Merge pull request 'OZG-3152: refactor helm chart for new dev cluster' (#125)...

Merge pull request 'OZG-3152: refactor helm chart for new dev cluster' (#125) from OZG-3152 into master Reviewed-on: https://git.ozg-sh.de/mgm/goofy/pulls/125

Merge pull request 'OZG-3152: refactor helm chart for new dev cluster' (#125)...
273758bb · OZGCloud · 7807e172 · 7576b970 · 273758bb · 273758bb
Commit 273758bb authored 2 years ago by OZGCloud
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -195,7 +195,7 @@ pipeline {
                        dir('src/main/helm') {
                            sh "helm lint -f test-values.yaml"
-                            sh "helm unittest -f '../../test/helm/*.yaml' ."
+                            sh "helm unittest -f '../../test/helm/*.yaml' -v '../../test/unit-values.yaml' ."
                            sh "helm package --version=${HELM_CHART_VERSION} ."
@@ -467,7 +467,7 @@ Void editEnvironemntVersion(String stage, String imageTag, Boolean isEa, String
        devVersions.values.pluto.put('env', ['overrideSpringProfiles': overrideSpringProfiles])
        devVersions.versions.goofy.image.tag = imageTag
-        devVersions.charts.goofy.version = chartVersion
+        // devVersions.charts.goofy.version = chartVersion
        writeYaml file: editFile, data: devVersions, overwrite: true
    }
@@ -795,7 +795,7 @@ Void setNewGoofyProvisioningVersion(String environment) {
        def envVersions = readYaml file: envFile
        envVersions.versions.goofy.image.tag = IMAGE_TAG
-        envVersions.charts.goofy.version = HELM_CHART_VERSION
+        // envVersions.charts.goofy.version = HELM_CHART_VERSION
        writeYaml file: envFile, data: envVersions, overwrite: true
    }

--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
@@ -55,11 +55,7 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- end -}}
 {{- define "app.kop_user-manager_url" -}}
-{{- if eq (include "app.kopEnvironment" . ) "prod" -}}
+{{ printf "https://%s-%s.%s" (include "app.kopBezeichner" .) .Values.usermanagerName .Values.baseUrl }}
-{{ printf "https://%s-%s.ozg-sh.de" (include "app.kopBezeichner" .) .Values.usermanagerName }}
-{{- else -}}
-{{ printf "https://%s-%s.%s.ozg-sh.de" (include "app.kopBezeichner" .) .Values.usermanagerName (include "app.kopEnvironment" . ) }}
-{{- end -}}
 {{- end -}}
 {{- define "app.kop_user-manager_internalurl" -}}
@@ -72,11 +68,6 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- end }}
 {{- end }}
-{{/* --- region keycoak --- */}} 
-{{/* namespace sh-kiel-dev means <bundesland>-<name>-<level> */}}
-{{/* depending on level the server url is sso.dev.ozg-sh.de or sso.ozg-sh.de  */}}
-{{/* values can be overwritten */}}
 {{- define "app.kopBundesland" -}}
 {{- required "Bundesland muss angegeben sein" (.Values.kop).bundesland }}
 {{- end -}}
@@ -109,25 +100,11 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- end -}}
 {{- define "app.ssoServerUrl" -}}
-{{- if (.Values.sso).serverUrl -}}
 {{- printf "%s" .Values.sso.serverUrl -}}
-{{- else if eq (include "app.kopEnvironment" . ) "dev" -}} 
-{{ printf "https://sso.dev.ozg-sh.de" }}
-{{- else if eq (include "app.kopEnvironment" . ) "test" -}}
-{{ printf "https://sso.test.ozg-sh.de" }}
-{{- else -}}
-{{ printf "https://sso.ozg-sh.de" }}
-{{- end -}}
 {{- end -}}
 {{- define "app.baseUrl" -}}
-{{- if .Values.host -}}
+{{ printf "https://%s.%s" (include "app.kopBezeichner" .) .Values.baseUrl }}
-{{- printf "%s" .Values.host -}}
-{{- else if eq (include "app.kopEnvironment" . ) "prod" -}}
-{{ printf "https://%s.ozg-sh.de" (include "app.kopBezeichner" .) }}
-{{- else -}}
-{{ printf "https://%s.%s.ozg-sh.de" (include "app.kopBezeichner" .) (include "app.kopEnvironment" . ) }}
-{{- end -}}
 {{- end -}}
 {{- define "app.keycloakClientId" -}}

