From 8545a57552849f859f338cd145ef4135b755af0c Mon Sep 17 00:00:00 2001 From: Simon Murray Date: Tue, 18 Jun 2024 11:45:44 +0100 Subject: [PATCH] Use Common Helm Templates (#83) --- .github/workflows/pull-request.yaml | 2 + .github/workflows/release.yaml | 2 + .gitignore | 2 + charts/identity/Chart.yaml | 9 +- charts/identity/templates/_helpers.tpl | 101 ------------------ .../templates/identity/deployment.yaml | 13 +-- .../identity/templates/identity/ingress.yaml | 6 +- charts/identity/values.yaml | 7 +- 8 files changed, 21 insertions(+), 121 deletions(-) diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index a8b39893..2984e49a 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -44,6 +44,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Touch run: make touch + - name: Build Helm Chart + run: helm dependency update charts/identity - name: Golang CI/Helm Lint run: make lint - name: Build Images diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 93914195..178a0c71 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -39,6 +39,8 @@ jobs: run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Build Helm Chart + run: helm dependency update charts/identity - name: Release Helm Chart uses: unikorn-cloud/chart-release-action@v1 env: diff --git a/.gitignore b/.gitignore index ae95a8f1..cf2d6f61 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ /bin /sboms +/charts/identity/Chart.lock +/charts/identity/charts *.swp cover.out cover.html diff --git a/charts/identity/Chart.yaml b/charts/identity/Chart.yaml index 128a53b1..8a4c69e7 100644 --- a/charts/identity/Chart.yaml +++ b/charts/identity/Chart.yaml @@ -4,7 +4,12 @@ description: A Helm chart for deploying Unikorn's IdP type: application -version: v0.2.12 -appVersion: v0.2.12 +version: v0.2.13 +appVersion: v0.2.13 icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png + +dependencies: +- name: unikorn-common + version: v0.1.3 + repository: https://unikorn-cloud.github.io/helm-common diff --git a/charts/identity/templates/_helpers.tpl b/charts/identity/templates/_helpers.tpl index fcb69920..3b64d3a9 100644 --- a/charts/identity/templates/_helpers.tpl +++ b/charts/identity/templates/_helpers.tpl @@ -1,77 +1,6 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "unikorn.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "unikorn.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "unikorn.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "unikorn.labels" -}} -helm.sh/chart: {{ include "unikorn.chart" . }} -{{ include "unikorn.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "unikorn.selectorLabels" -}} -app.kubernetes.io/name: {{ include "unikorn.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "unikorn.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "unikorn.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - {{/* Create the container images */}} -{{- define "unikorn.defaultRepositoryPath" -}} -{{- if .Values.repository }} -{{- printf "%s/%s" .Values.repository .Values.organization }} -{{- else }} -{{- .Values.organization }} -{{- end }} -{{- end }} - {{- define "unikorn.image" -}} {{- .Values.image | default (printf "%s/unikorn-identity:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }} {{- end }} @@ -95,33 +24,3 @@ Create image pull secrets - name: docker-config {{- end }} {{- end }} - -{{/* -Creates predicatable Kubernetes name compatible UUIDs from name. -Note we always start with a letter (kubernetes DNS label requirement), -group 3 starts with "4" (UUIDv4 aka "random") and group 4 with "8" -(the variant aka RFC9562). -*/}} -{{ define "resource.id" -}} -{{- $sum := sha256sum . -}} -{{ printf "f%s-%s-4%s-8%s-%s" (substr 1 8 $sum) (substr 8 12 $sum) (substr 13 16 $sum) (substr 17 20 $sum) (substr 20 32 $sum) }} -{{- end }} - -{{/* -Abstractions to allow an all-in-one chart -*/}} -{{- define "unikorn.identity.host" -}} -{{- if (and .Values.global .Values.global.identity .Values.global.identity.host) -}} -{{- .Values.global.identity.host }} -{{- else }} -{{- .Values.host }} -{{- end }} -{{- end }} - -{{- define "unikorn.ingress.clusterIssuer" -}} -{{- if (and .Values.global .Values.global.ingress .Values.global.ingress.clusterIssuer) -}} -{{- .Values.global.ingress.clusterIssuer }} -{{- else }} -{{- .Values.ingress.clusterIssuer }} -{{- end }} -{{- end }} diff --git a/charts/identity/templates/identity/deployment.yaml b/charts/identity/templates/identity/deployment.yaml index fd71f0ca..120b9b12 100644 --- a/charts/identity/templates/identity/deployment.yaml +++ b/charts/identity/templates/identity/deployment.yaml @@ -22,16 +22,11 @@ spec: - --host=https://{{ include "unikorn.identity.host" . }} - --jose-tls-secret=unikorn-identity-jose-tls - --refresh-token-duration={{ printf "%dh" (mul .Values.issuer.maxTokenDurationDays 24) }} - {{- with $cors := .Values.cors }} - {{- range $origin := $cors.allowOrigin }} - {{ printf "- --cors-allow-origin=%s" $origin | nindent 8 }} - {{- end }} - {{- if $cors.maxAge }} - {{ printf "- --cors-max-age=%s" $cors.maxAge | nindent 8 }} - {{- end }} + {{- with $cors := ( include "unikorn.cors.flags" . ) -}} + {{ $cors | nindent 8 }} {{- end }} - {{- if .Values.otlpEndpoint }} - {{ printf "- --otlp-endpoint=%s" .Values.otlpEndpoint | nindent 8 }} + {{- with $otlp := ( include "unikorn.otlp.flags" .) -}} + {{ $otlp | nindent 8 }} {{- end }} ports: - name: http diff --git a/charts/identity/templates/identity/ingress.yaml b/charts/identity/templates/identity/ingress.yaml index 994fbc7c..08bfa287 100644 --- a/charts/identity/templates/identity/ingress.yaml +++ b/charts/identity/templates/identity/ingress.yaml @@ -5,10 +5,8 @@ metadata: labels: {{- include "unikorn.labels" . | nindent 4 }} annotations: - {{- if .Values.ingress.clusterIssuer }} - cert-manager.io/cluster-issuer: {{ include "unikorn.ingress.clusterIssuer" . }} - {{- else if .Values.ingress.issuer }} - cert-manager.io/issuer: {{ .Values.ingress.issuer }} + {{- with $clusterIssuer := ( include "unikorn.ingress.clusterIssuer" . ) }} + cert-manager.io/cluster-issuer: {{ $clusterIssuer }} {{- end }} {{- if .Values.ingress.externalDns }} external-dns.alpha.kubernetes.io/hostname: {{ include "unikorn.identity.host" . }} diff --git a/charts/identity/values.yaml b/charts/identity/values.yaml index 65db7fce..975121c5 100644 --- a/charts/identity/values.yaml +++ b/charts/identity/values.yaml @@ -29,7 +29,8 @@ projectController: # Sets the DNS hosts, X.509 certificate subject alternative names and # oauth2 issuer etc. -host: identity.acme.org +identity: + host: identity.acme.org # Issuer related configuration. issuer: @@ -93,10 +94,6 @@ ingress: # Sets the ingress class to use. class: ~ - # Cert Manager certificate issuer to use. If not specified it will generate a - # self signed one. - issuer: ~ - # clusterIssuer to use. # This defaults to the self-signed CA defined in Unikorn core. clusterIssuer: unikorn-issuer