chore: update default values for components (#274)

akafazov · web-flow · commit 7ea345c354f0 · 2025-10-23T17:41:48.000+03:00
* chore: update default values for components --------- On-behalf-of: @SAP angel.kafazov@sap.com Signed-off-by: Angel Kafazov <akafazov@cst-bg.net>
diff --git a/charts/platform-mesh-operator-components/Chart.yaml b/charts/platform-mesh-operator-components/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: platform-mesh-operator-components
 description: A Helm chart for Kubernetes
 type: application
-version: 0.25.0
+version: 0.26.0
 appVersion: "0.0.0"
diff --git a/charts/platform-mesh-operator-components/README.md b/charts/platform-mesh-operator-components/README.md
@@ -64,6 +64,10 @@ A Helm chart for Kubernetes
 | services.infra.values.istio.passThrough.gateway.port | string | `"{{ .Values.port }}"` |  |
 | services.infra.values.istio.passThrough.gateway.protocol | string | `"HTTPS"` |  |
 | services.infra.values.kcp.image.tag | string | `"8265c399b"` |  |
+| services.infra.values.kcp.rootShard.extraArgs[0] | string | `"--feature-gates=WorkspaceAuthentication=true"` |  |
+| services.infra.values.kcp.rootShard.extraArgs[1] | string | `"--shard-virtual-workspace-url=https://kcp.api.{{ .Values.baseDomainPort }}"` |  |
+| services.infra.values.kcp.webhook.enabled | bool | `true` |  |
+| services.infra.values.keycloak.crossplane.clients.welcome.validRedirectUris[0] | string | `"https://{{ .Values.baseDomainPort }}/callback*"` |  |
 | services.infra.values.keycloak.istio.virtualservice.hosts[0] | string | `"{{ .Values.baseDomain }}"` |  |
 | services.istio-base.chart | string | `"base"` |  |
 | services.istio-base.driftDetectionMode | string | `"disabled"` |  |
@@ -107,6 +111,7 @@ A Helm chart for Kubernetes
 | services.kcp-operator.imageResource.labels.infra | string | `"true"` |  |
 | services.kcp-operator.imageResource.name | string | `"kcp-image"` |  |
 | services.kcp-operator.targetNamespace | string | `"kcp-operator"` |  |
+| services.kcp-operator.values.image.tag | string | `"v0.3.0"` |  |
 | services.keycloak.dependsOn[0].name | string | `"istio-istiod"` |  |
 | services.keycloak.dependsOn[0].namespace | string | `"default"` |  |
 | services.keycloak.enabled | bool | `true` |  |
@@ -127,6 +132,12 @@ A Helm chart for Kubernetes
 | services.keycloak.values.postgresql.auth.username | string | `"keycloak"` | postgresql username |
 | services.keycloak.values.postgresql.nameOverride | string | `"postgresql-keycloak"` | postgresql name override |
 | services.keycloak.values.postgresql.primary.resourcesPreset | string | `"none"` | primary postgresql resources preset |
+| services.keycloak.values.resources.limits.cpu | string | `"2"` |  |
+| services.keycloak.values.resources.limits.ephemeral-storage | string | `"2Gi"` |  |
+| services.keycloak.values.resources.limits.memory | string | `"2Gi"` |  |
+| services.keycloak.values.resources.requests.cpu | string | `"750m"` |  |
+| services.keycloak.values.resources.requests.ephemeral-storage | string | `"50Mi"` |  |
+| services.keycloak.values.resources.requests.memory | string | `"1Gi"` |  |
 | services.kubernetes-graphql-gateway.dependsOn[0].name | string | `"istio-istiod"` |  |
 | services.kubernetes-graphql-gateway.dependsOn[0].namespace | string | `"default"` |  |
 | services.kubernetes-graphql-gateway.enabled | bool | `true` |  |
@@ -207,7 +218,8 @@ A Helm chart for Kubernetes
 | services.portal.values.frontendPort | string | `"{{ .Values.port }}"` |  |
 | services.portal.values.http.protocol | string | `"https"` |  |
 | services.portal.values.kcp.kubeconfigSecret | string | `"portal-kubeconfig"` |  |
-| services.portal.values.virtualService.hosts | bool | `false` |  |
+| services.portal.values.virtualService.hosts[0] | string | `"{{ .Values.baseDomain }}"` |  |
+| services.portal.values.virtualService.hosts[1] | string | `"*.{{ .Values.baseDomain }}"` |  |
 | services.rebac-authz-webhook.dependsOn[0].name | string | `"istio-istiod"` |  |
 | services.rebac-authz-webhook.dependsOn[0].namespace | string | `"default"` |  |
 | services.rebac-authz-webhook.enabled | bool | `true` |  |
@@ -223,7 +235,7 @@ A Helm chart for Kubernetes
 | services.security-operator.values.crds.enabled | bool | `false` |  |
 | services.security-operator.values.fga.inviteKeycloakBaseUrl | string | `"https://{{ .Values.baseDomainPort }}/keycloak"` |  |
 | services.security-operator.values.fga.target | string | `"openfga.platform-mesh-system.svc.cluster.local:8081"` |  |
-| services.security-operator.values.initializer.baseDomain | string | `"{{ .Values.baseDomain }}"` |  |
+| services.security-operator.values.initializer.baseDomain | string | `"{{ .Values.baseDomainPort }}"` |  |
 | services.security-operator.values.initializer.kubeconfigSecret | string | `"security-initializer-kubeconfig"` |  |
 | services.security-operator.values.kubeconfigSecret | string | `"security-operator-kubeconfig"` |  |
 | services.security-operator.values.log.level | string | `"debug"` |  |
diff --git a/charts/platform-mesh-operator-components/tests/__snapshot__/application_test.yaml.snap b/charts/platform-mesh-operator-components/tests/__snapshot__/application_test.yaml.snap
@@ -149,7 +149,18 @@ it should render the application manifests:
         kcp:
           image:
             tag: 8265c399b
+          rootShard:
+            extraArgs:
+              - --feature-gates=WorkspaceAuthentication=true
+              - --shard-virtual-workspace-url=https://kcp.api.example.com:8443
+          webhook:
+            enabled: true
         keycloak:
+          crossplane:
+            clients:
+              welcome:
+                validRedirectUris:
+                  - https://example.com:8443/callback*
           istio:
             virtualservice:
               hosts:
@@ -265,7 +276,9 @@ it should render the application manifests:
       releaseName: kcp-operator
       targetNamespace: kcp-operator
       timeout: 15m
-      values: null
+      values:
+        image:
+          tag: v0.3.0
   10: |
     apiVersion: helm.toolkit.fluxcd.io/v2
     kind: HelmRelease
@@ -319,6 +332,15 @@ it should render the application manifests:
           nameOverride: postgresql-keycloak
           primary:
             resourcesPreset: none
+        resources:
+          limits:
+            cpu: "2"
+            ephemeral-storage: 2Gi
+            memory: 2Gi
+          requests:
+            cpu: 750m
+            ephemeral-storage: 50Mi
+            memory: 1Gi
   11: |
     apiVersion: helm.toolkit.fluxcd.io/v2
     kind: HelmRelease
@@ -495,7 +517,7 @@ it should render the application manifests:
           inviteKeycloakBaseUrl: https://example.com:8443/keycloak
           target: openfga.platform-mesh-system.svc.cluster.local:8081
         initializer:
-          baseDomain: example.com
+          baseDomain: example.com:8443
           kubeconfigSecret: security-initializer-kubeconfig
         kubeconfigSecret: security-operator-kubeconfig
         log:
diff --git a/charts/platform-mesh-operator-components/values.yaml b/charts/platform-mesh-operator-components/values.yaml
@@ -133,7 +133,7 @@ services:
         inviteKeycloakBaseUrl: "https://{{ .Values.baseDomainPort }}/keycloak"
       initializer:
         kubeconfigSecret: security-initializer-kubeconfig
-        baseDomain: "{{ .Values.baseDomain }}"
+        baseDomain: "{{ .Values.baseDomainPort }}"
       kubeconfigSecret: security-operator-kubeconfig
       log:
         level: debug
@@ -169,6 +169,12 @@ services:
         image:
           # FIXME: this is a temporary fix until we have support for the latest version
           tag: 8265c399b
+        rootShard:
+          extraArgs:
+            - --feature-gates=WorkspaceAuthentication=true
+            - --shard-virtual-workspace-url=https://kcp.api.{{ .Values.baseDomainPort }}
+        webhook:
+          enabled: true
       istio:
         main:
           gateway:
@@ -195,6 +201,11 @@ services:
           virtualservice:
             hosts:
               - "{{ .Values.baseDomain }}"
+        crossplane:
+          clients:
+            welcome:
+              validRedirectUris:
+                - "https://{{ .Values.baseDomainPort }}/callback*"
   kcp-operator:
     imageResource:
       name: kcp-image
@@ -205,6 +216,9 @@ services:
     enabled: true
     helmRepo: true
     targetNamespace: kcp-operator
+    values:
+      image:
+        tag: "v0.3.0"
   keycloak:
     enabled: true
     dependsOn:
@@ -216,6 +230,15 @@ services:
           - name: github
         security:
           allowInsecureImages: true
+      resources:
+        limits:
+          cpu: "2"
+          ephemeral-storage: 2Gi
+          memory: 2Gi
+        requests:
+          cpu: 750m
+          ephemeral-storage: 50Mi
+          memory: 1Gi
       image:
         registry: ghcr.io/platform-mesh
         repository: upstream-images/keycloak
@@ -375,7 +398,9 @@ services:
           clientId: "welcome"
           baseDomain: "{{ .Values.baseDomain }}"
       virtualService:
-        hosts: false
+        hosts:
+          - "{{ .Values.baseDomain }}"
+          - "*.{{ .Values.baseDomain }}"
       cookieDomain: "{{ .Values.baseDomain }}"
       extraEnvVars:
         - name: DEFAULT_PORTAL_CONTEXT_CRD_GATEWAY_API_URL
