Merge pull request #13 from nikodemjedynak-dnv/feature/kubeit-changes

Adding KubeIT changes to the platform-service chart

charts/platform-service/templates/_helpers.tpl

@@ -36,3 +36,20 @@ Create chart name and version as used by the chart label.
 {{- define "platform-service.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{- define "appLabels" -}}
+app: {{ required "app is required" .Values.app }}
+app.kubernetes.io/name: {{ include "platform-service.name" . }}
+helm.sh/chart: {{ include "platform-service.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+version: {{ .Values.version }}
+{{ if $.Values.kubeit }}
+tenant: {{ $.Values.kubeit.tenantName }}
+{{- if or ( .Values.podIdentityName ) ( .Values.kubeit.tenantPodIdentityName ) }}
+aadpodidbinding: {{ .Values.podIdentityName | default .Values.kubeit.tenantPodIdentityName }}
+{{- end }}
+{{ if $.Values.volumes -}}
+state: stateful
+{{- end -}}
+{{- end -}}
+{{- end -}}

charts/platform-service/templates/authorizationPolicy.yaml

@@ -3,6 +3,8 @@ apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
   name: {{ include "platform-service.fullname" . }}
+  labels:
+{{ include "appLabels" . | trim | indent 4 }}
 spec:
   selector:
     matchLabels:

charts/platform-service/templates/deployment.yaml

@@ -12,12 +12,7 @@ kind: Deployment
 metadata:
   name: {{ include "platform-service.fullname" . }}
   labels:
-    app.kubernetes.io/name: {{ include "platform-service.name" . }}
-    helm.sh/chart: {{ include "platform-service.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app: {{ required "app is required" .Values.app }}
-    version: {{ .Values.version }}
+{{ include "appLabels" . | trim | indent 4 }}
 spec:
   {{- if eq .Values.updateStrategy "NoSurge" }}
   strategy:
@@ -38,10 +33,7 @@ spec:
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: {{ include "platform-service.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-        app: {{ required "app is required" .Values.app }}
-        version: {{ .Values.version }}
+{{ include "appLabels" . | trim | indent 8 }}
         {{- if .Values.opa.enabled }}
         sidecar.opa-istio.io/inject: "true"
         {{- end }}
@@ -52,10 +44,8 @@ spec:
         {{ .Values.sessionManagement.enabledWithoutRedirectLabel }}
         {{- end }}
         {{- end }}
-        {{- if .Values.additionalPodLabels }}
-{{- with .Values.additionalPodLabels }}
-{{ tpl . $ | indent 8 }}
-{{- end }}
+        {{- with .Values.additionalPodLabels }}
+        {{- toYaml . | nindent 8 }}
         {{- end }}
       annotations:
         {{- if .Values.service.liveness.enabled }}  
@@ -64,16 +54,21 @@ spec:
         {{- if .Values.mergeAppMetrics }}
         prometheus.io/scrape: "true"
         {{- end }}
-        {{- if .Values.proxyResources.requests }}  
-        {{- if .Values.proxyResources.requests.cpu }}  
+        {{- if .Values.proxyResources.requests }}
+        {{- if .Values.proxyResources.requests.cpu }}
         sidecar.istio.io/proxyCPU: {{ .Values.proxyResources.requests.cpu }}
         {{- end }}
-        {{- if .Values.proxyResources.requests.memory }}  
+        {{- if .Values.proxyResources.requests.memory }}
         sidecar.istio.io/proxyMemory: {{ .Values.proxyResources.requests.memory }}
         {{- end }}
         {{- end }}
+        {{- with .Values.additionalPodAnnotations }}       
+        {{ toYaml . | indent 8 }}
+        {{- end }}
     spec:
       serviceAccountName: {{ include "platform-service.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.securityContext | nindent 8 }}
       initContainers:
       {{- range .Values.initContainers }}
         - name: {{ .name }}
@@ -84,11 +79,12 @@ spec:
 {{ toYaml . | indent 12 }}
 {{- end }}
       {{- end }}
+      {{- toYaml .Values.initContainersDefinitions | nindent 8 }}
       containers:
 {{ if .Values.opa.enabled }}
         - name: opa-istio
           image: {{ .Values.opa.image }}
-          imagePullPolicy: IfNotPresent          
+          imagePullPolicy: IfNotPresent
           args:
           - run
           - --server
@@ -124,10 +120,9 @@ spec:
 {{ if .Values.opa.resources }}
           resources:
 {{ toYaml .Values.opa.resources | indent 12 }}
-{{ end }}      
-
+{{ end }}
 
