hivemq · afalhambra-hivemq · Dec 3, 2024 · Dec 2, 2024 · Dec 2, 2024 · Dec 2, 2024
diff --git a/charts/hivemq-platform/templates/_helpers.tpl b/charts/hivemq-platform/templates/_helpers.tpl
@@ -358,7 +358,9 @@ Usage: {{ include "hivemq-platform.validate-services" (dict "services" .Values.s
 {{- include "hivemq-platform.validate-service-container-ports" . -}}
 {{- include "hivemq-platform.validate-default-service-ports" . -}}
 {{- include "hivemq-platform.validate-metrics-services" . -}}
-{{- include "hivemq-platform.validate-proxy-protocol-services" . -}}
+{{- include "hivemq-platform.validate-hivemq-proxy-protocol-services" . -}}
+{{- include "hivemq-platform.validate-hivemq-listener-name-services" . -}}
+{{- include "hivemq-platform.validate-external-traffic-policy" . -}}
 {{- include "hivemq-platform.validate-legacy-services" . -}}
 {{- end -}}
 
@@ -476,14 +478,44 @@ Usage: {{ include "hivemq-platform.validate-metrics-services" . }}
 {{- end -}}
 
 {{/*
-Validates that proxy protocol value is only used by either MQTT or WebSocket services.
-Usage: {{ include "hivemq-platform.validate-proxy-protocol-services" . }}
+Validates that proxy protocol value is only used by either MQTT or WebSocket services and the service is exposed.
+Usage: {{ include "hivemq-platform.validate-hivemq-proxy-protocol-services" . }}
 */}}
-{{- define "hivemq-platform.validate-proxy-protocol-services" -}}
+{{- define "hivemq-platform.validate-hivemq-proxy-protocol-services" -}}
 {{- $services := .Values.services }}
 {{- range $service := $services }}
   {{- if and ($service.exposed) (hasKey $service "hivemqProxyProtocol") (and (not (eq $service.type "mqtt")) (not (eq $service.type "websocket"))) }}
-    {{- fail (printf "\nService type %s with container port %d is using PROXY protocol value. PROXY protocol is only supported for MQTT and WebSocket services" $service.type (int64 $service.containerPort)) }}
+    {{- fail (printf "\nService type `%s` with container port `%d` is using `hivemqProxyProtocol` value. HiveMQ PROXY protocol is only supported by MQTT and WebSocket services" $service.type (int64 $service.containerPort)) }}
+  {{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Validates that HiveMQ listener name value is only used by either MQTT or WebSocket services and the service is exposed.
+Usage: {{ include "hivemq-platform.validate-hivemq-listener-name-services" . }}
+*/}}
+{{- define "hivemq-platform.validate-hivemq-listener-name-services" -}}
+{{- $services := .Values.services }}
+{{- range $service := $services }}
+  {{- if and ($service.exposed) (hasKey $service "hivemqListenerName") (and (not (eq $service.type "mqtt")) (not (eq $service.type "websocket"))) }}
+    {{- fail (printf "\nService type `%s` with container port `%d` is using `hivemqListenerName` value. HiveMQ listener names are only supported by MQTT and WebSocket services" $service.type (int64 $service.containerPort)) }}
+  {{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Validates that external traffic policy value is only present when the service type value is set to either NodePort or LoadBalancer
+and the service is exposed.
+Usage: {{ include "hivemq-platform.validate-external-traffic-policy" . }}
+*/}}
+{{- define "hivemq-platform.validate-external-traffic-policy" -}}
+{{- $services := .Values.services }}
+{{- range $service := $services }}
+  {{- if and ($service.exposed) (hasKey $service "externalTrafficPolicy") (not (hasKey $service "serviceType")) }}
+    {{- fail (printf "\nService type `%s` with container port `%d` is using `externalTrafficPolicy` value but `serviceType` value is not defined. Service type value is mandatory when using external traffic policy" $service.type (int64 $service.containerPort)) }}
+  {{- end }}
+  {{- if and ($service.exposed) (hasKey $service "externalTrafficPolicy") (hasKey $service "serviceType") (and (not (eq $service.serviceType "NodePort")) (not (eq $service.serviceType "LoadBalancer")) )  }}
+    {{- fail (printf "\nService type `%s` with container port `%d` is using `externalTrafficPolicy` value. External traffic policy is only supported by NodePort and LoadBalancer service types" $service.serviceType (int64 $service.containerPort)) }}
   {{- end }}
 {{- end }}
 {{- end -}}

diff --git a/charts/hivemq-platform/templates/hivemq-custom-resource.yml b/charts/hivemq-platform/templates/hivemq-custom-resource.yml
@@ -258,6 +258,9 @@ spec:
         {{- if and $service.serviceType (or (eq $service.serviceType "NodePort") (eq $service.serviceType "LoadBalancer")) }}
         type: {{ $service.serviceType }}
         {{- end }}
+        {{- if $service.externalTrafficPolicy }}
+        externalTrafficPolicy: {{ $service.externalTrafficPolicy }}
+        {{- end }}
         {{- if and (eq $service.type "control-center") (not (hasKey $service "sessionAffinity")) }}
         sessionAffinity: ClientIP
         {{- else if hasKey $service "sessionAffinity" }}

diff --git a/...orm/tests/configuration/configmap/hivemq_control_center_listeners_configuration_test.yaml b/...orm/tests/configuration/configmap/hivemq_control_center_listeners_configuration_test.yaml
@@ -577,14 +577,3 @@ tests:
       - notMatchRegex:
           path: data["config.xml"]
           pattern: "(?s)<control-center>.*?<listeners>.*?<https>.*?<port>8443</port>.*?</https>.*?<https>.*?<port>8443</port>.*?</https>.*?</listeners>.*?</control-center>"
-
-  - it: with a Control Center service exposed and a listener name, schema validation fails
-    template: hivemq-custom-resource.yml
-    set:
-      services:
-        - type: control-center
-          exposed: true
-          containerPort: 8081
-          hivemqListenerName: my-custom-cc-listener
-    asserts:
-      - failedTemplate: {}
diff --git a/...-platform/tests/configuration/configmap/hivemq_rest_api_listeners_configuration_test.yaml b/...-platform/tests/configuration/configmap/hivemq_rest_api_listeners_configuration_test.yaml
@@ -112,14 +112,3 @@ tests:
       - notMatchRegex:
           path: data["config.xml"]
           pattern: "(?s)<rest-api>.*?<listeners>.*?<http>.*?<port>8890</port>.*?</http>.*?<http>.*?<port>8890</port>.*?</http>.*?</listeners>.*?</rest-api>"
-
-  - it: with a REST API service exposed and a listener name, schema validation fails
-    template: hivemq-custom-resource.yml
-    set:
-      services:
-        - type: rest-api
-          exposed: true
-          containerPort: 8890
-          hivemqListenerName: my-custom-rest-api-listener
-    asserts:
-      - failedTemplate: {}
diff --git a/...platform/tests/configuration/configmap/hivemq_websocket_listeners_configuration_test.yaml b/...platform/tests/configuration/configmap/hivemq_websocket_listeners_configuration_test.yaml
@@ -840,13 +840,3 @@ tests:
       - hasDocuments:
           count: 1
 
-  - it: with a non MQTT or WebSocket service exposed and a listener name, schema validation fails
-    template: hivemq-custom-resource.yml
-    set:
-      services:
-        - type: control-center
-          exposed: true
-          containerPort: 8081
-          hivemqListenerName: my-custom-cc-listener
-    asserts:
-      - failedTemplate: {}
diff --git a/charts/hivemq-platform/tests/services/hivemq_control_center_services_test.yaml b/charts/hivemq-platform/tests/services/hivemq_control_center_services_test.yaml
@@ -132,7 +132,7 @@ tests:
           hivemqProxyProtocol: true
     asserts:
       - failedTemplate:
-          errorPattern: Service type control-center with container port 8081 is using PROXY protocol value. PROXY protocol is only supported for MQTT and WebSocket services
+          errorPattern: Service type `control-center` with container port `8081` is using `hivemqProxyProtocol` value. HiveMQ PROXY protocol is only supported by MQTT and WebSocket services
 
   - it: with a Control Center service disabled and PROXY protocol enabled, validation succeeds
     set:
@@ -145,3 +145,26 @@ tests:
       - notFailedTemplate: {}
       - hasDocuments:
           count: 1
+
+  - it: with a Control Center service enabled and HiveMQ listener name enabled, validation fails
+    set:
+      services:
+        - type: control-center
+          exposed: true
+          containerPort: 8081
+          hivemqListenerName: foobar
+    asserts:
+      - failedTemplate:
+          errorPattern: Service type `control-center` with container port `8081` is using `hivemqListenerName` value. HiveMQ listener names are only supported by MQTT and WebSocket services
+
+  - it: with a Control Center service disabled and HiveMQ listener name enabled, validation succeeds
+    set:
+      services:
+        - type: control-center
+          exposed: false
+          containerPort: 8081
+          hivemqListenerName: foobar
+    asserts:
+      - notFailedTemplate: {}
+      - hasDocuments:
+          count: 1
diff --git a/charts/hivemq-platform/tests/services/hivemq_metrics_services_test.yaml b/charts/hivemq-platform/tests/services/hivemq_metrics_services_test.yaml
@@ -959,7 +959,7 @@ tests:
           hivemqProxyProtocol: true
     asserts:
       - failedTemplate:
-          errorPattern: Service type metrics with container port 9399 is using PROXY protocol value. PROXY protocol is only supported for MQTT and WebSocket services
+          errorPattern: Service type `metrics` with container port `9399` is using `hivemqProxyProtocol` value. HiveMQ PROXY protocol is only supported by MQTT and WebSocket services
 
   - it: with a Metrics service disabled and PROXY protocol enabled, validation succeeds
     set:
@@ -972,3 +972,26 @@ tests:
       - notFailedTemplate: {}
       - hasDocuments:
           count: 1
+
+  - it: with a Metrics service enabled and HiveMQ listener name enabled, validation fails
+    set:
+      services:
+        - type: metrics
+          exposed: true
+          containerPort: 9399
+          hivemqListenerName: foobar
+    asserts:
+      - failedTemplate:
+          errorPattern: Service type `metrics` with container port `9399` is using `hivemqListenerName` value. HiveMQ listener names are only supported by MQTT and WebSocket services
+
+  - it: with a Metrics service disabled and HiveMQ listener name enabled, validation succeeds
+    set:
+      services:
+        - type: metrics
+          exposed: false
+          containerPort: 9399
+          hivemqListenerName: foobar
+    asserts:
+      - notFailedTemplate: {}
+      - hasDocuments:
+          count: 1
diff --git a/charts/hivemq-platform/tests/services/hivemq_rest_api_services_test.yaml b/charts/hivemq-platform/tests/services/hivemq_rest_api_services_test.yaml
@@ -134,7 +134,7 @@ tests:
           hivemqProxyProtocol: true
     asserts:
       - failedTemplate:
-          errorPattern: Service type rest-api with container port 8888 is using PROXY protocol value. PROXY protocol is only supported for MQTT and WebSocket services
+          errorPattern: Service type `rest-api` with container port `8888` is using `hivemqProxyProtocol` value. HiveMQ PROXY protocol is only supported by MQTT and WebSocket services
 
   - it: with a REST API service disabled and PROXY protocol enabled, validation succeeds
     set:
@@ -147,3 +147,26 @@ tests:
       - notFailedTemplate: {}
       - hasDocuments:
           count: 1
+
+  - it: with a REST API service enabled and HiveMQ listener name enabled, validation fails
+    set:
+      services:
+        - type: rest-api
+          exposed: true
+          containerPort: 8888
+          hivemqListenerName: foobar
+    asserts:
+      - failedTemplate:
+          errorPattern: Service type `rest-api` with container port `8888` is using `hivemqListenerName` value. HiveMQ listener names are only supported by MQTT and WebSocket services
+
+  - it: with a REST API service disabled and HiveMQ listener name enabled, validation succeeds
+    set:
+      services:
+        - type: rest-api
+          exposed: false
+          containerPort: 8888
+          hivemqListenerName: foobar
+    asserts:
+      - notFailedTemplate: {}
+      - hasDocuments:
+          count: 1
diff --git a/charts/hivemq-platform/tests/services/hivemq_services_test.yaml b/charts/hivemq-platform/tests/services/hivemq_services_test.yaml
@@ -915,3 +915,130 @@ tests:
             foo: bar
     asserts:
       - failedTemplate: {}
+
+  - it: with invalid external traffic policy set, schema validation fails
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          serviceType: NodePort
+          externalTrafficPolicy: foobar
+    asserts:
+      - failedTemplate: {}
+
+  - it: with default service values, external traffic policy not set
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+    asserts:
+      - exists:
+          path: spec.services
+      - contains:
+          path: spec.services
+          content:
+            metadata:
+              name: hivemq-test-hivemq-platform-mqtt-1883
+            spec:
+              ports:
+                - name: mqtt-1883
+                  targetPort: mqtt-1883
+                  port: 1883
+
+  - it: with external traffic policy value set to Cluster, external traffic policy service specification set to Cluster
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          serviceType: LoadBalancer
+          externalTrafficPolicy: Cluster
+    asserts:
+      - exists:
+          path: spec.services
+      - contains:
+          path: spec.services
+          content:
+            metadata:
+              name: hivemq-test-hivemq-platform-mqtt-1883
+            spec:
+              externalTrafficPolicy: Cluster
+              type: LoadBalancer
+              ports:
+                - name: mqtt-1883
+                  targetPort: mqtt-1883
+                  port: 1883
+
+  - it: with external traffic policy value set to Local, external traffic policy service specification set to Local
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          serviceType: LoadBalancer
+          externalTrafficPolicy: Local
+    asserts:
+      - exists:
+          path: spec.services
+      - contains:
+          path: spec.services
+          content:
+            metadata:
+              name: hivemq-test-hivemq-platform-mqtt-1883
+            spec:
+              externalTrafficPolicy: Local
+              type: LoadBalancer
+              ports:
+                - name: mqtt-1883
+                  targetPort: mqtt-1883
+                  port: 1883
+
+  - it: with external traffic policy value set but service type not set, validation fails
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          externalTrafficPolicy: Cluster
+    asserts:
+      - failedTemplate:
+          errorPattern: Service type `mqtt` with container port `1883` is using `externalTrafficPolicy` value but `serviceType` value is not defined. Service type value is mandatory when using external traffic policy
+
+  - it: with external traffic policy value set and service type not set but service not exposed, validation succeeds
+    set:
+      services:
+        - type: mqtt
+          exposed: false
+          containerPort: 1883
+          externalTrafficPolicy: Cluster
+    asserts:
+      - notFailedTemplate: {}
+      - hasDocuments:
+          count: 1
+
+  - it: with external traffic policy value set and service type ClusterIP, validation fails
+    set:
+      services:
+        - type: mqtt
+          exposed: true
+          containerPort: 1883
+          serviceType: ClusterIP
+          externalTrafficPolicy: Cluster
+    asserts:
+      - failedTemplate:
+          errorPattern: Service type `ClusterIP` with container port `1883` is using `externalTrafficPolicy` value. External traffic policy is only supported by NodePort and LoadBalancer service types
+
+  - it: with external traffic policy value set and service type ClusterIP but service not exposed, validation succeeds
+    set:
+      services:
+        - type: mqtt
+          exposed: false
+          containerPort: 1883
+          serviceType: ClusterIP
+          externalTrafficPolicy: Cluster
+    asserts:
+      - notFailedTemplate: {}
+      - hasDocuments:
+          count: 1