Refactor Helm templates to configure LDAP/RBAC as OSS, remove Enterprise (v3.4)

.circleci/config.yml

@@ -84,10 +84,14 @@ jobs:
           name: Helm install stackstorm-ha chart
           command: helm install --timeout 10m0s --debug --wait --name-template stackstorm-ha .
       - run:
-          # once https://github.com/helm/community/pull/165 is merged we will need to add the parallelism flag back into the
-          # below command
           name: Helm test
           command: helm test stackstorm-ha
+      - run:
+          name: Helm upgrade with RBAC enabled
+          command: helm upgrade --set st2.rbac.enabled=true --timeout 5m0s --debug --wait stackstorm-ha .
+      - run:
+          name: Helm test with RBAC enabled
+          command: helm test stackstorm-ha
       - run:
           when: always
           name: Show created K8s resources

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## In Development
 * Change st2packs definition to a list, to support multiple st2packs containers (#166) (by @moonrail)
+* Enabled RBAC/LDAP configuration for OSS version, removed enterprise flags (#182) (by @hnanchahal)
 
 ## v0.52.0
 * Improve resource allocation and scheduling by adding resources requests cpu/memory values for st2 Pods (#179)

Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 # StackStorm version which refers to Docker images tag
-appVersion: 3.4dev
+appVersion: "3.4dev"
 name: stackstorm-ha
 version: 0.52.0
 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment.
@@ -25,7 +25,7 @@ maintainers:
     url: https://github.com/armab
 details:
   This Helm chart is a fully installable app that codifies StackStorm cluster deployment optimized for HA and K8s environment.
-  RabbitMQ-HA, MongoDB-HA clusters and coordination backend st2 relies on will be deployed as 3rd party chart dependencies.
+  RabbitMQ-HA, MongoDB-HA clusters and Redis coordination backend st2 relies on will be deployed as 3rd party chart dependencies.
   For configuration details please check default values.yaml and README.
 dependencies:
   - name: rabbitmq

templates/NOTES.txt

@@ -1,4 +1,4 @@
-Congratulations! You have just deployed StackStorm {{ if .Values.enterprise.enabled }}Enterprise {{ end }}HA!
+Congratulations! You have just deployed StackStorm HA!
 
   ███████╗████████╗██████╗     ██╗  ██╗ █████╗      ██████╗ ██╗  ██╗
   ██╔════╝╚══██╔══╝╚════██╗    ██║  ██║██╔══██╗    ██╔═══██╗██║ ██╔╝
@@ -11,20 +11,20 @@ Congratulations! You have just deployed StackStorm {{ if .Values.enterprise.enab
 {{- if contains "LoadBalancer" .Values.st2web.service.type }}
 
 NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-      Watch the status with "kubectl get service {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'"
+      Watch the status with "kubectl get service {{ .Release.Name }}-st2web -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'"
 
-export ST2WEB_IP=$(kubectl get service {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+export ST2WEB_IP=$(kubectl get service {{ .Release.Name }}-st2web -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
 echo https://${ST2WEB_IP}/
 
 {{- else if contains "ClusterIP" .Values.st2web.service.type }}
 
 echo http://127.0.0.1:8080
-kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }} 8080:80
+kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ .Release.Name }}-st2web 8080:80
 
 {{- else if contains "NodePort" .Values.st2web.service.type }}
 
 export ST2WEB_IP=$(minikube ip 2>/dev/null || kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-export ST2WEB_PORT="$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Release.Name }}-st2web{{ template "enterpriseSuffix" . }})"
+export ST2WEB_PORT="$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Release.Name }}-st2web)"
 echo http://${ST2WEB_IP}:${ST2WEB_PORT}/
 
 {{- end }}

templates/_helpers.tpl

@@ -3,27 +3,9 @@
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-# Image pull secret used to access private docker.stackstorm.com Docker registry with Enterprise images
-{{- define "imagePullSecret" }}
-{{- if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled -}}
-{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" "docker.stackstorm.com" (printf "%s:%s" .Values.enterprise.license .Values.enterprise.license | b64enc) | b64enc }}
-{{- end -}}
-{{- end }}
-
-# Generate support method used in labels. This is based on community/enterprise
-{{- define "supportMethod" -}}
-{{- if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled -}}
-enterprise
-{{- else -}}
-community
-{{- end -}}
-{{- end }}
-
-# Generate Docker image repository: Private 'docker.stackstorm.com' for Enterprise vs Public Docker Hub 'stackstorm' for FOSS version
+# Generate Docker image repository: Public Docker Hub 'stackstorm' for FOSS version
 {{- define "imageRepository" -}}
-{{- if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled -}}
-docker.stackstorm.com
-{{- else if .Values.image.repository -}}
+{{- if .Values.image.repository -}}
 {{ .Values.image.repository }}
 {{- else -}}
 stackstorm
@@ -37,11 +19,6 @@ Create the name of the stackstorm-ha service account to use
 {{- default .Chart.Name .Values.serviceAccount.serviceAccountName -}}
 {{- end -}}
 
