-
-
Notifications
You must be signed in to change notification settings - Fork 257
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: allow disabling of hydra-maester #124
Conversation
e23a7b4
to
53eb8a2
Compare
How would using maester look like if those charts are separated? |
If you want to install
I think that is what is documented, that's why I didn't change the docs. |
I think maester takes a couple of settings from the parent chart right now, those values should probably be documented as well and/or automated if possible. We need to set the deployment name for example (iirc). Is separating the charts the only solution here? I would like to keep them together but if there really is no other way... |
I must have missed those, may you point them out ?
I don't think there is a way to allow for the disabling of maester without making them 2 separate charts, since anything in the charts subfolder WILL be deployed by helm, no matter what. I think these app have 2 different life-cycles, and should be deployed separately. I would have understood if hydra-maester would have been unable to address multiple hydra instances, but since the OAuth2Client CRD defines the target admin API, that's not the case. Eventually, you may even one day have a |
53eb8a2
to
44f3fee
Compare
I think if you change the fullNameOverride of hydra itself ( #76 ), the names used by maester are no longer correct. We might need to run a test case for this. I might be mistaken but I think that's one of the issues.
I see, I thought there was a switch to disable that but apparently it's not working as intended.
Yes, you are right! Let's take your approach then :) |
I was asking because it is already in the PR right? :) |
44f3fee
to
d492328
Compare
Ok, I understand. If you're OK with |
Ah, I see. I don't really know, what's your take on this? I mean we could also just document that right? Regarding the PR, I think it's pretty much good to go except for the thing with fullNameOverride. I merged your other changes so you'll need to rebase/merge with master :) |
I think Maybe the best compromise would be to keep fullNameOverride, but have a check in the hydra chart that says "if fullNameOverride is not nil AND maester.enabled is true AND maester.hydraFullNameOverride is nil", fail with the fail function ans a pretty message This way we keep fullNameOverride where it is expected, and warn potential users at the templating step that it must be set at two places to work effectively with a contextual message. Obviously with a line in the documentation. Ok for you ? |
Signed-off-by: Clément BUCHART <clement@buchart.dev>
Signed-off-by: Clément BUCHART <clement@buchart.dev>
d492328
to
8711314
Compare
I went ahead and implemented my proposal for you to review.
Cheers |
Yeah wow, good job! I guess this is now ready for a final review? :) |
Yes, I think everything's here. |
{{/* | ||
Check overrides consistency | ||
*/}} | ||
{{- define "hydra.check.override.consistency" -}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
I'm not entirely sure - do we need the fullNameOverride in oathkeeper as well? |
…eper Signed-off-by: Clément BUCHART <clement@buchart.dev>
@clement-buchart thank you for your great work! |
Indeed when using fullnameOverride in oathkeeper, oathkeeper maester wouldn't use the correct configmap name (that issue is present on master) I added a fix with the same strategy.
My pleasure, thanks for your responsiveness |
Hello,
This is a solution proposal for #122
Let me know if you think this is an acceptable fix, and I can propose the same change for oathkeeper.
If not, let me know what you would expect.
Cheers.