From e0050a01ce71b770d4ed178945a2449547a8ae42 Mon Sep 17 00:00:00 2001 From: genofire Date: Tue, 18 Apr 2023 15:08:11 +0000 Subject: [PATCH] refactory deployment + add values for tests --- charts/authentik/ci/ct-values.yaml | 7 ++ charts/authentik/templates/deployment.yaml | 125 +++++++++++---------- charts/authentik/values.yaml | 2 +- 3 files changed, 75 insertions(+), 59 deletions(-) diff --git a/charts/authentik/ci/ct-values.yaml b/charts/authentik/ci/ct-values.yaml index c8c72d53..ab1715f5 100644 --- a/charts/authentik/ci/ct-values.yaml +++ b/charts/authentik/ci/ct-values.yaml @@ -36,5 +36,12 @@ redis: enabled: true password: au7h3n71k +serviceAccount: + create: true + +sidecar: + blueprints: + enabled: true + blueprints: - authentik-ci-blueprint diff --git a/charts/authentik/templates/deployment.yaml b/charts/authentik/templates/deployment.yaml index 446114d7..a3c5cc29 100644 --- a/charts/authentik/templates/deployment.yaml +++ b/charts/authentik/templates/deployment.yaml @@ -1,4 +1,4 @@ -{{- range list "server" "worker" }} +{{- range $component := list "server" "worker" }} --- apiVersion: apps/v1 kind: Deployment @@ -6,31 +6,31 @@ metadata: name: {{ printf "%s-%s" (include "common.names.fullname" $) . }} labels: {{- include "common.labels" $ | nindent 4 }} - app.kubernetes.io/component: "{{ . }}" + app.kubernetes.io/component: "{{ $component }}" spec: - {{ if eq . "server" -}} + {{- if eq . "server" }} replicas: {{ $.Values.replicas }} - {{- else -}} + {{- else }} replicas: {{ $.Values.worker.replicas }} {{- end }} selector: matchLabels: {{- include "common.labels.selectorLabels" $ | nindent 6 }} - app.kubernetes.io/component: "{{ . }}" + app.kubernetes.io/component: "{{ $component }}" template: metadata: labels: {{- include "common.labels.selectorLabels" $ | nindent 8 }} - app.kubernetes.io/component: "{{ . }}" + app.kubernetes.io/component: "{{ $component }}" app.kubernetes.io/version: "{{ $.Values.image.tag }}" - {{- if $.Values.podAnnotations }} + {{- with $.Values.podAnnotations }} annotations: - {{- toYaml $.Values.podAnnotations | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- if $.Values.image.pullSecrets }} + {{- with $.Values.image.pullSecrets }} imagePullSecrets: - {{- toYaml $.Values.image.pullSecrets | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} {{- if $.Values.serviceAccount.create }} serviceAccountName: {{ include "common.names.fullname" $ }} @@ -60,20 +60,25 @@ spec: {{- end }} {{- tpl (toYaml $initContainers) $ | nindent 8 }} {{- end }} - {{ if eq . "server" -}} + {{- if eq $component "server" }} priorityClassName: {{ $.Values.priorityClassName }} + {{- with $.Values.securityContext }} securityContext: - {{- toYaml $.Values.securityContext | nindent 8 }} - {{- else -}} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} priorityClassName: {{ $.Values.worker.priorityClassName }} + {{- with $.Values.worker.securityContext }} securityContext: - {{- toYaml $.Values.worker.securityContext | nindent 8 }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} containers: - name: {{ $.Chart.Name }} image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}{{- if $.Values.image.digest -}}@{{ $.Values.image.digest }}{{- end -}}" imagePullPolicy: "{{ $.Values.image.pullPolicy }}" - args: [{{ quote . }}] + args: + - {{ $component | quote }} env: {{- range $k, $v := $.Values.env }} - name: {{ quote $k }} @@ -85,31 +90,33 @@ spec: valueFrom: {{- toYaml $val | nindent 16 }} {{- end }} - {{- with $.Values.envFrom }} + {{- with $.Values.envFrom }} envFrom: - {{- toYaml . | nindent 12 }} - {{- end }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: - {{- if $.Values.geoip.enabled }} + {{- if $.Values.geoip.enabled }} - name: geoip-db mountPath: /geoip - {{- end }} + {{- end }} + + {{- if eq $component "worker" -}} {{- if $.Values.sidecar.blueprints.enabled }} - name: sidecar-blueprints mountPath: /blueprints/sidecar {{- end }} - {{- with $.Values.