-# Generate '-enterprise' suffix only when it's needed for resource names, docker images, etc
-{{- define "enterpriseSuffix" -}}
-{{ if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled }}-enterprise{{ end }}
-{{- end -}}
-
 # Generate '-' prefix only when the variable is defined
 {{- define "hyphenPrefix" -}}
 {{ if . }}-{{ . }}{{end}}
@@ -160,7 +137,7 @@ Create the name of the stackstorm-ha service account to use
     {{- end }}
 # System packs
 - name: st2-system-packs
-  image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}"
+  image: "{{ template "imageRepository" . }}/st2actionrunner:{{ .Chart.AppVersion }}"
   imagePullPolicy: {{ .Values.image.pullPolicy }}
   volumeMounts:
   - name: st2-packs-vol

templates/configmaps_packs.yaml

@@ -9,7 +9,6 @@ metadata:
     app: st2
     tier: backend
     vendor: stackstorm
-    support: {{ template "supportMethod" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}

templates/configmaps_rbac.yaml

@@ -1,4 +1,4 @@
-{{ if .Values.enterprise.enabled }}
+{{- if .Values.st2.rbac.enabled }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -10,12 +10,11 @@ metadata:
     app: st2
     tier: backend
     vendor: stackstorm
-    support: enterprise
     chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
-{{ toYaml .Values.enterprise.rbac.roles | indent 2 }}
+{{ toYaml .Values.st2.rbac.roles | indent 2 }}
 
 ---
 apiVersion: v1
@@ -28,12 +27,11 @@ metadata:
     app: st2
     tier: backend
     vendor: stackstorm
-    support: enterprise
     chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
-{{ toYaml .Values.enterprise.rbac.assignments | indent 2 }}
+{{ toYaml .Values.st2.rbac.assignments | indent 2 }}
 
 ---
 apiVersion: v1
@@ -46,14 +44,13 @@ metadata:
     app: st2
     tier: backend
     vendor: stackstorm
-    support: enterprise
     chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
-{{- if .Values.enterprise.rbac.mappings }}
-{{ toYaml .Values.enterprise.rbac.mappings | indent 2 }}
+{{- if .Values.st2.rbac.mappings }}
+{{ toYaml .Values.st2.rbac.mappings | indent 2 }}
 {{ else }}
   {}
 {{ end }}
-{{ end }}
+{{- end }}

templates/configmaps_st2-conf.yaml

@@ -9,7 +9,6 @@ metadata:
     app: st2
     tier: backend
     vendor: stackstorm
-    support: {{ template "supportMethod" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
@@ -19,7 +18,7 @@ data:
   # The order of merging: st2.conf < st2.docker.conf < st2.user.conf
   st2.docker.conf: |
     [auth]
-    api_url = http://{{ .Release.Name }}-st2api{{ template "enterpriseSuffix" . }}:9101/
+    api_url = http://{{ .Release.Name }}-st2api:9101/
     {{- if index .Values "redis" "enabled" }}
     [coordination]
     url = redis://{{ template "redis-nodes" $ }}
@@ -44,8 +43,14 @@ data:
     [keyvalue]
     encryption_key_path = /etc/st2/keys/datastore_key.json
     {{- end }}
+    {{- if .Values.st2.rbac.enabled }}
+    [rbac]
+    enable = True
+    backend = default 
+    {{- end }}
 
   # User-defined st2 config with custom settings applied on top of everything else.
   # The order of merging: st2.conf < st2.docker.conf < st2.user.conf
   st2.user.conf: |
 {{ .Values.st2.config | indent 4 }}
+

templates/configmaps_st2-urls.yaml

@@ -9,11 +9,10 @@ metadata:
     app: st2
     tier: backend
     vendor: stackstorm
-    support: {{ template "supportMethod" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
-  ST2_AUTH_URL: http://{{ .Release.Name }}-st2auth{{ template "enterpriseSuffix" . }}:9100/
-  ST2_API_URL: http://{{ .Release.Name }}-st2api{{ template "enterpriseSuffix" . }}:9101/
-  ST2_STREAM_URL: http://{{ .Release.Name }}-st2stream{{ template "enterpriseSuffix" . }}:9102/
+  ST2_AUTH_URL: http://{{ .Release.Name }}-st2auth:9100/
+  ST2_API_URL: http://{{ .Release.Name }}-st2api:9101/
+  ST2_STREAM_URL: http://{{ .Release.Name }}-st2stream:9102/

templates/configmaps_st2web.yaml

@@ -10,7 +10,6 @@ metadata:
     app: st2
     tier: backend
     vendor: stackstorm
-    support: {{ template "supportMethod" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}