Add session management flags

charts/platform-service/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: Platform service chart
 name: platform-service
-version: 1.0.42
+version: 1.0.43

charts/platform-service/templates/deployment.yaml

@@ -43,6 +43,13 @@ spec:
         {{- if .Values.opa.enabled }}
         sidecar.opa-istio.io/inject: "true"
         {{- end }}
+        {{- if .Values.sessionManagement.enabled }}
+        {{- if .Values.sessionManagement.redirectToLogin }}
+        {{ .Values.sessionManagement.enabledWithRedirectLabel }}
+        {{- else }}
+        {{ .Values.sessionManagement.enabledWithoutRedirectLabel }}
+        {{- end }}
+        {{- end }}
         {{- if .Values.additionalPodLabels }}
 {{- with .Values.additionalPodLabels }}
 {{ tpl . $ | indent 8 }}

charts/platform-service/values.yaml

@@ -156,6 +156,12 @@ requestAuthentication:
         - 22b9c23f-4a41-4729-8a5d-793f7601dfdb
         - fe494c14-85d2-4bfa-bb43-92b0ab0a4f72
 
+sessionManagement:
+  enabled: true
+  redirectToLogin: false
+  enabledWithRedirectLabel: "session-management: frontend"
+  enabledWithoutRedirectLabel: "session-management: backend"
+
 authorizationPolicy:
   # Generate default authorization policy
   enabled: true

testing/generate-results.sh

@@ -8,6 +8,17 @@ helm template test-release ../charts/platform-service -n test-ns -f values.yaml
     --set gateway.exposeService=false \
     > results/not-exposed.yaml
 
+helm template test-release ../charts/platform-service -n test-ns -f values.yaml \
+    --set sessionManagement.enabled=false \
+    --show-only templates/deployment.yaml \
+    > results/no-sessman.yaml
+
+helm template test-release ../charts/platform-service -n test-ns -f values.yaml \
+    --set sessionManagement.redirectToLogin=true \
+    --show-only templates/deployment.yaml \
+    > results/sessman-with-redirect.yaml
+
+
 helm template test-release ../charts/platform-service -n test-ns -f values.yaml \
     --set deploymentOnly=true \
     > results/deployment-only.yaml

testing/results/base-case.yaml

@@ -47,7 +47,7 @@ metadata:
   name: test
   labels:
     app.kubernetes.io/name: test
-    helm.sh/chart: platform-service-1.0.42
+    helm.sh/chart: platform-service-1.0.43
     app.kubernetes.io/instance: test-release
     app.kubernetes.io/managed-by: Helm
 spec:
@@ -68,7 +68,7 @@ metadata:
   name: test-release
   labels:
     app.kubernetes.io/name: test
-    helm.sh/chart: platform-service-1.0.42
+    helm.sh/chart: platform-service-1.0.43
     app.kubernetes.io/instance: test-release
     app.kubernetes.io/managed-by: Helm
     app: test
@@ -86,6 +86,7 @@ spec:
         app.kubernetes.io/instance: test-release
         app: test
         version: v1
+        session-management: backend
       annotations:
     spec:
       serviceAccountName: test

testing/results/deployment-only.yaml

@@ -41,7 +41,7 @@ metadata:
   name: test-release
   labels:
     app.kubernetes.io/name: test
-    helm.sh/chart: platform-service-1.0.42
+    helm.sh/chart: platform-service-1.0.43
     app.kubernetes.io/instance: test-release
     app.kubernetes.io/managed-by: Helm
     app: test
@@ -59,6 +59,7 @@ spec:
         app.kubernetes.io/instance: test-release
         app: test
         version: v1
+        session-management: backend
       annotations:
     spec:
       serviceAccountName: test

