Adds Helm values functionality to SCM Manager and other features (#251)

* feat: add Helm values functionality to SCM Manager and other features

- Introduced the `helmValues` function for SCM Manager to simplify configuration management.
- Set `initialDelaySeconds` directly in values giving more time for startup.
- Applied the same Helm values functionality to other features for consistency across the helm charts.

* add new configuration schema

* feat: add Helm values functionality to SCM Manager and other features

- Introduced the `helmValues` function for SCM Manager to simplify configuration management.
- Set `initialDelaySeconds` directly in values giving more time for startup.
- Applied the same Helm values functionality to other features for consistency across the helm charts.

---------

Co-authored-by: Thomas Michael <[email protected]>

Author: nihussmann

docs/configuration.schema.json

@@ -11,6 +11,16 @@
       },
       "additionalProperties" : false
     },
+    "HelmConfigWithValues-nullable" : {
+      "type" : [ "object", "null" ],
+      "properties" : {
+        "values" : {
+          "$ref" : "#/$defs/Map(String,Object)-nullable",
+          "description" : "Helm values of the chart, allows overriding defaults and setting values that are not exposed as explicit configuration"
+        }
+      },
+      "additionalProperties" : false
+    },
     "Map(String,Object)-nullable" : {
       "type" : [ "object", "null" ]
     },
@@ -262,6 +272,10 @@
                 "image" : {
                   "type" : [ "string", "null" ],
                   "description" : "The image of the Helm chart to be installed"
+                },
+                "values" : {
+                  "$ref" : "#/$defs/Map(String,Object)-nullable",
+                  "description" : "Helm values of the chart, allows overriding defaults and setting values that are not exposed as explicit configuration"
                 }
               },
               "additionalProperties" : false,
@@ -366,6 +380,10 @@
                       "type" : [ "string", "null" ],
                       "description" : "Sets image for external secrets operator"
                     },
+                    "values" : {
+                      "$ref" : "#/$defs/Map(String,Object)-nullable",
+                      "description" : "Helm values of the chart, allows overriding defaults and setting values that are not exposed as explicit configuration"
+                    },
                     "webhookImage" : {
                       "type" : [ "string", "null" ],
                       "description" : "Sets image for external secrets operator's webhook"
@@ -387,6 +405,10 @@
                     "image" : {
                       "type" : [ "string", "null" ],
                       "description" : "Sets image for vault"
+                    },
+                    "values" : {
+                      "$ref" : "#/$defs/Map(String,Object)-nullable",
+                      "description" : "Helm values of the chart, allows overriding defaults and setting values that are not exposed as explicit configuration"
                     }
                   },
                   "additionalProperties" : false,
@@ -517,8 +539,7 @@
           "description" : "Create image pull secrets for registry and proxy-registry for all GOP namespaces and helm charts. Uses proxy-username, read-only-username or registry-username (in this order).  Use this if your cluster is not auto-provisioned with credentials for your private registries or if you configure individual helm images to be pulled from the proxy-registry that requires authentication."
         },
         "helm" : {
-          "type" : [ "object", "null" ],
-          "additionalProperties" : false,
+          "$ref" : "#/$defs/HelmConfigWithValues-nullable",
           "description" : "Common Config parameters for the Helm package manager: Name of Chart (chart), URl of Helm-Repository (repoURL) and Chart Version (version). Note: These config is intended to obtain the chart from a different source (e.g. in air-gapped envs), not to use a different version of a helm chart. Using a different helm chart or version to the one used in the GOP version will likely cause errors."
         },
         "internalPort" : {
@@ -592,14 +613,7 @@
       "type" : [ "object", "null" ],
       "properties" : {
         "helm" : {
-          "type" : [ "object", "null" ],
-          "properties" : {
-            "values" : {
-              "$ref" : "#/$defs/Map(String,Object)-nullable",
-              "description" : "Helm values of the chart, allows overriding defaults and setting values that are not exposed as explicit configuration"
-            }
-          },
-          "additionalProperties" : false,
+          "$ref" : "#/$defs/HelmConfigWithValues-nullable",
           "description" : "Common Config parameters for the Helm package manager: Name of Chart (chart), URl of Helm-Repository (repoURL) and Chart Version (version). Note: These config is intended to obtain the chart from a different source (e.g. in air-gapped envs), not to use a different version of a helm chart. Using a different helm chart or version to the one used in the GOP version will likely cause errors."
         },
         "password" : {

