From 1263aa8c2d05e07140b7ce57d4573fb81c206570 Mon Sep 17 00:00:00 2001
From: "Antoine R. Dumont (@ardumont)" <ardumont@softwareheritage.org>
Date: Wed, 18 Oct 2023 11:49:12 +0200
Subject: [PATCH] Allow to declare external services

This will allow to make the webapp running in the (staging) swh namespace to discuss
with the vault declared in the (staging) swh-cassandra namespace.

Refs. swh/infra/sysadm-environment#5095
---
 swh/templates/external-services/cname.yaml | 13 +++++++++++++
 swh/templates/vault/rpc-ingress-cname.yaml | 11 -----------
 swh/values.yaml                            | 18 ++++++++++++------
 swh/values/staging/default.yaml            | 11 +++++++++++
 swh/values/staging/swh-cassandra.yaml      |  7 -------
 5 files changed, 36 insertions(+), 24 deletions(-)
 create mode 100644 swh/templates/external-services/cname.yaml
 delete mode 100644 swh/templates/vault/rpc-ingress-cname.yaml

diff --git a/swh/templates/external-services/cname.yaml b/swh/templates/external-services/cname.yaml
new file mode 100644
index 000000000..9bb90691a
--- /dev/null
+++ b/swh/templates/external-services/cname.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.externalServices.enabled .Values.externalServices.services }}
+{{- range $service, $service_config := .Values.externalServices.services }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ get $service_config "internalName" }}
+  namespace: {{ $.Values.namespace }}
+spec:
+  type: ExternalName
+  externalName: {{ get $service_config "target" }}
+{{ end }}
+{{ end }}
diff --git a/swh/templates/vault/rpc-ingress-cname.yaml b/swh/templates/vault/rpc-ingress-cname.yaml
deleted file mode 100644
index 88bf9a507..000000000
--- a/swh/templates/vault/rpc-ingress-cname.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-{{- if and .Values.vault.enabled .Values.vault.ingress .Values.vault.ingress.enabled .Values.vault.ingress.ingressControllerServiceUrl }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.vault.ingress.host }}
-  namespace: {{ .Values.namespace }}
-spec:
-  type: ExternalName
-  externalName: {{ .Values.vault.ingress.ingressControllerServiceUrl }}
-{{ end }}
diff --git a/swh/values.yaml b/swh/values.yaml
index ce49026ac..71f5f893c 100644
--- a/swh/values.yaml
+++ b/swh/values.yaml
@@ -792,6 +792,16 @@ toolbox:
   #   vault:
   #     vaultConfigurationRef: postgresqlVaultConfiguration
 
+externalServices:
+  enabled: false
+  services:
+    # vault:
+    #   # Configure to create a CNAME equivalent to the ingress controller service. This
+    #   # allows to use the ingress internally and avoid recording an external dns entry.
+    #   # Unstable & subject to change
+    #   internalName: vault-rpc
+    #   target: ingress-nginx-controller.ingress-nginx.svc.cluster.local
+
 vault:
   enabled: false
   port: 5005
@@ -832,12 +842,8 @@ vault:
   #   # Optional: the ingress classname to use
   #   # className: nginx
   #   # mandatory if ingress is enabled
-  #   # the hostname on which the storage must be reachable
-  #   # host: vault-rpc
-  #   # (optional) Configure to create a CNAME equivalent to the ingress controller service. This
-  #   # allows to use the ingress internally and avoid recording an external dns entry in
-  #   # our swh DNS server (pergamon). Unstable & subject to change
-  #   ingressControllerServiceUrl: ingress-nginx-controller.ingress-nginx.svc.cluster.local
+  #   # the hostname on which the vault must be reachable
+  #   host: vault-rpc
   #   extraAnnotations:
   #     nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
   #     nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
diff --git a/swh/values/staging/default.yaml b/swh/values/staging/default.yaml
index 54db15a1f..718558f2b 100644
--- a/swh/values/staging/default.yaml
+++ b/swh/values/staging/default.yaml
@@ -215,6 +215,17 @@ webThrottling:
         default: 120/h
         POST: 10/h
 
+externalServices:
+  enabled: true
+  services:
+    vault:
+      internalName: vault-rpc-ingress
+      target: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
+
+vault:
+  ingress:
+    host: vault-rpc-ingress
+
 memcached:
   enabled: true
 
diff --git a/swh/values/staging/swh-cassandra.yaml b/swh/values/staging/swh-cassandra.yaml
index 2b3a30124..bf9f70e96 100644
--- a/swh/values/staging/swh-cassandra.yaml
+++ b/swh/values/staging/swh-cassandra.yaml
@@ -658,13 +658,6 @@ vault:
     enabled: true
     # Optional: the ingress classname to use
     # className: nginx
-    # mandatory if ingress is enabled
-    # the hostname on which the storage must be reachable
-    host: vault-rpc-ingress
-    # Configure to create a CNAME equivalent to the ingress controller service. This
-    # allows to use the ingress internally and avoid recording an external dns entry in
-    # our swh DNS server (pergamon). Unstable & subject to change
-    ingressControllerServiceUrl: archive-staging-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
     extraAnnotations:
       nginx.ingress.kubernetes.io/proxy-connect-timeout: "90"
       nginx.ingress.kubernetes.io/proxy-send-timeout: "90"
-- 
GitLab