Update port names and numbers for insecure mode (#103)

Signed-off-by: Travis Groth <[email protected]>

charts/pomerium/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: pomerium
-version: 9.0.0
+version: 9.1.0
 appVersion: 0.8.0
 home: http://www.pomerium.io/
 icon: https://www.pomerium.io/logo-long.svg

charts/pomerium/templates/_helpers.tpl

@@ -266,4 +266,35 @@ Adapted from : https://github.com/helm/charts/blob/master/stable/drone/templates
 {{- if .Values.operator.enabled -}}
 {{- default (printf "%s-base" (include "pomerium.fullname" .)) .Values.config.existingSecret -}}
 {{- end -}}
+{{- end -}}
+
+{{/*Expand the port number for secure or insecure mode */}}
+{{- define "pomerium.trafficPort.number" -}}
+{{- if .Values.config.insecure -}}
+80
+{{- else -}}
+443
+{{- end -}}
+{{- end -}}
+
+{{/*Expand the port name for secure or insecure mode */}}
+{{- define "pomerium.trafficPort.name" -}}
+{{- if .Values.config.insecure -}}
+http
+{{- else -}}
+https
+{{- end -}}
+{{- end -}}
+
+{{/*Expand the service port number for secure or insecure mode */}}
+{{- define "pomerium.service.externalPort" -}}
+{{- if .Values.service.externalPort -}}
+{{- .Values.service.externalPort -}}
+{{- else -}}
+{{-   if .Values.config.insecure -}}
+80
+{{-   else -}}
+443
+{{-   end -}}
+{{- end -}}
 {{- end -}}

charts/pomerium/templates/authenticate-deployment.yaml

@@ -93,16 +93,16 @@ spec:
           value: {{ quote $value }}
 {{- end }}
         ports:
-          - containerPort: 443
-            name: https
+          - containerPort: {{ template "pomerium.trafficPort.number" . }}
+            name: {{ template "pomerium.trafficPort.name" . }}
             protocol: TCP
           - containerPort: {{ .Values.metrics.port }}
             name: metrics
             protocol: TCP
         livenessProbe:
           httpGet:
             path: /ping
-            port: https
+            port: {{ template "pomerium.trafficPort.name" . }}
 {{- if .Values.config.insecure }}
             scheme: HTTP
 {{- else }}
@@ -111,7 +111,7 @@ spec:
         readinessProbe:
           httpGet:
             path: /ping
-            port: https
+            port: {{ template "pomerium.trafficPort.name" . }}
 {{- if .Values.config.insecure }}
             scheme: HTTP
 {{- else }}

charts/pomerium/templates/authenticate-service.yaml

@@ -26,10 +26,10 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.externalPort }}
-      targetPort: https
+    - port: {{ template "pomerium.service.externalPort" . }}
+      targetPort: {{ template "pomerium.trafficPort.name" . }}
       protocol: TCP
-      name: https
+      name: {{ template "pomerium.trafficPort.name" . }}
     - name: metrics
       port: {{ .Values.metrics.port }}
       protocol: TCP

charts/pomerium/templates/authorize-deployment.yaml

@@ -85,19 +85,19 @@ spec:
           value: {{ quote $value }}
 {{- end }}
         ports:
-          - containerPort: 443
-            name: https
+          - containerPort: {{ template "pomerium.trafficPort.number" . }}
+            name: {{ template "pomerium.trafficPort.name" . }}
             protocol: TCP
           - containerPort: {{ .Values.metrics.port }}
             name: metrics
             protocol: TCP
         livenessProbe:
           tcpSocket:
-            port: https
+            port: {{ template "pomerium.trafficPort.name" . }}
           initialDelaySeconds: 15
         readinessProbe:
           tcpSocket:
-            port: https
+            port: {{ template "pomerium.trafficPort.name" . }}
         resources:
 {{ toYaml .Values.resources | indent 10 }}
         volumeMounts:

charts/pomerium/templates/authorize-service.yaml

@@ -31,10 +31,10 @@ spec:
   type: {{ .Values.service.type }}
 {{- end }}
   ports:
-    - port: {{ .Values.service.externalPort }}
-      targetPort: https
+    - port: {{ template "pomerium.service.externalPort" . }}
+      targetPort: {{ template "pomerium.trafficPort.name" . }}
       protocol: TCP
-      name: https
+      name: {{ template "pomerium.trafficPort.name" . }}
     - name: metrics
       port: {{ .Values.metrics.port }}
       protocol: TCP

charts/pomerium/templates/cache-deployment.yaml

@@ -83,19 +83,19 @@ spec:
           value: {{ quote $value }}
 {{- end }}
         ports:
-          - containerPort: 443
-            name: https
+          - containerPort: {{ template "pomerium.trafficPort.number" . }}
+            name: {{ template "pomerium.trafficPort.name" . }}
             protocol: TCP
           - containerPort: {{ .Values.metrics.port }}
             name: metrics
             protocol: TCP
         livenessProbe:
           tcpSocket:
-            port: https
+            port: {{ template "pomerium.trafficPort.name" . }}
           initialDelaySeconds: 15
         readinessProbe:
           tcpSocket:
-            port: https
+            port: {{ template "pomerium.trafficPort.name" . }}
         resources:
 {{ toYaml .Values.resources | indent 10 }}
         volumeMounts:

