Issue with Pre-Upgrade Hook in Ziti Router Chart When Using ArgoCD (#290

) * allow omitting the identity migration pre-upgrade hook * helm-docs: automated action * rename key in values file for preventing the deployment of helm hooks * helm-docs: automated action * add hint regarding the use of this chart in the context of gitops * helm-docs: automated action --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
openziti · Jan 29, 2025 · dbe3ab0 · dbe3ab0
1 parent 3d61fcf
commit dbe3ab0
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 7 deletions.
diff --git a/charts/ziti-router/README.md b/charts/ziti-router/README.md
@@ -302,18 +302,19 @@ identity:
 | linkListeners.transport.service.enabled | bool | `true` | create a cluster service for the router transport link listener; unnecessary if advertisedHost is shared with edge listener (the default) |
 | linkListeners.transport.service.labels | object | `{}` | service labels |
 | linkListeners.transport.service.type | string | `"ClusterIP"` | expose the service as a ClusterIP, NodePort, or LoadBalancer |
+| noHelmHooks | bool | `false` | disable the execution of hooks, defined within this chart This chart makes use of Helm hooks. Setting this to true will prevent the hooks from being deployed. This is useful when using the chart with tools like ArgoCD |
 | nodeSelector | object | `{}` | deployment template spec node selector |
 | persistence.accessMode | string | `"ReadWriteOnce"` | PVC access mode: ReadWriteOnce (concurrent mounts not allowed), ReadWriteMany (concurrent allowed) |
 | persistence.annotations | object | `{}` | annotations for the PVC |
 | persistence.enabled | bool | `true` | required: place a storage claim for the ctrl endpoints state file |
 | persistence.existingClaim | string | `""` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound |
-| persistence.size | string | `"50Mi"` | 50Mi is plenty for this state file  |
+| persistence.size | string | `"50Mi"` | 50Mi is plenty for this state file |
 | persistence.storageClass | string | `""` | Storage class of PV to bind. By default it looks for the default storage class. If the PV uses a different storage class, specify that here. |
 | persistence.volumeName | string | `nil` | PVC volume name |
 | podAnnotations | object | `{}` | annotations to apply to all pods deployed by this chart |
 | podSecurityContext | object | `{"fsGroup":2171}` | deployment template spec security context |
 | podSecurityContext.fsGroup | int | `2171` | this is the GID of "ziggy" run-as user in the container that has access to any files created by the router process in the emptyDir volume used to persist the list of ctrl endpoints |
-| proxy | object | `{}` | Explicit proxy setting in the router configuration. Router can be deployed in a site  where all egress traffic is forwarded through an explicit proxy. The enrollment will also be forwarded through the proxy. |
+| proxy | object | `{}` | Explicit proxy setting in the router configuration. Router can be deployed in a site where all egress traffic is forwarded through an explicit proxy. The enrollment will also be forwarded through the proxy. |
 | resources | object | `{}` | deployment container resources |
 | securityContext | string | `nil` | deployment container security context |
 | tolerations | list | `[]` | deployment template spec tolerations |

diff --git a/charts/ziti-router/templates/pre-upgrade-configmap.yaml b/charts/ziti-router/templates/pre-upgrade-configmap.yaml
@@ -1,4 +1,4 @@
-
+{{if not .Values.noHelmHooks}}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -78,4 +78,5 @@ data:
         {{ include "ziti-router.fullname" . }}-identity
     else
       echo "INFO: identity secret does not exist"
-    fi
+    fi
+{{end}}
diff --git a/charts/ziti-router/templates/pre-upgrade-job.yaml b/charts/ziti-router/templates/pre-upgrade-job.yaml
@@ -1,3 +1,5 @@
+{{if not .Values.noHelmHooks}}
+---
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -72,3 +74,4 @@ spec:
         {{- else }}
           emptyDir: {}
         {{- end }}
+{{end}}
diff --git a/charts/ziti-router/templates/pre-upgrade-serviceaccount.yaml b/charts/ziti-router/templates/pre-upgrade-serviceaccount.yaml
@@ -1,4 +1,5 @@
-
+{{if not .Values.noHelmHooks}}
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -40,3 +41,4 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "ziti-router.fullname" . }}-hook-serviceaccount
     namespace: {{ .Release.Namespace }}
+{{end}}
diff --git a/charts/ziti-router/values.yaml b/charts/ziti-router/values.yaml
@@ -7,7 +7,7 @@ ctrl:
   # -- required control plane endpoint, e.g., ctrl.ziti.example.com:443
   endpoint: ""
 
-# -- Explicit proxy setting in the router configuration. Router can be deployed in a site 
+# -- Explicit proxy setting in the router configuration. Router can be deployed in a site
 # where all egress traffic is forwarded through an explicit proxy.
 # The enrollment will also be forwarded through the proxy.
 proxy: {}
@@ -373,6 +373,11 @@ tolerations: []
 # -- deployment template spec affinity
 affinity: {}
 
+# -- disable the execution of hooks, defined within this chart
+# This chart makes use of Helm hooks. Setting this to true will prevent the hooks from being deployed.
+# This is useful when using the chart with tools like ArgoCD
+noHelmHooks: false
+
 ## Enable persistence using Persistent Volume Claims
 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
 ##
@@ -399,7 +404,7 @@ persistence:
   volumeName:
   # -- PVC access mode: ReadWriteOnce (concurrent mounts not allowed), ReadWriteMany (concurrent allowed)
   accessMode: ReadWriteOnce
-  # -- 50Mi is plenty for this state file 
+  # -- 50Mi is plenty for this state file
   size: 50Mi
 fabric:
   metrics: