Merge pull request 'OZG-3075-migrate-helm-chart' (#124) from...

Merge pull request 'OZG-3075-migrate-helm-chart' (#124) from OZG-3075-migrate-helm-chart into master

Reviewed-on: https://git.ozg-sh.de/mgm/goofy/pulls/124

Jenkinsfile

@@ -13,6 +13,7 @@ pipeline {
         IMAGE_TAG = ""
         VERSION = ""
         E2E_FAILED = ""
+        HELM_CHART_VERSION = ""
     }
 
     options {
@@ -183,6 +184,28 @@ pipeline {
                 }
             }
         }
+        
+        stage('Test, build and deploy Helm Chart') {
+            steps {
+                container('k8s') {
+                    script {
+                        FAILED_GOOFY_STAGE=env.STAGE_NAME
+                        HELM_CHART_VERSION = generateHelmChartVersion()
+
+                        dir('src/main/helm') {
+                            sh "helm lint -f test-values.yaml"
+
+                            sh "helm unittest -f '../../test/helm/*.yaml' ."
+
+                            sh "helm package --version=${HELM_CHART_VERSION} ."
+
+                            deployHelmChart(HELM_CHART_VERSION)
+                        }
+                    }
+                }
+            }
+        }
+
         stage('Trigger Dev rollout') {
             when {
                 branch 'master'
@@ -214,7 +237,7 @@ pipeline {
                             def stageName = env.STAGE_NAME
                             def bezeichner = generateBezeichner(stageName)
 
-                            startEnvironment(bezeichner, stageName, IMAGE_TAG, true)
+                            startEnvironment(bezeichner, stageName, IMAGE_TAG, true, HELM_CHART_VERSION)
 
                             def testResult = runTests(stageName, bezeichner, 'einheitlicher-ansprechpartner')
 
@@ -242,7 +265,7 @@ pipeline {
                             def stageName = env.STAGE_NAME
                             def bezeichner = generateBezeichner(stageName)
 
-                            startEnvironment(bezeichner, stageName, IMAGE_TAG, false)
+                            startEnvironment(bezeichner, stageName, IMAGE_TAG, false, HELM_CHART_VERSION)
 
                             def testResult = runTests(stageName, bezeichner, 'main-tests')
 
@@ -306,6 +329,34 @@ pipeline {
     }
 }
 
+Void deployHelmChart(String helmChartVersion) {       
+    withCredentials([usernamePassword(credentialsId: 'jenkins-nexus-login', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]){
+        if (env.BRANCH_NAME == 'release') {
+            result = sh script: '''curl -u $USERNAME:$PASSWORD http://nexus.dev-tools:8081/service/rest/v1/components?repository=ozg-base-apps -F file=@goofy-'''+helmChartVersion+'''.tgz''', returnStdout: true
+        }
+        else {
+            result = sh script: '''curl -u $USERNAME:$PASSWORD http://nexus.dev-tools:8081/service/rest/v1/components?repository=ozg-base-apps-snapshot -F file=@goofy-'''+helmChartVersion+'''.tgz''', returnStdout: true
+        }
+
+        if (result != '') {
+            error(result)
+        }
+    }
+}
+
+String generateHelmChartVersion() {
+    def chartVersion = "${VERSION}"
+
+    if (env.BRANCH_NAME == 'master') {
+        chartVersion += "-${env.GIT_COMMIT.take(7)}"
+    }
+    else if (env.BRANCH_NAME != 'release') {
+        chartVersion += "-${env.BRANCH_NAME}"
+    }
+
+    return chartVersion
+}
+
 Void tagAndPushDockerImage(String newTag){
     container("docker") {
         withCredentials([usernamePassword(credentialsId: 'jenkins-docker-login', usernameVariable: 'USER', passwordVariable: 'PASSWORD')]) {
@@ -327,8 +378,8 @@ String generateImageTag() {
     return imageTag
 }
 
-Void startEnvironment(String bezeichner, String stage, String imageTag, Boolean isEa) {
-    setupAnsible(imageTag, stage, isEa)
+Void startEnvironment(String bezeichner, String stage, String imageTag, Boolean isEa, String chartVersion) {
+    setupAnsible(imageTag, stage, isEa, chartVersion)
 
     try {
         deleteKopStack(bezeichner, stage)
@@ -341,14 +392,14 @@ Void startEnvironment(String bezeichner, String stage, String imageTag, Boolean
     addKeycloakUser(bezeichner, stage)
 }
 
-Void setupAnsible(String imageTag, String stage, Boolean isEa) {
+Void setupAnsible(String imageTag, String stage, Boolean isEa, String chartVersion) {
     checkoutProvisioningRepo(stage)
 
     if (env.BRANCH_NAME == 'release') {
         copyTestEnvironmentToDev(stage)
     }
 
-    editEnvironemntVersion(stage, imageTag, isEa)
+    editEnvironemntVersion(stage, imageTag, isEa, chartVersion)
 
     if (isEa) {
         setupEaEnvironment(stage)
@@ -400,7 +451,7 @@ Void copyTestEnvironmentToDev(stage) {
     }
 }
 
-Void editEnvironemntVersion(String stage, String imageTag, Boolean isEa) {
+Void editEnvironemntVersion(String stage, String imageTag, Boolean isEa, String chartVersion) {
     dir("${stage}/provisioning") {
         def editFile = "inventories/group_vars/dev/versions"
 
@@ -416,6 +467,7 @@ Void editEnvironemntVersion(String stage, String imageTag, Boolean isEa) {
         devVersions.values.pluto.put('env', ['overrideSpringProfiles': overrideSpringProfiles])
 
         devVersions.versions.goofy.image.tag = imageTag
+        devVersions.charts.goofy.version = chartVersion
 
         writeYaml file: editFile, data: devVersions, overwrite: true
     }
@@ -743,6 +795,7 @@ Void setNewGoofyProvisioningVersion(String environment) {
         def envVersions = readYaml file: envFile
 
         envVersions.versions.goofy.image.tag = IMAGE_TAG
+        devVersions.charts.goofy.version = HELM_CHART_VERSION
 
         writeYaml file: envFile, data: envVersions, overwrite: true
     }

src/main/helm/.helmignore

+unit-tests/
+tests/
\ No newline at end of file

src/main/helm/Chart.yaml

+apiVersion: v1
+appVersion: "1.1"
+description: A Helm chart for Goofy
+name: goofy
+version: 0.0.0-MANAGED-BY-JENKINS
+icon: https://simpleicons.org/icons/helm.svg

src/main/helm/README.md

+# Helm
+## Linter
+`helm lint -f test-values.yaml`
+## Unit-Tests
+Für Unit-Tests wird das helm [helm-unittest](https://github.com/quintush/helm-unittest) plugin benötigt. Die Unit-Tests liegen im Verzeichnis src/test/helm
+
+`helm unittest -f '../../test/helm/*.yaml' .`
+## SyntaxCheck
+`helm template --debug -f test-values.yaml .`
+
+## Package
+`helm package --version=[version] .`
+
+## Versionierung
+Jenkins verwendet die Version aus der pom.xml
+
+### Master Branch
+Im master Branch werden die ersten 7 Zeichen vom git commit hash an die Version gehangen.
+
+### Release Branch
+Ist nur die Version aus der pom.xml
+
+### Feature Branch
+In einem feature Branch wird der Branchname an die Version gehangen.
\ No newline at end of file

src/main/helm/app-readme.md

+# Goofy
+
+Das helm chart zur Installation des allgemeinen Fachverfahrens - goofy.
+
+## FAQ
+
+### Benutzung beliebiger environment Werte
+
+In jedem der Projekte kann man beliebige weitere environments setzen. Dazu muss man in der jeweiligen values.yaml unter env.customList ein name value Paar setzen:
+
+```yaml
+env:
+  customList:
+    - name: Dinge
+      value: true
+    - name: ...
+      value: ...
+```

