From 6bbe1076206461bb243deee1deea9fcde68ea025 Mon Sep 17 00:00:00 2001 From: Aron Kaufmann Date: Mon, 24 Jun 2024 15:54:22 +0200 Subject: [PATCH] * add enabled for initContainer * add roleBindingName for apigw, es, kibana * added version to readme * increased chart version apigw * increased chart version commons --- apigateway/helm/Chart.lock | 2 +- apigateway/helm/Chart.yaml | 2 +- apigateway/helm/README.md.gotmpl | 3 ++- apigateway/helm/templates/deployment.yaml | 2 ++ apigateway/helm/templates/serviceaccount.yaml | 6 +++--- apigateway/helm/values.yaml | 12 +++++++++++- common/helm/Chart.yaml | 2 +- common/helm/templates/_names.tpl | 11 +++++++++++ 8 files changed, 32 insertions(+), 8 deletions(-) diff --git a/apigateway/helm/Chart.lock b/apigateway/helm/Chart.lock index 5455e0f..29fc162 100644 --- a/apigateway/helm/Chart.lock +++ b/apigateway/helm/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: common repository: https://open-source.softwareag.com/webmethods-helm-charts/charts - version: 1.0.2 + version: 1.0.3 - name: prometheus-elasticsearch-exporter repository: https://prometheus-community.github.io/helm-charts version: 5.0.0 diff --git a/apigateway/helm/Chart.yaml b/apigateway/helm/Chart.yaml index d50370e..e4db247 100644 --- a/apigateway/helm/Chart.yaml +++ b/apigateway/helm/Chart.yaml @@ -33,7 +33,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.2.6 +version: 1.2.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/apigateway/helm/README.md.gotmpl b/apigateway/helm/README.md.gotmpl index 1fd15fe..4842690 100644 --- a/apigateway/helm/README.md.gotmpl +++ b/apigateway/helm/README.md.gotmpl @@ -167,5 +167,6 @@ Sub-folder `examples` contains some *values* examples for more use-cases. To use | `1.2.3` | Job template added to create house keeping (cron) jobs. | | `1.2.4` | Added Kibana extra container configuration, set by Values.kibana.extraContainers.
Added ServiceMonitor matchLabel for a specific service. The service is set by .Values.serviceMonitor.serviceName defaulting to API Gateways runtime service. | | `1.2.5` | Added possibility to read metering truststore password by secretKeyRef.
Added custom logging configuration for Kibana. | - +| `1.2.6` | Fixed commons dependency to enable metering change from 1.2.5. | +| `1.2.7` | Added possibility to rename roleBinding for API Gateway, Kibana and Elasitcsearch. This allows for multiple deployments into the same namespace. | {{ template "chart.valuesSection" . }} diff --git a/apigateway/helm/templates/deployment.yaml b/apigateway/helm/templates/deployment.yaml index 1765fa5..e79585d 100644 --- a/apigateway/helm/templates/deployment.yaml +++ b/apigateway/helm/templates/deployment.yaml @@ -59,6 +59,7 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if or ( .Values.apigw.initContainer.enabled ) ( .Values.extraInitContainers ) }} initContainers: {{- if .Values.elasticsearch.deploy }} - name: waitforelasticsearch @@ -108,6 +109,7 @@ spec: {{- if .Values.extraInitContainers }} {{- toYaml .Values.extraInitContainers | nindent 8 }} {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: diff --git a/apigateway/helm/templates/serviceaccount.yaml b/apigateway/helm/templates/serviceaccount.yaml index f6f9f99..0be2706 100644 --- a/apigateway/helm/templates/serviceaccount.yaml +++ b/apigateway/helm/templates/serviceaccount.yaml @@ -25,7 +25,7 @@ metadata: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: cluster-discovery-rolebinding + name: {{ include "common.names.roleBindingName" . }} roleRef: kind: Role name: {{ include "common.names.roleName" . }} @@ -59,7 +59,7 @@ metadata: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: elasticsearch-rolebinding + name: {{ .Values.elasticsearch.serviceAccount.roleBindingName }} roleRef: kind: Role name: {{ .Values.elasticsearch.serviceAccount.roleName }} @@ -93,7 +93,7 @@ metadata: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: kibana-rolebinding + name: {{ .Values.kibana.serviceAccount.roleBindingName }} roleRef: kind: Role name: {{ .Values.kibana.serviceAccount.roleName }} diff --git a/apigateway/helm/values.yaml b/apigateway/helm/values.yaml index 5c514c6..5469078 100644 --- a/apigateway/helm/values.yaml +++ b/apigateway/helm/values.yaml @@ -71,6 +71,8 @@ serviceAccount: name: "" # If not set and create is true, a name is generated using the fullname template roleName: "" + # If not set and create is true, a name is generated using the fullname template + roleBindingName: "cluster-discovery-rolebinding" # -- The name of the secret or configmap that contains the license key. # Defaults to the release name + chart name + "-license". @@ -328,6 +330,8 @@ apigw: # - ALL initContainer: securityContext: {} + # -- If apigw initContainer for ES should be enabled + enabled: true # -- Specifies the location and name of the configuration variables template # or the directory containing templates for use with Microservices Runtime or @@ -561,7 +565,7 @@ elasticsearch: # Overwriting with custom PodDisruptionBudget Policy requires enabled=true. # Examples can be seen here: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ data: {} - + # -- Enable and configure service account creation. serviceAccount: # -- Whether to create a ServiceAccount for Elasticsearch @@ -571,6 +575,9 @@ elasticsearch: # -- Name of the ServiceAccount Role used by the Elasticsearch ServiceAccount. # Requires create=true to work. roleName: "" + # -- Name of the ServiceAccount Rolebinding used by the Elasticsearch ServiceAccount. + # Requires create=true to work. + roleBindingName: "elasticsearch-rolebinding" # -- Whether the communication from APIGW and Kibana should be HTTPS # Note: you will need to create certificate and a separate truststore for the communication. @@ -704,6 +711,9 @@ kibana: # -- Name of the ServiceAccount Role used by the Kibana ServiceAccount. # Requires create=true to work. roleName: "" + # -- Name of the ServiceAccount Rolebinding used by the Kibana ServiceAccount. + # Requires create=true to work. + roleBindingName: "kibana-rolebinding" # -- Configure Kibana's readinessProbe. readinessProbe: diff --git a/common/helm/Chart.yaml b/common/helm/Chart.yaml index 55ffd77..df3f690 100644 --- a/common/helm/Chart.yaml +++ b/common/helm/Chart.yaml @@ -38,4 +38,4 @@ name: common sources: - https://github.com/softwareag/webmethods-helm-charts type: library -version: 1.0.2 \ No newline at end of file +version: 1.0.3 \ No newline at end of file diff --git a/common/helm/templates/_names.tpl b/common/helm/templates/_names.tpl index 1d244b6..c6ee9fd 100644 --- a/common/helm/templates/_names.tpl +++ b/common/helm/templates/_names.tpl @@ -84,4 +84,15 @@ Create the name of the role to use {{- else }} {{- default "default" .Values.serviceAccount.roleName }} {{- end }} +{{- end }} + +{{/* +Create the name of the rolebinding to use +*/}} +{{- define "common.names.roleBindingName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "common.names.fullname" .) .Values.serviceAccount.roleBindingName }} +{{- else }} +{{- default "default" .Values.serviceAccount.roleBindingName }} +{{- end }} {{- end }} \ No newline at end of file