-{{ end }}      
+{{ end }}
         - name: {{ include "platform-service.name" . }}
           image: "{{ include "image" . }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -157,12 +152,13 @@ spec:
 {{- if .Values.workingDir }}
           workingDir: {{ .Values.workingDir }}
 {{- end }}
-
+          securityContext:
+            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
           ports:
             - name: http
               containerPort: {{ .Values.image.containerPort }}
               protocol: TCP
-          {{- if .Values.service.liveness.enabled }} 
+          {{- if .Values.service.liveness.enabled }}
           livenessProbe:
             httpGet:
               path: {{ .Values.service.liveness.path }}
@@ -214,14 +210,14 @@ spec:
       - name: "{{ .Values.image.pullSecret }}"
       {{- end }}
       volumes:
-{{ if .Values.opa.enabled }}      
+{{ if .Values.opa.enabled }}
       - name: opa-istio-config
-        configMap: 
+        configMap:
           name: opa-istio-config
       - name: opa-policy
-        configMap: 
+        configMap:
           name: opa-policy
-{{ end }} 
+{{ end }}
 {{- range .Values.volumes }}
       - name: {{ .name }}
 {{ tpl .volumeDefinition $ | indent 8 }}

charts/platform-service/templates/destinationrules.yaml

@@ -3,6 +3,8 @@ apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: {{ include "platform-service.fullname" . }}-destinationrule
+  labels:
+{{ include "appLabels" . | trim | indent 4 }}
 spec:
   host: {{ include "platform-service.fullQualifiedServiceName" . }}
   trafficPolicy:

charts/platform-service/templates/horizontal-pod-autoscaler.yaml

@@ -2,9 +2,9 @@
 apiVersion: autoscaling/v1
 kind: HorizontalPodAutoscaler
 metadata:
-  labels:
-    app: {{ required "app is required" .Values.app }}
   name: {{ include "platform-service.fullname" . }}-hpa
+  labels:
+{{ include "appLabels" . | trim | indent 4 }}
 spec:
   maxReplicas: {{.Values.hpa.maxReplicas}}
   minReplicas: {{.Values.hpa.minReplicas}}

charts/platform-service/templates/network-policy.yaml

@@ -3,6 +3,8 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: {{ include "platform-service.fullname" . }}-network-policy
+  labels:
+{{ include "appLabels" . | trim | indent 4 }}
 spec:
   podSelector:
     matchLabels:
@@ -26,7 +28,7 @@ spec:
       namespaceSelector:
         matchLabels:
           istio-operator-managed: Reconcile
-{{- end }}      
+{{- end }}
 {{- range .Values.networkPolicy.appsAllowedAccess }}
   - from:
     - podSelector:
@@ -35,5 +37,5 @@ spec:
     ports:
     - protocol: TCP
       port: {{ $.Values.image.containerPort }}
-{{- end }}      
-{{- end }}      
+{{- end }}
+{{- end }}

charts/platform-service/templates/requestAuthentication.yaml

@@ -3,11 +3,13 @@ apiVersion: security.istio.io/v1beta1
 kind: RequestAuthentication
 metadata:
   name: {{ include "platform-service.fullname" . }}
+  labels:
+{{ include "appLabels" . | trim | indent 4 }}
 spec:
   selector:
     matchLabels:
       app: {{ .Values.app }}
       version: {{ .Values.version }}
   jwtRules:
 {{ .Values.requestAuthentication.jwtRules | toYaml | indent 2 }}
-{{- end }}
+{{- end }}

charts/platform-service/templates/service-account.yaml

@@ -17,6 +17,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ include "platform-service.serviceAccountName" . }}
+  labels:
+{{ include "appLabels" . | trim | indent 4 }}
 {{- end}}
 {{- end}}
-