src/main/helm/questions.yml

+questions:
+  - variable: image.tag
+    default: latest
+    type: string
+    label: The deployed version tag
+    group: "Container"
+  - variable: replicaCount
+    group: "Container"
+    type: string
+    default: "2"
+    label: "Deployment Replica count"
+  - variable: env.overrideSpringProfiles
+    type: string
+    label: "Override Spring boot profile"
+    group: "Container"
+  - variable: kop.bundesland
+    group: "KOP"
+    label: Bundesland
+    type: string
+    required: true
+  - variable: kop.bezeichner
+    group: "KOP"
+    label: "Bezeichner"
+    type: string
+    required: true
+  - variable: kop.environment
+    group: "KOP"
+    label: "Environment"
+    type: string
+    required: true
+  - variable: plutoName
+    group: "Other"
+    type: string
+    default: "pluto"
+    label: "Name of the pluto deployment in the namespace"
+  - variable: sso.role_einheitlicher_ansprechpartner
+    group: "Other"
+    type: boolean
+    default: false
+    label: "Add role for EA"
+  - variable: sso.displayName
+    group: "Other"
+    type: string
+    default: ""
+    label: "The custom display name to write on top of the login page. Defaults to 'Realm für <app.name>', Works on initial Install only."
+  - variable: sso.apiPassword
+    group: "Other"
+    type: string
+    default: " "
+    label: "SSO API User Password"
+  - variable: useKeycloakNamespace
+    group: "Other"
+    type: boolean
+    default: false
+    label: "Use keycloak namespace for keycloak templates"
\ No newline at end of file

