dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dev-tools/charts/nifi/templates/_helpers.tpl
dvirlabs aa51c3f9ca Add nifi
2026-06-04 11:46:59 +03:00

343 lines
10 KiB
Smarty
Raw Blame History

{{/*
Expand the name of the chart.
*/}}
{{- define "nifi.name" -}}
nifi
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "nifi.fullname" -}}
{{- $name := include "nifi.name" . }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "nifi.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "nifi.labels" -}}
helm.sh/chart: {{ include "nifi.chart" . }}
{{ include "nifi.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "nifi.selectorLabels" -}}
app.kubernetes.io/name: {{ include "nifi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- define "nifi.siteToSiteHostName" -}}
{{ printf "%s.%s" .Values.ingress.siteToSite.subDomain .Values.ingress.hostName }}
{{- end }}
{{- define "nifi.hostNodeList" -}}
{{- $ctx := . }} # Save the context in a variable
{{- range $i := until ($ctx.Values.global.nifi.nodeCount | int) }}
- {{ printf "%s-%d.%s.%s" (include "nifi.fullname" $ctx) $i (include "nifi.fullname" $ctx) $ctx.Release.Namespace }}
{{- end }}
{{- end }}
{{- define "nifi.ingressNodeList" -}}
{{- range $i, $e := until (.Values.global.nifi.nodeCount | int) }}
{{ printf "- %s-%d.%s" (include "nifi.fullname" $) $i (include "nifi.siteToSiteHostName" $) }}
{{- end }}
{{- end }}
{{/*
NiFi Registry FQDN
*/}}
{{- define "nifi.registryUrl" -}}
{{ .Release.Name }}-{{ include "nifi-registry.fullname" . }}.{{ .Release.Namespace }}.svc
{{- end }}
{{/*
Certificate path constants
*/}}
{{- $keystoreFile := "keystore.p12" }}
{{- $truststoreFile := "truststore.p12" }}
{{- define "nifi.certPath" -}}
{{ "/opt/certmanager" }}
{{- end }}
{{- define "nifi.tlsPath" -}}
{{ "/opt/tls" }}
{{- end }}
{{/*
Certificate subject alternative names
*/}}
{{- define "nifi.certificateSubjectAltNames" }}
{{- $fullName := (include "nifi.fullname" . ) }}
{{- $namespace := .Release.Namespace }}
{{- printf "${POD_NAME}.%s.%s,%s-http.%s" $fullName $namespace $fullName $namespace }}
{{- with .Values.tls.subjectAltNames }}
{{- printf ",%s" (join "," .) }}
{{- end }}
{{- end }}
{{/*
Returns whether `.Values.extraPorts` contains one or more entries with either `nodePort` or `loadBalancerPort`
*/}}
{{- define "nifi.hasExternalPorts" -}}
{{- $hasNodePorts := false }}
{{- $hasLoadBalancerPorts := false }}
{{- range $name, $port := .Values.extraPorts }}
{{- if and (hasKey $port "nodePort") (gt (int $port.nodePort) 0) }}
{{- $hasNodePorts = true }}
{{- else if and (hasKey $port "loadBalancerPort") (gt (int $port.loadBalancerPort) 0) }}
{{- $hasLoadBalancerPorts = true }}
{{- end }}
{{- end }}
{{- if (or $hasNodePorts $hasLoadBalancerPorts) }}true{{ end }}
{{- end }}
{{/*
Common NiFi keystore environment variables
*/}}
{{- define "nifi.keystoreEnvironment" -}}
- name: KEYSTORE_PATH
value: {{ include "nifi.tlsPath" . }}/keystore.p12
- name: KEYSTORE_TYPE
value: PKCS12
- name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default "certificate-keystore-password" .Values.global.tls.certificate.keystorePasswordSecretRef.name | quote }}
key: {{ .Values.global.tls.certificate.keystorePasswordSecretRef.key | quote }}
- name: TRUSTSTORE_PATH
