Skip to content

Commit

Permalink
DBP-686-clean-helm-chart (#388)
Browse files Browse the repository at this point in the history 
DBP-686-clean-helm-chart (#388)
  • Loading branch information
@aimee-889
aimee-889 authored Mar 22, 2024
1 parent 2d79675 commit 5103236
Show file tree
Hide file tree
Showing 20 changed files with 434 additions and 552 deletions.
2 changes: 1 addition & 1 deletion charts/dbildungs-iam-server/config/config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
"CLIENT_ID": "spsh"
},
"REDIS": {
"HOST": "redis-service",
"HOST": "dbildungs-iam-server-redis",
"PORT": 6379,
"USERNAME": "default",
"USE_TLS": false
Expand Down
108 changes: 27 additions & 81 deletions charts/dbildungs-iam-server/templates/_dbildungs-iam-server-envs.tpl
View file
Original file line number Diff line number Diff line change
@@ -1,83 +1,29 @@
{{- define "dbildungs-iam-server-backend-envs" }}
- name: NODE_ENV
value: {{.Values.environment | quote}}
- name: DEPLOY_STAGE
value: {{.Values.environment | quote}}
- name: DB_NAME
valueFrom:
configMapKeyRef:
name: {{.Values.configmap.name}}
key: db-name
- name: DB_SECRET
valueFrom:
secretKeyRef:
{{- if .Values.auth.existingSecret }}
name: {{ .Values.auth.existingSecret }}
{{- end }}
{{- if not .Values.auth.existingSecret }}
name: {{ .Values.auth.name }}
{{- end }}
key: db-password
- name: DB_HOST
valueFrom:
secretKeyRef:
{{- if .Values.auth.existingSecret }}
name: {{ .Values.auth.existingSecret }}
{{- end }}
{{- if not .Values.auth.existingSecret }}
name: {{ .Values.auth.name }}
{{- end }}
key: db-host
- name: DB_CLIENT_URL
value: "postgres://$(DB_HOST)/"
- name: KC_BASE_URL
valueFrom:
configMapKeyRef:
name: {{.Values.configmap.name}}
key: keycloak-base-url
- name: FRONTEND_OIDC_CALLBACK_URL
valueFrom:
configMapKeyRef:
name: {{.Values.configmap.name}}
key: frontend-oidc-callback-url
- name: FRONTEND_DEFAULT_LOGIN_REDIRECT
valueFrom:
configMapKeyRef:
name: {{.Values.configmap.name}}
key: frontend-default-login-redirect
- name: FRONTEND_LOGOUT_REDIRECT
valueFrom:
configMapKeyRef:
name: {{.Values.configmap.name}}
key: frontend-logout-redirect
- name: KC_ADMIN_SECRET
valueFrom:
secretKeyRef:
{{- if .Values.auth.existingSecret }}
name: {{ .Values.auth.existingSecret }}
{{- end }}
{{- if not .Values.auth.existingSecret }}
name: {{ .Values.auth.name }}
{{- end }}
key: keycloak-adminSecret
- name: KC_CLIENT_SECRET
valueFrom:
secretKeyRef:
{{- if .Values.auth.existingSecret }}
name: {{ .Values.auth.existingSecret }}
{{- end }}
{{- if not .Values.auth.existingSecret }}
name: {{ .Values.auth.name }}
{{- end }}
key: keycloak-clientSecret
- name: FRONTEND_SESSION_SECRET
valueFrom:
secretKeyRef:
{{- if .Values.auth.existingSecret }}
name: {{ .Values.auth.existingSecret }}
{{- end }}
{{- if not .Values.auth.existingSecret }}
name: {{ .Values.auth.name }}
{{- end }}
key: frontend-sessionSecret
- name: DB_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: db-password
- name: DB_HOST
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: db-host
- name: KC_ADMIN_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: keycloak-adminSecret
- name: DB_CLIENT_URL
value: "postgres://$(DB_HOST)/"
- name: KC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: keycloak-clientSecret
- name: FRONTEND_SESSION_SECRET
valueFrom:
secretKeyRef:
name: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
key: frontend-sessionSecret
{{- end}}
47 changes: 44 additions & 3 deletions charts/dbildungs-iam-server/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,47 @@
{{/*
Create release name with common name: dbildungs-iam-server
Expand the name of the chart.
*/}}
{{- define "common.names.releasename" -}}
{{- printf "dbildungs-iam-server" -}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
*/}}
{{- define "common.names.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create common labels
*/}}
{{- define "common.labels" -}}
app.kubernetes.io/name: {{ template "common.names.name" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
99 changes: 99 additions & 0 deletions charts/dbildungs-iam-server/templates/backend-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "common.names.name" . }}-backend
namespace: {{ template "common.names.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
app.kubernetes.io/component: server-backend
spec:
replicas: {{ .Values.backend.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "common.names.name" . }}
app.kubernetes.io/component: server-backend
template:
metadata:
labels:
{{- include "common.labels" . | nindent 8 }}
app.kubernetes.io/component: server-backend
spec:
automountServiceAccountToken: false
{{- if .Values.backend.dbseeding.enabled }}
initContainers:

Check warning on line 23 in charts/dbildungs-iam-server/templates/backend-deployment.yaml

View workflow job for this annotation

GitHub Actions / scan_helm / Kics Helm Chart Scan

[MEDIUM] Container Running With Low UID 

Check if containers are running with low UID, which might cause conflicts with the host's user table.

Check warning on line 23 in charts/dbildungs-iam-server/templates/backend-deployment.yaml

View workflow job for this annotation

GitHub Actions / scan_helm / Kics Helm Chart Scan

[MEDIUM] Container Running With Low UID 

Check if containers are running with low UID, which might cause conflicts with the host's user table.

Check warning on line 23 in charts/dbildungs-iam-server/templates/backend-deployment.yaml

View workflow job for this annotation

GitHub Actions / scan_helm / Kics Helm Chart Scan

[MEDIUM] Container Running With Low UID 

Check if containers are running with low UID, which might cause conflicts with the host's user table.

Check warning on line 23 in charts/dbildungs-iam-server/templates/backend-deployment.yaml

View workflow job for this annotation

GitHub Actions / scan_helm / Kics Helm Chart Scan

[MEDIUM] Container Running With Low UID 

Check if containers are running with low UID, which might cause conflicts with the host's user table.
- name: "{{ template "common.names.name" . }}-db-init"
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always"}}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
command: ["node", "dist/src/console/main.js", "db", "init"]
env:
{{- include "dbildungs-iam-server-backend-envs" . | indent 12 }}
{{- if .Values.backend.extraEnvVars }}
{{ toYaml .Values.backend.extraEnvVars | nindent 12 }}
{{- end }}
envFrom:
- configMapRef:
name: {{ template "common.names.name" . }}
volumeMounts:
{{- toYaml .Values.backend.volumeMounts | nindent 12 }}
- mountPath: /app/sql/dev
name: seeding-volume
readOnly: true
resources: {{- toYaml .Values.backend.resources | nindent 12 }}
- name: db-seeding
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{.Values.imagePullPolicy | default "Always"}}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
command: [ "node", "dist/src/console/main.js", "db", "seed", "dev", "" ]
envFrom:
- configMapRef:
name: {{ template "common.names.name" . }}
env: {{- include "dbildungs-iam-server-backend-envs" . | indent 12}}
volumeMounts:
{{- toYaml .Values.backend.volumeMounts | nindent 12 }}
- mountPath: /app/sql/dev
name: seeding-volume
readOnly: true
resources: {{- toYaml .Values.backend.resources | nindent 12 }}
{{end}}
containers:

Check warning on line 59 in charts/dbildungs-iam-server/templates/backend-deployment.yaml

View workflow job for this annotation

GitHub Actions / scan_helm / Kics Helm Chart Scan

[MEDIUM] Container Running With Low UID 

Check if containers are running with low UID, which might cause conflicts with the host's user table.

Check warning on line 59 in charts/dbildungs-iam-server/templates/backend-deployment.yaml

