Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

move chart to using a config file instead of env #153

Merged
merged 1 commit into from
Aug 7, 2023
Merged

move chart to using a config file instead of env #153

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 10 additions & 16 deletions chart/permissions-api/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@
{{- end }}

{{- define "permapi.server.volumes" }}
{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName }}
- name: app-config
configMap:
name: {{ include "common.names.name" . }}-server-config
{{- with .Values.config.spicedb.caSecretName }}
- name: spicedb-ca
secret:
Expand All @@ -16,13 +18,11 @@
configMap:
name: {{ . }}
{{- end }}
{{- else -}}
[]
{{- end }}
{{- end }}

{{- define "permapi.server.volumeMounts" }}
{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName }}
- name: app-config
mountPath: /config/
{{- if .Values.config.spicedb.caSecretName }}
- name: spicedb-ca
mountPath: /etc/ssl/spicedb/
Expand All @@ -31,13 +31,12 @@
- name: policy-file
mountPath: /policy
{{- end }}
{{- else -}}
[]
{{- end }}
{{- end }}

{{- define "permapi.worker.volumes" }}
{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName .Values.config.events.nats.credsSecretName }}
- name: app-config
configMap:
name: {{ include "common.names.name" . }}-worker-config
{{- with .Values.config.spicedb.caSecretName }}
- name: spicedb-ca
secret:
Expand All @@ -53,13 +52,11 @@
configMap:
name: {{ . }}
{{- end }}
{{- else -}}
[]
{{- end }}
{{- end }}

