Skip to content

Commit

Permalink
Merge pull request #657 from bcgov/i5okie/helm-improvements
Browse files Browse the repository at this point in the history 
Helm Chart Improvements
  • Loading branch information
@i5okie
i5okie authored Oct 23, 2024
2 parents 83f2990 + d90b041 commit 2312b53
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 56 deletions.
27 changes: 12 additions & 15 deletions charts/vc-authn-oidc/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# VC-AuthN OIDC

![Version: 0.2.4](https://img.shields.io/badge/Version-0.2.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.1](https://img.shields.io/badge/AppVersion-2.2.1-informational?style=flat-square)
![Version: 0.2.5](https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.1](https://img.shields.io/badge/AppVersion-2.2.1-informational?style=flat-square)

A Helm chart to deploy Verifiable Credential Identity Provider for OpenID Connect.

Expand Down Expand Up @@ -77,15 +77,15 @@ kubectl delete secret,pvc --selector "app.kubernetes.io/instance"=my-release

### Common Configuration

| Name | Description | Value |
| ------------------- | --------------------------------------------------------------- | ------------------------------- |
| `nameOverride` | | `""` |
| `fullnameOverride` | | `""` |
| `image.repository` | | `ghcr.io/bcgov/vc-authn-oidc` |
| `image.pullPolicy` | | `IfNotPresent` |
| `image.pullSecrets` | | `[]` |
| `image.tag` | Overrides the image tag which defaults to the chart appVersion. | `2.2.1` |
| `ingressSuffix` | Domain suffix to be used for default hostpaths in ingress | `.apps.silver.devops.gov.bc.ca` |
| Name | Description | Value |
| ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| `nameOverride` | String to override the helm chart name, second part of the prefix | `""` |
| `fullnameOverride` | String to fully override the helm chart name, full prefix. *Must be provided if using a custom release name that does not include the name of the helm chart (`vc-authn-oidc`).* | `""` |
| `image.repository` | | `ghcr.io/bcgov/vc-authn-oidc` |
| `image.pullPolicy` | | `IfNotPresent` |
| `image.pullSecrets` | | `[]` |
| `image.tag` | Overrides the image tag which defaults to the chart appVersion. | `2.2.1` |
| `ingressSuffix` | Domain suffix to be used for default hostpaths in ingress | `.apps.silver.devops.gov.bc.ca` |

### Controller Configuration

Expand Down Expand Up @@ -299,11 +299,8 @@ Note: Secure values of the configuration are passed via equivalent environment v
| `postgresql.fullnameOverride` | When overriding fullnameOverride, you must override this to match. | `""` |
| `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
| `postgresql.commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). | `[]` |
| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` |
| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `postgresql.auth.postgresPassword`, `postgresql.auth.password`, and `postgresql.auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `{{ include "global.fullname" . }}` |
| `postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `admin-password` |
| `postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `database-password` |
| `postgresql.auth.database` | Name for a custom database to create | `traction` |
| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user. Not recommended for production deployments. | `true` |
| `postgresql.auth.database` | Name for a custom database to create | `askar-wallet` |
| `postgresql.auth.username` | Name for a custom user to create | `acapy` |
| `postgresql.primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC | `true` |
| `postgresql.primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `1Gi` |
Expand Down
9 changes: 0 additions & 9 deletions charts/vc-authn-oidc/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,15 +261,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}}
{{- end -}}

{{/*
Return true if a database secret should be created
*/}}
{{- define "acapy.database.createSecret" -}}
{{- if not .Values.acapy.walletStorageCredentials.existingSecret -}}
{{- true -}}
{{- end -}}
{{- end -}}

{{/*
Return acapy label
*/}}
Expand Down
16 changes: 0 additions & 16 deletions charts/vc-authn-oidc/templates/agent/database_secret.yaml
View file

This file was deleted.

1 change: 0 additions & 1 deletion charts/vc-authn-oidc/templates/agent/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ metadata:
{{- include "acapy.labels" . | nindent 4 }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/agent/configmap.yaml") . | sha256sum }}
checksum/db-secret: {{ include (print $.Template.BasePath "/agent/database_secret.yaml") . | sha256sum }}
checksum/acapy-secrets: {{ include (print $.Template.BasePath "/agent/secrets.yaml") . | sha256sum }}
spec:
{{- if not .Values.acapy.autoscaling.enabled }}
Expand Down
21 changes: 6 additions & 15 deletions charts/vc-authn-oidc/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
## @section Common Configuration
##
## @param nameOverride
## @param nameOverride String to override the helm chart name, second part of the prefix.
nameOverride: ""
## @param fullnameOverride
## @param fullnameOverride String to fully override the helm chart name, full prefix. *Must be provided if using a custom release name that does not include the name of the helm chart (`vc-authn-oidc`).*
fullnameOverride: ""

## @param image.repository
Expand Down Expand Up @@ -374,8 +374,8 @@ acapy:
admin_password: ""
existingSecret: ""
secretKeys:
adminPasswordKey: admin-password
userPasswordKey: database-password
adminPasswordKey: postgres-password
userPasswordKey: password

## @section Acapy tails persistence configuration
persistence:
Expand Down Expand Up @@ -635,21 +635,12 @@ postgresql:
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-user-on-first-run
##
auth:
## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user. Not recommended for production deployments.
##
enablePostgresUser: true
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `postgresql.auth.postgresPassword`, `postgresql.auth.password`, and `postgresql.auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case.
##
existingSecret: '{{ include "global.fullname" . }}'
## @param postgresql.auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
## @param postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
##
secretKeys:
adminPasswordKey: admin-password
userPasswordKey: database-password
## @param postgresql.auth.database Name for a custom database to create
##
database: traction
database: askar-wallet
## @param postgresql.auth.username Name for a custom user to create
##
username: acapy
Expand Down

0 comments on commit 2312b53

Please sign in to comment.