From 2693248a71b2f9ab6cae4dd2f71bee181cd92462 Mon Sep 17 00:00:00 2001 From: eli Date: Mon, 15 Dec 2025 12:46:38 -0600 Subject: [PATCH 1/4] ports configuration added --- charts/pdp/templates/deployment.yaml | 5 ++++- charts/pdp/templates/service.yaml | 9 ++++++--- charts/pdp/values.yaml | 10 +++++++++- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/charts/pdp/templates/deployment.yaml b/charts/pdp/templates/deployment.yaml index 3269e2a4..b21aa6c6 100644 --- a/charts/pdp/templates/deployment.yaml +++ b/charts/pdp/templates/deployment.yaml @@ -44,7 +44,10 @@ spec: type: RuntimeDefault {{- end }} ports: - - containerPort: {{ .Values.pdp.port }} + {{- range .Values.pdp.ports }} + - name: {{ .name }} + containerPort: {{ .targetPort | default .port }} + {{- end }} env: - name: PDP_API_KEY valueFrom: diff --git a/charts/pdp/templates/service.yaml b/charts/pdp/templates/service.yaml index f83791d1..8580f3f1 100644 --- a/charts/pdp/templates/service.yaml +++ b/charts/pdp/templates/service.yaml @@ -14,6 +14,9 @@ spec: selector: {{- include "pdp.selectorLabels" . | nindent 4 }} ports: - - protocol: TCP - port: {{ .Values.pdp.port }} - targetPort: 7000 + {{- range .Values.pdp.ports }} + - name: {{ .name }} + port: {{ .port }} + targetPort: {{ .targetPort | default .port }} + protocol: TCP + {{- end }} diff --git a/charts/pdp/values.yaml b/charts/pdp/values.yaml index a7b80d6c..4073ddad 100644 --- a/charts/pdp/values.yaml +++ b/charts/pdp/values.yaml @@ -13,7 +13,15 @@ pdp: # existingApiKeySecret: # name: "my-existing-secret" # key: "api-key" - port: 7766 + # Ports to expose on the service and container + # Available container ports: 7000 (PDP API), 8181 (OPA) + ports: + - name: pdp + port: 7766 + targetPort: 7000 + - name: opa + port: 8181 + targetPort: 8181 replicas: 1 image: repository: permitio/pdp-v2 From b73218231b72e50f152dd52d1a3150aceb99e351 Mon Sep 17 00:00:00 2001 From: eli Date: Mon, 15 Dec 2025 12:55:36 -0600 Subject: [PATCH 2/4] make only the external ports to be configurable --- charts/pdp/templates/deployment.yaml | 8 ++++---- charts/pdp/templates/service.yaml | 12 +++++++----- charts/pdp/values.yaml | 12 +++--------- 3 files changed, 14 insertions(+), 18 deletions(-) diff --git a/charts/pdp/templates/deployment.yaml b/charts/pdp/templates/deployment.yaml index b21aa6c6..6fbb3c90 100644 --- a/charts/pdp/templates/deployment.yaml +++ b/charts/pdp/templates/deployment.yaml @@ -44,10 +44,10 @@ spec: type: RuntimeDefault {{- end }} ports: - {{- range .Values.pdp.ports }} - - name: {{ .name }} - containerPort: {{ .targetPort | default .port }} - {{- end }} + - name: pdp + containerPort: 7000 + - name: opa + containerPort: 8181 env: - name: PDP_API_KEY valueFrom: diff --git a/charts/pdp/templates/service.yaml b/charts/pdp/templates/service.yaml index 8580f3f1..c3719a54 100644 --- a/charts/pdp/templates/service.yaml +++ b/charts/pdp/templates/service.yaml @@ -14,9 +14,11 @@ spec: selector: {{- include "pdp.selectorLabels" . | nindent 4 }} ports: - {{- range .Values.pdp.ports }} - - name: {{ .name }} - port: {{ .port }} - targetPort: {{ .targetPort | default .port }} + - name: pdp + port: {{ .Values.pdp.pdpPort }} + targetPort: 7000 + protocol: TCP + - name: opa + port: {{ .Values.pdp.opaPort }} + targetPort: 8181 protocol: TCP - {{- end }} diff --git a/charts/pdp/values.yaml b/charts/pdp/values.yaml index 4073ddad..4aeef91b 100644 --- a/charts/pdp/values.yaml +++ b/charts/pdp/values.yaml @@ -13,15 +13,9 @@ pdp: # existingApiKeySecret: # name: "my-existing-secret" # key: "api-key" - # Ports to expose on the service and container - # Available container ports: 7000 (PDP API), 8181 (OPA) - ports: - - name: pdp - port: 7766 - targetPort: 7000 - - name: opa - port: 8181 - targetPort: 8181 + # Service ports (external ports exposed by the Kubernetes Service) + pdpPort: 7766 # maps to container port 7000 (PDP API) + opaPort: 8181 # maps to container port 8181 (OPA) replicas: 1 image: repository: permitio/pdp-v2 From 2ddc8fcd3d26e692ebab99f4e1ce480034100f9b Mon Sep 17 00:00:00 2001 From: eli Date: Mon, 15 Dec 2025 15:42:01 -0600 Subject: [PATCH 3/4] Added gRPC support and additionalPorts --- charts/pdp/templates/deployment.yaml | 9 +++++---- charts/pdp/templates/service.yaml | 14 ++++++++------ charts/pdp/values.yaml | 14 +++++++++++--- 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/charts/pdp/templates/deployment.yaml b/charts/pdp/templates/deployment.yaml index 6fbb3c90..214cea11 100644 --- a/charts/pdp/templates/deployment.yaml +++ b/charts/pdp/templates/deployment.yaml @@ -44,10 +44,11 @@ spec: type: RuntimeDefault {{- end }} ports: - - name: pdp - containerPort: 7000 - - name: opa - containerPort: 8181 + - containerPort: {{ .Values.pdp.port }} + {{- range .Values.pdp.additionalPorts }} + - name: {{ .name }} + containerPort: {{ .targetPort }} + {{- end }} env: - name: PDP_API_KEY valueFrom: diff --git a/charts/pdp/templates/service.yaml b/charts/pdp/templates/service.yaml index c3719a54..3cfc33d6 100644 --- a/charts/pdp/templates/service.yaml +++ b/charts/pdp/templates/service.yaml @@ -14,11 +14,13 @@ spec: selector: {{- include "pdp.selectorLabels" . | nindent 4 }} ports: - - name: pdp - port: {{ .Values.pdp.pdpPort }} - targetPort: 7000 + - name: http protocol: TCP - - name: opa - port: {{ .Values.pdp.opaPort }} - targetPort: 8181 + port: {{ .Values.pdp.port }} + targetPort: 7000 + {{- range .Values.pdp.additionalPorts }} + - name: {{ .name }} + port: {{ .port }} + targetPort: {{ .targetPort }} protocol: TCP + {{- end }} diff --git a/charts/pdp/values.yaml b/charts/pdp/values.yaml index 4aeef91b..49aebdf7 100644 --- a/charts/pdp/values.yaml +++ b/charts/pdp/values.yaml @@ -6,6 +6,10 @@ pdp: [] # - name: custom_env # value: "custom_env" + # + # Example - enable Envoy gRPC ext_authz on port 9191 (requires PDP >= 0.9.10): + # - name: PDP_OPA_PLUGINS + # value: '{"permit_graph":{},"envoy_ext_authz_grpc":{"addr":":9191","path":"permit/root"}}' ApiKey: "" # Use an existing secret for the API key instead of creating one @@ -13,9 +17,13 @@ pdp: # existingApiKeySecret: # name: "my-existing-secret" # key: "api-key" - # Service ports (external ports exposed by the Kubernetes Service) - pdpPort: 7766 # maps to container port 7000 (PDP API) - opaPort: 8181 # maps to container port 8181 (OPA) + port: 7766 + # Example - expose Envoy gRPC ext_authz port (requires PDP_OPA_PLUGINS env var above): + # additionalPorts: + # - name: grpc + # port: 9191 + # targetPort: 9191 + additionalPorts: [] replicas: 1 image: repository: permitio/pdp-v2 From 764422d7e182e25739f6002f1c700352e1c98417 Mon Sep 17 00:00:00 2001 From: eli Date: Tue, 16 Dec 2025 08:58:53 -0600 Subject: [PATCH 4/4] bumped the chart version --- charts/pdp/Chart.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/pdp/Chart.yaml b/charts/pdp/Chart.yaml index 20322cf2..ac9815e2 100644 --- a/charts/pdp/Chart.yaml +++ b/charts/pdp/Chart.yaml @@ -1,13 +1,14 @@ apiVersion: v2 name: pdp -description: An official Helm chart for Permit.io PDP (Policy Decision Point) with OpenShift support -version: 0.0.5 +description: An official Helm chart for Permit.io PDP (Policy Decision Point) with OpenShift support and configurable ports +version: 0.0.6 keywords: - policy - authorization - security - permit - openshift + - grpc maintainers: - name: Permit.io url: https://permit.io