Microgateway 2.0 (#121)

Upgrade to Airlock Microgateway 2.0.0
* create config using  init container.
* set separate env variables for configbuilder and runtime image (#76)
* print instructions to access init container logs to console after installation
* remove advanced and expert dsl mode 
* helm docs version incremented
* use new port and url for probes in deployment (#92)
* add resource requests/limits for cpu and memory for the init container (#99)
* renamed config.generic Parameters to config.* (#104)
* Mount secrets to default location (#107)
* migrate to ingress v1 (#117)
* full path to docker images (#118)
* use Hpa beta2 (#116)
* increment chart version to 1.0.0

Project Environment and Documentation
* add unit tests (#78)
* reflect changes in DSL in readme
* add Change log (#95)
* enhancements to pr workflow (kubeval, readme generation)


Co-authored-by: airlockgithubci <[email protected]>
Co-authored-by: Stefan Dietiker <[email protected]>

.github/helm-docs-generate.sh

@@ -1,28 +1,25 @@
 #!/bin/bash
 set -euox pipefail
 
-# Write Error Message
-echo -e "\033[0;31m ######## The helm-docs validation failed. ######## \033[0m" >&2
-echo -e "\033[0;31m Make sure that the documentation has been updated. \033[0m" >&2
-
 git config user.name "$TECHNICAL_USER"
 git config user.email "$TECHNICAL_USER@users.noreply.github.com"
-
 git fetch
 git checkout ${BRANCH_NAME}
 
-./helm-docs
+# create readme
+make
 
+# push readme updates
 READMES_CHANGED=$(git diff --name-only HEAD -- 'charts/**/README.md')
 
+change_count=0
 for README_CHANGED in ${READMES_CHANGED}; do
   git add ${README_CHANGED}
-done 
-
-git commit -m "Automated README generation"
-echo "Push to ${BRANCH_NAME}"
-git push "https://$TECHNICAL_USER:$TECHNICAL_USER_TOKEN@github.com/${GITHUB_REPOSITORY}.git" ${BRANCH_NAME}
-
-git checkout master
-
-rm helm-docs
+  ((++change_count))
+done
+
+if [ $change_count -gt 0 ]; then
+  echo "Push ${change_count} readmes to ${BRANCH_NAME}"
+  git commit -m "Automated README generation"
+  git push "https://$TECHNICAL_USER:$TECHNICAL_USER_TOKEN@github.com/${GITHUB_REPOSITORY}.git" ${BRANCH_NAME}
+fi

.github/kubeval.sh

@@ -1,15 +1,15 @@
-#!/bin/bash 
+#!/bin/bash
 set -euox pipefail
 
 CHART_DIRS="$(git diff --find-renames --name-only "$(git rev-parse --abbrev-ref HEAD)" remotes/origin/master -- charts | cut -f1-2 -d '/' | uniq)"
 KUBEVAL_VERSION="0.15.0"
-SCHEMA_LOCATION="https://raw.githubusercontent.com/instrumenta/kubernetes-json-schema/master/"
+SCHEMA_LOCATION="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/"
 
 # install kubeval
 curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz https://github.com/instrumenta/kubeval/releases/download/"${KUBEVAL_VERSION}"/kubeval-linux-amd64.tar.gz
 tar -xf /tmp/kubeval.tar.gz kubeval
 
 # validate charts
 for CHART_DIR in ${CHART_DIRS}; do
-  helm template "${CHART_DIR}" | ./kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}"
+  helm template "${CHART_DIR}" | ./kubeval --strict --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}"
 done

.github/pull_request_template.md

@@ -20,10 +20,8 @@ Please delete options that are irrelevant.
 - [ ] Documentation
 
 ## How has this been tested?
-Please describe the tests you ran to verify the changes. Provide instructions that we can re-run the tests. Please list any relevant details for tests setup.
+Please describe the tests you ran in addition to the unit tests. Provide instructions to re-run the tests. Please list any relevant details for test setup.
 
-- Test A
-- Test B
 
 **Versions**
 * Microgateway:
@@ -33,6 +31,7 @@ Please describe the tests you ran to verify the changes. Provide instructions th
 
 ## Checklist:
 - [ ] The code has been reviewed (self-review, ...).
+- [ ] Unit tests have been implemented.
 - [ ] The parts of the code which are hard to understand are commented.
 - [ ] The corresponding documentation has been updated.
 - [ ] The changes do not cause warnings.

.github/unit-test.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -euox pipefail
+
+# install unittest helm plugin
+helm plugin install https://github.com/quintush/helm-unittest
+
+#run unittest
+helm unittest charts/microgateway

.github/workflows/ci.yaml

@@ -2,41 +2,46 @@ name: Lint and Test Charts
 
 on:
   pull_request:
-    paths:
+     paths:
       - 'charts/**'
-      - '.github/workflows/ci.yaml'
+      - '.github/**'
+      - '!charts/microgateway/README.md'
   workflow_dispatch:
 
 jobs:
   generate-docs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
-      - name: Install helm-docs
-        run: .github/helm-docs-install.sh
-        env:
-          HELM_DOCS_VERSION: "1.5.0"
-      - name: Run helm-docs
-        id: validatedocs
-        run: .github/helm-docs-verify.sh
-      - name: Generate helm-docs (on failure)
-        if: failure()
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+      - name: Generate helm-docs
         run: .github/helm-docs-generate.sh
         env:
           BRANCH_NAME: ${{ github.head_ref }}
           TECHNICAL_USER_TOKEN: ${{ secrets.TECHNICAL_USER_TOKEN }}
           TECHNICAL_USER: ${{ secrets.TECHNICAL_USER }}
-  kubeval-chart:
+  unit-test:
     runs-on: ubuntu-latest
     needs:
       - generate-docs
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: install and run helm unit tests
+        run: .github/unit-test.sh
+  kubeval-chart:
+    runs-on: ubuntu-latest
+    needs:
+      - unit-test
     strategy:
       matrix:
         k8s:
-          - v1.18.15
-          - v1.19.7
-          - v1.20.2
+          - v1.19.9
+          - v1.20.6
+          - v1.21.0
     steps:
       - name: Checkout
         uses: actions/checkout@v1
@@ -52,7 +57,6 @@ jobs:
     strategy:
       matrix:
         k8s:
-          - v1.18.15
           - v1.19.7
           - v1.20.2
     steps:

.gitignore

@@ -2,5 +2,4 @@
 
 # IDE
 .idea/
-
 charts/test-values.yaml

charts/microgateway/.helmignore

@@ -21,3 +21,7 @@
 .idea/
 *.tmproj
 .vscode/
+
+
+# Unit Tests
+tests

charts/microgateway/CHANGE-NOTES.md

@@ -0,0 +1,43 @@
+# Change Log
+## 1.0.0
+
+### Enhancements
+- Update to Microgateway 2.0.0.
+
+### Breaking Changes
+#### Helm Chart Configuration
+
+- Advanced and Simple DSL Configuration are not supported anymore. Configurations using Advanced or Simple DSL Mode will have to migrate to the standard Microgateway DSL configuration. Please refer to the [Microgateway Documentation](https://docs.airlock.com/microgateway/2.0) for further information.
+- DSL Configuration chart parameter 'config.expert.dsl' has been renamed to 'config.dsl'.
+- Parameters 'config.generic.\*' have been renamed to 'config.\*'. Example: 'config.generic.passphrase' has been renamed to 'config.passphrase'.
+- Helm Chart parameter 'config.generic.env' has been renamed to 'config.env.runtime'. For environment variables used in DSL variable substitution, use 'config.env.configbuilder'.
+- Helm Chart parameter 'image.repository' has been renamed to 'image.repository.runtime'. If you use a custom value for the 
+  runtime image, you will probably also need a custom value for the configbuilder repository: 'image.repository.configbuilder'.
+- The service name for the echo service has been changed from 'backend-service' to 'backend' to match the microgateway default value. The echo service name can be configured using 'echo-server.fullnameOverride'.
+- Secrets for the license and the passphrase are now mounted to the default locations '/secret/license' and '/secret/passphrase' instead of '/secret/config/\*'. Explicit references to the former location of these secrets have to be removed from the DSL.
+- Ingress configuration: The helm chart uses ingress API version networking.k8s.io/v1 now. For k8s clusters with version 1.19 or higher, `ingress.servicePortNumber` or `ingress.servicePortName` have to be used instead of `ingress.targetPort`. `ingress.servicePortNumber` takes precedence if both are specified.
+
+#### Breaking Changes in the Microgateway DSL
+
+For a complete reference of the Microgateway DSL, please refer to https://docs.airlock.com/microgateway/2.0.
+
+- The entry_path for a mapping is now defined in a nested value element
+```
+          mappings:
+            - name: webapp
+              entry_path:
+                value: /
+```
+- Backends are no longer defined  as child of an app. Backends are now contained in a mapping and may define multiple backend hosts. The hostname has been renamed to host.
+
+```
+            mappings:  
+              - backend:
+                  hosts:
+                    - protocol: https
+                      name: custom-backend-service
+                      port: 8443
+```
+
+- The parameter base_template_file is not supported anymore. Use the expert settings on global, virtual host, mapping or backend level to migrate settings from the base_template_file that can not be configured using the Microgateway DSL.
+- 'apps.mappings.deny_rules' have been renamed to 'apps.mappings.deny_rule_groups'.

charts/microgateway/Chart.yaml

@@ -14,5 +14,5 @@ maintainers:
   - email: [email protected]
     name: Airlock
 name: microgateway
-version: 0.6.9
-appVersion: "1.0.1"
+version: 1.0.0
+appVersion: "2.0.0"