diff --git a/bayernid-proxy-interface/pom.xml b/bayernid-proxy-interface/pom.xml
index bbdaf180b6520d41a163138c882c0dae58330cd7..7e6f940848f31f61cd9d3cebd39e54b352c5684d 100644
--- a/bayernid-proxy-interface/pom.xml
+++ b/bayernid-proxy-interface/pom.xml
@@ -30,7 +30,7 @@
<parent>
<groupId>de.ozgcloud.common</groupId>
<artifactId>ozgcloud-common-dependencies</artifactId>
- <version>4.5.0-SNAPSHOT</version>
+ <version>4.5.0</version>
<relativePath/>
</parent>
diff --git a/pom.xml b/pom.xml
index 88cb5b3c2d1880325d01db68a8a8456815f71146..9ac1e766dd003d329e9d834794c2d14101fbce0a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,7 +31,7 @@
<parent>
<groupId>de.ozgcloud.common</groupId>
<artifactId>ozgcloud-common-parent</artifactId>
- <version>4.5.0-SNAPSHOT</version>
+ <version>4.5.0</version>
<relativePath/>
</parent>
diff --git a/src/main/helm/templates/_helpers.tpl b/src/main/helm/templates/_helpers.tpl
index 591374806e479479021290713461546c3c3f11c3..7366513307c499736870b793bc78d12278e95326 100644
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
@@ -4,18 +4,25 @@
app.kubernetes.io/instance: bayernid-proxy
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ .Release.Name }}
-app.kubernetes.io/namespace: {{ .Release.Namespace }}
+app.kubernetes.io/namespace: {{ include "app.namespace" . }}
app.kubernetes.io/part-of: ozgcloud
app.kubernetes.io/version: {{ .Chart.Version }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" }}
app.kubernetes.io/component: bayernid-proxy
-component: bayernid-proxy
{{- end -}}
+{{/* error check 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) */}}
+{{/* Namespace */}}
+{{- define "app.namespace" -}}
+{{- if gt (len (.Release.Namespace)) 63 -}}
+{{- fail (printf ".Release.Namespace %s ist zu lang (max. 63 Zeichen)" .Release.Namespace) -}}
+{{- end -}}
+{{ printf "%s" .Release.Namespace }}
+{{- end -}}
+
{{- define "app.matchLabels" }}
app.kubernetes.io/name: {{ .Release.Name }}
-app.kubernetes.io/namespace: {{ .Release.Namespace }}
-component: bayernid-proxy
+app.kubernetes.io/namespace: {{ include "app.namespace" . }}
{{- end -}}
{{- define "app.envSpringProfiles" }}
diff --git a/src/main/helm/templates/configmap_bindings_type.yaml b/src/main/helm/templates/configmap_bindings_type.yaml
index d56b2505d154567012dff38fe9ef5b50887b45a5..6e64b9a162baa6d8adbfe2ae4d773406b50fc939 100644
--- a/src/main/helm/templates/configmap_bindings_type.yaml
+++ b/src/main/helm/templates/configmap_bindings_type.yaml
@@ -26,7 +26,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: bindings-type
- namespace: {{ .Release.Namespace }}
+ namespace: {{ include "app.namespace" . }}
data:
type: |
ca-certificates
\ No newline at end of file
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index f1aadaee30f8dcdd3fa17fcb61678dfbd281fd46..adabc841451041d927704f8da03742a893215cb2 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -26,9 +26,10 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ include "app.namespace" . }}
labels:
{{- include "app.defaultLabels" . | indent 4 }}
+ component: bayernid-proxy
spec:
progressDeadlineSeconds: 600
replicas: {{ .Values.replicaCount }}
@@ -36,6 +37,7 @@ spec:
selector:
matchLabels:
{{- include "app.matchLabels" . | indent 6 }}
+ component: bayernid-proxy
strategy:
rollingUpdate:
maxSurge: 1
@@ -45,6 +47,7 @@ spec:
metadata:
labels:
{{- include "app.defaultLabels" . | indent 8 }}
+ component: bayernid-proxy
spec:
{{- if (.Values.serviceAccount).create }}
serviceAccountName: {{ include "app.serviceAccountName" . }}
diff --git a/src/main/helm/templates/grpc_certificate.yaml b/src/main/helm/templates/grpc_certificate.yaml
index 94943b038637c582e735426af31c27de51ec0a47..4f294c96c6b1220cd148a91d228acc8e0b1added 100644
--- a/src/main/helm/templates/grpc_certificate.yaml
+++ b/src/main/helm/templates/grpc_certificate.yaml
@@ -27,11 +27,11 @@ apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: bayernid-proxy-grpc-tls-certificate
