feat: release changes for version 0.4.11

Tiago Seabra · Tiago Seabra · commit ffaa2079c629 · 2024-12-06T18:09:52.000Z
diff --git a/deploy/helm/galaxy/README.md b/deploy/helm/galaxy/README.md
@@ -9,6 +9,12 @@ Rely Galaxy Framework Helm chart for Kubernetes
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Affinity settings for pod assignment |
+| clusterRole.annotations | object | `{}` |  |
+| clusterRole.apiGroups[0] | string | `"'*'"` |  |
+| clusterRole.name | string | `""` |  |
+| clusterRole.resources[0] | string | `"'*'"` |  |
+| clusterRoleBinding.annotations | object | `{}` |  |
+| clusterRoleBinding.name | string | `""` |  |
 | env | object | `{"RELY_API_TOKEN":null,"RELY_INTEGRATION_ID":null}` | Environment variables to be set in the container if not using external secrets |
 | env.RELY_API_TOKEN | string | `nil` | The API token for the Rely API |
 | env.RELY_INTEGRATION_ID | string | `nil` | The identifier of this integration instance |
@@ -26,7 +32,7 @@ Rely Galaxy Framework Helm chart for Kubernetes
 | integration.apiUrl | string | `"https://magneto.rely.io/"` | The url for the Rely API |
 | integration.daemonInterval | int | `60` | The interval in minutes at which the integration should run only required if the execution type is daemon |
 | integration.executionType | string | `"cronjob"` | The execution type of the integration can be either cronjob or daemon |
-| integration.type | string | `nil` | The type of the integration can be any of the following: pagerduty, github, gitlab, bitbucket, sonarqube, aws, opsgenie, gcp |
+| integration.type | string | `nil` | The type of the integration can be any of the following: pagerduty, github, gitlab, bitbucket, sonarqube, aws, opsgenie, gcp, flux |
 | nameOverride | string | `""` | Override the name of the chart |
 | nodeSelector | object | `{}` | Node labels for pod assignment |
 | podAnnotations | object | `{}` | The annotations to add to the pod |
@@ -37,8 +43,7 @@ Rely Galaxy Framework Helm chart for Kubernetes
 | securityContext | object | `{}` | The security context for the container |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
-| serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
-| serviceAccount.name | string | `""` | The name of the service account to use. -- If not set and create is true, a name is generated using the fullname template |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | tolerations | list | `[]` | Toleration labels for pod assignment |
 | volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. |
 | volumes | list | `[]` | Additional volumes on the output Deployment definition. |
diff --git a/deploy/helm/galaxy/templates/_helpers.tpl b/deploy/helm/galaxy/templates/_helpers.tpl
@@ -61,6 +61,20 @@ Create the name of the service account to use
 {{- end }}
 {{- end }}
 
+{{/*
+Create the name of the cluster role to use
+*/}}
+{{- define "galaxy-helm.clusterRoleName" -}}
+{{- default (include "galaxy-helm.fullname" .) .Values.clusterRole.name }}
+{{- end }}
+
+{{/*
+Create the name of the cluster role binding to use
+*/}}
+{{- define "galaxy-helm.clusterRoleBindingName" -}}
+{{- default (include "galaxy-helm.fullname" .) .Values.clusterRoleBinding.name }}
+{{- end }}
+
 {{/*
 Create a validation for required values
 */}}
diff --git a/deploy/helm/galaxy/templates/flux-alert.yaml b/deploy/helm/galaxy/templates/flux-alert.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.integration.type "flux" }}
+{{- range .Values.flux.namespaces }}
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Alert
+metadata:
+  name: {{ include "galaxy-helm.fullname" $ }}
+  namespace: {{ . }}
+spec:
+  providerRef:
+    name: {{ include "galaxy-helm.fullname" $ }}
+  eventSources:
+    - kind: Kustomization
+      name: '*'
+    - kind: HelmRelease
+      name: '*'
+{{- end }}
+{{- end }}
diff --git a/deploy/helm/galaxy/templates/flux-provider.yaml b/deploy/helm/galaxy/templates/flux-provider.yaml
@@ -0,0 +1,13 @@
+{{- if eq .Values.integration.type "flux" }}
+{{- range .Values.flux.namespaces }}
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta3
+kind: Provider
+metadata:
+  name: {{ include "galaxy-helm.fullname" $ }}
+  namespace: {{ . }}
+spec:
+  type: generic
+  address: http://{{ include "galaxy-helm.fullname" $ }}.{{ $.Release.Namespace }}.svc.cluster.local/flux/webhook
+{{- end }}
+{{- end }}
diff --git a/deploy/helm/galaxy/templates/service.yaml b/deploy/helm/galaxy/templates/service.yaml
@@ -0,0 +1,17 @@
+{{- $exec_mode := default "cronjob" .Values.integration.executionType }}
+{{- if eq $exec_mode "daemon" }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "galaxy-helm.fullname" . }}
+  labels:
+    {{- include "galaxy-helm.labels" . | nindent 4 }}
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 8000
+  selector:
+    {{- include "galaxy-helm.selectorLabels" . | nindent 4 }}
+  type: ClusterIP
+{{- end }}
diff --git a/deploy/helm/galaxy/templates/serviceaccount.yaml b/deploy/helm/galaxy/templates/serviceaccount.yaml
@@ -1,4 +1,5 @@
 {{- if .Values.serviceAccount.create -}}
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -10,4 +11,47 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  {{- with .Values.clusterRole.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "galaxy-helm.labels" . | nindent 4 }}
+  name: {{ include "galaxy-helm.clusterRoleName" . }}
+rules:
+  - apiGroups:
+      {{- range .Values.clusterRole.apiGroups  }}
+      - {{ . }}
+      {{- end }}
+    resources:
+      {{- range .Values.clusterRole.resources }}
+      - {{ . }}
+      {{- end }}
+    verbs:
+      - "get"
+      - "watch"
+      - "list"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  {{- with .Values.clusterRoleBinding.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "galaxy-helm.labels" . | nindent 4 }}
+  name: {{ include "galaxy-helm.clusterRoleBindingName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "galaxy-helm.clusterRoleName" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "galaxy-helm.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
 {{- end }}
diff --git a/deploy/helm/galaxy/values.yaml b/deploy/helm/galaxy/values.yaml
@@ -31,7 +31,7 @@ externalSecrets:
 # -- The configuration for the integration
 integration:
   # -- The type of the integration
-  # can be any of the following: pagerduty, github, gitlab, bitbucket, sonarqube, aws, opsgenie, gcp
+  # can be any of the following: pagerduty, github, gitlab, bitbucket, sonarqube, aws, opsgenie, gcp, flux
   type:
   # -- The execution type of the integration
   # can be either cronjob or daemon
@@ -66,13 +66,24 @@ fullnameOverride: ""
 
 serviceAccount:
   # serviceAccount.create -- Specifies whether a service account should be created
-  create: false
+  create: true
   # serviceAccount.automount -- Automatically mount a ServiceAccount's API credentials?
   automount: true
   # serviceAccount.annotations -- Annotations to add to the service account
   annotations: {}
   # serviceAccount.name -- The name of the service account to use.
   # -- If not set and create is true, a name is generated using the fullname template
+
+clusterRole:
+  annotations: {}
+  name: ""
+  apiGroups:
+    - "'*'"
+  resources:
+    - "'*'"
+
+clusterRoleBinding:
+  annotations: {}
   name: ""
 
 # podAnnotations -- The annotations to add to the pod
