From d6731613e865a9ffb7fb495bbdfe9315acfcebd3 Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Wed, 28 Jan 2026 14:50:48 +0100 Subject: [PATCH 1/2] todoblazor: Cosmetic code changes and bump version --- charts/todoblazor/CONTRIBUTING.md | 12 +++++++++--- charts/todoblazor/Chart.yaml | 2 +- charts/todoblazor/templates/deployment.yaml | 7 +++---- charts/todoblazor/templates/ingress.yaml | 7 +++---- charts/todoblazor/values.yaml | 3 ++- 5 files changed, 18 insertions(+), 13 deletions(-) diff --git a/charts/todoblazor/CONTRIBUTING.md b/charts/todoblazor/CONTRIBUTING.md index 2105a8e..ad874e1 100644 --- a/charts/todoblazor/CONTRIBUTING.md +++ b/charts/todoblazor/CONTRIBUTING.md @@ -23,6 +23,12 @@ Update `Chart.lock`: helm dependency update ``` +## Review the generated manifest + +```bash +helm template todoblazor . -f values.yaml -f values.mine.yaml --namespace demo > temp.yaml +``` + ## Validate on a test cluster Create the secret with the connection string: @@ -83,9 +89,9 @@ If needed, debug with: - Forward MongoDB port to view the database from Compass (with connection string "mongodb://root:admin@localhost:27017/todolist?authSource=admin") - ```bash - kubectl port-forward svc/todoblazor-mongodb -n demo 27017:27017 - ``` + ```bash + kubectl port-forward svc/todoblazor-mongodb -n demo 27017:27017 + ``` - Have a shell in a MongoDB container diff --git a/charts/todoblazor/Chart.yaml b/charts/todoblazor/Chart.yaml index 39dbe0b..e2ae930 100644 --- a/charts/todoblazor/Chart.yaml +++ b/charts/todoblazor/Chart.yaml @@ -2,7 +2,7 @@ name: todoblazor description: Helm chart for Todo Blazor web application type: application -version: 0.1.1 +version: 0.1.2 appVersion: "1.0.0" dependencies: - name: mongodb diff --git a/charts/todoblazor/templates/deployment.yaml b/charts/todoblazor/templates/deployment.yaml index 1c3f0c2..00b9d2c 100644 --- a/charts/todoblazor/templates/deployment.yaml +++ b/charts/todoblazor/templates/deployment.yaml @@ -1,6 +1,5 @@ -{{- $applications := list .Values.webapp -}} +{{- $applications := list .Values.webapp -}} {{ range $applications }} -{{- $name := .name -}} {{- if .enabled -}} --- apiVersion: apps/v1 @@ -21,8 +20,8 @@ spec: template: metadata: labels: - app: {{ $name }} - app.kubernetes.io/name: {{ $name }} + app: {{ .name }} + app.kubernetes.io/name: {{ .name }} {{- if .additionalPodLabels }} {{- toYaml .additionalPodLabels | nindent 8 }} {{- end }} diff --git a/charts/todoblazor/templates/ingress.yaml b/charts/todoblazor/templates/ingress.yaml index 8a4e313..61619ca 100644 --- a/charts/todoblazor/templates/ingress.yaml +++ b/charts/todoblazor/templates/ingress.yaml @@ -1,12 +1,11 @@ {{- $applications := list .Values.webapp -}} {{ range $applications }} -{{- $name := .name -}} {{- if and $.Values.ingress.enabled .enabled -}} --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ $name }} + name: {{ .name }} {{- with $.Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -23,7 +22,7 @@ spec: pathType: Prefix backend: service: - name: {{ $name }} + name: {{ .name }} port: number: {{ .port }} {{- range .ingressExtraHosts }} @@ -35,7 +34,7 @@ spec: pathType: {{ .pathType }} backend: service: - name: {{ $name }} + name: {{ .name }} port: number: {{ .port }} {{- end }} diff --git a/charts/todoblazor/values.yaml b/charts/todoblazor/values.yaml index ed73b57..3d65b99 100644 --- a/charts/todoblazor/values.yaml +++ b/charts/todoblazor/values.yaml @@ -1,4 +1,4 @@ -webapp: +webapp: enabled: true host: todoblazor.random name: todoblazor @@ -10,6 +10,7 @@ containerPort: 8080 healthEndpoint: /health db: + # important: connectionString or connectionStringSecretKeyRef must be provided # connectionString: "someconnstring" # connectionStringSecretKeyRef: # name: todoblazor-secret