From 93455b44c680cfed78d6c74aea5646551994ac33 Mon Sep 17 00:00:00 2001
From: Iago Santos <iago.santos.pardo@adfinis.com>
Date: Mon, 29 Nov 2021 12:07:11 +0100
Subject: [PATCH 1/3] feat(security-apps): Add dex-k8s-authenticator

Due to gangway deprecation
FFI: https://github.com/heptiolabs/gangway#vmware-has-ended-active-development-of-this-project-this-repository-will-no-longer-be-updated
---
 charts/security-apps/Chart.yaml               |  4 +--
 charts/security-apps/README.md                | 10 +++++-
 .../examples/dex-k8s-authenticator.yaml       | 34 +++++++++++++++++++
 .../templates/dex-k8s-authenticator.yaml      | 33 ++++++++++++++++++
 charts/security-apps/values.yaml              | 23 +++++++++++++
 5 files changed, 101 insertions(+), 3 deletions(-)
 create mode 100644 charts/security-apps/examples/dex-k8s-authenticator.yaml
 create mode 100644 charts/security-apps/templates/dex-k8s-authenticator.yaml

diff --git a/charts/security-apps/Chart.yaml b/charts/security-apps/Chart.yaml
index 918a96173..6129190c1 100644
--- a/charts/security-apps/Chart.yaml
+++ b/charts/security-apps/Chart.yaml
@@ -3,8 +3,8 @@ name: security-apps
 description: Argo CD app-of-apps config for security applications
 type: application
 # version and appVersion are in sync in this chart!
-version: 0.35.0
-appVersion: 0.35.0
+version: 0.36.0
+appVersion: 0.36.0
 home: https://github.com/adfinis-sygroup/helm-charts/tree/master/charts/security-apps
 sources:
   - https://github.com/adfinis-sygroup/helm-charts
diff --git a/charts/security-apps/README.md b/charts/security-apps/README.md
index dc3fadec3..d8216287d 100644
--- a/charts/security-apps/README.md
+++ b/charts/security-apps/README.md
@@ -1,6 +1,6 @@
 # security-apps
 
-![Version: 0.35.0](https://img.shields.io/badge/Version-0.35.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.35.0](https://img.shields.io/badge/AppVersion-0.35.0-informational?style=flat-square)
+![Version: 0.36.0](https://img.shields.io/badge/Version-0.36.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.36.0](https://img.shields.io/badge/AppVersion-0.36.0-informational?style=flat-square)
 
