alex-isv
GitHub
commit
4ba9766708
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -1,13 +1,13 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: fixed
|
||||
description: Align changelog structure to show changelogs on Artifact Hub
|
||||
- kind: added
|
||||
description: Configurable dnsPolicy / hostNetwork
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: Argo CD
|
||||
catalog.cattle.io/kube-version: '>=1.22.0-0'
|
||||
catalog.cattle.io/release-name: argo-cd
|
||||
apiVersion: v2
|
||||
appVersion: v2.5.9
|
||||
appVersion: v2.5.10
|
||||
dependencies:
|
||||
- condition: redis-ha.enabled
|
||||
name: redis-ha
|
||||
|
|
@ -29,4 +29,4 @@ name: argo-cd
|
|||
sources:
|
||||
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
|
||||
- https://github.com/argoproj/argo-cd
|
||||
version: 5.19.12
|
||||
version: 5.19.15
|
||||
|
|
|
|||
|
|
@ -464,10 +464,12 @@ NAME: my-release
|
|||
| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource |
|
||||
| controller.containerPorts.metrics | int | `8082` | Metrics container port |
|
||||
| controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
|
||||
| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods |
|
||||
| controller.env | list | `[]` | Environment variables to pass to application controller |
|
||||
| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller |
|
||||
| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller |
|
||||
| controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod |
|
||||
| controller.hostNetwork | bool | `false` | Host Network for application controller pods |
|
||||
| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller |
|
||||
| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller |
|
||||
| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller |
|
||||
|
|
@ -543,10 +545,12 @@ NAME: my-release
|
|||
| repoServer.containerPorts.server | int | `8081` | Repo server container port |
|
||||
| repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context |
|
||||
| repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment |
|
||||
| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods |
|
||||
| repoServer.env | list | `[]` | Environment variables to pass to repo server |
|
||||
| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server |
|
||||
| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server |
|
||||
| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod |
|
||||
| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods |
|
||||
| repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server |
|
||||
| repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server |
|
||||
| repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server |
|
||||
|
|
@ -643,6 +647,7 @@ NAME: my-release
|
|||
| server.containerPorts.server | int | `8080` | Server container port |
|
||||
| server.containerSecurityContext | object | See [values.yaml] | Server container-level security context |
|
||||
| server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment |
|
||||
| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods |
|
||||
| server.env | list | `[]` | Environment variables to pass to Argo CD server |
|
||||
| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server |
|
||||
| server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context |
|
||||
|
|
@ -653,6 +658,7 @@ NAME: my-release
|
|||
| server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container |
|
||||
| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server |
|
||||
| server.extraContainers | list | `[]` | Additional containers to be added to the server pod |
|
||||
| server.hostNetwork | bool | `false` | Host Network for Server pods |
|
||||
| server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server |
|
||||
| server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server |
|
||||
| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server |
|
||||
|
|
|
|||
|
|
@ -312,3 +312,5 @@ spec:
|
|||
{{- with .Values.controller.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.controller.hostNetwork }}
|
||||
dnsPolicy: {{ .Values.controller.dnsPolicy }}
|
||||
|
|
|
|||
|
|
@ -356,3 +356,5 @@ spec:
|
|||
{{- with .Values.repoServer.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.repoServer.hostNetwork }}
|
||||
dnsPolicy: {{ .Values.repoServer.dnsPolicy }}
|
||||
|
|
|
|||
|
|
@ -415,3 +415,5 @@ spec:
|
|||
{{- with .Values.server.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.server.hostNetwork }}
|
||||
dnsPolicy: {{ .Values.server.dnsPolicy }}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ metadata:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.dex.pdb.maxUnavailable }}
|
||||
{{- with .Values.redis.pdb.maxUnavailable }}
|
||||
maxUnavailable: {{ . }}
|
||||
{{- else }}
|
||||
minAvailable: {{ .Values.redis.pdb.minAvailable | default 0 }}
|
||||
|
|
|
|||
|
|
@ -580,6 +580,12 @@ controller:
|
|||
# -- Metrics container port
|
||||
metrics: 8082
|
||||
|
||||
# -- Host Network for application controller pods
|
||||
hostNetwork: false
|
||||
|
||||
# -- Alternative DNS policy for application controller pods
|
||||
dnsPolicy: "ClusterFirst"
|
||||
|
||||
# -- Application controller container-level security context
|
||||
# @default -- See [values.yaml]
|
||||
containerSecurityContext:
|
||||
|
|
@ -1448,6 +1454,12 @@ server:
|
|||
# -- Metrics container port
|
||||
metrics: 8082
|
||||
|
||||
# -- Host Network for Server pods
|
||||
hostNetwork: false
|
||||
|
||||
# -- Alternative DNS policy for Server pods
|
||||
dnsPolicy: "ClusterFirst"
|
||||
|
||||
# -- Server container-level security context
|
||||
# @default -- See [values.yaml]
|
||||
containerSecurityContext:
|
||||
|
|
@ -1931,6 +1943,12 @@ repoServer:
|
|||
# -- Metrics container port
|
||||
metrics: 8084
|
||||
|
||||
# -- Host Network for Repo server pods
|
||||
hostNetwork: false
|
||||
|
||||
# -- Alternative DNS policy for Repo server pods
|
||||
dnsPolicy: "ClusterFirst"
|
||||
|
||||
# -- Repo server container-level security context
|
||||
# @default -- See [values.yaml]
|
||||
containerSecurityContext:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ annotations:
|
|||
category: Database
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 10.6.11
|
||||
appVersion: 10.6.12
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: file://./charts/common
|
||||
|
|
@ -32,4 +32,4 @@ sources:
|
|||
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
|
||||
- https://github.com/prometheus/mysqld_exporter
|
||||
- https://mariadb.org
|
||||
version: 11.4.5
|
||||
version: 11.4.6
|
||||
|
|
|
|||
|
|
@ -83,28 +83,28 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### MariaDB common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
|
||||
| `image.registry` | MariaDB image registry | `docker.io` |
|
||||
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
|
||||
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.11-debian-11-r22` |
|
||||
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `my_database` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
|
||||
| `auth.replicationUser` | MariaDB replication user | `replicator` |
|
||||
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
|
||||
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
|
||||
| `auth.forcePassword` | Force users to specify required passwords | `false` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
|
||||
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
|
||||
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
|
||||
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
|
||||
| `image.registry` | MariaDB image registry | `docker.io` |
|
||||
| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
|
||||
| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r0` |
|
||||
| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
|
||||
| `auth.database` | Name for a custom database to create | `my_database` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
|
||||
| `auth.replicationUser` | MariaDB replication user | `replicator` |
|
||||
| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
|
||||
| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
|
||||
| `auth.forcePassword` | Force users to specify required passwords | `false` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
|
||||
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
|
||||
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
|
||||
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
|
||||
|
||||
|
||||
### MariaDB Primary parameters
|
||||
|
|
@ -311,7 +311,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r71` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r80` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
|
@ -326,7 +326,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | Exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
|
||||
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r77` |
|
||||
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r86` |
|
||||
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
|
@ -551,7 +551,7 @@ $ kubectl delete statefulset opencart-mariadb --cascade=false
|
|||
|
||||
## License
|
||||
|
||||
Copyright © 2022 Bitnami
|
||||
Copyright © 2023 Bitnami
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/mariadb
|
||||
tag: 10.6.11-debian-11-r22
|
||||
tag: 10.6.12-debian-11-r0
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
@ -989,7 +989,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/bitnami-shell
|
||||
tag: 11-debian-11-r71
|
||||
tag: 11-debian-11-r80
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
||||
|
|
@ -1025,7 +1025,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/mysqld-exporter
|
||||
tag: 0.14.0-debian-11-r77
|
||||
tag: 0.14.0-debian-11-r86
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
||||
|
|
|
|||
|
|
@ -28,4 +28,4 @@ maintainers:
|
|||
name: redis
|
||||
sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/redis
|
||||
version: 17.6.0
|
||||
version: 17.7.2
|
||||
|
|
|
|||
|
|
@ -89,6 +89,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `secretAnnotations` | Annotations to add to secret | `{}` |
|
||||
| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
|
||||
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
|
||||
| `useHostnames` | Use hostnames internally when announcing replication | `true` |
|
||||
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
|
||||
| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
|
||||
| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
|
||||
|
|
@ -934,7 +935,7 @@ $ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "re
|
|||
|
||||
## License
|
||||
|
||||
Copyright © 2022 Bitnami
|
||||
Copyright © 2023 Bitnami
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ spec:
|
|||
loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }}
|
||||
loadBalancerSourceRanges: {{ .Values.master.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{ toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.master.service.clusterIP }}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ spec:
|
|||
loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }}
|
||||
loadBalancerSourceRanges: {{ .Values.replica.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.replica.service.clusterIP }}
|
||||
|
|
|
|||
|
|
@ -44,11 +44,17 @@ data:
|
|||
hostname="$1"
|
||||
|
||||
{{- if .Values.useExternalDNS.enabled }}
|
||||
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
{{- else if eq .Values.sentinel.service.type "NodePort" }}
|
||||
echo "${hostname}.{{- .Release.Namespace }}"
|
||||
full_hostname="${hostname}.{{- .Release.Namespace }}"
|
||||
{{- else }}
|
||||
echo "${hostname}.${HEADLESS_SERVICE}"
|
||||
full_hostname="${hostname}.${HEADLESS_SERVICE}"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.useHostnames }}
|
||||
echo "${full_hostname}"
|
||||
{{- else }}
|
||||
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
|
||||
{{- end }}
|
||||
}
|
||||
|
||||
|
|
@ -262,11 +268,17 @@ data:
|
|||
hostname="$1"
|
||||
|
||||
{{- if .Values.useExternalDNS.enabled }}
|
||||
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
{{- else if eq .Values.sentinel.service.type "NodePort" }}
|
||||
echo "${hostname}.{{- .Release.Namespace }}"
|
||||
full_hostname="${hostname}.{{- .Release.Namespace }}"
|
||||
{{- else }}
|
||||
echo "${hostname}.${HEADLESS_SERVICE}"
|
||||
full_hostname="${hostname}.${HEADLESS_SERVICE}"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.useHostnames }}
|
||||
echo "${full_hostname}"
|
||||
{{- else }}
|
||||
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
|
||||
{{- end }}
|
||||
}
|
||||
|
||||
|
|
@ -426,13 +438,20 @@ data:
|
|||
hostname="$1"
|
||||
|
||||
{{- if .Values.useExternalDNS.enabled }}
|
||||
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
{{- else if eq .Values.sentinel.service.type "NodePort" }}
|
||||
echo "${hostname}.{{- .Release.Namespace }}"
|
||||
full_hostname="${hostname}.{{- .Release.Namespace }}"
|
||||
{{- else }}
|
||||
echo "${hostname}.${HEADLESS_SERVICE}"
|
||||
full_hostname="${hostname}.${HEADLESS_SERVICE}"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.useHostnames }}
|
||||
echo "${full_hostname}"
|
||||
{{- else }}
|
||||
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
|
||||
{{- end }}
|
||||
}
|
||||
|
||||
run_sentinel_command() {
|
||||
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
|
||||
redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
|
||||
|
|
@ -492,13 +511,20 @@ data:
|
|||
hostname="$1"
|
||||
|
||||
{{- if .Values.useExternalDNS.enabled }}
|
||||
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
{{- else if eq .Values.sentinel.service.type "NodePort" }}
|
||||
echo "${hostname}.{{- .Release.Namespace }}"
|
||||
full_hostname="${hostname}.{{- .Release.Namespace }}"
|
||||
{{- else }}
|
||||
echo "${hostname}.${HEADLESS_SERVICE}"
|
||||
full_hostname="${hostname}.${HEADLESS_SERVICE}"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.useHostnames }}
|
||||
echo "${full_hostname}"
|
||||
{{- else }}
|
||||
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
|
||||
{{- end }}
|
||||
}
|
||||
|
||||
run_sentinel_command() {
|
||||
if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then
|
||||
{{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@"
|
||||
|
|
@ -614,11 +640,17 @@ data:
|
|||
hostname="$1"
|
||||
|
||||
{{- if .Values.useExternalDNS.enabled }}
|
||||
echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}"
|
||||
{{- else if eq .Values.sentinel.service.type "NodePort" }}
|
||||
echo "${hostname}.{{- .Release.Namespace }}"
|
||||
full_hostname="${hostname}.{{- .Release.Namespace }}"
|
||||
{{- else }}
|
||||
echo "${hostname}.${HEADLESS_SERVICE}"
|
||||
full_hostname="${hostname}.${HEADLESS_SERVICE}"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.useHostnames }}
|
||||
