chore (charts): move keycloak chart (#44)

.github/workflows/helm-docs.yaml

@@ -0,0 +1,23 @@
+name: Verify Helm Docs up-to-date
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  generate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+      - name: Run helm-docs
+        uses: losisin/helm-docs-github-action@v1
+        with:
+          fail-on-diff: false
+          chart-search-root: charts/
+          template-files: README.md.gotmpl
+          git-push: true
+          git-push-user-name: "openmfp-technical-user"
+          git-push-user-email: "openmfp@gmail.com"
+          git-commit-message: "chore: update Helm documentation"

charts/account-operator-crds/README.md.gotmpl

@@ -0,0 +1,33 @@
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+## Additional Information
+
+The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts.
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesHeader" . }}
+
+The values in the `defaults:` section can be reused from other charts by using the lookup function "common.getKeyValue". It implements lookup on three levels:
+
+1. Looks for `keyOverride` in the chart's values.yaml
+2. Looks for `global.key` in the chart's or parent chart's values.yaml
+3. Uses the `key` in the chart's values.yaml
+4. Uses the `common.defaults.key` value from the table below.
+
+1 has precendence over 2 over 3 over 4 respectively. This approach allows for individual charts to have minimal configuration, while still being able to override parameters locally.
+
+Example 
+```
+1) .Values.deployment.resources.limits.memoryOveride =  4096MB
+2) .Values.global.deployment.resources.limits.memory =  2048MB
+3) .Values.deployment.resources.limits.memory =  1024MB
+4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB
+```
+
+{{ template "chart.valuesTable" . }}
+
+{{ template "helm-docs.versionFooter" . }}

charts/account-operator/README.md

@@ -4,6 +4,12 @@ A Helm chart to deploy OpenMFP Account-Operator
 
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
+![Version: 0.4.25](https://img.shields.io/badge/Version-0.4.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.109.0](https://img.shields.io/badge/AppVersion-0.109.0-informational?style=flat-square)
+
+## Additional Information
+
+The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts.
+
 ## Requirements
 
 | Repository | Name | Description | Sources |

charts/example-content/README.md

@@ -2,6 +2,12 @@
 
 Helm Chart for the openmfp Portal
 
+![Version: 0.110.9](https://img.shields.io/badge/Version-0.110.9-informational?style=flat-square) ![AppVersion: 0.126.0](https://img.shields.io/badge/AppVersion-0.126.0-informational?style=flat-square)
+
+## Additional Information
+
+The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts.
+
 ## Requirements
 
 | Repository | Name | Description | Sources |

charts/extension-manager-operator-crds/Chart.yaml

@@ -4,4 +4,5 @@ description: A Helm chart for Kubernetes
 
 type: application
 version: 0.1.7
-appVersion: "0.0.0"
+
+appVersion: "1.16.0"

charts/extension-manager-operator-crds/README.md.gotmpl

@@ -0,0 +1,33 @@
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+## Additional Information
+
+The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts.
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesHeader" . }}
+
+The values in the `defaults:` section can be reused from other charts by using the lookup function "common.getKeyValue". It implements lookup on three levels:
+
+1. Looks for `keyOverride` in the chart's values.yaml
+2. Looks for `global.key` in the chart's or parent chart's values.yaml
+3. Uses the `key` in the chart's values.yaml
+4. Uses the `common.defaults.key` value from the table below.
+
+1 has precendence over 2 over 3 over 4 respectively. This approach allows for individual charts to have minimal configuration, while still being able to override parameters locally.
+
+Example 
+```
+1) .Values.deployment.resources.limits.memoryOveride =  4096MB
+2) .Values.global.deployment.resources.limits.memory =  2048MB
+3) .Values.deployment.resources.limits.memory =  1024MB
+4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB
+```
+
+{{ template "chart.valuesTable" . }}
+
+{{ template "helm-docs.versionFooter" . }}

charts/extension-manager-operator/README.md

@@ -4,6 +4,12 @@ A Helm chart for extension-manager-operator which manages resources like Content
 
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
+![Version: 0.22.36](https://img.shields.io/badge/Version-0.22.36-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.77.0](https://img.shields.io/badge/AppVersion-0.77.0-informational?style=flat-square)
+
+## Additional Information
+
+The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts.
+
 ## Requirements
 
 | Repository | Name | Description | Sources |

charts/infra/templates/cluster-role.yaml

@@ -0,0 +1,30 @@
+{{- if ((.Values.rbac).clusterRole).enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: openmfp-cluster-reader
+rules:
+- apiGroups:
+  - core.openmfp.io
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: openmfp-cluster-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gardener.cloud:system:read-only
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: /portal
+{{- end -}}

