Correct helm chart (#119)

* should be using a configmap not a secret Signed-off-by: Mike Mason <[email protected]> * correct volume tabbing Signed-off-by: Mike Mason <[email protected]> * correct ingress service name Signed-off-by: Mike Mason <[email protected]> --------- Signed-off-by: Mike Mason <[email protected]>
infratographer · Jun 20, 2023 · 0172eb4 · 0172eb4
1 parent f8be5d1
commit 0172eb4
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 18 deletions.
diff --git a/chart/permissions-api/templates/_helpers.tpl b/chart/permissions-api/templates/_helpers.tpl
@@ -5,31 +5,31 @@
 {{- end }}
 
 {{- define "permapi.volumes" }}
-{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policySecretName }}
+{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName }}
 {{- with .Values.config.spicedb.caSecretName }}
 - name: spicedb-ca
   secret:
     secretName: {{ . }}
 {{- end }}
-{{- with .Values.config.spicedb.policySecretName }}
+{{- with .Values.config.spicedb.policyConfigMapName }}
 - name: policy-file
-  secret:
-    secretName: {{ . }}
+  configMap:
+    name: {{ . }}
 {{- end }}
 {{- else -}}
 []
 {{- end }}
 {{- end }}
 
 {{- define "permapi.volumeMounts" }}
-{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policySecretName }}
+{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName }}
 {{- if .Values.config.spicedb.caSecretName }}
 - name: spicedb-ca
   mountPath: /etc/ssl/spicedb/
 {{- end }}
-{{- if .Values.config.spicedb.policySecretName }}
+{{- if .Values.config.spicedb.policyConfigMapName }}
 - name: policy-file
-  mountPath: /policy/policy.yaml
+  mountPath: /policy
 {{- end }}
 {{- else -}}
 []

diff --git a/chart/permissions-api/templates/deployment-server.yaml b/chart/permissions-api/templates/deployment-server.yaml
@@ -76,7 +76,7 @@ spec:
               value: "{{ .Values.config.spicedb.insecure }}"
             - name: PERMISSIONSAPI_SPICEDB_VERIFYCA
               value: "{{ .Values.config.spicedb.verifyCA }}"
-          {{- if .Values.config.spicedb.policySecretName }}
+          {{- if .Values.config.spicedb.policyConfigMapName }}
             - name: PERMISSIONSAPI_SPICEDB_POLICYFILE
               value: /policy/policy.yaml
           {{- end }}
@@ -125,7 +125,7 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      volumeMounts: {{ include "permapi.volumeMounts" . | nindent 8 }}
+          volumeMounts: {{ include "permapi.volumeMounts" . | nindent 12 }}
       {{- with .Values.deployment.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -138,4 +138,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-    volumes: {{ include "permapi.volumes" . | nindent 6 }}
+      volumes: {{ include "permapi.volumes" . | nindent 8 }}
diff --git a/chart/permissions-api/templates/deployment-worker.yaml b/chart/permissions-api/templates/deployment-worker.yaml
@@ -98,7 +98,7 @@ spec:
               value: "{{ .Values.config.spicedb.insecure }}"
             - name: PERMISSIONSAPI_SPICEDB_VERIFYCA
               value: "{{ .Values.config.spicedb.verifyCA }}"
-          {{- if .Values.config.spicedb.policySecretName }}
+          {{- if .Values.config.spicedb.policyConfigMapName }}
             - name: PERMISSIONSAPI_SPICEDB_POLICYFILE
               value: /policy/policy.yaml
           {{- end }}
@@ -147,7 +147,7 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-      volumeMounts: {{ include "permapi.volumeMounts" . | nindent 8 }}
+          volumeMounts: {{ include "permapi.volumeMounts" . | nindent 12 }}
       {{- with .Values.deployment.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -160,4 +160,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-    volumes: {{ include "permapi.volumes" . | nindent 6 }}
+      volumes: {{ include "permapi.volumes" . | nindent 8 }}
diff --git a/chart/permissions-api/templates/ingress.yaml b/chart/permissions-api/templates/ingress.yaml
@@ -1,14 +1,14 @@
 {{- if .Values.ingress.enabled -}}
-{{- $fullName := include "common.names.fullname" . -}}
 {{- if empty .Values.ingress.hosts }}
 {{- fail ".Values.ingress.hosts must contain at least one entry" }}
 {{- end }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
+  name: {{ include "common.names.fullname" . }}-server
   namespace: {{ .Release.Namespace }}
   labels:
+    service: server
     {{- include "common.labels.standard" . | nindent 4 }}
   {{- with .Values.ingress.annotations }}
   annotations:
@@ -36,7 +36,7 @@ spec:
             pathType: {{ .pathType }}
             backend:
               service:
-                name: {{ $fullName }}
+                name: {{ include "common.names.fullname" $ }}-server
                 port:
                   name: http
           {{- end }}

diff --git a/chart/permissions-api/values.yaml b/chart/permissions-api/values.yaml
@@ -35,8 +35,8 @@ config:
     caSecretName: ""
     # pskSecretName is the name of the secret containing the pre-shared key for connecting to SpiceDB. This must contain a key, PERMISSIONSAPI_SPICEDB_KEY, that contains the PSK value
     pskSecretName: ""
-    # policySecretName is the name of the secret containing the policy file configuration
-    policySecretName: ""
+    # policyConfigMapName is the name of the Config Map containing the policy file configuration
+    policyConfigMapName: ""
 
   events:
     # url is the event server connection url