Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FlowForge helm: 1. Editors: service account. 2. Broker: propagate ingress. 3. README #148

Merged
merged 8 commits into from
Jul 31, 2023
Merged

FlowForge helm: 1. Editors: service account. 2. Broker: propagate ingress. 3. README #148

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
51a8c9b
FlowForge helm: 1. Editors: optional service account provisioning. 2.…
elenaviter Jul 6, 2023
3c60935
values.yaml: remove non-needed attribite editors.serviceAccount.names…
elenaviter Jul 6, 2023
1506a49
revert the default secrets in values.yaml
elenaviter Jul 6, 2023
7687f2b
Allow DB connection to use SSL
hardillb Jul 24, 2023
8272559
Add Docs
hardillb Jul 26, 2023
a8236e3
PR #148: add Editors.service account definition to values schema
elenaviter Jul 31, 2023
2c85d8a
PR #148: allow zero properties in annotations in Editors.service acco…
elenaviter Jul 31, 2023
046d6c2
PR #148: documenting forge.projectDeploymentTolerations in values schema
elenaviter Jul 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions helm/flowforge/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,3 +121,20 @@ Enables FlowForge Telemetry
### Ingress
- `ingress.annotations` ingress annotations (default is `{}`). This value is also applied to Editor instances created by FlowForge.
- `ingress.className` ingress class name (default is `"""`). This value is also applied to Editor instances created by FlowForge.

### Editors IAM
Provision default service account for Editors if `editors.serviceAccount.create` is `true`.

- `editors.serviceAccount.create` flag, indicates whether default Editors service account is going to be provisioned.
- `editors.serviceAccount.annotations` k8s service account annotations.
- `editors.serviceAccount.name` name of the service account for Editors.

Example for <i>AWS</i>:
```yaml
editors:
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/${ROLE_NAME}
create: true
name: editors
```
6 changes: 6 additions & 0 deletions helm/flowforge/templates/broker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,13 @@ metadata:
labels:
app: flowforge-broker
annotations:
{{- if .Values.ingress.annotations }}
{{- toYaml .Values.ingress.annotations | nindent 4 }}
{{- end }}
spec:
{{- if $.Values.ingress.className }}
ingressClassName: {{ $.Values.ingress.className }}
{{- end }}
rules:
- host: mqtt.{{ .Values.forge.domain }}
http:
Expand Down
4 changes: 4 additions & 0 deletions helm/flowforge/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@ spec:
- name: INGRESS_CLASS_NAME
value: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.editors.serviceAccount }}
- name: EDITOR_SERVICE_ACCOUNT
value: {{ .Values.editors.serviceAccount.name }}
{{- end }}
{{- if .Values.forge.projectDeploymentTolerations }}
- name: DEPLOYMENT_TOLERATIONS
value: {{ .Values.forge.projectDeploymentTolerations | toJson | quote }}
Expand Down
20 changes: 18 additions & 2 deletions helm/flowforge/templates/service-account.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,27 @@ metadata:
eks.amazonaws.com/sts-regional-endpoints: "true"
{{- end }}
{{- end }}


{{- if .Values.editors.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.editors.serviceAccount.name }}
namespace: {{ .Values.forge.projectNamespace }}
{{- with .Values.editors.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: create-pod
name: {{ .Release.Name }}-create-pod
rules:
- apiGroups: [""]
resources: ["pods", "pods/log", "pods/exec", "pods/status"]
Expand Down Expand Up @@ -45,5 +61,5 @@ subjects:
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: create-pod
name: {{ .Release.Name }}-create-pod
apiGroup: rbac.authorization.k8s.io
33 changes: 23 additions & 10 deletions helm/flowforge/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,17 @@
forge:
dbUsername: forge
dbPassword: Zai1Wied
dbPassword: ""
dbName: flowforge
localPostgresql: true
https: true
projectNamespace: flowforge
projectSelector:
role: projects

projectDeploymentTolerations: []
# - key: purpose
# operator: Equal
# value: flowforge-projects
# effect: NoSchedule
# - key: purpose
# operator: Equal
# value: flowforge-projects
# effect: NoSchedule
managementSelector:
role: management
telemetry:
Expand All @@ -32,17 +31,31 @@ forge:
type: postgres
host: flowforge-postgresql
username: forge
password: Zai1Wied
password: ""
database: ff-context
support:
enabled: false

domain: ""
entryPoint: ""
environment: {}
image: 355908013639.dkr.ecr.eu-west-1.amazonaws.com/flowforge/forge-k8s:1.5.0
registry: 355908013639.dkr.ecr.eu-west-1.amazonaws.com

postgresql:
postgresqlPostgresPassword: Moomiet0
postgresqlUsername: forge
postgresqlPassword: Zai1Wied
postgresqlDatabase: flowforge
postgresqlPassword: ""
postgresqlPostgresPassword: ""
postgresqlUsername: forge
global:
storageClass: default

ingress:
annotations: {}
className: ""

editors:
serviceAccount:
create: true
annotations: {}
name: editors