View workflow job for this annotation

GitHub Actions / scan_helm / Kics Helm Chart Scan

[MEDIUM] Container Running With Low UID 

Check if containers are running with low UID, which might cause conflicts with the host's user table.
- name: "{{ template "common.names.name" . }}-backend"
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.backend.image.pullPolicy | default "Always"}}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
ports:
- name: web
containerPort: {{ .Values.backend.containerPorts.http }}
protocol: TCP
env:
{{- include "dbildungs-iam-server-backend-envs" . | nindent 12 }}
{{- if .Values.backend.extraEnvVars }}
{{ toYaml .Values.backend.extraEnvVars | nindent 12 }}
{{- end }}
envFrom:
- configMapRef:
name: {{ template "common.names.name" . }}
volumeMounts:
{{- toYaml .Values.backend.volumeMounts | nindent 12 }}
{{- with .Values.backend.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.backend.resources | nindent 12 }}
livenessProbe: {{- omit .Values.backend.livenessProbe "enabled" | toYaml | nindent 12 }}
readinessProbe: {{- omit .Values.backend.readinessProbe "enabled" | toYaml | nindent 12 }}
restartPolicy: {{ .Values.restartPolicy }}
volumes:
- name: config-volume
configMap:
name: {{ template "common.names.name" . }}
- name: secret-volume
secret:
secretName: {{ default .Values.auth.existingSecret .Values.auth.secretName }}
{{if .Values.backend.dbseeding.enabled }}
- name: seeding-volume
configMap:
name: {{ template "common.names.name" . }}-backend-seeding
{{- end }}
{{- with .Values.backend.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
30 changes: 30 additions & 0 deletions charts/dbildungs-iam-server/templates/backend-ingress.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{{if .Values.backend.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ template "common.names.name" . }}-backend
namespace: {{ template "common.names.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
nginx.ingress.kubernetes.io/cors-allow-origin: "https://{{ .Values.keycloakHostname }}"
nginx.ingress.kubernetes.io/enable-cors: "true"
{{- with .Values.backend.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.backend.ingress.ingressClassName }}
rules:
- host: {{ .Values.backendHostname }}
http:
paths:
{{- range $path := .Values.backend.ingress.paths }}
- path: {{ $path }}
pathType: {{ $.Values.backend.ingress.pathType }}
backend:
service:
name: {{ template "common.names.name" $ }}-backend
port:
number: {{ $.Values.backend.service.ports.http }}
{{- end }}
{{ end }}
11 changes: 11 additions & 0 deletions charts/dbildungs-iam-server/templates/backend-seeding-dev-configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{if and (.Values.backend.dbseeding.enabled) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "common.names.name" . }}-backend-seeding
namespace: {{ template "common.names.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
data:
{{ (.Files.Glob "seeding/dev/*").AsConfig | indent 2 }}
{{end}}
18 changes: 18 additions & 0 deletions charts/dbildungs-iam-server/templates/backend-service.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.name" . }}-backend
namespace: {{ template "common.names.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
app.kubernetes.io/component: server-backend
spec:
selector:
{{- include "common.labels" . | nindent 4 }}
app.kubernetes.io/component: server-backend
type: {{ .Values.backend.service.type }}
ports:
- name: web
port: {{ .Values.backend.service.ports.http }}
protocol: TCP
targetPort: web
21 changes: 21 additions & 0 deletions charts/dbildungs-iam-server/templates/backend-servicemonitor.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{if .Values.backend.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "common.names.name" . }}-backend
namespace: {{ template "common.names.namespace" . }}
labels:
{{- include "common.labels" . | nindent 4 }}
app.kubernetes.io/component: server-backend
spec:
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "common.names.name" . }}-backend
app.kubernetes.io/component: server-backend
endpoints:
- port: {{ (index .Values.backend.serviceMonitor.endpoints 0).port }}
{{ end }}

19 changes: 10 additions & 9 deletions charts/dbildungs-iam-server/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.configmap.name }}
namespace: {{ .Values.namespace }}
name: {{ template "common.names.name" . }}
namespace: {{ template "common.names.namespace" . }}
labels:
app.kubernetes.io/name: {{ .Values.dbildungsIamServer.commonLabels.name }}
app.kubernetes.io/version: {{.Chart.Version}}
{{- include "common.labels" . | nindent 4 }}
data:
config-json: |-
{{ .Files.Get "config/config.json" | nindent 4 }}
keycloak-base-url: "https://{{ .Values.keycloakHostname }}"
frontend-oidc-callback-url: "https://{{ .Values.backendHostname }}/api/auth/login"
frontend-default-login-redirect: "https://{{ .Values.backendHostname }}/"
frontend-logout-redirect: "https://{{ .Values.backendHostname }}/"
db-name: "{{ .Values.database.name }}"
NODE_ENV: {{ .Values.environment | quote }}
DEPLOY_STAGE: {{ .Values.environment | quote }}
DB_NAME: {{ .Values.database.name | quote }}
KC_BASE_URL: "https://{{ .Values.keycloakHostname }}"
FRONTEND_OIDC_CALLBACK_URL: "https://{{ .Values.backendHostname }}/api/auth/login"
FRONTEND_DEFAULT_LOGIN_REDIRECT: "https://{{ .Values.backendHostname }}/"
FRONTEND_LOGOUT_REDIRECT: "https://{{ .Values.backendHostname }}/"
Loading

0 comments on commit 5103236

Please sign in to comment.