From dc3e3004588977e12dfdf9ec2786e7cf67264675 Mon Sep 17 00:00:00 2001
From: Nithin Shekar Kuruba <nithinshekar.kuruba@gov.bc.ca>
Date: Mon, 13 May 2024 15:52:20 -0700
Subject: [PATCH] feat: helm chart for deploying saml-playground

---
 charts/saml-playground/Chart.yaml             |  5 +++
 charts/saml-playground/templates/_helpers.tpl | 32 +++++++++++++++
 .../saml-playground/templates/deployment.yaml | 40 +++++++++++++++++++
 .../templates/network-policy.yaml             | 20 ++++++++++
 charts/saml-playground/templates/route.yaml   | 23 +++++++++++
 charts/saml-playground/templates/service.yaml | 19 +++++++++
 charts/saml-playground/values.yaml            | 28 +++++++++++++
 7 files changed, 167 insertions(+)
 create mode 100644 charts/saml-playground/Chart.yaml
 create mode 100644 charts/saml-playground/templates/_helpers.tpl
 create mode 100644 charts/saml-playground/templates/deployment.yaml
 create mode 100644 charts/saml-playground/templates/network-policy.yaml
 create mode 100644 charts/saml-playground/templates/route.yaml
 create mode 100644 charts/saml-playground/templates/service.yaml
 create mode 100644 charts/saml-playground/values.yaml

diff --git a/charts/saml-playground/Chart.yaml b/charts/saml-playground/Chart.yaml
new file mode 100644
index 0000000..6d4f10c
--- /dev/null
+++ b/charts/saml-playground/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+name: saml-playground
+version: 1.0.0
+appVersion: 1.0.0
+description: SAML Playground built using NodeJS
diff --git a/charts/saml-playground/templates/_helpers.tpl b/charts/saml-playground/templates/_helpers.tpl
new file mode 100644
index 0000000..2d5c339
--- /dev/null
+++ b/charts/saml-playground/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "..name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "..fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "..chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/charts/saml-playground/templates/deployment.yaml b/charts/saml-playground/templates/deployment.yaml
new file mode 100644
index 0000000..2fdb04a
--- /dev/null
+++ b/charts/saml-playground/templates/deployment.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "..fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "..name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "..chart" . }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "..name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "..name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          ports:
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+          env:
+            {{- range $key, $val := .Values.env }}
+            - name: {{  $key | quote | upper }}
+              value: {{ $val | quote }}
+            {{- end }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/saml-playground/templates/network-policy.yaml b/charts/saml-playground/templates/network-policy.yaml
new file mode 100644
index 0000000..e16be3b
--- /dev/null
+++ b/charts/saml-playground/templates/network-policy.yaml
@@ -0,0 +1,20 @@
+# see https://docs.openshift.com/container-platform/4.7/networking/network_policy/multitenant-network-policy.html#nw-networkpolicy-multitenant-isolation_multitenant-network-policy
+# only allow connections from the OpenShift Container Platform Ingress Controller.
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-openshift-ingress-{{ include "..name" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "..name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "..chart" . }}
+spec:
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/ingress: ""
+  podSelector: {}
+  policyTypes:
+    - Ingress
diff --git a/charts/saml-playground/templates/route.yaml b/charts/saml-playground/templates/route.yaml
new file mode 100644
index 0000000..d3aba7e
--- /dev/null
+++ b/charts/saml-playground/templates/route.yaml
@@ -0,0 +1,23 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ include "..fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "..name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "..chart" . }}
+  annotations:
+    haproxy.router.openshift.io/balance: roundrobin
+    haproxy.router.openshift.io/disable_cookies: 'true'
+    haproxy.router.openshift.io/timeout: 120s
+spec:
+  {{- if .Values.route.host }}
+  host: {{ .Values.route.host }}
+  {{- end }}
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: {{ include "..fullname" . }}
diff --git a/charts/saml-playground/templates/service.yaml b/charts/saml-playground/templates/service.yaml
new file mode 100644
index 0000000..a0297aa
--- /dev/null
+++ b/charts/saml-playground/templates/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "..fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "..name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "..chart" . }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      protocol: TCP
+      name: http
+      targetPort: http
+  selector:
+    app.kubernetes.io/name: {{ include "..name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/charts/saml-playground/values.yaml b/charts/saml-playground/values.yaml
new file mode 100644
index 0000000..4b28fe1
--- /dev/null
+++ b/charts/saml-playground/values.yaml
@@ -0,0 +1,28 @@
+replicaCount: 1
+
+image:
+  repository: ghcr.io/bcgov/pathfinder-sso/saml-playground
+  tag: dev
+  pullPolicy: Always
+
+nameOverride: saml-playground
+fullnameOverride: saml-playground
+
+service:
+  type: ClusterIP
+  port: 8080
+
+route:
+  host:
+
+env:
+  SERVER_HOST: 'localhost'
+  SERVER_PORT: 8080
+
+resources:
+  limits:
+    cpu: 50m
+    memory: 128Mi
+  requests:
+    cpu: 10m
+    memory: 64Mi