--- a/src/main/helm/templates/ingress.yaml
+++ b/src/main/helm/templates/ingress.yaml
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  {{- with .Values.ingressAnnotations }}
+  annotations:
-  annotations: {{- toYaml . | nindent 4 }}
+    cert-manager.io/cluster-issuer: letsencrypt-prod
-  {{- end }}
  name: {{ include "app.name" . }}
  namespace: {{ include "app.namespace" . }}
 spec:
+  {{- if ne (.Values).cluster_env "dataport"}}
+  ingressClassName: nginx
+  {{- end }}
  rules:
    - http:
        paths:
@@ -21,3 +23,6 @@ spec:
  tls:
    - hosts:
      - {{ trimPrefix "https://" ( include "app.baseUrl" . ) }}
+      {{- if ne (.Values).cluster_env "dataport" }}
+      secretName: {{ .Values.kop.bezeichner }}-{{ include "app.name" . }}-tls
+      {{- end }}
\ No newline at end of file
--- a/src/main/helm/test-values.yaml
+++ b/src/main/helm/test-values.yaml
@@ -2,6 +2,3 @@ kop:
  bundesland: sh
  bezeichner: helm
  environment: test
-sso:
-  apiPassword: test1234
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
+cluster_env: ""
+baseUrl: test.sh.ozg-cloud.de
+sso:
+  serverUrl: https://sso.sh.ozg-cloud.de
 imageCredentials:
  registry: docker.ozg-sh.de
  username: kop
@@ -11,11 +18,6 @@ image:
 replicaCount: 2 # [default: 2]
-ingressAnnotations:
-  kubernetes.io/ingress.class: traefik
-  traefik.ingress.kubernetes.io/router.entrypoints: websecure
-  traefik.ingress.kubernetes.io/router.tls: "true"
 usermanagerName: user-manager
 # env:

--- a/src/test/helm/deployment_defaults_affinity_test.yaml
+++ b/src/test/helm/deployment_defaults_affinity_test.yaml
@@ -6,11 +6,6 @@ templates:
  - templates/deployment.yaml
 tests:
  - it: should work
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - isKind:
          of: Deployment

--- a/src/test/helm/deployment_defaults_annotaion_test.yaml
+++ b/src/test/helm/deployment_defaults_annotaion_test.yaml
@@ -5,20 +5,16 @@ release:
 templates:
  - templates/ingress.yaml
 tests:
-  - it: check ingress annotaions if traefik v2
+  - it: check ingress annotaions for nginx
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
    asserts:
      - isKind:
          of: Ingress
      - equal:
-          path: metadata.annotations.[kubernetes.io/ingress.class]
+          path: metadata.annotations.[cert-manager.io/cluster-issuer]
-          value: traefik
+          value: letsencrypt-prod
      - equal:
-          path: metadata.annotations.[traefik.ingress.kubernetes.io/router.entrypoints]
+          path: spec.ingressClassName
-          value: websecure
+          value: nginx
      - equal:
-          path: metadata.annotations.[traefik.ingress.kubernetes.io/router.tls]
+          path: spec.tls[0].secretName
-          value: "true"
+          value: helm-goofy-tls
\ No newline at end of file
--- a/src/test/helm/deployment_defaults_env_test.yaml
+++ b/src/test/helm/deployment_defaults_env_test.yaml
 suite: test deployment
 release:
  name: goofy
-  namespace: sh-helm-prod
+  namespace: sh-helm-test
 templates:
  - templates/deployment.yaml
 tests:
  - it: check default values
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: prod
-      sso.apiPassword: test1234
    asserts:
      - isKind:
          of: Deployment
@@ -18,27 +13,27 @@ tests:
          path: spec.template.spec.containers[0].env
          content:
            name: grpc_client_pluto_address
-            value: pluto.sh-helm-prod:9090
+            value: pluto.sh-helm-test:9090
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: spring_profiles_active
-            value: oc, prod
+            value: oc, test
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: keycloak_realm
-            value: sh-helm-prod
+            value: sh-helm-test
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: keycloak_resource
-            value: sh-helm-prod-goofy      
+            value: sh-helm-test-goofy
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: keycloak_auth-server-url
-            value: https://sso.ozg-sh.de
+            value: https://sso.sh.ozg-cloud.de
      - contains:
          path: spec.template.spec.containers[0].env
          content:

--- a/src/test/helm/deployment_defaults_labels_test.yaml
+++ b/src/test/helm/deployment_defaults_labels_test.yaml
@@ -8,11 +8,6 @@ templates:
  - templates/service.yaml
 tests:
  - it: check default labels
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - equal:
          path: metadata.labels.[app.kubernetes.io/instance]

--- a/src/test/helm/deployment_defaults_spec_containers_health_test.yaml
+++ b/src/test/helm/deployment_defaults_spec_containers_health_test.yaml
@@ -6,11 +6,6 @@ templates:
  - templates/deployment.yaml
 tests:
  - it: should work
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - isKind:
          of: Deployment

--- a/src/test/helm/deployment_defaults_spec_containers_securityContext_test.yaml
+++ b/src/test/helm/deployment_defaults_spec_containers_securityContext_test.yaml
@@ -6,11 +6,6 @@ templates:
  - templates/deployment.yaml
 tests:
  - it: should work
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - isKind:
          of: Deployment

--- a/src/test/helm/deployment_defaults_spec_containers_test.yaml
+++ b/src/test/helm/deployment_defaults_spec_containers_test.yaml
@@ -6,17 +6,12 @@ templates:
  - templates/deployment.yaml
 tests:
  - it: check for some standard values
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - isKind:
          of: Deployment
      - equal:
          path: spec.template.spec.containers[0].image
-          value: "docker.ozg-sh.de/goofy:latest"
+          value: "docker.ozg-sh.de/goofy:snapshot-latest"
      - equal:
          path: spec.template.spec.containers[0].imagePullPolicy
          value: Always
@@ -44,15 +39,6 @@ tests:
      - equal:
          path: spec.template.spec.containers[0].tty
          value: true
-  - it: should add the port for metrics when scrapeMetrics is enabled
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: kiel
-      kop.environment: dev
-      sso.apiPassword: test1234
-    asserts:
-      - isKind:
-          of: Deployment
      - equal:
          path: spec.template.spec.containers[0].ports[1].containerPort
          value: 8081
@@ -62,16 +48,3 @@ tests:
      - equal:
          path: spec.template.spec.containers[0].ports[1].protocol
          value: TCP
-  - it: should not add the port for metrics when scrapeMetrics is disabled
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: kiel
-      kop.environment: dev
-      sso.apiPassword: test1234
-    asserts:
-      - isKind:
-          of: Deployment
-      - notContains:
-          path: spec.template.spec.containers[0].ports
-          content:
-            name: metrics
\ No newline at end of file
--- a/src/test/helm/deployment_defaults_spec_test.yaml
+++ b/src/test/helm/deployment_defaults_spec_test.yaml
@@ -6,11 +6,6 @@ templates:
  - templates/deployment.yaml
 tests:
  - it: should work
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - isKind:
          of: Deployment
@@ -19,7 +14,7 @@ tests:
          value: 600
      - equal:
          path: spec.replicas
-          value: 2
+          value: 5
      - equal:
          path: spec.revisionHistoryLimit
          value: 10

--- a/src/test/helm/deployment_defaults_sso_test.yaml
+++ b/src/test/helm/deployment_defaults_sso_test.yaml
 suite: test deployment
 release:
  name: goofy
-  namespace: sh-helm-prod
+  namespace: sh-helm-test
 templates:
  - templates/deployment.yaml
 tests:
  - it: check default values
-    set:
-      sso.apiPassword: SicherheitGehtVor!!1!
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: prod
    asserts:
      - isKind:
          of: Deployment
@@ -18,52 +13,26 @@ tests:
          path: spec.template.spec.containers[0].env
          content:
            name: keycloak_realm
-            value: sh-helm-prod
+            value: sh-helm-test
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: keycloak_resource
-            value: sh-helm-prod-goofy      
+            value: sh-helm-test-goofy
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: keycloak_auth-server-url
-            value: https://sso.ozg-sh.de
+            value: https://sso.sh.ozg-cloud.de
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: goofy_keycloak_api_password
-            value: SicherheitGehtVor!!1!
+            value: test1234
-  - it: check sso serverUrl for dev environment
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: name
-      kop.environment: dev
-      sso.apiPassword: test1234
-    asserts:
-      - contains:
-          path: spec.template.spec.containers[0].env
-          content:
-            name: keycloak_auth-server-url
-            value: https://sso.dev.ozg-sh.de
-  - it: check sso serverUrl for test environment
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: name
-      kop.environment: test
-      sso.apiPassword: test1234
-    asserts:
-      - contains:
-          path: spec.template.spec.containers[0].env
-          content:
-            name: keycloak_auth-server-url
-            value: https://sso.test.ozg-sh.de
  - it: check realm with long namespace
    set:
-      kop.bundesland: sh
+      kop.bezeichner: eins-zwei-drei
-      kop.bezeichner: eins-zwei
-      kop.environment: prod
-      sso.apiPassword: test1234
    asserts:
      - isKind:
          of: Deployment
@@ -71,4 +40,4 @@ tests:
          path: spec.template.spec.containers[0].env
          content:
            name: keycloak_realm
-            value: sh-eins-zwei-prod
+            value: sh-eins-zwei-drei-test
\ No newline at end of file
--- a/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
+++ b/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
@@ -6,11 +6,6 @@ templates:
  - templates/deployment.yaml
 tests:
  - it: check default values
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - isKind:
          of: Deployment

--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -5,10 +5,6 @@ tests:
  - it: check customList
    template: deployment.yaml
    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
      env.customList:
        - name: my_test_environment_name
          value: "A test value"
@@ -20,11 +16,6 @@ tests:
            value: "A test value"
  - it: check customList test value is not set by default
    template: deployment.yaml
-    set:
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - notContains:
          path: spec.template.spec.containers[0].env

--- a/src/test/helm/deployment_imageTag_test.yaml
+++ b/src/test/helm/deployment_imageTag_test.yaml
@@ -5,16 +5,12 @@ release:
 templates:
  - templates/deployment.yaml
 tests:
-  - it: should set the snapshot latest imageTag
+  - it: should set the latest imageTag
    set:
-      image.tag: snapshot-latest
+      image.tag: latest
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - isKind:
          of: Deployment
      - equal:
          path: spec.template.spec.containers[0].image
-          value: docker.ozg-sh.de/goofy:snapshot-latest
+          value: docker.ozg-sh.de/goofy:latest
\ No newline at end of file
--- a/src/test/helm/deployment_pluto_address_test.yaml
+++ b/src/test/helm/deployment_pluto_address_test.yaml
@@ -8,10 +8,6 @@ tests:
  - it: should set the pluto name
    set:
      plutoName: my-test-pluto-name
-      kop.bundesland: sh
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
    asserts:
      - contains:
          path: spec.template.spec.containers[0].env

--- a/src/test/helm/deployment_replicas_test.yaml
+++ b/src/test/helm/deployment_replicas_test.yaml
@@ -7,14 +7,10 @@ templates:
 tests:
  - it: should set the replica count
    set:
-      kop.bundesland: sh
+      replicaCount: 10
-      kop.bezeichner: helm
-      kop.environment: test
-      sso.apiPassword: test1234
-      replicaCount: 5
    asserts:
      - isKind:
          of: Deployment
      - equal:
          path: spec.replicas
-          value: 5
+          value: 10
\ No newline at end of file
--- a/src/test/helm/deployment_resources_test.yaml
+++ b/src/test/helm/deployment_resources_test.yaml
@@ -6,10 +6,7 @@ templates:
 tests:
  - it: test resources for prod environment
    set:
-      kop.bundesland: sh
-      kop.bezeichner: name
      kop.environment: prod
-      sso.apiPassword: test1234
    asserts:
      - equal:
          path: spec.template.spec.containers[0].resources.limits.cpu
@@ -25,10 +22,7 @@ tests:
          value: 250Mi
  - it: test default resources
    set:
-      kop.bundesland: sh
-      kop.bezeichner: name
      kop.environment: dev
-      sso.apiPassword: test1234
    asserts:
      - equal:
          path: spec.template.spec.containers[0].resources.limits.cpu