 Argo CD app-of-apps config for security applications
 
@@ -30,6 +30,14 @@ This chart is maintained by [Adfinis](https://adfinis.com/?pk_campaign=github&pk
 | dex.repoURL | string | [repo](https://charts.dexidp.io) | Repo URL |
 | dex.targetRevision | string | `"0.6.*"` | [dex Helm chart](https://github.com/dexidp/helm-charts/tree/master/charts/dex/) version |
 | dex.values | object | [upstream values](https://github.com/dexidp/helm-charts/tree/master/charts/dex/values.yaml) | Helm values |
+| dexK8sAuthenticator | object | - | [dex-k8s-authenticator](https://github.com/mintel/dex-k8s-authenticator) ([example](./examples/dex-k8s-authenticator.yaml)) |
+| dexK8sAuthenticator.chart | string | `"dexK8sAuthenticator"` | Chart |
+| dexK8sAuthenticator.destination.namespace | string | `"infra-dex-k8s-authenticator"` | Namespace |
+| dexK8sAuthenticator.enabled | bool | `false` | Enable dex-k8s-authenticator |
+| dexK8sAuthenticator.repoPath | string | `"charts/dex-k8s-authenticator"` | Repo Path |
+| dexK8sAuthenticator.repoURL | string | [repo](https://github.com/mintel/dex-k8s-authenticator.git) | Repo URL |
+| dexK8sAuthenticator.targetRevision | string | `"v1.4.*"` | [dex-k8s-authenticator Helm chart](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/) version |
+| dexK8sAuthenticator.values | object | [upstream values](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/values.yaml) | Helm values |
 | falco | object | - | [falco](https://github.com/falcosecurity/falco/) ([example](./examples/falco.yaml)) |
 | falco.chart | string | `"falco"` | Chart |
 | falco.destination.namespace | string | `"infra-falco"` | Namespace |
diff --git a/charts/security-apps/examples/dex-k8s-authenticator.yaml b/charts/security-apps/examples/dex-k8s-authenticator.yaml
new file mode 100644
index 000000000..a316cb051
--- /dev/null
+++ b/charts/security-apps/examples/dex-k8s-authenticator.yaml
@@ -0,0 +1,34 @@
+dexK8sAuthenticator:
+  enabled: true
+  project: infra-dex-k8s-authenticator
+  values:
+    global:
+      deployEnv: dev
+    dexK8sAuthenticator:
+      debug: false
+      web_path_prefix: /
+      #logoUrl: http://<path-to-your-logo.png>
+      #tlsCert: /path/to/dex-client.crt
+      #tlsKey: /path/to/dex-client.key
+      clusters:
+      - name: my-cluster
+        short_description: "My Cluster"
+        description: "Example Cluster Long Description..."
+        client_secret: "client_Secret"
+        issuer: https://dex.example.com
+        k8s_master_uri: https://my-cluster.example.com
+        client_id: my-cluster
+        redirect_uri: https://login.example.com/callback/my-cluster
+        k8s_ca_uri: https://url-to-your-ca.crt
+    ingress:
+      enabled: true
+      annotations: {}
+        cert-manager.io/cluster-issuer: letsencrypt-staging
+        kubernetes.io/ingress.class: nginx
+        kubernetes.io/tls-acme: "true"
+      hosts: ["my.example.com"]
+      # ingress.tls -- Ingress TLS options
+      tls:
+        - secretName: customer-center-tls
+          hosts:
+            - my.example.com
diff --git a/charts/security-apps/templates/dex-k8s-authenticator.yaml b/charts/security-apps/templates/dex-k8s-authenticator.yaml
new file mode 100644
index 000000000..3b1fa3bd6
--- /dev/null
+++ b/charts/security-apps/templates/dex-k8s-authenticator.yaml
@@ -0,0 +1,33 @@
+{{ if .Values.dexK8sAuthenticator.enabled }}
+{{ template "argoconfig.application" (list . "security-apps.dexK8sAuthenticator") }}
+{{ end }}
+
+{{- define "security-apps.dexK8sAuthenticator" -}}{{- $app := unset .Values.dexK8sAuthenticator "enabled" -}}{{- $name := default $app.destination.namespace $app.name -}}
+metadata:
+  name: {{ template "common.fullname" . }}-{{ $name }}
+spec:
+  {{- if $app.project }}
+  project: {{ $app.project | quote }}
+  {{- end }}
+  source:
+    repoURL: {{ $app.repoURL | quote }}
+    path: {{ $app.repoPath | quote }}
+    targetRevision: {{ $app.targetRevision | quote }}
+    helm:
+      releaseName: {{ $name | quote }}
+      values: |-
+        nameOverride: {{ $name | quote }}
+        {{- $app.values | toYaml | nindent 8 }}
+  {{- if $app.destination }}
+  destination:
+    {{ $app.destination | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.syncPolicy }}
+  syncPolicy:
+    {{ $app.syncPolicy | toYaml | nindent 4 }}
+  {{- end }}
+  {{- if $app.ignoreDifferences }}
+  ignoreDifferences:
+    {{ $app.ignoreDifferences | toYaml | nindent 4 }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/security-apps/values.yaml b/charts/security-apps/values.yaml
index 537eb424a..f33ed1546 100644
--- a/charts/security-apps/values.yaml
+++ b/charts/security-apps/values.yaml
@@ -18,6 +18,29 @@ dex:
   # @default -- [upstream values](https://github.com/dexidp/helm-charts/tree/master/charts/dex/values.yaml)
   values: {}
 
