diff --git a/.github/workflows/infra.yaml b/.github/workflows/infra.yaml new file mode 100644 index 000000000..05b6436d9 --- /dev/null +++ b/.github/workflows/infra.yaml @@ -0,0 +1,28 @@ +name: Build infra Workflow +on: + push: + paths: + - 'charts/infra/**' + - '.github/workflows/infra.yaml' + +jobs: + pipeline: + concurrency: + group: infra-${{ github.ref }} + cancel-in-progress: true + uses: openmfp/gha/.github/workflows/pipeline-chart.yml@main + with: + chartFolder: charts + chartName: infra + additionalTestFilesCommand: '' + chartRepos: 'bitnami=https://charts.bitnami.com/bitnami,openfga=https://openfga.github.io/helm-charts' + secrets: inherit + + updateVersionFile: + if: ${{ github.ref == 'refs/heads/main' }} + needs: [pipeline] + uses: openmfp/gha/.github/workflows/job-update-version-file.yml@main + secrets: inherit + with: + componentVersionKey: "infra" + version: ${{ needs.pipeline.outputs.version }} diff --git a/charts/account-operator/Chart.lock b/charts/account-operator/Chart.lock index 8de1c8f2c..5a34f2c38 100644 --- a/charts/account-operator/Chart.lock +++ b/charts/account-operator/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 0.1.8 - name: common repository: oci://ghcr.io/openmfp/helm-charts - version: 0.1.7 -digest: sha256:702670046f635dd04bb39783618e73066235c013bbcf3a09e37900bdddcd087e -generated: "2024-12-06T10:04:56.694119835Z" + version: 0.1.8 +digest: sha256:400dc66500f82dce172eee4a2cabc52490f2c61213dc743b63346a6ded133841 +generated: "2024-12-09T15:52:46.44887344Z" diff --git a/charts/account-operator/Chart.yaml b/charts/account-operator/Chart.yaml index 55c9cb633..c391f32ee 100644 --- a/charts/account-operator/Chart.yaml +++ b/charts/account-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: account-operator description: A Helm chart for Kubernetes type: application -version: 0.5.6 +version: 0.5.7 appVersion: "0.111.0" dependencies: - name: account-operator-crds @@ -10,5 +10,5 @@ dependencies: condition: crds.enabled repository: oci://ghcr.io/openmfp/helm-charts - name: common - version: 0.1.7 + version: 0.1.8 repository: oci://ghcr.io/openmfp/helm-charts diff --git a/charts/account-operator/README.md b/charts/account-operator/README.md index 64088b29c..3c394d934 100644 --- a/charts/account-operator/README.md +++ b/charts/account-operator/README.md @@ -2,7 +2,7 @@ A Helm chart for Kubernetes -![Version: 0.5.6](https://img.shields.io/badge/Version-0.5.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.111.0](https://img.shields.io/badge/AppVersion-0.111.0-informational?style=flat-square) +![Version: 0.5.7](https://img.shields.io/badge/Version-0.5.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.111.0](https://img.shields.io/badge/AppVersion-0.111.0-informational?style=flat-square) ## Additional Information @@ -13,7 +13,7 @@ The `common` chart is a library of common resources that are shared across all o | Repository | Name | Version | |------------|------|---------| | oci://ghcr.io/openmfp/helm-charts | account-operator-crds | 0.1.8 | -| oci://ghcr.io/openmfp/helm-charts | common | 0.1.7 | +| oci://ghcr.io/openmfp/helm-charts | common | 0.1.8 | ## Values diff --git a/charts/account-operator/charts/common-0.1.7.tgz b/charts/account-operator/charts/common-0.1.7.tgz deleted file mode 100644 index 2490a7a96..000000000 Binary files a/charts/account-operator/charts/common-0.1.7.tgz and /dev/null differ diff --git a/charts/account-operator/charts/common-0.1.8.tgz b/charts/account-operator/charts/common-0.1.8.tgz new file mode 100644 index 000000000..6374217f6 Binary files /dev/null and b/charts/account-operator/charts/common-0.1.8.tgz differ diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml index 3b8108387..57dca4e09 100644 --- a/charts/common/Chart.yaml +++ b/charts/common/Chart.yaml @@ -4,4 +4,4 @@ description: A Helm chart for Kubernetes type: library -version: 0.1.7 +version: 0.1.8 diff --git a/charts/common/README.md b/charts/common/README.md index a7352ec19..607061bef 100644 --- a/charts/common/README.md +++ b/charts/common/README.md @@ -2,7 +2,7 @@ A Helm chart for Kubernetes -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ## Additional Information @@ -37,6 +37,7 @@ Example | defaults.deployment.revisionHistoryLimit | int | `3` | deployment revision history limit | | defaults.deployment.strategy | string | `"RollingUpdate"` | deployment strategy | | defaults.externalSecrets.enabled | bool | `true` | toggle to enable/disable external-secrets | +| defaults.fga.enabled | bool | `false` | toggle to enable/disable experimental FGA features | | defaults.health.liveness | object | `{"failureThreshold":1,"path":"/healthz"}` | liveness probe parameters | | defaults.health.periodSeconds | int | `10` | health period | | defaults.health.port | int | `8081` | health port | diff --git a/charts/common/test-chart/Chart.lock b/charts/common/test-chart/Chart.lock index a6d4a2f8d..8a77797d7 100644 --- a/charts/common/test-chart/Chart.lock +++ b/charts/common/test-chart/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: file://.. - version: 0.1.5 -digest: sha256:4922b07dc901a2efda0b3d40954a68fa4dc360421bffdcaf96889b31a972f9b4 -generated: "2024-11-26T14:45:17.586883648+02:00" + version: 0.1.8 +digest: sha256:eee7e1ccb5821b28c6d01a54bdc5ff4a12887b1306b137d6a8b4610f71ed619a +generated: "2024-12-09T16:40:26.404366+01:00" diff --git a/charts/common/test-chart/Chart.yaml b/charts/common/test-chart/Chart.yaml index 079b84532..68357ee57 100644 --- a/charts/common/test-chart/Chart.yaml +++ b/charts/common/test-chart/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "1.16.0" dependencies: - name: common - version: 0.1.5 + version: 0.1.8 repository: file://.. diff --git a/charts/common/test-chart/charts/common-0.1.5.tgz b/charts/common/test-chart/charts/common-0.1.5.tgz deleted file mode 100644 index 3552f6f1f..000000000 Binary files a/charts/common/test-chart/charts/common-0.1.5.tgz and /dev/null differ diff --git a/charts/common/test-chart/charts/common-0.1.8.tgz b/charts/common/test-chart/charts/common-0.1.8.tgz new file mode 100644 index 000000000..cacc4f0bf Binary files /dev/null and b/charts/common/test-chart/charts/common-0.1.8.tgz differ diff --git a/charts/common/values.yaml b/charts/common/values.yaml index 5f22953ba..7d13424f3 100644 --- a/charts/common/values.yaml +++ b/charts/common/values.yaml @@ -62,6 +62,10 @@ defaults: # -- name of the gateway name: gateway + fga: + # -- toggle to enable/disable experimental FGA features + enabled: false + securityContext: # -- user id to run the container runAsUser: 1000 diff --git a/charts/example-content/Chart.lock b/charts/example-content/Chart.lock index 585063594..470fc3f5a 100644 --- a/charts/example-content/Chart.lock +++ b/charts/example-content/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://ghcr.io/openmfp/helm-charts - version: 0.1.7 -digest: sha256:45fcb4149403eb8b2774797e82e49d0e3969274393c8958ee6d3a0268e99ef76 -generated: "2024-12-06T10:05:08.678131559Z" + version: 0.1.8 +digest: sha256:e4718b08670cce49ce9d031fb9a00b5e7b706c6629a4392b1244e501e42866a5 +generated: "2024-12-09T15:53:00.754558771Z" diff --git a/charts/example-content/Chart.yaml b/charts/example-content/Chart.yaml index 4867de6a0..136c73152 100644 --- a/charts/example-content/Chart.yaml +++ b/charts/example-content/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 appVersion: "0.126.0" description: Helm Chart for the openmfp Portal name: example-content -version: 0.110.13 +version: 0.110.14 dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: oci://ghcr.io/openmfp/helm-charts diff --git a/charts/example-content/README.md b/charts/example-content/README.md index af8deca7b..0bca7ab70 100644 --- a/charts/example-content/README.md +++ b/charts/example-content/README.md @@ -2,7 +2,7 @@ Helm Chart for the openmfp Portal -![Version: 0.110.13](https://img.shields.io/badge/Version-0.110.13-informational?style=flat-square) ![AppVersion: 0.126.0](https://img.shields.io/badge/AppVersion-0.126.0-informational?style=flat-square) +![Version: 0.110.14](https://img.shields.io/badge/Version-0.110.14-informational?style=flat-square) ![AppVersion: 