testing/results/no-sessman.yaml

@@ -0,0 +1,88 @@
+---
+# Source: platform-service/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: test-release
+  labels:
+    app.kubernetes.io/name: test
+    helm.sh/chart: platform-service-1.0.43
+    app.kubernetes.io/instance: test-release
+    app.kubernetes.io/managed-by: Helm
+    app: test
+    version: v1
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: test
+      app.kubernetes.io/instance: test-release
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: test
+        app.kubernetes.io/instance: test-release
+        app: test
+        version: v1
+      annotations:
+    spec:
+      serviceAccountName: test
+      initContainers:
+      containers:
+
+        - name: test
+          image: "test.io/some/repository:latest"
+          imagePullPolicy: IfNotPresent
+
+          env:
+            - name: baseLevel
+              value: "only set at base"
+            - name: definedInBaseAndDuplicatedInOverride
+              value: "sharedValue"
+            - name: definedInBaseAndOverridden
+              value: "baseValue"
+            - name: definedInBaseAndOverriddenValue
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: base-secret
+            - name: onlyDefinedInBaseValue
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: base-secret
+
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 80
+            initialDelaySeconds: 0
+            periodSeconds: 10
+            timeoutSeconds: 1
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: 80
+            successThreshold: 3
+          startupProbe:
+            failureThreshold: 30
+            httpGet:
+              path: /health/startup
+              port: 80
+            periodSeconds: 10
+          volumeMounts:
+            - name: service-secrets
+              mountPath: /secrets
+
+          resources:
+            {}
+      volumes:
+
+      - name: service-secrets
+        secret:
+          secretName: test-secrets

testing/results/not-exposed.yaml

@@ -40,7 +40,7 @@ metadata:
   name: test
   labels:
     app.kubernetes.io/name: test
-    helm.sh/chart: platform-service-1.0.42
+    helm.sh/chart: platform-service-1.0.43
     app.kubernetes.io/instance: test-release
     app.kubernetes.io/managed-by: Helm
 spec:
@@ -61,7 +61,7 @@ metadata:
   name: test-release
   labels:
     app.kubernetes.io/name: test
-    helm.sh/chart: platform-service-1.0.42
+    helm.sh/chart: platform-service-1.0.43
     app.kubernetes.io/instance: test-release
     app.kubernetes.io/managed-by: Helm
     app: test
@@ -79,6 +79,7 @@ spec:
         app.kubernetes.io/instance: test-release
         app: test
         version: v1
+        session-management: backend
       annotations:
     spec:
       serviceAccountName: test

testing/results/run-date.txt

@@ -1 +1 @@
-Fri Feb 11 15:06:29 PST 2022
+Fri Feb 11 15:26:16 PST 2022

testing/results/sessman-with-redirect.yaml

@@ -0,0 +1,89 @@
+---
+# Source: platform-service/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: test-release
+  labels:
+    app.kubernetes.io/name: test
+    helm.sh/chart: platform-service-1.0.43
+    app.kubernetes.io/instance: test-release
+    app.kubernetes.io/managed-by: Helm
+    app: test
+    version: v1
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: test
+      app.kubernetes.io/instance: test-release
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: test
+        app.kubernetes.io/instance: test-release
+        app: test
+        version: v1
+        session-management: frontend
+      annotations:
+    spec:
+      serviceAccountName: test
+      initContainers:
+      containers:
+
+        - name: test
+          image: "test.io/some/repository:latest"
+          imagePullPolicy: IfNotPresent
+
+          env:
+            - name: baseLevel
+              value: "only set at base"
+            - name: definedInBaseAndDuplicatedInOverride
+              value: "sharedValue"
+            - name: definedInBaseAndOverridden
+              value: "baseValue"
+            - name: definedInBaseAndOverriddenValue
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: base-secret
+            - name: onlyDefinedInBaseValue
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: base-secret
+
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /healthz
+              port: 80
+            initialDelaySeconds: 0
+            periodSeconds: 10
+            timeoutSeconds: 1
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: 80
+            successThreshold: 3
+          startupProbe:
+            failureThreshold: 30
+            httpGet:
+              path: /health/startup
+              port: 80
+            periodSeconds: 10
+          volumeMounts:
+            - name: service-secrets
+              mountPath: /secrets
+
+          resources:
+            {}
+      volumes:
+
+      - name: service-secrets
+        secret:
+          secretName: test-secrets

testing/results/vs-default-routing-disabled.yaml

@@ -47,7 +47,7 @@ metadata:
   name: test
   labels:
     app.kubernetes.io/name: test
-    helm.sh/chart: platform-service-1.0.42
+    helm.sh/chart: platform-service-1.0.43
     app.kubernetes.io/instance: test-release
     app.kubernetes.io/managed-by: Helm
 spec:
@@ -68,7 +68,7 @@ metadata:
   name: test-release
   labels:
     app.kubernetes.io/name: test
-    helm.sh/chart: platform-service-1.0.42
+    helm.sh/chart: platform-service-1.0.43
     app.kubernetes.io/instance: test-release
     app.kubernetes.io/managed-by: Helm
     app: test
@@ -86,6 +86,7 @@ spec:
         app.kubernetes.io/instance: test-release
         app: test
         version: v1
+        session-management: backend
       annotations:
     spec:
       serviceAccountName: test