Update kubernetes templates to make certain property values configurable from values.yaml

andrest50 · andrest50 · commit 2a67dc7a8451 · 2025-07-17T13:38:27.000-07:00
Signed-off-by: Andres Tobon &lt;andrest2455@gmail.com&gt;
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -32,8 +32,8 @@ jobs:
       # MegaLinter
       - name: MegaLinter
         id: ml
-        # Use the Documentation flavor.
-        uses: oxsecurity/megalinter/flavors/documentation@5a91fb06c83d0e69fbd23756d47438aa723b4a5a  # 8.7.0
+        # Use the Go flavor.
+        uses: oxsecurity/megalinter/flavors/go@5a91fb06c83d0e69fbd23756d47438aa723b4a5a  # 8.7.0
         env:
           # All available variables are described in documentation
           # https://megalinter.io/configuration/
diff --git a/.mega-linter.yml b/.mega-linter.yml
@@ -18,9 +18,6 @@ DISABLE_LINTERS:
   # yamllint is sufficient for us.
   - YAML_PRETTIER
 DISABLE_ERRORS_LINTERS:
-  # Include grammar checks only as warnings.
-  - SPELL_PROSELINT
-  - SPELL_VALE
   # This may be informative but doesn't need to break the build.
   - COPYPASTE_JSCPD
   # TBD! Need to work through these.
diff --git a/charts/lfx-v2-project-service/templates/ingressroute.yaml b/charts/lfx-v2-project-service/templates/ingressroute.yaml
@@ -1,6 +1,8 @@
 # Copyright The Linux Foundation and each contributor to LFX.
 # SPDX-License-Identifier: MIT
 ---
+# TODO: use the newer Gateway API instead of a IngressRoute resource
+# https://doc.traefik.io/traefik/routing/providers/kubernetes-gateway/
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -17,7 +19,9 @@ spec:
         (Path(`/projects`) || PathPrefix(`/projects/`) || Path(`/livez`) || Path(`/readyz`))
       priority: 10
       middlewares:
+        {{- if .Values.heimdall.enabled }}
         - name: heimdall
+        {{- end }}
       services:
         - kind: Service
           name: lfx-v2-project-service
diff --git a/charts/lfx-v2-project-service/templates/nats-kv-bucket.yaml b/charts/lfx-v2-project-service/templates/nats-kv-bucket.yaml
@@ -1,15 +1,17 @@
 # Copyright The Linux Foundation and each contributor to LFX.
 # SPDX-License-Identifier: MIT
 ---
+{{- if .Values.nats.projects_kv_bucket.creation }}
 apiVersion: jetstream.nats.io/v1beta2
 kind: KeyValue
 metadata:
   name: projects
   namespace: lfx
 spec:
-  bucket: projects
-  history: 20
-  storage: file
-  maxValueSize: 10485760 # 10MB
-  maxBytes: 1073741824 # 1GB
-  compression: true
+  bucket: {{ .Values.nats.projects_kv_bucket.name }}
+  history: {{ .Values.nats.projects_kv_bucket.history }}
+  storage: {{ .Values.nats.projects_kv_bucket.storage }}
+  maxValueSize: {{ .Values.nats.projects_kv_bucket.maxValueSize }}
+  maxBytes: {{ .Values.nats.projects_kv_bucket.maxBytes }}
+  compression: {{ .Values.nats.projects_kv_bucket.compression }}
+{{- end }}
diff --git a/charts/lfx-v2-project-service/values.yaml b/charts/lfx-v2-project-service/values.yaml
@@ -9,10 +9,29 @@ ingress:
 nats:
   # url is the URL of the NATS server
   url: nats://nats.lfx.svc.cluster.local:4222
-  projects_kv_bucket_name: projects
+
+  # projects_kv_bucket is the configuration for the KV bucket for storing projects
+  projects_kv_bucket:
+    # creation is a boolean to determine if the KV bucket should be created via the helm chart.
+    # set it to false if you want to use an existing KV bucket.
+    creation: false
+    # name is the name of the KV bucket for storing projects
+    name: projects
+    # history is the number of history entries to keep for the KV bucket
+    history: 20
+    # storage is the storage type for the KV bucket
+    storage: file
+    # maxValueSize is the maximum size of a value in the KV bucket
+    maxValueSize: 10485760 # 10MB
+    # maxBytes is the maximum number of bytes in the KV bucket
+    maxBytes: 1073741824 # 1GB
+    # compression is a boolean to determine if the KV bucket should be compressed
+    compression: true
 
 # heimdall is the configuration for the heimdall middleware
 heimdall:
+  enabled: true
+
   env:
     CLIENT_SECRET:
       secretKeyRef:
diff --git a/cmd/project-api/service_endpoint.go b/cmd/project-api/service_endpoint.go
@@ -529,7 +529,8 @@ func (s *ProjectsService) Livez(_ context.Context) ([]byte, error) {
 func (s *ProjectsService) JWTAuth(ctx context.Context, bearerToken string, _ *security.JWTScheme) (context.Context, error) {
 	// Parse the Heimdall-authorized principal from the token.
 	principal, _ := s.auth.parsePrincipal(ctx, bearerToken, s.logger)
-	// TODO: handle error
+	// TODO: handle error once we have figured out why it fails when running the service locally outside of the helm chart deployment
+	// Error: failed to deserialize token claims: error getting the keys from the key func: could not decode jwks: EOF
 	// if err != nil {
 	// 	return ctx, err
 	// }
diff --git a/scripts/load_mock_data/Makefile b/scripts/load_mock_data/Makefile
diff --git a/scripts/load_mock_data/README.md b/scripts/load_mock_data/README.md
diff --git a/scripts/load_mock_data/main.go b/scripts/load_mock_data/main.go
@@ -283,7 +283,8 @@ func main() {
 
 	// Load mock data
 	if err := client.LoadMockData(ctx, config.NumProjects); err != nil {
-		log.Fatalf("Failed to load mock data: %v", err)
+		log.Printf("Failed to load mock data: %v", err)
+		return
 	}
 
 	log.Println("Mock data loading completed successfully!")

Original file line number	Diff line number	Diff line change
`@@ -283,7 +283,8 @@ func main() {`
`283`	`283`
`284`	`284`	`// Load mock data`
`285`	`285`	`if err := client.LoadMockData(ctx, config.NumProjects); err != nil {`
`286`		`- log.Fatalf("Failed to load mock data: %v", err)`
	`286`	`+ log.Printf("Failed to load mock data: %v", err)`
	`287`	`+ return`
`287`	`288`	`}`
`288`	`289`
`289`	`290`	`log.Println("Mock data loading completed successfully!")`