value: {{ include "nifi.tlsPath" . }}/truststore.p12
- name: TRUSTSTORE_TYPE
value: PKCS12
- name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ default "certificate-keystore-password" .Values.global.tls.certificate.keystorePasswordSecretRef.name | quote }}
key: {{ .Values.global.tls.certificate.keystorePasswordSecretRef.key | quote }}
{{- end }}
{{/*
Common NiFi OIDC environment variables
*/}}
{{- define "nifi.oidcEnvironment" -}}
{{- with .Values.global.oidc -}}
- name: AUTH
value: oidc
- name: NIFI_SECURITY_USER_OIDC_DISCOVERY_URL
value: {{ .oidc_url | quote }}
- name: NIFI_SECURITY_USER_OIDC_CLIENT_ID
value: {{ .client_id | quote }}
{{- if .client_secretFrom }}
- name: NIFI_SECURITY_USER_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .client_secretFrom.secretName | quote }}
key: {{ .client_secretFrom.secretKey | quote }}
{{- else if .client_secret }}
- name: NIFI_SECURITY_USER_OIDC_CLIENT_SECRET
value: {{ .client_secret | quote }}
{{- end }}
- name: NIFI_SECURITY_USER_OIDC_CLAIM_IDENTIFYING_USER
value: {{ .claim_identifying_user | quote }}
- name: INITIAL_ADMIN_IDENTITY
value: {{ .initial_admin_identity | quote }}
{{- end }}
{{- end }}
{{/*
Common NiFi LDAP environment variables
*/}}
{{- define "nifi.ldapEnvironment" -}}
{{- with .Values.global.ldap -}}
- name: AUTH
value: ldap
- name: LDAP_URL
value: {{ .url | quote }}
- name: LDAP_TLS_PROTOCOL
value: {{ .tlsProtocol | quote }}
- name: LDAP_AUTHENTICATION_STRATEGY
value: {{ .authenticationStrategy | quote }}
- name: LDAP_IDENTITY_STRATEGY
value: {{ .identityStrategy | quote }}
- name: INITIAL_ADMIN_IDENTITY
value: {{ .initialAdminIdentity | quote }}
- name: LDAP_MANAGER_DN
value: {{ .manager.distinguishedName | quote }}
- name: LDAP_MANAGER_PASSWORD
valueFrom:
secretKeyRef:
{{- toYaml .manager.passwordSecretRef | nindent 6 }}
- name: LDAP_USER_SEARCH_BASE
value: {{ .userSearchBase | quote }}
- name: LDAP_USER_SEARCH_FILTER
value: {{ .userSearchFilter | quote }}
{{- if or (eq .authenticationStrategy "LDAPS") (eq .authenticationStrategy "START_TLS") }}
- name: LDAP_TLS_KEYSTORE
value: {{ include "nifi.tlsPath" $ }}/keystore.p12
- name: LDAP_TLS_KEYSTORE_TYPE
value: PKCS12
- name: LDAP_TLS_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
{{- toYaml $.Values.global.tls.certificate.keystorePasswordSecretRef | nindent 6 }}
- name: LDAP_TLS_TRUSTSTORE
value: {{ include "nifi.tlsPath" $ }}/truststore.p12
- name: LDAP_TLS_TRUSTSTORE_TYPE
value: PKCS12
- name: LDAP_TLS_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
{{- toYaml $.Values.global.tls.certificate.keystorePasswordSecretRef | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Common NiFi Basic Authentication environment variables
Uses official NiFi Single User Authentication environment variables
Automatically disabled if OIDC or LDAP is enabled
*/}}
{{- define "nifi.basicAuthEnvironment" -}}
{{- /* Only enable basic auth if both OIDC and LDAP are disabled */ -}}
{{- if and (not .Values.global.oidc.enabled) (not .Values.global.ldap.enabled) -}}
{{- with .Values.global.basic -}}
- name: AUTH
value: single-user
- name: SINGLE_USER_CREDENTIALS_USERNAME
value: {{ .admin_username | quote }}
- name: SINGLE_USER_CREDENTIALS_PASSWORD
