add validation for ingress

2bc6d188 · Sandro Mathys · 9f338242 · 2bc6d188 · 2bc6d188
Commit 2bc6d188 authored Jun 13, 2021 by Sandro Mathys
--- a/templates/_validation.tpl
+++ b/templates/_validation.tpl
@@ -5,6 +5,7 @@ Compile all warnings into a single message, and call fail.
 {{- $messages := list -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.podAntiAffinityPreset" .) -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.route" .) -}}
+{{- $messages := append $messages (include "shibboleth-sp.validateValues.ingress" .) -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.backend.eduIDOnly_xor_interfederation" .) -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.backend.eduIDVersion" .) -}}
 {{- $messages := append $messages (include "shibboleth-sp.validateValues.backend.shibboleth.configMap" .) -}}
@@ -41,13 +42,29 @@ Compile all warnings into a single message, and call fail.
 {{/*** ROUTE ***/}}

 {{- define "shibboleth-sp.validateValues.route" -}}
-{{- if and .Values.route.enabled -}}
+{{- if .Values.openshiftv3 and .Values.route.enabled -}}

 {{- if .Values.route.letsencrypt  -}}
 {{- if eq .Values.route.tls.termination "passthrough" }}
  route.letsencrypt
  route.tls.termination
-    Conflict: can't enable `letsencrypt` is `termination` is set to `passthrough`.
+    Conflict: can't enable `letsencrypt` if `termination` is set to `passthrough`.
+{{- end -}}
+{{- end -}}
+
+{{- end -}}
+{{- end -}}
+
+{{/*** INGRESS ***/}}
+
+{{- define "shibboleth-sp.validateValues.ingress" -}}
+{{- if .Values.openshiftv3 and .Values.ingress.enabled -}}
+
+{{- if .Values.ingress.letsencrypt.enabled  -}}
+{{- if not .Values.ingress.letsencrypt.clusterIssuer }}
+  ingress.letsencrypt.enabled
+  ingress.letsencrypt.clusterIssuer
+    Missing: `clusterIssuer` must be specified if Let's Encrypt is enabled.
 {{- end -}}
 {{- end -}}


--- a/values.yaml
+++ b/values.yaml
@@ -16,7 +16,6 @@ global:
 ##############

 # temporary flag to support legacy openshiftv3 and modern vanilla kubernetes
-# TODO: documentation
 openshiftv3: true

 nameOverride: ""
@@ -82,7 +81,7 @@ route:
    insecureEdgeTerminationPolicy: "Redirect"

 # only if openshiftv3=false
-# TODO: validation, documentation
+# TODO: validation
 ingress:
  enabled: false
  annotations: {}