diff --git a/charts/openfga/Chart.yaml b/charts/openfga/Chart.yaml index 8ff2a34..a2637de 100644 --- a/charts/openfga/Chart.yaml +++ b/charts/openfga/Chart.yaml @@ -3,8 +3,8 @@ name: openfga description: A Kubernetes Helm chart for the OpenFGA project. type: application -version: 0.2.13 -appVersion: "v1.6.0" +version: 0.2.18 +appVersion: "v1.8.1" home: "https://openfga.github.io/helm-charts" icon: https://github.com/openfga/community/raw/main/brand-assets/icon/color/openfga-icon-color.svg diff --git a/charts/openfga/README.md b/charts/openfga/README.md index f796056..6c11bab 100644 --- a/charts/openfga/README.md +++ b/charts/openfga/README.md @@ -15,12 +15,29 @@ $ helm repo add openfga https://openfga.github.io/helm-charts $ helm install openfga openfga/openfga ``` -This will deploy a 3-replica deployment of OpenFGA on the Kubernetes cluster using the default configurations for OpenFGA. For more information on the default values, please see the official [OpenFGA documentation](https://openfga.dev/docs/getting-started/setup-openfga/docker#configuring-the-server). The [Parameters](#parameters) section below lists the parameters that can be configured during installation. +This will deploy a 3-replica deployment of OpenFGA on the Kubernetes cluster using the default configurations for OpenFGA. For more information on the default values, please see the official [OpenFGA documentation](https://openfga.dev/docs/getting-started/setup-openfga/docker#configuring-the-server). The [Chart Parameters](#chart-parameters) section below lists the parameters that can be configured during installation. > **Tip**: List all releases using `helm list` +## Customization +If you wish to customize the OpenFGA deployment you may supply paremeters such as the ones listed in the [values.yaml](/charts/openfga/values.yaml). + +### Installing with Custom Common Labels +You can specify custom labels to insert into resources inline or via Values files: + +```sh +$ helm install openfga openfga/openfga \ + --set-json 'commonLabels={"app.example.com/domain": "example", "app.example.com/system": "permissions"}' +``` + +```yaml +commonLabels: + app.example.com/system: permissions + app.example.com/domain: example +``` + ### Installing with Postgres If you do not already have a Postgres deployment, you can deploy OpenFGA with Postgres with the following command: diff --git a/charts/openfga/templates/_helpers.tpl b/charts/openfga/templates/_helpers.tpl index 6abf573..3af9014 100644 --- a/charts/openfga/templates/_helpers.tpl +++ b/charts/openfga/templates/_helpers.tpl @@ -44,6 +44,9 @@ Common labels {{- define "openfga.labels" -}} helm.sh/chart: {{ include "openfga.chart" . }} {{ include "openfga.selectorLabels" . }} +{{- with .Values.commonLabels }} +{{ . | toYaml }} +{{- end }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} diff --git a/charts/openfga/templates/deployment.yaml b/charts/openfga/templates/deployment.yaml index cec8b73..635a4df 100644 --- a/charts/openfga/templates/deployment.yaml +++ b/charts/openfga/templates/deployment.yaml @@ -26,6 +26,9 @@ spec: prometheus.io/port: "{{ (split ":" .Values.telemetry.metrics.addr)._1 }}" labels: {{- include "openfga.selectorLabels" . | nindent 8 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -36,7 +39,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} {{ if or (and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations .Values.datastore.waitForMigrations) .Values.extraInitContainers }} initContainers: - {{- if and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations .Values.datastore.waitForMigrations }} + {{- if and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations .Values.datastore.waitForMigrations (eq .Values.datastore.migrationType "job") }} - name: wait-for-migration securityContext: {{- toYaml .Values.securityContext | nindent 12 }} @@ -46,6 +49,44 @@ spec: resources: {{- toYaml .Values.datastore.migrations.resources | nindent 12 }} {{- end }} + {{- if and (has .Values.datastore.engine (list "postgres" "mysql")) (eq .Values.datastore.migrationType "initContainer") }} + - name: migrate-database + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + args: [ "migrate" ] + env: + {{- if .Values.datastore.engine }} + - name: OPENFGA_DATASTORE_ENGINE + value: "{{ .Values.datastore.engine }}" + {{- end }} + {{- if .Values.datastore.uri }} + - name: OPENFGA_DATASTORE_URI + value: "{{ .Values.datastore.uri }}" + {{- else if .Values.datastore.uriSecret }} + - name: OPENFGA_DATASTORE_URI + valueFrom: + secretKeyRef: + name: "{{ .Values.datastore.uriSecret }}" + key: "uri" + {{- end }} + {{- if .Values.migrate.timeout }} + - name: OPENFGA_TIMEOUT + value: "{{ .Values.migrate.timeout }}" + {{- end }} + {{- with .Values.extraEnvVars }} + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.datastore.migrations.resources | nindent 12 }} + {{- with .Values.migrate.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.migrate.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.migrate.sidecars "context" $) | nindent 8 }} + {{- end }} + {{- end }} {{- with .Values.extraInitContainers }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/openfga/templates/job.yaml b/charts/openfga/templates/job.yaml index a2deb14..3e1861f 100644 --- a/charts/openfga/templates/job.yaml +++ b/charts/openfga/templates/job.yaml @@ -1,4 +1,4 @@ -{{- if and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations -}} +{{- if and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations (eq .Values.datastore.migrationType "job") -}} apiVersion: batch/v1 kind: Job metadata: diff --git a/charts/openfga/values.schema.json b/charts/openfga/values.schema.json index d002147..9ec52d9 100644 --- a/charts/openfga/values.schema.json +++ b/charts/openfga/values.schema.json @@ -61,6 +61,11 @@ }, "additionalProperties": false }, + "commonLabels": { + "type": "object", + "description": "Common labels to apply to OpenFGA resources", + "default": {} + }, "fullnameOverride": { "type": "string", "description": "Overrides the default fully qualified app name", @@ -329,9 +334,21 @@ }, "applyMigrations": { "type": "boolean", - "description": "enable/disable the job that runs migrations in the datastore", + "description": "enable/disable the running of migrations in the datastore", "default": true }, + "migrationType": { + "type": [ + "string", + "null" + ], + "description": "how the migrations will be run", + "default": "job", + "enum": [ + "job", + "initContainer" + ] + }, "waitForMigrations": { "type": "boolean", "description": "wait for migrations to complete before starting the server", diff --git a/charts/openfga/values.yaml b/charts/openfga/values.yaml index ad24d52..9748826 100644 --- a/charts/openfga/values.yaml +++ b/charts/openfga/values.yaml @@ -9,6 +9,13 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +# Specify additional labels to apply to OpenFGA resources +# Usage example: +# commonLabels: +# app.example.com/system: permissions +# app.example.com/domain: example +commonLabels: {} + serviceAccount: # Specifies whether a service account should be created create: true