value: {{ .admin_password | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Determine if NiFi version is 2.0 or higher
*/}}
{{- define "nifi.isVersion2Plus" -}}
{{- $appVersion := .Chart.AppVersion | toString -}}
{{- $version := $appVersion | replace "v" "" | replace "-SNAPSHOT" "" -}}
{{- $majorVersion := $version | splitList "." | first | int -}}
{{- if ge $majorVersion 2 -}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/*
Determine the state management strategy to use
Returns: "kubernetes" or "zookeeper"
*/}}
{{- define "nifi.stateManagementStrategy" -}}
{{- $strategy := .Values.stateManagement.strategy | default "auto" -}}
{{- if eq $strategy "auto" -}}
{{- if eq (include "nifi.isVersion2Plus" .) "true" -}}
kubernetes
{{- else -}}
zookeeper
{{- end -}}
{{- else -}}
{{ $strategy }}
{{- end -}}
{{- end }}
{{/*
Check if ZooKeeper should be enabled
*/}}
{{- define "nifi.useZooKeeper" -}}
{{- if eq (include "nifi.stateManagementStrategy" .) "zookeeper" -}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/*
Check if Kubernetes state management should be used
*/}}
{{- define "nifi.useKubernetesStateManagement" -}}
{{- if eq (include "nifi.stateManagementStrategy" .) "kubernetes" -}}
true
{{- else -}}
false
{{- end -}}
{{- end }}
{{/*
Get the namespace for Kubernetes state management resources
Always uses the release namespace for security and simplicity
*/}}
{{- define "nifi.stateManagementNamespace" -}}
{{ .Release.Namespace }}
{{- end }}
{{/*
Common cluster environment variables (used by both state management strategies)
*/}}
{{- define "nifi.clusterEnvironment" -}}
- name: NIFI_CLUSTER_NODE_PROTOCOL_MAX_THREADS
value: {{ .Values.cluster.nodeProtocol.maxThreads | quote }}
{{- end }}
{{/*
Kubernetes state management environment variables
*/}}
{{- define "nifi.kubernetesStateEnvironment" -}}
- name: NIFI_CLUSTER_LEADER_ELECTION_IMPLEMENTATION
value: KubernetesLeaderElectionManager
- name: NIFI_CLUSTER_LEADER_ELECTION_KUBERNETES_LEASE_PREFIX
value: {{ .Values.stateManagement.kubernetes.leasePrefix | quote }}
- name: NIFI_CLUSTER_LEADER_ELECTION_KUBERNETES_LEASE_NAMESPACE
value: {{ include "nifi.stateManagementNamespace" . | quote }}
- name: NIFI_STATE_MANAGEMENT_PROVIDER_CLUSTER
value: kubernetes-provider
- name: NIFI_STATE_MANAGEMENT_KUBERNETES_CONFIG_MAP_NAME_PREFIX
value: {{ .Values.stateManagement.kubernetes.statePrefix | quote }}
- name: NIFI_STATE_MANAGEMENT_KUBERNETES_CONFIG_MAP_NAMESPACE
value: {{ include "nifi.stateManagementNamespace" . | quote }}
{{- end }}
{{/*
ZooKeeper state management environment variables
*/}}
{{- define "nifi.zookeeperStateEnvironment" -}}
{{- if .Values.zookeeper.enabled }}
- name: NIFI_ZK_CONNECT_STRING
value: "{{ .Release.Name }}-zookeeper:{{ .Values.zookeeper.external.port | default 2181 }}"
{{- else }}
- name: NIFI_ZK_CONNECT_STRING
value: "{{ .Values.zookeeper.external.url }}"
{{- end }}
- name: NIFI_ZK_ROOT_NODE
value: {{ .Values.zookeeper.rootNode | default "/nifi" | quote }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "nifi.serviceAccountName" -}}
{{- if .Values.global.serviceAccount.name }}
{{- .Values.global.serviceAccount.name }}
{{- else }}
{{- include "nifi.fullname" . }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink