From c0e24356f5621dc0afd8003eeae10733393ff550 Mon Sep 17 00:00:00 2001 From: rconway Date: Mon, 8 Jan 2024 12:40:02 +0000 Subject: [PATCH] Commit triggered by a change on the main branch of helm-charts-dev --- charts/identity-service/.gitignore | 1 + charts/identity-service/Chart.lock | 18 +++ charts/identity-service/Chart.yaml | 24 +++- .../charts/identity-api-gatekeeper/Chart.yaml | 23 ++- .../templates/sealedsecret.yaml | 11 -- .../templates/secret.yaml | 13 ++ .../identity-api-gatekeeper/values.yaml | 42 +++--- .../charts/identity-api/Chart.yaml | 23 ++- .../{sealedsecret.yaml => secret.yaml} | 12 +- .../charts/identity-api/values.yaml | 9 +- .../charts/identity-gatekeeper/.helmignore | 23 --- .../charts/identity-gatekeeper/Chart.yaml | 5 - .../templates/_helpers.tpl | 82 ----------- .../templates/configmap.yaml | 10 -- .../templates/deployment.yaml | 117 ---------------- .../identity-gatekeeper/templates/hpa.yaml | 29 ---- .../templates/ingress.yaml | 51 ------- .../identity-gatekeeper/templates/pdb.yaml | 14 -- .../templates/sealedsecret.yaml | 11 -- .../templates/service.yaml | 30 ---- .../templates/serviceaccount.yaml | 13 -- .../templates/servicemonitor.yaml | 27 ---- .../charts/identity-gatekeeper/values.yaml | 132 ------------------ .../charts/identity-keycloak/Chart.yaml | 23 ++- .../templates/sealedsecret.yaml | 11 -- .../identity-keycloak/templates/secret.yaml | 13 ++ .../charts/identity-keycloak/values.yaml | 8 +- .../charts/identity-postgres/Chart.yaml | 23 ++- .../templates/sealedsecret.yaml | 11 -- .../identity-postgres/templates/secret.yaml | 13 ++ .../charts/identity-postgres/values.yaml | 8 +- .../dummy-service-ingress.yaml | 4 +- charts/identity-service/requirements.lock | 18 --- charts/identity-service/requirements.yaml | 16 --- 34 files changed, 205 insertions(+), 663 deletions(-) create mode 100644 charts/identity-service/.gitignore create mode 100644 charts/identity-service/Chart.lock delete mode 100644 charts/identity-service/charts/identity-api-gatekeeper/templates/sealedsecret.yaml create mode 100644 charts/identity-service/charts/identity-api-gatekeeper/templates/secret.yaml rename charts/identity-service/charts/identity-api/templates/{sealedsecret.yaml => secret.yaml} (50%) delete mode 100644 charts/identity-service/charts/identity-gatekeeper/.helmignore delete mode 100644 charts/identity-service/charts/identity-gatekeeper/Chart.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/_helpers.tpl delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/configmap.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/deployment.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/hpa.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/ingress.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/pdb.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/sealedsecret.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/service.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/serviceaccount.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/templates/servicemonitor.yaml delete mode 100644 charts/identity-service/charts/identity-gatekeeper/values.yaml delete mode 100644 charts/identity-service/charts/identity-keycloak/templates/sealedsecret.yaml create mode 100644 charts/identity-service/charts/identity-keycloak/templates/secret.yaml delete mode 100644 charts/identity-service/charts/identity-postgres/templates/sealedsecret.yaml create mode 100644 charts/identity-service/charts/identity-postgres/templates/secret.yaml delete mode 100644 charts/identity-service/requirements.lock delete mode 100644 charts/identity-service/requirements.yaml diff --git a/charts/identity-service/.gitignore b/charts/identity-service/.gitignore new file mode 100644 index 0000000..948259a --- /dev/null +++ b/charts/identity-service/.gitignore @@ -0,0 +1 @@ +charts/*.tgz diff --git a/charts/identity-service/Chart.lock b/charts/identity-service/Chart.lock new file mode 100644 index 0000000..5aa4fce --- /dev/null +++ b/charts/identity-service/Chart.lock @@ -0,0 +1,18 @@ +dependencies: +- name: identity-keycloak + repository: "" + version: 0.15.1 +- name: identity-postgres + repository: "" + version: 1.0.1 +- name: identity-api + repository: "" + version: 1.0.1 +- name: identity-gatekeeper + repository: https://eoepca.github.io/helm-charts/ + version: 1.0.1 +- name: identity-api-gatekeeper + repository: "" + version: 1.0.1 +digest: sha256:f0a58fb28812eb280d76b32f5bcf2bcd20dfae2e0efecb2a3679ffb7ea93d3d5 +generated: "2024-01-08T12:12:38.632640775Z" diff --git a/charts/identity-service/Chart.yaml b/charts/identity-service/Chart.yaml index 7d12c3f..880d2f0 100644 --- a/charts/identity-service/Chart.yaml +++ b/charts/identity-service/Chart.yaml @@ -1,4 +1,4 @@ -apiVersion: v1 +apiVersion: v2 name: identity-service description: A Helm chart to deploy Identity Service based on Keycloak maintainers: @@ -16,9 +16,27 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.80 +version: 