charts/pomerium/templates/cache-service.yaml

@@ -31,10 +31,10 @@ spec:
   type: {{ .Values.service.type }}
 {{- end }}
   ports:
-    - port: {{ .Values.service.externalPort }}
-      targetPort: https
+    - port: {{ template "pomerium.service.externalPort" . }}
+      targetPort: {{ template "pomerium.trafficPort.name" . }}
       protocol: TCP
-      name: https
+      name: {{ template "pomerium.trafficPort.name" . }}
     - name: metrics
       port: {{ .Values.metrics.port }}
       protocol: TCP

charts/pomerium/templates/ingress.yaml

@@ -37,7 +37,7 @@ spec:
           - paths:
             backend:
               serviceName: {{ template "pomerium.proxy.fullname" $ }}
-              servicePort: https
+              servicePort: {{ template "pomerium.trafficPort.name" $ }}
     {{- end }}
     {{- if not (or .Values.ingress.hosts .Values.forwardAuth.enabled) }}
     {{- range .Values.config.policy }}
@@ -47,7 +47,7 @@ spec:
           - paths:
             backend:
               serviceName: {{ template "pomerium.proxy.fullname" $ }}
-              servicePort: https
+              servicePort: {{ template "pomerium.trafficPort.name" $ }}
     {{- end }}
     {{- end }}
     {{- if and (.Values.forwardAuth.enabled) (not .Values.forwardAuth.internal)}}
@@ -57,7 +57,7 @@ spec:
           - paths:
             backend:
               serviceName: {{ template "pomerium.proxy.fullname" . }}
-              servicePort: https
+              servicePort: {{ template "pomerium.trafficPort.name" . }}
     {{- end }}
     {{- if not .Values.service.authorize.headless }}
     - host:  {{ printf "authorize.%s" .Values.config.rootDomain }}
@@ -66,13 +66,13 @@ spec:
           - paths:
             backend:
               serviceName: {{ template "pomerium.authorize.fullname" . }}
-              servicePort: https
+              servicePort: {{ template "pomerium.trafficPort.name" . }}
     {{- end }}
     - host: {{ printf "authenticate.%s" .Values.config.rootDomain }}
       http:
         paths:
           - paths:
             backend:
               serviceName: {{ template "pomerium.authenticate.fullname" . }}
-              servicePort: https
+              servicePort: {{ template "pomerium.trafficPort.name" . }}
 {{- end }}

charts/pomerium/templates/proxy-deployment.yaml

@@ -94,16 +94,16 @@ spec:
           value: {{ quote $value }}
 {{- end }}
         ports:
-          - containerPort: 443
-            name: https
+          - containerPort: {{ template "pomerium.trafficPort.number" . }}
+            name: {{ template "pomerium.trafficPort.name" . }}
             protocol: TCP
           - containerPort: {{ .Values.metrics.port }}
             name: metrics
             protocol: TCP
         livenessProbe:
           httpGet:
             path: /ping
-            port: https
+            port: {{ template "pomerium.trafficPort.name" . }}
 {{- if .Values.config.insecure }}
             scheme: HTTP
 {{- else }}
@@ -112,7 +112,7 @@ spec:
         readinessProbe:
           httpGet:
             path: /ping
-            port: https
+            port: {{ template "pomerium.trafficPort.name" . }}
 {{- if .Values.config.insecure }}
             scheme: HTTP
 {{- else }}

charts/pomerium/templates/proxy-service.yaml

@@ -26,10 +26,10 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.externalPort }}
-      targetPort: https
+    - port: {{ template "pomerium.service.externalPort" . }}
+      targetPort: {{ template "pomerium.trafficPort.name" . }}
       protocol: TCP
-      name: https
+      name: {{ template "pomerium.trafficPort.name" . }}
     - name: metrics
       port: {{ .Values.metrics.port }}
       protocol: TCP

charts/pomerium/templates/secret.yaml

@@ -28,6 +28,7 @@ metadata:
 type: Opaque
 stringData:
   config.yaml: |
+    address: :{{ template "pomerium.trafficPort.number" . }}
 {{- if and .Values.config.existingPolicy .Values.config.extraOpts }}
 {{ fail "Cannot use config.extraOpts with config.existingPolicy" }}
 {{- end }}

charts/pomerium/values.yaml

@@ -21,6 +21,7 @@ config:
   forceGenerateSigningKey: false
   extraOpts: {}
   existingPolicy: ""
+  insecure: false
   administrators: ""
   policy: []
 
@@ -158,7 +159,8 @@ service:
   cache:
     headless: true
   type: ClusterIP
-  externalPort: 443
+  # externalPort defaults to 80 or 443 depending on config.insecure
+  externalPort: ""
   annotations:
     {}
     # ===  GKE load balancer tweaks; default on until I can figure out