+# dexK8sAuthenticator -- [dex-k8s-authenticator](https://github.com/mintel/dex-k8s-authenticator) ([example](./examples/dex-k8s-authenticator.yaml))
+# @default -- -
+dexK8sAuthenticator:
+  # dexK8sAuthenticator.enabled -- Enable dex-k8s-authenticator
+  enabled: false
+  name: dex-k8s-authenticator
+  destination:
+    # dexK8sAuthenticator.destination.namespace -- Namespace
+    namespace: "infra-dex-k8s-authenticator"
+  # dexK8sAuthenticator.repoURL -- Repo URL
+  # @default -- [repo](https://github.com/mintel/dex-k8s-authenticator.git)
+  repoURL: "https://github.com/mintel/dex-k8s-authenticator.git"
+  # dexK8sAuthenticator.repoPath -- Repo Path
+  repoPath: "charts/dex-k8s-authenticator"
+  # dexK8sAuthenticator.chart -- Chart
+  chart: "dexK8sAuthenticator"
+  # dexK8sAuthenticator.targetRevision -- [dex-k8s-authenticator Helm chart](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/) version
+  targetRevision: "v1.4.*"
+  # dexK8sAuthenticator.values -- Helm values
+  # @default -- [upstream values](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/values.yaml)
+  values: {}
+
+# This repo is DEPRECATED, use dexK8sAuthenticator instead
 # gangway -- [gangway](https://github.com/heptiolabs/gangway/) ([example](./examples/gangway.yaml))
 # @default -- -
 gangway:

From 32f70d1484d205d427595e28092a5043e63f986a Mon Sep 17 00:00:00 2001
From: Iago Santos <isantospardo@users.noreply.github.com>
Date: Mon, 29 Nov 2021 15:35:51 +0100
Subject: [PATCH 2/3] Update charts/security-apps/values.yaml

Co-authored-by: Lucas Bickel <116588+hairmare@users.noreply.github.com>
---
 charts/security-apps/README.md   | 4 ++--
 charts/security-apps/values.yaml | 7 +++----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/charts/security-apps/README.md b/charts/security-apps/README.md
index d8216287d..7577d3082 100644
--- a/charts/security-apps/README.md
+++ b/charts/security-apps/README.md
@@ -36,7 +36,7 @@ This chart is maintained by [Adfinis](https://adfinis.com/?pk_campaign=github&pk
 | dexK8sAuthenticator.enabled | bool | `false` | Enable dex-k8s-authenticator |
 | dexK8sAuthenticator.repoPath | string | `"charts/dex-k8s-authenticator"` | Repo Path |
 | dexK8sAuthenticator.repoURL | string | [repo](https://github.com/mintel/dex-k8s-authenticator.git) | Repo URL |
-| dexK8sAuthenticator.targetRevision | string | `"v1.4.*"` | [dex-k8s-authenticator Helm chart](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/) version |
+| dexK8sAuthenticator.targetRevision | string | `"v1.4.0"` | [dex-k8s-authenticator Helm chart](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/) version |
 | dexK8sAuthenticator.values | object | [upstream values](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/values.yaml) | Helm values |
 | falco | object | - | [falco](https://github.com/falcosecurity/falco/) ([example](./examples/falco.yaml)) |
 | falco.chart | string | `"falco"` | Chart |
@@ -52,7 +52,7 @@ This chart is maintained by [Adfinis](https://adfinis.com/?pk_campaign=github&pk
 | falcoExporter.repoURL | string | [repo](https://falcosecurity.github.io/charts) | Repo URL |
 | falcoExporter.targetRevision | string | `"0.5.*"` | [falco Helm chart](https://github.com/falcosecurity/charts/tree/master/falco-exporter) version |
 | falcoExporter.values | object | [upstream values](https://github.com/falcosecurity/charts/blob/master/falco-exporter/values.yaml) | Helm values |
-| gangway | object | - | [gangway](https://github.com/heptiolabs/gangway/) ([example](./examples/gangway.yaml)) |
+| gangway | object | DEPRECATED | [gangway](https://github.com/heptiolabs/gangway/) is DEPRECATED, use dexK8sAuthenticator instead |
 | gangway.chart | string | `"gangway"` | Chart |
 | gangway.destination.namespace | string | `"infra-gangway"` | Namespace |
 | gangway.enabled | bool | `false` | Enable gangway |
diff --git a/charts/security-apps/values.yaml b/charts/security-apps/values.yaml
index f33ed1546..964b80a52 100644
--- a/charts/security-apps/values.yaml
+++ b/charts/security-apps/values.yaml
@@ -35,14 +35,13 @@ dexK8sAuthenticator:
   # dexK8sAuthenticator.chart -- Chart
   chart: "dexK8sAuthenticator"
   # dexK8sAuthenticator.targetRevision -- [dex-k8s-authenticator Helm chart](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/) version
-  targetRevision: "v1.4.*"
+  targetRevision: "v1.4.0"
   # dexK8sAuthenticator.values -- Helm values
   # @default -- [upstream values](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/values.yaml)
   values: {}
 