scm-manager/values.ftl.yaml

@@ -1,10 +1,10 @@
 persistence:
   size: 1Gi
 
-<#if helm.values['initialDelaySeconds']??>
+#increased startup time for slower devices
 livenessProbe:
-  initialDelaySeconds: ${helm.values.initialDelaySeconds}
-</#if>
+  initialDelaySeconds: 120
+
 
 extraEnv: |
     - name: SCM_WEBAPP_INITIALUSER

src/main/groovy/com/cloudogu/gitops/Feature.groovy

@@ -1,6 +1,11 @@
 package com.cloudogu.gitops
 
+import com.cloudogu.gitops.utils.MapUtils
+import com.cloudogu.gitops.utils.TemplatingEngine
 import groovy.util.logging.Slf4j
+import groovy.yaml.YamlSlurper
+
+import java.nio.file.Path
 
 /**
  * A single tool to be deployed by GOP.
@@ -55,6 +60,16 @@ abstract class Feature {
         return null
     }
 
+    static Map templateToMap(String filePath, Map parameters) {
+        def hydratedString = new TemplatingEngine().template(new File(filePath), parameters)
+
+        if (hydratedString.trim().isEmpty()) {
+            // Otherwise YamlSlurper returns an empty array, whereas we expect a Map
+            return [:]
+        }
+        return new YamlSlurper().parseText(hydratedString) as Map
+    }
+
     abstract boolean isEnabled()
 
     /*

src/main/groovy/com/cloudogu/gitops/config/Config.groovy

@@ -146,7 +146,7 @@ class Config {
         Boolean createImagePullSecrets = false
 
         @JsonPropertyDescription(HELM_CONFIG_DESCRIPTION)
-        HelmConfig helm = new HelmConfig(
+        HelmConfigWithValues helm = new HelmConfigWithValues(
                 chart: 'docker-registry',
                 repoURL: 'https://helm.twun.io',
                 version: '2.2.3')
@@ -240,9 +240,8 @@ class Config {
                 chart: 'scm-manager',
                 repoURL: 'https://packages.scm-manager.org/repository/helm-v2-releases/',
                 version: '3.2.1',
-                values: [
-                        initialDelaySeconds: 120
-                ])
+                values: [:]
+        )
     }
 
     static class ApplicationSchema {
@@ -511,7 +510,7 @@ class Config {
                 repoURL: 'https://codecentric.github.io/helm-charts',
                 version: '5.0.1')
 
-        static class MailHelmSchema extends HelmConfig {
+        static class MailHelmSchema extends HelmConfigWithValues {
             @Option(names = ['--mailhog-image'], description = HELM_CONFIG_IMAGE_DESCRIPTION)
             @JsonPropertyDescription(HELM_CONFIG_IMAGE_DESCRIPTION)
             String image = 'ghcr.io/cloudogu/mailhog:v1.0.1'
@@ -589,7 +588,7 @@ class Config {
                     repoURL: 'https://charts.external-secrets.io',
                     version: '0.9.16'
             )
-            static class ESOHelmSchema extends HelmConfig {
+            static class ESOHelmSchema extends HelmConfigWithValues {
                 @Option(names = ['--external-secrets-image'], description = EXTERNAL_SECRETS_IMAGE_DESCRIPTION)
                 @JsonPropertyDescription(EXTERNAL_SECRETS_IMAGE_DESCRIPTION)
                 String image = ''
@@ -620,7 +619,7 @@ class Config {
                     repoURL: 'https://helm.releases.hashicorp.com',
                     version: '0.25.0'
             )
-            static class VaultHelmSchema extends HelmConfig {
+            static class VaultHelmSchema extends HelmConfigWithValues {
                 @Option(names = ['--vault-image'], description = VAULT_IMAGE_DESCRIPTION)
                 @JsonPropertyDescription(VAULT_IMAGE_DESCRIPTION)
                 String image = ''