1.0.82 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: "v1" \ No newline at end of file +appVersion: "v1" + +dependencies: + - name: identity-keycloak + condition: identity-keycloak.enabled + version: 0.15.1 + - name: identity-postgres + condition: identity-postgres.enabled + version: 1.0.1 + - name: identity-api + condition: identity-api.enabled + version: 1.0.1 + - name: identity-gatekeeper + condition: identity-gatekeeper.enabled + version: 1.0.1 + repository: "https://eoepca.github.io/helm-charts/" + - name: identity-api-gatekeeper + condition: identity-api-gatekeeper.enabled + version: 1.0.1 diff --git a/charts/identity-service/charts/identity-api-gatekeeper/Chart.yaml b/charts/identity-service/charts/identity-api-gatekeeper/Chart.yaml index 3e21017..c3c1f16 100644 --- a/charts/identity-service/charts/identity-api-gatekeeper/Chart.yaml +++ b/charts/identity-service/charts/identity-api-gatekeeper/Chart.yaml @@ -1,5 +1,24 @@ apiVersion: v2 name: identity-api-gatekeeper -description: A helm chart for a Gatekeeper to protect identity-api -version: 1.0.0 +description: Policy enforcement integration with Keycloak for identity-api + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. appVersion: "2.8.0" \ No newline at end of file diff --git a/charts/identity-service/charts/identity-api-gatekeeper/templates/sealedsecret.yaml b/charts/identity-service/charts/identity-api-gatekeeper/templates/sealedsecret.yaml deleted file mode 100644 index b556ab1..0000000 --- a/charts/identity-service/charts/identity-api-gatekeeper/templates/sealedsecret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: {{ include "identity-api-gatekeeper.name" . }} - labels: - {{- include "identity-api-gatekeeper.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - encryptedData: - PROXY_CLIENT_SECRET: "{{ .Values.secrets.clientSecret }}" - PROXY_ENCRYPTION_KEY: "{{ .Values.secrets.encryptionKey }}" \ No newline at end of file diff --git a/charts/identity-service/charts/identity-api-gatekeeper/templates/secret.yaml b/charts/identity-service/charts/identity-api-gatekeeper/templates/secret.yaml new file mode 100644 index 0000000..b12efc5 --- /dev/null +++ b/charts/identity-service/charts/identity-api-gatekeeper/templates/secret.yaml @@ -0,0 +1,13 @@ +{{- if and (.Values.secrets.clientSecret) (.Values.secrets.encryptionKey) -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "identity-api-gatekeeper.name" . }} + labels: + {{- include "identity-api-gatekeeper.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +data: + PROXY_CLIENT_SECRET: "{{ .Values.secrets.clientSecret }}" + PROXY_ENCRYPTION_KEY: "{{ .Values.secrets.encryptionKey }}" +{{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-api-gatekeeper/values.yaml b/charts/identity-service/charts/identity-api-gatekeeper/values.yaml index 558a06c..a7f6390 100644 --- a/charts/identity-service/charts/identity-api-gatekeeper/values.yaml +++ b/charts/identity-service/charts/identity-api-gatekeeper/values.yaml @@ -85,14 +85,14 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt hosts: - - host: identity.api-gatekeeper.demo.eoepca.org + - host: identity.api-gatekeeper.myplatform.eoepca.org paths: - path: / pathType: Prefix tls: - secretName: identity-api-gatekeeper-tls-certificate hosts: - - identity.gatekeeper.demo.eoepca.org + - identity.gatekeeper.myplatform.eoepca.org autoscaling: enabled: false minReplicas: 1 @@ -111,22 +111,24 @@ metrics: annotations: {} interval: config: - client-id: identity-api - discovery-url: https://identity.keycloak.demo.eoepca.org/realms/master - no-redirects: true - no-proxy: true - enable-uma: true - cookie-domain: demo.eoepca.org - cookie-access-name: auth_user_id - cookie-refresh-name: auth_refresh_token - enable-metrics: true - enable-logging: true - enable-request-id: true - enable-login-handler: true - enable-refresh-tokens: true - enable-logout-redirect: true - listen: :3000 - listen-admin: :4000 + client-id: identity-api + discovery-url: https://identity.keycloak.myplatform.eoepca.org/realms/master + no-redirects: true + no-proxy: true + enable-uma: true + #enable-default-deny: true + cookie-domain: myplatform.eoepca.org + cookie-access-name: auth_user_id + cookie-refresh-name: auth_refresh_token + #secure-cookie: true + enable-metrics: true + enable-logging: true + enable-request-id: true + enable-login-handler: true + enable-refresh-tokens: true + enable-logout-redirect: true + listen: :3000 + listen-admin: :4000 secrets: - clientSecret: AgClDBQe7hqRlUZaKSaokWJ81tPyAzSUatTk34IvB3KJY032sip8KxY/s6c43clc/63vRWBcOC5WcbRKSxflYPU+nTzY88B0drdMENQaeWg2j57fmda1RUyOGMgADNtSadIkZoBjEfcppOQNTDmmctgVxlhYEnTMZ8XznqFWNUqZi36yNXabf5WVlZAHe0NuP87iQMuff/VZmNcRT0W3p/eKlrMAweJT3JvLocTO7b8PzKnvEe3VMBoWA1r4s9GqOWeCItf6rwIhtvYxUjYjGEuxhgDzHD55Y9icRwJLirh759Q9Ggej3gvM1FbCliOgkWSS7xos4cTWvMsvRUsMBOpxZLCwuYfcifTZ7gHAksGhk6PhRnGcHSvHN5fVmEoD62W97AITu53X8FlnlRuY8a/f/+FoXW+auYMIplLK8ej7ugrXkTEaZaX1guA4OoePH6rmwjTS0gyViE2mN8mOCLvoUA4xTyGdxy8eYwJVO6vQBttkW91qgukrdWAaqW/PFtHBK9R+1hsm0jkAwXzv60797Gf9Hw+GZU6EWPsGj5MuljDicL6b2beKDg+28qzpTb+9W8+h7rszfki9gFFUxrJeVxwLDtSbBpW6E0PBs8LSsm7QEs90lPVfA9xuHpql4VinX7Yo/VX4Y6uDXKcjwRPpQlVTS0OrnIRkkLE0RjnSk6objJMFJsjVJ4hYyqE3bEd+n8yIvkcufKzfOLd18QdPUiM01/p/IIrTQbVesCKzxw== - encryptionKey: AgBrCIjYsQpgr8xfaWPXbkaLvnAR03fWz1BY3vYvTBOxIkHBs8y8thEBjGPJ2whZOmFK3r8ePtuj9l+qGW66JRliZiTWMGiSEZH4SvPE1OKbiqja8DvhS84BbL8K4mLhthBfP/BtMhKSiPC/5ojiWKQLKAf5e8PnP2POR33FftvB9RIautKqt8xlAbXrL7IjnzD1dIclSQpVtTKpGLW8lIZO0YLUTTer53EMnkt7kRnmyHPjuuZIkUVkWcjppkYxPAkkG0DaU522JUAVzyyonJ+dydw5tFYarjFvYHkbXUnBYJZe7dQCxi1HW8CU12ITeSGt3bKkazbLrcOW2VPwfmnnY/QVvKrVTHaz8h2OcsJpr226KI9M1yCN2Bg2Fp/krFTXVcu49rdVI9yc/KcVgh6dzXoO8EeBuZkmVLtXIIrfG1KTvyQ7xKb5np+TJMNUA4+N4Ot5+L49xNGRJYYzBHnd63m8/J+lF89ghmCla72EdZERDi0vec36+8Sj/Xm8YmfEI4+bBMuyvJEMnqeKb9cTguLNB7l4p7YSvjJ5auZpg1cWOZ1dKA5TufJ56bjNJx9YdrAZ8gxBkkuNfkKTXqLP3utbl4pLbxyCbGbv/5d7lF4JAIP8iZBH7Rgkfar1b8PZXQuH44ZW3r8l9qJ1DzU/vBxf9VA3e5WVd3uFLcm+9809C22ElEAA8ZkXuNSJ24Hpa0ez1jCesDsnmqXLX7uXZ0Hlxn/n70cjCmCZ22Ncfw== \ No newline at end of file + clientSecret: "" + encryptionKey: "" diff --git a/charts/identity-service/charts/identity-api/Chart.yaml b/charts/identity-service/charts/identity-api/Chart.yaml index df2917f..4989415 100644 --- a/charts/identity-service/charts/identity-api/Chart.yaml +++ b/charts/identity-service/charts/identity-api/Chart.yaml @@ -1,5 +1,24 @@ apiVersion: v2 name: identity-api description: A helm chart for Identity API -version: 1.0.0 -appVersion: "v1.0.17" \ No newline at end of file + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v1.0.17" diff --git a/charts/identity-service/charts/identity-api/templates/sealedsecret.yaml b/charts/identity-service/charts/identity-api/templates/secret.yaml similarity index 50% rename from charts/identity-service/charts/identity-api/templates/sealedsecret.yaml rename to charts/identity-service/charts/identity-api/templates/secret.yaml index ca9fe94..3188b92 100644 --- a/charts/identity-service/charts/identity-api/templates/sealedsecret.yaml +++ b/charts/identity-service/charts/identity-api/templates/secret.yaml @@ -1,10 +1,12 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret +{{- if .Values.secrets.adminPassword -}} +apiVersion: v1 +kind: Secret +type: Opaque metadata: name: {{ include "identity-api.name" . }} labels: {{- include "identity-api.labels" . | nindent 4 }} namespace: {{ .Release.Namespace }} -spec: - encryptedData: - ADMIN_PASSWORD: "{{ .Values.secrets.adminPassword }}" \ No newline at end of file +data: + ADMIN_PASSWORD: "{{ .Values.secrets.adminPassword }}" +{{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-api/values.yaml b/charts/identity-service/charts/identity-api/values.yaml index e19b4cb..d0700e5 100644 --- a/charts/identity-service/charts/identity-api/values.yaml +++ b/charts/identity-service/charts/identity-api/values.yaml @@ -120,14 +120,14 @@ ingress: proxy_buffer_size 32k; } hosts: - - host: identity.api.demo.eoepca.org + - host: identity.api.myplatform.eoepca.org paths: - path: / pathType: Prefix tls: - secretName: identity-api-tls-certificate hosts: - - identity.api.demo.eoepca.org + - identity.api.myplatform.eoepca.org # --------------------------------------- # Variable group used in ingress template # --------------------------------------- @@ -145,6 +145,7 @@ serviceAccount: name: "" configMap: - authServerUrl: https://identity.keycloak.demo.eoepca.org + authServerUrl: https://identity.keycloak.myplatform.eoepca.org + secrets: - adminPassword: AgARMLjWkexBIMQ5SX8TX0odCeJS1aBLxhWnv/ceEbtbWFMZu4IQuoXFXK0aFitpRR6otmEPISuxJIEP2cQmC22WeDyvEA+GBvEDvgTtqlvxVwNmToeSNQcHTtbrFmJH8GB8m85YnmeZZKGYtMnzMO2DYVh4lD0xS8HNkOaFxAcZmTTRXOvC4RqaKdjGHyDid2tzXWsf4oXn69v/ihjpKEhpFqKW3u36uChd0kG/efloC70eNaiYE3JTAdv6tItyuDDbdU1uQxKgg1gNLc2E/mixXViSxhRSbLOex+kJY/Nkjl+Zo55C+MJw5SrAdkr9hripctwirToxthuGegMMQj5unQrk+DDxbolW8+izYaKJ2U9aJtJh8lasEEdz/VZfBcVVMPMJf2te6oWGV7jYpEkN4P/ObR7XlpyPI/zOQoil4XFc7qGLzJpkN9ccA6LmuE5mjc1+ZirAwjaQNd+4QTnBWBFG02575pwECM7YYaONFH5+PQl7q/jubCxPYlUA9ftOhoKNHZMQsvK7lesJIsDLPQGX9ma717jqy3gQGa3KvV3QfbVHG8O1REtGKdwbubFOu4mTWzzksiJS8Gd7jn1Rl9sz7AzGb2u6JmxU+idkRDU+sI1XVrp+vF9ERvtpWx0BMWeZyijO3BGkNHEG1lkqIRAQTbGgzg4eTdAsoFSWYrOI4Dc4wx7QUJSSi6c+DZGayCWJN6ewopypJOa5Ib0= \ No newline at end of file + adminPassword: "" diff --git a/charts/identity-service/charts/identity-gatekeeper/.helmignore b/charts/identity-service/charts/identity-gatekeeper/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/identity-service/charts/identity-gatekeeper/Chart.yaml b/charts/identity-service/charts/identity-gatekeeper/Chart.yaml deleted file mode 100644 index f09f967..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -name: identity-gatekeeper -description: A Gatekeeper helm chart -version: 1.0.0 -appVersion: "2.8.0" \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/_helpers.tpl b/charts/identity-service/charts/identity-gatekeeper/templates/_helpers.tpl deleted file mode 100644 index 65872a2..