From aa8b994eec164b29bb53084615ec1f6c6c671972 Mon Sep 17 00:00:00 2001
From: Laszlo Rafael <rlacko99@gmail.com>
Date: Sun, 21 Aug 2022 20:03:05 +0200
Subject: [PATCH] Update config

---
 infra/dex-authenticator/Chart.lock            |   2 +-
 infra/dex-authenticator/Chart.yaml            |   2 +-
 .../templates/deployment.yaml                 |   1 +
 .../dex-authenticator/templates/_helpers.tpl  |  85 ++++++++++++++++++
 .../templates/docker-secret.yaml              |   9 ++
 infra/dex-authenticator/values.yaml           |  17 ++--
 infra/dex-authenticator/values.yaml.secret    | Bin 1041 -> 736 bytes
 7 files changed, 106 insertions(+), 10 deletions(-)
 create mode 100644 infra/dex-authenticator/templates/_helpers.tpl
 create mode 100644 infra/dex-authenticator/templates/docker-secret.yaml

diff --git a/infra/dex-authenticator/Chart.lock b/infra/dex-authenticator/Chart.lock
index 589392a..cbc55d3 100644
--- a/infra/dex-authenticator/Chart.lock
+++ b/infra/dex-authenticator/Chart.lock
@@ -1,3 +1,3 @@
 dependencies: []
 digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2022-06-15T11:17:58.845438944+02:00"
+generated: "2022-08-21T19:46:04.793152788+02:00"
diff --git a/infra/dex-authenticator/Chart.yaml b/infra/dex-authenticator/Chart.yaml
index 67b2fee..3dc6a83 100644
--- a/infra/dex-authenticator/Chart.yaml
+++ b/infra/dex-authenticator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 
-name: Dex Authenticator
+name: dex-authenticator
 description: Dex Authenticator
 
 version: 1.0.0
diff --git a/infra/dex-authenticator/charts/dex-k8s-authenticator/templates/deployment.yaml b/infra/dex-authenticator/charts/dex-k8s-authenticator/templates/deployment.yaml
index 6a0bcb7..df6a955 100644
--- a/infra/dex-authenticator/charts/dex-k8s-authenticator/templates/deployment.yaml
+++ b/infra/dex-authenticator/charts/dex-k8s-authenticator/templates/deployment.yaml
@@ -30,6 +30,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
     spec:
+      priorityClassName: "infra-addon"
       containers:
       - name: {{ .Chart.Name }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
diff --git a/infra/dex-authenticator/templates/_helpers.tpl b/infra/dex-authenticator/templates/_helpers.tpl
new file mode 100644
index 0000000..2fd4121
--- /dev/null
+++ b/infra/dex-authenticator/templates/_helpers.tpl
@@ -0,0 +1,85 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "dex-authenticator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "dex-authenticator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "dex-authenticator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "dex-authenticator.labels" -}}
+helm.sh/chart: {{ include "dex-authenticator.chart" . }}
+{{ include "dex-authenticator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "dex-authenticator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "dex-authenticator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "dex-authenticator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "dex-authenticator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+  Generate the .dockerconfigjson file unencoded.
+*/}}
+{{- define "dockerconfigjson.b64dec" }}
+  {{- print "{\"auths\":{" }}
+  {{- range $index, $item := .Values.imageCredentials }}
+    {{- if $index }}
+      {{- print "," }}
+    {{- end }}
+    {{- printf "\"%s\":{\"auth\":\"%s\"}" (default "https://index.docker.io/v1/" $item.registry) (printf "%s:%s" $item.username $item.accessToken | b64enc) }}
+  {{- end }}
+  {{- print "}}" }}
+{{- end }}
+
+{{/*
+  Generate the base64-encoded .dockerconfigjson.
+  See https://github.com/helm/helm/issues/3691#issuecomment-386113346
+*/}}
+{{- define "dockerconfigjson.b64enc" }}
+  {{- include "dockerconfigjson.b64dec" . | b64enc }}
+{{- end }}
diff --git a/infra/dex-authenticator/templates/docker-secret.yaml b/infra/dex-authenticator/templates/docker-secret.yaml
new file mode 100644
index 0000000..82c4613
--- /dev/null
+++ b/infra/dex-authenticator/templates/docker-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "harbor"
+  labels:
+    {{- include "dex-authenticator.labels" . | nindent 4 }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "dockerconfigjson.b64enc" . }}
diff --git a/infra/dex-authenticator/values.yaml b/infra/dex-authenticator/values.yaml
index 9e36247..139ae0d 100644
--- a/infra/dex-authenticator/values.yaml
+++ b/infra/dex-authenticator/values.yaml
@@ -1,3 +1,5 @@
+dockerconfigjson: {} # Set in values.yaml.secret
+
 dex-k8s-authenticator:
   global:
     deployEnv: prod
@@ -8,9 +10,9 @@ dex-k8s-authenticator:
     repository: harbor.sch.bme.hu/kszk/dex-k8s-authenticator
     tag: latest
     pullPolicy: Always
-  
+
   imagePullSecrets:
-    - name: harbor-kszk
+    - name: harbor
 
