feat: improving documentation and smaller refactoring

Author: nexus49

charts/infra/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
 name: infra
-description: A Helm chart for Kubernetes
+description: The infra openmfp chart configures a number of common infrastructure components for the OpenMFP platform.
 type: application
-version: 0.57.6
+version: 0.58.0
 appVersion: "1.16.0"
 
 dependencies:

charts/infra/README.md

@@ -1,6 +1,6 @@
 # infra
 
-A Helm chart for Kubernetes
+The infra openmfp chart configures a number of common infrastructure components for the OpenMFP platform.
 
 ![Version: 0.57.6](https://img.shields.io/badge/Version-0.57.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
 
@@ -15,6 +15,20 @@ The `common` chart is a library of common resources that are shared across all o
 | oci://ghcr.io/openmfp/helm-charts | common | 0.1.7 |
 
 ## Values
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| fga.enabled | bool | `true` | An experimental toggle to enable the FGA integration |
+| fga.stores | list | `[]` | The list of FGA stores to be created |
+| istio.gateway.annotations | object | `{}` | Annotations to be applied to the istio gateway |
+| istio.gateway.apiVersion | string | `nil` | The istio apiVersion of the gateway resource eg, networking.istio.io/v1, networking.istio.io/v1beta1 |
+| istio.gateway.name | string | `"gateway"` | The name of the istio gateway resource |
+| istio.gateway.selector.istio | string | `"gateway"` | The istio ingress gateway selector |
+| istio.gateway.servers | list | `[{"hosts":["*"],"port":{"name":"http","number":8080,"protocol":"HTTP"}}]` | The "servers" section of the istio gateway. By default it is configured for a local kind setup. Adjust to be a https port for productive deployments |
+| istio.networking.apiVersion | string | `"networking.istio.io/v1"` | The istio apiVersion used for networking resources in this chart eg. networking.istio.io/v1, networking.istio.io/v1beta1 |
+| istio.serviceEntries.https.enabled | bool | `false` | A toggle to enable the service entries for external https communication |
+| istio.serviceEntries.https.hosts | list | `[]` | The list of hosts to be added to the service entry |
+
+## Overriding Values
 
 The values in the `defaults:` section can be reused from other charts by using the lookup function "common.getKeyValue". It implements lookup on three levels:
 
