Skip to content

Commit 0900b57

Browse files
lalithkotalalithkota
authored
Merge pull request #99 from lalithkota/main
Keymanager Helm: Keystore Type modified. Added Authentication and Keygeneration options
2 parents 71fa5ef + 681d1af commit 0900b57

File tree

13 files changed

+426
-101
lines changed

13 files changed

+426
-101
lines changed

.github/workflows/push_trigger.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,11 +112,11 @@ jobs:
112112

113113
- name: Update index.yaml
114114
run: |
115-
helm repo index --url https://openg2p.github.io/openg2p-helm/ .
115+
helm repo index .
116116
for chartname in $RANCHER_CHARTS; do
117117
cp ${chartname}*.tgz rancher/
118118
done
119-
helm repo index --url https://openg2p.github.io/openg2p-helm/ --merge rancher/index.yaml rancher
119+
helm repo index --url ../ --merge rancher/index.yaml rancher
120120
for chartname in $RANCHER_CHARTS; do
121121
rm rancher/${chartname}*.tgz || true
122122
done

charts/keymanager/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ apiVersion: v2
22
name: keymanager
33
description: A Helm chart for MOSIP Keymanager module
44
type: application
5-
version: 12.0.2
6-
appVersion: "12.0.1"
5+
version: 12.1.0
6+
appVersion: "12.1.0"
77
dependencies:
88
- name: common
99
repository: oci://registry-1.docker.io/bitnamicharts

charts/keymanager/questions.yaml

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ questions:
77
- variable: global.keycloakBaseUrl
88
description: Required for API auth validation.
99
type: string
10+
show_if: "authEnabled=true"
1011
label: Keycloak Base URL
1112

1213
- variable: springConfig.profile
@@ -39,7 +40,7 @@ questions:
3940
description: |-
4041
If git-based config is disabled, the complete application.properties can be
4142
directly supplied here.
42-
type: yamlfile
43+
type: multiline
4344
label: Spring Config application properties.
4445
show_if: "springConfig.gitRepo.enabled=false"
4546

@@ -49,4 +50,23 @@ questions:
4950
Do not edit this parameter unless required.
5051
type: string
5152
label: Allowed Keycloak Client IDs.
53+
show_if: "authEnabled=true"
5254
group: Advanced Settings
55+
56+
- variable: keystoreType
57+
label: Keystore Type
58+
description: PKCS11 for HSM. PKCS12 for storing into local p12 file.
59+
type: enum
60+
options:
61+
- PKCS11
62+
- PKCS12
63+
64+
- variable: authEnabled
65+
label: API Authentication Enabled
66+
description: Enables Keymanager API Authentication.
67+
type: boolean
68+
69+
- variable: persistence.enabled
70+
label: Persistence Enabled
71+
description: Enable this if Keystore Type is PKCS12.
72+
type: boolean

charts/keymanager/templates/_helpers.tpl

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,18 +5,11 @@ Return the proper image name
55
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
66
{{- end -}}
77

8-
{{/*
9-
Return the proper image name (for the init container volume-permissions image)
10-
*/}}
11-
{{- define "keymanager.volumePermissions.image" -}}
12-
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
13-
{{- end -}}
14-
158
{{/*
169
Return the proper Docker Image Registry Secret Names
1710
*/}}
1811
{{- define "keymanager.imagePullSecrets" -}}
19-
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.postgresInit.image .Values.keygen.image) "global" .Values.global) -}}
12+
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.postgresInit.image .Values.keygen.image) "global" .Values.global) -}}
2013
{{- end -}}
2114

