Migrate auth/auth logic to daq-deployments repository,, change deploy…

…ment to accept extra definitions from values
DiamondLightSource · Aug 2, 2023 · da6b1a1 · da6b1a1
1 parent b800996
commit da6b1a1
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 47 deletions.
diff --git a/helm/blueapi/templates/_helpers.tpl b/helm/blueapi/templates/_helpers.tpl
@@ -50,6 +50,17 @@ app.kubernetes.io/name: {{ include "blueapi.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Metadata labels
+*/}}
+{{- define "blueapi.metadataLabels" -}}
+{{ include "blueapi.selectorLabels" . }}
+sidecar.istio.io/inject: "true"
+{{- range $key, $value := .Values.extraLabels }}
+{{- $key }}: {{ $value | quote }} # N.B. ensures your labels are correctly String->String
+{{- end }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}

diff --git a/helm/blueapi/templates/authz_configmap.yaml b/helm/blueapi/templates/authz_configmap.yaml
diff --git a/helm/blueapi/templates/deployment.yaml b/helm/blueapi/templates/deployment.yaml
@@ -16,14 +16,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "blueapi.selectorLabels" . | nindent 8 }}
-        {{- range $key, $value := .Values.authn.labels }}
-          {{- $key | nindent 8 }}: {{ $value | quote }} # N.B. ensures your labels are correctly String->String
-        {{- end }}
-        {{- range $key, $value := .Values.authz.labels }}
-          {{- $key | nindent 8 }}: {{ $value | quote }} # N.B. ensures your labels are correctly String->String
-        {{- end }}
-        sidecar.istio.io/inject: "true"
+        {{- include "blueapi.metadataLabels" . | nindent 8 }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -42,9 +35,9 @@ spec:
           - secret:
               name: {{ . }}
           {{- end }}
-      - name: opa-policy
-        configMap:
-          name: policy
+      {{- with .Values.extraVolumes -}}
+        {{ toYaml . | nindent 6 }}
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:

diff --git a/helm/blueapi/templates/envoyfilter.yaml b/helm/blueapi/templates/envoyfilter.yaml
diff --git a/helm/blueapi/templates/sealed-secret.yaml b/helm/blueapi/templates/sealed-secret.yaml
diff --git a/helm/blueapi/values.yaml b/helm/blueapi/values.yaml
@@ -90,13 +90,15 @@ worker:
     port: 61613
 # Config for the worker goes here, will be mounted into a config file
 
-authn:
-  labels:
-    enable-authn: "true"
-
-authz:
-  labels:
-    enable-authz: "true"
+extraLabels:
+  sidecar.istio.io/inject: "true"
+  enable-authn: "true"
+  enable-authz: "true"
+
+extraVolumes:
+  - name: opa-policy
+    configMap:
+      name: policy
 
 rabbitmq:
   persistence: