From 07a4797c3dfef54aa833b65e17b86671fb1952a7 Mon Sep 17 00:00:00 2001 From: Jorge Tudela Date: Tue, 23 Jun 2020 16:36:41 +0200 Subject: [PATCH 01/23] Helm chart for upstream Keycloak Operator and instance. Adding new lines Fix typo in maintaner name... --- charts/keycloak-operator/Chart.yaml | 8 + charts/keycloak-operator/README.md | 42 ++ .../templates/KeycloakInstance.yaml | 21 + .../templates/cluster_role.yaml | 138 ++++++ .../templates/cluster_role_binding.yaml | 19 + .../deployment_keycloak_operator.yaml | 41 ++ .../keycloakbackups.keycloak.org.crd.yaml | 152 ++++++ .../keycloakclients.keycloak.org.crd.yaml | 256 ++++++++++ .../keycloakrealms.keycloak.org.crd.yaml | 438 ++++++++++++++++++ .../templates/keycloaks.keycloak.org.crd.yaml | 137 ++++++ .../keycloakusers.keycloak.org.crd.yaml | 186 ++++++++ .../templates/olm_not_used/OperatorGroup.yaml | 16 + .../templates/olm_not_used/Subscription.yaml | 17 + charts/keycloak-operator/templates/role.yaml | 139 ++++++ .../templates/role_binding.yaml | 19 + .../templates/service_account.yaml | 12 + charts/keycloak-operator/values.yaml | 12 + 17 files changed, 1653 insertions(+) create mode 100644 charts/keycloak-operator/Chart.yaml create mode 100644 charts/keycloak-operator/README.md create mode 100644 charts/keycloak-operator/templates/KeycloakInstance.yaml create mode 100644 charts/keycloak-operator/templates/cluster_role.yaml create mode 100644 charts/keycloak-operator/templates/cluster_role_binding.yaml create mode 100644 charts/keycloak-operator/templates/deployment_keycloak_operator.yaml create mode 100644 charts/keycloak-operator/templates/keycloakbackups.keycloak.org.crd.yaml create mode 100644 charts/keycloak-operator/templates/keycloakclients.keycloak.org.crd.yaml create mode 100644 charts/keycloak-operator/templates/keycloakrealms.keycloak.org.crd.yaml create mode 100644 charts/keycloak-operator/templates/keycloaks.keycloak.org.crd.yaml create mode 100644 charts/keycloak-operator/templates/keycloakusers.keycloak.org.crd.yaml create mode 100644 charts/keycloak-operator/templates/olm_not_used/OperatorGroup.yaml create mode 100644 charts/keycloak-operator/templates/olm_not_used/Subscription.yaml create mode 100644 charts/keycloak-operator/templates/role.yaml create mode 100644 charts/keycloak-operator/templates/role_binding.yaml create mode 100644 charts/keycloak-operator/templates/service_account.yaml create mode 100644 charts/keycloak-operator/values.yaml diff --git a/charts/keycloak-operator/Chart.yaml b/charts/keycloak-operator/Chart.yaml new file mode 100644 index 00000000..0d8d385f --- /dev/null +++ b/charts/keycloak-operator/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +appVersion: v10.0.0 +description: A Helm chart for customising the deployment of the Keycloak Operator and a Keycloak instance ⚓️ +name: keycloak-operator +version: 0.0.1 +home: https://github.com/rht-labs/helm-charts +maintainers: +- name: jtudelag diff --git a/charts/keycloak-operator/README.md b/charts/keycloak-operator/README.md new file mode 100644 index 00000000..e972be76 --- /dev/null +++ b/charts/keycloak-operator/README.md @@ -0,0 +1,42 @@ +# ⚓️ Upstream Keycloak Operator Helm Deploy + +Keycloak Operator Helm Chart customises and deploys the [Operator](https://github.com/keycloak/keycloak-operator) written by Keycloak Community and [Keycloak](hhttps://www.keycloak.org/) instance (optionally). + +This chart deploys the Keycloak Operator using a Deployment, instead of using the OLM (Subscription and Operator Group). + +So, two things are installed with this chart: +* Keycloak Operator +* (Optional) A one replica [keycloak instance](templates/KeycloakInstance.yaml) managed by the operator. No other Keycloak resources such as realms or users are deployed. + +One thing to note, the default credentials to access the Keycloak instance admin console are managed by the operator and stored in a secret in the same Namespace: +```bash +oc get secrets -l app=keycloak | grep credential +``` + +## Installing the chart + +To install the chart: + +```bash +$ helm template -f keycloak-operator/values.yaml keycloak-operator | oc apply -f- +``` + +The above command creates objects with default naming convention and configuration. +The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Configuration +The following table lists the configurable parameters of the Keykloak Operator chart and their default values. +A simple instance of Keycloak is deployed among the Operator. You can check it [here](templates/KeycloakInstance.yaml). + +For more keycloak instance examples you can check the [keycloak-operator repo examples](https://github.com/keycloak/keycloak-operator/tree/10.0.0/deploy/examples/keycloak). + +You can check also the [examples in the repo](https://github.com/keycloak/keycloak-operator/tree/10.0.0/deploy/examples) for other CRs managed by the Operator, such as `keycloak realms`, `keycloak users` or `keycloak clients` + + +| Parameter | Description | Default | +| ------------------------------------------------ | -------------------------------------------------------------| ------------------------------------- | +| `enabled` | Chart is enbaled or not. | `true` | +| `name` | Chart name. | `uj-keycloak` | +| `namespace` | Namespace to depoly the Operator and the Keycloak instance. | `labs-ci-cd` | +| `version` | Keycloak Operator version. Matches Quay.io image version. | `10.0.0` | +| `keycloak_instance` | Deploy a keycloak instance. | `true` | \ No newline at end of file diff --git a/charts/keycloak-operator/templates/KeycloakInstance.yaml b/charts/keycloak-operator/templates/KeycloakInstance.yaml new file mode 100644 index 00000000..c0b5a2fc --- /dev/null +++ b/charts/keycloak-operator/templates/KeycloakInstance.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.enabled .Values.keycloak_instance }} +--- +apiVersion: keycloak.org/v1alpha1 +kind: Keycloak +metadata: + name: {{ .Values.name }} + namespace: {{ .Values.namespace }} + labels: + app: {{ .Values.name }} + app.kubernetes.io/component: keycloak + app.kubernetes.io/name: {{ .Values.namespace }}-keycloak + app.kubernetes.io/part-of: {{ .Values.namespace }} +spec: + instances: 1 + extensions: + - https://github.com/aerogear/keycloak-metrics-spi/releases/download/1.0.4/keycloak-metrics-spi-1.0.4.jar + externalAccess: + enabled: True + podDisruptionBudget: + enabled: True +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/cluster_role.yaml b/charts/keycloak-operator/templates/cluster_role.yaml new file mode 100644 index 00000000..b3d2bb8d --- /dev/null +++ b/charts/keycloak-operator/templates/cluster_role.yaml @@ -0,0 +1,138 @@ +{{- if .Values.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: keycloak-operator + labels: + app.kubernetes.io/component: keycloak-operator + app.kubernetes.io/name: {{ .Values.namespace }}-keycloak-operator + app.kubernetes.io/part-of: {{ .Values.namespace }} +rules: + - apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - list + - get + - create + - patch + - update + - watch + - delete + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - list + - get + - create + - update + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - create + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - list + - get + - create + - update + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - list + - get + - create + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - podmonitors + - prometheusrules + verbs: + - list + - get + - create + - update + - watch + - apiGroups: + - integreatly.org + resources: + - grafanadashboards + verbs: + - get + - list + - create + - update + - watch + - apiGroups: + - apps + resourceNames: + - keycloak-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - create + - update + - watch + - apiGroups: + - keycloak.org + resources: + - keycloaks + - keycloaks/status + - keycloaks/finalizers + - keycloakrealms + - keycloakrealms/status + - keycloakrealms/finalizers + - keycloakclients + - keycloakclients/status + - keycloakclients/finalizers + - keycloakbackups + - keycloakbackups/status + - keycloakbackups/finalizers + - keycloakusers + - keycloakusers/status + - keycloakusers/finalizers + verbs: + - get + - list + - update + - watch +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/cluster_role_binding.yaml b/charts/keycloak-operator/templates/cluster_role_binding.yaml new file mode 100644 index 00000000..08e693c0 --- /dev/null +++ b/charts/keycloak-operator/templates/cluster_role_binding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: keycloak-operator + labels: + app.kubernetes.io/component: keycloak-operator + app.kubernetes.io/name: {{ .Values.namespace }}-keycloak-operator + app.kubernetes.io/part-of: {{ .Values.namespace }} +roleRef: + name: keycloak-operator + kind: ClusterRole + apiGroup: "" +subjects: + - kind: ServiceAccount + name: keycloak-operator + namespace: {{ .Values.namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/deployment_keycloak_operator.yaml b/charts/keycloak-operator/templates/deployment_keycloak_operator.yaml new file mode 100644 index 00000000..0c39b202 --- /dev/null +++ b/charts/keycloak-operator/templates/deployment_keycloak_operator.yaml @@ -0,0 +1,41 @@ +{{- if .Values.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak-operator + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/component: keycloak-operator + app.kubernetes.io/name: {{ .Values.namespace }}-keycloak-operator + app.kubernetes.io/part-of: {{ .Values.namespace }} +spec: + replicas: 1 + selector: + matchLabels: + name: keycloak-operator + template: + metadata: + labels: + name: keycloak-operator + spec: + serviceAccountName: keycloak-operator + containers: + - name: keycloak-operator + # Replace this with the built image name + image: quay.io/keycloak/keycloak-operator:{{ .Values.version }} + command: + - keycloak-operator + imagePullPolicy: Always + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "keycloak-operator" +{{- end }} diff --git a/charts/keycloak-operator/templates/keycloakbackups.keycloak.org.crd.yaml b/charts/keycloak-operator/templates/keycloakbackups.keycloak.org.crd.yaml new file mode 100644 index 00000000..a44cc254 --- /dev/null +++ b/charts/keycloak-operator/templates/keycloakbackups.keycloak.org.crd.yaml @@ -0,0 +1,152 @@ +{{- if .Values.enabled }} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: keycloakbackups.keycloak.org +spec: + group: keycloak.org + names: + kind: KeycloakBackup + listKind: KeycloakBackupList + plural: keycloakbackups + singular: keycloakbackup + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KeycloakBackup is the Schema for the keycloakbackups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakBackupSpec defines the desired state of KeycloakBackup + properties: + aws: + description: If provided, an automatic database backup will be created + on AWS S3 instead of a local Persistent Volume. If this property is + not provided - a local Persistent Volume backup will be chosen. + properties: + credentialsSecretName: + description: "Provides a secret name used for connecting to AWS + S3 Service. The secret needs to be in the following form: \n apiVersion: + v1 kind: Secret metadata: name: type: + Opaque stringData: AWS_S3_BUCKET_NAME: + \ AWS_ACCESS_KEY_ID: AWS_SECRET_ACCESS_KEY: + \n For more information, please refer to the + Operator documentation." + type: string + encryptionKeySecretName: + description: "If provided, the database backup will be encrypted. + Provides a secret name used for encrypting database data. The + secret needs to be in the following form: \n apiVersion: v1 + \ kind: Secret metadata: name: type: + Opaque stringData: GPG_PUBLIC_KEY: + \ GPG_TRUST_MODEL: GPG_RECIPIENT: + \n For more information, please refer to the Operator + documentation." + type: string + schedule: + description: If specified, it will be used as a schedule for creating + a CronJob + type: string + type: object + instanceSelector: + description: Selector for looking up Keycloak Custom Resources. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + restore: + description: "Controls automatic restore behavior. Currently not implemented. + \n In the future this will be used to trigger automatic restore for + a given KeycloakBackup. Each backup will correspond to a single snapshot + of the database (stored either in a Persistent Volume or AWS). If + a user wants to restore it, all he/she needs to do is to change this + flag to true. Potentially, it will be possible to restore a single + backup multiple times." + type: boolean + type: object + status: + description: KeycloakBackupStatus defines the observed state of KeycloakBackup + properties: + message: + description: Human-readable message indicating details about current + operator phase or error. + type: string + phase: + description: Current phase of the operator. + type: string + ready: + description: True if all resources are in a ready state and all work + is done. + type: boolean + secondaryResources: + additionalProperties: + items: + type: string + type: array + description: 'A map of all the secondary resources types and names created + for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2" + ]' + type: object + required: + - message + - phase + - ready + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/keycloakclients.keycloak.org.crd.yaml b/charts/keycloak-operator/templates/keycloakclients.keycloak.org.crd.yaml new file mode 100644 index 00000000..188e0779 --- /dev/null +++ b/charts/keycloak-operator/templates/keycloakclients.keycloak.org.crd.yaml @@ -0,0 +1,256 @@ +{{- if .Values.enabled }} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: keycloakclients.keycloak.org +spec: + group: keycloak.org + names: + kind: KeycloakClient + listKind: KeycloakClientList + plural: keycloakclients + singular: keycloakclient + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KeycloakClient is the Schema for the keycloakclients API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakClientSpec defines the desired state of KeycloakClient + properties: + client: + description: Keycloak Client REST object. + properties: + access: + additionalProperties: + type: boolean + description: Access options. + type: object + adminUrl: + description: Application Admin URL. + type: string + attributes: + additionalProperties: + type: string + description: Client Attributes. + type: object + baseUrl: + description: Application base URL. + type: string + bearerOnly: + description: True if a client supports only Bearer Tokens. + type: boolean + clientAuthenticatorType: + description: What Client authentication type to use. + type: string + clientId: + description: Client ID. + type: string + consentRequired: + description: True if Consent Screen is required. + type: boolean + defaultRoles: + description: Default Client roles. + items: + type: string + type: array + description: + description: Client description. + type: string + directAccessGrantsEnabled: + description: True if Direct Grant is enabled. + type: boolean + enabled: + description: Client enabled flag. + type: boolean + frontchannelLogout: + description: True if this client supports Front Channel logout. + type: boolean + fullScopeAllowed: + description: True if Full Scope is allowed. + type: boolean + id: + description: Client ID. If not specified, automatically generated. + type: string + implicitFlowEnabled: + description: True if Implicit flow is enabled. + type: boolean + name: + description: Client name. + type: string + nodeReRegistrationTimeout: + description: Node registration timeout. + type: integer + notBefore: + description: Not Before setting. + type: integer + protocol: + description: Protocol used for this Client. + type: string + protocolMappers: + description: Protocol Mappers. + items: + properties: + config: + additionalProperties: + type: string + description: Config options. + type: object + consentRequired: + description: True if Consent Screen is required. + type: boolean + consentText: + description: Text to use for displaying Consent Screen. + type: string + id: + description: Protocol Mapper ID. + type: string + name: + description: Protocol Mapper Name. + type: string + protocol: + description: Protocol to use. + type: string + protocolMapper: + description: Protocol Mapper to use + type: string + type: object + type: array + publicClient: + description: True if this is a public Client. + type: boolean + redirectUris: + description: A list of valid Redirection URLs. + items: + type: string + type: array + rootUrl: + description: Application root URL. + type: string + secret: + description: Client Secret. The Operator will automatically create + a Secret based on this value. + type: string + serviceAccountsEnabled: + description: True if Service Accounts are enabled. + type: boolean + standardFlowEnabled: + description: True if Standard flow is enabled. + type: boolean + surrogateAuthRequired: + description: Surrogate Authentication Required option. + type: boolean + useTemplateConfig: + description: True to use a Template Config. + type: boolean + useTemplateMappers: + description: True to use Template Mappers. + type: boolean + useTemplateScope: + description: True to use Template Scope. + type: boolean + webOrigins: + description: A list of valid Web Origins. + items: + type: string + type: array + required: + - clientId + type: object + realmSelector: + description: Selector for looking up KeycloakRealm Custom Resources. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + required: + - client + - realmSelector + type: object + status: + description: KeycloakClientStatus defines the observed state of KeycloakClient + properties: + message: + description: Human-readable message indicating details about current + operator phase or error. + type: string + phase: + description: Current phase of the operator. + type: string + ready: + description: True if all resources are in a ready state and all work + is done. + type: boolean + secondaryResources: + additionalProperties: + items: + type: string + type: array + description: 'A map of all the secondary resources types and names created + for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2" + ]' + type: object + required: + - message + - phase + - ready + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/keycloakrealms.keycloak.org.crd.yaml b/charts/keycloak-operator/templates/keycloakrealms.keycloak.org.crd.yaml new file mode 100644 index 00000000..b80215eb --- /dev/null +++ b/charts/keycloak-operator/templates/keycloakrealms.keycloak.org.crd.yaml @@ -0,0 +1,438 @@ +{{- if .Values.enabled }} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: keycloakrealms.keycloak.org +spec: + group: keycloak.org + names: + kind: KeycloakRealm + listKind: KeycloakRealmList + plural: keycloakrealms + singular: keycloakrealm + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KeycloakRealm is the Schema for the keycloakrealms API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakRealmSpec defines the desired state of KeycloakRealm + properties: + instanceSelector: + description: Selector for looking up Keycloak Custom Resources. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + realm: + description: Keycloak Realm REST object. + properties: + adminEventsDetailsEnabled: + description: 'Enable admin events details TODO: change to values + and use kubebuilder default annotation once supported' + type: boolean + adminEventsEnabled: + description: 'Enable events recording TODO: change to values and + use kubebuilder default annotation once supported' + type: boolean + clients: + description: A set of Keycloak Clients. + items: + properties: + access: + additionalProperties: + type: boolean + description: Access options. + type: object + adminUrl: + description: Application Admin URL. + type: string + attributes: + additionalProperties: + type: string + description: Client Attributes. + type: object + baseUrl: + description: Application base URL. + type: string + bearerOnly: + description: True if a client supports only Bearer Tokens. + type: boolean + clientAuthenticatorType: + description: What Client authentication type to use. + type: string + clientId: + description: Client ID. + type: string + consentRequired: + description: True if Consent Screen is required. + type: boolean + defaultRoles: + description: Default Client roles. + items: + type: string + type: array + description: + description: Client description. + type: string + directAccessGrantsEnabled: + description: True if Direct Grant is enabled. + type: boolean + enabled: + description: Client enabled flag. + type: boolean + frontchannelLogout: + description: True if this client supports Front Channel logout. + type: boolean + fullScopeAllowed: + description: True if Full Scope is allowed. + type: boolean + id: + description: Client ID. If not specified, automatically generated. + type: string + implicitFlowEnabled: + description: True if Implicit flow is enabled. + type: boolean + name: + description: Client name. + type: string + nodeReRegistrationTimeout: + description: Node registration timeout. + type: integer + notBefore: + description: Not Before setting. + type: integer + protocol: + description: Protocol used for this Client. + type: string + protocolMappers: + description: Protocol Mappers. + items: + properties: + config: + additionalProperties: + type: string + description: Config options. + type: object + consentRequired: + description: True if Consent Screen is required. + type: boolean + consentText: + description: Text to use for displaying Consent Screen. + type: string + id: + description: Protocol Mapper ID. + type: string + name: + description: Protocol Mapper Name. + type: string + protocol: + description: Protocol to use. + type: string + protocolMapper: + description: Protocol Mapper to use + type: string + type: object + type: array + publicClient: + description: True if this is a public Client. + type: boolean + redirectUris: + description: A list of valid Redirection URLs. + items: + type: string + type: array + rootUrl: + description: Application root URL. + type: string + secret: + description: Client Secret. The Operator will automatically + create a Secret based on this value. + type: string + serviceAccountsEnabled: + description: True if Service Accounts are enabled. + type: boolean + standardFlowEnabled: + description: True if Standard flow is enabled. + type: boolean + surrogateAuthRequired: + description: Surrogate Authentication Required option. + type: boolean + useTemplateConfig: + description: True to use a Template Config. + type: boolean + useTemplateMappers: + description: True to use Template Mappers. + type: boolean + useTemplateScope: + description: True to use Template Scope. + type: boolean + webOrigins: + description: A list of valid Web Origins. + items: + type: string + type: array + required: + - clientId + type: object + type: array + displayName: + description: Realm display name. + type: string + enabled: + description: Realm enabled flag. + type: boolean + eventsEnabled: + description: 'Enable events recording TODO: change to values and + use kubebuilder default annotation once supported' + type: boolean + eventsListeners: + description: A set of Event Listeners. + items: + type: string + type: array + id: + type: string + identityProviders: + description: A set of Identity Providers. + items: + properties: + addReadTokenRoleOnCreate: + description: Adds Read Token role when creating this Identity + Provider. + type: boolean + alias: + description: Identity Provider Alias. + type: string + config: + additionalProperties: + type: string + description: Identity Provider config. + type: object + displayName: + description: Identity Provider Display Name. + type: string + enabled: + description: Identity Provider enabled flag. + type: boolean + firstBrokerLoginFlowAlias: + description: Identity Provider First Broker Login Flow Alias. + type: string + internalId: + description: Identity Provider Internal ID. + type: string + linkOnly: + description: Identity Provider Link Only setting. + type: boolean + postBrokerLoginFlowAlias: + description: Identity Provider Post Broker Login Flow Alias. + type: string + providerId: + description: Identity Provider ID. + type: string + storeToken: + description: Identity Provider Store to Token. + type: boolean + trustEmail: + description: Identity Provider Trust Email. + type: boolean + type: object + type: array + realm: + description: Realm name. + type: string + users: + description: A set of Keycloak Users. + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + description: A set of Attributes. + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + description: A set of Client Roles. + type: object + credentials: + description: A set of Credentials. + items: + properties: + temporary: + description: True if this credential object is temporary. + type: boolean + type: + description: Credential Type. + type: string + value: + description: Credential Value. + type: string + type: object + type: array + email: + description: Email. + type: string + emailVerified: + description: True if email has already been verified. + type: boolean + enabled: + description: User enabled flag. + type: boolean + federatedIdentities: + description: A set of Federated Identities. + items: + properties: + identityProvider: + description: Federated Identity Provider. + type: string + userId: + description: Federated Identity User ID. + type: string + userName: + description: Federated Identity User Name. + type: string + type: object + type: array + firstName: + description: First Name. + type: string + groups: + description: A set of Groups. + items: + type: string + type: array + id: + description: User ID. + type: string + lastName: + description: Last Name. + type: string + realmRoles: + description: A set of Realm Roles. + items: + type: string + type: array + requiredActions: + description: A set of Required Actions. + items: + type: string + type: array + username: + description: User Name. + type: string + type: object + type: array + required: + - realm + type: object + realmOverrides: + description: A list of overrides to the default Realm behavior. + items: + properties: + forFlow: + description: Flow to be overridden. + type: string + identityProvider: + description: Identity Provider to be overridden. + type: string + type: object + type: array + required: + - realm + type: object + status: + description: KeycloakRealmStatus defines the observed state of KeycloakRealm + properties: + loginURL: + description: TODO + type: string + message: + description: Human-readable message indicating details about current + operator phase or error. + type: string + phase: + description: Current phase of the operator. + type: string + ready: + description: True if all resources are in a ready state and all work + is done. + type: boolean + secondaryResources: + additionalProperties: + items: + type: string + type: array + description: 'A map of all the secondary resources types and names created + for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2" + ]' + type: object + required: + - loginURL + - message + - phase + - ready + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/keycloaks.keycloak.org.crd.yaml b/charts/keycloak-operator/templates/keycloaks.keycloak.org.crd.yaml new file mode 100644 index 00000000..76c27ff0 --- /dev/null +++ b/charts/keycloak-operator/templates/keycloaks.keycloak.org.crd.yaml @@ -0,0 +1,137 @@ +{{- if .Values.enabled }} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: keycloaks.keycloak.org +spec: + group: keycloak.org + names: + kind: Keycloak + listKind: KeycloakList + plural: keycloaks + singular: keycloak + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Keycloak is the Schema for the keycloaks API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakSpec defines the desired state of Keycloak + properties: + extensions: + description: A list of extensions, where each one is a URL to a JAR + files that will be deployed in Keycloak. + items: + type: string + type: array + externalAccess: + description: Controls external Ingress/Route settings. + properties: + enabled: + description: If set to true, the Operator will create an Ingress + or a Route pointing to Keycloak. + type: boolean + type: object + externalDatabase: + description: "Controls external database settings. Using an external + database requires providing a secret containing credentials as well + as connection details. Here's an example of such secret: \n apiVersion: + v1 kind: Secret metadata: name: keycloak-db-secret + \ namespace: keycloak stringData: POSTGRES_DATABASE: + POSTGRES_EXTERNAL_ADDRESS: POSTGRES_EXTERNAL_PORT: # Strongly recommended to use <'Keycloak CR + Name'-postgresql> POSTGRES_HOST: POSTGRES_PASSWORD: + # Required for AWS Backup functionality + \ POSTGRES_SUPERUSER: true POSTGRES_USERNAME: type: Opaque \n Both POSTGRES_EXTERNAL_ADDRESS and + POSTGRES_EXTERNAL_PORT are specifically required for creating connection + to the external database. The secret name is created using the following + convention: -db-secret \n For more information, + please refer to the Operator documentation." + properties: + enabled: + description: If set to true, the Operator will use an external database. + pointing to Keycloak. + type: boolean + type: object + instances: + description: Number of Keycloak instances in HA mode. Default is 1. + type: integer + podDisruptionBudget: + description: Specify PodDisruptionBudget configuration + properties: + enabled: + description: If set to true, the operator will create a PodDistruptionBudget + for the Keycloak deployment and set its `maxUnavailable` value + to 1 + type: boolean + type: object + profile: + description: Profile used for controlling Operator behavior. Default + is empty. + type: string + type: object + status: + description: KeycloakStatus defines the observed state of Keycloak + properties: + credentialSecret: + description: The secret where the admin credentials are to be found + type: string + internalURL: + description: Service IP and Port for in-cluster access to the keycloak + instance + type: string + message: + description: Human-readable message indicating details about current + operator phase or error. + type: string + phase: + description: Current phase of the operator. + type: string + ready: + description: True if all resources are in a ready state and all work + is done. + type: boolean + secondaryResources: + additionalProperties: + items: + type: string + type: array + description: 'A map of all the secondary resources types and names created + for this CR. e.g "Deployment": [ "DeploymentName1", "DeploymentName2" + ]' + type: object + version: + description: Version of Keycloak or RHSSO running on the cluster + type: string + required: + - credentialSecret + - internalURL + - message + - phase + - ready + - version + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/keycloakusers.keycloak.org.crd.yaml b/charts/keycloak-operator/templates/keycloakusers.keycloak.org.crd.yaml new file mode 100644 index 00000000..5b7b0f71 --- /dev/null +++ b/charts/keycloak-operator/templates/keycloakusers.keycloak.org.crd.yaml @@ -0,0 +1,186 @@ +{{- if .Values.enabled }} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: keycloakusers.keycloak.org +spec: + group: keycloak.org + names: + kind: KeycloakUser + listKind: KeycloakUserList + plural: keycloakusers + singular: keycloakuser + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KeycloakUser is the Schema for the keycloakusers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KeycloakUserSpec defines the desired state of KeycloakUser + properties: + realmSelector: + description: Selector for looking up KeycloakRealm Custom Resources. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + user: + description: Keycloak User REST object. + properties: + attributes: + additionalProperties: + items: + type: string + type: array + description: A set of Attributes. + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + description: A set of Client Roles. + type: object + credentials: + description: A set of Credentials. + items: + properties: + temporary: + description: True if this credential object is temporary. + type: boolean + type: + description: Credential Type. + type: string + value: + description: Credential Value. + type: string + type: object + type: array + email: + description: Email. + type: string + emailVerified: + description: True if email has already been verified. + type: boolean + enabled: + description: User enabled flag. + type: boolean + federatedIdentities: + description: A set of Federated Identities. + items: + properties: + identityProvider: + description: Federated Identity Provider. + type: string + userId: + description: Federated Identity User ID. + type: string + userName: + description: Federated Identity User Name. + type: string + type: object + type: array + firstName: + description: First Name. + type: string + groups: + description: A set of Groups. + items: + type: string + type: array + id: + description: User ID. + type: string + lastName: + description: Last Name. + type: string + realmRoles: + description: A set of Realm Roles. + items: + type: string + type: array + requiredActions: + description: A set of Required Actions. + items: + type: string + type: array + username: + description: User Name. + type: string + type: object + required: + - user + type: object + status: + description: KeycloakUserStatus defines the observed state of KeycloakUser + properties: + message: + description: Human-readable message indicating details about current + operator phase or error. + type: string + phase: + description: Current phase of the operator. + type: string + required: + - message + - phase + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/olm_not_used/OperatorGroup.yaml b/charts/keycloak-operator/templates/olm_not_used/OperatorGroup.yaml new file mode 100644 index 00000000..959adb4e --- /dev/null +++ b/charts/keycloak-operator/templates/olm_not_used/OperatorGroup.yaml @@ -0,0 +1,16 @@ +{{- if .Values.enabled }} +{{- if .Values.operator }} +{{- if .Values.operator.operatorgroup }} +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: {{ .Values.namespace }} + generateName: {{ .Values.namespace }}- + namespace: {{ .Values.namespace }} +spec: + targetNamespaces: + - {{ .Values.namespace }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/keycloak-operator/templates/olm_not_used/Subscription.yaml b/charts/keycloak-operator/templates/olm_not_used/Subscription.yaml new file mode 100644 index 00000000..2cd80554 --- /dev/null +++ b/charts/keycloak-operator/templates/olm_not_used/Subscription.yaml @@ -0,0 +1,17 @@ +{{- if .Values.enabled }} +{{- if .Values.operator }} +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: {{ .Values.operator.name }} + namespace: {{ .Values.namespace }} +spec: + channel: {{ .Values.operator.channel }} + installPlanApproval: Automatic + name: {{ .Values.operator.name }} + source: redhat-operators + sourceNamespace: openshift-marketplace + startingCSV: {{ .Values.operator.version | quote }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/role.yaml b/charts/keycloak-operator/templates/role.yaml new file mode 100644 index 00000000..e19d9175 --- /dev/null +++ b/charts/keycloak-operator/templates/role.yaml @@ -0,0 +1,139 @@ +{{- if .Values.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: keycloak-operator + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/component: keycloak-operator + app.kubernetes.io/name: {{ .Values.namespace }}-keycloak-operator + app.kubernetes.io/part-of: {{ .Values.namespace }} +rules: +- apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - list + - get + - create + - patch + - update + - watch + - delete +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - list + - get + - create + - update + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - create + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - list + - get + - create + - update + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - list + - get + - create + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + - podmonitors + verbs: + - list + - get + - create + - update + - watch +- apiGroups: + - integreatly.org + resources: + - grafanadashboards + verbs: + - get + - list + - create + - update + - watch +- apiGroups: + - apps + resourceNames: + - keycloak-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - create + - update + - watch +- apiGroups: + - keycloak.org + resources: + - keycloaks + - keycloaks/status + - keycloaks/finalizers + - keycloakrealms + - keycloakrealms/status + - keycloakrealms/finalizers + - keycloakclients + - keycloakclients/status + - keycloakclients/finalizers + - keycloakbackups + - keycloakbackups/status + - keycloakbackups/finalizers + - keycloakusers + - keycloakusers/status + - keycloakusers/finalizers + verbs: + - get + - list + - update + - watch +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/templates/role_binding.yaml b/charts/keycloak-operator/templates/role_binding.yaml new file mode 100644 index 00000000..0c598958 --- /dev/null +++ b/charts/keycloak-operator/templates/role_binding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.enabled }} +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: keycloak-operator + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/component: keycloak-operator + app.kubernetes.io/name: {{ .Values.namespace }}-keycloak-operator + app.kubernetes.io/part-of: {{ .Values.namespace }} +subjects: +- kind: ServiceAccount + name: keycloak-operator +roleRef: + kind: Role + name: keycloak-operator + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/keycloak-operator/templates/service_account.yaml b/charts/keycloak-operator/templates/service_account.yaml new file mode 100644 index 00000000..5c8c0117 --- /dev/null +++ b/charts/keycloak-operator/templates/service_account.yaml @@ -0,0 +1,12 @@ +{{- if .Values.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: keycloak-operator + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/component: keycloak-operator + app.kubernetes.io/name: {{ .Values.namespace }}-keycloak-operator + app.kubernetes.io/part-of: {{ .Values.namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/keycloak-operator/values.yaml b/charts/keycloak-operator/values.yaml new file mode 100644 index 00000000..c57b19bd --- /dev/null +++ b/charts/keycloak-operator/values.yaml @@ -0,0 +1,12 @@ +--- +# control used by Labs Ubiquitous Journey +enabled: true + +name: uj-keycloak +namespace: jtudelag-keycloak-chart + +# Operator container image version: https://quay.io/repository/keycloak/keycloak-operator?tag=latest&tab=tags +version: 10.0.0 + +# Deploy a keycloak instance +keycloak_instance: true From 0ce6d9fcc3dc9669d227e5f9ce3c15a415017e59 Mon Sep 17 00:00:00 2001 From: Jason Froehlich <38667521+jayfray12@users.noreply.github.com> Date: Wed, 29 Jul 2020 10:16:17 -0400 Subject: [PATCH 02/23] Update chart version Updated Chart version --- charts/jenkins/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/jenkins/Chart.yaml b/charts/jenkins/Chart.yaml index 9d7dcb3a..0709daf3 100644 --- a/charts/jenkins/Chart.yaml +++ b/charts/jenkins/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "v2.222.1" description: A Helm chart for deploying Jenkins on OpenShift with some additional build agents and plugins name: jenkins -version: 0.0.17 +version: 0.0.18 home: https://github.com/rht-labs/helm-charts maintainers: - name: springdo From e8a896ef7860f21d49a43e744417f442c141594d Mon Sep 17 00:00:00 2001 From: Jason Froehlich <38667521+jayfray12@users.noreply.github.com> Date: Wed, 29 Jul 2020 10:19:32 -0400 Subject: [PATCH 03/23] Fix for Issue #71 Change the resource.limits.memory to the correct value --- charts/jenkins/templates/deploymentconfig.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/jenkins/templates/deploymentconfig.yaml b/charts/jenkins/templates/deploymentconfig.yaml index 809e738d..02f8380b 100644 --- a/charts/jenkins/templates/deploymentconfig.yaml +++ b/charts/jenkins/templates/deploymentconfig.yaml @@ -65,7 +65,7 @@ spec: memory: {{ .Values.deployment.limits.memory_request | quote }} limits: cpu: {{ .Values.deployment.limits.cpu_limit | quote }} - memory: {{ .Values.deployment.limits.memory_request | quote }} + memory: {{ .Values.deployment.limits.memory_limit | quote }} securityContext: capabilities: {} privileged: false From dde98ff28f68fdb851bf148e43473469369e7138 Mon Sep 17 00:00:00 2001 From: Donal Spring Date: Tue, 4 Aug 2020 17:07:37 +0100 Subject: [PATCH 04/23] =?UTF-8?q?=F0=9F=99=88=20FIX=20-=20repository=20nam?= =?UTF-8?q?espace=20changes=20for=20CoP=20Org=20=F0=9F=99=8A=20(#74)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 4b000fec..30817108 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,20 @@ # ⚓️ Open Innovation Labs Helm Charts -![Release Charts](https://github.com/rht-labs/charts/workflows/Release%20Charts/badge.svg) +![Release Charts](https://github.com/redhat-cop/charts/workflows/Release%20Charts/badge.svg) A collection of Helm Charts to support [Labs Developer Experience](https://github.com/rht-labs/ubiquitous-journey) ## 🧰 Add this Helm Repo to your local 🧰 ``` -helm repo add rht-labs https://rht-labs.github.io/helm-charts +helm repo add redhat-cop https://redhat-cop.github.io/helm-charts ``` ## 🏃‍♀️💨 How do I run a chart? Login to your cluster and into your destination project. To install any given Chart using the default values just run: ```bash -helm install $NAME rht-labs/$CHART_NAME +helm install $NAME redhat-cop/$CHART_NAME eg: -helm install my-jenkins rht-labs/jenkins +helm install my-jenkins redhat-cop/jenkins ``` Where: * $NAME - is the name you want to give the installed Helm App @@ -24,9 +24,9 @@ Where: ## 🏃‍♂️💨Customisation to a chart prior to install For each chart, navigate to the root of it for the readme and default values. To over ride them, you could create your own `my-values.yaml` and make your changes there before installing ```bash -helm install $NAME -f my-values.yaml rht-labs/$CHART_NAME +helm install $NAME -f my-values.yaml redhat-cop/$CHART_NAME eg: -helm install my-jenkins -f my-values.yaml rht-labs/jenkins +helm install my-jenkins -f my-values.yaml redhat-cop/jenkins ``` ## 🏃‍♂️💨 Chart linting From d6469800490e4508545d0a712412ac40dee40416 Mon Sep 17 00:00:00 2001 From: Donal Spring Date: Tue, 4 Aug 2020 17:46:47 +0100 Subject: [PATCH 05/23] =?UTF-8?q?=F0=9F=90=AD=20FIX=20-=20New=20org=20name?= =?UTF-8?q?s=20etc=20=F0=9F=8F=B0=20(#76)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 🐭 FIX - New org names etc 🏰 * 🐭 FIX - bump to keep ct tool happy 🏰 --- charts/argocd-operator/Chart.yaml | 4 ++-- charts/bootstrap-project/Chart.yaml | 4 ++-- charts/dev-ex-dashboard/Chart.yaml | 10 +++++----- charts/etherpad/Chart.yaml | 4 ++-- charts/jenkins/Chart.yaml | 4 ++-- charts/operatorhub/Chart.yaml | 4 ++-- charts/owncloud/Chart.yaml | 4 ++-- charts/pact-broker/Chart.yaml | 4 ++-- charts/sonarqube/Chart.yaml | 4 ++-- charts/sonatype-nexus/Chart.yaml | 4 ++-- charts/static-site/Chart.yaml | 4 ++-- 11 files changed, 25 insertions(+), 25 deletions(-) diff --git a/charts/argocd-operator/Chart.yaml b/charts/argocd-operator/Chart.yaml index 5ec8a81c..fa75aaba 100644 --- a/charts/argocd-operator/Chart.yaml +++ b/charts/argocd-operator/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 appVersion: v1.6.1 description: A Helm chart for customising the deployment of the ArgoCD Operator ⚓️ name: argocd-operator -version: 0.0.14 -home: https://github.com/rht-labs/helm-charts +version: 0.0.15 +home: https://github.com/redhat-cop/helm-charts maintainers: - name: springdo - name: ckavili diff --git a/charts/bootstrap-project/Chart.yaml b/charts/bootstrap-project/Chart.yaml index 62899166..081d3146 100644 --- a/charts/bootstrap-project/Chart.yaml +++ b/charts/bootstrap-project/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v1 appVersion: "v0.0.1" description: A Helm chart for deploying and managing Openshift projects 🦆 name: bootstrap-project -version: 0.0.6 -home: https://github.com/rht-labs/charts +version: 0.0.7 +home: https://github.com/redhat-cop/helm-charts maintainers: - name: springdo - name: ckavili diff --git a/charts/dev-ex-dashboard/Chart.yaml b/charts/dev-ex-dashboard/Chart.yaml index a9d5cd02..377ab55e 100644 --- a/charts/dev-ex-dashboard/Chart.yaml +++ b/charts/dev-ex-dashboard/Chart.yaml @@ -3,12 +3,12 @@ name: dev-ex-dashboard description: A Helm chart to deploy the Developer Experience Dashboard type: application # HelmChart Version -version: 0.0.1 +version: 0.0.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. appVersion: v1.0 -home: https://github.com/rht-labs/helm-charts +home: https://github.com/redhat-cop/helm-charts maintainers: -- name: springdo -- name: ckavili -- name: eformat + - name: springdo + - name: ckavili + - name: eformat diff --git a/charts/etherpad/Chart.yaml b/charts/etherpad/Chart.yaml index 365e2d6d..a763b5db 100644 --- a/charts/etherpad/Chart.yaml +++ b/charts/etherpad/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: etherpad description: A Helm chart for etherpad lite type: application -version: 0.0.1 +version: 0.0.2 appVersion: latest -home: https://github.com/rht-labs/helm-charts +home: https://github.com/redhat-cop/helm-charts maintainers: - name: eformat diff --git a/charts/jenkins/Chart.yaml b/charts/jenkins/Chart.yaml index 0709daf3..7ab5e34a 100644 --- a/charts/jenkins/Chart.yaml +++ b/charts/jenkins/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 appVersion: "v2.222.1" description: A Helm chart for deploying Jenkins on OpenShift with some additional build agents and plugins name: jenkins -version: 0.0.18 -home: https://github.com/rht-labs/helm-charts +version: 0.0.19 +home: https://github.com/redhat-cop/helm-charts maintainers: - name: springdo - name: ckavili diff --git a/charts/operatorhub/Chart.yaml b/charts/operatorhub/Chart.yaml index f8f0c91a..774e3060 100644 --- a/charts/operatorhub/Chart.yaml +++ b/charts/operatorhub/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: operatorhub description: A Helm chart to create OperatorHub subscriptions type: application -version: 0.0.4 +version: 0.0.5 appVersion: 0.0.2 -home: https://github.com/rht-labs/helm-charts +home: https://github.com/redhat-cop/helm-charts maintainers: - name: tylerauerbeck - name: ckavili diff --git a/charts/owncloud/Chart.yaml b/charts/owncloud/Chart.yaml index 399b83b8..7e9b49c7 100644 --- a/charts/owncloud/Chart.yaml +++ b/charts/owncloud/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: owncloud description: A Helm chart for Owncloud type: application -version: 0.0.1 +version: 0.0.2 appVersion: latest -home: https://github.com/rht-labs/helm-charts +home: https://github.com/redhat-cop/helm-charts maintainers: - name: eformat diff --git a/charts/pact-broker/Chart.yaml b/charts/pact-broker/Chart.yaml index 6b3b97da..fe333690 100644 --- a/charts/pact-broker/Chart.yaml +++ b/charts/pact-broker/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 appVersion: "v0.0.1" description: A Helm chart for deploying Pact Broker on OpenShift 🔗 name: pact-broker -version: 0.0.2 -home: https://github.com/rht-labs/helm-charts +version: 0.0.3 +home: https://github.com/redhat-cop/helm-charts maintainers: - name: mvmaestri - name: gsampaio diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml index 17cd8086..0a9841c0 100644 --- a/charts/sonarqube/Chart.yaml +++ b/charts/sonarqube/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 name: sonarqube description: SonarQube is an open sourced code quality scanning tool -version: 0.0.5 +version: 0.0.6 appVersion: "8.2-community" -home: https://github.com/eformat/charts +home: https://github.com/redhat-cop/helm-charts keywords: - coverage - security diff --git a/charts/sonatype-nexus/Chart.yaml b/charts/sonatype-nexus/Chart.yaml index 78ecf654..a07d15a7 100644 --- a/charts/sonatype-nexus/Chart.yaml +++ b/charts/sonatype-nexus/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v1 appVersion: 3.23.0 description: Sonatype Nexus is an open source repository manager -home: https://github.com/rht-labs/helm-charts +home: https://github.com/redhat-cop/helm-charts name: sonatype-nexus sources: - https://github.com/sonatype/nexus-public -version: 0.0.3 +version: 0.0.4 maintainers: - name: eformat diff --git a/charts/static-site/Chart.yaml b/charts/static-site/Chart.yaml index 098599a3..6061b4bc 100644 --- a/charts/static-site/Chart.yaml +++ b/charts/static-site/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: static-site description: A Helm chart for deploying a static-site with auto-updating type: application -version: 0.0.3 +version: 0.0.4 appVersion: 1.17.9-alpine -home: https://github.com/rht-labs/helm-charts +home: https://github.com/redhat-cop/helm-charts maintainers: - name: jijiechen From 785c6fe657b7c81dbcb27d4643efc6b6c8abf78e Mon Sep 17 00:00:00 2001 From: Donal Spring Date: Tue, 4 Aug 2020 18:19:11 +0100 Subject: [PATCH 06/23] =?UTF-8?q?