Merge pull request #26 from startechnica/freeradius

[freeradius] Release v0.1.7

charts/freeradius/Chart.yaml

@@ -36,4 +36,4 @@ name: freeradius
 sources:
   - https://freeradius.org/
 type: application
-version: 0.1.6
+version: 0.1.7

charts/freeradius/templates/Certificate.yaml

@@ -18,7 +18,7 @@ metadata:
   {{- end }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
   {{- if .Values.commonLabels }}
-  {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
   {{- end }}
 spec:
   secretName: {{ include "freeradius.tlsSecretName" . }}

charts/freeradius/templates/Deployment.yaml

@@ -2,7 +2,7 @@
 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
-  name: {{ template "common.names.fullname" . }}
+  name: {{ include "common.names.fullname" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
     app.kubernetes.io/component: freeradius
@@ -44,7 +44,7 @@ spec:
         podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
         nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
       {{- end }}
-        {{- include "freeradius.imagePullSecrets" . | nindent 6 }}
+      {{- include "freeradius.imagePullSecrets" . | nindent 6 }}
       {{- if .Values.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
       {{- end }}
@@ -98,7 +98,7 @@ spec:
       {{- end }}
       containers:
         - name: freeradius
-          image: {{ template "freeradius.image" . }}
+          image: {{ include "freeradius.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -183,7 +183,13 @@ spec:
               command:
                 - sh
                 - -c
-                - >-
+                - |
+                  {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+                  if [[ ! -f "{{ .Values.persistence.mountPath }}/.user_scripts_initialized" ]]; then
+                      echo "Init scripts still not executed. Skipping check"
+                      exit 1
+                  fi
+                  {{- end }}
                   /bin/echo "Message-Authenticator = 0x00" | /usr/bin/radclient 127.0.0.1:${FREERADIUS_SITES_STATUS_PORT} status ${FREERADIUS_SITES_STATUS_SECRET}
           {{- end }}
           {{- if .Values.livenessProbe.enabled }}
@@ -219,6 +225,15 @@ spec:
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
             {{- end }}
+            {{- if or (.Files.Glob "files/radiusd.conf") .Values.freeradiusConfiguration .Values.configurationConfigMap }}
+            - name: freeradius-config
+              mountPath: /etc/freeradius/radiusd.conf
+              subPath: radiusd.conf
+            {{- end }}
+            {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+            - name: custom-init-scripts
+              mountPath: /docker-entrypoint-initdb.d
+            {{- end }}
             {{- if .Values.modsEnabled.sql.enabled }}
             - name: freeradius-mods
               mountPath: /etc/freeradius/mods-enabled/sql
@@ -272,10 +287,19 @@ spec:
         - name: freeradius-tls
           secret:
             secretName: {{ include "freeradius.tlsSecretName" . }}
-            # defaultMode: 420
         - name: shared-certs
           emptyDir: {}
         {{- end }}
+        {{- if or (.Files.Glob "files/radiusd.conf") .Values.freeradiusConfiguration .Values.configurationConfigMap }}
+        - name: freeradius-config
+          configMap:
+            name: {{ include "freeradius.configurationCM" . }}
+        {{- end }}
+        {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+        - name: custom-init-scripts
+          configMap:
+            name: {{ include "freeradius.initdbScriptsCM" . }}
+        {{- end }}
         {{- if .Values.extraVolumes }}
           {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
         {{- end }}

charts/freeradius/templates/NetworkPolicy.yaml

@@ -18,18 +18,24 @@ spec:
   ingress:
     - ports:
         - port: {{ .Values.containerPorts.auth }}
+          protocol: UDP
         - port: {{ .Values.containerPorts.acct }}
+          protocol: UDP
         {{- if .Values.tls.enabled }}
         - port: {{ .Values.containerPorts.radsec }}
+          protocol: TCP
         {{- end }}
         {{- if .Values.metrics.enabled }}
         - port: {{ .Values.containerPorts.metrics }}
+          protocol: TCP
         {{- end }}
         {{- if .Values.sitesEnabled.coa.enabled }}
         - port: {{ .Values.containerPorts.coa }}
+          protocol: UDP
         {{- end }}
         {{- if .Values.sitesEnabled.status.enabled }}
         - port: {{ .Values.containerPorts.status }}
+          protocol: UDP
         {{- end }}
       {{- if not .Values.networkPolicy.allowExternal }}
       from:

charts/freeradius/templates/PodDisruptionBudget.yaml

@@ -3,10 +3,10 @@ apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
 kind: PodDisruptionBudget
 metadata:
   name: {{ template "common.names.fullname" . }}
-  namespace: {{ .Release.Namespace | quote }}
+  namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
     {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
     {{- end }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

charts/freeradius/templates/PrometheusRule.yaml

@@ -2,7 +2,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
-  name: {{ template "common.names.fullname" . }}
+  name: {{ include "common.names.fullname" . }}
   namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
   {{- if .Values.commonLabels }}

charts/freeradius/templates/Role.yaml

@@ -2,7 +2,7 @@
 apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: Role
 metadata:
-  name: {{ template "common.names.fullname" . }}
+  name: {{ include "common.names.fullname" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
   {{- if .Values.commonLabels }}
@@ -15,8 +15,10 @@ rules:
   - apiGroups:
       - ""
     resources:
-      - endpoints
+      - secrets
+      - configmaps
     verbs:
       - get
       - list
+      - watch
 {{- end }}

charts/freeradius/templates/RoleBinding.yaml

@@ -2,7 +2,7 @@
 apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: RoleBinding
 metadata:
-  name: {{ template "common.names.fullname" . }}
+  name: {{ include "common.names.fullname" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
   {{- if .Values.commonLabels }}
@@ -13,9 +13,9 @@ metadata:
   {{- end }}
 subjects:
   - kind: ServiceAccount
-    name: {{ template "freeradius.serviceAccountName" . }}
+    name: {{ include "freeradius.serviceAccountName" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ template "common.names.fullname" . }}
+  name: {{ include "common.names.fullname" . }}
 {{- end }}

charts/freeradius/templates/Service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "common.names.fullname" . }}
+  name: {{ include "common.names.fullname" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
     app.kubernetes.io/component: freeradius
@@ -52,7 +52,7 @@ spec:
       port: {{ .Values.service.ports.auth }}
       protocol: UDP
       targetPort: {{ .Values.containerPorts.auth }}
-      {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (coalesce .Values.service.nodePorts.auth .Values.service.nodePort)) }}
+      {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) .Values.service.nodePorts.auth) }}
       nodePort: {{ coalesce .Values.service.nodePorts.auth .Values.service.nodePort }}
       {{- else if eq .Values.service.type "ClusterIP" }}
       nodePort: null

charts/freeradius/templates/ServiceAccount.yaml

@@ -7,7 +7,7 @@ metadata:
   labels: {{- include "common.labels.standard" . | nindent 4 }}
     app.kubernetes.io/component: freeradius
     {{- if .Values.commonLabels }}
-    {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
+      {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }}
     {{- end }}
   {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
   annotations:

charts/freeradius/templates/_helpers.tpl

@@ -1,31 +1,3 @@
-{{/* Expand the name of the chart. */}}
-{{- define "freeradius.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "freeradius.fullname" -}}
-{{- if .Values.fullnameOverride }}
-  {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-  {{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-  {{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-  {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end -}}
-
-{{/* Create chart name and version as used by the chart label. */}}
-{{- define "freeradius.chart" -}}
-  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end -}}
-
 {{/* Return the proper FreeRADIUS image name */}}
 {{- define "freeradius.image" -}}
   {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
@@ -41,26 +13,10 @@ If release name contains chart name it will be used as a full name.
   {{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
 {{- end -}}
 
-{{/* Common labels */}}
-{{- define "freeradius.labels" -}}
-helm.sh/chart: {{ include "freeradius.chart" . }}
-{{ include "freeradius.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/* Selector labels */}}
-{{- define "freeradius.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "freeradius.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
 {{/* Create the name of the service account to use */}}
 {{- define "freeradius.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-  {{- default (include "freeradius.fullname" .) .Values.serviceAccount.name }}
+  {{- default (include "common.names.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
   {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
@@ -210,6 +166,25 @@ freeradius: tls.enabled
 {{- end -}}
 {{- end -}}
 
+{{/* Get the configuration ConfigMap name. */}}
+{{- define "freeradius.configurationCM" -}}
+{{- if .Values.configurationConfigMap -}}
+  {{- printf "%s" (tpl .Values.configurationConfigMap $) -}}
+{{- else -}}
+  {{- printf "%s-configuration" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{ template "freeradius.initdbScriptsCM" . }}
+{{/* Get the initialization scripts ConfigMap name. */}}
+{{- define "freeradius.initdbScriptsCM" -}}
+{{- if .Values.initdbScriptsConfigMap -}}
+  {{- printf "%s" .Values.initdbScriptsConfigMap -}}
+{{- else -}}
+  {{- printf "%s-init-scripts" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
 {{/* Return the FreeRADIUS PVC name. */}}
 {{- define "freeradius.claimName" -}}
 {{- if .Values.persistence.existingClaim }}

charts/freeradius/values-test.yaml

@@ -1,11 +1,6 @@
-# image:
-# #   registry: tccr.io
-# #   repository: truecharts/freeradius
-#   # tag: "3.2.0"
-
 # persistence:
 #   enabled: true
-#   storageClass: openebs-jiva-noreplica
+#   storageClass: 
 
 service:
   type: LoadBalancer