ordered alphabetically the spec of the main deployment yaml template …

…for ease of finding a section. Also ordered alphabetically the `values.yaml` file. minor improvements to the documentation suggested by PR review Signed-off-by: Alfredo Gutierrez <[email protected]>
hashgraph · Apr 2, 2024 · 1f4cd60 · 1f4cd60
1 parent 1896c9a
commit 1f4cd60
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 62 deletions.
diff --git a/charts/auth-layer-proxy/README.md b/charts/auth-layer-proxy/README.md
@@ -3,8 +3,6 @@
 This chart deploys the HederaTheGraph (HTG) Authentication Layer Proxy to your Kubernetes cluster.
 Is based on the project [auth-layer-proxy](link) and is a proxy that adds authentication to the requests made to the TheGraph Admin API.
 
-## Prerequisites
-
 ## Prerequisites
 - Minikube or a Kubernetes cluster [(more here)](https://minikube.sigs.k8s.io/docs/start/)
 - Helm 3 [(install instructions here)](https://helm.sh/docs/intro/install/)
@@ -46,5 +44,4 @@ The following table lists the configurable parameters of the chart and their def
 | `configEnv.CLIENT_SECRET` | OAuth Client Secret, provided by the auth server | `` |
 | `configEnv.TOKEN_INTROSPECTION_URL` | OAuth Token Introspection URL, provided by the auth server | `http://host.docker.internal:8080/realms/HederaTheGraph/protocol/openid-connect/token/introspect` |
 
-Is important to note that if the downstream service that we are protecting, in this case TheGraph, will be accessed by the proxy using a FQDN, the `SERVICE_TYPE` should be set to `LOGICAL_DNS` and the `SERVICE_ADDRESS` should be set to the FQDN of the service, otherwise, if the downstream service is accessed by the proxy using an IP address, the `SERVICE_TYPE` should be set to `STATIC` and the `SERVICE_ADDRESS` should be set to the IP address of the service.
-
+It is important to note that if the downstream service that we are protecting (in this case TheGraph) will be accessed by the proxy using a FQDN, the `SERVICE_TYPE` should be set to `LOGICAL_DNS` and the `SERVICE_ADDRESS` should be set to the FQDN of the service. Otherwise, if the downstream service is accessed by the proxy using an IP address, the `SERVICE_TYPE` should be set to `STATIC` and the `SERVICE_ADDRESS` should be set to the IP address of the service.
diff --git a/charts/auth-layer-proxy/templates/deployment.yaml b/charts/auth-layer-proxy/templates/deployment.yaml
@@ -18,49 +18,42 @@ spec:
       labels:
         {{- include "auth-layer-proxy.selectorLabels" . | nindent 8 }}
     spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "auth-layer-proxy.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      affinity:
+        {{- toYaml .Values.affinity | nindent 8 }}
       containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tagPrefix }}{{ .Values.image.tag | default .Chart.AppVersion }}"
-          command: {{ .Values.command }}
+        - command: {{ .Values.command }}
           envFrom:
             - configMapRef:
                 name: {{ include "auth-layer-proxy.fullname" . }}-env
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tagPrefix }}{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: proxy
-              containerPort: {{ .Values.configEnv.PROXY_PORT }}
-              protocol: TCP
-            - name: admin
-              containerPort: {{ .Values.configEnv.ENVOY_ADMIN_PORT }}
-              protocol: TCP
           livenessProbe:
             httpGet:
               path: /server_info
               port: {{ .Values.configEnv.ENVOY_ADMIN_PORT }}
+          name: {{ .Chart.Name }}
+          ports:
+            - containerPort: {{ .Values.configEnv.PROXY_PORT }}
+              name: proxy
+              protocol: TCP
+            - containerPort: {{ .Values.configEnv.ENVOY_ADMIN_PORT }}
+              name: admin
+              protocol: TCP
           readinessProbe:
             httpGet:
               path: /ready
               port: {{ .Values.configEnv.ENVOY_ADMIN_PORT }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+      imagePullSecrets:
+        {{- toYaml .Values.imagePullSecrets | nindent 8 }}
       nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
+        {{- toYaml .Values.nodeSelector | nindent 8 }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      serviceAccountName: {{ include "auth-layer-proxy.serviceAccountName" . }}
       tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- toYaml .Values.tolerations | nindent 8 }}
+
diff --git a/charts/auth-layer-proxy/values.yaml b/charts/auth-layer-proxy/values.yaml
@@ -1,52 +1,47 @@
-image:
-  repository: ghcr.io/hashgraph/hedera-the-graph
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tagPrefix: "auth-layer-proxy-"
-  tag: "main"
+affinity: {}
 
 command: ["/etc/envoy/start-envoy.sh"]
 
 configEnv:
-  # EnvoyProxy Configuration
-  SERVICE_TYPE: "LOGICAL_DNS"
-  SERVICE_ADDRESS: "host.docker.internal"
-  SERVICE_PORT: "8020"
-  ENVOY_ADMIN_PORT: "15000"
-  PROXY_PORT: "10000"
-  # OAuth
   CLIENT_ID: "htg-auth-layer"
   CLIENT_SECRET: "2IfFX7eqQvg2wY2hh1qjtS8RrUY9YqEg"
+  ENVOY_ADMIN_PORT: "15000"
+  PROXY_PORT: "10000"
+  SERVICE_ADDRESS: "host.docker.internal"
+  SERVICE_PORT: "8020"
+  SERVICE_TYPE: "LOGICAL_DNS"
   TOKEN_INTROSPECTION_URL: "http://host.docker.internal:8080/realms/HederaTheGraph/protocol/openid-connect/token/introspect"
 
+fullnameOverride: ""
+
+image:
+  pullPolicy: IfNotPresent
+  repository: ghcr.io/hashgraph/hedera-the-graph
+  tag: "main"
+  tagPrefix: "auth-layer-proxy-"
+
 imagePullSecrets: []
+
 nameOverride: ""
-fullnameOverride: ""
 
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
+nodeSelector: {}
 
 podAnnotations: {}
 
 podSecurityContext: {}
 
+resources: {}
+
 securityContext: {}
 
 service:
-  type: ClusterIP
-  proxyPort: 10000
   adminPort: 15000
+  proxyPort: 10000
+  type: ClusterIP
 
-resources: {}
-
-nodeSelector: {}
+serviceAccount:
+  annotations: {}
+  create: true
+  name: ""
 
 tolerations: []
-
-affinity: {}