Merge branch 'main' into migrations

charts/openfga/Chart.yaml

@@ -3,8 +3,8 @@ name: openfga
 description: A Kubernetes Helm chart for the OpenFGA project.
 
 type: application
-version: 0.2.13
-appVersion: "v1.6.0"
+version: 0.2.18
+appVersion: "v1.8.1"
 
 home: "https://openfga.github.io/helm-charts"
 icon: https://github.com/openfga/community/raw/main/brand-assets/icon/color/openfga-icon-color.svg

charts/openfga/README.md

@@ -15,12 +15,29 @@ $ helm repo add openfga https://openfga.github.io/helm-charts
 $ helm install openfga openfga/openfga
 ```
 
-This will deploy a 3-replica deployment of OpenFGA on the Kubernetes cluster using the default configurations for OpenFGA. For more information on the default values, please see the official [OpenFGA documentation](https://openfga.dev/docs/getting-started/setup-openfga/docker#configuring-the-server). The [Parameters](#parameters) section below lists the parameters that can be configured during installation.
+This will deploy a 3-replica deployment of OpenFGA on the Kubernetes cluster using the default configurations for OpenFGA. For more information on the default values, please see the official [OpenFGA documentation](https://openfga.dev/docs/getting-started/setup-openfga/docker#configuring-the-server). The [Chart Parameters](#chart-parameters) section below lists the parameters that can be configured during installation.
 
 > **Tip**: List all releases using `helm list`
 
 
 
+## Customization 
+If you wish to customize the OpenFGA deployment you may supply paremeters such as the ones listed in the [values.yaml](/charts/openfga/values.yaml). 
+
+### Installing with Custom Common Labels
+You can specify custom labels to insert into resources inline or via Values files:
+
+```sh
+$ helm install openfga openfga/openfga \
+  --set-json 'commonLabels={"app.example.com/domain": "example", "app.example.com/system": "permissions"}'
+```
+
+```yaml
+commonLabels:
+    app.example.com/system: permissions
+    app.example.com/domain: example
+```
+
 ### Installing with Postgres
 If you do not already have a Postgres deployment, you can deploy OpenFGA with Postgres with the following command:
 

charts/openfga/templates/_helpers.tpl

@@ -44,6 +44,9 @@ Common labels
 {{- define "openfga.labels" -}}
 helm.sh/chart: {{ include "openfga.chart" . }}
 {{ include "openfga.selectorLabels" . }}
+{{- with .Values.commonLabels }}
+{{ . | toYaml }}
+{{- end }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}

charts/openfga/templates/deployment.yaml

@@ -26,6 +26,9 @@ spec:
         prometheus.io/port: "{{ (split ":" .Values.telemetry.metrics.addr)._1 }}"
       labels:
         {{- include "openfga.selectorLabels" . | nindent 8 }}
+        {{- with .Values.commonLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -36,7 +39,7 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       {{ if or (and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations .Values.datastore.waitForMigrations) .Values.extraInitContainers }}
       initContainers:
-        {{- if and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations .Values.datastore.waitForMigrations }}
+        {{- if and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations .Values.datastore.waitForMigrations (eq .Values.datastore.migrationType "job") }}
         - name: wait-for-migration
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
@@ -46,6 +49,44 @@ spec:
           resources:
             {{- toYaml .Values.datastore.migrations.resources | nindent 12 }}
         {{- end }}
+        {{- if and (has .Values.datastore.engine (list "postgres" "mysql")) (eq .Values.datastore.migrationType "initContainer") }}
+        - name: migrate-database
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          args: [ "migrate" ]
+          env:
+            {{- if .Values.datastore.engine }}
+            - name: OPENFGA_DATASTORE_ENGINE
+              value: "{{ .Values.datastore.engine }}"
+            {{- end }}
+            {{- if .Values.datastore.uri }}
+            - name: OPENFGA_DATASTORE_URI
+              value: "{{ .Values.datastore.uri }}"
+            {{- else if .Values.datastore.uriSecret }}
+            - name: OPENFGA_DATASTORE_URI
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.datastore.uriSecret }}"
+                  key: "uri"
+            {{- end }}
+            {{- if .Values.migrate.timeout }}
+            - name: OPENFGA_TIMEOUT
+              value: "{{ .Values.migrate.timeout }}"
+            {{- end }}
+            {{- with .Values.extraEnvVars }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+          resources:
+            {{- toYaml .Values.datastore.migrations.resources | nindent 12 }}
+          {{- with .Values.migrate.extraVolumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- if .Values.migrate.sidecars }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.migrate.sidecars "context" $) | nindent 8 }}
+          {{- end }}
+        {{- end }}
         {{- with .Values.extraInitContainers }}
           {{- toYaml . | nindent 8 }}
         {{- end }}

charts/openfga/templates/job.yaml

@@ -1,4 +1,4 @@
-{{- if and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations -}}
+{{- if and (has .Values.datastore.engine (list "postgres" "mysql")) .Values.datastore.applyMigrations (eq .Values.datastore.migrationType "job") -}}
 apiVersion: batch/v1
 kind: Job
 metadata:

charts/openfga/values.schema.json

@@ -61,6 +61,11 @@
             },
             "additionalProperties": false
         },
+        "commonLabels": {
+            "type": "object",
+            "description": "Common labels to apply to OpenFGA resources",
+            "default": {}
+        },
         "fullnameOverride": {
             "type": "string",
             "description": "Overrides the default fully qualified app name",
@@ -329,9 +334,21 @@
                 },
                 "applyMigrations": {
                     "type": "boolean",
-                    "description": "enable/disable the job that runs migrations in the datastore",
+                    "description": "enable/disable the running of migrations in the datastore",
                     "default": true
                 },
+                "migrationType": {
+                    "type": [
+                        "string",
+                        "null"
+                    ],
+                    "description": "how the migrations will be run",
+                    "default": "job",
+                    "enum": [
+                        "job",
+                        "initContainer"
+                    ]
+                },
                 "waitForMigrations": {
                     "type": "boolean",
                     "description": "wait for migrations to complete before starting the server",

charts/openfga/values.yaml

@@ -9,6 +9,13 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+# Specify additional labels to apply to OpenFGA resources
+# Usage example:
+# commonLabels:
+#     app.example.com/system: permissions
+#     app.example.com/domain: example
+commonLabels: {}
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true