fix: refactory deployment + add values for tests

Author: genofire

.github/workflows/lint-test.yaml

@@ -38,5 +38,5 @@ jobs:
         run: |
           namespace=authentik-$(uuidgen)
           kubectl create ns $namespace
-          kubectl apply -n $namespace -f charts/authentik/ci/manfiests/
+          kubectl apply -n $namespace -f charts/authentik/ci/manifests/
           ct install --namespace=$namespace --config ct.yaml

charts/authentik/ci/ct-values.yaml

@@ -36,5 +36,12 @@ redis:
     enabled: true
     password: au7h3n71k
 
+serviceAccount:
+  create: true
+
+sidecar:
+  blueprints:
+    enabled: true
+
 blueprints:
   - authentik-ci-blueprint

charts/authentik/ci/manifests/blueprint-sidecar.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: authentik-ci-blueprint-sidecar
+  labels:
+    goauthentik_blueprint: "1"
+data:
+  test.yaml: |-
+    version: 1
+    metadata:
+      name: sidecar-test
+    entries: []

charts/authentik/ci/manfiests/blueprint.yaml charts/authentik/ci/manifests/blueprint.yaml

@@ -1,36 +1,36 @@
-{{- range list "server" "worker" }}
+{{- range $component := list "server" "worker" }}
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ printf "%s-%s" (include "common.names.fullname" $) . }}
   labels:
     {{- include "common.labels" $ | nindent 4 }}
-    app.kubernetes.io/component: "{{ . }}"
+    app.kubernetes.io/component: "{{ $component }}"
 spec:
-  {{ if eq . "server" -}}
+  {{- if eq . "server" }}
   replicas: {{ $.Values.replicas }}
-  {{- else -}}
+  {{- else }}
   replicas: {{ $.Values.worker.replicas }}
   {{- end }}
   selector:
     matchLabels:
       {{- include "common.labels.selectorLabels" $ | nindent 6 }}
-      app.kubernetes.io/component: "{{ . }}"
+      app.kubernetes.io/component: "{{ $component }}"
   template:
     metadata:
       labels:
         {{- include "common.labels.selectorLabels" $ | nindent 8 }}
-        app.kubernetes.io/component: "{{ . }}"
+        app.kubernetes.io/component: "{{ $component }}"
         app.kubernetes.io/version: "{{ $.Values.image.tag }}"
-      {{- if $.Values.podAnnotations }}
+      {{- with $.Values.podAnnotations }}
       annotations:
-        {{- toYaml $.Values.podAnnotations | nindent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      {{- if $.Values.image.pullSecrets }}
+      {{- with $.Values.image.pullSecrets }}
       imagePullSecrets:
-        {{- toYaml $.Values.image.pullSecrets | nindent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- if $.Values.serviceAccount.create }}
       serviceAccountName: {{ include "common.names.fullname" $ }}
@@ -60,20 +60,25 @@ spec:
         {{- end }}
         {{- tpl (toYaml $initContainers) $ | nindent 8 }}
       {{- end }}
-      {{ if eq . "server" -}}
+      {{- if eq $component "server" }}
       priorityClassName: {{ $.Values.priorityClassName }}
+      {{- with $.Values.securityContext }}
       securityContext:
-        {{- toYaml $.Values.securityContext | nindent 8 }}
-      {{- else -}}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- else }}
       priorityClassName: {{ $.Values.worker.priorityClassName }}
+      {{- with $.Values.worker.securityContext }}
       securityContext:
-        {{- toYaml $.Values.worker.securityContext | nindent 8 }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- end }}
       containers:
         - name: {{ $.Chart.Name }}
           image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}{{- if $.Values.image.digest -}}@{{ $.Values.image.digest }}{{- end -}}"
           imagePullPolicy: "{{ $.Values.image.pullPolicy }}"
-          args: [{{ quote . }}]
+          args:
+            - {{ $component | quote }}
           env:
             {{- range $k, $v := $.Values.env }}
             - name: {{ quote $k }}
@@ -85,31 +90,34 @@ spec:
               valueFrom:
                 {{- toYaml $val | nindent 16 }}
             {{- end }}
-            {{- with $.Values.envFrom }}
+          {{- with $.Values.envFrom }}
           envFrom:
-              {{- toYaml . | nindent 12 }}
-            {{- end }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+
           volumeMounts:
-          {{- if $.Values.geoip.enabled }}
+            {{- if $.Values.geoip.enabled }}
             - name: geoip-db
               mountPath: /geoip
-          {{- end }}
+            {{- end }}
+            
+            {{- if eq $component "worker" -}}
             {{- if $.Values.sidecar.blueprints.enabled }}
             - name: sidecar-blueprints
               mountPath: /blueprints/sidecar
             {{- end }}
-            {{- with $.Values.volumeMounts }}