   dexK8sAuthenticator:
     port: 5555
@@ -27,16 +29,15 @@ dex-k8s-authenticator:
     annotations:
       cert-manager.io/cluster-issuer: letsencrypt-prod
       kubernetes.io/ingress.class: nginx
-      kubernetes.io/tls-acme: 'true'
+      kubernetes.io/tls-acme: "true"
     hosts:
       - host: login.k8s-02.sch.bme.hu
         paths:
           - path: /
             pathType: ImplementationSpecific
     tls:
-    - secretName: dex-authenticator-cert
-      hosts:
-        - login.k8s-02.sch.bme.hu
-
+      - secretName: dex-authenticator-cert
+        hosts:
+          - login.k8s-02.sch.bme.hu
 
-  resources: {}
\ No newline at end of file
+  resources: {}
diff --git a/infra/dex-authenticator/values.yaml.secret b/infra/dex-authenticator/values.yaml.secret
index 221592c004e0b1cc7a5c4466ee80f25234637198..ca67d2e6dbc4dbf02f23efc8e975fe2f460b0ba4 100644
GIT binary patch
literal 736
zcmZQ@_Y83kiVO&0*!?ZOq<51@%ENCx8@M@UADU$SZS(ST73#mIDDB$6Q!Sxqr#ida
z%^Mr?9CrmQEl*|VxUF0#|7zpuGkOYJ3}z}sDDUX!3p<kHc<1rU`_C-pX8BdTSzBwE
zwQQ&Tc8i4MwAZhrKOJJ5e#tBPvtQM>lBg}R>(4#-?Z3{LZ(;Ex&D1EFOHZ@kZxFN9
zdLO<jFD`2$2Uo$Oy1<V!0y;IzWxuWCcbKr!brFxp|M_-nyN;CK-!fs^>c=(Li%p(e
zZZV%;Ipd$``{jlgO{{oJmrOosVyzY0%KVGTbLY$a*hW*G{J#ss83f~A7~Q!0A=WhL
zVZ8O+6`3rX@^)$QZf<s$aCjM##pfCFlWVDS?G>wY4fpRFhZ(cXp0H|nf7f4s@yCa)
z{xjv)Bxg+S^m%tRI{&H0>V(prOFH%D&Ytl5Sb~7J)pXH(h6O(t8wIw`JIVGwiQh)w
z)OhJlj%gCrp39p0N|yyQe9zX8v32;S*4X_k+3xm-Z)v_QHlI>09u@W&atpH>H@`in
zX)CpJxl)!`3fG}qpP2W}S>Zk{GqK}SG2eq}9g$O99sd+N2e&!xdHwyfPsu!)$pz*Q
z8`XCo;aU19;nc63W2>X(^MZf<nzVsqV%Iu`y~;KZ);&9TZ-roEO?fTX0Ta(>%^_37
z%3PQZv@icqvRCAF{kdx!J6}e95PMQ^NN>f1BR*=6XI@bG&^kp?Is3!(Khv+-emNHU
zBkK8kmDKfu-yS9IU2IYncJ0H;gEKc28%uZ3lYCe%rhB|ifVEpMmeWy*YuB<@o2w=$
z7$-dFFFtJ1)YOn$rNjAA?*B#EZ?|{<x!mj-yrcErx#Z9LcAk!xeK)19ZPw|#G4FUb
z7)37Nzs7nuX45P028pDN&q75$F8r%Iv9{gd&ZlROGuPVY1vxZ5-x-`A$FuAAN3qv`
zIDM=?#0s;N`OMezx-#eIC3B{URWDBeG+h;0aJO_L!_5BW{o6O)I`Lw;whEK(f-6%2
D6GwA3

literal 1041
zcmZQ@_Y83kiVO&0IAwmIWtxJQEW?)6w9Cmp5BF|zPOaKD!P9+l-SmC=AFkRju|9k<
zmB+2t<Jp8=$IU)D{4Ab+ev!B8H-DXvSJ+C}RP@5`NJOT7_-m`|B>8h1Z$!)vhg;5F
z*Y7cf`u2LXv9qsLV-3tdD-(8T%DlcDu1Qm4!d_nAd|x-Iu5{g|@@Gxoz8%}eIP3It
zxt?p+Z5ZY<u{)<|*;(f&34MKb?X$(jCyfh#P5ih0!xok-^#zPOHD8Ct8RqoQ;w!ke
z^~$jb<2v8PcU+IKuogagJnz{;OUK{0_vX%weesq1T<W|N?oRiF_s*&2>RT&&dwy+1
zc6vjqn@@F|_~m!ILd5Pw%t~u{mn;%Hdj-D+|F`uD`g4S?zwxnSmCa(kH^C-i>y(L#
zAGfS-yXcsBj78_)D$9FsXBCUxFLIyi7kK)FVVp?pO|F_BSF@)kDbDX`UvaG}t@)Z#
z>=MzGZPGlGPE3vW>=v8q{lM0yLgOTh_?$ac`+5rxb6@asp0RlQFU^7{`-)T;qL*G)
zn!tRwK}$NM@nY!Sw=L^WC;M){$LZN6vt04$%P?`a8_kOQ6RW$Qh^&2Y-_!gvZbqh1
zTlEfQ3HwdrX{NuJ{!QWTUK3a2sUP6z`lF~nv^D#}ge9NyzBlUsQxTgo-}>Rdqo1cJ
zhG<rAReTU~WXmem%b$`>JcV{U%ookLtyA1;C>{Pnjkjdae__9Tt`^p99DGX_-Cy+W
zZr&2-SnbOK%nY9U`A%+6FKZLpeQQhCN0xb4PMBZWRjupAEzY^&a{QtH&$d?`(+IMd
zAmJ+W=of?2jstGCx=;57e&9R*aAxOrmK=lj8~2yKwbl7~dHMzG|Ih2hmw%SNqG@<;
zC3k|5ho0r>wnUZ}$5>zZS4^vF&FRd&{7Xl@e*XST$0{v3?$@m4-066{=Ku3`#?^cq
zC(o<*WzBSnXz%!Dm;Y0-ig($mLqa=jR76{tCoJULAHllV?yp@!%U90B9a=IgC!JpV
zF2&xnD=O~a<Z|00rhF%#(`!{O7H3Qo58L}KC`SFD#gX0xJ+9G;3*^sP{(EqI_MN}>
zQimC4O)+kM^ZnKT8&b^M<zFAD2=1`wT^rM@Y`LP%&HlyJr(YEI+IaZP-=Fo|LnJJ6
zp4iKIPql0Ww?%tglKcFZxjSfj(J4WvJ134880NStoPNh)?J)c8f=3Cp*0#rZ51%h!
zXxCKV&2D6EnZt4Hj)Y{?Usv<*(jS;}C+wQ_-#YGPwQ;sd$5-na$(6A}tz734p3Yfh
zH%EU%qR70R1|OBeSaQ>~7u-(Wx4Jq-V#eO+;7?x-YvR8x=d_uen%_4)t(WbKs^rve
zpDpTV;@`1&7W`-GUi4+(s`dA$EZv;dRd#vxVuRmLe@uGt+*l;buITsc*UaI@>e4?$
Lv(}e1s(u6j;V1fF

-- 
GitLab