Merge pull request #59 from jp-gouin/refractor-chart

Refractor chart
jp-gouin · Apr 13, 2022 · 50cc4fa · 50cc4fa
2 parents 18a5567 + e01c74d
commit 50cc4fa
Show file tree

Hide file tree

Showing 27 changed files with 738 additions and 299 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/.bin/chaos.yaml b/.bin/chaos.yaml
@@ -1,16 +1,19 @@
 apiVersion: chaos-mesh.org/v1alpha1
-kind: PodChaos
+kind: Schedule
 metadata:
   name: pod-failure-openldap
   annotations:
-    experiment.chaos-mesh.org/pause: "false"
+    experiment.chaos-mesh.org/pause: "true"
 spec:
-  action: pod-failure
-  mode: random-max-percent
-  value: "66"
-  duration: "15s"
-  selector:
-    labelSelectors:
-      "app": "openldap-openldap-stack-ha"
-  scheduler:
-    cron: "@every 2m"
+  schedule: "@every 2m"
+  type: "PodChaos"
+  historyLimit: 5
+  concurrencyPolicy: Forbid
+  podChaos:
+    action: pod-failure
+    duration: 15s
+    mode: random-max-percent
+    selector:
+      labelSelectors:
+        app.kubernetes.io/name: openldap-stack-ha
+    value: '66' 
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,7 +2,7 @@ name: Qualif
 on:
   push:
     branches:
-      - "master"
+      - "*"
   pull_request:
     branches:
       - "master"
@@ -21,13 +21,13 @@ jobs:
         run: |
           curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64
           chmod +x /tmp/kind
-          /tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml
+          /tmp/kind create cluster --config=$GITHUB_WORKSPACE/.bin/kind-conf.yml --image=kindest/node:v1.23.0@sha256:49824ab1727c04e56a21a5d8372a402fcd32ea51ac96a2706a12af38934f81ac
           kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
           kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"}}}}}'
       - name: setup chaos mesh
         shell: bash
         run: |
-          curl -sSL https://mirrors.chaos-mesh.org/v1.2.2/install.sh | bash -s -- --local kind
+          curl -sSL https://mirrors.chaos-mesh.org/v2.1.3/install.sh  | bash -s -- --local kind
       - name: setup certs
         shell: bash
         run: |
@@ -39,8 +39,8 @@ jobs:
         shell: bash
         run: |
           cd "$GITHUB_WORKSPACE"
-          helm install openldap -f .bin/myval.yaml .
-          kubectl rollout status sts openldap-openldap-stack-ha 
+          helm install openldap-stack-ha -f .bin/myval.yaml .
+          kubectl rollout status sts openldap-stack-ha 
       - name: verify deployment
         shell: bash
         run: |

diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+myValues.yaml
diff --git a/Chart.lock b/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: ltb-passwd
+  repository: ""
+  version: 0.1.x
+- name: phpldapadmin
+  repository: ""
+  version: 0.1.x
+- name: common
+  repository: https://charts.bitnami.com/bitnami
+  version: 1.10.0
+digest: sha256:ffce1e1b35fc49ce33dbf5c063be307964ca75ba6f13d325d32b474ba34c7ea3
+generated: "2021-10-24T14:53:55.640745+02:00"
diff --git a/Chart.yaml b/Chart.yaml
@@ -7,8 +7,13 @@ dependencies:
   - name: phpldapadmin
     version: 0.1.x
     condition: phpldapadmin.enabled
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
 home: https://www.openldap.org
-version: 2.1.6
+version: 3.0.0
 appVersion: 2.4.57
 description: Community developed LDAP software
 icon: https://raw.githubusercontent.com/jp-gouin/helm-openldap/master/logo.png

diff --git a/README.md b/README.md
diff --git a/charts/common-1.10.0.tgz b/charts/common-1.10.0.tgz
diff --git a/charts/ltb-passwd/templates/_helpers.tpl b/charts/ltb-passwd/templates/_helpers.tpl
@@ -43,6 +43,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
+
 {{/*
 Generate chart secret name
 */}}
@@ -51,12 +52,15 @@ Generate chart secret name
 {{- end -}}
 
 {{/*
-Return the appropriate apiVersion for ingress.
+Return the proper Openldap image name
 */}}
-{{- define "ingress.apiVersion" -}}
-{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}}
-{{- print "networking.k8s.io/v1" -}}
-{{- else -}}
-{{- print "extensions/v1beta1" -}}
+{{- define "ltb-passwd.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "ltb-passwd.imagePullSecrets" -}}
+{{ include "common.images.pullSecrets" (dict "images" (list .Values.image ) "global" .Values.global) }}
 {{- end -}}
-{{- end -}}
diff --git a/charts/ltb-passwd/templates/configmap-ldap.yaml b/charts/ltb-passwd/templates/configmap-ldap.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.ldap.custom }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "ltb-passwd.fullname" . }}-ldap-cm
+  labels:
+    app: {{ template "ltb-passwd.name" . }}
+    chart: {{ template "ltb-passwd.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  ldap.conf: |
+    {{- range $ldapconfig := .Values.ldap.custom }}
+    {{ $ldapconfig.name }} {{ $ldapconfig.value }}     
+    {{- end }}
+{{- end }}
diff --git a/charts/ltb-passwd/templates/deployment.yaml b/charts/ltb-passwd/templates/deployment.yaml
@@ -16,28 +16,23 @@ spec:
         app.kubernetes.io/name: {{ include "ltb-passwd.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
     spec:
-    {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
+      {{- include "ltb-passwd.imagePullSecrets" . | nindent 6 }}
       containers:
         - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: {{ include "ltb-passwd.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
           - name: LDAP_SERVER
-            value: {{ .Values.ldap.server | quote }}
+            value: ldaps://{{ include "global.server" . }}
           - name: LDAP_BINDDN
-            value: {{ .Values.ldap.bindDN | quote }}
+            value: {{ include "global.bindDN" . }}
           - name: LDAP_BINDPASS
             valueFrom:
               secretKeyRef:
                 name: {{ template "ltb-passwd.secretName" . }}
-                key: {{ .Values.ldap.bindPWKey }} 
-          - name: LDAP_STARTTLS
-            value: "false"
+                key: LDAP_ADMIN_PASSWORD
           - name: LDAP_BASE_SEARCH
-            value: {{ .Values.ldap.searchBase | quote }}
+            value: {{ include "global.baseDomain" . | quote }}
           {{- with .Values.env }}
           {{- toYaml . | nindent 10 }}
           {{- end }}
@@ -55,6 +50,17 @@ spec:
               port: http
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          {{- if .Values.ldap.custom }}
+          volumeMounts:
+            - mountPath: /etc/openldap
+              name: ldap-conf
+          {{- end }}
+      {{- if .Values.ldap.custom }}
+      volumes:
+      - name: ldap-conf
+        configMap:
+          name: {{ include "ltb-passwd.fullname" . }}-ldap-cm
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/ltb-passwd/templates/ingress.yaml b/charts/ltb-passwd/templates/ingress.yaml
@@ -2,7 +2,7 @@
 {{- $fullName := include "ltb-passwd.fullname" . -}}
 {{- $ingressPath := .Values.ingress.path -}}
 {{- $ingressPathType := .Values.ingress.pathType -}}
-apiVersion: {{ include "ingress.apiVersion" . }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}
@@ -16,6 +16,9 @@ metadata:
 {{ toYaml . | indent 4 }}
 {{- end }}
 spec:
+{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+{{- end }}
 {{- if .Values.ingress.tls }}
   tls:
   {{- range .Values.ingress.tls }}
@@ -32,10 +35,12 @@ spec:
       http:
         paths:
           - path: {{ $ingressPath }}
-            {{- if eq (include "ingress.apiVersion" $) "networking.k8s.io/v1" }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
             pathType: {{ $ingressPathType }}
             {{- end }}
-            backend:
+            backend: {{- include "common.ingress.backend" (dict "serviceName" $fullName "servicePort" "http" "context" $)  | nindent 14 }}
+            {{- /*
+ backend:
               {{- if eq (include "ingress.apiVersion" $) "networking.k8s.io/v1" }}
               service:
                 name: {{ $fullName }}
@@ -44,6 +49,7 @@ spec:
               {{- else }}
               serviceName: {{ $fullName }}
               servicePort: http
-              {{- end }}
+              {{- end }} 
+*/ -}}
   {{- end }}
 {{- end }}
diff --git a/charts/ltb-passwd/values.yaml b/charts/ltb-passwd/values.yaml
@@ -8,18 +8,16 @@ image:
   repository: tiredofit/self-service-password
   tag: latest
   pullPolicy: Always
+  pullSecrets: []
+
 
-imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
 service:
   type: ClusterIP
   port: 80
-ingress:
-  enabled: true
-  annotations: {}
-  host: "ssl-ldap.local"
+
 ## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
   enabled: false
@@ -39,13 +37,20 @@ nodeSelector: {}
 tolerations: []
 affinity: {}
 ldap:
-  server: ldap://openldap.openldap
-  searchBase: dc=example,dc=org
+  #searchBase: dc=example,dc=org
   # existingSecret: ssp-ldap
-  bindDN: cn=admin,dc=example,dc=org
-  bindPWKey: BINDPW
+  #bindDN: cn=admin,dc=example,dc=org
+  #bindPWKey: LDAP_ADMIN_PASSWORD
+  custom:
+    - name: TLS_REQCERT
+      value: never
 env:
 - name: SECRETEKEY
   value: "password"
 - name: LDAP_LOGIN_ATTRIBUTE
-  value: "cn"
+  value: "cn"
+- name: LDAP_STARTTLS
+  value: "false"
+- name: CHANGE_SSHKEY
+  value: "true"
+
diff --git a/charts/phpldapadmin/templates/_helpers.tpl b/charts/phpldapadmin/templates/_helpers.tpl
@@ -32,12 +32,15 @@ Create chart name and version as used by the chart label.
 {{- end -}}
 
 {{/*
-Return the appropriate apiVersion for ingress.
+Return the proper Openldap image name
 */}}
-{{- define "ingress.apiVersion" -}}
-{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}}
-{{- print "networking.k8s.io/v1" -}}
-{{- else -}}
-{{- print "extensions/v1beta1" -}}
+{{- define "phpldapadmin.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
 {{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "phpldapadmin.imagePullSecrets" -}}
+{{ include "common.images.pullSecrets" (dict "images" (list .Values.image ) "global" .Values.global) }}
 {{- end -}}
diff --git a/charts/phpldapadmin/templates/configmap.yaml b/charts/phpldapadmin/templates/configmap.yaml
@@ -12,3 +12,4 @@ metadata:
 {{- end }}
 data:
 {{ toYaml .Values.env | indent 2 }}
+  PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{ '{{ template "global.server" . }}'  : [{'server': [{'tls': True},{'port':389}]},{'login': [{'bind_id': '{{ template "global.bindDN" . }}'  }]}]}]"
diff --git a/charts/phpldapadmin/templates/deployment.yaml b/charts/phpldapadmin/templates/deployment.yaml
@@ -21,9 +21,10 @@ spec:
         app: {{ template "phpldapadmin.name" . }}
         release: {{ .Release.Name }}
     spec:
+      {{- include "phpldapadmin.imagePullSecrets" . | nindent 6 }}
       containers:
       - name: {{ .Chart.Name }}
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        image: {{ include "phpldapadmin.image" . }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
         - name: http

diff --git a/charts/phpldapadmin/templates/ingress.yaml b/charts/phpldapadmin/templates/ingress.yaml
@@ -2,7 +2,7 @@
 {{- $fullName := include "phpldapadmin.fullname" . -}}
 {{- $ingressPath := .Values.ingress.path -}}
 {{- $ingressPathType := .Values.ingress.pathType -}}
-apiVersion: {{ include "ingress.apiVersion" . }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
 kind: Ingress
 metadata:
   name: {{ $fullName }}
@@ -16,6 +16,9 @@ metadata:
 {{ toYaml . | indent 4 }}
 {{- end }}
 spec:
+{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+{{- end }}
 {{- if .Values.ingress.tls }}
   tls:
   {{- range .Values.ingress.tls }}
@@ -32,10 +35,12 @@ spec:
       http:
         paths:
           - path: {{ $ingressPath }}
-            {{- if eq (include "ingress.apiVersion" $) "networking.k8s.io/v1" }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
             pathType: {{ $ingressPathType }}
             {{- end }}
-            backend:
+            backend: {{- include "common.ingress.backend" (dict "serviceName" $fullName "servicePort" "http" "context" $)  | nindent 14 }}
+           {{- /*
+  backend:
               {{- if eq (include "ingress.apiVersion" $) "networking.k8s.io/v1" }}
               service:
                 name: {{ $fullName }}
@@ -44,6 +49,7 @@ spec:
               {{- else }}
               serviceName: {{ $fullName }}
               servicePort: http
-              {{- end }}
+              {{- end }} 
+*/ -}}
   {{- end }}
 {{- end }}
diff --git a/charts/phpldapadmin/values.yaml b/charts/phpldapadmin/values.yaml
@@ -18,6 +18,7 @@ image:
   repository: osixia/phpldapadmin
   tag: 0.9.0
   pullPolicy: IfNotPresent
+  pullSecrets: []
 
 
 ## Enable persistence using Persistent Volume Claims

diff --git a/openldap-stack-ha-2.1.6.tgz b/openldap-stack-ha-2.1.6.tgz