Release.Name }}. At this point, Tyk Gateway {{- if .Values.global.components.pump }} and Tyk Pump are {{- else }} is {{- end }} fully installed and should be accessible. -{{- if index .Values "tyk-gateway" "gateway" "control" "enabled" }} -{{ $gwSvcName := printf "gateway-control-svc-%v" (include "tyk-gateway.fullname" (index .Subcharts "tyk-gateway")) }} +{{ $gwSvcName := (include "tyk-oss.gwControlServiceName" . ) }} +{{- $port := (include "tyk-oss.gwControlPort" . ) -}} To quickly test everything is ok, you can port-forward Tyk Gateway pod: - kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ $gwSvcName }} {{ index .Values "tyk-gateway" "gateway" "control" "port" }}:{{ index .Values "tyk-gateway" "gateway" "control" "containerPort" }} - curl localhost:{{ index .Values "tyk-gateway" "gateway" "control" "port" }}/hello -{{- else }} -{{ $gwSvcName := printf "gateway-svc-%v" (include "tyk-gateway.fullname" (index .Subcharts "tyk-gateway")) }} -To quickly test everything is ok, you can port-forward Tyk Gateway pod: - kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ $gwSvcName }} {{ index .Values "global" "servicePorts" "gateway" }}:{{ index .Values "global" "servicePorts" "gateway" }} - curl localhost:{{ index .Values "global" "servicePorts" "gateway" }}/hello -{{- end }} + kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ $gwSvcName }} {{ $port }}:{{ $port }} + curl localhost:{{ $port }}/hello === API Secret (TYK_GW_SECRET) === {{- if not .Values.global.secrets.useSecretName -}} diff --git a/tyk-oss/templates/_helpers.tpl b/tyk-oss/templates/_helpers.tpl index cbf2d544..30005546 100644 --- a/tyk-oss/templates/_helpers.tpl +++ b/tyk-oss/templates/_helpers.tpl @@ -72,3 +72,23 @@ http {{- define "tyk-oss.gwServicePort" -}} {{ .Values.global.servicePorts.gateway }} {{- end -}} + +{{- define "tyk-oss.gwControlServiceName" -}} +{{- if index .Values "tyk-gateway" "gateway" "control" "enabled" -}} + {{ printf "gateway-control-svc-%v" (include "tyk-gateway.fullname" (index .Subcharts "tyk-gateway")) }} +{{- else -}} + {{ printf "gateway-svc-%v" (include "tyk-gateway.fullname" (index .Subcharts "tyk-gateway")) }} +{{- end -}} +{{- end -}} + +{{- define "tyk-oss.gwControlPort" -}} +{{- if index .Values "tyk-gateway" "gateway" "control" "enabled" -}} + {{ index .Values "tyk-gateway" "gateway" "control" "port" }} +{{- else -}} + {{ .Values.global.servicePorts.gateway }} +{{- end -}} +{{- end -}} + +{{- define "tyk-oss.gwControlURL" -}} + {{ printf "%v://%v.%v.svc:%v" (include "tyk-oss.gw_proto" . ) (include "tyk-oss.gwControlServiceName" . ) .Release.Namespace (include "tyk-oss.gwControlPort" . ) }} +{{- end -}} diff --git a/tyk-oss/templates/tyk-operator-secret.yaml b/tyk-oss/templates/tyk-operator-secret.yaml new file mode 100644 index 00000000..e0cd999f --- /dev/null +++ b/tyk-oss/templates/tyk-operator-secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.createOperatorSecret}} +apiVersion: v1 +kind: Secret +metadata: + name: tyk-operator-conf +type: Opaque +stringData: + TYK_MODE: "ce" + {{- if not .Values.global.secrets.useSecretName}} + TYK_AUTH: "{{ .Values.global.secrets.APISecret}}" + {{- end }} + TYK_URL: "{{ include "tyk-oss.gwControlURL" . }}" +{{- end }} \ No newline at end of file diff --git a/tyk-oss/values.yaml b/tyk-oss/values.yaml index 8501bd93..60890604 100644 --- a/tyk-oss/values.yaml +++ b/tyk-oss/values.yaml @@ -4,6 +4,9 @@ nameOverride: "" # fullnameOverride overrides App name. It is truncated to 63 characters. fullnameOverride: "" +# createOperatorSecret controls if a secret needed to connect to Operator will be created +createOperatorSecret: true + global: components: # Determines whether the pump component should be installed. From 7b932d11fb2f8e53f4bffc1f2c01198e1117e998 Mon Sep 17 00:00:00 2001 From: Komal Sukhani Date: Wed, 24 Apr 2024 14:14:51 +0530 Subject: [PATCH 2/8] Update notes --- tyk-oss/templates/NOTES.