tidepool-org · toddkazakov · Nov 13, 2024 · Nov 13, 2024 · Nov 13, 2024 · Nov 13, 2024
diff --git a/charts/tidepool/Chart.lock b/charts/tidepool/Chart.lock
@@ -3,4 +3,4 @@ dependencies:
   repository: file://../keycloak
   version: 0.4.3
 digest: sha256:9e8e11d23104da89789675b1676fe7299309fb7eeae7a22c0a2ba6ab169c3fa2
-generated: "2024-11-22T13:46:17.203655+02:00"
+generated: "2024-11-13T11:22:02.195889+02:00"
diff --git a/charts/tidepool/charts/auth/templates/1-deployment-private.yaml b/charts/tidepool/charts/auth/templates/1-deployment-private.yaml
@@ -0,0 +1,236 @@
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: auth-private
+{{ include "charts.labels.standard" .}}
+  name: auth-private
+  namespace: {{.Release.Namespace}}
+  annotations:
+    secret.reloader.stakater.com/reload: "server,{{ .Values.mongo.secretName }},dexcom,auth"
+    configmap.reloader.stakater.com/reload: "dexcom"
+{{ if .Values.deployment.annotations }}
+    {{- .Values.deployment.annotations | toYaml | nindent 4 }}
+{{- end }}
+spec:
+  selector:
+    matchLabels:
+      app: auth
+      app.kubernetes.io/name: {{ include "charts.name" . }}-private
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  replicas: {{ .Values.deployment.replicas | default 1 }}
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: auth
+        app.kubernetes.io/name: {{ include "charts.name" . }}-private
+        app.kubernetes.io/instance: {{ .Release.Name }}
+{{ if .Values.podAnnotations }}
+      annotations:
+        {{- .Values.podAnnotations | toYaml | nindent 8 }}
+{{- end }}
+    spec:
+      initContainers:
+      {{ include "charts.init.shoreline" .}}
+      {{ if .Values.initContainers }}
+{{- with .Values.initContainers }}
+{{toYaml . | indent 6}}{{- end }}
+      {{- end }}
+      containers:
+      - env:
+        {{ include "charts.platform.env.mongo" .}}
+        {{ include "charts.platform.env.misc" .}}
+        {{ include "charts.platform.env.clients" .}}
+        {{ include "charts.kafka.common" .}}
+        {{ include "charts.kafka.cloudevents.client" (dict "Values" .Values "Release" .Release "client" "auth") }}
+        - name: TIDEPOOL_SERVICE_PROVIDER_DEXCOM_AUTHORIZE_URL
+          valueFrom:
+            configMapKeyRef:
+              name: dexcom
+              key: AuthorizeURL
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_DEXCOM_REDIRECT_URL
+          valueFrom:
+            configMapKeyRef:
+              name: dexcom
+              key: RedirectURL
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_DEXCOM_SCOPES
+          valueFrom:
+            configMapKeyRef:
+              name: dexcom
+              key: Scopes
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_DEXCOM_TOKEN_URL
+          valueFrom:
+            configMapKeyRef:
+              name: dexcom
+              key: TokenURL
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_DEXCOM_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: dexcom
+              key: ClientId
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_DEXCOM_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: dexcom
+              key: ClientSecret
+              optional: true
+        - name: TIDEPOOL_SERVICE_PROVIDER_DEXCOM_STATE_SALT
+          valueFrom:
+            secretKeyRef:
+              name: dexcom
+              key: StateSalt
+              optional: true
+        - name: TIDEPOOL_AUTH_SERVICE_DOMAIN
+          value: {{ .Values.global.gateway.default.domain }}
+        - name: TIDEPOOL_AUTH_SERVICE_SERVER_ADDRESS
+          value: :{{.Values.global.ports.auth_private}}
+        - name: TIDEPOOL_AUTH_SERVICE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: auth
+              key: ServiceAuth
+        - name: TIDEPOOL_APPLE_DEVICE_CHECKER_PRIVATE_KEY
+          valueFrom:
+            secretKeyRef:
+              name: auth
+              key: AppleDeviceCheckKey
+              optional: true
+        - name: TIDEPOOL_APPLE_DEVICE_CHECKER_KEY_ID
+          valueFrom:
+            configMapKeyRef:
+              name: auth
+              key: AppleDeviceCheckKeyId
+              optional: true
+        - name: TIDEPOOL_APPLE_DEVICE_CHECKER_KEY_ISSUER
+          valueFrom:
+            configMapKeyRef:
+              name: auth
+              key: AppleDeviceCheckKeyIssuer
+              optional: true
+        - name: TIDEPOOL_APPLE_DEVICE_CHECKER_USE_DEVELOPMENT
+          valueFrom:
+            configMapKeyRef:
+              name: auth
+              key: AppleDeviceCheckUseDevelopment
+              optional: true
+        - name: TIDEPOOL_APPVALIDATION_USE_DEVELOPMENT
+          valueFrom:
+            configMapKeyRef:
+              name: auth
+              key: AppValidationUseDevelopment
+              optional: true
+        - name: TIDEPOOL_APPVALIDATION_APPLE_APP_IDS
+          valueFrom:
+            configMapKeyRef:
+              name: auth
+              key: AppValidationAppleAppIds
+              optional: true
+        - name: TIDEPOOL_APPVALIDATION_CHALLENGE_SIZE
+          valueFrom:
+            configMapKeyRef:
+              name: auth
+              key: AppValidationChallengeSize
+              optional: true
+        - name: COASTAL_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: coastal
+              key: apiKey
+              optional: true
+        - name: COASTAL_BASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: coastal
+              key: baseUrl
+              optional: true
+        - name: COASTAL_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: coastal
+              key: clientId
+              optional: true
+        - name: COASTAL_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: coastal
+              key: clientSecret
+              optional: true
+        - name: COASTAL_RC_TYPE_ID
+          valueFrom:
+            secretKeyRef:
+              name: coastal
+              key: rcTypeId
+              optional: true
+        - name: COASTAL_PRIVATE_KEY_DATA
+          valueFrom:
+            secretKeyRef:
+              name: coastal
+              key: privateKeyData
+              optional: true
+        - name: PALMTREE_BASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: palmtree
+              key: baseUrl
+              optional: true
+        - name: PALMTREE_CAL_ID
+          valueFrom:
+            secretKeyRef:
+              name: palmtree
+              key: calId
+              optional: true
+        - name: PALMTREE_PROFILE_ID
+          valueFrom:
+            secretKeyRef:
+              name: palmtree
+              key: profileId
+              optional: true
+        - name: PALMTREE_TLS_CERT_DATA
+          valueFrom:
+            secretKeyRef:
+              name: palmtree
+              key: tlsCertData
+              optional: true
+        - name: PALMTREE_TLS_KEY_DATA
+          valueFrom:
+            secretKeyRef:
+              name: palmtree
+              key: tlsKeyData
+              optional: true
+        image: "{{ .Values.deployment.imagePrivate }}"
+        securityContext:
+          {{- .Values.podSecurityContext | toYaml | nindent 10 }}
+        {{ template "charts.platform.probes" .Values.global.ports.auth_private}}
+        name: auth
+        ports:
+        - containerPort: {{.Values.global.ports.auth_private}}
+          name: "http"
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+      {{ if .Values.deployment.imagePullSecretName }}
+      imagePullSecrets:
+      - name: {{ .Values.deployment.imagePullSecretName | quote }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.securityContext | nindent 8 }}
+      restartPolicy: Always
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
diff --git a/charts/tidepool/charts/auth/templates/2-service-private.yaml b/charts/tidepool/charts/auth/templates/2-service-private.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: auth-private
+{{ include "charts.labels.standard" .}}
+  name: auth-private
+  namespace: {{.Release.Namespace}}
+spec:
+  ports:
+  - name: "http"
+    port: {{.Values.global.ports.auth_private}}
+    targetPort: "http"
+  selector:
+    app: auth
+    app.kubernetes.io/name: {{ include "charts.name" . }}-private