src/main/groovy/com/cloudogu/gitops/features/CertManager.groovy

@@ -3,9 +3,11 @@ package com.cloudogu.gitops.features
 import com.cloudogu.gitops.Feature
 import com.cloudogu.gitops.FeatureWithImage
 import com.cloudogu.gitops.config.Config
-
 import com.cloudogu.gitops.features.deployment.DeploymentStrategy
-import com.cloudogu.gitops.utils.*
+import com.cloudogu.gitops.utils.AirGappedUtils
+import com.cloudogu.gitops.utils.FileSystemUtils
+import com.cloudogu.gitops.utils.K8sClient
+import com.cloudogu.gitops.utils.MapUtils
 import freemarker.template.DefaultObjectWrapperBuilder
 import groovy.util.logging.Slf4j
 import groovy.yaml.YamlSlurper
@@ -17,7 +19,7 @@ import java.nio.file.Path
 @Slf4j
 @Singleton
 @Order(160)
-class CertManager extends Feature implements FeatureWithImage{
+class CertManager extends Feature implements FeatureWithImage {
 
     static final String HELM_VALUES_PATH = "applications/cluster-resources/certManager-helm-values.ftl.yaml"
 
@@ -26,7 +28,7 @@ class CertManager extends Feature implements FeatureWithImage{
     private AirGappedUtils airGappedUtils
     final K8sClient k8sClient
     final Config config
-    final String namespace ="cert-manager"
+    final String namespace = "cert-manager"
 
     CertManager(
             Config config,
@@ -50,22 +52,20 @@ class CertManager extends Feature implements FeatureWithImage{
     @Override
     void enable() {
 
-        def templatedMap = new YamlSlurper().parseText(
-                new TemplatingEngine().template(new File(HELM_VALUES_PATH),
-                    [config: config,
-                     // Allow for using static classes inside the templates
-                     statics: new DefaultObjectWrapperBuilder(freemarker.template.Configuration.VERSION_2_3_32).build()
-                             .getStaticModels(),
-                    ])) as Map
-
+        def templatedMap = templateToMap(HELM_VALUES_PATH,
+                [
+                        config : config,
+                        // Allow for using static classes inside the templates
+                        statics: new DefaultObjectWrapperBuilder(freemarker.template.Configuration.VERSION_2_3_32).build()
+                                .getStaticModels(),
+                ]) as Map
 
 
         def valuesFromConfig = config.features.certManager.helm.values
 
         def mergedMap = MapUtils.deepMerge(valuesFromConfig, templatedMap)
 
-        def tmpHelmValues = fileSystemUtils.createTempFile()
-        fileSystemUtils.writeYaml(mergedMap, tmpHelmValues.toFile())
+        def tempValuesPath = fileSystemUtils.writeTempFile(mergedMap)
 
         def helmConfig = config.features.certManager.helm
         if (config.application.mirrorRepos) {
@@ -84,7 +84,7 @@ class CertManager extends Feature implements FeatureWithImage{
                     certManagerVersion,
                     'cert-manager',
                     'cert-manager',
-                    tmpHelmValues, DeploymentStrategy.RepoType.GIT)
+                    tempValuesPath, DeploymentStrategy.RepoType.GIT)
         } else {
             deployer.deployFeature(
                     helmConfig.repoURL,
@@ -93,10 +93,11 @@ class CertManager extends Feature implements FeatureWithImage{
                     helmConfig.version,
                     'cert-manager',
                     'cert-manager',
-                    tmpHelmValues
+                    tempValuesPath
             )
         }
     }
+
     private URI getScmmUri() {
         if (config.scmm.internal) {
             new URI('http://scmm-scm-manager.default.svc.cluster.local/scm')