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tyk-oss/templates/NOTES.txt b/tyk-oss/templates/NOTES.txt index 65634b75..c3000c4f 100644 --- a/tyk-oss/templates/NOTES.txt +++ b/tyk-oss/templates/NOTES.txt @@ -20,3 +20,8 @@ To quickly test everything is ok, you can port-forward Tyk Gateway pod: =================================================== You might want to install Tyk Operator next to manage Ingress resources or manage your APIs. Please check Tyk Operator documentation at https://tyk.io/docs/tyk-operator/ + +{{ if .Values.createOperatorSecret }} +`tyk-operator-conf` secret needed to connect to Operator is already created. +If you have set `global.secret.useSecretName`, please set `TYK_AUTH` field in `tyk-operator-conf` secret with Api secret of Tyk gateway. +{{- end }} From c58047ea86a5fa0dcc73d5846f3e5bb8859a1959 Mon Sep 17 00:00:00 2001 From: Komal Sukhani Date: Thu, 25 Apr 2024 13:21:13 +0530 Subject: [PATCH 3/8] Add orgID --- tyk-oss/templates/tyk-operator-secret.yaml | 3 ++- tyk-oss/values.yaml | 9 +++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/tyk-oss/templates/tyk-operator-secret.yaml b/tyk-oss/templates/tyk-operator-secret.yaml index e0cd999f..c8e510a5 100644 --- a/tyk-oss/templates/tyk-operator-secret.yaml +++ b/tyk-oss/templates/tyk-operator-secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createOperatorSecret}} +{{- if .Values.operatorSecret.enabled}} apiVersion: v1 kind: Secret metadata: @@ -10,4 +10,5 @@ stringData: TYK_AUTH: "{{ .Values.global.secrets.APISecret}}" {{- end }} TYK_URL: "{{ include "tyk-oss.gwControlURL" . }}" + TYK_ORG: "{{ .Values.operatorSecret.orgID}}" {{- end }} \ No newline at end of file diff --git a/tyk-oss/values.yaml b/tyk-oss/values.yaml index 60890604..53b0c844 100644 --- a/tyk-oss/values.yaml +++ b/tyk-oss/values.yaml @@ -4,8 +4,13 @@ nameOverride: "" # fullnameOverride overrides App name. It is truncated to 63 characters. fullnameOverride: "" -# createOperatorSecret controls if a secret needed to connect to Operator will be created -createOperatorSecret: true +# operatorSecret controls if a secret needed to connect to Operator will be created +operatorSecret: + # enabled if set to true creates secret + enabled: true + # OSS doesn't have concept of OrgID. But we need to support some features (eg. basic auth key) in OSS + # You can set it to any arbitary value + orgID: test global: components: From 01cd280d9bd15193cd25ad130b1e1dccb5b79362 Mon Sep 17 00:00:00 2001 From: Burak Sekili Date: Fri, 26 Apr 2024 15:32:07 +0300 Subject: [PATCH 4/8] Update tyk-oss/templates/tyk-operator-secret.yaml --- tyk-oss/templates/tyk-operator-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tyk-oss/templates/tyk-operator-secret.yaml b/tyk-oss/templates/tyk-operator-secret.yaml index c8e510a5..bf27d964 100644 --- a/tyk-oss/templates/tyk-operator-secret.yaml +++ b/tyk-oss/templates/tyk-operator-secret.yaml @@ -11,4 +11,4 @@ stringData: {{- end }} TYK_URL: "{{ include "tyk-oss.gwControlURL" . }}" TYK_ORG: "{{ .Values.operatorSecret.orgID}}" -{{- end }} \ No newline at end of file +{{- end }} From 43f2879343ef1387a7eaaf3e948146fca6914e2e Mon Sep 17 00:00:00 2001 From: Burak Sekili Date: Fri, 26 Apr 2024 15:32:14 +0300 Subject: [PATCH 5/8] Update tyk-oss/values.yaml --- tyk-oss/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tyk-oss/values.yaml b/tyk-oss/values.yaml index 53b0c844..c5d2a355 100644 --- a/tyk-oss/values.yaml +++ b/tyk-oss/values.yaml @@ -10,7 +10,7 @@ operatorSecret: enabled: true # OSS doesn't have concept of OrgID. But we need to support some features (eg. basic auth key) in OSS # You can set it to any arbitary value - orgID: test + orgID: "orgid" global: components: From ba0ddec6160ad81489850d2d7b5043b5e7728f27 Mon Sep 17 00:00:00 2001 From: Burak Sekili Date: Fri, 26 Apr 2024 15:32:28 +0300 Subject: [PATCH 6/8] Update tyk-oss/templates/NOTES.txt --- tyk-oss/templates/NOTES.