Merge pull request #115 from bcgov/bugfix/helm

Fix helm secrets
bcgov · Jul 12, 2024 · b8b7d57 · b8b7d57
2 parents 275e408 + 878ca0d
commit b8b7d57
Show file tree

Hide file tree

Showing 8 changed files with 12 additions and 7 deletions.
diff --git a/.github/environments/values.dev.yaml b/.github/environments/values.dev.yaml
@@ -27,7 +27,6 @@ config:
     SERVER_PORT: "8080"
     SERVER_SSO_APIPATH: https://api.loginproxy.gov.bc.ca/api/v1
     SERVER_SSO_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token
-    SERVER_SSO_CLIENTID: service-account-team-1850-5484
     SERVER_SSO_INTEGRATION: "5138"
 
 patroni:

diff --git a/.github/environments/values.prod.yaml b/.github/environments/values.prod.yaml
@@ -27,7 +27,6 @@ config:
     SERVER_PORT: "8080"
     SERVER_SSO_APIPATH: https://api.loginproxy.gov.bc.ca/api/v1
     SERVER_SSO_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token
-    SERVER_SSO_CLIENTID: service-account-team-1850-5484
     SERVER_SSO_INTEGRATION: "5138"
 
 patroni:

diff --git a/.github/environments/values.test.yaml b/.github/environments/values.test.yaml
@@ -27,7 +27,6 @@ config:
     SERVER_PORT: "8080"
     SERVER_SSO_APIPATH: https://api.loginproxy.gov.bc.ca/api/v1
     SERVER_SSO_TOKENURL: https://loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token
-    SERVER_SSO_CLIENTID: service-account-team-1850-5484
     SERVER_SSO_INTEGRATION: "5138"
 
 patroni:

diff --git a/charts/pcns/Chart.yaml b/charts/pcns/Chart.yaml
@@ -3,7 +3,7 @@ name: nr-permitconnect-navigator-service
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.10
+version: 0.0.11
 kubeVersion: ">= 1.13.0"
 description: PermitConnect Navigator Service
 # A chart can be either an 'application' or a 'library' chart.

diff --git a/charts/pcns/README.md b/charts/pcns/README.md
@@ -1,6 +1,6 @@
 # nr-permitconnect-navigator-service
 
-![Version: 0.0.10](https://img.shields.io/badge/Version-0.0.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.0](https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square)
+![Version: 0.0.11](https://img.shields.io/badge/Version-0.0.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.0](https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square)
 
 PermitConnect Navigator Service
 
@@ -35,7 +35,7 @@ Kubernetes: `>= 1.13.0`
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | chesSecretOverride.password | string | `nil` |  |
 | chesSecretOverride.username | string | `nil` |  |
-| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_CHES_ROADMAP_BCC":null,"FRONTEND_CHES_SUBMISSION_CC":null,"FRONTEND_COMS_APIPATH":null,"FRONTEND_COMS_BUCKETID":null,"FRONTEND_GEOCODER_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"FRONTEND_OPENSTREETMAP_APIPATH":null,"FRONTEND_ORGBOOK_APIPATH":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_CHEFS_APIPATH":null,"SERVER_CHES_APIPATH":null,"SERVER_CHES_TOKENURL":null,"SERVER_DB_HOST":null,"SERVER_DB_POOL_MAX":"10","SERVER_DB_POOL_MIN":"2","SERVER_DB_PORT":"5432","SERVER_ENV":null,"SERVER_LOGLEVEL":"http","SERVER_OIDC_AUTHORITY":null,"SERVER_OIDC_IDENTITYKEY":null,"SERVER_OIDC_PUBLICKEY":null,"SERVER_PORT":"8080"}` | These values will be wholesale added to the configmap as is; refer to the pcns documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
+| config.configMap | object | `{"FRONTEND_APIPATH":"api/v1","FRONTEND_CHES_ROADMAP_BCC":null,"FRONTEND_CHES_SUBMISSION_CC":null,"FRONTEND_COMS_APIPATH":null,"FRONTEND_COMS_BUCKETID":null,"FRONTEND_GEOCODER_APIPATH":null,"FRONTEND_OIDC_AUTHORITY":null,"FRONTEND_OIDC_CLIENTID":null,"FRONTEND_OPENSTREETMAP_APIPATH":null,"FRONTEND_ORGBOOK_APIPATH":null,"SERVER_APIPATH":"/api/v1","SERVER_BODYLIMIT":"30mb","SERVER_CHEFS_APIPATH":null,"SERVER_CHES_APIPATH":null,"SERVER_CHES_TOKENURL":null,"SERVER_DB_HOST":null,"SERVER_DB_POOL_MAX":"10","SERVER_DB_POOL_MIN":"2","SERVER_DB_PORT":"5432","SERVER_ENV":null,"SERVER_LOGLEVEL":"http","SERVER_OIDC_AUTHORITY":null,"SERVER_OIDC_IDENTITYKEY":null,"SERVER_OIDC_PUBLICKEY":null,"SERVER_PORT":"8080","SERVER_SSO_APIPATH":null,"SERVER_SSO_INTEGRATION":null,"SERVER_SSO_TOKENURL":null}` | These values will be wholesale added to the configmap as is; refer to the pcns documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
 | config.enabled | bool | `false` | Set to true if you want to let Helm manage and overwrite your configmaps. |
 | config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false |
 | dbSecretOverride.password | string | `nil` |  |
@@ -75,6 +75,8 @@ Kubernetes: `>= 1.13.0`
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.enabled | bool | `false` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| ssoSecretOverride.password | string | `nil` |  |
+| ssoSecretOverride.username | string | `nil` |  |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
diff --git a/charts/pcns/templates/deploymentconfig.yaml b/charts/pcns/templates/deploymentconfig.yaml
@@ -160,6 +160,11 @@ spec:
                 secretKeyRef:
                   key: password
                   name: {{ include "pcns.configname" . }}-oidc
+            - name: SERVER_SSO_CLIENTID
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: {{ include "pcns.configname" . }}-sso
             - name: SERVER_SSO_CLIENTSECRET
               valueFrom:
                 secretKeyRef:

diff --git a/charts/pcns/templates/secret.yaml b/charts/pcns/templates/secret.yaml
@@ -105,6 +105,8 @@ type: kubernetes.io/basic-auth
 data:
   password: {{ .Values.oidcSecretOverride.password | default $oPassword | b64enc | quote }}
   username: {{ .Values.oidcSecretOverride.username | default $oUsername | b64enc | quote }}
+{{- end }}
+{{- if not $ssoSecret }}
 ---
 apiVersion: v1
 kind: Secret

diff --git a/charts/pcns/values.yaml b/charts/pcns/values.yaml
@@ -168,7 +168,6 @@ config:
 
     SERVER_SSO_APIPATH: ~
     SERVER_SSO_TOKENURL: ~
-    SERVER_SSO_CLIENTID: ~
     SERVER_SSO_INTEGRATION: ~
 
 # Modify the following variables if you need to acquire secret values from a custom-named resource