src/main/helm/templates/_helpers.tpl

+{{/* vim: set filetype=mustache: */}}
+
+{{/* Truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) */}}
+{{/* Name */}}
+{{- define "app.name" -}}
+{{- default .Release.Name | toString | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Namespace */}}
+{{- define "app.namespace" -}}
+{{- default .Release.Namespace | toString | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Version */}}
+{{- define "app.version" -}}
+{{- default .Chart.Version | toString | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Chart: Name + Version */}}
+{{- define "app.chart" -}}
+{{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+
+{{/* Managed-by -> On Helm, this value is always Helm */}}
+{{- define "app.managedBy" -}}
+{{- default .Release.Service | toString | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Default Labels: Helm recommended best-practice labels https://helm.sh/docs/chart_best_practices/labels/ */}}
+{{- define "app.defaultLabels" }}
+app.kubernetes.io/instance: goofy
+app.kubernetes.io/managed-by: {{ include "app.managedBy" . }}
+app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/part-of: kop
+app.kubernetes.io/version: {{ include "app.version" . }}
+app.kubernetes.io/namespace: {{ include "app.namespace" . }}
+helm.sh/chart: {{ include "app.chart" . }}
+{{- end -}}
+
+{{- define "app.matchLabels" }}
+app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/namespace: {{ include "app.namespace" . }}
+{{- end -}}
+
+{{- define "app.envSpringProfiles" }}
+{{- if (.Values.env).overrideSpringProfiles -}}
+{{ printf "%s" (.Values.env).overrideSpringProfiles }}
+{{- else -}}
+{{ printf "oc, %s" (include "app.kopEnvironment" . ) }}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.grpc_client_pluto_address" -}}
+{{ printf "%s.%s:9090" ( coalesce .Values.plutoName "pluto" ) .Release.Namespace | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+
+{{- define "app.kop_user-manager_url" -}}
+{{- if eq (include "app.kopEnvironment" . ) "prod" -}}
+{{ printf "https://%s-%s.ozg-sh.de" (include "app.kopBezeichner" .) .Values.usermanagerName }}
+{{- else -}}
+{{ printf "https://%s-%s.%s.ozg-sh.de" (include "app.kopBezeichner" .) .Values.usermanagerName (include "app.kopEnvironment" . ) }}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.kop_user-manager_internalurl" -}}
+{{ printf "http://%s.%s:8080" .Values.usermanagerName (include "app.namespace" . )}}
+{{- end -}}
+
+{{- define "app.imagePullSecret" }}
+{{- with .Values.imageCredentials }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- end }}
+
+{{/* --- region keycoak --- */}} 
+{{/* namespace sh-kiel-dev means <bundesland>-<name>-<level> */}}
+{{/* depending on level the server url is sso.dev.ozg-sh.de or sso.ozg-sh.de  */}}
+{{/* values can be overwritten */}}
+
+{{- define "app.kopBundesland" -}}
+{{- required "Bundesland muss angegeben sein" (.Values.kop).bundesland }}
+{{- end -}}
+
+{{- define "app.kopBezeichner" -}}
+{{ $length := len (.Values.kop).bezeichner }}
+{{- if ge 27 $length -}}
+{{- required "Bezeichner muss angegeben sein" (.Values.kop).bezeichner -}}
+{{- else -}}
+{{ required (printf "Bezichner %s ist zu lang (max. 27 Zeichen)" (.Values.kop).bezeichner) nil }}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.kopEnvironment" -}}
+{{- required "Environment muss angegeben sein" (.Values.kop).environment -}}
+{{- end -}}
+
+{{- define "app.ssoRealm" -}}
+{{ printf "%s-%s-%s" (include "app.kopBundesland" .) ( include "app.kopBezeichner" . ) ( include "app.kopEnvironment" . ) | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+
+{{- define "app.ssoRealmDisplayName" -}}
+{{- if (.Values.sso).displayName -}}
+{{ printf "%s" (.Values.sso).displayName }}
+{{- else if eq (include "app.kopEnvironment" . ) "prod" -}}
+{{ printf "Realm für %s" (include "app.kopBezeichner" . | title ) }}
+{{- else -}}
+{{ printf "Realm für %s (%s)" (include "app.kopBezeichner" . | title ) (include "app.kopEnvironment" .) }}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.ssoServerUrl" -}}
+{{- if (.Values.sso).serverUrl -}}
+{{- printf "%s" .Values.sso.serverUrl -}}
+{{- else if eq (include "app.kopEnvironment" . ) "dev" -}} 
+{{ printf "https://sso.dev.ozg-sh.de" }}
+{{- else if eq (include "app.kopEnvironment" . ) "test" -}}
+{{ printf "https://sso.test.ozg-sh.de" }}
+{{- else -}}
+{{ printf "https://sso.ozg-sh.de" }}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.baseUrl" -}}
+{{- if .Values.host -}}
+{{- printf "%s" .Values.host -}}
+{{- else if eq (include "app.kopEnvironment" . ) "prod" -}}
+{{ printf "https://%s.ozg-sh.de" (include "app.kopBezeichner" .) }}
+{{- else -}}
+{{ printf "https://%s.%s.ozg-sh.de" (include "app.kopBezeichner" .) (include "app.kopEnvironment" . ) }}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.keycloakClientId" -}}
+{{ printf "%s-%s-%s-%s" (include "app.kopBundesland" .) ( include "app.kopBezeichner" . ) ( include "app.kopEnvironment" . ) ( include "app.name" . ) | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+
+{{- define "app.resources" }}
+{{- if eq (include "app.kopEnvironment" . ) "prod" }}
+  limits:
+    cpu: "500m"
+    memory: "1000Mi"
+  requests:
+    cpu: "50m"
+    memory: "250Mi"
+{{- else }}
+  limits:
+    cpu: "500m"
+    memory: "1000Mi"
+  requests:
+    cpu: "50m"
+    memory: "250Mi"
+{{- end }}
+{{- end -}}

src/main/helm/templates/deployment.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "app.name" . }}
+  namespace: {{ include "app.namespace" . }}
+  labels:
+    {{- include "app.defaultLabels" . | indent 4 }}
+spec:
+  progressDeadlineSeconds: 600
+  replicas: {{ .Values.replicaCount }}
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      {{- include "app.matchLabels" . | indent 6 }}
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        {{- include "app.defaultLabels" . | indent 8 }}
+        component: goofy
+    spec:
+      topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: ScheduleAnyway
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/name: {{ include "app.name" . }}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: goofyable
+                operator: NotIn
+                values:
+                - "false"
+      containers:
+      - env:
+        - name: grpc_client_pluto_address
+          value: {{ include "app.grpc_client_pluto_address" . }}
+        - name: spring_profiles_active
+          value: {{ include "app.envSpringProfiles" . }}
+        - name: keycloak_realm
+          value: {{ include "app.ssoRealm" . }}
+        - name: keycloak_resource
+          value: {{ include "app.keycloakClientId" . }}
+        - name: keycloak_auth-server-url
+          value: {{ include "app.ssoServerUrl" . }}
+        - name: goofy_keycloak_api_password
+          value: {{ required "A sso apiPassword is required!" (.Values.sso).apiPassword }}
+        - name: kop_user-manager_url
+          value: {{ include "app.kop_user-manager_url" . }}
+        - name: kop_user-manager_internalurl
+          value: {{ include "app.kop_user-manager_internalurl" . }}
+        {{- with (.Values.env).customList }}
+{{ toYaml . | indent 8 }}
+        {{- end }}
+        image: "{{ .Values.image.repo }}/{{ .Values.image.name }}:{{ coalesce (.Values.image).tag "latest" }}"
+        imagePullPolicy: Always
+        name: goofy
+        ports:
+        - containerPort: 8080
+          name: 8080tcp1
+          protocol: TCP
+        - containerPort: 8081
+          name: metrics
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /actuator/health/readiness
+            port: 8081
+            scheme: HTTP
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 3
+        startupProbe:
+          failureThreshold: 10
+          httpGet:
+            path: /actuator/health/readiness
+            port: 8081
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 5
+          successThreshold: 1
+          timeoutSeconds: 5
+        resources:
+          {{- include "app.resources" . | indent 8 }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          privileged: false
+          readOnlyRootFilesystem: false
+          runAsNonRoot: false
+        stdin: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        tty: true
+      dnsConfig: {}
+      dnsPolicy: ClusterFirst
+      imagePullSecrets:
+      - name: goofy-image-pull-secret
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30

src/main/helm/templates/image-pull-secret.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+  name: goofy-image-pull-secret
+  namespace: {{ include "app.namespace" . }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ include "app.imagePullSecret" . }}
\ No newline at end of file

src/main/helm/templates/ingress.yaml

+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  {{- with .Values.ingressAnnotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: {{ include "app.name" . }}
+  namespace: {{ include "app.namespace" . }}
+spec:
+  rules:
+    - http:
+        paths:
+          - backend:
+              service:
+                port:
+                  number: 8080
+                name: {{ include "app.name" . }}
+            path: ''
+            pathType: ImplementationSpecific
+      host: {{ trimPrefix "https://" ( include "app.baseUrl" . ) }}
+  tls:
+    - hosts:
+      - {{ trimPrefix "https://" ( include "app.baseUrl" . ) }}
\ No newline at end of file

src/main/helm/templates/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "app.name" . }}
+  namespace: {{ include "app.namespace" . }}
+  labels:
+    {{- include "app.defaultLabels" . | indent 4 }}
+    component: goofy-service
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 8080
+      protocol: TCP
+      targetPort: 8080
+    - name: metrics
+      port: 8081
+      protocol: TCP
+  selector:
+    {{- include "app.matchLabels" . | indent 4 }}
+    component: goofy
\ No newline at end of file

src/main/helm/templates/service_monitor.yaml

+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "app.name" . }}
+  namespace: {{ include "app.namespace" . }}
+  labels:
+    {{- include "app.defaultLabels" . | indent 4 }}
+    component: goofy-service-monitor
+spec:
+  endpoints:
+  - port: metrics
+    path: /actuator/prometheus
+  namespaceSelector:
+    matchNames:
+    - {{ include "app.namespace" . }}
+  selector:
+    matchLabels:
+      {{- include "app.matchLabels" . | indent 6 }}
+      component: goofy-service
\ No newline at end of file

src/main/helm/templates/tests/test-ingress-connection.yaml

+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "app.name" . }}-test-ingress"
+  labels:
+    {{- include "app.matchLabels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: 
+        - {{ include "app.baseUrl" . }}
+  restartPolicy: Never

src/main/helm/templates/tests/test-service-connection.yaml

+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "app.name" . }}-test-connection"
+  labels:
+    {{- include "app.matchLabels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "app.name" . }}:8080']
+  restartPolicy: Never

src/main/helm/test-values.yaml

+kop:
+  bundesland: sh
+  bezeichner: helm
+  environment: test
+
+sso:
+  apiPassword: test1234

src/main/helm/values.yaml

+imageCredentials:
+  registry: docker.ozg-sh.de
+  username: kop
+  password:  
+  email: webmaster@ozg-sh.de
+
+image:
+  repo: docker.ozg-sh.de
+  name: goofy
+  tag: latest # [default: latest]
+
+replicaCount: 2 # [default: 2]
+
+ingressAnnotations:
+  kubernetes.io/ingress.class: traefik
+  traefik.ingress.kubernetes.io/router.entrypoints: websecure
+  traefik.ingress.kubernetes.io/router.tls: "true"
+
+usermanagerName: user-manager
+
+# env:
+#   overrideSpringProfiles: "oc,prod"
+#   customList: # add name value pair for additional environments
+#     - name: Dinge
+#       value: true
+
+# host: # [default: https://<name>.<level>.ozg-sh.de, if level == "prod" https://<name>.ozg-sh.de] optional, host override value. Be aware that XXX.dev.ozg-sh.de can be used in the dev cluster only.
+
+# resources:
+#   limits:
+#     cpu: 1
+#     memory: 1000Mi
+#   requests:
+#     cpu: 50m
+#     memory: 500Mi
+
+# plutoName: pluto # [default: pluto]
+# sso: # Most values are set according to namespace name (<bundesland>-<name>-<level>) and are optional
+  # serverUrl: https://sso.ozg-sh.de # [default: https://sso.dev.ozg-sh.de, if level == "stage|prod" https://sso.ozg-sh.de]
+  # apiPassword:   # Required value
+  # role_einheitlicher_ansprechpartner: false # [default: false]
+  # displayName: "Hüttener Berge" [default: "Realm für <sso.name> (<sso.level>"] The custom display name to write on top of the login page.
+
+
+# kop:
+#   bundesland: sh
+#   bezeichner: kiel
+#   environment: dev
\ No newline at end of file

src/test/helm/deployment_defaults_affinity_test.yaml

+suite: test deployment
+release:
+  name: goofy
+  namespace: sh-helm-test
+templates:
+  - templates/deployment.yaml
+tests:
+  - it: should work
+    set:
+      kop.bundesland: sh
+      kop.bezeichner: helm
+      kop.environment: test
+      sso.apiPassword: test1234
+    asserts:
+      - isKind:
+          of: Deployment
+      - equal:
+          path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key
+          value: goofyable
+      - equal:
+          path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator
+          value: NotIn
+      - equal:
+          path: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0]
+          value: "false"

src/test/helm/deployment_defaults_annotaion_test.yaml

+suite: test deployment
+release:
+  name: goofy
+  namespace: sh-helm-test
+templates:
+  - templates/ingress.yaml
+tests:
+  - it: check ingress annotaions if traefik v2
+    set:
+      kop.bundesland: sh
+      kop.bezeichner: helm
+      kop.environment: test
+    asserts:
+      - isKind:
+          of: Ingress
+      - equal:
+          path: metadata.annotations.[kubernetes.io/ingress.class]
+          value: traefik
+      - equal:
+          path: metadata.annotations.[traefik.ingress.kubernetes.io/router.entrypoints]
+          value: websecure
+      - equal:
+          path: metadata.annotations.[traefik.ingress.kubernetes.io/router.tls]
+          value: "true"
\ No newline at end of file

src/test/helm/deployment_defaults_env_test.yaml

+suite: test deployment
+release:
+  name: goofy
+  namespace: sh-helm-prod
+templates:
+  - templates/deployment.yaml
+tests:
+  - it: check default values
+    set:
+      kop.bundesland: sh
+      kop.bezeichner: helm
+      kop.environment: prod
+      sso.apiPassword: test1234
+    asserts:
+      - isKind:
+          of: Deployment
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: grpc_client_pluto_address
+            value: pluto.sh-helm-prod:9090
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: spring_profiles_active
+            value: oc, prod
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: keycloak_realm
+            value: sh-helm-prod
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: keycloak_resource
+            value: sh-helm-prod-goofy      
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: keycloak_auth-server-url
+            value: https://sso.ozg-sh.de
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: goofy_keycloak_api_password
+            value: test1234
\ No newline at end of file