From a7ba579fe106d257168e8a645d6b939f1cb67bc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFs=20Postula?= Date: Thu, 19 Feb 2026 10:04:52 +0100 Subject: [PATCH 1/2] feat(kellnr): add cargo config for rustdoc auto-generation Kellnr's doc builder needs a Cargo config.toml to resolve crate dependencies from itself (localhost) when building documentation inside the container. Without source replacement, Cargo tries to reach the external registry URL and fails. Adds a docBuilder values section that: - Creates a ConfigMap with Cargo registry and source replacement config - Mounts config.toml into CARGO_HOME via subPath - Injects the registry auth token from a referenced Secret - Triggers pod restart on config changes via annotation hash --- charts/kellnr/templates/_helpers.tpl | 18 ++++++++++++++++++ charts/kellnr/templates/deployment.yaml | 23 +++++++++++++++++++++-- charts/kellnr/templates/doc-config.yaml | 24 ++++++++++++++++++++++++ charts/kellnr/values.yaml | 8 ++++++++ 4 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 charts/kellnr/templates/doc-config.yaml diff --git a/charts/kellnr/templates/_helpers.tpl b/charts/kellnr/templates/_helpers.tpl index 40a0a88..c919ef7 100644 --- a/charts/kellnr/templates/_helpers.tpl +++ b/charts/kellnr/templates/_helpers.tpl @@ -259,4 +259,22 @@ KELLNR_OAUTH2__BUTTON_TEXT: {{ .Values.kellnr.oauth2.buttonText | quote }} {{ end }} {{- end }} +{{/* +Build the origin URL (protocol + hostname + optional port). +Omits the port when it matches the default for the protocol (443 for https, 80 for http). +*/}} +{{- define "kellnr.originUrl" -}} +{{- $protocol := default "http" .Values.kellnr.origin.protocol -}} +{{- $port := include "kellnr.serviceOriginPort" . | int -}} +{{- $defaultPort := 80 -}} +{{- if eq $protocol "https" -}} + {{- $defaultPort = 443 -}} +{{- end -}} +{{- if eq (int $port) (int $defaultPort) -}} +{{- printf "%s://%s" $protocol .Values.kellnr.origin.hostname -}} +{{- else -}} +{{- printf "%s://%s:%d" $protocol .Values.kellnr.origin.hostname $port -}} +{{- end -}} +{{- end }} + diff --git a/charts/kellnr/templates/deployment.yaml b/charts/kellnr/templates/deployment.yaml index 79e6cf1..6194e83 100644 --- a/charts/kellnr/templates/deployment.yaml +++ b/charts/kellnr/templates/deployment.yaml @@ -27,13 +27,16 @@ spec: {{- else if not .Values.secret.enabled }} configHash: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} {{- end }} + {{- if .Values.docBuilder.enabled }} + docConfigHash: {{ include (print $.Template.BasePath "/doc-config.yaml") . | sha256sum }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "kellnr.selectorLabels" . | nindent 8 }} spec: - {{- if or .Values.pvc.enabled .Values.importCert.enabled }} + {{- if or .Values.pvc.enabled .Values.importCert.enabled .Values.docBuilder.enabled }} volumes: {{- if .Values.pvc.enabled }} - name: {{ .Values.deployment.volumes.name }} @@ -45,6 +48,11 @@ spec: configMap: name: {{ .Values.importCert.configMapName | quote }} {{- end }} + {{- if .Values.docBuilder.enabled }} + - name: cargo-config + configMap: + name: {{ .Values.docBuilder.configMapName | quote }} + {{- end }} - name: certs emptyDir: {} - name: tmp @@ -87,6 +95,11 @@ spec: valueFrom: secretKeyRef: {{ toYaml .Values.kellnr.oauth2.clientSecretRef | nindent 16 }} {{- end }} + {{- if and .Values.docBuilder.enabled .Values.docBuilder.tokenSecretRef.name }} + - name: CARGO_REGISTRIES_{{ .Values.docBuilder.registryName | upper }}_TOKEN + valueFrom: + secretKeyRef: {{ toYaml .Values.docBuilder.tokenSecretRef | nindent 16 }} + {{- end }} envFrom: {{- if .Values.secret.enabled }} - secretRef: @@ -99,7 +112,7 @@ spec: - containerPort: {{ .Values.service.api.port }} name: kellnr-api protocol: TCP - {{- if