Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add secrets-provider-init sample app Helm chart #328

Merged
merged 1 commit into from
Jun 24, 2021
Merged

Add secrets-provider-init sample app Helm chart #328

merged 1 commit into from
Jun 24, 2021

Conversation

imheresamir
Copy link
Contributor

@imheresamir imheresamir commented Jun 9, 2021
edited
Loading

What does this PR do?

A Helm subchart is added to the app deployment Helm chart for deploying an application + Secrets Provider init container.

  • Helm values.yaml created for app subchart
  • Helm manifest templates created for application + Secrets Provider sidecar
    • ConfigMap (containing conjur.authnLogin),
    • ServiceAccount
    • Secret (updated by Secrets Provider)
    • Role (get + update Secret)
    • RoleBinding (bind ServiceAccount to Role)
  • Helm chart successfully deploys (application + Secrets Provider init container)
  • Helm chart includes a templates/NOTES.txt that announces app/authenticator has been deployed
  • E2E workflow test scripts modified to:
    • load Secrets Provider specific policies
    • use a single test app backend for each authenticator type

Test steps:

  • Run E2E workflow by executing bin/test-workflow/start (installs and verifies summon-sidecar sample app)
  • Change directory to helm/conjur-app-deploy and run the following command to install the secrets-provider-init sample app:
helm upgrade --install app-summon-sidecar . -n app-test --debug --wait \
    --set global.conjur.conjurConnConfigMap="conjur-connect" \
    --set app-secrets-provider-init.enabled=true \
    --set app-secrets-provider-init.conjur.authnLogin="host/conjur/authn-k8s/my-authenticator-id/apps/test-app-secrets-provider-init"

What ticket does this PR close?

Resolves #272

Checklists

Change log

  • The CHANGELOG has been updated, or
  • This PR does not include user-facing changes and doesn't require a CHANGELOG update

Test coverage

  • This PR includes new unit and integration tests to go with the code changes, or
  • The changes in this PR do not require tests

Documentation

  • Docs (e.g. READMEs) were updated in this PR, and/or there is a follow-on issue to update docs, or
  • This PR does not require updating any documentation

Manual tests

If you are preparing for a release, have you run the following manual tests to verify existing functionality continues to function as expected?

@imheresamir imheresamir force-pushed the secrets-provider-sample-app branch from 4f66b5e to 50a5778 Compare June 10, 2021 05:24
@imheresamir imheresamir requested review from a team June 10, 2021 05:37
@imheresamir imheresamir self-assigned this Jun 10, 2021
@imheresamir imheresamir marked this pull request as ready for review June 10, 2021 05:38
@imheresamir imheresamir changed the title Add initial secrets provider sample app Add secrets-provider-init sample app Helm chart Jun 10, 2021
@imheresamir imheresamir force-pushed the secrets-provider-sample-app branch from 50a5778 to 267817d Compare June 10, 2021 06:13
doodlesbykumbi
doodlesbykumbi reviewed Jun 10, 2021
View reviewed changes
Copy link
Contributor

@doodlesbykumbi doodlesbykumbi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good. Left some comments.

I think we should have this enabled so that it is deployed as part of the Jenkins pipeline to validate that it works

helm/conjur-app-deploy/charts/app-secrets-provider-init/templates/NOTES.txt Outdated Show resolved Hide resolved
bin/test-workflow/policy/templates/project-authn-def.template.yml Show resolved Hide resolved
This was referenced Jun 22, 2021
Closed
Closed
@imheresamir imheresamir force-pushed the secrets-provider-sample-app branch 3 times, most recently from c4b50c3 to 606ef8a Compare June 23, 2021 09:00
Add secrets-provider-init sample app
d43e43d 
A Helm subchart is added to the app deployment Helm chart for deploying an application + Secrets Provider init container.
* Helm values.yaml created for app subchart
* Helm manifest templates created for application + Secrets Provider sidecar, including secrets mapping ConfigMap, ServiceAccount, Role, and RoleBinding
* Helm chart successfully deploys (application + Secrets Provider sidecar container)
* Helm chart includes a templates/NOTES.txt that announces app/authenticator has been deployed
* E2E workflow test scripts modified to:
    - load Secrets Provider specific policies
    - use a single test app backend for each authenticator type
@imheresamir imheresamir force-pushed the secrets-provider-sample-app branch from 606ef8a to d43e43d Compare June 23, 2021 15:03
diverdane
diverdane approved these changes Jun 24, 2021
View reviewed changes
Copy link
Contributor

@diverdane diverdane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@imheresamir imheresamir merged commit 28ea142 into master Jun 24, 2021
@imheresamir imheresamir deleted the secrets-provider-sample-app branch June 24, 2021 18:37
imheresamir added a commit that referenced this pull request Jul 9, 2021
@imheresamir
Add secrets-provider-init sample app (#328)
111c387 
A Helm subchart is added to the app deployment Helm chart for deploying an application + Secrets Provider init container.
* Helm values.yaml created for app subchart
* Helm manifest templates created for application + Secrets Provider sidecar, including secrets mapping ConfigMap, ServiceAccount, Role, and RoleBinding
* Helm chart successfully deploys (application + Secrets Provider sidecar container)
* Helm chart includes a templates/NOTES.txt that announces app/authenticator has been deployed
* E2E workflow test scripts modified to:
    - load Secrets Provider specific policies
    - use a single test app backend for each authenticator type
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@doodlesbykumbi doodlesbykumbi doodlesbykumbi left review comments

@diverdane diverdane diverdane approved these changes

Assignees

@imheresamir imheresamir

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The app deploy Helm chart supports deployment of app + Secrets Provider init container
3 participants
@imheresamir @doodlesbykumbi @diverdane