Skip to content

Commit

Permalink
move chart to using a config file instead of env
Browse files Browse the repository at this point in the history
After updating event topics to be pulled from the config file, viper
doesn't handle environment slices automatically so instead it stores a
single string with all topics.

Changing to using a config file simplifies config changes and ensures
the correct values are read.

Signed-off-by: Mike Mason <[email protected]>
  • Loading branch information
mikemrm committed Aug 7, 2023
1 parent bcff6d6 commit ce2ec45
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 146 deletions.
26 changes: 10 additions & 16 deletions chart/permissions-api/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@
{{- end }}

{{- define "permapi.server.volumes" }}
{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName }}
- name: app-config
configMap:
name: {{ include "common.names.name" . }}-server-config
{{- with .Values.config.spicedb.caSecretName }}
- name: spicedb-ca
secret:
Expand All @@ -16,13 +18,11 @@
configMap:
name: {{ . }}
{{- end }}
{{- else -}}
[]
{{- end }}
{{- end }}

{{- define "permapi.server.volumeMounts" }}
{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName }}
- name: app-config
mountPath: /config/
{{- if .Values.config.spicedb.caSecretName }}
- name: spicedb-ca
mountPath: /etc/ssl/spicedb/
Expand All @@ -31,13 +31,12 @@
- name: policy-file
mountPath: /policy
{{- end }}
{{- else -}}
[]
{{- end }}
{{- end }}

{{- define "permapi.worker.volumes" }}
{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName .Values.config.events.nats.credsSecretName }}
- name: app-config
configMap:
name: {{ include "common.names.name" . }}-worker-config
{{- with .Values.config.spicedb.caSecretName }}
- name: spicedb-ca
secret:
Expand All @@ -53,13 +52,11 @@
configMap:
name: {{ . }}
{{- end }}
{{- else -}}
[]
{{- end }}
{{- end }}