+    app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/charts/tidepool/charts/auth/templates/4-routetable.yaml b/charts/tidepool/charts/auth/templates/4-routetable.yaml
@@ -80,6 +80,35 @@ spec:
     options:
       extauth:
         disable: true
+  - matchers:
+    - methods:
+      - GET
+      - DELETE
+      exact: /v1/oauth/abbott/authorize
+    routeAction:
+      single:
+        kube:
+          ref:
+            name: auth-private
+            namespace: {{ .Release.Namespace }}
+          port: {{ .Values.global.ports.auth_private }}
+    options:
+      extauth:
+        disable: true
+  - matchers:
+    - methods:
+      - GET
+      exact: /v1/oauth/abbott/redirect
+    routeAction:
+      single:
+        kube:
+          ref:
+            name: auth-private
+            namespace: {{ .Release.Namespace }}
+          port: {{ .Values.global.ports.auth_private }}
+    options:
+      extauth:
+        disable: true
   - matchers:
     - methods:
       - GET

diff --git a/charts/tidepool/charts/auth/values.yaml b/charts/tidepool/charts/auth/values.yaml
@@ -15,6 +15,10 @@ configmap:
 deployment:
   # -- auth Docker image
   image: tidepool/platform-auth:master-latest
+  # -- auth Docker image
+  imagePrivate: tidepool/platform-private-auth:master-latest
+  # -- The name of the docker secret used for pulling the private images
+  imagePullSecretName:
   # -- number of replicas to deploy
   replicas: 1
 initContainers: []

diff --git a/charts/tidepool/charts/data/templates/1-deployment-private.yaml b/charts/tidepool/charts/data/templates/1-deployment-private.yaml
@@ -0,0 +1,86 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: data-private
+{{ include "charts.labels.standard" .}}
+  name: data-private
+  namespace: {{.Release.Namespace}}
+  annotations:
+    secret.reloader.stakater.com/reload: "server,{{ .Values.mongo.secretName }},data"
+{{ if .Values.deployment.annotations }}
+    {{- .Values.deployment.annotations | toYaml | nindent 4 }}
+{{- end }}
+spec:
+  selector:
+    matchLabels:
+      app: data-private
+      app.kubernetes.io/name: {{ include "charts.name" . }}-private
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  replicas: {{ .Values.deployment.replicas }}
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: data-private
+        app.kubernetes.io/name: {{ include "charts.name" . }}-private
+        app.kubernetes.io/instance: {{ .Release.Name }}
+{{ if .Values.podAnnotations }}
+      annotations:
+        {{- .Values.podAnnotations | toYaml | nindent 8 }}
+{{- end }}
+    spec:
+      initContainers:
+      {{ include "charts.init.shoreline" .}}
+      {{ if .Values.initContainers }}
+{{- with .Values.initContainers }}
+{{toYaml . | indent 6}}{{- end }}
+      {{- end }}
+      containers:
+      - env:
+        {{ include "charts.platform.env.mongo" .}}
+        {{ include "charts.platform.env.misc" .}}
+        {{ include "charts.platform.env.clients" .}}
+        {{ include "charts.kafka.common" .}}
+        {{ include "charts.kafka.cloudevents.client" (dict "Values" .Values "Release" .Release "client" "data") }}
+        - name: TIDEPOOL_DATA_SERVICE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: data
+              key: ServiceAuth
+        - name: TIDEPOOL_DATA_SERVICE_SERVER_ADDRESS
+          value: :{{ .Values.global.ports.data_private }}
+        - name: TIDEPOOL_DEPRECATED_DATA_STORE_DATABASE
+          value: data
+        - name: TIDEPOOL_SYNC_TASK_STORE_DATABASE
+          value: data
+        image: "{{ .Values.deployment.imagePrivate }}"
+        securityContext:
+          {{- .Values.podSecurityContext | toYaml | nindent 10 }}
+        {{ template "charts.platform.probes" .Values.global.ports.data_private }}
+        name: data-private
+        ports:
+        - containerPort: {{.Values.global.ports.data_private}}
+          name: "http"
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+      {{ if .Values.deployment.imagePullSecretName }}
+      imagePullSecrets:
+      - name: {{ .Values.deployment.imagePullSecretName | quote }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.securityContext | nindent 8 }}
+      restartPolicy: Always
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}