-# This repo is DEPRECATED, use dexK8sAuthenticator instead
-# gangway -- [gangway](https://github.com/heptiolabs/gangway/) ([example](./examples/gangway.yaml))
-# @default -- -
+# gangway -- [gangway](https://github.com/heptiolabs/gangway/) is DEPRECATED, use dexK8sAuthenticator instead
+# @default -- DEPRECATED
 gangway:
   # gangway.enabled -- Enable gangway
   enabled: false

From 2c08bc6f4a22fe21a0cc096b75a2e1525aa68370 Mon Sep 17 00:00:00 2001
From: Iago Santos <iago.santos.pardo@adfinis.com>
Date: Wed, 1 Dec 2021 10:22:48 +0100
Subject: [PATCH 3/3] Update doc

---
 charts/security-apps/values.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/charts/security-apps/values.yaml b/charts/security-apps/values.yaml
index 964b80a52..533a4af8c 100644
--- a/charts/security-apps/values.yaml
+++ b/charts/security-apps/values.yaml
@@ -27,6 +27,9 @@ dexK8sAuthenticator:
   destination:
     # dexK8sAuthenticator.destination.namespace -- Namespace
     namespace: "infra-dex-k8s-authenticator"
+  # As of December 2021, there is no upstream helm repo where we could pull
+  # for this we need to reference directly the GitHub url
+  # FFI: https://github.com/mintel/dex-k8s-authenticator/issues/185
   # dexK8sAuthenticator.repoURL -- Repo URL
   # @default -- [repo](https://github.com/mintel/dex-k8s-authenticator.git)
   repoURL: "https://github.com/mintel/dex-k8s-authenticator.git"
@@ -34,6 +37,9 @@ dexK8sAuthenticator:
   repoPath: "charts/dex-k8s-authenticator"
   # dexK8sAuthenticator.chart -- Chart
   chart: "dexK8sAuthenticator"
+  # As of December 2021, there is no upstream helm repo where we could pull
+  # for this we need to reference directly the GitHub version tag
+  # FFI: https://github.com/mintel/dex-k8s-authenticator/issues/185
   # dexK8sAuthenticator.targetRevision -- [dex-k8s-authenticator Helm chart](https://github.com/mintel/dex-k8s-authenticator/tree/master/charts/dex-k8s-authenticator/) version
   targetRevision: "v1.4.0"
   # dexK8sAuthenticator.values -- Helm values