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{ if eq . "worker" -}} - {{- with $.Values.blueprints }} - {{- range $name := . }} + + {{- range $name := $.Values.blueprints }} - name: blueprints-{{ $name }} mountPath: /blueprints/mounted/{{ $name }} - {{- end }} {{- end }} - {{- end }} - {{- if eq . "server" }} + {{- end }}{{/* end worker */}} + + {{- with $.Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: - name: http containerPort: 9000 @@ -120,24 +127,24 @@ spec: - name: https containerPort: 9443 protocol: TCP - {{- if $.Values.livenessProbe.enabled }} - {{- with omit $.Values.livenessProbe "enabled" }} + + {{- with $.Values.livenessProbe }} + {{- if .enabled }} livenessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- end }} - {{- if $.Values.readinessProbe.enabled }} - {{- with omit $.Values.readinessProbe "enabled" }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with $.Values.readinessProbe }} + {{- if .enabled }} readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- end }} - {{- end }} - {{- with index $.Values.resources . }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with (get $.Values.resources $component) }} resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if $.Values.geoip.enabled }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if $.Values.geoip.enabled }} - name: geoip-sidecar image: "{{ $.Values.geoip.image }}" env: @@ -154,7 +161,8 @@ spec: volumeMounts: - name: geoip-db mountPath: /usr/share/GeoIP - {{- end }} + {{- end }} + {{- if eq $component "worker" }} {{- with $.Values.sidecar.blueprints }} {{- if .enabled }} - name: sidecar-blueprints @@ -183,7 +191,8 @@ spec: mountPath: /blueprints/sidecar {{- end }} {{- end }} - {{- with $.Values.additionalContainers }} + {{- end }}{{/* end worker */}} + {{- with $.Values.additionalContainers }} {{- $additionalContainers := list }} {{- range $name, $container := . }} {{- if not $container.name -}} @@ -194,24 +203,24 @@ spec: {{- tpl (toYaml $additionalContainers) $ | nindent 8 }} {{- end }} volumes: - {{- if $.Values.geoip.enabled }} + {{- if $.Values.geoip.enabled }} - name: geoip-db emptyDir: {} - {{- end }} - {{- if $.Values.sidecar.blueprints.enabled }} + {{- end }} + {{- if eq $component "worker" }} + {{- if $.Values.sidecar.blueprints.enabled }} - name: sidecar-blueprints emptyDir: {} - {{- end }} - {{- with $.Values.volumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if eq . "worker" -}} - {{- with $.Values.blueprints }} - {{- range $name := . }} + {{- end }} + {{- range $name := $.Values.blueprints }} - name: blueprints-{{ $name }} configMap: name: {{ $name }} {{- end }} - {{- end }} - {{- end }} + {{- end }}{{/* end worker */}} + + {{- with $.Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} diff --git a/charts/authentik/values.yaml b/charts/authentik/values.yaml index 4a32a5c4..944ce66a 100644 --- a/charts/authentik/values.yaml +++ b/charts/authentik/values.yaml @@ -166,7 +166,7 @@ readinessProbe: periodSeconds: 10 serviceAccount: - # -- Service account is needed for managed outposts + # -- Service account is needed for managed outposts and sidecar for blueprints create: true annotations: {}