Skip to content

Commit

Permalink
refactor: distribute maester charts as standalone (#124)
Browse files Browse the repository at this point in the history 
BREAKING CHANGE:

This patch moves `oathkeeper-maester` and `hydra-maester` into their standalone charts. ORY Hydra and ORY Oathkeeper charts still list the maester charts as dependencies.

Also adds documentation around use of the maester charts.

Closes #122
Closes #103 
Closes #116 
Closes #88

Signed-off-by: Clément BUCHART <clement@buchart.dev>
  • Loading branch information
@clement-buchart
clement-buchart committed Mar 31, 2020
1 parent 9b77407 commit 0596978
Show file tree
Hide file tree
Showing 31 changed files with 64 additions and 6 deletions.
10 changes: 7 additions & 3 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ jobs:
- checkout
- run: curl -L https://git.io/get_helm.sh | bash
- run: helm lint ./helm/charts/oathkeeper/
- run: helm lint ./helm/charts/oathkeeper-maester/
- run: helm lint ./helm/charts/hydra/
- run: helm lint ./helm/charts/hydra/charts/hydra-maester/
- run: helm lint ./helm/charts/hydra-maester/
- run: helm lint ./helm/charts/hive/
- run: helm lint ./helm/charts/example-idp/
- run: helm lint ./helm/charts/hive-selfservice-ui-node/
Expand Down Expand Up @@ -52,7 +53,7 @@ jobs:
- run:
command: |
export KUBECONFIG="$(kind get kubeconfig-path)"
.circleci/helm-test.sh hydra/charts/hydra-maester
.circleci/helm-test.sh hydra-maester
# Enable hive tests at a later stage
#
# - run:
Expand All @@ -68,9 +69,12 @@ jobs:
- checkout
- run: curl -L https://git.io/get_helm.sh | bash
- run: helm init --client-only
- run: helm dep update ./helm/charts/oathkeeper/
- run: helm package -d docs/helm/charts/ ./helm/charts/oathkeeper/ --version `echo $CIRCLE_TAG | sed s/v//g`
- run: helm package -d docs/helm/charts/ ./helm/charts/oathkeeper-maester/ --version `echo $CIRCLE_TAG | sed s/v//g`
- run: helm dep update ./helm/charts/hydra/
- run: helm package -d docs/helm/charts/ ./helm/charts/hydra/ --version `echo $CIRCLE_TAG | sed s/v//g`
- run: helm package -d docs/helm/charts/ ./helm/charts/hydra/charts/hydra-maester/ --version `echo $CIRCLE_TAG | sed s/v//g`
- run: helm package -d docs/helm/charts/ ./helm/charts/hydra-maester/ --version `echo $CIRCLE_TAG | sed s/v//g`
- run: helm package -d docs/helm/charts/ ./helm/charts/example-idp/ --version `echo $CIRCLE_TAG | sed s/v//g`
- run: helm package -d docs/helm/charts/ ./helm/charts/hive/ --version `echo $CIRCLE_TAG | sed s/v//g`
- run: helm package -d docs/helm/charts/ ./helm/charts/hive-selfservice-ui-node/ --version `echo $CIRCLE_TAG | sed s/v//g`
Expand Down
3 changes: 2 additions & 1 deletion .circleci/helm-test.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ function cleanup {
}
trap cleanup EXIT

helm install -f .circleci/values/$1.yaml -n ${release} ./helm/charts/$1 --wait --debug
helm dep update ./helm/charts/$1
helm install -f .circleci/values/$1.yaml -n ${release} ./helm/charts/$1 --wait --debug

n=0
until [[ $n -ge 5 ]]; do
Expand Down
0 ...ci/values/hydra/charts/hydra-maester.yaml → .circleci/values/hydra-maester.yaml
View file
File renamed without changes.
8 changes: 8 additions & 0 deletions docs/helm/hydra.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,3 +253,11 @@ $ helm install \
--set 'maester.enabled=false' \
ory/hydra
```

#### Using fullnameOverride

If you use need to override the name of the hydra resources such as the deployment or services, the traditional `fullnameOverride` value is available.

If you use it and deploy maester as part of hydra, make sure you also set `maester.hydraFullnameOverride` with the same value, so that the admin service name used by maester is properly computed with the new value.

Should you forget, helm will fail and remind you to.
8 changes: 8 additions & 0 deletions docs/helm/oathkeeper.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,14 @@ $ helm install \
ory/oathkeeper
```

#### Using fullnameOverride

If you use need to override the name of the oathkeeper resources such as the deployment or services, the traditional `fullnameOverride` value is available.

If you use it and deploy maester as part of oathkeeper, make sure you also set `maester.oathkeeperFullnameOverride` with the same value, so that the configmap name generated by maester is properly computed with the new value.

Should you forget, helm will fail and remind you to.

#### Operation modes
The Oathkeeper Maester works in either of these two modes:

Expand Down
0 ...ts/hydra/charts/hydra-maester/.helmignore → helm/charts/hydra-maester/.helmignore
View file
File renamed without changes.
0 ...rts/hydra/charts/hydra-maester/Chart.yaml → helm/charts/hydra-maester/Chart.yaml
View file
File renamed without changes.
0 ...ydra-maester/files/crd-oauth2clients.yaml → ...ydra-maester/files/crd-oauth2clients.yaml
View file
File renamed without changes.
0 ...arts/hydra-maester/templates/_helpers.tpl → ...arts/hydra-maester/templates/_helpers.tpl
View file
File renamed without changes.
0 ...ydra-maester/templates/crd-configmap.yaml → ...ydra-maester/templates/crd-configmap.yaml
View file
File renamed without changes.
0 ...arts/hydra-maester/templates/crd-job.yaml → ...arts/hydra-maester/templates/crd-job.yaml
View file
File renamed without changes.
0 ...rts/hydra-maester/templates/crd-rbac.yaml → ...rts/hydra-maester/templates/crd-rbac.yaml
View file
File renamed without changes.
0 ...s/hydra-maester/templates/deployment.yaml → ...s/hydra-maester/templates/deployment.yaml
View file
File renamed without changes.
0 .../charts/hydra-maester/templates/rbac.yaml → .../charts/hydra-maester/templates/rbac.yaml
View file
File renamed without changes.
0 ...ts/hydra/charts/hydra-maester/values.yaml → helm/charts/hydra-maester/values.yaml
View file
File renamed without changes.
3 changes: 2 additions & 1 deletion helm/charts/hydra/requirements.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
dependencies:
- name: hydra-maester
version: 0.0.6
version: 0.0.5-alpha10
condition: maester.enabled
alias: maester
repository: file://../hydra-maester
1 change: 1 addition & 0 deletions helm/charts/hydra/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{ include "hydra.check.override.consistency" . }}
The ORY Hydra HTTP Public API is available via:
{{- if .Values.ingress.public.enabled }}
{{- range $host := .Values.ingress.public.hosts }}
Expand Down
13 changes: 13 additions & 0 deletions helm/charts/hydra/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,19 @@ http://127.0.0.1:{{ .Values.service.public.port }}/
{{- end -}}
{{- end -}}
{{/*
Check overrides consistency
*/}}
{{- define "hydra.check.override.consistency" -}}
{{- if and .Values.maester.enabled .Values.fullnameOverride -}}
{{- if not .Values.maester.hydraFullnameOverride -}}
{{ fail "hydra fullname has been overridden, but the new value has not been provided to maester. Set maester.hydraFullnameOverride" }}
{{- else if not (eq .Values.maester.hydraFullnameOverride .Values.fullnameOverride) -}}
{{ fail (tpl "hydra fullname has been overridden, but a different value was provided to maester. {{ .Values.maester.hydraFullnameOverride }} different of {{ .Values.fullnameOverride }}" . ) }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "hydra.utils.joinListWithComma" -}}
{{- $local := dict "first" true -}}
{{- range $k, $v := . -}}{{- if not $local.first -}},{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}}
Expand Down
0 ...eper/charts/oathkeeper-master/.helmignore → helm/charts/oathkeeper-maester/.helmignore
View file
File renamed without changes.
0 ...eeper/charts/oathkeeper-master/Chart.yaml → helm/charts/oathkeeper-maester/Chart.yaml
View file
File renamed without changes.
0 ...ts/oathkeeper-master/files/crd-rules.yaml → ...s/oathkeeper-maester/files/crd-rules.yaml
View file
File renamed without changes.
6 changes: 5 additions & 1 deletion .../oathkeeper-master/templates/_helpers.tpl → ...oathkeeper-maester/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,15 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
Get Oathkeeper rules configmap
*/}}
{{- define "oathkeeper-maester.getCM" -}}
{{- if .Values.oathkeeperFullnameOverride -}}
{{- printf "%s-rules" .Values.oathkeeperFullnameOverride | trimSuffix "-" -}}
{{- else -}}
{{- $fullName := include "oathkeeper-maester.fullname" . -}}
{{- $nameParts := split "-" $fullName }}
{{- if eq $nameParts._0 $nameParts._1 -}}
{{- printf "%s-rules" $nameParts._0 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-rules" $nameParts._0 $nameParts._1 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
0 ...eeper-master/templates/crd-configmap.yaml → ...eper-maester/templates/crd-configmap.yaml
View file
File renamed without changes.
0 .../oathkeeper-master/templates/crd-job.yaml → ...oathkeeper-maester/templates/crd-job.yaml
View file
File renamed without changes.
0 ...oathkeeper-master/templates/crd-rbac.yaml → ...athkeeper-maester/templates/crd-rbac.yaml
View file
File renamed without changes.
0 ...thkeeper-master/templates/deployment.yaml → ...hkeeper-maester/templates/deployment.yaml
View file
File renamed without changes.
0 ...rts/oathkeeper-master/templates/rbac.yaml → ...ts/oathkeeper-maester/templates/rbac.yaml
View file
File renamed without changes.
2 changes: 2 additions & 0 deletions ...eper/charts/oathkeeper-master/values.yaml → helm/charts/oathkeeper-maester/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ global:

replicaCount: 1

# oathkeeperFullnameOverride: oathkeeper

# rulesConfigmapNamespace: some-namespace
# rulesFileName: access-rules.json

Expand Down
2 changes: 2 additions & 0 deletions helm/charts/oathkeeper/requirements.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,5 @@ dependencies:
- name: oathkeeper-maester
version: 0.0.1
condition: maester.enabled
alias: maester
repository: file://../oathkeeper-maester
1 change: 1 addition & 0 deletions helm/charts/oathkeeper/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{ include "oathkeeper.check.override.consistency" . }}
The ORY Oathkeeper HTTP Reverse Proxy is available via:
{{- if .Values.ingress.proxy.enabled }}
{{- range $host := .Values.ingress.proxy.hosts }}
Expand Down
13 changes: 13 additions & 0 deletions helm/charts/oathkeeper/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,16 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}

{{/*
Check overrides consistency
*/}}
{{- define "oathkeeper.check.override.consistency" -}}
{{- if and .Values.maester.enabled .Values.fullnameOverride -}}
{{- if not .Values.maester.oathkeeperFullnameOverride -}}
{{ fail "oathkeeper fullname has been overridden, but the new value has not been provided to maester. Set maester.oathkeeperFullnameOverride" }}
{{- else if not (eq .Values.maester.oathkeeperFullnameOverride .Values.fullnameOverride) -}}
{{ fail (tpl "oathkeeper fullname has been overridden, but a different value was provided to maester. {{ .Values.maester.oathkeeperFullnameOverride }} different of {{ .Values.fullnameOverride }}" . ) }}
{{- end -}}
{{- end -}}
{{- end -}}

0 comments on commit 0596978

Please sign in to comment.