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/_helpers.tpl +++ /dev/null @@ -1,82 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "identity-gatekeeper.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "identity-gatekeeper.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "identity-gatekeeper.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "identity-gatekeeper.labels" -}} -helm.sh/chart: {{ include "identity-gatekeeper.chart" . }} -{{ include "identity-gatekeeper.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Values.deployment.image.tag | default .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "identity-gatekeeper.selectorLabels" -}} -app.kubernetes.io/name: {{ include "identity-gatekeeper.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "identity-gatekeeper.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "identity-gatekeeper.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Return the appropriate apiVersion for ingress -*/}} -{{- define "identity-gatekeeper.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "identity-gatekeeper.kubeVersion" $) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "identity-gatekeeper.kubeVersion" $) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "identity-gatekeeper.kubeVersion" -}} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride }} -{{- end -}} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/configmap.yaml b/charts/identity-service/charts/identity-gatekeeper/templates/configmap.yaml deleted file mode 100644 index 071a57c..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "identity-gatekeeper.fullname" . }} - labels: - {{- include "identity-gatekeeper.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -data: - config.yaml: | - {{- tpl (.Values.config | toYaml) $ | nindent 4 }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/deployment.yaml b/charts/identity-service/charts/identity-gatekeeper/templates/deployment.yaml deleted file mode 100644 index 49bc3f2..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/deployment.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{- $adminPort := regexFind ":[0-9]+" (index .Values.config "listen-admin") | trimPrefix ":" -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "identity-gatekeeper.name" . }} - labels: - {{- include "identity-gatekeeper.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.deployment.replicaCount }} - {{- end }} - strategy: - {{- toYaml .Values.deployment.strategy | nindent 4 }} - selector: - matchLabels: - {{- include "identity-gatekeeper.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/config: {{ print .Values.config | sha256sum | quote }} - {{- if and (index .Values.config "enable-metrics") .Values.metrics.addPrometheusScrapeAnnotation }} - prometheus.io/path: "/oauth/metrics" - prometheus.io/port: {{ $adminPort | quote }} - prometheus.io/scrape: "true" - {{- end }} - {{- with .Values.deployment.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "identity-gatekeeper.selectorLabels" . | nindent 8 }} - {{- range $key, $value := .Values.deployment.podLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - spec: - {{- with .Values.deployment.image.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - automountServiceAccountToken: {{ .Values.deployment.automountServiceAccountToken }} - serviceAccountName: {{ include "identity-gatekeeper.serviceAccountName" . }} - {{- if .Values.deployment.podSecurityContext.enabled }} - securityContext: - {{- omit .Values.deployment.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - {{- if .Values.deployment.containerSecurityContext.enabled }} - securityContext: - {{- omit .Values.deployment.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.deployment.image.pullPolicy }} - args: - - --config - - /etc/gatekeeper/config.yaml - {{- with .Values.deployment.extraArgs }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.deployment.extraEnvVars }} - env: - {{- toYaml . | nindent 12 }} - {{- end }} - envFrom: - {{- with .Values.deployment.extraEnvFrom }} - {{- tpl . $ | nindent 12 }} - {{- end }} - - secretRef: - name: {{ include "identity-gatekeeper.name" . }} - ports: - - name: proxy - containerPort: {{ regexFind ":[0-9]+" .Values.config.listen | trimPrefix ":" }} - protocol: TCP - - name: admin - containerPort: {{ $adminPort }} - protocol: TCP - {{- if .Values.deployment.livenessProbe.enabled }} - livenessProbe: - {{- omit .Values.deployment.livenessProbe "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.deployment.readinessProbe.enabled }} - readinessProbe: - {{- omit .Values.deployment.readinessProbe "enabled" | toYaml | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.deployment.resources | nindent 12 }} - volumeMounts: - - mountPath: /etc/gatekeeper - name: config - {{- with .Values.deployment.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - configMap: - name: {{ include "identity-gatekeeper.fullname" . }} - name: config - {{- with .Values.deployment.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.deployment.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.deployment.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.deployment.hostAliases }} - hostAliases: {{ toYaml .Values.deployment.hostAliases | nindent 8 }} - {{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/hpa.yaml b/charts/identity-service/charts/identity-gatekeeper/templates/hpa.yaml deleted file mode 100644 index 3af673a..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/hpa.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "identity-gatekeeper.fullname" . }} - labels: - {{- include "identity-gatekeeper.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "identity-gatekeeper.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/ingress.yaml b/charts/identity-service/charts/identity-gatekeeper/templates/ingress.yaml deleted file mode 100644 index 6ddb293..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/ingress.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $name := include "identity-gatekeeper.name" . -}} -{{- $svcPort := .Values.service.proxy.port -}} -apiVersion: {{ include "identity-gatekeeper.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $name }} - labels: - {{- include "identity-gatekeeper.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" (include "identity-gatekeeper.kubeVersion" $)) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" (include "identity-gatekeeper.kubeVersion" $)) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" (include "identity-gatekeeper.kubeVersion" $) }} - service: - name: {{ $name }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $name }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/pdb.yaml b/charts/identity-service/charts/identity-gatekeeper/templates/pdb.yaml deleted file mode 100644 index 02fba8d..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/pdb.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "identity-gatekeeper.fullname" . }} - labels: - {{- include "identity-gatekeeper.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - minAvailable: {{ .Values.pdb.minAvailable }} - selector: - matchLabels: - {{- include "identity-gatekeeper.selectorLabels" . | nindent 6 }} -{{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/sealedsecret.yaml b/charts/identity-service/charts/identity-gatekeeper/templates/sealedsecret.yaml deleted file mode 100644 index 7310093..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/sealedsecret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: {{ include "identity-gatekeeper.name" . }} - labels: - {{- include "identity-gatekeeper.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - encryptedData: - PROXY_CLIENT_SECRET: "{{ .Values.secrets.clientSecret }}" - PROXY_ENCRYPTION_KEY: "{{ .Values.secrets.encryptionKey }}" \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/service.yaml b/charts/identity-service/charts/identity-gatekeeper/templates/service.yaml deleted file mode 100644 index c12b360..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "identity-gatekeeper.name" . }} - labels: - {{- include "identity-gatekeeper.labels" . | nindent 4 }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.proxy.port }} - targetPort: proxy - protocol: TCP - name: proxy - {{- if eq .Values.service.type "NodePort" }} - nodePort: {{ .Values.service.proxy.nodePort }} - {{- end }} - - port: {{ .Values.service.admin.port }} - targetPort: admin - protocol: TCP - name: admin - {{- if eq .Values.service.type "NodePort" }} - nodePort: {{ .Values.service.admin.nodePort }} - {{- end }} - selector: - {{- include "identity-gatekeeper.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/serviceaccount.yaml b/charts/identity-service/charts/identity-gatekeeper/templates/serviceaccount.yaml deleted file mode 100644 index 6ef1d48..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "identity-gatekeeper.serviceAccountName" . }} - labels: - {{- include "identity-gatekeeper.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/templates/servicemonitor.yaml b/charts/identity-service/charts/identity-gatekeeper/templates/servicemonitor.yaml deleted file mode 100644 index 5a2cf5a..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/templates/servicemonitor.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and (index .Values.config "enable-metrics") .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "identity-gatekeeper.fullname" . }} - {{- with .Values.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} - labels: - {{- include "identity-gatekeeper.labels" . | nindent 4 }} - {{- with .Values.metrics.