charts/platform-service/templates/service.yaml

@@ -7,10 +7,7 @@ kind: Service
 metadata:
   name: {{ include "platform-service.serviceName" . }}
   labels:
-    app.kubernetes.io/name: {{ include "platform-service.name" . }}
-    helm.sh/chart: {{ include "platform-service.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{ include "appLabels" . | trim | indent 4 }}
 spec:
   type: {{ .Values.service.type }}
   ports:

charts/platform-service/templates/virtualservice.yaml

@@ -1,3 +1,8 @@
+{{ $tenantPrefix := "" }}
+{{- if $.Values.kubeit.tenantPrefixEnabled }}
+{{ $tenantPrefix = printf "-%s" .Values.kubeit.tenantName }}
+{{- end }}
+
 {{- define "retries" -}}
 {{- if .Values.defaultRouting.retries.enabled }}
     retries:
@@ -9,9 +14,11 @@
 {{- end -}}
 {{- end -}}
 {{- end -}}
+
 {{- if not .Values.deploymentOnly -}}
 {{- if .Values.defaultRouting.enabled}}
 {{- $fullName := include "platform-service.fullname" . -}}
+---
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
@@ -27,24 +34,29 @@ spec:
         host: {{ include "platform-service.fullQualifiedServiceName" . | quote }}
 {{- include "retries" . }}
 
-{{- if .Values.gateway.exposeService }}
-
 ---
+{{- if .Values.gateway.exposeService }}
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: {{ include "platform-service.serviceName" . }}-external
+  labels:
+{{ include "appLabels" . | trim | indent 4 }}
 spec:
   hosts:
-{{- if .Values.defaultRouting.allHosts }}
-  - "*"
-{{- else }}
-  {{- range .Values.defaultRouting.hosts }}
-  - {{ . | quote }}
+  {{- if .Values.defaultRouting.kubeitDefaultHosts.enabled }}
+    - "{{ .Values.defaultRouting.kubeitDefaultHosts.hostsPrefix | default .Values.app }}{{ $tenantPrefix }}.{{ .Values.kubeit.clusterSubdomain }}.{{ .Values.defaultRouting.kubeitDefaultHosts.dnsDomain }}"                                                                      # Cluster specific subdomain, i.e.: dev001
+    - "{{ .Values.defaultRouting.kubeitDefaultHosts.hostsPrefix | default .Values.app }}{{ $tenantPrefix }}.{{ .Values.kubeit.shortRegion }}.{{ .Values.kubeit.environmentName }}.{{ .Values.defaultRouting.kubeitDefaultHosts.dnsDomain }}"                                      # F5/Active Cluster
+    - "{{ .Values.defaultRouting.kubeitDefaultHosts.hostsPrefix | default .Values.app }}{{ $tenantPrefix }}.{{ .Values.kubeit.clusterColour }}.{{ .Values.kubeit.shortRegion }}.{{ .Values.kubeit.environmentName }}.{{ .Values.defaultRouting.kubeitDefaultHosts.dnsDomain }}"   # Colour cluster - blue/green deployment
+  {{- if .Values.defaultRouting.kubeitDefaultHosts.tenantMultiRegion }}
+    - "{{ .Values.defaultRouting.kubeitDefaultHosts.hostsPrefix | default .Values.app }}{{ $tenantPrefix }}.{{ $.Values.kubeit.environmentName }}.{{ .Values.defaultRouting.kubeitDefaultHosts.dnsDomain }}"                                                                                                              # Traffic Manager
   {{- end }}
+  {{- end }}
+  {{- range .Values.defaultRouting.hosts }}
+    - {{ . | quote }}
 {{- end }}
   gateways:
-  - {{ required "A valid .Values.gateway.name entry required!" .Values.gateway.name }}
+    - {{ required "A valid .Values.gateway.name entry required!" .Values.gateway.name }}
 {{- $prefixes := default (list .Values.app) .Values.defaultRouting.urlPrefixes }}
   http:
 {{- if .Values.defaultRouting.urlExactMatches }}