Merge pull request #36 from patoarvizu/host_helm_chart

Host helm chart
patoarvizu · Sep 15, 2020 · 7602c8b · 7602c8b
2 parents 2ba205b + 4edf5a0
commit 7602c8b
Show file tree

Hide file tree

Showing 8 changed files with 58 additions and 8 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -74,7 +74,7 @@ jobs:
           helm install vault-dynamic-configuration-operator helm/vault-dynamic-configuration-operator/ -n vault
           sleep 60
           go test github.com/patoarvizu/vault-dynamic-configuration-operator/test/e2e -v -ginkgo.focus="Single namespace"
-          helm upgrade vault-dynamic-configuration-operator helm/vault-dynamic-configuration-operator/ -n vault --set boundRolesToAllNamespaces=true
+          helm upgrade vault-dynamic-configuration-operator helm/vault-dynamic-configuration-operator/ -n vault --set flags.boundRolesToAllNamespaces=true
           go test github.com/patoarvizu/vault-dynamic-configuration-operator/test/e2e -v -ginkgo.focus="All namespaces"
     - save_cache:
         key: vault-dynamic-configuration-operator-golang-cache-{{ checksum "go.sum" }}

diff --git a/README.md b/README.md
@@ -52,7 +52,7 @@ Flag | Description | Default
  `--target-vault-name` | Name of the Bank-Vaults CRD to target for modifications. The CRD must be deployed in the same namespace as the operator. | `vault`
  `--annotation-prefix` | The prefix to all annotations used and discovered by the controller. | `vault.patoarvizu.dev`
  `--auto-configure-annotation` | The annotation that must be appended to the `--annotation-prefix` value (with a `/` as a separator between the two) and added to `ServiceAccount` objects to automatically configure it for Vault access. The value of the annotation must be the name of the target database connection in the Vault configuration. | `auto-configure`
- `--dynamic-db-credentials-annotation` | The annotation that must be appended to the `--annotation-prefix` value (with a `/` as a separator between the two) and added to `ServiceAccount` objects to automatically configure it for having access to generate dynamic database credentials. The value of the annotation must be `"true"`, any other value will be ignored. | `db-dynamic-creds`
+ `--auto-configuredb-creds-annotation` | The annotation that must be appended to the `--annotation-prefix` value (with a `/` as a separator between the two) and added to `ServiceAccount` objects to automatically configure it for having access to generate dynamic database credentials. The value of the annotation must be `"true"`, any other value will be ignored. | `db-dynamic-creds`
  `--bound-roles-to-all-namespaces` | Set `bound_service_account_namespaces` to `'*'` instead of the service account's namespace. | `false`
  `--token-ttl` | Value to set roles' `token_ttl` to | `5m`
 

diff --git a/docs/_config.yml b/docs/_config.yml
@@ -0,0 +1 @@
+theme: jekyll-theme-hacker
diff --git a/docs/index.md b/docs/index.md
@@ -0,0 +1,24 @@
+# vault-dynamic-configuration-operator
+
+![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square)
+
+Vault dynamic configuration operator
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| defaultConfiguration | object | `{"dbDefaultTTL":"1h","dbMaxTTL":"24h","dbUserCreationStatement":"CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}'; GRANT ALL ON *.* TO '{{name}}'@'%';","policyTemplate":"path \"secret/{{ .Name }}\" {\n  capabilities = [\"read\"]\n}\n"}` | The values to be used for the default `vault-dynamic-configuration` `ConfigMap`. |
+| defaultConfiguration.policyTemplate | string | `"path \"secret/{{ .Name }}\" {\n  capabilities = [\"read\"]\n}\n"` | Corresponds to the `policy-template` field of the default `ConfigMap`. |
+| flags.annotationPrefix | string | `"vault.patoarvizu.dev"` | The value to be set on the `--annotation-prefix` flag. |
+| flags.autoConfigureAnnotation | string | `"auto-configure"` |  |
+| flags.autoConfigureDBCredsAnnotation | string | `"db-dynamic-creds"` | The value to be set on the `--auto-configuredb-creds-annotation` flag. |
+| flags.boundRolesToAllNamespaces | bool | `false` | If set to `true` the `--bound-roles-to-all-namespaces` flag will be set. |
+| flags.targetVaultName | string | `"vault"` | The value to be set on the `--target-vault-name` flag. |
+| flags.tokenTTL | string | `"5m"` | The value to be set on the `--token-ttl` flag. |
+| imagePullPolicy | string | `"IfNotPresent"` | The imagePullPolicy to be used on the operator. |
+| imageVersion | string | `"latest"` | The image version used for the operator. |
+| prometheusMonitoring.enable | bool | `true` | Create the `Service` and `ServiceMonitor` objects to enable Prometheus monitoring on the operator. |
+| resources | object | `nil` | The resources requests/limits to be set on the deployment pod spec template. |
+| serviceAccount.name | string | `"vault-dynamic-configuration-operator"` | The name of the `ServiceAccount` to be created. |
+| watchNamespace | string | `""` | The value to be set on the `WATCH_NAMESPACE` environment variable. |
diff --git a/docs/index.yaml b/docs/index.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+entries:
+  vault-dynamic-configuration-operator:
+  - apiVersion: v1
+    created: "2020-09-15T00:15:34.791246-04:00"
+    description: Vault dynamic configuration operator
+    digest: 4075b880affe243dcf0e16d5b588489008a3ea1c55c4ec98a25a36ff96a2a6a9
+    name: vault-dynamic-configuration-operator
+    urls:
+    - https://patoarvizu.github.io/vault-dynamic-configuration-operator/vault-dynamic-configuration-operator-0.0.0.tgz
+    version: 0.0.0
+generated: "2020-09-15T00:15:34.790534-04:00"
diff --git a/docs/vault-dynamic-configuration-operator-0.0.0.tgz b/docs/vault-dynamic-configuration-operator-0.0.0.tgz
diff --git a/helm/vault-dynamic-configuration-operator/templates/deployment.yaml b/helm/vault-dynamic-configuration-operator/templates/deployment.yaml
@@ -21,8 +21,12 @@ spec:
         - /manager
         args:
         - --enable-leader-election
-        - --annotation-prefix={{ .Values.annotationPrefix }}
-        {{- if .Values.boundRolesToAllNamespaces }}
+        - --annotation-prefix={{ .Values.flags.annotationPrefix }}
+        - --target-vault-name={{ .Values.flags.targetVaultName }}
+        - --auto-configure-annotation={{ .Values.flags.autoConfigureAnnotation }}
+        - --auto-configuredb-creds-annotation={{ .Values.flags.autoConfigureDBCredsAnnotation }}
+        - --token-ttl={{ .Values.flags.tokenTTL }}
+        {{- if .Values.flags.boundRolesToAllNamespaces }}
         - --bound-roles-to-all-namespaces
         {{- end }}
         image: patoarvizu/vault-dynamic-configuration-operator:{{ .Values.imageVersion }}

diff --git a/helm/vault-dynamic-configuration-operator/values.yaml b/helm/vault-dynamic-configuration-operator/values.yaml
@@ -1,7 +1,16 @@
-# annotationPrefix -- The value to be set on the `--annotation-prefix` flag.
-annotationPrefix: vault.patoarvizu.dev
-# boundRolesToAllNamespaces -- If set to `true` the `--bound-roles-to-all-namespaces` flag will be set.
-boundRolesToAllNamespaces: false
+flags:
+  # flags.annotationPrefix -- The value to be set on the `--annotation-prefix` flag.
+  annotationPrefix: vault.patoarvizu.dev
+  # flags.boundRolesToAllNamespaces -- If set to `true` the `--bound-roles-to-all-namespaces` flag will be set.
+  boundRolesToAllNamespaces: false
+  # flags.targetVaultName -- The value to be set on the `--target-vault-name` flag.
+  targetVaultName: vault
+  # flags.autoConfigureAnnotations -- The value to be set on the `--auto-configure-annotation` flag.
+  autoConfigureAnnotation: auto-configure
+  # flags.autoConfigureDBCredsAnnotation -- The value to be set on the `--auto-configuredb-creds-annotation` flag.
+  autoConfigureDBCredsAnnotation: db-dynamic-creds
+  # flags.tokenTTL -- The value to be set on the `--token-ttl` flag.
+  tokenTTL: 5m
 # imageVersion -- The image version used for the operator.
 imageVersion: latest
 # imagePullPolicy -- The imagePullPolicy to be used on the operator.