charts/infra/templates/external-secret-account-operator.yaml

@@ -0,0 +1,22 @@
+{{- if eq (include "common.hasNestedKey" (dict "Values" .Values "key" "externalSecrets.enabled")) "true" }}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: account-operator-sa-kubeconfig
+  namespace: {{ .Release.Namespace }}
+spec:
+  refreshInterval: "10m"
+  secretStoreRef:
+    name: environment-store
+    kind: SecretStore
+  target:
+    name: account-operator-sa-kubeconfig
+    creationPolicy: Owner
+    deletionPolicy: Retain
+  data:
+    - secretKey: kubeconfig
+      remoteRef:
+        key: {{ .Values.externalSecrets.accountOperatorSaKubeconfig }}
+        property: kubeconfig
+        conversionStrategy: Default
+{{ end }}

charts/infra/templates/gateway.yaml

@@ -1,16 +1,14 @@
-{{- if eq (include "common.getKeyValue" (dict "Values" .Values "key" "istio.enabled")) "true" -}}
-apiVersion: {{ .Values.istio.networking.apiVersion }}
+apiVersion: {{ .Values.gateway.apiVersion }}
 kind: Gateway
 metadata:
-  name: {{ .Values.istio.gateway.name}}
+  name: {{ .Values.gateway.name}}
   namespace: {{ .Release.Namespace }}
-{{- if .Values.istio.gateway.annotations }}
+{{- if .Values.gateway.annotations }}
   annotations:
-    {{- toYaml .Values.istio.gateway.annotations | nindent 4 }}
+    {{- toYaml .Values.gateway.annotations | nindent 4 }}
 {{- end }}
 spec:
   selector:
-{{ .Values.istio.gateway.selector | toYaml | indent 4 }}
+{{ .Values.gateway.selector | toYaml | indent 4 }}
   servers:
-{{ toYaml .Values.istio.gateway.servers | indent 4 }}
-{{- end -}}
+{{ toYaml .Values.gateway.servers | indent 4 }}

charts/infra/templates/kcp-service-entry.yaml

@@ -0,0 +1,16 @@
+{{- if and .Values.kcp.enabled .Values.kcp.host -}}
+apiVersion: networking.istio.io/v1beta1
+kind: ServiceEntry
+metadata:
+  name: kcp-workspaces
+  namespace: {{ .Release.Namespace }}
+spec:
+  hosts:
+  - {{ .Values.kcp.host }}
+  location: MESH_EXTERNAL
+  ports:
+  - name: https
+    number: 443
+    protocol: TLS
+  resolution: DNS
+{{- end -}}

charts/infra/templates/keycloak-service-entry.yaml

@@ -0,0 +1,15 @@
+{{- if (.Values.keycloak).enabled -}}
+apiVersion: networking.istio.io/v1beta1
+kind: ServiceEntry
+metadata:
+  name: auth
+spec:
+  hosts:
+  {{- .Values.keycloak.hosts | toYaml | nindent 2 }}
+  location: MESH_EXTERNAL
+  ports:
+  - name: https
+    number: 443
+    protocol: TLS
+  resolution: DNS
+{{- end -}}

charts/infra/templates/store.yaml

@@ -0,0 +1,13 @@
+{{- if (.Values.fga).enabled }}
+{{- range .Values.fga.stores }}
+---
+apiVersion: core.openmfp.io/v1alpha1
+kind: Store
+metadata:
+  name: {{ .name }}
+  namespace: {{ .namespace }}
+spec:
+  coreModule: |
+    {{ .coreModuleName | nindent 4 }}
+{{- end}}
+{{- end }}

charts/infra/test-values.yaml

@@ -1,37 +1,36 @@
-istio:
-  enabled: true
-  serviceEntries:
-    https:
-      enabled: true
-      hosts: [ "example.com" ]
-  gateway:
-    apiVersion: networking.istio.io/v1
-    name: gateway
-    selector:
-      istio: gateway
-    servers:
-      - port:
-          number: 8080
-          name: http
-          protocol: HTTP
-        hosts:
-          - "*"
+gateway:
+  apiVersion: networking.istio.io/v1
+  name: gateway
+  selector:
+    istio: gateway
+  servers:
+    - port:
+        number: 8080
+        name: http
+        protocol: HTTP
+      hosts:
+        - "*"
 
-fga:
-  enabled: true
-  stores:
-    - name: test
-      namespace: test
-      coreModuleName: |
-        module core
-  
-        type user
-
-        type account
-          relations
-            define owner: [user]
-            define member: [user] or owner
-      tuples:
-      - object: account:a
-        relation: owner
-        user: user:a
+kcp:
+  enabled: false
+#  host: ""
+
+auth:
+#  host: ""
+
+externalSecrets:
+  accountOperatorSaKubeconfig: account-operator-sa-kubeconfig
+  enabled: false
+
+stores:
+  - name: test
+    namespace: test
+    coreModuleName: |
+      module core
+
+      type user
+
+      type account
+        relations
+          define owner: [user]
+          define member: [user] or owner