sa-charts/helm/kibana/templates/_helpers.tpl

{{/* vim: set filetype=mustache: */}}

{{/*
Return the proper Kibana image name
*/}}
{{- define "kibana.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}

{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "kibana.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}

{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "kibana.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
{{- end -}}

{{/*
Return true if the deployment should include dashboards
*/}}
{{- define "kibana.importSavedObjects" -}}
{{- if or .Values.savedObjects.configmap .Values.savedObjects.urls }}
    {{- true -}}
{{- end -}}
{{- end -}}

{{/*
Set Elasticsearch URL.
*/}}
{{- define "kibana.elasticsearch.url" -}}
{{- if .Values.elasticsearch.hosts -}}
{{- $totalHosts := len .Values.elasticsearch.hosts -}}
{{- $protocol := ternary "https" "http" .Values.elasticsearch.security.tls.enabled -}}
{{- range $i, $hostTemplate := .Values.elasticsearch.hosts -}}
{{- $host := tpl $hostTemplate $ }}
{{- printf "%s://%s:%s" $protocol $host (include "kibana.elasticsearch.port" $) -}}
{{- if (lt ( add1 $i ) $totalHosts ) }}{{- printf "," -}}{{- end }}
{{- end -}}
{{- end -}}
{{- end -}}

{{/*
Set Elasticsearch Port.
*/}}
{{- define "kibana.elasticsearch.port" -}}
{{- .Values.elasticsearch.port -}}
{{- end -}}

{{/*
Set Elasticsearch PVC.
*/}}
{{- define "kibana.pvc" -}}
{{- .Values.persistence.existingClaim | default (include "common.names.fullname" .) -}}
{{- end -}}

{{/*
Get the initialization scripts Secret name.
*/}}
{{- define "kibana.initScriptsSecret" -}}
{{- printf "%s" (tpl .Values.initScriptsSecret $) -}}
{{- end -}}

{{/*
Get the initialization scripts configmap name.
*/}}
{{- define "kibana.initScriptsCM" -}}
{{- printf "%s" (tpl .Values.initScriptsCM $) -}}
{{- end -}}

{{/*
Get the saved objects configmap name.
*/}}
{{- define "kibana.savedObjectsCM" -}}
{{- printf "%s" (tpl .Values.savedObjects.configmap $) -}}
{{- end -}}

{{/*
Set Elasticsearch Port.
*/}}
{{- define "kibana.configurationCM" -}}
{{- .Values.configurationCM | default (printf "%s-conf" (include "common.names.fullname" .)) -}}
{{- end -}}

{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "kibana.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "kibana.validateValues.noElastic" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.configConflict" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.extraVolumes" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.tls" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.elasticsearch.auth" .) -}}
{{- $messages := append $messages (include "kibana.validateValues.elasticsearch.tls" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}

{{- if $message -}}
{{-   printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}

{{/* Validate values of Kibana - must provide an ElasticSearch */}}
{{- define "kibana.validateValues.noElastic" -}}
{{- if and (not .Values.elasticsearch.hosts) (not .Values.elasticsearch.port) -}}
kibana: no-elasticsearch
    You did not specify an external Elasticsearch instance.
    Please set elasticsearch.hosts and elasticsearch.port
{{- else if and (not .Values.elasticsearch.hosts) .Values.elasticsearch.port }}
kibana: missing-es-settings-host
    You specified the external Elasticsearch port but not the host. Please
    set elasticsearch.hosts
{{- else if and .Values.elasticsearch.hosts (not .Values.elasticsearch.port) }}
kibana: missing-es-settings-port
    You specified the external Elasticsearch hosts but not the port. Please
    set elasticsearch.port
{{- end -}}
{{- end -}}

{{/* Validate values of Kibana - configuration conflict */}}
{{- define "kibana.validateValues.configConflict" -}}
{{- if and (.Values.extraConfiguration) (.Values.configurationCM) -}}
kibana: conflict-configuration
    You specified a ConfigMap with kibana.yml and a set of settings to be added
    to the default kibana.yml. Please only set either extraConfiguration or configurationCM
{{- end -}}
{{- end -}}

{{/* Validate values of Kibana - Incorrect extra volume settings */}}
{{- define "kibana.validateValues.extraVolumes" -}}
{{- if and (.Values.extraVolumes) (not .Values.extraVolumeMounts) -}}
kibana: missing-extra-volume-mounts
    You specified extra volumes but not mount points for them. Please set
    the extraVolumeMounts value
{{- end -}}
{{- end -}}

