feat: enable external secrets and refactor deployment configuration

On-behalf-of: @SAP angel.kafazov@sap.com
Signed-off-by: Angel Kafazov <akafazov@cst-bg.net>

Author: akafazov

charts/common/values.yaml

@@ -69,3 +69,7 @@ defaults:
     runAsGroup: 3000
     # -- fsGroup id to run the container
     fsGroup: 2000
+
+  externalSecrets:
+    # -- toggle to enable/disable external-secrets
+    enabled: true

charts/portal/templates/deploy.yaml

@@ -64,7 +64,7 @@ spec:
           value: "{{ .Values.featureToggles }}"
         {{- end }}
         - name: PORT
-          value: "{{ .Values.port }}"
+          value: "{{ include "common.getKeyValue" (dict "Values" .Values "key" "port") }}"
         - name: REGION
           value: {{ .Values.region }}
         - name: IMAGE_TAG

charts/portal/templates/external-secrets.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.externalSecrets.enabled -}}
+{{- if eq (include "common.hasNestedKey" (dict "Values" .Values "key" "externalSecrets.enabled")) "true" }}
 {{- $namespace := .Release.Namespace}}
 {{- $secretKeys := list }}
 {{- range $key, $idp := .Values.trust }}

charts/portal/tests/__snapshot__/external-secrets_test.yaml.snap

@@ -1,22 +1 @@
-matches the snapshot:
-  1: |
-    apiVersion: external-secrets.io/v1beta1
-    kind: ExternalSecret
-    metadata:
-      name: RELEASE-NAME-portal-client-secret-portal
-      namespace: NAMESPACE
-    spec:
-      data:
-        - remoteRef:
-            conversionStrategy: Default
-            key: dxp-core-team/manual-secrets/portal-client-secrets
-            property: portal
-          secretKey: secret
-      refreshInterval: 10m
-      secretStoreRef:
-        kind: SecretStore
-        name: environment-store
-      target:
-        creationPolicy: Owner
-        deletionPolicy: Retain
-        name: portal-client-secret-portal
+{}

charts/portal/tests/__snapshot__/istio_test.yaml.snap

@@ -82,27 +82,6 @@ matches the snapshot:
             runAsUser: 1000
           serviceAccountName: portal
   2: |
-    apiVersion: external-secrets.io/v1beta1
-    kind: ExternalSecret
-    metadata:
-      name: portal-portal-client-secret-portal
-      namespace: NAMESPACE
-    spec:
-      data:
-        - remoteRef:
-            conversionStrategy: Default
-            key: dxp-core-team/manual-secrets/portal-client-secrets
-            property: portal
-          secretKey: secret
-      refreshInterval: 10m
-      secretStoreRef:
-        kind: SecretStore
-        name: environment-store
-      target:
-        creationPolicy: Owner
-        deletionPolicy: Retain
-        name: portal-client-secret-portal
-  3: |
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRole
     metadata:
@@ -116,7 +95,7 @@ matches the snapshot:
           - get
           - watch
           - list
-  4: |
+  3: |
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
     metadata:
@@ -129,14 +108,14 @@ matches the snapshot:
       - kind: ServiceAccount
         name: portal
         namespace: NAMESPACE
-  5: |
+  4: |
     apiVersion: v1
     imagePullSecrets:
       - name: github
     kind: ServiceAccount
     metadata:
       name: portal
-  6: |
+  5: |
     apiVersion: v1
     kind: Service
     metadata:
@@ -233,27 +212,6 @@ matches the snapshot with istio disabled:
             runAsUser: 1000
           serviceAccountName: portal
   2: |
-    apiVersion: external-secrets.io/v1beta1
-    kind: ExternalSecret
-    metadata:
-      name: portal-portal-client-secret-portal
-      namespace: NAMESPACE
-    spec:
-      data:
-        - remoteRef:
-            conversionStrategy: Default
-            key: dxp-core-team/manual-secrets/portal-client-secrets
-            property: portal
-          secretKey: secret
-      refreshInterval: 10m
-      secretStoreRef:
-        kind: SecretStore
-        name: environment-store
-      target:
-        creationPolicy: Owner
-        deletionPolicy: Retain
-        name: portal-client-secret-portal
-  3: |
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRole
     metadata:
@@ -267,7 +225,7 @@ matches the snapshot with istio disabled:
           - get
           - watch
           - list
-  4: |
+  3: |
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
     metadata:
@@ -280,14 +238,14 @@ matches the snapshot with istio disabled:
       - kind: ServiceAccount
         name: portal
         namespace: NAMESPACE
-  5: |
+  4: |
     apiVersion: v1
     imagePullSecrets:
       - name: github
     kind: ServiceAccount
     metadata:
       name: portal
-  6: |
+  5: |
     apiVersion: v1
     kind: Service
     metadata:

charts/portal/values.yaml

@@ -1,20 +1,6 @@
 image:
   name: ghcr.io/openmfp/portal
-  pullPolicy: IfNotPresent
-
-imagePullSecret: github
-
-deployment:
-  maxUnavailable: 0
-  maxSurge: 5
-
-port: 8080
-
-istio:
-  enabled: true
-
-externalSecrets:
-  enabled: true
+  pullPolicyOverride: IfNotPresent
 
 http:
   protocol: https