feat(bootstrap): add azure workload identity chart (#823)

* feat(bootstrap): add azure workload identity chart

Signed-off-by: David van der Spek <[email protected]>

* remove bootstrap operator

Signed-off-by: David van der Spek <[email protected]>

---------

Signed-off-by: David van der Spek <[email protected]>

Author: davidspek

bootstrap/helm/bootstrap-operator/.helmignore renamed to bootstrap/helm/azure-workload-identity/.helmignore

@@ -0,0 +1,6 @@
+dependencies:
+- name: workload-identity-webhook
+  repository: https://azure.github.io/azure-workload-identity/charts
+  version: 1.1.0
+digest: sha256:2d27ad7632a460471478fbbd516bbce6e57835a5ad799557f5f0137c203a17d8
+generated: "2023-08-24T11:40:44.446348+02:00"

bootstrap/helm/azure-workload-identity/Chart.lock

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: azure-workload-identity
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.2
+appVersion: "v1.1.0"
+dependencies:
+- name: workload-identity-webhook
+  version: 1.1.0
+  repository: https://azure.github.io/azure-workload-identity/charts
+  condition: workload-identity-webhook.enabled

bootstrap/helm/azure-workload-identity/Chart.yaml

@@ -0,0 +1,3 @@
+# Azure Workload Identity
+
+Configures Azure Workload Identity to securely assume Azure credentials in-cluster.

bootstrap/helm/azure-workload-identity/README.md

@@ -0,0 +1,6 @@
+apiVersion: plural.sh/v1alpha1
+kind: Dependencies
+metadata:
+  description: installs the open source solution for azure workload identity
+spec:
+  dependencies: []

bootstrap/helm/azure-workload-identity/charts/workload-identity-webhook-1.1.0.tgz

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "bootstrap-operator.name" -}}
+{{- define "azure-workload-identity-plural.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "bootstrap-operator.fullname" -}}
+{{- define "azure-workload-identity-plural.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "bootstrap-operator.chart" -}}
+{{- define "azure-workload-identity-plural.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "bootstrap-operator.labels" -}}
-helm.sh/chart: {{ include "bootstrap-operator.chart" . }}
-{{ include "bootstrap-operator.controllerSelectorLabels" . }}
+{{- define "azure-workload-identity-plural.labels" -}}
+helm.sh/chart: {{ include "azure-workload-identity-plural.chart" . }}
+{{ include "azure-workload-identity-plural.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,18 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "bootstrap-operator.controllerSelectorLabels" -}}
-app.kubernetes.io/name: {{ include "bootstrap-operator.name" . }}-controller
+{{- define "azure-workload-identity-plural.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "azure-workload-identity-plural.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
-
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "bootstrap-operator.serviceAccountName" -}}
+{{- define "azure-workload-identity-plural.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "bootstrap-operator.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "azure-workload-identity-plural.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

bootstrap/helm/azure-workload-identity/deps.yaml

@@ -0,0 +1,13 @@
+workload-identity-webhook:
+  enabled: true
+  image:
+    repository: mcr.microsoft.com/oss/azure/workload-identity/webhook
+    pullPolicy: IfNotPresent
+    release: v1.1.0
+  resources:
+    limits:
+      cpu: 100m
+      memory: 30Mi
+    requests:
+      cpu: 100m
+      memory: 20Mi

bootstrap/helm/bootstrap-operator/templates/_helpers.tpl renamed to bootstrap/helm/azure-workload-identity/templates/_helpers.tpl

@@ -0,0 +1,2 @@
+workload-identity-webhook:
+  azureTenantID: {{ .Context.TenantId }}