{{/* Validate values of Kibana - No certificates for Kibana server */}}
{{- define "kibana.validateValues.tls" -}}
{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) (not .Values.tls.autoGenerated) -}}
kibana: tls.enabled
    In order to enable HTTPS for Kibana, you also need to provide an existing secret
    containing the TLS certificates (--set tls.existingSecret="my-secret") or enable
    auto-generated certificates (--set elasticsearch.security.auth.existingSecret="true").
{{- end -}}
{{- end -}}

{{/* Validate values of Kibana - No credentials for Elasticsearch auth */}}
{{- define "kibana.validateValues.elasticsearch.auth" -}}
{{- if and .Values.elasticsearch.security.auth.enabled (not .Values.elasticsearch.security.auth.kibanaPassword) (not .Values.elasticsearch.security.auth.existingSecret) -}}
kibana: missing-kibana-credentials
    You enabled Elasticsearch authentication but you didn't provide the required credentials for
    Kibana to connect. Please provide them (--set elasticsearch.security.auth.kibanaPassword="XXXXX")
    or the name of an existing secret containing them (--set elasticsearch.security.auth.existingSecret="my-secret").
{{- end -}}
{{- end -}}

{{/* Validate values of Kibana - Elasticsearch HTTPS no trusted CA */}}
{{- define "kibana.validateValues.elasticsearch.tls" -}}
{{- if and .Values.elasticsearch.security.tls.enabled (ne "none" .Values.elasticsearch.security.tls.verificationMode) (not .Values.elasticsearch.security.tls.existingSecret) -}}
kibana: missing-elasticsearch-trusted-ca
    You configured communication with Elasticsearch REST API using HTTPS and
    verification enabled but no existing secret containing the Truststore or CA
    certificate was provided (--set elasticsearch.security.tls.existingSecret="my-secret").
{{- end -}}
{{- end -}}

{{/*
Check if there are rolling tags in the images
*/}}
{{- define "kibana.checkRollingTags" -}}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- end -}}

{{/*
Return the secret containing Kibana TLS certificates
*/}}
{{- define "kibana.tlsSecretName" -}}
{{- $secretName := .Values.tls.existingSecret -}}
{{- if $secretName -}}
    {{- printf "%s" (tpl $secretName $) -}}
{{- else -}}
    {{- printf "%s-crt" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}

{{/*
Return true if a TLS secret object should be created
*/}}
{{- define "kibana.createTlsSecret" -}}
{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }}
    {{- true -}}
{{- end -}}
{{- end -}}

{{/*
basePath URL in use by the APIs.
*/}}
{{- define "kibana.basePath" -}}
{{- if  (.Values.configuration.server.rewriteBasePath) }}
{{- .Values.configuration.server.basePath -}}
{{- end -}}
{{- end -}}

{{/*
Return true if a Passwords secret object should be created
*/}}
{{- define "kibana.createSecret" -}}
{{- $kibanaPassword := and .Values.elasticsearch.security.auth.enabled (not .Values.elasticsearch.security.auth.existingSecret) -}}
{{- $serverTlsPassword := and .Values.tls.enabled (or .Values.tls.keystorePassword .Values.tls.keyPassword) (not .Values.tls.passwordsSecret) -}}
{{- $elasticsearchTlsPassword := and .Values.elasticsearch.security.tls.enabled .Values.elasticsearch.security.tls.truststorePassword (not .Values.elasticsearch.security.tls.passwordsSecret) -}}
{{- if or $kibanaPassword $serverTlsPassword $elasticsearchTlsPassword }}
    {{- true -}}
{{- end -}}
{{- end -}}

{{/*
Return the name of secret containing the Elasticsearch auth credentials
*/}}
{{- define "kibana.elasticsearch.auth.secretName" -}}
{{- if .Values.elasticsearch.security.auth.existingSecret -}}
  {{- printf "%s" .Values.elasticsearch.security.auth.existingSecret -}}
{{- else -}}
  {{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}

{{/*
Return the name of secret containing the Elasticsearch auth credentials
*/}}
{{- define "kibana.elasticsearch.tls.secretName" -}}
{{- if .Values.elasticsearch.security.tls.passwordsSecret -}}
  {{- printf "%s" .Values.elasticsearch.security.tls.passwordsSecret -}}
{{- else -}}
  {{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}

{{/*
Return the name of secret containing the Elasticsearch auth credentials
*/}}
{{- define "kibana.tls.secretName" -}}
{{- if .Values.tls.passwordsSecret -}}
  {{- printf "%s" .Values.tls.passwordsSecret -}}
{{- else -}}
  {{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}

{{/*
Create the name of the service account to use
*/}}
{{- define "kibana.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
    {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}