feat(chart): options to keep CRDs and set custom controller environment variables

isometry · isometry · commit b22f5be82dd5 · 2024-11-09T23:22:36.000+01:00
diff --git a/api/v1/managed_secret.go b/api/v1/managed_secret.go
@@ -9,9 +9,9 @@ type secretOwner interface {
 }
 
 type ManagedSecret struct {
-	Namespace string `json:"namespace"`
-	Name      string `json:"name"`
 	BasicAuth bool   `json:"basicAuth"`
+	Namespace string `json:"namespace,omitempty"`
+	Name      string `json:"name,omitempty"`
 }
 
 func (m ManagedSecret) IsUnset() bool {
diff --git a/config/crd/bases/github.as-code.io_clustertokens.yaml b/config/crd/bases/github.as-code.io_clustertokens.yaml
@@ -373,8 +373,6 @@ spec:
                       type: string
                   required:
                     - basicAuth
-                    - name
-                    - namespace
                   type: object
               type: object
           type: object
diff --git a/config/crd/bases/github.as-code.io_tokens.yaml b/config/crd/bases/github.as-code.io_tokens.yaml
@@ -368,8 +368,6 @@ spec:
                       type: string
                   required:
                     - basicAuth
-                    - name
-                    - namespace
                   type: object
               type: object
           type: object
diff --git a/deploy/charts/github-token-manager/templates/config.yaml b/deploy/charts/github-token-manager/templates/config.yaml
@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: gtm-config
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with (default dict .Values.commonAnnotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -18,5 +18,11 @@ stringData:
     app_id: {{ .Values.config.app_id | int }}
     installation_id: {{ .Values.config.installation_id | int }}
     provider: "{{ .Values.config.provider }}"
+  {{- if ne .Values.config.provider "file" }}
     key: "{{ .Values.config.key }}"
+  {{- else }}
+    key: /config/private.key
+  private.key: |
+    {{- .Values.config.key | nindent 4 }}
+  {{- end }}
 {{- end }}
diff --git a/deploy/charts/github-token-manager/templates/crds.yaml b/deploy/charts/github-token-manager/templates/crds.yaml
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: clustertokens.github.as-code.io
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with mergeOverwrite (default dict .Values.commonAnnotations) (ternary (dict "helm.sh/resource-policy" "keep") (dict) .Values.crds.keep) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -268,11 +268,23 @@ spec:
                   type: array
                 secret:
                   properties:
+                    annotations:
+                      additionalProperties:
+                        type: string
+                      description:
+                        Extra annotations for the Secret managed by this
+                        Token
+                      type: object
                     basicAuth:
                       description:
                         Create a secret with 'username' and 'password' fields
                         for HTTP Basic Auth rather than simply 'token'
                       type: boolean
+                    labels:
+                      additionalProperties:
+                        type: string
+                      description: Extra labels for the Secret managed by this Token
+                      type: object
                     name:
                       description:
                         Name for the Secret managed by this ClusterToken
@@ -369,8 +381,6 @@ spec:
                       type: string
                   required:
                     - basicAuth
-                    - name
-                    - namespace
                   type: object
               type: object
           type: object
@@ -383,7 +393,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: tokens.github.as-code.io
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with mergeOverwrite (default dict .Values.commonAnnotations) (ternary (dict "helm.sh/resource-policy" "keep") (dict) .Values.crds.keep) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -648,15 +658,27 @@ spec:
                 secret:
                   description: Override the default token secret name and type
                   properties:
+                    annotations:
+                      additionalProperties:
+                        type: string
+                      description:
+                        Extra annotations for the Secret managed by this
+                        Token
+                      type: object
                     basicAuth:
                       description:
                         Create a secret with 'username' and 'password' fields
                         for HTTP Basic Auth rather than simply 'token'
                       type: boolean
+                    labels:
+                      additionalProperties:
+                        type: string
+                      description: Extra labels for the Secret managed by this Token
+                      type: object
                     name:
                       description:
-                        Name for the Secret managed by this ClusterToken
-                        (defaults to the name of the Token)
+                        Name for the Secret managed by this Token (defaults
+                        to the name of the Token)
                       maxLength: 253
                       type: string
                   type: object
@@ -743,8 +765,6 @@ spec:
                       type: string
                   required:
                     - basicAuth
-                    - name
-                    - namespace
                   type: object
               type: object
           type: object
diff --git a/deploy/charts/github-token-manager/templates/deployment.yaml b/deploy/charts/github-token-manager/templates/deployment.yaml
@@ -4,7 +4,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "chart.fullname" . }}
-  {{- with mergeOverwrite (.Values.commonAnnotations | default dict) $deployment.annotations }}
+  {{- with mergeOverwrite (default dict .Values.commonAnnotations) (default dict $deployment.annotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -77,6 +77,10 @@ spec:
             - --leader-elect
           command:
             - /ko-app/manager
+          {{- with $githubTokenManager.env }}
+          env:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           image: {{ $githubTokenManager.image.repository }}:{{ $githubTokenManager.image.tag }}
           livenessProbe:
             httpGet:
diff --git a/deploy/charts/github-token-manager/templates/rbac.yaml b/deploy/charts/github-token-manager/templates/rbac.yaml
@@ -4,17 +4,12 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Values.rbac.serviceAccount.name | default (include "chart.fullname" . ) }}
-  {{- if or .Values.rbac.serviceAccount.annotations .Values.commonAnnotations }}
+  {{- with mergeOverwrite (default dict .Values.commonAnnotations) (default dict .Values.rbac.serviceAccount.annotations) }}
   annotations:
-  {{- with .Values.rbac.serviceAccount.annotations | default dict }}
-    {{- tpl ( toYaml . ) $ | nindent 4 }}
-  {{- end }}
-  {{- with .Values.commonAnnotations | default dict }}
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
     {{- end }}
   {{- end }}
-  {{- end }}
   labels:
     component: rbac
     {{- include "labels" . | nindent 4 }}
@@ -23,7 +18,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ include "chart.fullname" . }}-leader-election-role
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with (default dict .Values.commonAnnotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -69,7 +64,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ include "chart.fullname" . }}-leader-election-rolebinding
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with (default dict .Values.commonAnnotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -91,7 +86,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ include "chart.fullname" . }}-role
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with (default dict .Values.commonAnnotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -177,7 +172,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ include "chart.fullname" . }}-metrics-reader
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with (default dict .Values.commonAnnotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -196,7 +191,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ include "chart.fullname" . }}-proxy-role
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with (default dict .Values.commonAnnotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -223,7 +218,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "chart.fullname" . }}-rolebinding
-  {{- with .Values.commonAnnotations }}
+  {{- with (default dict .Values.commonAnnotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
@@ -245,7 +240,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "chart.fullname" . }}-proxy-rolebinding
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with (default dict .Values.commonAnnotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
diff --git a/deploy/charts/github-token-manager/templates/service.yaml b/deploy/charts/github-token-manager/templates/service.yaml
@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "chart.fullname" . }}-metrics-service
-  {{- with .Values.commonAnnotations | default dict }}
+  {{- with (default dict .Values.commonAnnotations) }}
   annotations:
     {{- range $key, $value := . }}
     {{ $key }}: {{ $value | quote }}
diff --git a/deploy/charts/github-token-manager/values.yaml b/deploy/charts/github-token-manager/values.yaml
@@ -18,8 +18,12 @@ namespace: ~
 ##   install: true | false
 ##     true: install the CRDs
 ##     false: do not install the CRDs
+##   keep: true | false
+##     true: prevent helm from deleting the CRDs when the chart is deleted
+##     false: allow helm to delete the CRDs when the chart is deleted
 crds:
   install: true
+  keep: true
 
 ## rbac
 ##   create: true | false
@@ -72,6 +76,9 @@ deployment:
       image:
         repository: ghcr.io/isometry/github-token-manager
         tag: latest
+      # additional environment variables to set on the controller container
+      # e.g. `[{name: VAULT_ADDR, value: http://vault:8200}]`
+      env: []
       resources:
         limits:
           cpu: 500m

Original file line number	Diff line number	Diff line change
`@@ -9,9 +9,9 @@ type secretOwner interface {`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`type ManagedSecret struct {`
`12`		- Namespace string `json:"namespace"`
`13`		- Name string `json:"name"`
`14`	`12`	BasicAuth bool `json:"basicAuth"`
	`13`	+ Namespace string `json:"namespace,omitempty"`
	`14`	+ Name string `json:"name,omitempty"`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`func (m ManagedSecret) IsUnset() bool {`