feat(helm): Modifying chart template to allow a stand-alone auth deployment

2025-11-02 02:48:02 +00:00 · 2023-04-09 21:59:48 +02:00
parent 67049f2e01
commit ea712feb77
15 changed files with 131 additions and 26 deletions
--- a/apps/test.yaml
+++ b/apps/test.yaml
@@ -6,27 +6,13 @@ metadata:
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
-  project: applications
+  project: app-of-apps
  source:
-    path: helm/application
+    path: apps/test
    repoURL: https://github.com/vehagn/homelab
    targetRevision: HEAD
-    helm:
-      values: |
-        name: test
-        namespace: test
-        image: 
-          name: containous/whoami
-        service:
-          containerPort: 80
-        auth:
-          enabled: true
-          host: auth-test
-          whitelist:
-            - veghag@gmail.com
-            - wiredmatrices@gmail.com
  destination:
-    namespace: test
+    namespace: argocd
    name: in-cluster
  syncPolicy:
    automated:
--- a/apps/test/app1.yaml
+++ b/apps/test/app1.yaml
@@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: test2
+  name: test-app1
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
@@ -13,7 +13,7 @@ spec:
    targetRevision: HEAD
    helm:
      values: |
-        name: test2
+        name: app1
        namespace: test
        image: 
          name: containous/whoami
--- a/apps/test/app2.yaml
+++ b/apps/test/app2.yaml
@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: test-app2
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: applications
+  source:
+    path: helm/application
+    repoURL: https://github.com/vehagn/homelab
+    targetRevision: HEAD
+    helm:
+      values: |
+        name: app2
+        namespace: test
+        image: 
+          name: containous/whoami
+        service:
+          containerPort: 80
+        auth:
+          enabled: true
+          create: false
+  destination:
+    namespace: test
+    name: in-cluster
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
--- a/apps/test/auth.yaml
+++ b/apps/test/auth.yaml
@@ -0,0 +1,32 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: test-auth
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: applications
+  source:
+    path: helm/application
+    repoURL: https://github.com/vehagn/homelab
+    targetRevision: HEAD
+    helm:
+      values: |
+        name: test-auth
+        namespace: test
+        authOnly: true
+        auth:
+          host: auth-test
+          whitelist:
+            - veghag@gmail.com
+            - wiredmatrices@gmail.com
+  destination:
+    namespace: test
+    name: in-cluster
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
--- a/apps/test/kustomization.yaml
+++ b/apps/test/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app1.yaml
+  - app2.yaml
+  - auth.yaml
--- a/helm/application/templates/_helpers.tpl
+++ b/helm/application/templates/_helpers.tpl
@@ -0,0 +1,35 @@
+{{/*
+Returns string "true" or empty which will be evaluated to boolean false
+*/}}
+{{- define "deployment.create" -}}
+{{- if not .Values.authOnly }}
+{{- true }}
+{{- end }}
+{{- end }}
+
+{{/*
+Returns string "true" or empty which will be evaluated to boolean false
+*/}}
+{{- define "service.create" -}}
+{{- if and .Values.service.create (include "deployment.create" .) }}
+{{- true }}
+{{- end }}
+{{- end }}
+
+{{/*
+Returns string "true" or empty which will be evaluated to boolean false
+*/}}
+{{- define "ingressRoute.create" -}}
+{{- if and .Values.ingressRoute.create (or .Values.authOnly (include "service.create" .)) }}
+{{- true }}
+{{- end }}
+{{- end }}
+
+{{/*
+Returns string "true" or empty which will be evaluated to boolean false
+*/}}
+{{- define "auth.create" -}}
+{{- if or .Values.authOnly (and .Values.auth.enabled .Values.auth.create (include "ingressRoute.create" .)) }}
+{{- true }}
+{{- end }}
+{{- end }}
--- a/helm/application/templates/application/deployment.yaml
+++ b/helm/application/templates/application/deployment.yaml
@@ -1,3 +1,4 @@
+{{- if include "deployment.create" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -23,3 +24,4 @@ spec:
              protocol: TCP
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
+{{- end }}
--- a/helm/application/templates/application/service.yaml
+++ b/helm/application/templates/application/service.yaml
@@ -1,3 +1,4 @@
+{{- if include "service.create" .}}
 apiVersion: v1
 kind: Service
 metadata:
@@ -12,3 +13,4 @@ spec:
      protocol: TCP
  selector:
    app: {{ .Values.name }}
+{{- end }}
--- a/helm/application/templates/ingress-route.yaml
+++ b/helm/application/templates/ingress-route.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.ingressRoute.enabled }}
+{{- if include "ingressRoute.create" . }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -12,6 +12,7 @@ spec:
  tls:
    certResolver: letsencrypt
  routes:
+    {{- if include "service.create" . }}
    - match: Host(`{{ .Values.name }}.stonegarden.dev`)
      kind: Rule
      services:
@@ -20,6 +21,9 @@ spec:
    {{- if .Values.auth.enabled }}
      middlewares:
        - name: traefik-forward-auth
+    {{- end }}
+    {{- end }}
+    {{- if include "auth.create" . }}
    - match: Host(`{{ .Values.auth.host }}.stonegarden.dev`)
      kind: Rule
      services:
--- a/helm/application/templates/traefik-forward-auth/config-map.yaml
+++ b/helm/application/templates/traefik-forward-auth/config-map.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.auth.create .Values.auth.enabled }}
+{{- if include "auth.create" . }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
--- a/helm/application/templates/traefik-forward-auth/deployment.yaml
+++ b/helm/application/templates/traefik-forward-auth/deployment.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.auth.create .Values.auth.enabled }}
+{{- if include "auth.create" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
--- a/helm/application/templates/traefik-forward-auth/middleware.yaml
+++ b/helm/application/templates/traefik-forward-auth/middleware.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.auth.create .Values.auth.enabled }}
+{{- if include "auth.create" . }}
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
--- a/helm/application/templates/traefik-forward-auth/service.yaml
+++ b/helm/application/templates/traefik-forward-auth/service.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.auth.create .Values.auth.enabled }}
+{{- if include "auth.create" . }}
 apiVersion: v1
 kind: Service
 metadata:
--- a/helm/application/values.yaml
+++ b/helm/application/values.yaml
@@ -1,6 +1,9 @@
 name: name
 namespace: namespace

+# Skip deployment and only do auth
+authOnly: false
+
 image:
  name: image
  tag: latest
@@ -9,12 +12,13 @@ image:
 replicas: 1

 service:
+  create: true
  type: ClusterIP
  port: 80
  containerPort: 8080

 ingressRoute:
-  enabled: true
+  create: true

 resources: { }
 #  limits:
--- a/infra/dashboard/kustomization.yaml
+++ b/infra/dashboard/kustomization.yaml
@@ -3,7 +3,7 @@ kind: Kustomization
 namespace: kubernetes-dashboard

 resources:
-  - https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/alternative.yaml
+  - https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/alternative.yaml
  - traefik-forward-auth
  - ingress.yaml
  - serviceAccount.yaml