2215
{{/*
@@ -63,15 +56,24 @@ Render Env values section
6356
{{- define "keymanager.baseEnvVars" -}}
6457
{{- $context := .context -}}
6558
{{- range $k, $v := .envVars }}
66-
- name: {{ $k }}
6759
{{- if or (kindIs "int64" $v) (kindIs "float64" $v) (kindIs "bool" $v) }}
60+
- name: {{ $k }}
6861
value: {{ $v | quote }}
6962
{{- else if kindIs "string" $v }}
63+
- name: {{ $k }}
7064
value: {{ include "common.tplvalues.render" ( dict "value" $v "context" $context ) | squote }}
7165
{{- else }}
66+
{{- $vEnabled := "true" }}
67+
{{- if hasKey $v "enabled" }}
68+
{{- $vEnabled = kindIs "bool" $v.enabled | ternary ($v.enabled | squote) (include "common.tplvalues.render" (dict "value" $v.enabled "context" $context)) }}
69+
{{- $v = omit $v "enabled" }}
70+
{{- end }}
71+
{{- if eq $vEnabled "true" }}
72+
- name: {{ $k }}
7273
valueFrom: {{- include "common.tplvalues.render" ( dict "value" $v "context" $context ) | nindent 4}}
7374
{{- end }}
7475
{{- end }}
76+
{{- end }}
7577
{{- end -}}
7678

7779
{{- define "keymanager.envVars" -}}
@@ -115,3 +117,7 @@ args: []
115117
{{- define "keymanager.keygen.command" -}}
116118
{{- include "keymanager.commandBase" (dict "command" .Values.keygen.command "args" .Values.keygen.args "startUpCommand" .Values.keygen.startUpCommand "context" $) }}
117119
{{- end -}}
120+
121+
{{- define "keymanager.postgresInit.command" -}}
122+
{{- include "keymanager.commandBase" (dict "command" .Values.postgresInit.command "args" .Values.postgresInit.args "startUpCommand" .Values.postgresInit.startUpCommand "context" $) }}
123+
{{- end -}}