From d72302eb8fd897ec629be09199f2690c1e49403e Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Wed, 28 Jan 2026 14:51:45 +0100 Subject: [PATCH 2/2] todoblazor: add serviceaccount and admin cluster role binding (optional) --- charts/todoblazor/CONTRIBUTING.md | 12 +++++++---- .../templates/clusterrolebinding.yaml | 20 +++++++++++++++++++ charts/todoblazor/templates/deployment.yaml | 7 ++++++- .../todoblazor/templates/serviceaccount.yaml | 11 ++++++++++ charts/todoblazor/values.yaml | 8 +++++++- 5 files changed, 52 insertions(+), 6 deletions(-) create mode 100644 charts/todoblazor/templates/clusterrolebinding.yaml create mode 100644 charts/todoblazor/templates/serviceaccount.yaml diff --git a/charts/todoblazor/CONTRIBUTING.md b/charts/todoblazor/CONTRIBUTING.md index ad874e1..8337cf9 100644 --- a/charts/todoblazor/CONTRIBUTING.md +++ b/charts/todoblazor/CONTRIBUTING.md @@ -43,16 +43,20 @@ kubectl create secret generic todoblazor-database \ Create a `values.mine.yaml` file: ```yaml -dotnet: - environment: Development webapp: - tag: 1.0.21375563304 + tag: 1.0.21398515939 db: - # connectionString: mongodb://root:admin@todoblazor-mongodb:27017/todolist?authSource=admin connectionStringSecretKeyRef: name: todoblazor-database key: connectionstring databaseName: todolist +dotnet: + environment: Development +security: + serviceAccount: + create: true + rbac: + giveClusterAdmin: true ingress: enabled: true className: traefik diff --git a/charts/todoblazor/templates/clusterrolebinding.yaml b/charts/todoblazor/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..0ed9e73 --- /dev/null +++ b/charts/todoblazor/templates/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.security.rbac.giveClusterAdmin .Values.security.serviceAccount.create }} +{{- $namespace := .Release.Namespace }} +{{- $applications := list .Values.webapp -}} +{{ range $applications }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .name }}-cluster-admin + labels: + app: {{ .name }} +subjects: + - kind: ServiceAccount + name: {{ .name }} + namespace: {{ $namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io +{{ end }} +{{- end }} diff --git a/charts/todoblazor/templates/deployment.yaml b/charts/todoblazor/templates/deployment.yaml index 00b9d2c..734d7dd 100644 --- a/charts/todoblazor/templates/deployment.yaml +++ b/charts/todoblazor/templates/deployment.yaml @@ -1,4 +1,4 @@ -{{- $applications := list .Values.webapp -}} +{{- $applications := list .Values.webapp -}} {{ range $applications }} {{- if .enabled -}} --- @@ -34,6 +34,11 @@ spec: - key: "kubernetes.io/arch" operator: In values: ["amd64"] + {{- if $.Values.security.serviceAccount.create }} + serviceAccountName: {{ .name }} + {{- else }} + serviceAccountName: default + {{- end }} containers: - name: {{ .name }} image: {{ .image }}:{{ .tag }} diff --git a/charts/todoblazor/templates/serviceaccount.yaml b/charts/todoblazor/templates/serviceaccount.yaml new file mode 100644 index 0000000..c70b502 --- /dev/null +++ b/charts/todoblazor/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.security.serviceAccount.create }} +{{- $applications := list .Values.webapp -}} +{{ range $applications }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .name }} + labels: + app: {{ .name }} +{{ end }} +{{- end }} diff --git a/charts/todoblazor/values.yaml b/charts/todoblazor/values.yaml index 3d65b99..9b56179 100644 --- a/charts/todoblazor/values.yaml +++ b/charts/todoblazor/values.yaml @@ -1,4 +1,4 @@ -webapp: +webapp: enabled: true host: todoblazor.random name: todoblazor @@ -39,6 +39,12 @@ dotnet: enableOpenTelemetry: false enableHttpRedirect: true +security: + serviceAccount: + create: false + rbac: + giveClusterAdmin: false + ingress: enabled: false className: ""