{{- define "permapi.worker.volumeMounts" }}
{{- if or .Values.config.spicedb.caSecretName .Values.config.spicedb.policyConfigMapName .Values.config.events.nats.credsSecretName }}
- name: app-config
mountPath: /config/
{{- if .Values.config.spicedb.caSecretName }}
- name: spicedb-ca
mountPath: /etc/ssl/spicedb/
Expand All @@ -72,7 +69,4 @@
- name: policy-file
mountPath: /policy
{{- end }}
{{- else -}}
[]
{{- end }}
{{- end }}
13 changes: 13 additions & 0 deletions chart/permissions-api/templates/config-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.name" . }}-server-config
namespace: {{ .Release.Namespace }}
annotations:
argocd.argoproj.io/sync-wave: '-1'
labels: {{- include "common.labels.standard" . | nindent 4 }}
service: server
data:
config.yaml: |
{{- pick .Values.config "server" "oidc" "spicedb" "tracing" | toYaml | nindent 4 }}
13 changes: 13 additions & 0 deletions chart/permissions-api/templates/config-worker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.name" . }}-worker-config
namespace: {{ .Release.Namespace }}
annotations:
argocd.argoproj.io/sync-wave: '-1'
labels: {{- include "common.labels.standard" . | nindent 4 }}
service: worker
data:
config.yaml: |
{{- pick .Values.config "server" "events" "oidc" "spicedb" "tracing" | toYaml | nindent 4 }}
52 changes: 4 additions & 48 deletions chart/permissions-api/templates/deployment-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,65 +47,21 @@ spec:
- name: {{ include "common.names.name" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- server
- --config
- /config/config.yaml
env:
- name: PERMISSIONSAPI_SERVER_LISTEN
value: ":{{ include "permapi.listenPort" . }}"
- name: PERMISSIONSAPI_SERVER_SHUTDOWN_GRACE_PERIOD
value: "{{ .Values.config.server.shutdownGracePeriod }}"
{{- with .Values.config.server.trustedProxies }}
- name: PERMISSIONSAPI_SERVER_TRUSTED_PROXIES
value: "{{ join " " . }}"
{{- end }}
{{- if .Values.config.oidc.issuer }}
{{- with .Values.config.oidc.audience }}
- name: PERMISSIONSAPI_OIDC_AUDIENCE
value: "{{ . }}"
{{- end }}
{{- with .Values.config.oidc.issuer }}
- name: PERMISSIONSAPI_OIDC_ISSUER
value: "{{ . }}"
{{- end }}
{{- with .Values.config.oidc.refreshTimeout }}
- name: PERMISSIONSAPI_OIDC_REFRESH_TIMEOUT
value: "{{ . }}"
{{- end }}
{{- end }}
- name: PERMISSIONSAPI_SPICEDB_ENDPOINT
value: "{{ .Values.config.spicedb.endpoint }}"
- name: PERMISSIONSAPI_SPICEDB_INSECURE
value: "{{ .Values.config.spicedb.insecure }}"
- name: PERMISSIONSAPI_SPICEDB_VERIFYCA
value: "{{ .Values.config.spicedb.verifyCA }}"
{{- if .Values.config.spicedb.policyConfigMapName }}
- name: PERMISSIONSAPI_SPICEDB_POLICYFILE
value: /policy/policy.yaml
{{- end }}
- name: PERMISSIONSAPI_TRACING_ENABLED
value: "{{ .Values.config.tracing.enabled }}"
- name: PERMISSIONSAPI_TRACING_PROVIDER
value: "{{ .Values.config.tracing.provider }}"
- name: PERMISSIONSAPI_TRACING_ENVIRONMENT
value: "{{ .Values.config.tracing.environment }}"
{{- if .Values.config.spicedb.caSecretName }}
- name: SSL_CERT_DIR
value: "/etc/ssl/spicedb"
{{- end }}
{{- if eq .Values.config.tracing.provider "jaeger" }}
- name: PERMISSIONSAPI_TRACING_JAEGER_ENDPOINT
value: "{{ .Values.config.tracing.jaeger.endpoint }}"
- name: PERMISSIONSAPI_TRACING_JAEGER_USER
value: "{{ .Values.config.tracing.jaeger.user }}"
- name: PERMISSIONSAPI_TRACING_JAEGER_PASSWORD
value: "{{ .Values.config.tracing.jaeger.password }}"
{{- end }}
{{- if eq .Values.config.tracing.provider "otlpgrpc" }}
- name: PERMISSIONSAPI_TRACING_OTLP_ENDPOINT
value: "{{ .Values.config.tracing.otlp.endpoint }}"
- name: PERMISSIONSAPI_TRACING_OTLP_INSECURE
value: "{{ .Values.config.tracing.otlp.insecure }}"
- name: PERMISSIONSAPI_TRACING_OTLP_CERTIFICATE
value: "{{ .Values.config.tracing.otlp.certificate }}"
{{- end }}
envFrom:
- secretRef:
name: "{{ .Values.config.spicedb.pskSecretName }}"
Expand Down
84 changes: 2 additions & 82 deletions chart/permissions-api/templates/deployment-worker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,106 +49,26 @@ spec:
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- worker
- --config
- /config/config.yaml
env:
- name: PERMISSIONSAPI_SERVER_LISTEN
value: ":{{ include "permapi.listenPort" . }}"