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: admin - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - path: /oauth/metrics - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: - {{- include "identity-gatekeeper.selectorLabels" . | nindent 6 }} -{{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-gatekeeper/values.yaml b/charts/identity-service/charts/identity-gatekeeper/values.yaml deleted file mode 100644 index f1f1f5b..0000000 --- a/charts/identity-service/charts/identity-gatekeeper/values.yaml +++ /dev/null @@ -1,132 +0,0 @@ -nameOverride: "" -fullnameOverride: "" -kubeVersionOverride: "" -deployment: - replicaCount: 1 - image: - pullPolicy: IfNotPresent - strategy: - type: Recreate - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - automountServiceAccountToken: false - podAnnotations: {} - podLabels: {} - podSecurityContext: - enabled: false - # fsGroup: 2000 - containerSecurityContext: - enabled: true - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - # runAsUser: 1000 - extraArgs: [] - # - --foo - # - --bar - extraEnvVars: [] - # - name: FOO - # value: BAR - extraVolumes: [] - # - emptyDir: {} - # name: tmp - extraVolumeMounts: [] - # - mountPath: /tmp - # name: tmp - priorityClassName: "" - hostAliases: [] - # - ip: "127.0.0.1" - # hostnames: - # - "foo.local" - # - "bar.local" - # - ip: "10.1.2.3" - # hostnames: - # - "foo.remote" - # - "bar.remote" - resources: - limits: {} - # cpu: 100m - # memory: 128Mi - requests: {} - # cpu: 100m - # memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - livenessProbe: - enabled: false - httpGet: - path: /oauth/health - port: admin - readinessProbe: - enabled: true - httpGet: - path: /oauth/health - port: admin -service: - type: ClusterIP - annotations: {} - proxy: - port: 3000 - nodePort: - admin: - port: 4000 - nodePort: -serviceAccount: - create: true - annotations: {} - name: "" -ingress: - enabled: true - className: "" - annotations: - cert-manager.io/cluster-issuer: letsencrypt - hosts: - - host: identity.gatekeeper.demo.eoepca.org - paths: - - path: / - pathType: Prefix - tls: - - secretName: identity-gatekeeper-tls-certificate - hosts: - - identity.gatekeeper.demo.eoepca.org -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 3 - targetCPUUtilizationPercentage: 80 - #targetMemoryUtilizationPercentage: 80 -pdb: - create: false - minAvailable: 1 -metrics: - addPrometheusScrapeAnnotation: false - serviceMonitor: - enabled: false - namespace: um - additionalLabels: {} - annotations: {} - interval: -config: - client-id: dummy-service - discovery-url: https://identity.keycloak.demo.eoepca.org/realms/master - no-redirects: true - no-proxy: true - enable-uma: true - cookie-domain: demo.eoepca.org - cookie-access-name: auth_user_id - cookie-refresh-name: auth_refresh_token - enable-metrics: true - enable-logging: true - enable-request-id: true - enable-login-handler: true - enable-refresh-tokens: true - enable-logout-redirect: true - listen: :3000 - listen-admin: :4000 -secrets: - clientSecret: AgCgx2NClwfguTB2OhNeA0+/DlvsvgbJq5pkpg+hp6hsY/wp1a8q9dpU67Gepdzw33rujxFQnQH/YpJrM+pWJ4knAkS5CjD88t2q0vgmbhBTgPwQFDb0xZc2trZ26Ne39cQqWdyVHXFO8BorduJIWTEKRR2z9KJ1OOfOqap+mERK0mex2RyCQZDlo3dtPiFy1ftTpE/cunE/xPZUyeHmIFzMP/a/Cv5Be82g6fECZcl4wTe2n+8UOnau5KfHX4xkId6HCjRVheOXn2M8YSSCfnznc2sOwmtQG03PhkcBtOTuNkUjUs0807HtuMG87Jir9HWBmKKz0XSrMfJQ2JH8pBVrlX6Bx9UUyO0oQpa/kCiFfWkW8iklxLZasrPLb/q0DVTVpjH8EvXlDiNo9/acy3G2Ue2syeWJ2OjhecRt2Ws48kqFuHK8GJZyIvjt+aCZ/wbr+v9sIIew9B/8rCt9M1d5RN0Tjr7xI0xoPqvvLWZ5Ij2LUpAX8rCH9sTNUsEF44uRI+KSZdhhmtYDnpvcle0rLN1TC8MgSsupAw6p7BIm+mmpuELz+h6dVBxRP7VPdW7r6I1nTPqO1qGgUWBd2WYITkPYpoRJ6TrrFW4dLihEqanN+gTx7oYfPXIrvn7PIzLBEqVBssvdHm6ItCvI6NnOCXyI2dTSIrf2EQEcSDaO76ZEqV4tlwBFeZpHW4PlS4lIOC/TshOiT4SV6wKKpI/II+JA8JIpqaO8TJX9DhV/HA== - encryptionKey: AgCZXSn+WfaT2WLdZ590T4Xkz2ch9HZZavCyg94OqZjdrufn2zubpg7ZI6GbUvTYDXJMJIRhsJCkcPOlCfkVwT6zaJY+IWwCwLE1PrsrypG3FiIrHI9MJEgRkJ+HZKPG5BF+7uLyFVfrippEVghYkiMa5kaYrrA6+aH6PyfVSoWM0gR7elAOFLWivbrk8J8oLF1ZHKbqlCgkXITcN5YdMjUXOq4FwA7b6iGnh0YEVZTwFNCMNAatwnGtFxqTN0063qszjqj0VuyAAGpF3FsPvgRJPHtX+5rqENUhIw6ZqHAr0R+wPrRZyPYzsn4Br2yrel1FkO0uzjuc/AZgouEHbRD/9MilO+9ApsP7xJZaUdy73e5YmXR+8ufEtLNf9UOfnQAwt2SRd2qRFCPW4F9WsgmceK6bq+SLN89nI5LLgtGf+TP7KxlPEgfj7qrhgvtf1yOQowaTMT3hkaBfmMmzWZoviJMGnbM62Q0CLqQtKyGlLk8HQ4rV/bogi1g0zmP9DOxJiISYZ0Qqg03zAtIRHMyPUn+kznZWIF66GSnYkdtenPBJKFob6MurbSdAKpiC9TVITkeFGWAAwExmPXxGnFPK33iuxooHbsQ7Ds5fEtW/CaNsHImB/yrHYPsv4ze2O573PM4HDDC17jgT5IMs0gKOWprUKLcj2Df+AfsZz9SC25naDBCTbcu4SC//UNouq6n+CDZZR6rNf5STk8BubQT4I/sn6iDlyPL4CtTWncpnaA== \ No newline at end of file diff --git a/charts/identity-service/charts/identity-keycloak/Chart.yaml b/charts/identity-service/charts/identity-keycloak/Chart.yaml index eabc0a9..398fad1 100644 --- a/charts/identity-service/charts/identity-keycloak/Chart.yaml +++ b/charts/identity-service/charts/identity-keycloak/Chart.yaml @@ -1,5 +1,24 @@ apiVersion: v2 name: identity-keycloak description: A Keycloak helm chart -version: 0.15.0 -appVersion: "22.0.3" \ No newline at end of file + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.15.