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tyk-oss/templates/NOTES.txt b/tyk-oss/templates/NOTES.txt index c3000c4f..cc53b145 100644 --- a/tyk-oss/templates/NOTES.txt +++ b/tyk-oss/templates/NOTES.txt @@ -21,7 +21,7 @@ To quickly test everything is ok, you can port-forward Tyk Gateway pod: You might want to install Tyk Operator next to manage Ingress resources or manage your APIs. Please check Tyk Operator documentation at https://tyk.io/docs/tyk-operator/ -{{ if .Values.createOperatorSecret }} +{{ if .Values.operatorSecret.enabled }} `tyk-operator-conf` secret needed to connect to Operator is already created. If you have set `global.secret.useSecretName`, please set `TYK_AUTH` field in `tyk-operator-conf` secret with Api secret of Tyk gateway. {{- end }} From 93a1d6eaddbd68c980533944b4240d47ff136a7c Mon Sep 17 00:00:00 2001 From: Burak Sekili Date: Fri, 26 Apr 2024 15:33:19 +0300 Subject: [PATCH 7/8] Update tyk-oss/templates/NOTES.txt --- tyk-oss/templates/NOTES.txt | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tyk-oss/templates/NOTES.txt b/tyk-oss/templates/NOTES.txt index cc53b145..75d7fd7f 100644 --- a/tyk-oss/templates/NOTES.txt +++ b/tyk-oss/templates/NOTES.txt @@ -22,6 +22,10 @@ You might want to install Tyk Operator next to manage Ingress resources or manag Please check Tyk Operator documentation at https://tyk.io/docs/tyk-operator/ {{ if .Values.operatorSecret.enabled }} -`tyk-operator-conf` secret needed to connect to Operator is already created. -If you have set `global.secret.useSecretName`, please set `TYK_AUTH` field in `tyk-operator-conf` secret with Api secret of Tyk gateway. +=== Tyk Operator Secret (tyk-operator-conf) === +The `tyk-operator-conf` secret, required for Tyk Operator to establish a connection with Tyk Gateway, is generated in the {{ .Release.Namespace }} namespace. + +If API Secret of Tyk Gateway has configured via `global.secret.useSecretName` field, ensure that the `TYK_AUTH` field in the `tyk-operator-conf` secret contains the API secret of Tyk Gateway. This step ensures that Tyk Operator correctly identifies the API secret. + + NOTE: After updating `tyk-operator-conf`, make sure that Tyk Operator pod is restarted. {{- end }} From 014dbf5c4c20a53351180faafe8744aa1edff567 Mon Sep 17 00:00:00 2001 From: Burak Sekili Date: Fri, 26 Apr 2024 15:35:49 +0300 Subject: [PATCH 8/8] fix formatting of the NOTES.txt Signed-off-by: Burak Sekili --- tyk-oss/templates/NOTES.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/tyk-oss/templates/NOTES.txt b/tyk-oss/templates/NOTES.txt index 75d7fd7f..2b2def08 100644 --- a/tyk-oss/templates/NOTES.txt +++ b/tyk-oss/templates/NOTES.txt @@ -20,7 +20,6 @@ To quickly test everything is ok, you can port-forward Tyk Gateway pod: =================================================== You might want to install Tyk Operator next to manage Ingress resources or manage your APIs. Please check Tyk Operator documentation at https://tyk.io/docs/tyk-operator/ - {{ if .Values.operatorSecret.enabled }} === Tyk Operator Secret (tyk-operator-conf) === The `tyk-operator-conf` secret, required for Tyk Operator to establish a connection with Tyk Gateway, is generated in the {{ .Release.Namespace }} namespace.