=F0=9F=90=AF=20FIX=20-=20broken=20readme?= =?UTF-8?q?=20link=20=F0=9F=90=AF=20(#77)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 30817108..fed884fd 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # ⚓️ Open Innovation Labs Helm Charts -![Release Charts](https://github.com/redhat-cop/charts/workflows/Release%20Charts/badge.svg) +![Release Charts](https://github.com/redhat-cop/helm-charts/workflows/Release%20Charts/badge.svg) A collection of Helm Charts to support [Labs Developer Experience](https://github.com/rht-labs/ubiquitous-journey) From bced70910d5cbfd2e9b91fb1668046b6328b1b3b Mon Sep 17 00:00:00 2001 From: mike hepburn Date: Wed, 5 Aug 2020 17:24:08 +1000 Subject: [PATCH 07/23] =?UTF-8?q?=F0=9F=90=BB=E2=80=8D=E2=9D=84=EF=B8=8Fbu?= =?UTF-8?q?mp=20prom=20operator=20version=20to=20latest=20=F0=9F=90=BB?= =?UTF-8?q?=E2=80=8D=E2=9D=84=EF=B8=8F=20(#80)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/argocd-operator/Chart.yaml | 2 +- charts/argocd-operator/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/argocd-operator/Chart.yaml b/charts/argocd-operator/Chart.yaml index fa75aaba..af13e41a 100644 --- a/charts/argocd-operator/Chart.yaml +++ b/charts/argocd-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.1 description: A Helm chart for customising the deployment of the ArgoCD Operator ⚓️ name: argocd-operator -version: 0.0.15 +version: 0.0.16 home: https://github.com/redhat-cop/helm-charts maintainers: - name: springdo diff --git a/charts/argocd-operator/values.yaml b/charts/argocd-operator/values.yaml index cbbae0ab..be2b38fa 100644 --- a/charts/argocd-operator/values.yaml +++ b/charts/argocd-operator/values.yaml @@ -22,7 +22,7 @@ operator: metrics: enabled: false prometheus: - version: prometheusoperator.0.32.0 + version: prometheusoperator.0.37.0 channel: beta name: prometheus-operator ha: From bc7d0d7288d82ec56bd3836d17409325d60c0d41 Mon Sep 17 00:00:00 2001 From: donal Date: Wed, 5 Aug 2020 08:51:05 +0100 Subject: [PATCH 08/23] =?UTF-8?q?=F0=9F=A7=AA=20ADD=20-=20Collection=20of?= =?UTF-8?q?=20charts=20used=20in=20UJ=20as=20docs=20for=20others=20to=20se?= =?UTF-8?q?e=20=F0=9F=8F=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 8 ++++-- charts-we-like.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 charts-we-like.md diff --git a/README.md b/README.md index fed884fd..32f0e074 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,12 @@ -# ⚓️ Open Innovation Labs Helm Charts +# ⚓️ Red Hat Communities of Practice Helm Charts ![Release Charts](https://github.com/redhat-cop/helm-charts/workflows/Release%20Charts/badge.svg) -A collection of Helm Charts to support [Labs Developer Experience](https://github.com/rht-labs/ubiquitous-journey) +A collection of Helm Charts to that are not available in any upstream location or customised to the point it does not make sense to support up stream chart development. + +For charts we know work on OpenShift but do not belong here, check out the list of Charts we've used for some ideas + +This libary is used to support [Open Innovation Labs Ubiquitous Journey Project](https://github.com/rht-labs/ubiquitous-journey) ## 🧰 Add this Helm Repo to your local 🧰 ``` diff --git a/charts-we-like.md b/charts-we-like.md new file mode 100644 index 00000000..4f2c6dc6 --- /dev/null +++ b/charts-we-like.md @@ -0,0 +1,67 @@ +## 🧰 OpenShift Ready Charts 🧰 +This collection of charts we've used in the past that runs on OpenShift. Here are some examples and the values used to run on OpenShift: + +#### 🗣 Mattermost +![Mattermost](https://github.com/mattermost/mattermost-helm/tree/master/charts/mattermost-team-edition) is an OpenSource Chat Application. Example Values file for OpenShift: + +```yaml +route: + enabled: true +mysql: + mysqlRootPassword: "mysqlpass" + mysqlUser: "mattermost" + mysqlPassword: "matterpass" +``` + +#### 🧪 Zalenium +![Zalenium](https://github.com/zalando/zalenium/tree/master/charts/zalenium) is a Selenium Grid deployment with on demand provisioning of the browsers for running your tests. + +```yaml +hub: + serviceType: ClusterIP + openshift: + deploymentConfig: + enabled: true + route: + enabled: true + persistence: + enabled: false + serviceAccount: + create: false + desiredContainers: 0 + podAnnotations: + app: zalenium +``` + +#### 🌮 Wekan +[Wekan](https://github.com/wekan/wekan/tree/master/helm/wekan) is an OpenSource Kanban tool. + +```yaml +service: + type: ClusterIP +autoscaling: + enabled: false +mongodb-replicaset: + replicas: 1 + securityContext: + runAsUser: "" + fsGroup: "" +ingress: + enabled: false +route: + enabled: true +``` + +#### 🦟 Hoverfly +![Hoverfly](https://github.com/helm/charts/tree/master/incubator/hoverfly) is a lightweight, open source API simulation tool. Using Hoverfly, you can create realistic simulations of the APIs your application depends on. +```yaml +replicaCount: "1" +openshift: + route: + admin: + enabled: true + hostname: "" + proxy: + enabled: true + hostname: "" +``` \ No newline at end of file From 085182558170665685ceeb974b3b3fbc84978f2f Mon Sep 17 00:00:00 2001 From: Gareth Healy Date: Wed, 5 Aug 2020 15:15:18 +0100 Subject: [PATCH 09/23] Added conftest to ci (#83) --- .github/workflows/conftest.yaml | 15 ++++ .gitignore | 8 +- _test/bats-support-clone.bash | 9 +++ _test/conftest.sh | 131 ++++++++++++++++++++++++++++++++ 4 files changed, 162 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/conftest.yaml create mode 100644 _test/bats-support-clone.bash create mode 100755 _test/conftest.sh diff --git a/.github/workflows/conftest.yaml b/.github/workflows/conftest.yaml new file mode 100644 index 00000000..738c12d0 --- /dev/null +++ b/.github/workflows/conftest.yaml @@ -0,0 +1,15 @@ +name: Validate + +on: [push, pull_request] + +jobs: + conftest: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Conftest + uses: redhat-cop/github-actions/confbatstest@master + with: + tests: _test/conftest.sh \ No newline at end of file diff --git a/.gitignore b/.gitignore index 430576c9..ebbbc4d4 100644 --- a/.gitignore +++ b/.gitignore @@ -36,4 +36,10 @@ Session.vim .history -*.tgz \ No newline at end of file +*.tgz + +# Rego +policy/ + +# BATS +_test/test_helper/ \ No newline at end of file diff --git a/_test/bats-support-clone.bash b/_test/bats-support-clone.bash new file mode 100644 index 00000000..da0556de --- /dev/null +++ b/_test/bats-support-clone.bash @@ -0,0 +1,9 @@ +if [[ ! -d "_test/test_helper/bats-support" ]]; then + # Download bats-support dynamically so it doesnt need to be added into source + git clone https://github.com/ztombol/bats-support _test/test_helper/bats-support --depth 1 +fi + +if [[ ! -d "_test/test_helper/redhatcop-bats-library" ]]; then + # Download redhat-cop/bats-library dynamically so it doesnt need to be added into source + git clone https://github.com/redhat-cop/bats-library _test/test_helper/redhatcop-bats-library --depth 1 +fi \ No newline at end of file diff --git a/_test/conftest.sh b/_test/conftest.sh new file mode 100755 index 00000000..9c64ce79 --- /dev/null +++ b/_test/conftest.sh @@ -0,0 +1,131 @@ +#!/usr/bin/env bats + +load bats-support-clone +load test_helper/bats-support/load +load test_helper/redhatcop-bats-library/load + +setup_file() { + rm -rf /tmp/rhcop + conftest_pull +} + +@test "charts/argocd-operator" { + tmp=$(helm_template "charts/argocd-operator") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/bootstrap-project" { + tmp=$(helm_template "charts/bootstrap-project") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/dev-ex-dashboard" { + tmp=$(helm_template "charts/dev-ex-dashboard") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/etherpad" { + tmp=$(helm_template "charts/etherpad") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/jenkins" { + tmp=$(helm_template "charts/jenkins") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/operatorhub" { + tmp=$(helm_template "charts/operatorhub") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/owncloud" { + tmp=$(helm_template "charts/owncloud") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/pact-broker" { + tmp=$(helm_template "charts/pact-broker") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/sonarqube" { + tmp=$(helm_template "charts/sonarqube") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/sonatype-nexus" { + tmp=$(helm_template "charts/sonatype-nexus") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/static-site" { + tmp=$(helm_template "charts/static-site") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} \ No newline at end of file From c02aab6af5a7684cc422c2beedb65c227b1f7eb9 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 10 Aug 2020 12:32:51 +1000 Subject: [PATCH 10/23] =?UTF-8?q?=F0=9F=90=AA=20switch=20to=20agent=20nami?= =?UTF-8?q?ng=20=F0=9F=90=AA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/jenkins/templates/imagestreams.yaml | 2 +- charts/jenkins/values.yaml | 104 ++++++++++----------- 2 files changed, 53 insertions(+), 53 deletions(-) diff --git a/charts/jenkins/templates/imagestreams.yaml b/charts/jenkins/templates/imagestreams.yaml index 6396ba6a..b4739159 100644 --- a/charts/jenkins/templates/imagestreams.yaml +++ b/charts/jenkins/templates/imagestreams.yaml @@ -4,7 +4,7 @@ kind: ImageStream apiVersion: image.openshift.io/v1 metadata: name: {{ .name }} - {{- if .name | regexFind ".*slave" }} + {{- if or (.name | regexFind ".*slave") (.name | regexFind ".*agent") }} labels: build: {{ .name }} role: jenkins-slave diff --git a/charts/jenkins/values.yaml b/charts/jenkins/values.yaml index 4342ca58..6a16d7a1 100644 --- a/charts/jenkins/values.yaml +++ b/charts/jenkins/values.yaml @@ -89,19 +89,19 @@ imagestreams: # builder_image: origin-jenkins # builder_imagetag: latest # Jenkins agents image streams - - name: jenkins-slave-mvn - - name: jenkins-slave-argocd - - name: jenkins-slave-helm - - name: jenkins-slave-ansible - - name: jenkins-slave-arachni - - name: jenkins-slave-golang - - name: jenkins-slave-gradle - - name: jenkins-slave-image-mgmt - - name: jenkins-slave-mongodb - - name: jenkins-slave-npm - - name: jenkins-slave-python - - name: jenkins-slave-ruby - - name: jenkins-slave-conftest + - name: jenkins-agent-mvn + - name: jenkins-agent-argocd + - name: jenkins-agent-helm + - name: jenkins-agent-ansible + - name: jenkins-agent-arachni + - name: jenkins-agent-golang + - name: jenkins-agent-gradle + - name: jenkins-agent-image-mgmt + - name: jenkins-agent-mongodb + - name: jenkins-agent-npm + - name: jenkins-agent-python + - name: jenkins-agent-ruby + - name: jenkins-agent-conftest buildconfigs: # Jenkins S2I from Red Hat Labs @@ -117,57 +117,57 @@ buildconfigs: builder_image_name: quay.io/openshift/origin-jenkins builder_image_tag: "latest" # Jenkins agents for running builds etc - - name: "jenkins-slave-mvn" - source_context_dir: "jenkins-slaves/jenkins-slave-mvn" + - name: "jenkins-agent-mvn" + source_context_dir: "jenkins-agents/jenkins-agent-mvn" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" + source_repo_ref: "master" builder_image_name: "quay.io/eformat/origin-jenkins-agent-maven" builder_image_tag: "latest" - - name: "jenkins-slave-helm" - source_context_dir: "jenkins-slaves/jenkins-slave-helm" + - name: "jenkins-agent-helm" + source_context_dir: "jenkins-agents/jenkins-agent-helm" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-argocd" - source_context_dir: "jenkins-slaves/jenkins-slave-argocd" + source_repo_ref: "master" + - name: "jenkins-agent-argocd" + source_context_dir: "jenkins-agents/jenkins-agent-argocd" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-arachni" - source_context_dir: "jenkins-slaves/jenkins-slave-arachni" + source_repo_ref: "master" + - name: "jenkins-agent-arachni" + source_context_dir: "jenkins-agents/jenkins-agent-arachni" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-golang" - source_context_dir: "jenkins-slaves/jenkins-slave-golang" + source_repo_ref: "master" + - name: "jenkins-agent-golang" + source_context_dir: "jenkins-agents/jenkins-agent-golang" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-gradle" - source_context_dir: "jenkins-slaves/jenkins-slave-gradle" + source_repo_ref: "master" + - name: "jenkins-agent-gradle" + source_context_dir: "jenkins-agents/jenkins-agent-gradle" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-image-mgmt" - source_context_dir: "jenkins-slaves/jenkins-slave-image-mgmt" + source_repo_ref: "master" + - name: "jenkins-agent-image-mgmt" + source_context_dir: "jenkins-agents/jenkins-agent-image-mgmt" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-mongodb" - source_context_dir: "jenkins-slaves/jenkins-slave-mongodb" + source_repo_ref: "master" + - name: "jenkins-agent-mongodb" + source_context_dir: "jenkins-agents/jenkins-agent-mongodb" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-npm" - source_context_dir: "jenkins-slaves/jenkins-slave-npm" + source_repo_ref: "master" + - name: "jenkins-agent-npm" + source_context_dir: "jenkins-agents/jenkins-agent-npm" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-python" - source_context_dir: "jenkins-slaves/jenkins-slave-python" + source_repo_ref: "master" + - name: "jenkins-agent-python" + source_context_dir: "jenkins-agents/jenkins-agent-python" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-ruby" - source_context_dir: "jenkins-slaves/jenkins-slave-ruby" + source_repo_ref: "master" + - name: "jenkins-agent-ruby" + source_context_dir: "jenkins-agents/jenkins-agent-ruby" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-ansible" - source_context_dir: "jenkins-slaves/jenkins-slave-ansible" + source_repo_ref: "master" + - name: "jenkins-agent-ansible" + source_context_dir: "jenkins-agents/jenkins-agent-ansible" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" - - name: "jenkins-slave-conftest" - source_context_dir: "jenkins-slaves/jenkins-slave-conftest" + source_repo_ref: "master" + - name: "jenkins-agent-conftest" + source_context_dir: "jenkins-agents/jenkins-agent-conftest" source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "v1.26" + source_repo_ref: "master" From 2e889873aaaa5714b35f9f1b90b5ff4f0bc2b585 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 10 Aug 2020 12:33:51 +1000 Subject: [PATCH 11/23] =?UTF-8?q?=F0=9F=A6=94=20agent=20rename=20?= =?UTF-8?q?=F0=9F=A6=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/jenkins/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/jenkins/Chart.yaml b/charts/jenkins/Chart.yaml index 7ab5e34a..2e7a3c9f 100644 --- a/charts/jenkins/Chart.yaml +++ b/charts/jenkins/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "v2.222.1" description: A Helm chart for deploying Jenkins on OpenShift with some additional build agents and plugins name: jenkins -version: 0.0.19 +version: 0.0.20 home: https://github.com/redhat-cop/helm-charts maintainers: - name: springdo From 1abb28c2c9e002f54be28bf763ea6f939fd5a96e Mon Sep 17 00:00:00 2001 From: Paul Barfuss Date: Mon, 17 Aug 2020 15:45:58 -0400 Subject: [PATCH 12/23] Adding certs directory to volumeMounts --- charts/sonarqube/templates/deployment.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/sonarqube/templates/deployment.yaml b/charts/sonarqube/templates/deployment.yaml index b0cebf53..d3ea4522 100644 --- a/charts/sonarqube/templates/deployment.yaml +++ b/charts/sonarqube/templates/deployment.yaml @@ -71,6 +71,9 @@ spec: - mountPath: /opt/sonarqube/extensions/plugins name: sonarqube subPath: plugins + - mountPath: /opt/sonarqube/certs + name: sonarqube + subPath: certs {{- with .Values.env }} env: {{- . | toYaml | trim | nindent 12 }} From 5fe35908f5d89a73bf37afe2c5b2ed7b1bb986e9 Mon Sep 17 00:00:00 2001 From: Paul Barfuss Date: Mon, 17 Aug 2020 15:54:17 -0400 Subject: [PATCH 13/23] messing with permissions on container --- charts/sonarqube/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sonarqube/templates/deployment.yaml b/charts/sonarqube/templates/deployment.yaml index d3ea4522..01448c00 100644 --- a/charts/sonarqube/templates/deployment.yaml +++ b/charts/sonarqube/templates/deployment.yaml @@ -51,7 +51,7 @@ spec: - "sh" - "-c" - 'mkdir -p $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs) && - chown 999:999 -R $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs)' + ls -lah $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs)' volumeMounts: - mountPath: /opt/sonarqube/temp name: sonarqube From 141dcd63db571a7b3581f26c663e9e51fa23d3bd Mon Sep 17 00:00:00 2001 From: Paul Barfuss Date: Mon, 17 Aug 2020 16:00:26 -0400 Subject: [PATCH 14/23] removing chown since openshift does not need to chown 999:999 --- charts/sonarqube/templates/deployment.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/sonarqube/templates/deployment.yaml b/charts/sonarqube/templates/deployment.yaml index 01448c00..0d7646e4 100644 --- a/charts/sonarqube/templates/deployment.yaml +++ b/charts/sonarqube/templates/deployment.yaml @@ -50,8 +50,7 @@ spec: command: - "sh" - "-c" - - 'mkdir -p $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs) && - ls -lah $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs)' + - 'mkdir -pv $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs)' volumeMounts: - mountPath: /opt/sonarqube/temp name: sonarqube From b460ff0696f76ce9f3bb22db7090b58031f30c5f Mon Sep 17 00:00:00 2001 From: Paul Barfuss Date: Wed, 19 Aug 2020 10:55:48 -0400 Subject: [PATCH 15/23] bump the chart version to 0.0.7 --- charts/sonarqube/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml index 0a9841c0..5b43e85f 100644 --- a/charts/sonarqube/Chart.yaml +++ b/charts/sonarqube/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: sonarqube description: SonarQube is an open sourced code quality scanning tool -version: 0.0.6 +version: 0.0.7 appVersion: "8.2-community" home: https://github.com/redhat-cop/helm-charts keywords: From 99acc1a906de1f4bede958059579b1a4ccde550c Mon Sep 17 00:00:00 2001 From: caracan Date: Tue, 25 Aug 2020 14:14:35 +0100 Subject: [PATCH 16/23] Changes helm repo to point to correct location & version bump --- charts/argocd-operator/Chart.yaml | 2 +- charts/argocd-operator/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/argocd-operator/Chart.yaml b/charts/argocd-operator/Chart.yaml index af13e41a..471e8a15 100644 --- a/charts/argocd-operator/Chart.yaml +++ b/charts/argocd-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v1.6.1 description: A Helm chart for customising the deployment of the ArgoCD Operator ⚓️ name: argocd-operator -version: 0.0.16 +version: 0.0.17 home: https://github.com/redhat-cop/helm-charts maintainers: - name: springdo diff --git a/charts/argocd-operator/values.yaml b/charts/argocd-operator/values.yaml index be2b38fa..12dc1609 100644 --- a/charts/argocd-operator/values.yaml +++ b/charts/argocd-operator/values.yaml @@ -44,9 +44,9 @@ server: initialRepositories: - name: ubiquitous-journey url: https://github.com/rht-labs/ubiquitous-journey.git - - name: rht-labs + - name: redhat-cop type: helm - url: https://rht-labs.github.io/helm-charts + url: https://redhat-cop.github.io/helm-charts secrets: - name: argocd-privaterepo From 8a592efce7a417837c907ff7f8e4f884c953b2e9 Mon Sep 17 00:00:00 2001 From: mike hepburn Date: Fri, 18 Sep 2020 23:58:09 +1000 Subject: [PATCH 17/23] =?UTF-8?q?=F0=9F=A6=8F=20updated=20nexus=20to=20lat?= =?UTF-8?q?est=203.27=20image=20=F0=9F=A6=8F=20(#91)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/sonatype-nexus/Chart.yaml | 4 ++-- charts/sonatype-nexus/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/sonatype-nexus/Chart.yaml b/charts/sonatype-nexus/Chart.yaml index a07d15a7..15e9995b 100644 --- a/charts/sonatype-nexus/Chart.yaml +++ b/charts/sonatype-nexus/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v1 -appVersion: 3.23.0 +appVersion: 3.27.0 description: Sonatype Nexus is an open source repository manager home: https://github.com/redhat-cop/helm-charts name: sonatype-nexus sources: - https://github.com/sonatype/nexus-public -version: 0.0.4 +version: 0.0.5 maintainers: - name: eformat diff --git a/charts/sonatype-nexus/values.yaml b/charts/sonatype-nexus/values.yaml index eb4867a0..0e213088 100644 --- a/charts/sonatype-nexus/values.yaml +++ b/charts/sonatype-nexus/values.yaml @@ -31,7 +31,7 @@ nexus: - name: NEXUS_SECURITY_RANDOMPASSWORD value: "false" hostAliases: [] - imageName: registry.connect.redhat.com/sonatype/nexus-repository-manager:3.24.0-ubi-1 + imageName: registry.connect.redhat.com/sonatype/nexus-repository-manager:3.27.0-ubi-4 imagePullPolicy: IfNotPresent imagePullSecret: "" livenessProbe: From c1df164169b08bb436e8b1bee94a842e238a4910 Mon Sep 17 00:00:00 2001 From: Petter Abrahamsson Date: Mon, 28 Sep 2020 06:02:14 -0400 Subject: [PATCH 18/23] =?UTF-8?q?=E2=98=94=EF=B8=8F=20=20Jenkins=20agents?= =?UTF-8?q?=20rename=20+=20erlang,graalvm=20&=20rust=20agents=20(#93)=20?= =?UTF-8?q?=E2=9B=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/jenkins/Chart.yaml | 2 +- charts/jenkins/README.md | 41 ++++++++++--------- charts/jenkins/values.yaml | 80 ++++++++++++++++++++++++-------------- 3 files changed, 73 insertions(+), 50 deletions(-) diff --git a/charts/jenkins/Chart.yaml b/charts/jenkins/Chart.yaml index 2e7a3c9f..7534c4f1 100644 --- a/charts/jenkins/Chart.yaml +++ b/charts/jenkins/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "v2.222.1" description: A Helm chart for deploying Jenkins on OpenShift with some additional build agents and plugins name: jenkins -version: 0.0.20 +version: 0.0.21 home: https://github.com/redhat-cop/helm-charts maintainers: - name: springdo diff --git a/charts/jenkins/README.md b/charts/jenkins/README.md index 521ddff4..4d6791d2 100644 --- a/charts/jenkins/README.md +++ b/charts/jenkins/README.md @@ -63,7 +63,7 @@ The following table lists the configurable parameters of the Jenkins chart and t | `buildconfigs.jenkins.builder_image_tag` | Builder image tag for custom build | `2` | ### Environment Variables -There are additional environment variables you can set to customize your Jenkins based on your needs. You can update these values on your [values](https://github.com/rht-labs/helm-charts/blob/master/charts/jenkins/values.yaml#L23) file. +There are additional environment variables you can set to customize your Jenkins based on your needs. You can update these values on your [values](https://github.com/redhat-cop/helm-charts/blob/master/charts/jenkins/values.yaml#L23) file. | Variable | Description | Default | | ------------------------------------------------ | --------------------------------------------------------------------------- | ---------------------------------------------------- | | `JVM_ARCH` | Java VM architecture | `x86_64` | @@ -84,26 +84,29 @@ There are additional environment variables you can set to customize your Jenkins ### Jenkins Agents -Following agents are created by default when you install the chart. They are designed to run in OpenShift as described [here](https://docs.openshift.com/container-platform/4.1/openshift_images/using_images/images-other-jenkins.html#images-other-jenkins-config-kubernetes_images-other-jenkins). You can find more details at [containers-quickstarts](https://github.com/redhat-cop/containers-quickstarts") repository. - -- jenkins-slave-mvn -- jenkins-slave-argocd -- jenkins-slave-helm -- jenkins-slave-ansible -- jenkins-slave-arachni -- jenkins-slave-golang -- jenkins-slave-gradle -- jenkins-slave-image-mgmt -- jenkins-slave-mongodb -- jenkins-slave-npm -- jenkins-slave-python -- jenkins-slave-ruby -- jenkins-slave-zap - -You can remove the ones you do not need by deleting the related imagestream and buildconfig blocks from [values](https://github.com/rht-labs/helm-charts/blob/master/charts/jenkins/values.yaml#L80) file. +Following agents are created by default when you install the chart. They are designed to run in OpenShift as described [here](https://docs.openshift.com/container-platform/latest/openshift_images/using_images/images-other-jenkins.html#images-other-jenkins-config-kubernetes_images-other-jenkins). You can find more details at [containers-quickstarts](https://github.com/redhat-cop/containers-quickstarts") repository. + +- jenkins-agent-ansible +- jenkins-agent-arachni +- jenkins-agent-argocd +- jenkins-agent-conftest +- jenkins-agent-erlang +- jenkins-agent-golang +- jenkins-agent-graalvm +- jenkins-agent-gradle +- jenkins-agent-helm +- jenkins-agent-image-mgmt +- jenkins-agent-mongodb +- jenkins-agent-mvn +- jenkins-agent-npm +- jenkins-agent-python +- jenkins-agent-ruby +- jenkins-agent-rust + +You can remove the ones you do not need by deleting the related imagestream and buildconfig blocks from [values](https://github.com/redhat-cop/helm-charts/blob/master/charts/jenkins/values.yaml#L80) file. ### Persistence -If you want to set your Jenkins as ephemeral, you should either remove the persistence [block](https://github.com/rht-labs/helm-charts/blob/master/charts/jenkins/values.yaml#L55) from your values file or set persistent value as below during the installation: +If you want to set your Jenkins as ephemeral, you should either remove the persistence [block](https://github.com/redhat-cop/helm-charts/blob/master/charts/jenkins/values.yaml#L55) from your values file or set persistent value as below during the installation: ```bash $ helm template --set persistence='' -f jenkins/values.yaml jenkins | oc apply -f- diff --git a/charts/jenkins/values.yaml b/charts/jenkins/values.yaml index 6a16d7a1..e6babbec 100644 --- a/charts/jenkins/values.yaml +++ b/charts/jenkins/values.yaml @@ -1,5 +1,6 @@ --- appName: &name jenkins +jenkinsAgentRepo: &jarepo "https://github.com/redhat-cop/containers-quickstarts" route: true @@ -89,19 +90,22 @@ imagestreams: # builder_image: origin-jenkins # builder_imagetag: latest # Jenkins agents image streams - - name: jenkins-agent-mvn - - name: jenkins-agent-argocd - - name: jenkins-agent-helm - name: jenkins-agent-ansible - name: jenkins-agent-arachni + - name: jenkins-agent-argocd + - name: jenkins-agent-conftest + - name: jenkins-agent-erlang - name: jenkins-agent-golang + - name: jenkins-agent-graalvm - name: jenkins-agent-gradle + - name: jenkins-agent-helm - name: jenkins-agent-image-mgmt - name: jenkins-agent-mongodb + - name: jenkins-agent-mvn - name: jenkins-agent-npm - name: jenkins-agent-python - name: jenkins-agent-ruby - - name: jenkins-agent-conftest + - name: jenkins-agent-rust buildconfigs: # Jenkins S2I from Red Hat Labs @@ -117,57 +121,73 @@ buildconfigs: builder_image_name: quay.io/openshift/origin-jenkins builder_image_tag: "latest" # Jenkins agents for running builds etc - - name: "jenkins-agent-mvn" - source_context_dir: "jenkins-agents/jenkins-agent-mvn" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + - name: "jenkins-agent-ansible" + source_context_dir: "jenkins-agents/jenkins-agent-ansible" + source_repo: *jarepo source_repo_ref: "master" - builder_image_name: "quay.io/eformat/origin-jenkins-agent-maven" - builder_image_tag: "latest" - - name: "jenkins-agent-helm" - source_context_dir: "jenkins-agents/jenkins-agent-helm" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + - name: "jenkins-agent-arachni" + source_context_dir: "jenkins-agents/jenkins-agent-arachni" + source_repo: *jarepo source_repo_ref: "master" - name: "jenkins-agent-argocd" source_context_dir: "jenkins-agents/jenkins-agent-argocd" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + source_repo: *jarepo source_repo_ref: "master" - - name: "jenkins-agent-arachni" - source_context_dir: "jenkins-agents/jenkins-agent-arachni" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + - name: "jenkins-agent-conftest" + source_context_dir: "jenkins-agents/jenkins-agent-conftest" + source_repo: *jarepo + source_repo_ref: "master" + builder_image_name: "quay.io/redhat-cop/jenkins-agent-python" + builder_image_tag: "v1.0" + - name: "jenkins-agent-erlang" + source_context_dir: "jenkins-agents/jenkins-agent-erlang" + source_repo: *jarepo source_repo_ref: "master" - name: "jenkins-agent-golang" source_context_dir: "jenkins-agents/jenkins-agent-golang" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + source_repo: *jarepo + source_repo_ref: "master" + - name: "jenkins-agent-graalvm" + source_context_dir: "jenkins-agents/jenkins-agent-graalvm" + source_repo: *jarepo source_repo_ref: "master" + builder_image_name: "quay.io/openshift/origin-jenkins-agent-maven" + builder_image_tag: "4.5" - name: "jenkins-agent-gradle" source_context_dir: "jenkins-agents/jenkins-agent-gradle" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + source_repo: *jarepo + source_repo_ref: "master" + - name: "jenkins-agent-helm" + source_context_dir: "jenkins-agents/jenkins-agent-helm" + source_repo: *jarepo source_repo_ref: "master" - name: "jenkins-agent-image-mgmt" source_context_dir: "jenkins-agents/jenkins-agent-image-mgmt" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + source_repo: *jarepo source_repo_ref: "master" - name: "jenkins-agent-mongodb" source_context_dir: "jenkins-agents/jenkins-agent-mongodb" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + source_repo: *jarepo + source_repo_ref: "master" + - name: "jenkins-agent-mvn" + source_context_dir: "jenkins-agents/jenkins-agent-mvn" + source_repo: *jarepo source_repo_ref: "master" + builder_image_name: "quay.io/eformat/origin-jenkins-agent-maven" + builder_image_tag: "latest" - name: "jenkins-agent-npm" source_context_dir: "jenkins-agents/jenkins-agent-npm" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + source_repo: *jarepo source_repo_ref: "master" - name: "jenkins-agent-python" source_context_dir: "jenkins-agents/jenkins-agent-python" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + source_repo: *jarepo source_repo_ref: "master" - name: "jenkins-agent-ruby" source_context_dir: "jenkins-agents/jenkins-agent-ruby" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + source_repo: *jarepo source_repo_ref: "master" - - name: "jenkins-agent-ansible" - source_context_dir: "jenkins-agents/jenkins-agent-ansible" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" - source_repo_ref: "master" - - name: "jenkins-agent-conftest" - source_context_dir: "jenkins-agents/jenkins-agent-conftest" - source_repo: "https://github.com/redhat-cop/containers-quickstarts" + - name: "jenkins-agent-rust" + source_context_dir: "jenkins-agents/jenkins-agent-rust" + source_repo: *jarepo source_repo_ref: "master" From b77f12f5d2ab64816de48f74dc3954cd783da548 Mon Sep 17 00:00:00 2001 From: donal Date: Wed, 7 Oct 2020 14:59:05 +0100 Subject: [PATCH 19/23] =?UTF-8?q?=F0=9F=90=AF=20UPDATE=20-=20Add=20link=20?= =?UTF-8?q?to=20other=20helm=20charts=20I=20found=20in=20CoP=20this=20morn?= =?UTF-8?q?ing=20=F0=9F=A6=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 32f0e074..cf2534d9 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ For charts we know work on OpenShift but do not belong here, check out the list This libary is used to support [Open Innovation Labs Ubiquitous Journey Project](https://github.com/rht-labs/ubiquitous-journey) +Additional charts for managing an OpenShift cluster can be found in [redhat-cop/openshift-management](https://github.com/redhat-cop/openshift-management/tree/master/charts) + ## 🧰 Add this Helm Repo to your local 🧰 ``` helm repo add redhat-cop https://redhat-cop.github.io/helm-charts From 5d315f652c8e3b6faae7d39526cbe1a759a4c789 Mon Sep 17 00:00:00 2001 From: donal Date: Wed, 7 Oct 2020 15:25:50 +0100 Subject: [PATCH 20/23] =?UTF-8?q?=F0=9F=90=99=20UPDATE=20-=20charts=20we?= =?UTF-8?q?=20like=20with=20ref=20to=20sealed-secrets=20=F0=9F=90=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts-we-like.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/charts-we-like.md b/charts-we-like.md index 4f2c6dc6..d74804fd 100644 --- a/charts-we-like.md +++ b/charts-we-like.md @@ -1,6 +1,19 @@ ## 🧰 OpenShift Ready Charts 🧰 This collection of charts we've used in the past that runs on OpenShift. Here are some examples and the values used to run on OpenShift: +#### 🗣 Sealed Secrets +![Sealed Secrets](https://github.com/helm/charts/tree/master/stable/sealed-secrets) allows you to encrypt your K8s Secret into a SealedSecret, which is safe to store - even to a public repository.... Example Values file for OpenShift: +```yaml +nameOverride: sealed-secrets +fullnameOverride: sealed-secrets +# namespace must exist +namespace: labs-ci-cd +# Dont touch the security context values, deployment will fail in OpenShift otherwise. +securityContext: + runAsUser: "" + fsGroup: "" +``` + #### 🗣 Mattermost ![Mattermost](https://github.com/mattermost/mattermost-helm/tree/master/charts/mattermost-team-edition) is an OpenSource Chat Application. Example Values file for OpenShift: From 791f63f69e5d157dbfe1e8e2c61831e338447754 Mon Sep 17 00:00:00 2001 From: donal Date: Wed, 7 Oct 2020 15:26:41 +0100 Subject: [PATCH 21/23] =?UTF-8?q?=F0=9F=90=99=20UPDATE=20-=20charts=20we?= =?UTF-8?q?=20like=20with=20ref=20to=20sealed-secrets=20=F0=9F=90=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts-we-like.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts-we-like.md b/charts-we-like.md index d74804fd..f29c3cd8 100644 --- a/charts-we-like.md +++ b/charts-we-like.md @@ -1,8 +1,9 @@ ## 🧰 OpenShift Ready Charts 🧰 This collection of charts we've used in the past that runs on OpenShift. Here are some examples and the values used to run on OpenShift: -#### 🗣 Sealed Secrets -![Sealed Secrets](https://github.com/helm/charts/tree/master/stable/sealed-secrets) allows you to encrypt your K8s Secret into a SealedSecret, which is safe to store - even to a public repository.... Example Values file for OpenShift: +#### 🕵️‍♀️ Sealed Secrets +![Sealed Secrets](https://github.com/helm/charts/tree/master/stable/sealed-secrets) allows you to encrypt your K8s Secret into a SealedSecret, which is safe to store - even to a public repository.... Example Values for OpenShift: + ```yaml nameOverride: sealed-secrets fullnameOverride: sealed-secrets From 12e8730d0075882a0e412cb411b163e7e92defa8 Mon Sep 17 00:00:00 2001 From: Jorge Tudela Date: Fri, 9 Oct 2020 13:06:05 +0200 Subject: [PATCH 22/23] Adds SMTP relay server (maildev) --- charts/maildev/.helmignore | 23 ++++ charts/maildev/Chart.yaml | 9 ++ charts/maildev/README.md | 95 +++++++++++++++ charts/maildev/templates/NOTES.txt | 1 + charts/maildev/templates/_helpers.tpl | 63 ++++++++++ .../templates/cm-auto-relay-rules.yaml | 6 + charts/maildev/templates/deployment.yaml | 114 ++++++++++++++++++ charts/maildev/templates/route-smtp.yaml | 18 +++ charts/maildev/templates/route-web.yaml | 16 +++ charts/maildev/templates/service-smtp.yaml | 17 +++ charts/maildev/templates/service-web.yaml | 17 +++ charts/maildev/templates/serviceaccount.yaml | 12 ++ charts/maildev/values.yaml | 102 ++++++++++++++++ 13 files changed, 493 insertions(+) create mode 100644 charts/maildev/.helmignore create mode 100644 charts/maildev/Chart.yaml create mode 100644 charts/maildev/README.md create mode 100644 charts/maildev/templates/NOTES.txt create mode 100644 charts/maildev/templates/_helpers.tpl create mode 100644 charts/maildev/templates/cm-auto-relay-rules.yaml create mode 100644 charts/maildev/templates/deployment.yaml create mode 100644 charts/maildev/templates/route-smtp.yaml create mode 100644 charts/maildev/templates/route-web.yaml create mode 100644 charts/maildev/templates/service-smtp.yaml create mode 100644 charts/maildev/templates/service-web.yaml create mode 100644 charts/maildev/templates/serviceaccount.yaml create mode 100644 charts/maildev/values.yaml diff --git a/charts/maildev/.helmignore b/charts/maildev/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/maildev/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/maildev/Chart.yaml b/charts/maildev/Chart.yaml new file mode 100644 index 00000000..00da1016 --- /dev/null +++ b/charts/maildev/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +appVersion: v1.1.0 +description: A Helm chart for deploying maildev SMTP server. +name: maildev +type: application +version: 0.1.0 +home: https://github.com/redhat-cop/helm-charts +maintainers: +- name: jtudelag diff --git a/charts/maildev/README.md b/charts/maildev/README.md new file mode 100644 index 00000000..3188cb0b --- /dev/null +++ b/charts/maildev/README.md @@ -0,0 +1,95 @@ +# SMTP relay service +This helm-chart installs [Maildev](https://github.com/maildev/maildev). + +Its mainly usage is to provide with a SMTP relay service inside OpenShift, +so other apps can rely on it to send mails externally. + +Inside the Namespace where it is deployed, an SMTP service is available: `smtp:25`. + +Maildev also provides a Web interface, it can be disabled/enabled at discretion. +By default it exposed at a route. + +Also note that mails do not persist after