Skip to content

Commit

Permalink
fix: refactory deployment + add values for tests
Browse files Browse the repository at this point in the history
  • Loading branch information
genofire committed Apr 18, 2023
1 parent 77b0cc3 commit 7be14dd
Show file tree
Hide file tree
Showing 7 changed files with 92 additions and 66 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/lint-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,5 +38,5 @@ jobs:
run: |
namespace=authentik-$(uuidgen)
kubectl create ns $namespace
kubectl apply -n $namespace -f charts/authentik/ci/manfiests/
kubectl apply -n $namespace -f charts/authentik/ci/manifests/
ct install --namespace=$namespace --config ct.yaml
7 changes: 7 additions & 0 deletions charts/authentik/ci/ct-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,12 @@ redis:
enabled: true
password: au7h3n71k

serviceAccount:
create: true

sidecar:
blueprints:
enabled: true

blueprints:
- authentik-ci-blueprint
13 changes: 13 additions & 0 deletions charts/authentik/ci/manifests/blueprint-sidecar.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: authentik-ci-blueprint-sidecar
labels:
goauthentik_blueprint: "1"
data:
test.yaml: |-
version: 1
metadata:
name: sidecar-test
entries: []
127 changes: 69 additions & 58 deletions charts/authentik/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -1,36 +1,36 @@
{{- range list "server" "worker" }}
{{- range $component := list "server" "worker" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ printf "%s-%s" (include "common.names.fullname" $) . }}
labels:
{{- include "common.labels" $ | nindent 4 }}
app.kubernetes.io/component: "{{ . }}"
app.kubernetes.io/component: "{{ $component }}"
spec:
{{ if eq . "server" -}}
{{- if eq . "server" }}
replicas: {{ $.Values.replicas }}
{{- else -}}
{{- else }}
replicas: {{ $.Values.worker.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "common.labels.selectorLabels" $ | nindent 6 }}
app.kubernetes.io/component: "{{ . }}"
app.kubernetes.io/component: "{{ $component }}"
template:
metadata:
labels:
{{- include "common.labels.selectorLabels" $ | nindent 8 }}
app.kubernetes.io/component: "{{ . }}"
app.kubernetes.io/component: "{{ $component }}"
app.kubernetes.io/version: "{{ $.Values.image.tag }}"
{{- if $.Values.podAnnotations }}
{{- with $.Values.podAnnotations }}
annotations:
{{- toYaml $.Values.podAnnotations | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if $.Values.image.pullSecrets }}
{{- with $.Values.image.pullSecrets }}
imagePullSecrets:
{{- toYaml $.Values.image.pullSecrets | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if $.Values.serviceAccount.create }}
serviceAccountName: {{ include "common.names.fullname" $ }}
Expand Down Expand Up @@ -60,20 +60,25 @@ spec:
{{- end }}
{{- tpl (toYaml $initContainers) $ | nindent 8 }}
{{- end }}
{{ if eq . "server" -}}
{{- if eq $component "server" }}
priorityClassName: {{ $.Values.priorityClassName }}
{{- with $.Values.securityContext }}
securityContext:
{{- toYaml $.Values.securityContext | nindent 8 }}
{{- else -}}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
priorityClassName: {{ $.Values.worker.priorityClassName }}
{{- with $.Values.worker.securityContext }}
securityContext:
{{- toYaml $.Values.worker.securityContext | nindent 8 }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: {{ $.Chart.Name }}
image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}{{- if $.Values.image.digest -}}@{{ $.Values.image.digest }}{{- end -}}"
imagePullPolicy: "{{ $.Values.image.pullPolicy }}"
args: [{{ quote . }}]
args:
- {{ $component | quote }}
env:
{{- range $k, $v := $.Values.env }}
- name: {{ quote $k }}
Expand All @@ -85,31 +90,34 @@ spec:
valueFrom:
{{- toYaml $val | nindent 16 }}
{{- end }}
{{- with $.Values.envFrom }}
{{- with $.Values.envFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- toYaml . | nindent 12 }}
{{- end }}

volumeMounts:
{{- if $.Values.geoip.enabled }}
{{- if $.Values.geoip.enabled }}
- name: geoip-db
mountPath: /geoip
{{- end }}
{{- end }}

