Separate advertised protocol (http, https) from disabling TLS

charts/app-config-frontend/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.0.3
+version: 2.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/app-config-frontend/README.md

@@ -3,7 +3,7 @@
 # app-config-frontend
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/app-config-frontend)](https://artifacthub.io/packages/helm/radar-base/app-config-frontend)
 
-![Version: 2.0.3](https://img.shields.io/badge/Version-2.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.2](https://img.shields.io/badge/AppVersion-0.5.2-informational?style=flat-square)
+![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.2](https://img.shields.io/badge/AppVersion-0.5.2-informational?style=flat-square)
 
 A Helm chart for the frontend application of RADAR-base application config (app-config).
 
@@ -43,6 +43,8 @@ A Helm chart for the frontend application of RADAR-base application config (app-
 | securityContext | object | `{}` | Configure Appconfig containers' Security Context |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type |
 | service.port | int | `8080` | Appconfig frontend port |
+| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS |
+| advertised_protocol | string | `"https"` | The protocol in advertised URIs (https, http) |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |
 | ingress.path | string | `"/appconfig"` | Path within the url structure |

charts/app-config-frontend/templates/deployment.yaml

@@ -1,4 +1,3 @@
-{{ $https := ternary "http" "https" (or .Values.disable_tls (not .Values.ingress.tls)) }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -53,9 +52,9 @@ spec:
             - name: APP_CONFIG_URL
               value: /appconfig/api
             - name: AUTH_URL
-              value: {{ printf "%s://%s/managementportal/oauth" $https .Values.serverName }}
+              value: {{ printf "%s://%s/managementportal/oauth" .Values.advertised_protocol .Values.serverName }}
             - name: AUTH_CALLBACK_URL
-              value: {{ printf "%s://%s/appconfig/login" $https .Values.serverName }}
+              value: {{ printf "%s://%s/appconfig/login" .Values.advertised_protocol .Values.serverName }}
           {{- with .Values.extraEnvVars }}
             {{- toYaml . | nindent 10 }}
           {{- end }}

charts/app-config-frontend/values.yaml

@@ -44,6 +44,11 @@ service:
   # -- Appconfig frontend port
   port: 8080
 
+# -- Reconfigure Ingress to not force TLS
+disable_tls: false
+# -- The protocol in advertised URIs (https, http)
+advertised_protocol: https
+
 ingress:
   # -- Enable ingress controller resource
   enabled: true

charts/app-config/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "0.5.2"
 description: A Helm chart for RADAR-base application config (app-config) backend service which is used as mobile app configuration engine with per-project and per-user configuration.
 name: app-config
-version: 1.3.2
+version: 1.3.3
 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png"
 sources:
 - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/app-config

charts/app-config/README.md

@@ -3,7 +3,7 @@
 # app-config
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/app-config)](https://artifacthub.io/packages/helm/radar-base/app-config)
 
-![Version: 1.3.2](https://img.shields.io/badge/Version-1.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.2](https://img.shields.io/badge/AppVersion-0.5.2-informational?style=flat-square)
+![Version: 1.3.3](https://img.shields.io/badge/Version-1.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.2](https://img.shields.io/badge/AppVersion-0.5.2-informational?style=flat-square)
 
 A Helm chart for RADAR-base application config (app-config) backend service which is used as mobile app configuration engine with per-project and per-user configuration.
 
@@ -45,7 +45,7 @@ A Helm chart for RADAR-base application config (app-config) backend service whic
 | securityContext | object | `{}` | Configure Appconfig containers' Security Context |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type |
 | service.port | int | `8090` | Appconfig port |
-| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
+| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |
 | ingress.path | string | `"/appconfig/api"` | Path within the url structure |

charts/app-config/values.yaml

@@ -51,7 +51,7 @@ service:
   # -- Appconfig port
   port: 8090
 
-# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+# -- Reconfigure Ingress to not force TLS
 disable_tls: false
 
 ingress:

charts/cc-schema-registry-proxy/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "1.0"
 description: A Helm chart for Confluent Cloud schema registry proxy. This proxy service is used when RADAR-base platform is used with Confluent Cloud based schema registry. It forwards requests to schema registry with an additonal basic authentication header with Confluent Cloud schema registry credentials. This service will be enabled if `cc.enabled = true`.
 name: cc-schema-registry-proxy
-version: 0.3.2
+version: 0.3.3
 type: application
 home: "https://radar-base.org"
 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png"

charts/cc-schema-registry-proxy/README.md

@@ -3,7 +3,7 @@
 # cc-schema-registry-proxy
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/cc-schema-registry-proxy)](https://artifacthub.io/packages/helm/radar-base/cc-schema-registry-proxy)
 
-![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
+![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
 
 A Helm chart for Confluent Cloud schema registry proxy. This proxy service is used when RADAR-base platform is used with Confluent Cloud based schema registry. It forwards requests to schema registry with an additonal basic authentication header with Confluent Cloud schema registry credentials. This service will be enabled if `cc.enabled = true`.
 
@@ -34,7 +34,7 @@ A Helm chart for Confluent Cloud schema registry proxy. This proxy service is us
 | service.type | string | `"ExternalName"` | Kubernetes Service type, |
 | service.externalName | string | `"schema-registry-domain"` | Domain name used for pointing to actual schema registry instance |
 | service.port | int | `443` | Port number to connect to Confluent platform |
-| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
+| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |
 | ingress.path | string | `"/schema/?(.*)"` | Path within the url structure |

charts/cc-schema-registry-proxy/values.yaml

@@ -9,7 +9,7 @@ service:
   # -- Port number to connect to Confluent platform
   port: 443
 
-# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+# -- Reconfigure Ingress to not force TLS
 disable_tls: false
 
 ingress:

charts/data-dashboard-backend/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "0.2.2"
 name: data-dashboard-backend
 description: API for data in the data dashboard
-version: 0.3.4
+version: 0.3.5
 sources: ["https://github.com/thehyve/radar-data-dashboard-backend"]
 deprecated: false
 type: application

charts/data-dashboard-backend/README.md

@@ -2,7 +2,7 @@
 
 # data-dashboard-backend
 
-![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.2](https://img.shields.io/badge/AppVersion-0.2.2-informational?style=flat-square)
+![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.2](https://img.shields.io/badge/AppVersion-0.2.2-informational?style=flat-square)
 
 API for data in the data dashboard
 
@@ -40,7 +40,7 @@ API for data in the data dashboard
 | securityContext | object | `{}` | Configure container's Security Context |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type |
 | service.port | int | `9000` | data-dashboard-backend port |
-| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
+| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.ingressClassName | string | `"nginx"` | Ingress class name |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |

charts/data-dashboard-backend/values.yaml

@@ -40,7 +40,7 @@ service:
   # -- data-dashboard-backend port
   port: 9000
 
-# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+# -- Reconfigure Ingress to not force TLS
 disable_tls: false
 
 ingress:

charts/kafka-manager/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kafka-manager
-version: 2.3.0
+version: 2.3.1
 appVersion: 1.3.3.18
 kubeVersion: "^1.8.0-0"
 description: A tool for managing Apache Kafka.

charts/kafka-manager/README.md

@@ -66,7 +66,7 @@ The following table lists the configurable parameters of the Kafka Manager chart
 | image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | imagePullSecrets | list | `[]` | Docker registry secret names as an array |
-| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
+| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |
 | ingress.path | string | `"/kafkamanager/"` | Path within the url structure |

charts/kafka-manager/values.yaml

@@ -147,7 +147,7 @@ image:
 # -- Docker registry secret names as an array
 imagePullSecrets: []
 
-# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+# -- Reconfigure Ingress to not force TLS
 disable_tls: false
 
 ingress:

charts/management-portal/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "2.1.5"
 description: A Helm chart for RADAR-Base Management Portal to manage projects and participants throughout RADAR-base.
 name: management-portal
-version: 1.2.6
+version: 1.3.0
 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png"
 sources:
 - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/management-portal

charts/management-portal/README.md

@@ -3,7 +3,7 @@
 # management-portal
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/management-portal)](https://artifacthub.io/packages/helm/radar-base/management-portal)
 
-![Version: 1.2.6](https://img.shields.io/badge/Version-1.2.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.5](https://img.shields.io/badge/AppVersion-2.1.5-informational?style=flat-square)
+![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.5](https://img.shields.io/badge/AppVersion-2.1.5-informational?style=flat-square)
 
 A Helm chart for RADAR-Base Management Portal to manage projects and participants throughout RADAR-base.
 
@@ -42,7 +42,8 @@ A Helm chart for RADAR-Base Management Portal to manage projects and participant
 | securityContext | object | `{}` | Configure management-portal containers' Security Context |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type |
 | service.port | int | `8080` | Management Portal port |
-| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
+| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS |
+| advertised_protocol | string | `"https"` | The protocol in advertised URIs (https, http) |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer |
 | ingress.path | string | `"/managementportal"` | Path within the url structure |