{{- define "permapi.worker.volumeMounts" }}
{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName .Values.config.events.nats.credsSecretName }}
- name: app-config
mountPath: /config/
{{- if .Values.config.spicedb.caSecretName }}
- name: spicedb-ca
mountPath: /etc/ssl/spicedb/
Expand All @@ -72,7 +69,4 @@
- name: policy-file
mountPath: /policy
{{- end }}
{{- else -}}
[]
{{- end }}
{{- end }}
13 changes: 13 additions & 0 deletions chart/permissions-api/templates/config-server.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.name" . }}-server-config
namespace: {{ .Release.Namespace }}
annotations:
argocd.argoproj.io/sync-wave: '-1'
labels: {{- include "common.labels.standard" . | nindent 4 }}
service: server
data:
config.yaml: |
{{- pick .Values.config "server" "oidc" "spicedb" "tracing" | toYaml | nindent 4 }}
13 changes: 13 additions & 0 deletions chart/permissions-api/templates/config-worker.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.name" . }}-worker-config
namespace: {{ .Release.Namespace }}
annotations:
argocd.argoproj.io/sync-wave: '-1'
labels: {{- include "common.labels.standard" . | nindent 4 }}
service: worker
data:
config.yaml: |
{{- pick .Values.config "server" "events" "oidc" "spicedb" "tracing" | toYaml | nindent 4 }}
52 changes: 4 additions & 48 deletions chart/permissions-api/templates/deployment-server.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,65 +47,21 @@ spec:
- name: {{ include "common.names.name" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- server
- --config
- /config/config.yaml
env:
- name: PERMISSIONSAPI_SERVER_LISTEN
value: ":{{ include "permapi.listenPort" . }}"
- name: PERMISSIONSAPI_SERVER_SHUTDOWN_GRACE_PERIOD
value: "{{ .Values.config.server.shutdownGracePeriod }}"
{{- with .Values.config.server.trustedProxies }}
- name: PERMISSIONSAPI_SERVER_TRUSTED_PROXIES
value: "{{ join " " . }}"
{{- end }}
{{- if .Values.config.oidc.issuer }}
{{- with .Values.config.oidc.audience }}
- name: PERMISSIONSAPI_OIDC_AUDIENCE
value: "{{ . }}"
{{- end }}
{{- with .Values.config.oidc.issuer }}
- name: PERMISSIONSAPI_OIDC_ISSUER
value: "{{ . }}"
{{- end }}
{{- with .Values.config.oidc.refreshTimeout }}
- name: PERMISSIONSAPI_OIDC_REFRESH_TIMEOUT
value: "{{ . }}"
{{- end }}
{{- end }}
- name: PERMISSIONSAPI_SPICEDB_ENDPOINT
value: "{{ .Values.config.spicedb.endpoint }}"
- name: PERMISSIONSAPI_SPICEDB_INSECURE
value: "{{ .Values.config.spicedb.insecure }}"
- name: PERMISSIONSAPI_SPICEDB_VERIFYCA
value: "{{ .Values.config.spicedb.verifyCA }}"
{{- if .Values.config.spicedb.policyConfigMapName }}
- name: PERMISSIONSAPI_SPICEDB_POLICYFILE
value: /policy/policy.yaml
{{- end }}
- name: PERMISSIONSAPI_TRACING_ENABLED
value: "{{ .Values.config.tracing.enabled }}"
- name: PERMISSIONSAPI_TRACING_PROVIDER
value: "{{ .Values.config.tracing.provider }}"
- name: PERMISSIONSAPI_TRACING_ENVIRONMENT
value: "{{ .Values.config.tracing.environment }}"
{{- if .Values.config.spicedb.caSecretName }}
- name: SSL_CERT_DIR
value: "/etc/ssl/spicedb"
{{- end }}
{{- if eq .Values.config.tracing.provider "jaeger" }}
- name: PERMISSIONSAPI_TRACING_JAEGER_ENDPOINT
value: "{{ .Values.config.tracing.jaeger.endpoint }}"
- name: PERMISSIONSAPI_TRACING_JAEGER_USER
value: "{{ .Values.config.tracing.jaeger.user }}"
- name: PERMISSIONSAPI_TRACING_JAEGER_PASSWORD
value: "{{ .Values.config.tracing.jaeger.password }}"
{{- end }}
{{- if eq .Values.config.tracing.provider "otlpgrpc" }}
- name: PERMISSIONSAPI_TRACING_OTLP_ENDPOINT
value: "{{ .Values.config.tracing.otlp.endpoint }}"
- name: PERMISSIONSAPI_TRACING_OTLP_INSECURE
value: "{{ .Values.config.tracing.otlp.insecure }}"
- name: PERMISSIONSAPI_TRACING_OTLP_CERTIFICATE
value: "{{ .Values.config.tracing.otlp.certificate }}"
{{- end }}
envFrom:
- secretRef:
name: "{{ .Values.config.spicedb.pskSecretName }}"
Expand Down
84 changes: 2 additions & 82 deletions chart/permissions-api/templates/deployment-worker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,106 +49,26 @@ spec:
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- worker
- --config
- /config/config.yaml
env:
- name: PERMISSIONSAPI_SERVER_LISTEN
value: ":{{ include "permapi.listenPort" . }}"
- name: PERMISSIONSAPI_SERVER_SHUTDOWN_GRACE_PERIOD