charts/keymanager/templates/deployment.yaml

Lines changed: 78 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,9 +45,65 @@ spec:
4545
{{- if .Values.podSecurityContext.enabled }}
4646
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
4747
{{- end }}
48-
{{- if .Values.initContainers }}
48+
{{- if or (and .Values.postgresInit.enabled .Values.persistence.enabled) (and .Values.keygen.enabled .Values.persistence.enabled) .Values.initContainers }}
4949
initContainers:
50+
{{- if and .Values.postgresInit.enabled .Values.persistence.enabled }}
51+
- name: postgres-init
52+
image: {{ include "common.images.image" (dict "imageRoot" .Values.postgresInit.image "global" .Values.global) }}
53+
imagePullPolicy: {{ .Values.postgresInit.image.pullPolicy }}
54+
{{- include "keymanager.postgresInit.command" . | nindent 10 }}
55+
{{- if .Values.postgresInit.containerSecurityContext.enabled }}
56+
securityContext: {{- omit .Values.postgresInit.containerSecurityContext "enabled" | toYaml | nindent 12 }}
57+
{{- end }}
58+
env:
59+
{{- include "keymanager.postgresInit.envVars" . | nindent 12 }}
60+
volumeMounts:
61+
{{- if and .Values.postgresInit.startUpCommand (not (or .Values.postgresInit.command .Values.postgresInit.args)) }}
62+
- name: postgres-init-conf
63+
mountPath: /startup.sh
64+
subPath: startup-command-sh
65+
{{- end }}
66+
{{- if .Values.postgresInit.keyPolicyDef.enabled }}
67+
- name: postgres-init-conf
68+
mountPath: {{ include "common.tplvalues.render" (dict "value" .Values.postgresInit.keyPolicyDef.mountPath "context" $) }}
69+
subPath: key-policy-def-csv
70+
{{- end }}
71+
- name: keymanager-data
72+
mountPath: {{ .Values.persistence.mountPath }}
73+
{{- if .Values.postgresInit.extraVolumeMounts }}
74+
{{- include "common.tplvalues.render" (dict "value" .Values.postgresInit.extraVolumeMounts "context" $) | nindent 12 }}
75+
{{- end }}
76+
{{- end }}
77+
{{- if and .Values.keygen.enabled .Values.persistence.enabled }}
78+
- name: keygen
79+
image: {{ include "common.images.image" (dict "imageRoot" .Values.keygen.image "global" .Values.global) }}
80+
imagePullPolicy: {{ .Values.keygen.image.pullPolicy }}
81+
{{- include "keymanager.keygen.command" . | nindent 10 }}
82+
{{- if .Values.keygen.containerSecurityContext.enabled }}
83+
securityContext: {{- omit .Values.keygen.containerSecurityContext "enabled" | toYaml | nindent 12 }}
84+
{{- end }}
85+
env:
86+
{{- include "keymanager.keygen.envVars" . | nindent 12 }}
87+
volumeMounts:
88+
{{- if and .Values.keygen.startUpCommand (not (or .Values.keygen.command .Values.keygen.args)) }}
89+
- name: keygen-conf
90+
mountPath: /startup.sh
91+
subPath: startup-command-sh
92+
{{- end }}
93+
{{- if and .Values.springConfig.rawConfig (not .Values.springConfig.gitRepo.enabled) }}
94+
- name: spring-config
95+
mountPath: {{ include "common.tplvalues.render" (dict "value" .Values.springConfig.rawConfigMountPath "context" $) }}
96+
subPath: application.properties
97+
{{- end }}
98+
- name: keymanager-data
99+
mountPath: {{ .Values.persistence.mountPath }}
100+
{{- if .Values.keygen.extraVolumeMounts }}
101+
{{- include "common.tplvalues.render" (dict "value" .Values.keygen.extraVolumeMounts "context" $) | nindent 12 }}
102+
{{- end }}
103+
{{- end }}
104+
{{- if .Values.initContainers }}
50105
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
106+
{{- end }}
51107
{{- end }}
52108
containers:
53109
- name: keymanager
@@ -94,6 +150,10 @@ spec:
94150
mountPath: {{ include "common.tplvalues.render" (dict "value" .Values.springConfig.rawConfigMountPath "context" $) }}
95151
subPath: application.properties
96152
{{- end }}
153+
{{- if .Values.persistence.enabled }}
154+
- name: keymanager-data
155+
mountPath: {{ .Values.persistence.mountPath }}
156+
{{- end }}
97157
{{- if .Values.extraVolumeMounts }}
98158
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
99159
{{- end }}
@@ -112,6 +172,23 @@ spec:
112172
configMap:
113173
name: {{ template "common.names.fullname" . }}-spring-config
114174
{{- end }}
175+
{{- if .Values.persistence.enabled }}
176+
{{- if or .Values.postgresInit.keyPolicyDef.enabled (and .Values.postgresInit.startUpCommand (not (or .Values.postgresInit.command .Values.postgresInit.args))) }}
177+
- name: postgres-init-conf
178+
configMap:
179+
name: {{ include "common.names.fullname" . }}-postgres-init
180+
defaultMode: 0755
181+
{{- end }}
182+
{{- if and .Values.keygen.startUpCommand (not (or .Values.keygen.command .Values.keygen.args)) }}
183+
- name: keygen-conf
184+
configMap:
185+
name: {{ include "common.names.fullname" . }}-keygen
186+
defaultMode: 0755
187+
{{- end }}
188+
- name: keymanager-data
189+
persistentVolumeClaim:
190+
claimName: {{ (tpl .Values.persistence.existingClaim $) | default (include "common.names.fullname" .) }}
191+
{{- end }}
115192
{{- if .Values.extraVolumes }}
116193
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
117194
{{- end }}

charts/keymanager/templates/keygen/configmap-startup.yaml renamed to charts/keymanager/templates/keygen/configmap.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
1-
{{- if .Values.keygen.enabled }}
2-
{{- if and .Values.keygen.startUpCommand (not (or .Values.keygen.command .Values.keygen.args)) }}
1+
{{- if and .Values.keygen.enabled .Values.keygen.startUpCommand }}
32
apiVersion: v1
43
kind: ConfigMap
54
metadata:
6-
name: {{ template "common.names.fullname" . }}-keygen-startup
5+
name: {{ include "common.names.fullname" . }}-keygen
76
labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }}
87
{{- if .Values.commonAnnotations }}
98
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
109
{{- end }}
1110
data:
12-
startup.sh: |-
11+
{{- if .Values.keygen.startUpCommand }}
12+
startup-command-sh: |-
1313
{{- include "common.tplvalues.render" (dict "value" .Values.keygen.startUpCommand "context" $) | nindent 4 }}
14-
{{- end }}
14+
{{- end }}
1515
{{- end }}

charts/keymanager/templates/keygen/job.yaml

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
{{- if .Values.keygen.enabled }}
1+
{{- if and .Values.keygen.enabled (not .Values.persistence.enabled) }}
22
apiVersion: batch/v1
33
kind: Job
44
metadata:
@@ -28,6 +28,9 @@ spec:
2828
{{- end }}
2929
serviceAccountName: {{ template "keymanager.serviceAccountName" . }}
3030
restartPolicy: Never
31+
{{- if .Values.keygen.initContainers }}
32+
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.keygen.initContainers "context" $) | nindent 8 }}
33+
{{- end }}
3134
containers:
3235
- name: keygen
3336
image: {{ include "common.images.image" (dict "imageRoot" .Values.keygen.image "global" .Values.global) }}
@@ -40,9 +43,9 @@ spec:
4043
{{- include "keymanager.keygen.envVars" . | nindent 12 }}
4144
volumeMounts:
4245
{{- if and .Values.keygen.startUpCommand (not (or .Values.keygen.command .Values.keygen.args)) }}
43-
- name: startup-command
46+
- name: keygen-conf
4447
mountPath: /startup.sh
45-
subPath: startup.sh
48+
subPath: startup-command-sh
4649
{{- end }}
4750
{{- if and .Values.springConfig.rawConfig (not .Values.springConfig.gitRepo.enabled) }}
4851
- name: spring-config
@@ -54,9 +57,9 @@ spec:
5457
{{- end }}
5558
volumes:
5659
{{- if and .Values.keygen.startUpCommand (not (or .Values.keygen.command .Values.keygen.args)) }}
57-
- name: startup-command
60+
- name: keygen-conf
5861
configMap:
59-
name: {{ template "common.names.fullname" . }}-keygen-startup
62+
name: {{ include "common.names.fullname" . }}-keygen
6063
defaultMode: 0755
6164
{{- end }}
6265
{{- if and .Values.springConfig.rawConfig (not .Values.springConfig.gitRepo.enabled) }}

charts/keymanager/templates/postgresInit/configmap.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
{{- if and .Values.postgresInit.enabled .Values.postgresInit.keyPolicyDef.enabled .Values.postgresInit.startUpCommand }}
2+
apiVersion: v1
3+
kind: ConfigMap
4+
metadata:
5+
name: {{ include "common.names.fullname" . }}-postgres-init
6+
labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }}
7+
{{- if .Values.commonAnnotations }}
8+
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
9+
{{- end }}
10+
data:
11+
{{- if .Values.postgresInit.startUpCommand }}
12+
startup-command-sh: |-
13+
{{- include "common.tplvalues.render" (dict "value" .Values.postgresInit.startUpCommand "context" $) | nindent 4 }}
14+
{{- end }}
15+
{{- if .Values.postgresInit.keyPolicyDef.enabled }}
16+
key-policy-def-csv: |-
17+
{{- include "common.tplvalues.render" (dict "value" .Values.postgresInit.keyPolicyDef.csv "context" $) | nindent 4 }}
18+
{{- end }}
19+
{{- end }}