-            {{- toYaml . | nindent 12 }}
-            {{- end }}
-      {{ if eq . "worker" -}}
-            {{- with $.Values.blueprints }}
-              {{- range $name := . }}
+            
+            {{- range $name := $.Values.blueprints }}
             - name: blueprints-{{ $name }}
               mountPath: /blueprints/mounted/{{ $name }}
-              {{- end }}
             {{- end }}
-      {{- end }}
-            {{- if eq . "server" }}
+            {{- end }}{{/* end worker */}}
+
+            {{- with $.Values.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+
+          {{- if eq $component "server" }}
           ports:
             - name: http
               containerPort: 9000
@@ -120,24 +128,25 @@ spec:
             - name: https
               containerPort: 9443
               protocol: TCP
-              {{- if $.Values.livenessProbe.enabled }}
-                {{- with omit $.Values.livenessProbe "enabled" }}
+          {{- with $.Values.livenessProbe }}
+          {{- if .enabled }}
           livenessProbe:
-                  {{- toYaml . | nindent 12 }}
-                {{- end }}
-              {{- end }}
-              {{- if $.Values.readinessProbe.enabled }}
-                {{- with omit $.Values.readinessProbe "enabled" }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- end }}
+          {{- with $.Values.readinessProbe }}
+          {{- if .enabled }}
           readinessProbe:
-                  {{- toYaml . | nindent 12 }}
-                {{- end }}
-              {{- end }}
-            {{- end }}
-            {{- with index $.Values.resources . }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- end }}
+          {{- end }}{{/* end server */}}
+
+          {{- with (get $.Values.resources $component) }}
           resources:
-              {{- toYaml . | nindent 12 }}
-            {{- end }}
-      {{- if $.Values.geoip.enabled }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- if $.Values.geoip.enabled }}
         - name: geoip-sidecar
           image: "{{ $.Values.geoip.image }}"
           env:
@@ -154,7 +163,8 @@ spec:
           volumeMounts:
             - name: geoip-db
               mountPath: /usr/share/GeoIP
-      {{- end }}
+        {{- end }}
+        {{- if eq $component "worker" }}
         {{- with $.Values.sidecar.blueprints }}
         {{- if .enabled }}
         - name: sidecar-blueprints
@@ -183,7 +193,8 @@ spec:
               mountPath: /blueprints/sidecar
         {{- end }}
         {{- end }}
-      {{- with $.Values.additionalContainers }}
+        {{- end }}{{/* end worker */}}
+        {{- with $.Values.additionalContainers }}
         {{- $additionalContainers := list }}
         {{- range $name, $container := . }}
           {{- if not $container.name -}}
@@ -194,24 +205,24 @@ spec:
         {{- tpl (toYaml $additionalContainers) $ | nindent 8 }}
       {{- end }}
       volumes:
-      {{- if $.Values.geoip.enabled }}
+        {{- if $.Values.geoip.enabled }}
         - name: geoip-db
           emptyDir: {}
-      {{- end }}
-      {{- if $.Values.sidecar.blueprints.enabled }}
+        {{- end }}
+        {{- if eq $component "worker" }}
+        {{- if $.Values.sidecar.blueprints.enabled }}
         - name: sidecar-blueprints
           emptyDir: {}
-      {{- end }}
-      {{- with $.Values.volumes }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{ if eq . "worker" -}}
-      {{- with $.Values.blueprints }}
-        {{- range $name := . }}
+        {{- end }}
+        {{- range $name := $.Values.blueprints }}
         - name: blueprints-{{ $name }}
           configMap:
             name: {{ $name }}
         {{- end }}
-      {{- end }}
-    {{- end }}
+        {{- end }}{{/* end worker */}}
+
+        {{- with $.Values.volumes }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        
 {{- end }}

charts/authentik/templates/deployment.yaml

@@ -1,8 +1,4 @@
-{{- if .Values.serviceAccount.create }}
-
-{{ include "common.serviceAccount" . }}
-
-{{- if .Values.sidecar.blueprints.enabled }}
+{{- if and .Values.serviceAccount.create .Values.sidecar.blueprints.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -25,5 +21,4 @@ subjects:
 - kind: ServiceAccount
   name: {{ include "common.names.fullname" . }}
   namespace: {{ .Release.Namespace }}
-{{- end }}
 {{- end }}

charts/authentik/templates/service-account.yaml

@@ -166,7 +166,7 @@ readinessProbe:
   periodSeconds: 10
 
 serviceAccount:
-  # -- Service account is needed for managed outposts
+  # -- Service account is needed for managed outposts and sidecar for blueprints
   create: true
   annotations: {}