value: "{{ .Values.config.server.shutdownGracePeriod }}"
{{- with .Values.config.server.trustedProxies }}
- name: PERMISSIONSAPI_SERVER_TRUSTED_PROXIES
value: "{{ join " " . }}"
{{- end }}
- name: PERMISSIONSAPI_EVENTS_NATS_URL
value: "{{ .Values.config.events.nats.url }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBEPREFIX
value: "{{ .Values.config.events.nats.subscribePrefix }}"
- name: PERMISSIONSAPI_EVENTS_NATS_QUEUEGROUP
value: "{{ .Values.config.events.nats.queueGroup }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SOURCE
value: "{{ .Values.config.events.nats.source }}"
- name: PERMISSIONSAPI_EVENTS_NATS_CONNECTTIMEOUT
value: "{{ .Values.config.events.nats.connectTimeout }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SHUTDOWNTIMEOUT
value: "{{ .Values.config.events.nats.shutdownTimeout }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERFETCHBATCHSIZE
value: "{{ .Values.config.events.nats.subscriberFetchBatchSize }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERFETCHTIMEOUT
value: "{{ .Values.config.events.nats.subscriberFetchTimeout }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERFETCHBACKOFF
value: "{{ .Values.config.events.nats.subscriberFetchBackoff }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERNOACKEXPLICIT
value: "{{ .Values.config.events.nats.subscriberNoAckExplicit }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERNOMANUALACK
value: "{{ .Values.config.events.nats.subscriberNoManualAck }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERDELIVERYPOLICY
value: "{{ .Values.config.events.nats.subscriberDeliveryPolicy }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERSTARTSEQUENCE
value: "{{ .Values.config.events.nats.subscriberStartSequence }}"
{{- with .Values.config.events.topics }}
- name: PERMISSIONSAPI_EVENTS_TOPICS
value: "{{ join " " . }}"
{{- end }}
{{- if .Values.config.events.nats.tokenSecretName }}
- name: PERMISSIONSAPI_EVENTS_NATS_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.config.events.nats.tokenSecretName }}
key: token
{{- end }}
{{- if .Values.config.events.nats.credsSecretName }}
- name: PERMISSIONSAPI_EVENTS_NATS_CREDSFILE
value: "{{ .Values.config.events.nats.credsFile }}"
{{- end }}
{{- if .Values.config.oidc.issuer }}
{{- with .Values.config.oidc.audience }}
- name: PERMISSIONSAPI_OIDC_AUDIENCE
value: "{{ . }}"
{{- end }}
{{- with .Values.config.oidc.issuer }}
- name: PERMISSIONSAPI_OIDC_ISSUER
value: "{{ . }}"
{{- end }}
{{- with .Values.config.oidc.refreshTimeout }}
- name: PERMISSIONSAPI_OIDC_REFRESH_TIMEOUT
value: "{{ . }}"
{{- end }}
{{- end }}
- name: PERMISSIONSAPI_SPICEDB_ENDPOINT
value: "{{ .Values.config.spicedb.endpoint }}"
- name: PERMISSIONSAPI_SPICEDB_INSECURE
value: "{{ .Values.config.spicedb.insecure }}"
- name: PERMISSIONSAPI_SPICEDB_VERIFYCA
value: "{{ .Values.config.spicedb.verifyCA }}"
{{- if .Values.config.spicedb.policyConfigMapName }}
- name: PERMISSIONSAPI_SPICEDB_POLICYFILE
value: /policy/policy.yaml
{{- end }}
- name: PERMISSIONSAPI_TRACING_ENABLED
value: "{{ .Values.config.tracing.enabled }}"
- name: PERMISSIONSAPI_TRACING_PROVIDER
value: "{{ .Values.config.tracing.provider }}"
- name: PERMISSIONSAPI_TRACING_ENVIRONMENT
value: "{{ .Values.config.tracing.environment }}"
{{- if .Values.config.spicedb.caSecretName }}
- name: SSL_CERT_DIR
value: "/etc/ssl/spicedb"
{{- end }}
{{- if eq .Values.config.tracing.provider "jaeger" }}
- name: PERMISSIONSAPI_TRACING_JAEGER_ENDPOINT
value: "{{ .Values.config.tracing.jaeger.endpoint }}"
- name: PERMISSIONSAPI_TRACING_JAEGER_USER
value: "{{ .Values.config.tracing.jaeger.user }}"
- name: PERMISSIONSAPI_TRACING_JAEGER_PASSWORD
value: "{{ .Values.config.tracing.jaeger.password }}"
{{- end }}
{{- if eq .Values.config.tracing.provider "otlpgrpc" }}
- name: PERMISSIONSAPI_TRACING_OTLP_ENDPOINT
value: "{{ .Values.config.tracing.otlp.endpoint }}"
- name: PERMISSIONSAPI_TRACING_OTLP_INSECURE
value: "{{ .Values.config.tracing.otlp.insecure }}"
- name: PERMISSIONSAPI_TRACING_OTLP_CERTIFICATE
value: "{{ .Values.config.tracing.otlp.certificate }}"
{{- end }}
envFrom:
- secretRef:
name: "{{ .Values.config.spicedb.pskSecretName }}"
Expand Down

0 comments on commit ce2ec45

Please sign in to comment.