Ensure config disabled helm deployments still pull in appropriate sec…

…rets

There was a bug where the only way to ensure keycloak authentication was
enabled was to have config.configMap.KC_ENABLED defined, even when we are
not wanting to generate our own release-scoped config map. This fix adds in
a feature toggle to declare authentication mode intent independent of the
configuration.

Signed-off-by: Jeremy Ho <[email protected]>

.github/environments/values.dev.yaml

@@ -1,4 +1,7 @@
 ---
+features:
+  authentication: true
+
 config:
   enabled: true
   configMap:

.github/environments/values.pr.yaml

@@ -1,4 +1,7 @@
 ---
+features:
+  authentication: true
+
 persistentVolumeClaim:
   enabled: false
 

.github/environments/values.prod.yaml

@@ -1,4 +1,7 @@
 ---
+features:
+  authentication: true
+
 config:
   enabled: true
   configMap:

.github/environments/values.test.yaml

@@ -1,4 +1,7 @@
 ---
+features:
+  authentication: true
+
 config:
   enabled: true
   configMap:

charts/cdogs/Chart.yaml

@@ -3,7 +3,7 @@ name: common-document-generation-service
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
+version: 0.0.2
 kubeVersion: ">= 1.13.0"
 description: A microservice for merging JSON data into xml-based templates (powered by Carbone.io)
 # A chart can be either an 'application' or a 'library' chart.

charts/cdogs/README.md

@@ -1,6 +1,6 @@
 # common-document-generation-service
 
-![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.2](https://img.shields.io/badge/AppVersion-2.4.2-informational?style=flat-square)
+![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.2](https://img.shields.io/badge/AppVersion-2.4.2-informational?style=flat-square)
 
 A microservice for merging JSON data into xml-based templates (powered by Carbone.io)
 
@@ -35,6 +35,7 @@ Kubernetes: `>= 1.13.0`
 | config.enabled | bool | `false` |  |
 | config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false |
 | failurePolicy | string | `"Retry"` |  |
+| features.authentication | bool | `false` | Specifies whether to run in authenticated mode |
 | fluentBit.config.aws.defaultRegion | string | `"ca-central-1"` | AWS Kinesis default region |
 | fluentBit.config.aws.kinesisStream | string | `"nress-prod-iit-logs"` | AWS Kinesis stream name |
 | fluentBit.config.aws.roleArn | string | `nil` | AWS Kinesis role ARN |

charts/cdogs/templates/deploymentconfig.yaml

@@ -59,7 +59,7 @@ spec:
           env:
             - name: NODE_ENV
               value: production
-            {{- if .Values.config.configMap.KC_ENABLED }}
+            {{- if or .Values.features.authentication .Values.config.configMap.KC_ENABLED }}
             - name: KC_CLIENTID
               valueFrom:
                 secretKeyRef:

charts/cdogs/values.yaml

@@ -158,6 +158,10 @@ config:
     UPLOAD_FILE_COUNT: "1"
     UPLOAD_FILE_SIZE: 25MB
 
+features:
+  # -- Specifies whether to run in authenticated mode
+  authentication: false
+
 # Modify the following variables if you need to acquire secret values from a custom-named resource
 awsSecretOverride:
   # -- AWS Kinesis username - used by fluent-bit