Skip to content

Commit

Permalink
Merge pull request #148 from elenaviter/ff-helm-ingress-and-service-a…
Browse files Browse the repository at this point in the history 
…cc-and-unique-names

FlowForge helm: 1. Editors: service account. 2. Broker: propagate ingress. 3. README
  • Loading branch information
@hardillb
hardillb committed Jul 31, 2023
2 parents 48d0ad7 + 046d6c2 commit 6f62d51
Show file tree
Hide file tree
Showing 6 changed files with 109 additions and 8 deletions.
17 changes: 17 additions & 0 deletions helm/flowforge/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,3 +122,20 @@ Enables FlowForge Telemetry
### Ingress
- `ingress.annotations` ingress annotations (default is `{}`). This value is also applied to Editor instances created by FlowForge.
- `ingress.className` ingress class name (default is `"""`). This value is also applied to Editor instances created by FlowForge.

### Editors IAM
Provision default service account for Editors if `editors.serviceAccount.create` is `true`.

- `editors.serviceAccount.create` flag, indicates whether default Editors service account is going to be provisioned.
- `editors.serviceAccount.annotations` k8s service account annotations.
- `editors.serviceAccount.name` name of the service account for Editors.

Example for <i>AWS</i>:
```yaml
editors:
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/${ROLE_NAME}
create: true
name: editors
```
6 changes: 6 additions & 0 deletions helm/flowforge/templates/broker.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,13 @@ metadata:
labels:
app: flowforge-broker
annotations:
{{- if .Values.ingress.annotations }}
{{- toYaml .Values.ingress.annotations | nindent 4 }}
{{- end }}
spec:
{{- if $.Values.ingress.className }}
ingressClassName: {{ $.Values.ingress.className }}
{{- end }}
rules:
- host: mqtt.{{ .Values.forge.domain }}
http:
Expand Down
4 changes: 4 additions & 0 deletions helm/flowforge/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@ spec:
- name: INGRESS_CLASS_NAME
value: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.editors.serviceAccount }}
- name: EDITOR_SERVICE_ACCOUNT
value: {{ .Values.editors.serviceAccount.name }}
{{- end }}
{{- if .Values.forge.projectDeploymentTolerations }}
- name: DEPLOYMENT_TOLERATIONS
value: {{ .Values.forge.projectDeploymentTolerations | toJson | quote }}
Expand Down
20 changes: 18 additions & 2 deletions helm/flowforge/templates/service-account.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,27 @@ metadata:
eks.amazonaws.com/sts-regional-endpoints: "true"
{{- end }}
{{- end }}


{{- if .Values.editors.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.editors.serviceAccount.name }}
namespace: {{ .Values.forge.projectNamespace }}
{{- with .Values.editors.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: create-pod
name: {{ .Release.Name }}-create-pod
rules:
- apiGroups: [""]
resources: ["pods", "pods/log", "pods/exec", "pods/status"]
Expand Down Expand Up @@ -45,5 +61,5 @@ subjects:
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: create-pod
name: {{ .Release.Name }}-create-pod
apiGroup: rbac.authorization.k8s.io
45 changes: 45 additions & 0 deletions helm/flowforge/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,28 @@
"projectSelector": {
"type": "object"
},
"projectDeploymentTolerations": {
"type": "array",
"items": {
"type": "object",
"properties": {
"effect": {
"type": "string"
},
"key": {
"type": "string"
},
"operator": {
"type": "string"
},
"value": {
"type": "string"
}
},
"required": ["effect", "key", "operator", "value"]
},
"default": []
},
"managementSelector": {
"type": "object"
},
Expand Down Expand Up @@ -309,6 +331,29 @@
"type": "string"
}
}
},
"editors": {
"type": "object",
"properties": {
"serviceAccount": {
"type": "object",
"properties": {
"annotations": {
"type": "object",
"minProperties": 0
},
"create": {
"type": "boolean"
},
"name": {
"type": "string",
"description": "Name of service account (scope of uniqueness is a 'Projects' namespace)"
}
},
"required": ["annotations", "name"]
}
},
"required": ["serviceAccount"]
}
},
"required": [
Expand Down
25 changes: 19 additions & 6 deletions helm/flowforge/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,11 @@ forge:
projectNamespace: flowforge
projectSelector:
role: projects

projectDeploymentTolerations: []
# - key: purpose
# operator: Equal
# value: flowforge-projects
# effect: NoSchedule
# - key: purpose
# operator: Equal
# value: flowforge-projects
# effect: NoSchedule
managementSelector:
role: management
telemetry:
Expand All @@ -32,17 +31,31 @@ forge:
type: postgres
host: flowforge-postgresql
username: forge
password: Zai1Wied
password: ""
database: ff-context
support:
enabled: false

domain: ""
entryPoint: ""
environment: {}
image: ""
registry: ""

postgresql:
postgresqlPostgresPassword: Moomiet0
postgresqlUsername: forge
postgresqlPassword: Zai1Wied
postgresqlDatabase: flowforge
global:
storageClass: default

ingress:
annotations: {}
className: ""

editors:
serviceAccount:
create: true
annotations: {}
name: editors

0 comments on commit 6f62d51

Please sign in to comment.