Helm chart deployment improvements #6
Conversation
- Specify client ID directly instead of pulling from secret - Change default privateKeyKey to 'signer.pem' - Aligns with existing Heimdall secret structure in platform stack 🤖 Generated with [GitHub Copilot](https://github.com/features/copilot) (via Zed) Signed-off-by: Eric Searcy <[email protected]>
- Add local and OCI image deployment sections to chart README - Configure Auth0 authentication via v1-sync-helper-auth0-credentials secret - Add all missing environment variables from service README - Simplify environment variables documentation to show only defaults - Reference main service README for complete variable list - Use heredoc for values.yaml creation in OCI installation 🤖 Generated with [GitHub Copilot](https://github.com/features/copilot) (via Zed) Signed-off-by: Eric Searcy <[email protected]>
- Note that secrets are only required if they don't already exist - Explain that heimdall-signer-cert should exist from LFX platform deployment - Provide fallback instructions for missing Heimdall secret 🤖 Generated with [GitHub Copilot](https://github.com/features/copilot) (via Zed) Signed-off-by: Eric Searcy <[email protected]>
There was a problem hiding this comment.
Pull request overview
This PR enhances the Helm chart deployment documentation and configuration for the lfx-v1-sync-helper service by adding comprehensive installation guides, properly configuring Auth0 authentication alongside existing Heimdall JWT signing, and documenting all required secrets and environment variables. The changes enable users to deploy the service with complete authentication support for both LFX v2 APIs (via Heimdall) and LFX v1 APIs (via Auth0).
Key Changes
- Added Auth0 authentication configuration with dedicated secret references for v1 API calls
- Refactored Heimdall configuration to use a static
clientIdvalue instead of reading from a secret - Expanded installation documentation with separate sections for local chart and OCI registry deployments, including all required secret creation commands
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
charts/lfx-v1-sync-helper/values.yaml |
Added Auth0 secret configuration and new environment variables (AUTH0_TENANT, HEIMDALL_KEY_ID, HEIMDALL_JWKS_URL, LFX_API_GW); refactored Heimdall configuration to use clientId value |
charts/lfx-v1-sync-helper/templates/deployment.yaml |
Updated to inject Auth0 credentials from secret; changed HEIMDALL_CLIENT_ID from secret reference to direct value |
charts/lfx-v1-sync-helper/README.md |
Added comprehensive installation sections with secret creation commands; documented required secrets and environment variables in structured tables |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| | `COMMITTEE_SERVICE_URL` | `http://lfx-v2-committee-service.lfx.svc.cluster.local:8080` | Committee Service API URL | | ||
| | `HEIMDALL_JWKS_URL` | `http://lfx-platform-heimdall.lfx.svc.cluster.local:4457/.well-known/jwks` | JWKS endpoint URL | | ||
| | `LFX_API_GW` | `https://api-gw.dev.platform.linuxfoundation.org/` | LFX API Gateway URL | | ||
| | `LOG_LEVEL` | `info` | Log level | |
There was a problem hiding this comment.
The LOG_LEVEL environment variable mentioned in the documentation table does not exist in the application's configuration. Based on the config.go file (lines 39, 63-64), the application only uses a boolean Debug flag controlled by the DEBUG environment variable, not a LOG_LEVEL variable.
Either remove this entry from the table or verify that this feature exists in the application code.
| | `LOG_LEVEL` | `info` | Log level | |
| ### Environment Variables | ||
|
|
||
| The following environment variables have defaults configured in the chart's `app.environment` section: | ||
|
|
||
| | Variable | Default | Description | | ||
| |----------|---------|-------------| | ||
| | `NATS_URL` | `nats://lfx-platform-nats.lfx.svc.cluster.local:4222` | NATS server URL | | ||
| | `PROJECT_SERVICE_URL` | `http://lfx-v2-project-service.lfx.svc.cluster.local:8080` | Project Service API URL | | ||
| | `COMMITTEE_SERVICE_URL` | `http://lfx-v2-committee-service.lfx.svc.cluster.local:8080` | Committee Service API URL | | ||
| | `HEIMDALL_JWKS_URL` | `http://lfx-platform-heimdall.lfx.svc.cluster.local:4457/.well-known/jwks` | JWKS endpoint URL | | ||
| | `LFX_API_GW` | `https://api-gw.dev.platform.linuxfoundation.org/` | LFX API Gateway URL | | ||
| | `LOG_LEVEL` | `info` | Log level | | ||
| | `DEBUG` | `false` | Enable debug logging | | ||
| | `PORT` | `8080` | HTTP server port | | ||
| | `BIND` | `*` | Interface to bind on | | ||
|
|
There was a problem hiding this comment.
[nitpick] The statement "The following environment variables have defaults configured in the chart's app.environment section" is misleading because some variables listed in the table have empty defaults (which are not truly defaults), and some configured variables are missing from the table.
Consider revising the text to clarify:
- Which variables are required vs optional
- That some variables like
HEIMDALL_CLIENT_IDare set via theheimdall.clientIdvalue (notapp.environment) - That
AUTH0_TENANTis required and has no default, despite being inapp.environment
Alternatively, consider restructuring to have two separate tables: one for required variables and one for optional variables with defaults.
Summary
This PR improves the Helm chart deployment documentation and configuration for the v1-sync-helper service.
Changes
Installation Documentation
--set image.tag=latestfor local deployments (chart has no appVersion)Configuration Improvements
AUTH0_TENANT(required)HEIMDALL_KEY_ID(optional)HEIMDALL_JWKS_URL(optional, with default)LFX_API_GW(optional, with default)v1-sync-helper-auth0-credentialssecretDocumentation Cleanup
lfxnamespaceTesting
Users can now deploy the service with proper authentication for both:
The deployment instructions provide all necessary commands for secret creation and chart installation.