{{- if eq $component "worker" -}}
{{- if $.Values.sidecar.blueprints.enabled }}
- name: sidecar-blueprints
mountPath: /blueprints/sidecar
{{- end }}
{{- with $.Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{ if eq . "worker" -}}
{{- with $.Values.blueprints }}
{{- range $name := . }}

{{- range $name := $.Values.blueprints }}
- name: blueprints-{{ $name }}
mountPath: /blueprints/mounted/{{ $name }}
{{- end }}
{{- end }}
{{- end }}
{{- if eq . "server" }}
{{- end }}{{/* end worker */}}

{{- with $.Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}

{{- if eq $component "server" }}
ports:
- name: http
containerPort: 9000
Expand All @@ -120,24 +128,25 @@ spec:
- name: https
containerPort: 9443
protocol: TCP
{{- if $.Values.livenessProbe.enabled }}
{{- with omit $.Values.livenessProbe "enabled" }}
{{- with $.Values.livenessProbe }}
{{- if .enabled }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if $.Values.readinessProbe.enabled }}
{{- with omit $.Values.readinessProbe "enabled" }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- with $.Values.readinessProbe }}
{{- if .enabled }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
{{- with index $.Values.resources . }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}{{/* end server */}}

{{- with (get $.Values.resources $component) }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if $.Values.geoip.enabled }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if $.Values.geoip.enabled }}
- name: geoip-sidecar
image: "{{ $.Values.geoip.image }}"
env:
Expand All @@ -154,7 +163,8 @@ spec:
volumeMounts:
- name: geoip-db
mountPath: /usr/share/GeoIP
{{- end }}
{{- end }}
{{- if eq $component "worker" }}
{{- with $.Values.sidecar.blueprints }}
{{- if .enabled }}
- name: sidecar-blueprints
Expand Down Expand Up @@ -183,7 +193,8 @@ spec:
mountPath: /blueprints/sidecar
{{- end }}
{{- end }}
{{- with $.Values.additionalContainers }}
{{- end }}{{/* end worker */}}
{{- with $.Values.additionalContainers }}
{{- $additionalContainers := list }}
{{- range $name, $container := . }}
{{- if not $container.name -}}
Expand All @@ -194,24 +205,24 @@ spec:
{{- tpl (toYaml $additionalContainers) $ | nindent 8 }}
{{- end }}
volumes:
{{- if $.Values.geoip.enabled }}
{{- if $.Values.geoip.enabled }}
- name: geoip-db
emptyDir: {}
{{- end }}
{{- if $.Values.sidecar.blueprints.enabled }}
{{- end }}
{{- if eq $component "worker" }}
{{- if $.Values.sidecar.blueprints.enabled }}
- name: sidecar-blueprints
emptyDir: {}
{{- end }}
{{- with $.Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if eq . "worker" -}}
{{- with $.Values.blueprints }}
{{- range $name := . }}
{{- end }}
{{- range $name := $.Values.blueprints }}
- name: blueprints-{{ $name }}
configMap:
name: {{ $name }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}{{/* end worker */}}

{{- with $.Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}

{{- end }}
7 changes: 1 addition & 6 deletions charts/authentik/templates/service-account.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
{{- if .Values.serviceAccount.create }}

{{ include "common.serviceAccount" . }}

{{- if .Values.sidecar.blueprints.enabled }}
{{- if and .Values.serviceAccount.create .Values.sidecar.blueprints.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand All @@ -25,5 +21,4 @@ subjects:
- kind: ServiceAccount
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/authentik/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ readinessProbe:
periodSeconds: 10

serviceAccount:
# -- Service account is needed for managed outposts
# -- Service account is needed for managed outposts and sidecar for blueprints
create: true
annotations: {}

Expand Down

0 comments on commit 7be14dd

Please sign in to comment.