refactor!: Configuration settings for services exposed by heimdall si…

…mplified (#2089)
dadrus · Jan 9, 2025 · 02d91d6 · 02d91d6
1 parent c579122
commit 02d91d6
Show file tree

Hide file tree

Showing 73 changed files with 589 additions and 851 deletions.
diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yaml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yaml
@@ -62,8 +62,7 @@ body:
       render: yml
       placeholder: |
         serve:
-          decision:
-            port: 1234
+          port: 1234
 
   - id: version
     type: input

diff --git a/DockerHub-README.md b/DockerHub-README.md
@@ -37,23 +37,23 @@ default_rule:
 Start heimdall:
 
 ```bash
-docker run -t -p 4456:4456 -v $PWD:/heimdall/conf \
+docker run -t -p 4455:4455 -v $PWD:/heimdall/conf \
   dadrus/heimdall:latest serve decision -c /heimdall/conf/heimdall.yaml
 ```
 
 Call the decision service endpoint to emulate behavior of an API-Gateway:
 
 ```bash
-curl -v 127.0.0.1:4456/foobar
+curl -v 127.0.0.1:4455/foobar
 ```
 
 You should now see similar output to the following snippet:
 
 ```bash
-*   Trying 127.0.0.1:4456...
-* Connected to 127.0.0.1 (127.0.0.1) port 4456 (#0)
+*   Trying 127.0.0.1:4455...
+* Connected to 127.0.0.1 (127.0.0.1) port 4455 (#0)
 > GET /foobar HTTP/1.1
-> Host: 127.0.0.1:4456
+> Host: 127.0.0.1:4455
 > User-Agent: curl/7.74.0
 > Accept: */*
 >

diff --git a/charts/heimdall/Chart.yaml b/charts/heimdall/Chart.yaml
@@ -17,7 +17,7 @@
 apiVersion: v2
 name: heimdall
 description: A cloud native Identity Aware Proxy and Access Control Decision Service
-version: 0.14.4
+version: 0.15.0
 appVersion: latest
 kubeVersion: ^1.27.0
 type: application

diff --git a/charts/heimdall/README.adoc b/charts/heimdall/README.adoc
@@ -333,30 +333,20 @@ a| `service.annotations`
 Enables you to set additional annotations for the created services
 a| `{}` (empty map)
 
-a| `service.decision.port`
+a| `service.main.port`
 
-The port exposed by the k8s Service created for heimdall's decision endpoint. Only used if the `operationMode` is set to `decision`.
-a| `4456`
+The main port exposed by the k8s Service created for heimdall.
+a| `4455`
 
-a| `service.decision.name`
+a| `service.main.name`
 
-The name of the port exposed by the k8s Service created for heimdall's decision endpoint. Only used if the `operationMode` is set to `decision`.
-a| `decision`
-
-a| `service.proxy.port`
-
-The port exposed by the k8s Service created for heimdall's proxy endpoint. Only used if the `operationMode` is set to `proxy`.
-a| `4456`
-
-a| `service.proxy.name`
-
-The name of the port exposed by the k8s Service created for heimdall's proxy endpoint. Only used if the `operationMode` is set to `proxy`.
-a| `proxy`
+The name of the port exposed by the k8s Service created for heimdall.
+a| `main`
 
 a| `service.management.port`
 
-The port exposed by the k8s Service created for heimdall's proxy endpoint. Only used if the `operationMode` is set to `proxy`.
-a| `4456`
+The port exposed by the k8s Service created for heimdall's management endpoint.
+a| `4457`
 
 a| `service.management.name`
 

diff --git a/charts/heimdall/templates/NOTES.txt b/charts/heimdall/templates/NOTES.txt
@@ -4,7 +4,7 @@ Heimdall is installed and configured to operate in decision mode.
 To integrate heimdall with your Ingress Controller, you have to annotate the corresponding
 Ingress resources to use it as authentication middleware and forward the requests to
 
-"http://{{ include "heimdall.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.decision.port }}".
+"http://{{ include "heimdall.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.main.port }}".
 
 as well as forward the HTTP headers and/or cookies from heimdall responses to the upstream
 services. Consult the Ingress Controller documentation of your choice on how to achieve this.

diff --git a/charts/heimdall/templates/configmap.yaml b/charts/heimdall/templates/configmap.yaml
@@ -28,6 +28,11 @@ data:
       {{- toYaml . | nindent 6 }}
     {{- end }}
 
+    {{- with .Values.management }}
+    management:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+
     {{- with .Values.log }}
     log:
       {{- toYaml . | nindent 6 }}

diff --git a/charts/heimdall/templates/deployment.yaml b/charts/heimdall/templates/deployment.yaml
@@ -78,18 +78,12 @@ spec:
               {{- toYaml . | nindent 12 }}
             {{- end }}
           ports:
-            {{- if eq .Values.operationMode "decision" }}
-            - name: http-decision
-              containerPort: {{ .Values.serve.decision.port }}
+            - name: http-main
+              containerPort: {{ .Values.serve.port }}
               protocol: TCP
-            {{- else }}
-            - name: http-proxy
-              containerPort: {{ .Values.serve.proxy.port }}
-              protocol: TCP
-            {{- end }}
             - name: http-management
               protocol: TCP
-              containerPort: {{ .Values.serve.management.port }}
+              containerPort: {{ .Values.management.port }}
             {{- if contains "prometheus" ( .Values.env.OTEL_METRICS_EXPORTER | default "") }}
             - name: http-metrics
               protocol: TCP

diff --git a/charts/heimdall/templates/service.yaml b/charts/heimdall/templates/service.yaml
@@ -31,17 +31,10 @@ spec:
       targetPort: http-management
       protocol: TCP
       name: {{ .Values.service.management.name }}
-      {{- if eq .Values.operationMode "decision" }}
-    - port: {{ .Values.service.decision.port }}
-      targetPort: http-decision
+    - port: {{ .Values.service.main.port }}
+      targetPort: http-main
       protocol: TCP
-      name: {{ .Values.service.decision.name }}
-      {{- else }}
-    - port: {{ .Values.service.proxy.port }}
-      targetPort: http-proxy
-      protocol: TCP
-      name: {{ .Values.service.proxy.name }}
-      {{- end }}
+      name: {{ .Values.service.main.name }}
       {{- $providers := default dict .Values.providers }}
       {{- $kubernetes := default dict $providers.kubernetes }}
       {{- if $kubernetes.tls }}

diff --git a/charts/heimdall/tests/configmap_test.yaml b/charts/heimdall/tests/configmap_test.yaml
@@ -58,12 +58,9 @@ tests:
           value:
             |-
             serve:
-              decision:
-                port: 4456
-              management:
-                port: 4457
-              proxy:
-                port: 4455
+              port: 4455
+            management:
+              port: 4457
             profiling:
               enabled: false
               host: 0.0.0.0
@@ -72,41 +69,40 @@ tests:
   - it: should allow configuration of any heimdall setting
     set:
       serve:
-        decision:
-          host: 127.0.0.1
-          tls:
-            key_store:
-              path: /path/to/keystore.pem
-              password: VerySecure!
-          timeout:
-            read: 1s
-            write: 2s
-            idle: 30s
-          buffer_limit:
-            read: 4KB
-            write: 10KB
-          trusted_proxies:
-            - 192.168.1.0/24
-          respond:
-            verbose: true
-            with:
-              authentication_error:
-                code: 404
-              authorization_error:
-                code: 404
-        management:
-          host: 127.0.0.1
-          tls:
-            key_store:
-              path: /path/to/keystore.pem
-              password: VerySecure!
-          timeout:
-            read: 1s
-            write: 2s
-            idle: 30s
-          buffer_limit:
-            read: 4KB
-            write: 10KB
+        host: 127.0.0.1
+        tls:
+          key_store:
+            path: /path/to/keystore.pem
+            password: VerySecure!
+        timeout:
+          read: 1s
+          write: 2s
+          idle: 30s
+        buffer_limit:
+          read: 4KB
+          write: 10KB
+        trusted_proxies:
+          - 192.168.1.0/24
+        respond:
+          verbose: true
+          with:
+            authentication_error:
+              code: 404
+            authorization_error:
+              code: 404
+      management:
+        host: 127.0.0.1
+        tls:
+          key_store:
+            path: /path/to/keystore.pem
+            password: VerySecure!
+        timeout:
+          read: 1s
+          write: 2s
+          idle: 30s
+        buffer_limit:
+          read: 4KB
+          write: 10KB
       metrics:
         enabled: true
       profiling:
@@ -174,45 +170,42 @@ tests:
           value:
             |-
             serve:
-              decision:
-                buffer_limit:
-                  read: 4KB
-                  write: 10KB
-                host: 127.0.0.1
-                port: 4456
-                respond:
-                  verbose: true
-                  with:
-                    authentication_error:
-                      code: 404
-                    authorization_error:
-                      code: 404
-                timeout:
-                  idle: 30s
-                  read: 1s
-                  write: 2s
-                tls:
-                  key_store:
-                    password: VerySecure!
-                    path: /path/to/keystore.pem
-                trusted_proxies:
-                - 192.168.1.0/24
-              management:
-                buffer_limit:
-                  read: 4KB
-                  write: 10KB
-                host: 127.0.0.1
-                port: 4457
-                timeout:
-                  idle: 30s
-                  read: 1s
-                  write: 2s
-                tls:
-                  key_store:
-                    password: VerySecure!
-                    path: /path/to/keystore.pem
-              proxy:
-                port: 4455
+              buffer_limit:
+                read: 4KB
+                write: 10KB
+              host: 127.0.0.1
+              port: 4455
+              respond:
+                verbose: true
+                with:
+                  authentication_error:
+                    code: 404
+                  authorization_error:
+                    code: 404
+              timeout:
+                idle: 30s
+                read: 1s
+                write: 2s
+              tls:
+                key_store:
+                  password: VerySecure!
+                  path: /path/to/keystore.pem
+              trusted_proxies:
+              - 192.168.1.0/24
+            management:
+              buffer_limit:
+                read: 4KB
+                write: 10KB
+              host: 127.0.0.1
+              port: 4457
+              timeout:
+                idle: 30s
+                read: 1s
+                write: 2s
+              tls:
+                key_store:
+                  password: VerySecure!
+                  path: /path/to/keystore.pem
             log:
               format: gelf
               level: debug