X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Fng-ui%2Fsrc%2Fcharm.py;h=39675d05732a0831abb3b2e5f6911d8b36e50748;hb=93e14ef514e68b0d060f359c8b33c962f61393e2;hp=4d2bb85d6b6043319cdaea26a359989fcd5db14e;hpb=49379ced23b5e344a773ce77ac9cb59c1864e19b;p=osm%2Fdevops.git diff --git a/installers/charm/ng-ui/src/charm.py b/installers/charm/ng-ui/src/charm.py index 4d2bb85d..39675d05 100755 --- a/installers/charm/ng-ui/src/charm.py +++ b/installers/charm/ng-ui/src/charm.py @@ -23,32 +23,25 @@ # pylint: disable=E0213 -import logging -from typing import Optional, NoReturn from ipaddress import ip_network +import logging +from pathlib import Path +from string import Template +from typing import NoReturn, Optional from urllib.parse import urlparse from ops.main import main - from opslib.osm.charm import CharmedOsmBase, RelationsMissing - +from opslib.osm.interfaces.http import HttpClient from opslib.osm.pod import ( ContainerV3Builder, - PodSpecV3Builder, FilesV3Builder, IngressResourceV3Builder, + PodSpecV3Builder, ) +from opslib.osm.validator import ModelValidator, validator -from opslib.osm.validator import ( - ModelValidator, - validator, -) - -from opslib.osm.interfaces.http import HttpClient -from string import Template -from pathlib import Path - logger = logging.getLogger(__name__) @@ -57,8 +50,12 @@ class ConfigModel(ModelValidator): server_name: str max_file_size: int site_url: Optional[str] + cluster_issuer: Optional[str] + ingress_class: Optional[str] ingress_whitelist_source_range: Optional[str] tls_secret_name: Optional[str] + image_pull_policy: str + security_context: bool @validator("port") def validate_port(cls, v): @@ -86,6 +83,18 @@ class ConfigModel(ModelValidator): ip_network(v) return v + @validator("image_pull_policy") + def validate_image_pull_policy(cls, v): + values = { + "always": "Always", + "ifnotpresent": "IfNotPresent", + "never": "Never", + } + v = v.lower() + if v not in values.keys(): + raise ValueError("value must be always, ifnotpresent or never") + return values[v] + class NgUiCharm(CharmedOsmBase): def __init__(self, *args) -> NoReturn: @@ -108,7 +117,7 @@ class NgUiCharm(CharmedOsmBase): files_builder = FilesV3Builder() files_builder.add_file( "default", - Template(Path("files/default").read_text()).substitute( + Template(Path("templates/default.template").read_text()).substitute( port=config.port, server_name=config.server_name, max_file_size=config.max_file_size, @@ -124,9 +133,16 @@ class NgUiCharm(CharmedOsmBase): # Check relations self._check_missing_dependencies(config) # Create Builder for the PodSpec - pod_spec_builder = PodSpecV3Builder() + pod_spec_builder = PodSpecV3Builder( + enable_security_context=config.security_context + ) # Build Container - container_builder = ContainerV3Builder(self.app.name, image_info) + container_builder = ContainerV3Builder( + self.app.name, + image_info, + config.image_pull_policy, + run_as_non_root=config.security_context, + ) container_builder.add_port(name=self.app.name, port=config.port) container = container_builder.build() container_builder.add_tcpsocket_readiness_probe( @@ -154,8 +170,10 @@ class NgUiCharm(CharmedOsmBase): str(config.max_file_size) + "m" if config.max_file_size > 0 else config.max_file_size - ), + ) } + if config.ingress_class: + annotations["kubernetes.io/ingress.class"] = config.ingress_class ingress_resource_builder = IngressResourceV3Builder( f"{self.app.name}-ingress", annotations ) @@ -165,6 +183,9 @@ class NgUiCharm(CharmedOsmBase): "nginx.ingress.kubernetes.io/whitelist-source-range" ] = config.ingress_whitelist_source_range + if config.cluster_issuer: + annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer + if parsed.scheme == "https": ingress_resource_builder.add_tls( [parsed.hostname], config.tls_secret_name