@@ -32,22 +46,3 @@ Example
 3) .Values.deployment.resources.limits.memory =  1024MB
 4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB
 ```
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| certificate.gardener.enabled | bool | `false` |  |
-| externalSecrets.accountOperatorSaKubeconfig | string | `"account-operator-sa-kubeconfig"` |  |
-| fga.enabled | bool | `true` |  |
-| fga.stores | list | `[]` |  |
-| gateway.annotations | object | `{}` |  |
-| gateway.apiVersion | string | `"networking.istio.io/v1"` |  |
-| gateway.name | string | `"gateway"` |  |
-| gateway.selector.istio | string | `"gateway"` |  |
-| gateway.servers[0].hosts[0] | string | `"*"` |  |
-| gateway.servers[0].port.name | string | `"http"` |  |
-| gateway.servers[0].port.number | int | `8080` |  |
-| gateway.servers[0].port.protocol | string | `"HTTP"` |  |
-| kcp.enabled | bool | `false` |  |
-| keycloak.enabled | bool | `false` |  |
-| keycloak.hosts[0] | string | `"login.microsoftonline.com"` |  |
-| rbac.clusterRole.enabled | bool | `false` |  |

charts/infra/README.md.gotmpl

@@ -10,6 +10,9 @@ The `common` chart is a library of common resources that are shared across all o
 {{ template "chart.requirementsSection" . }}
 
 {{ template "chart.valuesHeader" . }}
+{{ template "chart.valuesTable" . }}
+
+## Overriding Values
 
 The values in the `defaults:` section can be reused from other charts by using the lookup function "common.getKeyValue". It implements lookup on three levels:
 
@@ -20,12 +23,10 @@ The values in the `defaults:` section can be reused from other charts by using t
 
 1 has precendence over 2 over 3 over 4 respectively. This approach allows for individual charts to have minimal configuration, while still being able to override parameters locally.
 
-Example 
+Example
 ```
 1) .Values.deployment.resources.limits.memoryOveride =  4096MB
 2) .Values.global.deployment.resources.limits.memory =  2048MB
 3) .Values.deployment.resources.limits.memory =  1024MB
 4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB
 ```
-
-{{ template "chart.valuesTable" . }}

charts/infra/templates/cluster-role.yaml

@@ -1,14 +1,14 @@
-apiVersion: {{ .Values.gateway.apiVersion }}
+apiVersion: {{ .Values.istio.networking.apiVersion }}
 kind: Gateway
 metadata:
-  name: {{ .Values.gateway.name}}
+  name: {{ .Values.istio.gateway.name}}
   namespace: {{ .Release.Namespace }}
-{{- if .Values.gateway.annotations }}
+{{- if .Values.istio.gateway.annotations }}
   annotations:
-    {{- toYaml .Values.gateway.annotations | nindent 4 }}
+    {{- toYaml .Values.istio.gateway.annotations | nindent 4 }}
 {{- end }}
 spec:
   selector:
-{{ .Values.gateway.selector | toYaml | indent 4 }}
+{{ .Values.istio.gateway.selector | toYaml | indent 4 }}
   servers:
-{{ toYaml .Values.gateway.servers | indent 4 }}
+{{ toYaml .Values.istio.gateway.servers | indent 4 }}

charts/infra/templates/external-secret-account-operator.yaml

@@ -0,0 +1,16 @@
+{{ if .Values.istio.serviceEntries.https.enabled -}}
+apiVersion: {{ .Values.istio.networking.apiVersion }}
+kind: ServiceEntry
+metadata:
+  name: openmfp-https
+  namespace: {{ .Release.Namespace }}
+spec:
+  hosts:
+  {{ .Values.istio.serviceEntries.https.hosts | toYaml | nindent 4 }}
+  location: MESH_EXTERNAL
+  ports:
+    - name: https
+      number: 443
+      protocol: TLS
+  resolution: DNS
+{{- end -}}

charts/infra/templates/store.yaml charts/infra/templates/fga-store.yaml

@@ -1,26 +1,5 @@
 disables externalsecrets:
   1: |
-    apiVersion: external-secrets.io/v1beta1
-    kind: ExternalSecret
-    metadata:
-      name: account-operator-sa-kubeconfig
-      namespace: NAMESPACE
-    spec:
-      data:
-        - remoteRef:
-            conversionStrategy: Default
-            key: null
-            property: kubeconfig
-          secretKey: kubeconfig
-      refreshInterval: 10m
-      secretStoreRef:
-        kind: SecretStore
-        name: environment-store
-      target:
-        creationPolicy: Owner
-        deletionPolicy: Retain
-        name: account-operator-sa-kubeconfig
-  2: |
     apiVersion: networking.istio.io/v1
     kind: Gateway
     metadata:
@@ -38,27 +17,6 @@ disables externalsecrets:
             protocol: HTTP
 matches the snapshot:
   1: |
-    apiVersion: external-secrets.io/v1beta1
-    kind: ExternalSecret
-    metadata:
-      name: account-operator-sa-kubeconfig
-      namespace: NAMESPACE
-    spec:
-      data:
-        - remoteRef:
-            conversionStrategy: Default
-            key: account-operator-sa-kubeconfig
-            property: kubeconfig
-          secretKey: kubeconfig
-      refreshInterval: 10m
-      secretStoreRef:
-        kind: SecretStore
-        name: environment-store
-      target:
-        creationPolicy: Owner
-        deletionPolicy: Retain
-        name: account-operator-sa-kubeconfig
-  2: |
     apiVersion: networking.istio.io/v1
     kind: Gateway
     metadata:

charts/infra/templates/gateway.yaml

@@ -1,37 +1,35 @@
-gateway:
-  annotations: {}
-  apiVersion: networking.istio.io/v1
-  name: gateway
-  selector:
-    istio: gateway
-  servers:
-    - port:
-        number: 8080
-        name: http
-        protocol: HTTP
-      hosts:
-        - "*"
-
-rbac:
-  clusterRole:
-    enabled: false
-
-kcp:
-  enabled: false
-#  host: ""
-
-keycloak:
-  enabled: false
-  hosts:
-    - "login.microsoftonline.com"
-
-externalSecrets:
-  accountOperatorSaKubeconfig: account-operator-sa-kubeconfig
+istio:
+  networking:
+    # -- The istio apiVersion used for networking resources in this chart eg. networking.istio.io/v1, networking.istio.io/v1beta1
+    apiVersion: networking.istio.io/v1
+  gateway:
+    # -- Annotations to be applied to the istio gateway
+    annotations: {}
+    # -- The istio apiVersion of the gateway resource eg, networking.istio.io/v1, networking.istio.io/v1beta1
+    apiVersion:
+    # -- The name of the istio gateway resource
+    name: gateway
+    selector:
+      # -- The istio ingress gateway selector
+      istio: gateway
+    # -- The "servers" section of the istio gateway. By default it is configured for a local kind setup. Adjust to be a https port for productive deployments
+    servers:
+      - port:
+          number: 8080
+          name: http
+          protocol: HTTP
+        hosts:
+          - "*"
+  serviceEntries:
+    https:
+      # -- A toggle to enable the service entries for external https communication
+      enabled: false
+      # -- The list of hosts to be added to the service entry
+      hosts: []
 
 fga:
+  # -- An experimental toggle to enable the FGA integration
   enabled: true
+  # -- The list of FGA stores to be created
   stores: []
 
-certificate:
-  gardener:
-    enabled: false