From d4c61c5583d17a2e33c11899de2bd09be2d2c444 Mon Sep 17 00:00:00 2001
From: Trey Dockendorf <tdockendorf@osc.edu>
Date: Fri, 10 May 2024 10:04:25 -0400
Subject: [PATCH] Add allowedDNS to PAAS namespace config

---
 charts/paas/Chart.yaml               | 2 +-
 charts/paas/README.md                | 9 ++++++++-
 charts/paas/README.md.gotmpl         | 7 +++++++
 charts/paas/ci/test-values.yaml      | 3 +++
 charts/paas/templates/namespace.yaml | 3 +++
 5 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/charts/paas/Chart.yaml b/charts/paas/Chart.yaml
index f1003b7..31d6c13 100644
--- a/charts/paas/Chart.yaml
+++ b/charts/paas/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: paas
 description: OSC PAAS bootstrap Helm Chart
 type: application
-version: 0.2.1
+version: 0.3.0
 appVersion: "0.1.0"
 maintainers:
   - name: treydock
diff --git a/charts/paas/README.md b/charts/paas/README.md
index 9fa71df..bea74f6 100644
--- a/charts/paas/README.md
+++ b/charts/paas/README.md
@@ -1,6 +1,6 @@
 # paas
 
-![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
 
 OSC PAAS bootstrap Helm Chart
 
@@ -26,10 +26,16 @@ namespaces:
   serviceAccount: test-account
   account: test
   groups: ['testgroup']
+  allowedDNS:
+    - test.osc.edu
+    - test.k8.osc.edu
 - name: foo
   serviceAccount: foo-account
   account: foo
   groups: ['bar']
+  allowedDNS:
+    - foo.osc.edu
+    - foo.k8.osc.edu
   cpuLimit: '8'
   cpuDefault: '1'
   memoryLimit: '16Gi'
@@ -47,6 +53,7 @@ namespaces:
 | serviceAccount | The user that will run pods | **required** |
 | account | The charge account for this namespace | **required** |
 | groups | The groups that can manage the namespace's resources | `[]` |
+| allowedDNS | Allowed DNS entries for namespace's Ingress resources | `[]` |
 | cpuLimit | The max CPU this namespace can consume | `4` |
 | cpuDefault | The default CPU request for this namespace | `1` |
 | memoryLimit | The max memory this namespace can consume | `8Gi` |
diff --git a/charts/paas/README.md.gotmpl b/charts/paas/README.md.gotmpl
index 2ac41f6..9810193 100644
--- a/charts/paas/README.md.gotmpl
+++ b/charts/paas/README.md.gotmpl
@@ -23,10 +23,16 @@ namespaces:
   serviceAccount: test-account
   account: test
   groups: ['testgroup']
+  allowedDNS:
+    - test.osc.edu
+    - test.k8.osc.edu
 - name: foo
   serviceAccount: foo-account
   account: foo
   groups: ['bar']
+  allowedDNS:
+    - foo.osc.edu
+    - foo.k8.osc.edu
   cpuLimit: '8'
   cpuDefault: '1'
   memoryLimit: '16Gi'
@@ -44,6 +50,7 @@ namespaces:
 | serviceAccount | The user that will run pods | **required** |
 | account | The charge account for this namespace | **required** |
 | groups | The groups that can manage the namespace's resources | `[]` |
+| allowedDNS | Allowed DNS entries for namespace's Ingress resources | `[]` |
 | cpuLimit | The max CPU this namespace can consume | `4` |
 | cpuDefault | The default CPU request for this namespace | `1` |
 | memoryLimit | The max memory this namespace can consume | `8Gi` |
diff --git a/charts/paas/ci/test-values.yaml b/charts/paas/ci/test-values.yaml
index addfda0..0fda5df 100644
--- a/charts/paas/ci/test-values.yaml
+++ b/charts/paas/ci/test-values.yaml
@@ -4,6 +4,9 @@ namespaces:
   serviceAccount: test-account
   account: test
   groups: ['testgroup']
+  allowedDNS:
+    - test.example.com
+    - test.k8.example.com
   cpuLimit: '8'
   cpuDefault: '1'
   memoryLimit: '16Gi'
diff --git a/charts/paas/templates/namespace.yaml b/charts/paas/templates/namespace.yaml
index 6fde4d2..3e8116b 100644
--- a/charts/paas/templates/namespace.yaml
+++ b/charts/paas/templates/namespace.yaml
@@ -10,6 +10,9 @@ metadata:
     osc.edu/role: paas
     {{ include "osc.common.serviceAccountKey" . }}: {{ required "Namespace 'serviceAccount' is required" $namespace.serviceAccount}}
     account: {{ required "Namespace 'account' is required" $namespace.account }}
+    {{- with $namespace.allowedDNS }}
+    osc.edu/allowed-dns: {{ join "," . | quote }}
+    {{- end }}
   annotations:
     {{- include "paas.namespaced.annotations" . | nindent 4 }}
 {{ end }}