0.126.0](https://img.shields.io/badge/AppVersion-0.126.0-informational?style=flat-square) ## Additional Information @@ -12,7 +12,7 @@ The `common` chart is a library of common resources that are shared across all o | Repository | Name | Version | |------------|------|---------| -| oci://ghcr.io/openmfp/helm-charts | common | 0.1.7 | +| oci://ghcr.io/openmfp/helm-charts | common | 0.1.8 | ## Values diff --git a/charts/example-content/charts/common-0.1.7.tgz b/charts/example-content/charts/common-0.1.7.tgz deleted file mode 100644 index 2490a7a96..000000000 Binary files a/charts/example-content/charts/common-0.1.7.tgz and /dev/null differ diff --git a/charts/example-content/charts/common-0.1.8.tgz b/charts/example-content/charts/common-0.1.8.tgz new file mode 100644 index 000000000..6374217f6 Binary files /dev/null and b/charts/example-content/charts/common-0.1.8.tgz differ diff --git a/charts/extension-manager-operator/Chart.lock b/charts/extension-manager-operator/Chart.lock index cac024fa0..4eef9066c 100644 --- a/charts/extension-manager-operator/Chart.lock +++ b/charts/extension-manager-operator/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 0.1.5 - name: common repository: oci://ghcr.io/openmfp/helm-charts - version: 0.1.7 -digest: sha256:3d8e047be64a5c0508678d38b4e2f76726351d3c9740ec015e6e4c9f7bd719dc -generated: "2024-12-06T12:02:55.929028216Z" + version: 0.1.8 +digest: sha256:a47dbbbe7dcb907e7dae77a1779f96bd99d0daf1f7b6e3f86deff81f0adeddc7 +generated: "2024-12-09T15:53:15.298241138Z" diff --git a/charts/extension-manager-operator/Chart.yaml b/charts/extension-manager-operator/Chart.yaml index 43a2d769b..9972aa577 100644 --- a/charts/extension-manager-operator/Chart.yaml +++ b/charts/extension-manager-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: extension-manager-operator description: A Helm chart for extension-manager-operator type: application -version: 0.22.42 +version: 0.22.43 appVersion: "0.77.0" dependencies: - name: extension-manager-operator-crds @@ -10,5 +10,5 @@ dependencies: condition: crds.enabled repository: oci://ghcr.io/openmfp/helm-charts - name: common - version: 0.1.7 + version: 0.1.8 repository: oci://ghcr.io/openmfp/helm-charts diff --git a/charts/extension-manager-operator/README.md b/charts/extension-manager-operator/README.md index 6d2ce58b6..49d599cb2 100644 --- a/charts/extension-manager-operator/README.md +++ b/charts/extension-manager-operator/README.md @@ -2,7 +2,7 @@ A Helm chart for extension-manager-operator -![Version: 0.22.42](https://img.shields.io/badge/Version-0.22.42-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.77.0](https://img.shields.io/badge/AppVersion-0.77.0-informational?style=flat-square) +![Version: 0.22.43](https://img.shields.io/badge/Version-0.22.43-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.77.0](https://img.shields.io/badge/AppVersion-0.77.0-informational?style=flat-square) ## Additional Information @@ -12,7 +12,7 @@ The `common` chart is a library of common resources that are shared across all o | Repository | Name | Version | |------------|------|---------| -| oci://ghcr.io/openmfp/helm-charts | common | 0.1.7 | +| oci://ghcr.io/openmfp/helm-charts | common | 0.1.8 | | oci://ghcr.io/openmfp/helm-charts | extension-manager-operator-crds | 0.1.5 | ## Values diff --git a/charts/extension-manager-operator/charts/common-0.1.7.tgz b/charts/extension-manager-operator/charts/common-0.1.7.tgz deleted file mode 100644 index 2490a7a96..000000000 Binary files a/charts/extension-manager-operator/charts/common-0.1.7.tgz and /dev/null differ diff --git a/charts/extension-manager-operator/charts/common-0.1.8.tgz b/charts/extension-manager-operator/charts/common-0.1.8.tgz new file mode 100644 index 000000000..6374217f6 Binary files /dev/null and b/charts/extension-manager-operator/charts/common-0.1.8.tgz differ diff --git a/charts/infra/Chart.lock b/charts/infra/Chart.lock index edc2b2e28..47257fa37 100644 --- a/charts/infra/Chart.lock +++ b/charts/infra/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://ghcr.io/openmfp/helm-charts - version: 0.1.7 -digest: sha256:45fcb4149403eb8b2774797e82e49d0e3969274393c8958ee6d3a0268e99ef76 -generated: "2024-12-06T10:05:31.423849254Z" + version: 0.1.8 +digest: sha256:e4718b08670cce49ce9d031fb9a00b5e7b706c6629a4392b1244e501e42866a5 +generated: "2024-12-09T16:46:41.582356+01:00" diff --git a/charts/infra/Chart.yaml b/charts/infra/Chart.yaml index 8dcd9cfbd..d7a0b6415 100644 --- a/charts/infra/Chart.yaml +++ b/charts/infra/Chart.yaml @@ -1,11 +1,11 @@ apiVersion: v2 name: infra -description: OpenMFP network infrastructure +description: The infra openmfp chart configures a number of common infrastructure components for the OpenMFP platform. type: application -version: 0.57.7 +version: 0.59.0 appVersion: "1.16.0" dependencies: - name: common - version: 0.1.7 + version: 0.1.8 repository: oci://ghcr.io/openmfp/helm-charts diff --git a/charts/infra/README.md b/charts/infra/README.md index c5be076e2..537ca6bb5 100644 --- a/charts/infra/README.md +++ b/charts/infra/README.md @@ -1,8 +1,8 @@ # infra -OpenMFP network infrastructure +The infra openmfp chart configures a number of common infrastructure components for the OpenMFP platform. -![Version: 0.57.7](https://img.shields.io/badge/Version-0.57.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.59.0](https://img.shields.io/badge/Version-0.59.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) ## Additional Information @@ -12,9 +12,23 @@ The `common` chart is a library of common resources that are shared across all o | Repository | Name | Version | |------------|------|---------| -| oci://ghcr.io/openmfp/helm-charts | common | 0.1.7 | +| oci://ghcr.io/openmfp/helm-charts | common | 0.1.8 | ## Values +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| fga.enabled | bool | `true` | An experimental toggle to enable the FGA integration | +| fga.stores | list | `[]` | The list of FGA stores to be created | +| istio.gateway.annotations | object | `{}` | Annotations to be applied to the istio gateway | +| istio.gateway.apiVersion | string | `nil` | The istio apiVersion of the gateway resource eg, networking.istio.io/v1, networking.istio.io/v1beta1 | +| istio.gateway.name | string | `"gateway"` | The name of the istio gateway resource | +| istio.gateway.selector.istio | string | `"gateway"` | The istio ingress gateway selector | +| istio.gateway.servers | list | `[{"hosts":["*"],"port":{"name":"http","number":8080,"protocol":"HTTP"}}]` | The "servers" section of the istio gateway. By default it is configured for a local kind setup. Adjust to be a https port for productive deployments | +| istio.networking.apiVersion | string | `"networking.istio.io/v1"` | The istio apiVersion used for networking resources in this chart eg. networking.istio.io/v1, networking.istio.io/v1beta1 | +| istio.serviceEntries.https.enabled | bool | `false` | A toggle to enable the service entries for external https communication | +| istio.serviceEntries.https.hosts | list | `[]` | The list of hosts to be added to the service entry | + +## Overriding Values The values in the `defaults:` section can be reused from other charts by using the lookup function "common.getKeyValue". It implements lookup on three levels: @@ -32,22 +46,3 @@ Example 3) .Values.deployment.resources.limits.memory = 1024MB 4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB ``` - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| certificate.gardener.enabled | bool | `false` | | -| externalSecrets.accountOperatorSaKubeconfig | string | `"account-operator-sa-kubeconfig"` | | -| fga.enabled | bool | `true` | | -| fga.stores | list | `[]` | | -| gateway.annotations | object | `{}` | | -| gateway.apiVersion | string | `"networking.istio.io/v1"` | | -| gateway.name | string | `"gateway"` | | -| gateway.selector.istio | string | `"gateway"` | | -| gateway.servers[0].hosts[0] | string | `"*"` | | -| gateway.servers[0].port.name | string | `"http"` | | -| gateway.servers[0].port.number | int | `8080` | | -| gateway.servers[0].port.protocol | string | `"HTTP"` | | -| kcp.enabled | bool | `false` | | -| keycloak.enabled | bool | `false` | | -| keycloak.hosts[0] | string | `"login.microsoftonline.com"` | | -| rbac.clusterRole.enabled | bool | `false` | | diff --git a/charts/infra/README.md.gotmpl b/charts/infra/README.md.gotmpl index 4afb525d8..bef98d84f 100644 --- a/charts/infra/README.md.gotmpl +++ b/charts/infra/README.md.gotmpl @@ -10,6 +10,9 @@ The `common` chart is a library of common resources that are shared across all o {{ template "chart.requirementsSection" . }} {{ template "chart.valuesHeader" . }} +{{ template "chart.valuesTable" . }} + +## Overriding Values The values in the `defaults:` section can be reused from other charts by using the lookup function "common.getKeyValue". It implements lookup on three levels: @@ -20,12 +23,10 @@ The values in the `defaults:` section can be reused from other charts by using t 1 has precendence over 2 over 3 over 4 respectively. This approach allows for individual charts to have minimal configuration, while still being able to override parameters locally. -Example +Example ``` 1) .Values.deployment.resources.limits.memoryOveride = 4096MB 2) .Values.global.deployment.resources.limits.memory = 2048MB 3) .Values.deployment.resources.limits.memory = 1024MB 4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB ``` - -{{ template "chart.valuesTable" . }} diff --git a/charts/infra/charts/common-0.1.7.tgz b/charts/infra/charts/common-0.1.7.tgz deleted file mode 100644 index 2490a7a96..000000000 Binary files a/charts/infra/charts/common-0.1.7.tgz and /dev/null differ diff --git a/charts/infra/charts/common-0.1.8.tgz b/charts/infra/charts/common-0.1.8.tgz new file mode 100644 index 000000000..6374217f6 Binary files /dev/null and b/charts/infra/charts/common-0.1.8.tgz differ diff --git a/charts/infra/templates/cluster-role.yaml b/charts/infra/templates/cluster-role.yaml deleted file mode 100644 index ec8339334..000000000 --- a/charts/infra/templates/cluster-role.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if ((.Values.rbac).clusterRole).enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: openmfp-cluster-reader -rules: -- apiGroups: - - core.openmfp.io - resources: - - '*' - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: openmfp-cluster-reader -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gardener.cloud:system:read-only -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: Group - name: /portal -{{- end -}} diff --git a/charts/infra/templates/external-secret-account-operator.yaml b/charts/infra/templates/external-secret-account-operator.yaml deleted file mode 100644 index 6bb0c566f..000000000 --- a/charts/infra/templates/external-secret-account-operator.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq (include "common.hasNestedKey" (dict "Values" .Values "key" "externalSecrets.enabled")) "true" }} -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: account-operator-sa-kubeconfig - namespace: {{ .Release.Namespace }} -spec: - refreshInterval: "10m" - secretStoreRef: - name: environment-store - kind: SecretStore - target: - name: account-operator-sa-kubeconfig - creationPolicy: Owner - deletionPolicy: Retain - data: - - secretKey: kubeconfig - remoteRef: - key: {{ .Values.externalSecrets.accountOperatorSaKubeconfig }} - property: kubeconfig - conversionStrategy: Default -{{ end }} diff --git a/charts/infra/templates/store.yaml b/charts/infra/templates/fga-store.yaml similarity index 69% rename from charts/infra/templates/store.yaml rename to charts/infra/templates/fga-store.yaml index 095a2989a..19a60d626 100644 --- a/charts/infra/templates/store.yaml +++ b/charts/infra/templates/fga-store.yaml @@ -1,4 +1,4 @@ -{{- if (.Values.fga).enabled }} +{{- if eq (include "common.getNestedValue" (dict "Values" .Values "key" "fga.enabled")) "true" -}} {{- range .Values.fga.stores }} --- apiVersion: core.openmfp.io/v1alpha1 diff --git a/charts/infra/templates/gateway.yaml b/charts/infra/templates/gateway.yaml index 8b1723d55..c8ca3571b 100644 --- a/charts/infra/templates/gateway.yaml +++ b/charts/infra/templates/gateway.yaml @@ -1,14 +1,16 @@ -apiVersion: {{ .Values.gateway.apiVersion }} +{{- if eq (include "common.getKeyValue" (dict "Values" .Values "key" "istio.enabled")) "true" -}} +apiVersion: {{ .Values.istio.networking.apiVersion }} kind: Gateway metadata: - name: {{ .Values.gateway.name}} + name: {{ .Values.istio.gateway.name}} namespace: {{ .Release.Namespace }} -{{- if .Values.gateway.annotations }} +{{- if .Values.istio.gateway.annotations }} annotations: - {{- toYaml .Values.gateway.annotations | nindent 4 }} + {{- toYaml .Values.istio.gateway.annotations | nindent 4 }} {{- end }} spec: selector: -{{ .Values.gateway.selector | toYaml | indent 4 }} +{{ .Values.istio.gateway.selector | toYaml | indent 4 }} servers: -{{ toYaml .Values.gateway.servers | indent 4 }} \ No newline at end of file +{{ toYaml .Values.istio.gateway.servers | indent 4 }} +{{- end -}} diff --git a/charts/infra/templates/kcp-service-entry.yaml b/charts/infra/templates/kcp-service-entry.yaml deleted file mode 100644 index 4f509e5e2..000000000 --- a/charts/infra/templates/kcp-service-entry.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.kcp.enabled .Values.kcp.host -}} -apiVersion: networking.istio.io/v1beta1 -kind: ServiceEntry -metadata: - name: kcp-workspaces - namespace: {{ .Release.Namespace }} -spec: - hosts: - - {{ .Values.kcp.host }} - location: MESH_EXTERNAL - ports: - - name: https - number: 443 - protocol: TLS - resolution: DNS -{{- end -}} diff --git a/charts/infra/templates/keycloak-service-entry.yaml b/charts/infra/templates/keycloak-service-entry.yaml deleted file mode 100644 index e3b34d0e9..000000000 --- a/charts/infra/templates/keycloak-service-entry.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if (.Values.keycloak).enabled -}} -apiVersion: networking.istio.io/v1beta1 -kind: ServiceEntry -metadata: - name: auth -spec: - hosts: - {{- .Values.keycloak.hosts | toYaml | nindent 2 }} - location: MESH_EXTERNAL - ports: - - name: https - number: 443 - protocol: TLS - resolution: DNS -{{- end -}} diff --git a/charts/infra/templates/service-entries-https.yaml b/charts/infra/templates/service-entries-https.yaml new file mode 100644 index 000000000..980893628 --- /dev/null +++ b/charts/infra/templates/service-entries-https.yaml @@ -0,0 +1,16 @@ +{{ if .Values.istio.serviceEntries.https.enabled -}} +apiVersion: {{ .Values.istio.networking.apiVersion }} +kind: ServiceEntry +metadata: + name: openmfp-https + namespace: {{ .Release.Namespace }} +spec: + hosts: + {{ .Values.istio.serviceEntries.https.hosts | toYaml | nindent 4 }} + location: MESH_EXTERNAL + ports: + - name: https + number: 443 + protocol: TLS + resolution: DNS +{{- end -}} diff --git a/charts/infra/test-values.yaml b/charts/infra/test-values.yaml index 1ec678a07..294a41c31 100644 --- a/charts/infra/test-values.yaml +++ b/charts/infra/test-values.yaml @@ -1,36 +1,33 @@ -gateway: - apiVersion: networking.istio.io/v1 - name: gateway - selector: - istio: gateway - servers: - - port: - number: 8080 - name: http - protocol: HTTP - hosts: - - "*" +istio: + enabled: true + serviceEntries: + https: + enabled: true + hosts: [ "example.com" ] + gateway: + apiVersion: networking.istio.io/v1 + name: gateway + selector: + istio: gateway + servers: + - port: + number: 8080 + name: http + protocol: HTTP + hosts: + - "*" -kcp: - enabled: false -# host: "" - -auth: -# host: "" - -externalSecrets: - accountOperatorSaKubeconfig: account-operator-sa-kubeconfig - enabled: false - -stores: - - name: test - namespace: test - coreModuleName: | - module core - - type user - - type account - relations - define owner: [user] - define member: [user] or owner \ No newline at end of file +fga: + enabled: true + stores: + - name: test + namespace: test + coreModuleName: | + module core + + type user + + type account + relations + define owner: [user] + define member: [user] or owner \ No newline at end of file diff --git a/charts/infra/tests/__snapshot__/snapshot_test.yaml.snap b/charts/infra/tests/__snapshot__/snapshot_test.yaml.snap index 22130d2fa..bf424f593 100644 --- a/charts/infra/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/infra/tests/__snapshot__/snapshot_test.yaml.snap @@ -1,25 +1,20 @@ -disables externalsecrets: +matches the snapshot: 1: | - apiVersion: external-secrets.io/v1beta1 - kind: ExternalSecret + apiVersion: core.openmfp.io/v1alpha1 + kind: Store metadata: - name: account-operator-sa-kubeconfig - namespace: NAMESPACE + name: test + namespace: test spec: - data: - - remoteRef: - conversionStrategy: Default - key: null - property: kubeconfig - secretKey: kubeconfig - refreshInterval: 10m - secretStoreRef: - kind: SecretStore - name: environment-store - target: - creationPolicy: Owner - deletionPolicy: Retain - name: account-operator-sa-kubeconfig + coreModule: |2- + module core + + type user + + type account + relations + define owner: [user] + define member: [user] or owner 2: | apiVersion: networking.istio.io/v1 kind: Gateway @@ -36,41 +31,18 @@ disables externalsecrets: name: http number: 8080 protocol: HTTP -matches the snapshot: - 1: | - apiVersion: external-secrets.io/v1beta1 - kind: ExternalSecret - metadata: - name: account-operator-sa-kubeconfig - namespace: NAMESPACE - spec: - data: - - remoteRef: - conversionStrategy: Default - key: account-operator-sa-kubeconfig - property: kubeconfig - secretKey: kubeconfig - refreshInterval: 10m - secretStoreRef: - kind: SecretStore - name: environment-store - target: - creationPolicy: Owner - deletionPolicy: Retain - name: account-operator-sa-kubeconfig - 2: | + 3: | apiVersion: networking.istio.io/v1 - kind: Gateway + kind: ServiceEntry metadata: - name: gateway + name: openmfp-https namespace: NAMESPACE spec: - selector: - istio: gateway - servers: - - hosts: - - '*' - port: - name: http - number: 8080 - protocol: HTTP + hosts: + - example.com + location: MESH_EXTERNAL + ports: + - name: https + number: 443 + protocol: TLS + resolution: DNS diff --git a/charts/infra/tests/snapshot_test.yaml b/charts/infra/tests/snapshot_test.yaml index 895fa1414..86e743578 100644 --- a/charts/infra/tests/snapshot_test.yaml +++ b/charts/infra/tests/snapshot_test.yaml @@ -5,10 +5,5 @@ tests: - it: matches the snapshot asserts: - matchSnapshot: {} - - it: disables externalsecrets - set: - externalSecrets: - accountOperatorSaKubeconfig: null - asserts: - - matchSnapshot: {} + diff --git a/charts/infra/values.yaml b/charts/infra/values.yaml index 9029650e1..b8fb531ca 100644 --- a/charts/infra/values.yaml +++ b/charts/infra/values.yaml @@ -1,37 +1,34 @@ -gateway: - annotations: {} - apiVersion: networking.istio.io/v1 - name: gateway - selector: - istio: gateway - servers: - - port: - number: 8080 - name: http - protocol: HTTP - hosts: - - "*" - -rbac: - clusterRole: - enabled: false - -kcp: - enabled: false -# host: "" - -keycloak: - enabled: false - hosts: - - "login.microsoftonline.com" - -externalSecrets: - accountOperatorSaKubeconfig: account-operator-sa-kubeconfig +istio: + networking: + # -- The istio apiVersion used for networking resources in this chart eg. networking.istio.io/v1, networking.istio.io/v1beta1 + apiVersion: networking.istio.io/v1 + gateway: + # -- Annotations to be applied to the istio gateway + annotations: {} + # -- The istio apiVersion of the gateway resource eg, networking.istio.io/v1, networking.istio.io/v1beta1 + apiVersion: + # -- The name of the istio gateway resource + name: gateway + selector: + # -- The istio ingress gateway selector + istio: gateway + # -- The "servers" section of the istio gateway. By default it is configured for a local kind setup. Adjust to be a https port for productive deployments + servers: + - port: + number: 8080 + name: http + protocol: HTTP + hosts: + - "*" + serviceEntries: + https: + # -- A toggle to enable the service entries for external https communication + enabled: false + # -- The list of hosts to be added to the service entry + hosts: [] fga: + # -- An experimental toggle to enable the FGA integration enabled: true + # -- The list of FGA stores to be created stores: [] - -certificate: - gardener: - enabled: false diff --git a/charts/keycloak/Chart.lock b/charts/keycloak/Chart.lock index d6cc9839f..21c2197cd 100644 --- a/charts/keycloak/Chart.lock +++ b/charts/keycloak/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 24.2.3 - name: common repository: oci://ghcr.io/openmfp/helm-charts - version: 0.1.7 -digest: sha256:53dacdf19e8a6a1ee5a10b540377e11494fd2d17514d8a727283b89f405f1f0e -generated: "2024-12-06T10:05:43.601278858Z" + version: 0.1.8 +digest: sha256:15008aa7233debb006b103a1bcfb686cd87a90df31031f0333d04037f1ea8384 +generated: "2024-12-09T15:53:31.040565213Z" diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index fb6b4c422..4b8a0ef6b 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -3,7 +3,7 @@ name: keycloak description: A Helm chart for Kubernetes type: application -version: 0.59.26 +version: 0.59.27 appVersion: "1.16.0" dependencies: @@ -12,5 +12,5 @@ dependencies: version: 24.2.3 repository: oci://registry-1.docker.io/bitnamicharts - name: common - version: 0.1.7 + version: 0.1.8 repository: oci://ghcr.io/openmfp/helm-charts diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md index 4f49ea5fd..ca56e5abc 100644 --- a/charts/keycloak/README.md +++ b/charts/keycloak/README.md @@ -2,7 +2,7 @@ A Helm chart for Kubernetes -![Version: 0.59.26](https://img.shields.io/badge/Version-0.59.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: 0.59.27](https://img.shields.io/badge/Version-0.59.27-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) ## Additional Information @@ -12,7 +12,7 @@ The `common` chart is a library of common resources that are shared across all o | Repository | Name | Version | |------------|------|---------| -| oci://ghcr.io/openmfp/helm-charts | common | 0.1.7 | +| oci://ghcr.io/openmfp/helm-charts | common | 0.1.8 | | oci://registry-1.docker.io/bitnamicharts | keycloak(keycloak) | 24.2.3 | ## Values diff --git a/charts/keycloak/charts/common-0.1.7.tgz b/charts/keycloak/charts/common-0.1.7.tgz deleted file mode 100644 index 2490a7a96..000000000 Binary files a/charts/keycloak/charts/common-0.1.7.tgz and /dev/null differ diff --git a/charts/keycloak/charts/common-0.1.8.tgz b/charts/keycloak/charts/common-0.1.8.tgz new file mode 100644 index 000000000..6374217f6 Binary files /dev/null and b/charts/keycloak/charts/common-0.1.8.tgz differ diff --git a/charts/portal/Chart.lock b/charts/portal/Chart.lock index 5394abb5e..dbb4e76b4 100644 --- a/charts/portal/Chart.lock +++ b/charts/portal/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://ghcr.io/openmfp/helm-charts - version: 0.1.7 -digest: sha256:45fcb4149403eb8b2774797e82e49d0e3969274393c8958ee6d3a0268e99ef76 -generated: "2024-12-06T10:05:55.016927943Z" + version: 0.1.8 +digest: sha256:e4718b08670cce49ce9d031fb9a00b5e7b706c6629a4392b1244e501e42866a5 +generated: "2024-12-09T15:53:43.916760002Z" diff --git a/charts/portal/Chart.yaml b/charts/portal/Chart.yaml index 75e053d6e..459a9ae71 100644 --- a/charts/portal/Chart.yaml +++ b/charts/portal/Chart.yaml @@ -6,4 +6,4 @@ version: 0.69.163 dependencies: - name: common repository: oci://ghcr.io/openmfp/helm-charts - version: 0.1.7 + version: 0.1.8 diff --git a/charts/portal/README.md b/charts/portal/README.md index 527c535c3..c535a5275 100644 --- a/charts/portal/README.md +++ b/charts/portal/README.md @@ -12,7 +12,7 @@ The `common` chart is a library of common resources that are shared across all o | Repository | Name | Version | |------------|------|---------| -| oci://ghcr.io/openmfp/helm-charts | common | 0.1.7 | +| oci://ghcr.io/openmfp/helm-charts | common | 0.1.8 | ## Values diff --git a/charts/portal/charts/common-0.1.7.tgz b/charts/portal/charts/common-0.1.7.tgz deleted file mode 100644 index 2490a7a96..000000000 Binary files a/charts/portal/charts/common-0.1.7.tgz and /dev/null differ diff --git a/charts/portal/charts/common-0.1.8.tgz b/charts/portal/charts/common-0.1.8.tgz new file mode 100644 index 000000000..6374217f6 Binary files /dev/null and b/charts/portal/charts/common-0.1.8.tgz differ