charts/management-portal/templates/deployment.yaml

@@ -1,6 +1,5 @@
-{{ $https := ternary "http" "https" (or .Values.disable_tls (not .Values.ingress.tls)) }}
-{{ $idpLoginUrl  := .Values.identity_server.login_url | default (printf "%s://%s/kratos-ui" $https .Values.server_name) }}
-{{ $idpServerUrl := .Values.identity_server.server_url | default (printf "%s://%s/kratos"   $https .Values.server_name) }}
+{{ $idpLoginUrl  := .Values.identity_server.login_url | default (printf "%s://%s/kratos-ui" .Values.advertised_protocol .Values.server_name) }}
+{{ $idpServerUrl := .Values.identity_server.server_url | default (printf "%s://%s/kratos"   .Values.advertised_protocol .Values.server_name) }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -73,9 +72,9 @@ spec:
           - name: MANAGEMENTPORTAL_MAIL_FROM
             value: {{ .Values.smtp.from }}
           - name: MANAGEMENTPORTAL_COMMON_BASEURL
-            value: {{ printf "%s://%s" $https .Values.server_name }}
+            value: {{ printf "%s://%s" .Values.advertised_protocol .Values.server_name }}
           - name: MANAGEMENTPORTAL_COMMON_MANAGEMENT_PORTAL_BASE_URL
-            value: {{ printf "%s://%s/managementportal" $https .Values.server_name }}
+            value: {{ printf "%s://%s/managementportal" .Values.advertised_protocol .Values.server_name }}
           - name: MANAGEMENTPORTAL_FRONTEND_CLIENT_SECRET
             valueFrom:
               secretKeyRef:

charts/management-portal/values.yaml

@@ -40,8 +40,10 @@ service:
   # -- Management Portal port
   port: 8080
 
-# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+# -- Reconfigure Ingress to not force TLS
 disable_tls: false
+# -- The protocol in advertised URIs (https, http)
+advertised_protocol: https
 
 ingress:
   # -- Enable ingress controller resource

charts/radar-appserver/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "2.4.3"
 description: A Helm chart for the backend application of RADAR-base Appserver
 name: radar-appserver
-version: 0.6.0
+version: 0.7.0
 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png"
 sources:
 - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-appserver

charts/radar-appserver/README.md

@@ -3,7 +3,7 @@
 # radar-appserver
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/radar-appserver)](https://artifacthub.io/packages/helm/radar-base/radar-appserver)
 
-![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.3](https://img.shields.io/badge/AppVersion-2.4.3-informational?style=flat-square)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.3](https://img.shields.io/badge/AppVersion-2.4.3-informational?style=flat-square)
 
 A Helm chart for the backend application of RADAR-base Appserver
 
@@ -41,7 +41,8 @@ A Helm chart for the backend application of RADAR-base Appserver
 | securityContext | object | `{}` | Configure radar-appserver containers' Security Context |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type |
 | service.port | int | `8080` | radar-appserver port |
-| disable_tls | bool | `false` | Disable TLS (reconfigures Ingress and sets URLs to use HTTP) |
+| disable_tls | bool | `false` | Reconfigure Ingress to not force TLS |
+| advertised_protocol | string | `"https"` | The protocol in advertised URIs (https, http) |
 | ingress.enabled | bool | `true` | Enable ingress controller resource |
 | ingress.annotations | object | check values.yaml | Annotations that define default ingress class, certificate issuer and session configuration |
 | ingress.path | string | `"/appserver/?(.*)"` | Path within the url structure |

charts/radar-appserver/templates/configmap.yaml

@@ -1,4 +1,3 @@
-{{ $https := ternary "http" "https" (or .Values.disable_tls (not .Values.ingress.tls)) }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -17,7 +16,7 @@ data:
 
     # Set of supported public key endpoints for authentication
     publicKeyEndpoints:
-        - {{ printf "%s://%s/managementportal/oauth/token_key" $https .Values.serverName | quote }}
+        - {{ printf "%s://%s/managementportal/oauth/token_key" .Values.advertised_protocol .Values.serverName | quote }}
         {{- range .Values.public_key_endpoints }}
         - {{ . | quote }}
         {{ end -}}

charts/radar-appserver/values.yaml

@@ -41,8 +41,10 @@ service:
   # -- radar-appserver port
   port: 8080
 
-# -- Disable TLS (reconfigures Ingress and sets URLs to use HTTP)
+# -- Reconfigure Ingress to not force TLS
 disable_tls: false
+# -- The protocol in advertised URIs (https, http)
+advertised_protocol: https
 
 ingress:
   # -- Enable ingress controller resource

charts/radar-gateway/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "0.7.2"
 description: A Helm chart for RADAR-base gateway. REST Gateway to Kafka, for incoming participant data. It performs authentication, authorization, content validation and decompression. For more details of the configurations, see https://github.com/RADAR-base/RADAR-Gateway/blob/master/gateway.yml.
 name: radar-gateway
-version: 1.2.2
+version: 1.2.3
 icon: "http://radar-base.org/wp-content/uploads/2022/09/Logo_RADAR-Base-RGB.png"
 sources:
 - https://github.com/RADAR-base/radar-helm-charts/tree/main/charts/radar-gateway