Skip to content

Commit

Permalink
feat: Consumer restricition parametarization (#814)
Browse files Browse the repository at this point in the history
Signed-off-by: Milos Backonja <[email protected]>
Signed-off-by: Shota Jolbordi <[email protected]>
  • Loading branch information
milosbackonja authored and Shota Jolbordi committed Mar 6, 2024
1 parent 8b85b0f commit 1f78e42
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 22 deletions.
6 changes: 3 additions & 3 deletions infrastructure/charts/agent/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@
{{- end -}}
{{- define "consumer-restriction" }}
- name: consumer-restriction
enable: true
enable: {{ .Values.ingress.auth.consumer_restriction }}
config:
whitelist:
{{- range .Values.ingress.consumers }}
{{- range .Values.ingress.auth.consumers }}
- {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }}
{{- end }}
{{- range .Values.ingress.externalConsumers }}
{{- range .Values.ingress.auth.externalConsumers }}
- {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }}
{{- end }}
{{- end -}}
Expand Down
6 changes: 3 additions & 3 deletions infrastructure/charts/agent/templates/apisixconsumer.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{{- if .Values.ingress.enabled }}
{{- $root := . -}}
{{- range $consumer := .Values.ingress.consumers }}
{{- range $consumer := .Values.ingress.auth.consumers }}
apiVersion: apisix.apache.org/v2
kind: ApisixConsumer
metadata:
Expand All @@ -18,7 +18,7 @@ spec:
{{- end }}

{{- $root := . -}}
{{- range $consumer := .Values.ingress.externalConsumers }}
{{- range $consumer := .Values.ingress.auth.externalConsumers }}
apiVersion: apisix.apache.org/v2
kind: ApisixConsumer
metadata:
Expand All @@ -30,6 +30,6 @@ spec:
authParameter:
keyAuth:
secretRef:
name: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
name: "{{ $root.Values.ingress.auth.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
---
{{- end }}
4 changes: 0 additions & 4 deletions infrastructure/charts/agent/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -194,10 +194,6 @@ spec:
key: root-token
optional: false
{{- end }}
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.server.keycloak.enabled }}
- name: KEYCLOAK_ENABLED
value: "true"
Expand Down
6 changes: 3 additions & 3 deletions infrastructure/charts/agent/templates/externalsecret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ spec:
---

{{- $root := . -}}
{{- range $consumer := .Values.ingress.externalConsumers }}
{{- range $consumer := .Values.ingress.auth.externalConsumers }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
name: "{{ $root.Values.ingress.auth.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
labels:
{{ template "labels.common" . }}
spec:
Expand All @@ -36,6 +36,6 @@ spec:
kind: ClusterSecretStore
dataFrom:
- extract:
key: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
key: "{{ $root.Values.ingress.auth.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
---
{{- end }}
2 changes: 1 addition & 1 deletion infrastructure/charts/agent/templates/stringsecret.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{{- if .Values.ingress.enabled }}
{{- $root := . -}}
{{- range $consumer := .Values.ingress.consumers }}
{{- range $consumer := .Values.ingress.auth.consumers }}
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: StringSecret
metadata:
Expand Down
14 changes: 6 additions & 8 deletions infrastructure/charts/agent/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,14 @@ ingress:
cors:
enabled: false
allow_origins: ""
consumers: []
auth:
enable: true
# External Consumers are ones where the secret keys/API tokens
# are pulled in using External Secrets [and therefore aren't generated by helm]
externalConsumerKeyPrefix: chart-base-key-prefix
externalConsumers: []
consumer_restriction: true
consumers: []
# External Consumers are ones where the secret keys/API tokens
# are pulled in using External Secrets [and therefore aren't generated by helm]
externalConsumers: []
externalConsumerKeyPrefix: chart-base-key-prefix

secrets:
secretStore: chart-base-secretstore
Expand Down Expand Up @@ -145,9 +146,6 @@ keycloak:
mountPath: /opt/bitnami/keycloak/data/import
readOnly: true

# Additional environment variables to be added to the server container
env: {}

# It is configured for deployment and postgresql objects of prism-agent
affinity:
nodeAffinity: {}
Expand Down

0 comments on commit 1f78e42

Please sign in to comment.