- name: PERMISSIONSAPI_SERVER_SHUTDOWN_GRACE_PERIOD
value: "{{ .Values.config.server.shutdownGracePeriod }}"
{{- with .Values.config.server.trustedProxies }}
- name: PERMISSIONSAPI_SERVER_TRUSTED_PROXIES
value: "{{ join " " . }}"
{{- end }}
- name: PERMISSIONSAPI_EVENTS_NATS_URL
value: "{{ .Values.config.events.nats.url }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBEPREFIX
value: "{{ .Values.config.events.nats.subscribePrefix }}"
- name: PERMISSIONSAPI_EVENTS_NATS_QUEUEGROUP
value: "{{ .Values.config.events.nats.queueGroup }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SOURCE
value: "{{ .Values.config.events.nats.source }}"
- name: PERMISSIONSAPI_EVENTS_NATS_CONNECTTIMEOUT
value: "{{ .Values.config.events.nats.connectTimeout }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SHUTDOWNTIMEOUT
value: "{{ .Values.config.events.nats.shutdownTimeout }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERFETCHBATCHSIZE
value: "{{ .Values.config.events.nats.subscriberFetchBatchSize }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERFETCHTIMEOUT
value: "{{ .Values.config.events.nats.subscriberFetchTimeout }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERFETCHBACKOFF
value: "{{ .Values.config.events.nats.subscriberFetchBackoff }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERNOACKEXPLICIT
value: "{{ .Values.config.events.nats.subscriberNoAckExplicit }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERNOMANUALACK
value: "{{ .Values.config.events.nats.subscriberNoManualAck }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERDELIVERYPOLICY
value: "{{ .Values.config.events.nats.subscriberDeliveryPolicy }}"
- name: PERMISSIONSAPI_EVENTS_NATS_SUBSCRIBERSTARTSEQUENCE
value: "{{ .Values.config.events.nats.subscriberStartSequence }}"
{{- with .Values.config.events.topics }}
- name: PERMISSIONSAPI_EVENTS_TOPICS
value: "{{ join " " . }}"
{{- end }}
{{- if .Values.config.events.nats.tokenSecretName }}
- name: PERMISSIONSAPI_EVENTS_NATS_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.config.events.nats.tokenSecretName }}
key: token
{{- end }}
{{- if .Values.config.events.nats.credsSecretName }}
- name: PERMISSIONSAPI_EVENTS_NATS_CREDSFILE
value: "{{ .Values.config.events.nats.credsFile }}"
{{- end }}
{{- if .Values.config.oidc.issuer }}
{{- with .Values.config.oidc.audience }}
- name: PERMISSIONSAPI_OIDC_AUDIENCE
value: "{{ . }}"
{{- end }}
{{- with .Values.config.oidc.issuer }}
- name: PERMISSIONSAPI_OIDC_ISSUER
value: "{{ . }}"
{{- end }}
{{- with .Values.config.oidc.refreshTimeout }}
- name: PERMISSIONSAPI_OIDC_REFRESH_TIMEOUT
value: "{{ . }}"
{{- end }}
{{- end }}
- name: PERMISSIONSAPI_SPICEDB_ENDPOINT
value: "{{ .Values.config.spicedb.endpoint }}"
- name: PERMISSIONSAPI_SPICEDB_INSECURE
value: "{{ .Values.config.spicedb.insecure }}"
- name: PERMISSIONSAPI_SPICEDB_VERIFYCA
value: "{{ .Values.config.spicedb.verifyCA }}"
{{- if .Values.config.spicedb.policyConfigMapName }}
- name: PERMISSIONSAPI_SPICEDB_POLICYFILE
value: /policy/policy.yaml
{{- end }}
- name: PERMISSIONSAPI_TRACING_ENABLED
value: "{{ .Values.config.tracing.enabled }}"
- name: PERMISSIONSAPI_TRACING_PROVIDER
value: "{{ .Values.config.tracing.provider }}"
- name: PERMISSIONSAPI_TRACING_ENVIRONMENT
value: "{{ .Values.config.tracing.environment }}"
{{- if .Values.config.spicedb.caSecretName }}
- name: SSL_CERT_DIR
value: "/etc/ssl/spicedb"
{{- end }}
{{- if eq .Values.config.tracing.provider "jaeger" }}
- name: PERMISSIONSAPI_TRACING_JAEGER_ENDPOINT
value: "{{ .Values.config.tracing.jaeger.endpoint }}"
- name: PERMISSIONSAPI_TRACING_JAEGER_USER
value: "{{ .Values.config.tracing.jaeger.user }}"
- name: PERMISSIONSAPI_TRACING_JAEGER_PASSWORD
value: "{{ .Values.config.tracing.jaeger.password }}"
{{- end }}
{{- if eq .Values.config.tracing.provider "otlpgrpc" }}
- name: PERMISSIONSAPI_TRACING_OTLP_ENDPOINT
value: "{{ .Values.config.tracing.otlp.endpoint }}"
- name: PERMISSIONSAPI_TRACING_OTLP_INSECURE
value: "{{ .Values.config.tracing.otlp.insecure }}"
- name: PERMISSIONSAPI_TRACING_OTLP_CERTIFICATE
value: "{{ .Values.config.tracing.otlp.certificate }}"
{{- end }}
envFrom:
- secretRef:
name: "{{ .Values.config.spicedb.pskSecretName }}"
Expand Down