src/main/groovy/com/cloudogu/gitops/features/ExternalSecretsOperator.groovy

@@ -3,12 +3,11 @@ package com.cloudogu.gitops.features
 import com.cloudogu.gitops.Feature
 import com.cloudogu.gitops.FeatureWithImage
 import com.cloudogu.gitops.config.Config
-
 import com.cloudogu.gitops.features.deployment.DeploymentStrategy
 import com.cloudogu.gitops.utils.AirGappedUtils
 import com.cloudogu.gitops.utils.FileSystemUtils
 import com.cloudogu.gitops.utils.K8sClient
-import com.cloudogu.gitops.utils.TemplatingEngine
+import com.cloudogu.gitops.utils.MapUtils
 import freemarker.template.DefaultObjectWrapperBuilder
 import groovy.util.logging.Slf4j
 import groovy.yaml.YamlSlurper
@@ -21,13 +20,13 @@ import java.nio.file.Path
 @Singleton
 @Order(400)
 class ExternalSecretsOperator extends Feature implements FeatureWithImage {
-    
+
     static final String HELM_VALUES_PATH = 'applications/cluster-resources/secrets/external-secrets/values.ftl.yaml'
-    
+
     String namespace = 'secrets'
     Config config
     K8sClient k8sClient
-    
+
     private FileSystemUtils fileSystemUtils
     private DeploymentStrategy deployer
     private AirGappedUtils airGappedUtils
@@ -54,15 +53,16 @@ class ExternalSecretsOperator extends Feature implements FeatureWithImage {
     @Override
     void enable() {
 
-        def helmConfig = config.features.secrets.externalSecrets.helm as Config.HelmConfig
-        def helmValuesYaml = templateToMap(HELM_VALUES_PATH, [
-                        config: config,
-                        // Allow for using static classes inside the templates
-                        statics: new DefaultObjectWrapperBuilder(freemarker.template.Configuration.VERSION_2_3_32).build().getStaticModels()
-                ])
+        def templatedMap = templateToMap(HELM_VALUES_PATH, [
+                config : config,
+                // Allow for using static classes inside the templates
+                statics: new DefaultObjectWrapperBuilder(freemarker.template.Configuration.VERSION_2_3_32).build().getStaticModels()
+        ])
+        
+        def helmConfig = config.features.secrets.externalSecrets.helm
+        def mergedMap = MapUtils.deepMerge(helmConfig.values, templatedMap)
+        def tempValuesPath = fileSystemUtils.writeTempFile(mergedMap)
 
-        def tmpHelmValues = fileSystemUtils.createTempFile()
-        fileSystemUtils.writeYaml(helmValuesYaml, tmpHelmValues.toFile())
 
         if (config.application.mirrorRepos) {
             log.debug("Mirroring repos: Deploying externalSecretsOperator from local git repo")
@@ -80,20 +80,21 @@ class ExternalSecretsOperator extends Feature implements FeatureWithImage {
                     externalSecretsVersion,
                     namespace,
                     'external-secrets',
-                    tmpHelmValues, DeploymentStrategy.RepoType.GIT
+                    tempValuesPath, DeploymentStrategy.RepoType.GIT
             )
         } else {
             deployer.deployFeature(
-                helmConfig.repoURL,
-                "externalsecretsoperator",
-                helmConfig.chart,
-                helmConfig.version,
+                    helmConfig.repoURL,
+                    "externalsecretsoperator",
+                    helmConfig.chart,
+                    helmConfig.version,
                     namespace,
-                'external-secrets',
-                tmpHelmValues
+                    'external-secrets',
+                    tempValuesPath
             )
         }
     }
+
     private URI getScmmUri() {
         if (config.scmm.internal) {
             new URI('http://scmm-scm-manager.default.svc.cluster.local/scm')
@@ -102,13 +103,4 @@ class ExternalSecretsOperator extends Feature implements FeatureWithImage {
         }
     }
 
-    Map templateToMap(String filePath, Map parameters) {
-        def hydratedString = new TemplatingEngine().template(new File(filePath), parameters)
-        
-        if (hydratedString.trim().isEmpty()) {
-            // Otherwise YamlSlurper returns an empty array, whereas we expect a Map
-            return [:]
-        } 
-        return new YamlSlurper().parseText(hydratedString) as Map
-    }
 }