- namespace: {{ .Release.Namespace }}
+ namespace: {{ include "app.namespace" . }}
spec:
secretName: bayernid-proxy-grpc-tls-cert
issuerRef:
- name: {{ .Release.Namespace }}-ca-issuer
+ name: {{ include "app.namespace" . }}-ca-issuer
kind: Issuer
duration: 8760h0m0s # 1 Jahr
renewBefore: 5840h0m0s # 8 Monate
@@ -40,10 +40,10 @@ spec:
algorithm: RSA
encoding: PKCS8
dnsNames:
- - "*.{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local"
- - "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local"
- - "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster"
- - "{{ .Release.Name }}.{{ .Release.Namespace }}.svc"
- - "{{ .Release.Name }}.{{ .Release.Namespace }}"
+ - "*.{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local"
+ - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local"
+ - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster"
+ - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc"
+ - "{{ .Release.Name }}.{{ include "app.namespace" . }}"
- "{{ .Release.Name }}"
{{- end }}
\ No newline at end of file
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index 35c46c125ff3963c3ed081d5286b37036d475c0a..4e6bce277abdb8b56db1ce55ca9cd4151662e0c7 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -27,7 +27,7 @@ apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: network-policy-bayernid-proxy
- namespace: {{ .Release.Namespace }}
+ namespace: {{ include "app.namespace" . }}
spec:
podSelector:
matchLabels:
@@ -43,6 +43,13 @@ spec:
podSelector:
matchLabels:
component: vorgang-manager
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ name: {{ (.Values.networkPolicy).monitoringNamespace | default "openshift-user-workload-monitoring" }}
+ ports:
+ - protocol: TCP
+ port: 8081
{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
{{ toYaml . | indent 2 }}
{{- end }}
diff --git a/src/main/helm/templates/service.yaml b/src/main/helm/templates/service.yaml
index ed6467de511d8fddec146bd3fb2a96791f7f7a8f..532b76c955fee9570f85fd2651335a065e15076e 100644
--- a/src/main/helm/templates/service.yaml
+++ b/src/main/helm/templates/service.yaml
@@ -26,9 +26,10 @@ apiVersion: v1
kind: Service
metadata:
name: {{.Release.Name }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ include "app.namespace" . }}
labels:
{{- include "app.defaultLabels" . | indent 4 }}
+ component: bayernid-proxy
spec:
type: ClusterIP
ports:
@@ -40,3 +41,4 @@ spec:
protocol: TCP
selector:
{{- include "app.matchLabels" . | indent 4 }}
+ component: bayernid-proxy
diff --git a/src/main/helm/templates/service_account.yaml b/src/main/helm/templates/service_account.yaml
index 231d53f52dfe67b27f474ebf552d1e10a052f042..3bac8e223d1fd108b386d1f06ed4e9fb2284a67c 100644
--- a/src/main/helm/templates/service_account.yaml
+++ b/src/main/helm/templates/service_account.yaml
@@ -27,5 +27,5 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "app.serviceAccountName" . }}
- namespace: {{ .Release.Namespace }}
+ namespace: {{ include "app.namespace" . }}
{{- end }}
\ No newline at end of file
diff --git a/src/main/helm/templates/service_monitor.yaml b/src/main/helm/templates/service_monitor.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a8e022b40568c35d246ca22f77f88a161592185c
--- /dev/null
+++ b/src/main/helm/templates/service_monitor.yaml
@@ -0,0 +1,43 @@
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ .Release.Name }}
+ namespace: {{ include "app.namespace" . }}
+ labels:
+ {{- include "app.defaultLabels" . | indent 4 }}
+ component: bayernid-proxy-service-monitor
+spec:
+ endpoints:
+ - port: metrics
+ path: /actuator/prometheus
+ namespaceSelector:
+ matchNames:
+ - {{ include "app.namespace" . }}
+ selector:
+ matchLabels:
+ {{- include "app.matchLabels" . | indent 6 }}
+ component: bayernid-proxy
\ No newline at end of file
diff --git a/src/test/helm/deployment_63_char_test.yaml b/src/test/helm/deployment_63_char_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6aa7af646b647c6a193413ed24b5f78fa9a97440
--- /dev/null
+++ b/src/test/helm/deployment_63_char_test.yaml
@@ -0,0 +1,48 @@
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deyploment less than 63 chars
+release:
+ name: bayernid-proxy
+ namespace: by-helm-test
+
+templates:
+ - templates/deployment.yaml
+set:
+ ozgcloud:
+ environment: dev
+ bayernid:
+ server: "https://test"
+ certificateSecretName: "bayernidCertificat"
+
+tests:
+ - it: should fail on .Release.Namespace length longer than 63 characters
+ release:
+ namespace: test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890
+ asserts:
+ - failedTemplate:
+ errorMessage: .Release.Namespace test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890 ist zu lang (max. 63 Zeichen)
+ - it: should not fail on .Release.Namespace length less than 63 characters
+ asserts:
+ - notFailedTemplate: {}
\ No newline at end of file
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index e8adaa912e8ca2ca7a5f85c14a1cf04f15f00a88..87a413a71650374c6fb50334a34c0ae698a61e41 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -77,6 +77,15 @@ tests:
podSelector:
matchLabels:
component: vorgang-manager
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ name: openshift-user-workload-monitoring
+ ports:
+ - port: 8081
+ protocol: TCP
+
+
egress:
- to:
- namespaceSelector:
@@ -91,6 +100,22 @@ tests:
protocol: UDP
- port: 5353
protocol: TCP
+ - it: should set rule for monitoring
+ set:
+ networkPolicy:
+ dnsServerNamespace: test-dns-namespace
+ monitoringNamespace: test-monitoring
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - namespaceSelector:
+ matchLabels:
+ name: test-monitoring
+ ports:
+ - port: 8081
+ protocol: TCP
- it: add ingress rule by values local
set:
diff --git a/src/test/helm/service_monitor_test.yaml b/src/test/helm/service_monitor_test.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ba8983c365d364184ce8937977139ce1866e36cc
--- /dev/null
+++ b/src/test/helm/service_monitor_test.yaml
@@ -0,0 +1,92 @@
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test service_monitor
+release:
+ name: bayernid-proxy
+ namespace: sh-helm-test
+templates:
+ - templates/service_monitor.yaml
+tests:
+ - it: should have basic info and the label component with value bayernid-proxy-service-monitor attached
+ asserts:
+ - isKind:
+ of: ServiceMonitor
+ - isAPIVersion:
+ of: monitoring.coreos.com/v1
+ - equal:
+ path: metadata.name
+ value: bayernid-proxy
+ - equal:
+ path: metadata.namespace
+ value: sh-helm-test
+ - equal:
+ path: metadata.labels["component"]
+ value: bayernid-proxy-service-monitor
+
+ - it: should contain default lables and component lables
+ asserts:
+ - equal:
+ path: metadata.labels
+ value:
+ app.kubernetes.io/component: bayernid-proxy
+ app.kubernetes.io/instance: bayernid-proxy
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: bayernid-proxy
+ app.kubernetes.io/namespace: sh-helm-test
+ app.kubernetes.io/part-of: ozgcloud
+ app.kubernetes.io/version: 0.0.0-MANAGED-BY-JENKINS
+ component: bayernid-proxy-service-monitor
+ helm.sh/chart: bayernid-proxy-0.0.0-MANAGED-BY-JENKINS
+
+ - it: should have the metrics endpoint configured by default
+ set:
+ env.springProfiles: oc,stage
+ asserts:
+ - contains:
+ path: spec.endpoints
+ content:
+ port: metrics
+ path: /actuator/prometheus
+ - it: should be able to enable the endpoint
+ asserts:
+ - contains:
+ path: spec.endpoints
+ content:
+ port: metrics
+ path: /actuator/prometheus
+ - it: namespace selector should contain the namespace
+ asserts:
+ - contains:
+ path: spec.namespaceSelector.matchNames
+ content: sh-helm-test
+
+ - it: selector should contain helm recommended labels name and namespace
+ asserts:
+ - equal:
+ path: spec.selector.matchLabels
+ value:
+ app.kubernetes.io/name: bayernid-proxy
+ app.kubernetes.io/namespace: sh-helm-test
+ component: bayernid-proxy