Adds Helm option to use independently installed Conjur connect ConfigMap #349
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diverdane
force-pushed
the
helm-use-conjur-conn-configmap
branch
from
9330e09 to
6ac1a6b
Compare
This change adds the following for the Secrets Provider stand-alone mode Helm chart: - A Helm chart value for allowing the Secrets Provider to get its Conjur connection information via an independently (i.e. outside of this Helm chart), instead of using Pod environment variables. This will allow this Helm chart in conjunction with the Kubernetes cluster prep Helm chart and the application Namespace prep Helm chart as described here: - https://github.com/cyberark/conjur-authn-k8s-client/tree/master/helm/conjur-config-namespace-prep - https://github.com/cyberark/conjur-authn-k8s-client/tree/master/helm/conjur-config-cluster-prep If the Conjur connection ConfigMap is configured, the other Conjur connect Helm chart settings are ignored. - Adds Helm unit tests that make use of the 'helm-unittest' plugin. See: https://github.com/quintush/helm-unittest/blob/master/DOCUMENT.md - Adds Helm schema validation tests based upon `helm lint ...`. - In `values.yaml`, the required settings are commented out. This is done in order for the `required` settings in `values.schema.json` to take effect. Without commenting out these settings in `values.yaml`, the Helm schema validation interprets these settings as being "set", even if they are left as is, without overriding with explicit values. - In `values.schema.json`, for any settings that have default values defined in `values.yaml`, the `required` settings in `values.schema.json` are deleted, since these settings will never be unset due to their default settings. - Added a GitHub action for running the Helm unittest and the Helm schema validation tests.
diverdane
force-pushed
the
helm-use-conjur-conn-configmap
branch
from
6ac1a6b to
fbb6d26
Compare
|
Code Climate has analyzed commit f0594e5 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 87.5% (0.0% change). View more on Code Climate. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This change adds the following for the Secrets Provider stand-alone mode
Helm chart:
A Helm chart value for allowing the Secrets Provider to get its Conjur
connection information via an independently installed (i.e. outside of this Helm
chart) Conjur connection info ConfigMap, instead of using Pod environment variables.
This will allow this Helm chart to be used in conjunction with the Kubernetes cluster
prep Helm chart and the application Namespace prep Helm chart as described here:
If the Conjur connection ConfigMap is configured, the other Conjur connect
Helm chart settings are ignored.
Adds Helm unit tests that make use of the 'helm-unittest' plugin. See:
https://github.com/quintush/helm-unittest/blob/master/DOCUMENT.md
Adds Helm schema validation tests based upon
helm lint ....In
values.yaml, the required settings are commented out. This is donein order for the
requiredsettings invalues.schema.jsonto takeeffect, so that the error message that is generated when a required
setting is not provided is abundantly clear that a the required setting
is missing. Without commenting out these settings in
values.yaml, theHelm
values.schema.jsonvalidation interprets these settings as alwaysbeing "set".
In
values.schema.json, for any settings that have default valuesdefined in
values.yaml, therequiredsettings invalues.schema.jsonare deleted, since these settings will neverbe unset due to their default settings.
Adds a GitHub action for running the Helm unittest and the Helm
schema validation test.
What ticket does this PR close?
This PR is a pre-requisite change for a couple of issues in the cyberark/conjur-authn-k8s-client repository:
Checklists
Change log
Test coverage
Documentation
READMEs) were updated in this PR, and/or there is a follow-on issue to update docs, or