UNCLASSIFIED - NO CUI

Skip to content

For core services, add helm "values" via ConfigMap

Feature Request

For the core services, we are requesting that the helm values are added via ConfigMap instead of the hard-coded values that are there/not there right now.

Why

Due to the way that helm handles precedence, if the "default" helm values are added via ConfigMap we(companies) are able to override our personalized helm values in a cleaner fashion. We would simply be able to append a ConfigMap with _our _ values to the end of the ConfigMap list and our precedence would come before the bb default values. Without this method we have to allow for template values in each chart and then inject our values into each deployment.

For example here is the current implementation for gatekeeper: https://repo1.dso.mil/platform-one/big-bang/bigbang/-/blob/master/chart/templates/gatekeeper/gatekeeper-helmrelease.yaml

{{- if or .Values.gatekeeper.enabled .Values.clusterAuditor.enabled }}
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: gatekeeper
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: gatekeeper
    app.kubernetes.io/component: "core"
    {{- include "commonLabels" . | nindent 4}}
spec:
  targetNamespace: gatekeeper-system
  chart:
    spec:
      chart: {{ .Values.gatekeeper.git.path }}
      interval: 5m
      sourceRef:
        kind: GitRepository
        name: gatekeeper
        namespace: {{ .Release.Namespace }}

  {{- with .Values.flux }}
  interval: {{ .interval }}
  test:
    enable: false
  install:
    remediation:
      retries: {{ .install.retries }}
  upgrade:
    remediation:
      retries: {{ .upgrade.retries }}
      remediateLastFailure: true
    cleanupOnFail: true
  rollback:
    timeout: {{ .rollback.timeout }}
    cleanupOnFail: {{ .rollback.cleanupOnFail }}
  {{- end }}

  valuesFrom:
    - name: values
      kind: Secret
      valuesKey: "gatekeeper.yaml"

  values:
    image:
      repository: registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper
      release: v3.1.2
    disableValidatingWebhook: true
    createNamespace: false
    imagePullSecrets:
    - name: private-registry
{{- end }}

Proposed Solution

Add default BB values via ConfigMap.

{{- if or .Values.gatekeeper.enabled .Values.clusterAuditor.enabled }}
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: gatekeeper
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: gatekeeper
    app.kubernetes.io/component: "core"
    {{- include "commonLabels" . | nindent 4}}
spec:
  targetNamespace: gatekeeper-system
  chart:
    spec:
      chart: {{ .Values.gatekeeper.git.path }}
      interval: 5m
      sourceRef:
        kind: GitRepository
        name: gatekeeper
        namespace: {{ .Release.Namespace }}

  {{- with .Values.flux }}
  interval: {{ .interval }}
  test:
    enable: false
  install:
    remediation:
      retries: {{ .install.retries }}
  upgrade:
    remediation:
      retries: {{ .upgrade.retries }}
      remediateLastFailure: true
    cleanupOnFail: true
  rollback:
    timeout: {{ .rollback.timeout }}
    cleanupOnFail: {{ .rollback.cleanupOnFail }}
  {{- end }}

  valuesFrom:
    # These will be the default values from upstrean
    - name: defaults
      kind: ConfigMap
      valuesKey: "bb-defaults.yaml"
    # Company helm overrides
    - name: values
      kind: ConfigMap
      valuesKey: "company-gatekeeper.yaml"
{{- end }}

If your proposed solution changes the existing behavior of a feature, please outline why your approach is recommended/better.

Edited by Cassie Souza

UNCLASSIFIED - NO CUI