or .Values.pvc.enabled .Values.importCert.enabled }} + {{- if or .Values.pvc.enabled .Values.importCert.enabled .Values.docBuilder.enabled }} volumeMounts: {{- if .Values.pvc.enabled }} - mountPath: {{ .Values.kellnr.registry.dataDir | quote }} @@ -111,6 +124,12 @@ spec: mountPath: "/usr/local/share/ca-certificates/" readOnly: true {{- end }} + {{- if .Values.docBuilder.enabled }} + - name: cargo-config + mountPath: "/usr/local/cargo/config.toml" + subPath: config.toml + readOnly: true + {{- end }} - mountPath: /etc/ssl/certs name: certs - mountPath: /tmp diff --git a/charts/kellnr/templates/doc-config.yaml b/charts/kellnr/templates/doc-config.yaml new file mode 100644 index 0000000..d4528f2 --- /dev/null +++ b/charts/kellnr/templates/doc-config.yaml @@ -0,0 +1,24 @@ +# ConfigMap providing Cargo registry configuration for rustdoc auto-generation. +# Allows Kellnr to resolve and download crates from itself (localhost) when +# building documentation inside the container. + +{{- if .Values.docBuilder.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.docBuilder.configMapName | quote }} + labels: + {{- include "kellnr.labels" . | nindent 4 }} +data: + config.toml: |- + [registries.{{ .Values.docBuilder.registryName }}] + index = "sparse+http://localhost:{{ .Values.service.api.port }}/api/v1/crates/" + credential-provider = ["cargo:token"] + + [source.{{ .Values.docBuilder.registryName }}] + registry = "sparse+{{ include "kellnr.originUrl" . }}/api/v1/crates/" + replace-with = "{{ .Values.docBuilder.registryName }}-local" + + [source.{{ .Values.docBuilder.registryName }}-local] + registry = "sparse+http://localhost:{{ .Values.service.api.port }}/api/v1/crates/" +{{- end }} diff --git a/charts/kellnr/values.yaml b/charts/kellnr/values.yaml index 0e3e8aa..82ac61c 100644 --- a/charts/kellnr/values.yaml +++ b/charts/kellnr/values.yaml @@ -220,6 +220,14 @@ importCert: volumeName: "kellnr-cert-storage" certificate: "" +docBuilder: + enabled: false + registryName: kellnr + configMapName: kellnr-doc-config + tokenSecretRef: + name: kellnr-doc-token + key: token + dns: enabled: false dnsPolicy: "None" From 4880a2a303981289ca76b00246403ceaa9c4a473 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFs=20Postula?= Date: Thu, 19 Feb 2026 10:17:14 +0100 Subject: [PATCH 2/2] fix(kellnr): pin rustup toolchain to prevent corruption during doc builds Crates with a rust-toolchain.toml trigger rustup to auto-download a different toolchain mid-build, which can corrupt the installed toolchain inside the container. Setting RUSTUP_TOOLCHAIN overrides this behavior and locks the doc builder to the installed toolchain. --- charts/kellnr/templates/deployment.yaml | 2 ++ charts/kellnr/values.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/charts/kellnr/templates/deployment.yaml b/charts/kellnr/templates/deployment.yaml index 6194e83..3e37772 100644 --- a/charts/kellnr/templates/deployment.yaml +++ b/charts/kellnr/templates/deployment.yaml @@ -96,6 +96,8 @@ spec: secretKeyRef: {{ toYaml .Values.kellnr.oauth2.clientSecretRef | nindent 16 }} {{- end }} {{- if and .Values.docBuilder.enabled .Values.docBuilder.tokenSecretRef.name }} + - name: RUSTUP_TOOLCHAIN + value: {{ .Values.docBuilder.rustupToolchain | quote }} - name: CARGO_REGISTRIES_{{ .Values.docBuilder.registryName | upper }}_TOKEN valueFrom: secretKeyRef: {{ toYaml .Values.docBuilder.tokenSecretRef | nindent 16 }} diff --git a/charts/kellnr/values.yaml b/charts/kellnr/values.yaml index 82ac61c..aa007d1 100644 --- a/charts/kellnr/values.yaml +++ b/charts/kellnr/values.yaml @@ -222,6 +222,7 @@ importCert: docBuilder: enabled: false + rustupToolchain: "stable" registryName: kellnr configMapName: kellnr-doc-config tokenSecretRef: