helm: add support for tyk gw integration secrets

resurfaceio · Apr 23, 2024 · f85e617 · f85e617
1 parent c96bba5
commit f85e617
Show file tree

Hide file tree

Showing 8 changed files with 46 additions and 5 deletions.
diff --git a/helm/resurfaceio/resurface/Chart.lock b/helm/resurfaceio/resurface/Chart.lock
@@ -1,9 +1,9 @@
 dependencies:
 - name: kubernetes-ingress
   repository: https://haproxytech.github.io/helm-charts
-  version: 1.39.0
+  version: 1.39.1
 - name: minio
   repository: https://charts.min.io/
   version: 5.1.0
-digest: sha256:acc67b65875a514955328f073cb441a9522e35be09734cb6e94fde36f460967e
-generated: "2024-04-05T10:59:06.973943-04:00"
+digest: sha256:f2448f23b1faabbfdaf7fe371015dc02405b8e9edfaefb630057958bc387bc51
+generated: "2024-04-23T11:32:00.138045-04:00"
diff --git a/helm/resurfaceio/resurface/Chart.yaml b/helm/resurfaceio/resurface/Chart.yaml
@@ -29,7 +29,7 @@ keywords:
 home: https://resurface.io
 dependencies:
   - name: kubernetes-ingress
-    version: "1.39.0"
+    version: "1.39.1"
     repository: https://haproxytech.github.io/helm-charts
     condition: ingress.controller.enabled
   - name: minio

diff --git a/helm/resurfaceio/resurface/README.md b/helm/resurfaceio/resurface/README.md
@@ -171,6 +171,12 @@ External integrations can be configured in the **integrations** section.
   - **integrations.axway.orgID**: string. Axway tenant identifier. Required only if **integrations.axway.secretName** is not set.
   - **integrations.axway.secretName**: string. Name of an already existing Kubernetes Secret containing the three required fields (clientID, clientSecret, and OrgID). Required only if at least one of the **integrations.axway.clientID**, **integrations.axway.clientID**, or **integrations.axway.clientID** values is missing.
 
+- The **integrations.tyk** subsection corresponds to the Tyk Gateway integration.
+  - **integrations.tyk.enabled**: If set to `true`, Tyk Gateway polling will be enabled. Defaults to `false`.
+  - **integrations.tyk.url**: string. URL to access Tyk Gateway. Required only if **integrations.tyk.secretName** is not set.
+  - **integrations.tyk.authSecret**: string. Shared secret parameter for Tyk Gateway configuration. Required only if **integrations.tyk.secretName** is not set.
+  - **integrations.tyk.secretName**: string. Name of an already existing Kubernetes Secret containing the two required fields (url and authSecret). Required only if at least one of **integrations.tyk.url** or **integrations.tyk.authSecret** values is missing.
+
 The **custom** section holds the values for fields that can be overridden in any default configuration. None of its fields are required. The following fields can be found nested in this section:
 
 - The **custom.service** subsection is where the configuration for both the internal service resources can be found.

diff --git a/helm/resurfaceio/resurface/charts/kubernetes-ingress-1.39.0.tgz b/helm/resurfaceio/resurface/charts/kubernetes-ingress-1.39.0.tgz
diff --git a/helm/resurfaceio/resurface/charts/kubernetes-ingress-1.39.1.tgz b/helm/resurfaceio/resurface/charts/kubernetes-ingress-1.39.1.tgz
diff --git a/helm/resurfaceio/resurface/templates/_helpers.tpl b/helm/resurfaceio/resurface/templates/_helpers.tpl
@@ -199,6 +199,13 @@ Container resources and persistent volumes
     {{- end -}}
 {{- end -}}
 {{- $axwaySecret := .Values.integrations.axway.secretName | default "resurface-axway-creds" -}}
+{{/* Tyk Gateway */}}
+{{- if .Values.integrations.tyk.enabled  -}}
+    {{- if and .Values.integrations.tyk.url .Values.integrations.tyk.authSecret | or .Values.integrations.tyk.secretName | not -}}
+        {{- fail "Tyk integration is enabled. Please set both 'url' and 'authSecret', or set 'secretName' if kubernetes secret has been created separatedly." -}}
+    {{- end -}}
+{{- end -}}
+{{- $tykGWSecret := .Values.integrations.tyk.secretName | default "resurface-tyk-gw-creds" -}}
 
 
 {{- /* Defaults for container resources */ -}}
@@ -267,6 +274,18 @@ Container resources and persistent volumes
                   name: {{ $axwaySecret }}
                   key: orgID
             {{- end }}
+            {{- if .Values.integrations.tyk.enabled }}
+            - name: TYK_GW_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $tykGWSecret }}
+                  key: url
+            - name: TYK_GW_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $tykGWSecret }}
+                  key: authSecret
+            {{- end }}
   volumeClaimTemplates:
     - metadata:
         name: {{ include "resurface.fullname" . }}-pvc

diff --git a/...templates/secrets/integrations/axway.yaml → ...rface/templates/secrets/integrations.yaml b/...templates/secrets/integrations/axway.yaml → ...rface/templates/secrets/integrations.yaml
@@ -8,4 +8,15 @@ data:
   clientID: {{ .Values.integrations.axway.clientID | toString | b64enc }}
   clientSecret: {{ .Values.integrations.axway.clientSecret | toString | b64enc }}
   orgID: {{ .Values.integrations.axway.orgID | toString | b64enc }}
-{{- end }}
+{{- end }}
+---
+{{- if empty .Values.integrations.tyk.secretName | and .Values.integrations.tyk.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: resurface-tyk-gw-creds
+type: Opaque
+data:
+  url: {{ .Values.integrations.tyk.url | toString | b64enc }}
+  authSecret: {{ .Values.integrations.tyk.authSecret | toString | b64enc }}
+{{- end }}
diff --git a/helm/resurfaceio/resurface/values.yaml b/helm/resurfaceio/resurface/values.yaml
@@ -74,6 +74,11 @@ integrations:
     clientID:
     clientSecret:
     orgID:
+  tyk:
+    enabled: false
+    secretName:
+    url:
+    authSecret:
 
 custom:
   service: