Improve tornjak docs (#276)

- Align tornjak backend naming with same convention as frontend
- Align Tornjak backend and frontend notes style
- Add disclaimer for Tornjak usage to example

---------

Signed-off-by: Marco Franssen <marco.franssen@gmail.com>

charts/spire/charts/spire-server/templates/NOTES.txt

@@ -7,15 +7,17 @@ Installed {{ .Chart.Name }}…
 
 {{- if eq (.Values.tornjak.enabled | toString) "true" }}
 
+Installed {{ include "spire-tornjak.fullname" . }}…
+
 ### WARNING ###
 
-This Tornjak is configured without authentication and it is intended for
-testing only. Please do not use this version in production.
+Tornjak runs without authentication and is therefore NOT suitable to run in production environments.
+Only use in test environments!
 
-Tornjak APIs (Backend):
-      kubectl -n {{ include "spire-server.namespace" . }} port-forward {{ include "spire-server.fullname" . }}-0 {{ .Values.tornjak.service.port }}:10000
+Access Tornjak:
+
+    kubectl -n {{ include "spire-server.namespace" . }} port-forward service/{{ include "spire-tornjak.backend" . }} {{ .Values.tornjak.service.port }}:10000
 
 Open browser to: http://localhost:{{ .Values.tornjak.service.port }}
 
-Installed {{ include "spire-tornjak.fullname" . }}…
 {{- end }}

charts/spire/charts/spire-server/templates/_helpers.tpl

@@ -161,9 +161,11 @@ Tornjak specific section
 {{- define "spire-tornjak.fullname" -}}
 {{ include "spire-server.fullname" . | trimSuffix "-server" }}-tornjak
 {{- end }}
+
 {{- define "spire-tornjak.config" -}}
 {{ include "spire-tornjak.fullname" . }}-config
 {{- end }}
+
 {{- define "spire-tornjak.backend" -}}
-{{ include "spire-tornjak.fullname" . }}-be
+{{ include "spire-tornjak.fullname" . }}-backend
 {{- end }}

charts/spire/charts/spire-server/templates/service.yaml

@@ -26,27 +26,3 @@ spec:
     {{- end }}
   selector:
     {{- include "spire-server.selectorLabels" . | nindent 4 }}
-
-{{- if eq (.Values.tornjak.enabled | toString) "true" }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  namespace: {{ include "spire-server.namespace" . }}
-  name: {{ include "spire-tornjak.backend" . }}
-  {{- with .Values.tornjak.service.annotations }}
-  annotations:
-    {{- toYaml . | nindent 8 }}
-  {{- end }}
-  labels:
-    {{- include "spire-server.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.tornjak.service.type }}
-  selector:
-   {{- include "spire-server.selectorLabels" . | nindent 4 }}
-  ports:
-    - name: {{ include "spire-tornjak.backend" . }}
-      port: {{ .Values.tornjak.service.port }}
-      targetPort: tornjak
-      protocol: TCP
-{{- end }}

charts/spire/charts/spire-server/templates/tornjak-service.yaml

@@ -0,0 +1,22 @@
+{{- if eq (.Values.tornjak.enabled | toString) "true" }}
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: {{ include "spire-server.namespace" . }}
+  name: {{ include "spire-tornjak.backend" . }}
+  {{- with .Values.tornjak.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 8 }}
+  {{- end }}
+  labels:
+    {{- include "spire-server.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.tornjak.service.type }}
+  selector:
+   {{- include "spire-server.selectorLabels" . | nindent 4 }}
+  ports:
+    - name: {{ include "spire-tornjak.backend" . }}
+      port: {{ .Values.tornjak.service.port }}
+      targetPort: tornjak
+      protocol: TCP
+{{- end }}

charts/spire/charts/tornjak-frontend/templates/NOTES.txt

@@ -8,15 +8,19 @@ Namespace: {{ include "tornjak-frontend.namespace" . }}
 Tornjak UI (Frontend)
   image: {{ template "spire-lib.image" (dict "appVersion" $.Chart.AppVersion "image" .Values.image "global" .Values.global) }}
   pull policy: {{ .Values.image.pullPolicy }}
-Configured with Tornjak API (Backend): {{ include "tornjak-frontend.apiURL" . }}
+  Tornjak API (Backend): {{ include "tornjak-frontend.apiURL" . }}
 
 ### WARNING ###
-This Tornjak is configured without authentication and it is intended for
-testing only. Please do not use this version in production.
 
-You can use port forwarding to access UI:
+Tornjak runs without authentication and is therefore NOT suitable to run in production environments.
+Only use in test environments!
+
+Access Tornjak:
+
   kubectl -n {{ include "tornjak-frontend.namespace" . }} port-forward service/{{ include "tornjak-frontend.fullname" . }} {{ .Values.service.port }}:3000
 
+Ensure you have port-forwarding for tornjak-backend as well.
+
 Open browser to: http://localhost:{{ .Values.service.port }}
 
 To learn more about the release, try:

examples/tornjak/README.md

@@ -1,5 +1,7 @@
 # Recommended setup to deploy Tornjak
 
+> **Warning**: The current version of Tornjak in this chart is deployed without authentication. Therefore it is not suitable to run this version in production.
+
 To install Spire with the least privileges possible we deploy spire across 2 namespaces.
 
 ```shell
@@ -9,11 +11,27 @@ kubectl create namespace "spire-server"
 kubectl label namespace "spire-server" pod-security.kubernetes.io/enforce=restricted
 
 # deploy SPIRE with Tornjak enabled
-helm upgrade --install --namespace spire-server --values ../production/values.yaml \
- --values ./values.yaml spire charts/spire
+helm upgrade --install --namespace spire-server \
+  --values ../production/values.yaml \
+  --values ./values.yaml \
+  --render-subchart-notes \
+  spire charts/spire
 
 # test the Tornjak deployment
 helm test spire -n spire-server
 ```
 
+## Access tornjak
+
+To access Tornjak you will have to use port-forwarding for the time being *(until we add authentication and ingress)*.
+
+Run following commands from your shell, if you ran with different values your namespace might differ. Consult the install notes printed when running above `helm upgrade` command in that case.
+
+```shell
+kubectl -n spire-server port-forward service/spire-tornjak-backend 10000:10000
+kubectl -n spire-server port-forward service/spire-tornjak-frontend 3000:3000
+```
+
+You can now access Tornjak at [localhost:3000](http://localhost:3000).
+
 See [values.yaml](./values.yaml) for more details on the chart configurations to achieve this setup.