charts/keymanager/templates/postgresInit/job.yaml

Lines changed: 26 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
{{- if .Values.postgresInit.enabled }}
1+
{{- if and .Values.postgresInit.enabled (not .Values.persistence.enabled) }}
22
apiVersion: batch/v1
33
kind: Job
44
metadata:
@@ -32,15 +32,34 @@ spec:
3232
- name: postgres-init
3333
image: {{ include "common.images.image" (dict "imageRoot" .Values.postgresInit.image "global" .Values.global) }}
3434
imagePullPolicy: {{ .Values.postgresInit.image.pullPolicy }}
35-
{{- if .Values.postgresInit.command }}
36-
command: {{- include "common.tplvalues.render" (dict "value" .Values.postgresInit.command "context" $) | nindent 12 }}
37-
{{- end }}
38-
{{- if .Values.postgresInit.args }}
39-
args: {{- include "common.tplvalues.render" (dict "value" .Values.postgresInit.args "context" $) | nindent 12 }}
40-
{{- end }}
35+
{{- include "keymanager.postgresInit.command" . | nindent 10 }}
4136
{{- if .Values.postgresInit.containerSecurityContext.enabled }}
4237
securityContext: {{- omit .Values.postgresInit.containerSecurityContext "enabled" | toYaml | nindent 12 }}
4338
{{- end }}
4439
env:
4540
{{- include "keymanager.postgresInit.envVars" . | nindent 12 }}
41+
volumeMounts:
42+
{{- if and .Values.postgresInit.startUpCommand (not (or .Values.postgresInit.command .Values.postgresInit.args)) }}
43+
- name: postgres-init-conf
44+
mountPath: /startup.sh
45+
subPath: startup-command-sh
46+
{{- end }}
47+
{{- if .Values.postgresInit.keyPolicyDef.enabled }}
48+
- name: postgres-init-conf
49+
mountPath: {{ include "common.tplvalues.render" (dict "value" .Values.postgresInit.keyPolicyDef.mountPath "context" $) }}
50+
subPath: key-policy-def-csv
51+
{{- end }}
52+
{{- if .Values.postgresInit.extraVolumeMounts }}
53+
{{- include "common.tplvalues.render" (dict "value" .Values.postgresInit.extraVolumeMounts "context" $) | nindent 12 }}
54+
{{- end }}
55+
volumes:
56+
{{- if or .Values.postgresInit.keyPolicyDef.enabled (and .Values.postgresInit.startUpCommand (not (or .Values.postgresInit.command .Values.postgresInit.args))) }}
57+
- name: postgres-init-conf
58+
configMap:
59+
name: {{ include "common.names.fullname" . }}-postgres-init
60+
defaultMode: 0755
61+
{{- end }}
62+
{{- if .Values.postgresInit.extraVolumes }}
63+
{{- include "common.tplvalues.render" (dict "value" .Values.postgresInit.extraVolumes "context" $) | nindent 8 }}
64+
{{- end }}
4665
{{- end }}

charts/keymanager/templates/pvc.yaml

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
2+
kind: PersistentVolumeClaim
3+
apiVersion: v1
4+
metadata:
5+
name: {{ include "common.names.fullname" . }}
6+
labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }}
7+
annotations:
8+
{{- if .Values.persistence.resourcePolicy }}
9+
helm.sh/resource-policy: {{ include "common.tplvalues.render" (dict "value" .Values.persistence.resourcePolicy "context" $) | quote }}
10+
{{- end }}
11+
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
12+
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.persistence.annotations .Values.commonAnnotations) "context" .) }}
13+
{{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }}
14+
{{- end }}
15+
spec:
16+
{{- if .Values.persistence.storageClassName }}
17+
storageClassName: {{ include "common.tplvalues.render" (dict "value" .Values.persistence.storageClassName "context" $) }}
18+
{{- end }}
19+
accessModes:
20+
{{- if not (empty .Values.persistence.accessModes) }}
21+
{{- range .Values.persistence.accessModes }}
22+
- {{ . | quote }}
23+
{{- end }}
24+
{{- else }}
25+
- {{ .Values.persistence.accessMode | quote }}
26+
{{- end }}
27+
resources:
28+
requests:
29+
storage: {{ .Values.persistence.size | quote }}
30+
{{- if .Values.persistence.selector }}
31+
selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 4 }}
32+
{{- end -}}
33+
{{- if .Values.persistence.dataSource }}
34+
dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }}
35+
{{- end }}
36+
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }}
37+
{{- end }}

0 commit comments

Comments
 (0)