Merge pull request #325 from i5okie/feature/helm-chart-fixes

[Helm Chart] Fix Network Policies, address issues with Values
bcgov · Sep 1, 2023 · 78cb9e6 · 78cb9e6
2 parents 0da3881 + 0c949ae
commit 78cb9e6
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 36 deletions.
diff --git a/charts/vc-authn-oidc/Chart.yaml b/charts/vc-authn-oidc/Chart.yaml
@@ -12,7 +12,7 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "2.0.0-alpha2"
+appVersion: "2.0.0-beta1"
 
 # Charts the vc-authn-oidc service depends on 
 dependencies:

diff --git a/charts/vc-authn-oidc/templates/networkpolicy-agent-ingress.yaml b/charts/vc-authn-oidc/templates/networkpolicy-agent-ingress.yaml
@@ -0,0 +1,28 @@
+{{- if and .Values.acapy.networkPolicy.enabled .Values.acapy.networkPolicy.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "acapy.fullname" . }}-ingress
+  labels:
+    {{- include "acapy.labels" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "acapy.selectorLabels" . | nindent 6 }}
+  ingress:
+     {{- if and .Values.ingress.enabled .Values.acapy.networkPolicy.ingress.enabled (or .Values.acapy.networkPolicy.ingress.namespaceSelector .Values.acapy.networkPolicy.ingress.podSelector) }}
+    - from:
+        {{- if .Values.acapy.networkPolicy.ingress.namespaceSelector }}
+        - namespaceSelector:
+            matchLabels:
+              {{- include "common.tplvalues.render" (dict "value" .Values.acapy.networkPolicy.ingress.namespaceSelector "context" $) | nindent 14 }}
+        {{- end }}
+        {{- if .Values.acapy.networkPolicy.ingress.podSelector }}
+        - podSelector:
+            matchLabels:
+              {{- include "common.tplvalues.render" (dict "value" .Values.acapy.networkPolicy.ingress.podSelector "context" $) | nindent 14 }}
+        {{- end }}
+    {{- end }}
+  policyTypes:
+    - Ingress
+{{- end -}}
diff --git a/charts/vc-authn-oidc/templates/networkpolicy-agent.yaml b/charts/vc-authn-oidc/templates/networkpolicy-agent.yaml
@@ -36,7 +36,7 @@ spec:
               {{- include "vc-authn-oidc.selectorLabels" . | nindent 14 }}
       ports:
         - protocol: TCP
-          port: {{ .Values.acapy.service.httpPort }}
+          port: {{ .Values.acapy.service.adminPort }}
   podSelector:
     matchLabels:
       {{ include "acapy.selectorLabels" . | nindent 6 }}

diff --git a/charts/vc-authn-oidc/templates/networkpolicy-ingress.yaml b/charts/vc-authn-oidc/templates/networkpolicy-ingress.yaml
@@ -28,32 +28,3 @@ spec:
   policyTypes:
     - Ingress
 {{- end -}}
- ---
-{{- if and .Values.acapy.networkPolicy.enabled .Values.acapy.networkPolicy.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ include "acapy.fullname" . }}-ingress
-  labels:
-    {{- include "acapy.labels" . | nindent 4 }}
-spec:
-  podSelector:
-    matchLabels:
-      {{- include "acapy.selectorLabels" . | nindent 6 }}
-  ingress:
-     {{- if and .Values.ingress.enabled .Values.acapy.networkPolicy.ingress.enabled (or .Values.acapy.networkPolicy.ingress.namespaceSelector .Values.acapy.networkPolicy.ingress.podSelector) }}
-    - from:
-        {{- if .Values.acapy.networkPolicy.ingress.namespaceSelector }}
-        - namespaceSelector:
-            matchLabels:
-              {{- include "common.tplvalues.render" (dict "value" .Values.acapy.networkPolicy.ingress.namespaceSelector "context" $) | nindent 14 }}
-        {{- end }}
-        {{- if .Values.acapy.networkPolicy.ingress.podSelector }}
-        - podSelector:
-            matchLabels:
-              {{- include "common.tplvalues.render" (dict "value" .Values.acapy.networkPolicy.ingress.podSelector "context" $) | nindent 14 }}
-        {{- end }}
-    {{- end }}
-  policyTypes:
-    - Ingress
-{{- end -}}
diff --git a/charts/vc-authn-oidc/values.yaml b/charts/vc-authn-oidc/values.yaml
@@ -14,7 +14,7 @@ image:
   repository: ghcr.io/bcgov/vc-authn-oidc
   pullPolicy: IfNotPresent
   pullSecrets: []
-  tag: "2.0.0-alpha2"
+  tag: ""
 
 ## @param ingressSuffix Domain suffix to be used for default hostpaths in ingress
 ingressSuffix: .apps.silver.devops.gov.bc.ca
@@ -77,8 +77,9 @@ networkPolicy:
   ## @param networkPolicy.ingress.podSelector [object] Pod selector label that is allowed to access the Tenant proxy pods.
   ingress:
     enabled: true
-    namespaceSelector:
-      network.openshift.io/policy-group: ingress
+    namespaceSelector: []
+    ## Example:
+      # network.openshift.io/policy-group: ingress
     podSelector: {}
 
 ## Service configuration
@@ -105,8 +106,11 @@ ingress:
   className: ""
   ## @param ingress.annotations Additional annotations for the Ingress resource.
   ##
-  annotations:
-   route.openshift.io/termination: edge
+  annotations: []
+  ## Example:
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"  
+    # route.openshift.io/termination: edge
   ## @param ingress.tls Enable TLS configuration for the host defined at ingress.
   tls: []
   #  - secretName: chart-example-tls