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "22.0.3" diff --git a/charts/identity-service/charts/identity-keycloak/templates/sealedsecret.yaml b/charts/identity-service/charts/identity-keycloak/templates/sealedsecret.yaml deleted file mode 100644 index 37bd42d..0000000 --- a/charts/identity-service/charts/identity-keycloak/templates/sealedsecret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: {{ include "identity-keycloak.name" . }} - labels: - {{- include "identity-keycloak.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - encryptedData: - KC_DB_PASSWORD: "{{ .Values.secrets.kcDbPassword }}" - KEYCLOAK_ADMIN_PASSWORD: "{{ .Values.secrets.keycloakAdminPassword }}" \ No newline at end of file diff --git a/charts/identity-service/charts/identity-keycloak/templates/secret.yaml b/charts/identity-service/charts/identity-keycloak/templates/secret.yaml new file mode 100644 index 0000000..209c97e --- /dev/null +++ b/charts/identity-service/charts/identity-keycloak/templates/secret.yaml @@ -0,0 +1,13 @@ +{{- if and (.Values.secrets.kcDbPassword) (.Values.secrets.keycloakAdminPassword) -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "identity-keycloak.name" . }} + labels: + {{- include "identity-keycloak.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +data: + KC_DB_PASSWORD: "{{ .Values.secrets.kcDbPassword }}" + KEYCLOAK_ADMIN_PASSWORD: "{{ .Values.secrets.keycloakAdminPassword }}" +{{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-keycloak/values.yaml b/charts/identity-service/charts/identity-keycloak/values.yaml index b5ef654..311ca92 100644 --- a/charts/identity-service/charts/identity-keycloak/values.yaml +++ b/charts/identity-service/charts/identity-keycloak/values.yaml @@ -98,14 +98,14 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt hosts: - - host: identity.keycloak.demo.eoepca.org + - host: identity.keycloak.myplatform.eoepca.org paths: - path: / pathType: Prefix tls: - secretName: identity-keycloak-tls-certificate hosts: - - identity.keycloak.demo.eoepca.org + - identity.keycloak.myplatform.eoepca.org # --------------------------------------- # Variable group used in ingress template # --------------------------------------- @@ -134,5 +134,5 @@ configMap: kcDbUrlPort: "5432" secrets: - kcDbPassword: AgAbgwAmMWFUPaYC1ADocHMrP5+OnwDrpjLWvn+HEGKpsZfcrpar5umjha/lY83QfqAb1gXTX7ObobkhxNL+Kg4idL4T+TLeguYlo5Oxo8tYSac9xl5t78luN2sRJm27GyD/oT4tUf4d2WSoxmszypGKXcuwGYgarCpSp0F+kROvGYy4DAiLrs/gdNYKs4Pgy/w0t/BLKy7JD6CRXpBID8Piqr7vSAaL5dbVL4jj6MOTpeh/5Xa+Ay3J+zNEzK06goDwszyEbFxVBcfS0I3s4DMspJrEp0g0nOGO2P2Kk/FDVU8a/9hmI+lUfNqFeE2f+HUUE2NVlOjCwHFYNiEiaoFjHzi9s51GwnH7AEzjbVnZoB94p8bW4MySibnD8wnmPmPNsUbKmosKvZLHvWlz9UeQOJ1K5eGo8SN9qqR4CFBJsQuoI9kXmFfj7i3GzayjkzBSQCRqoEKIwkDSJGXMwlhvnoD+J/wELWMBKCJp4FO6neCmLMqm7+3jC7ePIgKZWdlzSkdOiamBtqZIaIow09tVcgQM9Z6lmmVcaf0r0hGNJ5DAXpjZ/MNZEC+GEipi/NNF62VnDeE1C202K5GVdSrX74tg5WFXyMDzv3ueOvsFI5dqxOUjbm4P4FY9Y1/cB7qsUSVi+bkYvVZrkGEU2d0+PyZ3O2ZElW37ybNMNdqaZ70pu4a6sSEJplBErxZ6RF6U2YFnL6mkgvykvG0afhA= - keycloakAdminPassword: AgAKjWbbd33s8gUiHvqdWeTtgby18LpnqUDAd5hHT3LnsVlgGy1B8oFEG831smKJX3zVW2m/wwDmJNvPqe8inlAiA6gECnf1XL2tCt7IGunj6f2Clo6zmT/oNWDu+EJ55NGG39wAAUt81J/taVZOFcXHyurSiHamH7cO7a8k9xuteiAw+YN6r4ubJSnoYXJEKbhjJt93dIa4CXtpQHxm1MdRRt/3Zhlvzlw83KBOr8rw/YrlcVjBlPQxjPmxcXVCkzG5wUj/77yrT8HhWwpsi3ETXN/TIi3CeLVnPBLWCncXeGKCRx/ta2eV3+JJepxsEVhOn+nqcXqj5kk2qzMHk7OlX1yMTDQJHkN11DiGx6TiPbFKzZEmzZbMW9BwdPSiS2HFuOO016qmq2SGqP8NqBQT/oqs2BxcN8S2EWIptns4F43dfVlIV1B23XRR1ebqMYl8S58eg4Pyb479w1FLjYQdWxaVBSB9zp1maHrBvx/AuEx9qv4DSNZwEi/t+cQLmZahtBrF9rhJgnSkneVH68Zl+utah/UGZGlRAeEmnE7MKruD1pbzdKv8eI95+G4OTh/N8VNoNuOb6927YHF/JaHxghoVGFmGDFW89b6tBLnAVjyp16Y6XiVmI289Lh8lXYYMOZ3YcPizUZXQ+Fy4MjjYcHzk3Bnv1Xqb4WoDsm8MgMBL5lpMmJLgAT2Sc6z5ZWU05o0nwDLUjs9ZBWQnzx8= \ No newline at end of file + kcDbPassword: "" + keycloakAdminPassword: "" \ No newline at end of file diff --git a/charts/identity-service/charts/identity-postgres/Chart.yaml b/charts/identity-service/charts/identity-postgres/Chart.yaml index 416b76c..2a2ad0d 100644 --- a/charts/identity-service/charts/identity-postgres/Chart.yaml +++ b/charts/identity-service/charts/identity-postgres/Chart.yaml @@ -1,5 +1,24 @@ apiVersion: v2 name: identity-postgres description: A Helm chart for Postgres -version: 1.0.0 -appVersion: "12.10" \ No newline at end of file + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "12.10" diff --git a/charts/identity-service/charts/identity-postgres/templates/sealedsecret.yaml b/charts/identity-service/charts/identity-postgres/templates/sealedsecret.yaml deleted file mode 100644 index dd717c9..0000000 --- a/charts/identity-service/charts/identity-postgres/templates/sealedsecret.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: {{ include "identity-postgres.name" . }} - labels: - {{- include "identity-postgres.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - encryptedData: - POSTGRES_PASSWORD: "{{ .Values.secrets.postgresPassword }}" - PGPASSWORD: "{{ .Values.secrets.pgPassword }}" \ No newline at end of file diff --git a/charts/identity-service/charts/identity-postgres/templates/secret.yaml b/charts/identity-service/charts/identity-postgres/templates/secret.yaml new file mode 100644 index 0000000..e3e4c53 --- /dev/null +++ b/charts/identity-service/charts/identity-postgres/templates/secret.yaml @@ -0,0 +1,13 @@ +{{- if and (.Values.secrets.postgresPassword) (.Values.secrets.pgPassword) -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "identity-postgres.name" . }} + labels: + {{- include "identity-postgres.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +data: + POSTGRES_PASSWORD: "{{ .Values.secrets.postgresPassword }}" + PGPASSWORD: "{{ .Values.secrets.pgPassword }}" +{{- end }} \ No newline at end of file diff --git a/charts/identity-service/charts/identity-postgres/values.yaml b/charts/identity-service/charts/identity-postgres/values.yaml index b663fb6..fe2ba22 100644 --- a/charts/identity-service/charts/identity-postgres/values.yaml +++ b/charts/identity-service/charts/identity-postgres/values.yaml @@ -22,8 +22,8 @@ configMap: # Variable used in secrets template # --------------------------------------------- secrets: - postgresPassword: AgBm5H6dL9yaJuATwOzX2luUuvz2Qq6rgq+J4B2mG4wS4gQrjvXZpca55j5wQlSj3y+gsJgWQkQEbZyXkNXUUUYfvqCkb+Xc9ZeUPthv9C9aiUUA4+4xKXUyXjUkE3i1/+7kNkrjIwGFFxSRbc+uAgYu6BRYuoGtYdIqVINDCMJ8q7HkTm0yBJ3EjMDJ8sjFZu50famN5Pk4FiY7j6yyyaNDyN1DvIyfhd5B1nieJtWcMoQ4tyvh7gVcJtRrSuy96NyzeSVIU+P4Fjt3oO51PfOF2pTh5pyirh2Emsphn3F1jjd/gsXsfx2d6QUNf/IOwHUOBsgqzGw28uyOma+pvYeZOVQeFJLdLn0JI5ahC9JyQvSkK7ESuZqjDls/f2bMJGVuHBqy8sQwMeamLBkEU8r1CaJ5A6izB3JTB9AbqbMghroL385ZGa3eQLC4oVCNZSjGbK5ITLyN+rO3Dj7TKsNXK4AcYtod+UVlhbglyWe6DgZFQB6CxfsGIRYMgu+1KcRsJg9cvHXZOnT0+JBg2MnsZCEQQA49yP9gkTe3zBe+gtDCKnEjl19Ismxd8Q5RMfChStvocbsllLt1rueyak9m0m5WlViq7pMgAeiLpq9sPdrK15z/wJlJ+zaX5YaMLbl4u5zg5peQLJrMeCL8zFX8DlL3/kcjOOnx/Ij6b26qOF0iTNdzVOzK6S+Eh9kYVSP/OmEt5xBf8HIZzoYYA0k= - pgPassword: AgAt0CrASSc0tuW4h0jpclnCSn+jOmt/Q3qSHxZggK4HdhAbPCbyIGbWOBqN56lMgtY7BX8tqkq3If7gN0H16qS9ZPJQ48so2VJ+HdWNBJN2LAzvxCFeMscuC9/LcGJfH4M724dgQpjarxv2GdkMfzsDjouFVkaseK+3N3DURLANTVq117d500ORFC48Cd/tsy5kV83EjD0iH2NZLQPNENadEbvl+bKpADkdRksqj0JXPDo2JQf1dyGKsTRBlu5jP++81K/7Fxh5a+ManU57B9C0YNIiKep/5UyolhN2YfjN+t9rXpEZ9acnydVvUkCgvLHN3l84OWZmywlK6giDvoXpQu6I/5HXTK3tL5dpnNyP7EGVD2DN90olLN4+RjJughBpH7yobnunH2aKmMV4Qa4sqzVimDTbZhNfP0i/D3AZ43FoR+7Bij0Fr9LmItGJNrXzZ3rToE/9JzUG+oHZUzi0joUY/gSVOJ4E/RmmuEQJJHgq7gVsKoav9NxitgkkpJdywjx7ccwT09nNVadRAP+z5VwX9mQW2pofmkx672ojkmdwaIWN+o9oWaKHiU7eX9cnraq89kUz4H1SArC4ZCJna10lk5xPuIlCQjKHam0xontNe5dqqbUuAgTcWeb+NTvuoUSUaZGyxtT3M+FuLyg2uzZEPSak6OhAlCe12qlvIb7MK1Ga5eOlI6Ha9KJ9spjahMMC2BNUDAhnbkLs+JA= + postgresPassword: "" + pgPassword: "" # --------------------------------------------- # Variable used in pv and pvc template @@ -78,10 +78,6 @@ deployment: # Define Volumes mount volumeMountPath: /var/lib/postgresql/data volumeMountName: postgresdata - volumes: | - - name: postgresdata - persistentVolumeClaim: - claimName: eoepca-userman-pvc # Liveness probe configuration livenessProbe: {} # httpGet: diff --git a/charts/identity-service/dummy-service-ingress.yaml b/charts/identity-service/dummy-service-ingress.yaml index a5caed3..d2765ea 100644 --- a/charts/identity-service/dummy-service-ingress.yaml +++ b/charts/identity-service/dummy-service-ingress.yaml @@ -31,7 +31,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: identity.dummy-service.demo.eoepca.org + - host: identity.dummy-service.myplatform.eoepca.org http: paths: - path: / @@ -43,5 +43,5 @@ spec: number: 80 tls: - hosts: - - identity.dummy-service.demo.eoepca.org + - identity.dummy-service.myplatform.eoepca.org secretName: identity-dummy-service-tls \ No newline at end of file diff --git a/charts/identity-service/requirements.lock b/charts/identity-service/requirements.lock deleted file mode 100644 index a421d0e..0000000 --- a/charts/identity-service/requirements.lock +++ /dev/null @@ -1,18 +0,0 @@ -dependencies: -- name: identity-keycloak - repository: "" - version: 0.15.0 -- name: identity-postgres - repository: "" - version: 1.0.0 -- name: identity-api - repository: "" - version: 1.0.0 -- name: identity-gatekeeper - repository: "" - version: 1.0.0 -- name: identity-api-gatekeeper - repository: "" - version: 1.0.0 -digest: sha256:22c3f907489d28973f5cda3a0619f4f78cf65785885c1e78a636f9bd3658d65b -generated: "2023-12-19T00:16:44.1470298Z" diff --git a/charts/identity-service/requirements.yaml b/charts/identity-service/requirements.yaml deleted file mode 100644 index b35b8af..0000000 --- a/charts/identity-service/requirements.yaml +++ /dev/null @@ -1,16 +0,0 @@ -dependencies: - - name: identity-keycloak - condition: identity-keycloak.enabled - version: 0.15.0 - - name: identity-postgres - condition: identity-postgres.enabled - version: 1.0.0 - - name: identity-api - condition: identity-api.enabled - version: 1.0.0 - - name: identity-gatekeeper - condition: identity-gatekeeper.enabled - version: 1.0.0 - - name: identity-api-gatekeeper - condition: identity-api-gatekeeper.enabled - version: 1.0.0 \ No newline at end of file