reboot. Everytime Maildev starts, it starts from scratch, +even if the `/tmp/maildev` folder, where Maildev stores mails, is persisted. + +And I haven't found any way to configure Maildev so it reload previous mails after a reboot.... + +# Sources code +Maildev source code can be here: https://github.com/maildev/maildev + +# Known issue with Env Vars + +Github issue: https://github.com/maildev/maildev/issues/315 + +So, not every option can be configured using env vars, so, a few options are hardcoded in the deployment: +`["--verbose", "--outgoing-secure", "--auto-relay"]` + +## Configuration + +Table with the most relevants parameters for MailDev. +Not listing here the more general paramaters such as tolerations, nodeSelectors, etc. + +| Parameter | Description | Default | +|------------------------------:|:--------------------------------------------------------------------------------------------------|:--------------------------------------------| +| **outgoing_relay.host** | SMTP Relay host, `MAILDEV_OUTGOING_HOST`. | `` | +| **outgoing_relay.port** | SMTP Relay port, `MAILDEV_OUTGOING_PORT`. | `` | +| **outgoing_relay.user** | SMTP Relay user, `MAILDEV_OUTGOING_USER`. | `` | +| **outgoing_relay.pass** | SMTP Relay password, `MAILDEV_OUTGOING_PASS`. | `` | +| **outgoing_relay.secure** | Use SMTP SSL for outgoing emails, `MAILDEV_OUTGOING_SECURE`. | `true`. Hardcoded in the deployment due to a bug. | +| **ports.smtp** | Port where the SMTP service is listenning. (Irrelevant for OCP/K8S), `MAILDEV_SMTP_PORT`. | `1025` | +| **ports.web** | Port where the Web interface service is listenning. (Irrelevant for OCP/K8S), `MAILDEV_WEB_PORT`. | `1080` | +| **web.disable** | Disable Web interface. `MAILDEV_DISABLE_WEB`. | `False` | +| **web.user** | Web interface user, `MAILDEV_WEB_USER`. | `admin` | +| **web.pass** | Web interface password, `MAILDEV_WEB_PASS`. | `` | +| **https.enabled** | Switch from http to https protocol, `MAILDEV_HTTPS`. | `False` | +| **https.key** | The file path to the ssl private key, `MAILDEV_HTTPS_KEY`. | | +| **https.cert** | The file path to the ssl cert file, `MAILDEV_HTTPS_CERT`. | | +| **incoming.user** | SMTP user for incoming emails, `MAILDEV_INCOMING_USER`. | | +| **incoming.pass** | SMTP password for incoming emails, `MAILDEV_INCOMING_PASS`. | | + +# Test it + +rsh into the pod. +```bash +oc rsh $(oc get pod -l "app.kubernetes.io/instance=maildev" -o name) +``` + +Create summy mail.txt file. +```bash +cat <> mail.txt +From: Test Maildev +To: Jorge Tudela +Subject: Test mail from maildev +Date: Fri, 17 Nov 2020 11:26:16 + +Dear Joe, +Welcome to this example email. What a lovely day. +Cheers!! +EOF +``` + +Send the mail with curl: +```bash +curl smtp://smtp:25 --mail-from test@maildev.com --mail-rcpt jtudelag@redhat.com --upload-file ./mail.txt +``` + +Check the logs and see if the mail has been delivered. +```bash +oc logs $(oc get pod -l "app.kubernetes.io/instance=maildev" -o name) +Temporary directory created at /tmp/maildev +Temporary directory created at /tmp/maildev/1 +MailDev outgoing SMTP Server smtp.gmail.com:465 (user:rht-labs-noreply@redhat.com, pass:####, secure:yes) +Auto-Relay mode on +MailDev webapp running at http://0.0.0.0:1080 +MailDev SMTP Server running at 0.0.0.0:1025 +Saving email: Test mail from maildev, id: 3ZhYnk5q +MailDev outgoing SMTP Server smtp.gmail.com:465 (user:rht-labs-noreply@redhat.com, pass:####, secure:yes) +Mail Delivered: Test mail from maildev +``` + +Alternatively you can check the webconsole. +```bash +oc get route web-maildev -o=jsonpath='{.spec.host}' +``` + +Check your mail inbox ;) \ No newline at end of file diff --git a/charts/maildev/templates/NOTES.txt b/charts/maildev/templates/NOTES.txt new file mode 100644 index 00000000..39e26336 --- /dev/null +++ b/charts/maildev/templates/NOTES.txt @@ -0,0 +1 @@ +# Sources code here: https://github.com/maildev/maildev \ No newline at end of file diff --git a/charts/maildev/templates/_helpers.tpl b/charts/maildev/templates/_helpers.tpl new file mode 100644 index 00000000..c3039c63 --- /dev/null +++ b/charts/maildev/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "maildev.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "maildev.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "maildev.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "maildev.labels" -}} +helm.sh/chart: {{ include "maildev.chart" . }} +{{ include "maildev.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "maildev.selectorLabels" -}} +app.kubernetes.io/name: {{ include "maildev.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "maildev.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "maildev.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/maildev/templates/cm-auto-relay-rules.yaml b/charts/maildev/templates/cm-auto-relay-rules.yaml new file mode 100644 index 00000000..4348e65d --- /dev/null +++ b/charts/maildev/templates/cm-auto-relay-rules.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +data: + auto-relay-rules.json: "[\n\t{ \"allow\": \"*\" }\n]\n" +kind: ConfigMap +metadata: + name: maildev-relay-rules diff --git a/charts/maildev/templates/deployment.yaml b/charts/maildev/templates/deployment.yaml new file mode 100644 index 00000000..928ea60e --- /dev/null +++ b/charts/maildev/templates/deployment.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "maildev.fullname" . }} + labels: + {{- include "maildev.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "maildev.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "maildev.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "maildev.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + command: ["/opt/app-root/src/bin/maildev"] + args: ["--verbose", "--outgoing-secure", "--auto-relay"] + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: smtp-port + containerPort: {{ .Values.ports.smtp }} + protocol: TCP + - name: web-port + containerPort: {{ .Values.ports.web }} + protocol: TCP + env: + - name: MAILDEV_DISABLE_WEB + value: "{{ .Values.web.disable }}" + {{- if or .Values.web.user .Values.web.pass}} + - name: MAILDEV_WEB_USER + value: "{{ .Values.web.user }}" + - name: MAILDEV_WEB_PASS + value: "{{ .Values.web.pass }}" + {{- end }} + - name: MAILDEV_SMTP_PORT + value: "{{ .Values.ports.smtp }}" + - name: MAILDEV_WEB_PORT + value: "{{ .Values.ports.web }}" + - name: MAILDEV_HTTPS + value: "{{ .Values.https.enabled }}" + {{- if .Values.https.key }} + - name: MAILDEV_HTTPS_KEY + value: "{{ .Values.https.key }}" + {{- end }} + {{- if .Values.https.cert }} + - name: MAILDEV_HTTPS_CERT + value: "{{ .Values.https.cert }}" + {{- end }} + - name: MAILDEV_OUTGOING_HOST + value: "{{ .Values.outgoing_relay.host }}" + - name: MAILDEV_OUTGOING_PORT + value: "{{ .Values.outgoing_relay.port }}" + - name: MAILDEV_OUTGOING_USER + value: "{{ .Values.outgoing_relay.user }}" + - name: MAILDEV_OUTGOING_PASS + value: "{{ .Values.outgoing_relay.pass }}" + - name: MAILDEV_OUTGOING_SECURE + value: "{{ .Values.outgoing_relay.secure }}" + {{- if .Values.incoming }} + - name: MAILDEV_INCOMING_USER + value: "{{ .Values.incoming.user }}" + - name: MAILDEV_INCOMING_PASS + value: "{{ .Values.incoming.pass }}" + {{- end }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.ports.web }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.ports.web }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: auto-relay-rules + mountPath: /etc/maildev + subpath: auto-relay-rules.json + volumes: + - name: auto-relay-rules + configMap: + name: maildev-relay-rules + items: + - key: auto-relay-rules.json + path: auto-relay-rules.json + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/maildev/templates/route-smtp.yaml b/charts/maildev/templates/route-smtp.yaml new file mode 100644 index 00000000..5e948969 --- /dev/null +++ b/charts/maildev/templates/route-smtp.yaml @@ -0,0 +1,18 @@ +{{- if .Values.ports.smtp }} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: "smtp" + labels: + {{- include "maildev.labels" . | nindent 4 }} +spec: + port: + targetPort: {{ .Values.ports.smtp }} + to: + kind: Service + name: smtp + weight: 100 + tls: + termination: passthrough + wildcardPolicy: None +{{- end }} \ No newline at end of file diff --git a/charts/maildev/templates/route-web.yaml b/charts/maildev/templates/route-web.yaml new file mode 100644 index 00000000..78fbbae5 --- /dev/null +++ b/charts/maildev/templates/route-web.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ports.web }} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: "web-{{ include "maildev.fullname" . }}" + labels: + {{- include "maildev.labels" . | nindent 4 }} +spec: + port: + targetPort: {{ .Values.ports.web }} + to: + kind: Service + name: web-{{ include "maildev.fullname" . }} + weight: 100 + wildcardPolicy: None +{{- end }} \ No newline at end of file diff --git a/charts/maildev/templates/service-smtp.yaml b/charts/maildev/templates/service-smtp.yaml new file mode 100644 index 00000000..0c3106b6 --- /dev/null +++ b/charts/maildev/templates/service-smtp.yaml @@ -0,0 +1,17 @@ +{{- if .Values.ports.smtp }} +apiVersion: v1 +kind: Service +metadata: + name: smtp + labels: + {{- include "maildev.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - name: smtp-{{ .Values.ports.smtp }}-tcp + port: 25 + protocol: TCP + targetPort: {{ .Values.ports.smtp }} + selector: + {{- include "maildev.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/maildev/templates/service-web.yaml b/charts/maildev/templates/service-web.yaml new file mode 100644 index 00000000..daa28c7d --- /dev/null +++ b/charts/maildev/templates/service-web.yaml @@ -0,0 +1,17 @@ +{{- if .Values.ports.web }} +apiVersion: v1 +kind: Service +metadata: + name: "web-{{ include "maildev.fullname" . }}" + labels: + {{- include "maildev.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - name: web-{{ .Values.ports.smtp }}-tcp + port: {{ .Values.ports.web }} + protocol: TCP + targetPort: {{ .Values.ports.web }} + selector: + {{- include "maildev.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/maildev/templates/serviceaccount.yaml b/charts/maildev/templates/serviceaccount.yaml new file mode 100644 index 00000000..07a28f1d --- /dev/null +++ b/charts/maildev/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "maildev.serviceAccountName" . }} + labels: + {{- include "maildev.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/maildev/values.yaml b/charts/maildev/values.yaml new file mode 100644 index 00000000..60104e6b --- /dev/null +++ b/charts/maildev/values.yaml @@ -0,0 +1,102 @@ +--- +appName: &name maildev + +# Default values for maildev. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: docker.io/maildev/maildev + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: v1.1.0 + +outgoing_relay: + # MAILDEV_OUTGOING_HOST + host: smtp.gmail.com + # MAILDEV_OUTGOING_PORT + port: 465 + # MAILDEV_OUTGOING_USER + user: 'XXX' + # MAILDEV_OUTGOING_PASS + pass: 'YYY' + # MAILDEV_OUTGOING_SECURE + secure: true + +incoming: + # MAILDEV_INCOMING_USER + # user: + # MAILDEV_INCOMING_PASS + # pass: + +ports: + # MAILDEV_SMTP_PORT + smtp: 1025 + # MAILDEV_WEB_PORT + web: 1080 + +# MAILDEV_HTTPS +https: + enabled: false + # MAILDEV_HTTPS_KEY + # key: + # MAILDEV_HTTPS_KEY + # cert: + +# Web interface +web: + # MAILDEV_DISABLE_WEB + disable: false + # MAILDEV_WEB_USER + user: admin + # MAILDEV_WEB_PASS + pass: admin + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 2e16e80906fa8b7ce8bec487df25371994e8cf8e Mon Sep 17 00:00:00 2001 From: Jorge Tudela Date: Tue, 13 Oct 2020 13:16:01 +0200 Subject: [PATCH 23/23] Adds the test --- _test/conftest.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/_test/conftest.sh b/_test/conftest.sh index 9c64ce79..6b5d9f32 100755 --- a/_test/conftest.sh +++ b/_test/conftest.sh @@ -126,6 +126,17 @@ setup_file() { cmd="conftest test ${tmp} --output tap ${namespaces}" run ${cmd} + print_info "${status}" "${output}" "${cmd}" "${tmp}" + [ "$status" -eq 0 ] +} + +@test "charts/keycloak-operator" { + tmp=$(helm_template "charts/keycloak-operator") + + namespaces=$(get_rego_namespaces "ocp\.deprecated\.*") + cmd="conftest test ${tmp} --output tap ${namespaces}" + run ${cmd} + print_info "${status}" "${output}" "${cmd}" "${tmp}" [ "$status" -eq 0 ] } \ No newline at end of file