echo "${full_hostname}"
|
||||
{{- else }}
|
||||
getent hosts "${full_hostname}" | awk '{ print $1 ; exit }'
|
||||
{{- end }}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ spec:
|
|||
loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }}
|
||||
loadBalancerSourceRanges: {{ .Values.sentinel.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }}
|
||||
clusterIP: {{ .Values.sentinel.service.clusterIP }}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
{{- if (include "redis.createTlsSecret" .) }}
|
||||
{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }}
|
||||
{{- $existingCerts := (lookup "v1" "Secret" .Release.Namespace $secretName).data | default dict }}
|
||||
{{- $ca := genCA "redis-ca" 365 }}
|
||||
{{- $releaseNamespace := .Release.Namespace }}
|
||||
{{- $clusterDomain := .Values.clusterDomain }}
|
||||
|
|
@ -9,7 +8,7 @@
|
|||
{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }}
|
||||
{{- $masterServiceName := printf "%s-master" (include "common.names.fullname" .) }}
|
||||
{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }}
|
||||
{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }}
|
||||
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
@ -24,7 +23,7 @@ metadata:
|
|||
{{- end }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
ca.crt: {{ (get $existingCerts "ca.crt") | default ($ca.Cert | b64enc | quote ) }}
|
||||
tls.crt: {{ (get $existingCerts "tls.crt") | default ($crt.Cert | b64enc | quote) }}
|
||||
tls.key: {{ (get $existingCerts "tls.key") | default ($crt.Key | b64enc | quote) }}
|
||||
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
|
||||
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
|
||||
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -47,6 +47,9 @@ clusterDomain: cluster.local
|
|||
## @param extraDeploy Array of extra objects to deploy with the release
|
||||
##
|
||||
extraDeploy: []
|
||||
## @param useHostnames Use hostnames internally when announcing replication
|
||||
###
|
||||
useHostnames: true
|
||||
|
||||
## Enable diagnostic mode in the deployment
|
||||
##
|
||||
|
|
|
|||
|
|
@ -32,4 +32,4 @@ name: tomcat
|
|||
sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/tomcat
|
||||
- http://tomcat.apache.org
|
||||
version: 10.5.13
|
||||
version: 10.5.14
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- |
|
||||
| `image.registry` | Tomcat image registry | `docker.io` |
|
||||
| `image.repository` | Tomcat image repository | `bitnami/tomcat` |
|
||||
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r11` |
|
||||
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r12` |
|
||||
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
|
@ -223,7 +223,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
|
||||
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
|
||||
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
|
||||
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r44` |
|
||||
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r45` |
|
||||
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ extraDeploy: []
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/tomcat
|
||||
tag: 10.1.5-debian-11-r11
|
||||
tag: 10.1.5-debian-11-r12
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
@ -636,7 +636,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/jmx-exporter
|
||||
tag: 0.17.2-debian-11-r44
|
||||
tag: 0.17.2-debian-11-r45
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
|
|||
|
|
@ -41,4 +41,4 @@ name: wordpress
|
|||
sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress
|
||||
- https://wordpress.org/
|
||||
version: 15.2.37
|
||||
version: 15.2.38
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `image.registry` | WordPress image registry | `docker.io` |
|
||||
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
|
||||
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r39` |
|
||||
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r40` |
|
||||
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
|
||||
|
|
@ -257,7 +257,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
|
||||
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r78` |
|
||||
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r79` |
|
||||
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/wordpress
|
||||
tag: 6.1.1-debian-11-r39
|
||||
tag: 6.1.1-debian-11-r40
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
@ -759,7 +759,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/bitnami-shell
|
||||
tag: 11-debian-11-r78
|
||||
tag: 11-debian-11-r79
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.21.0-0'
|
||||
catalog.cattle.io/release-name: kamaji
|
||||
apiVersion: v2
|
||||
appVersion: v0.1.1
|
||||
appVersion: v0.2.0
|
||||
description: Kamaji is a tool aimed to build and operate a Managed Kubernetes Service
|
||||
with a fraction of the operational burden. With Kamaji, you can deploy and operate
|
||||
hundreds of Kubernetes clusters as a hyper-scaler.
|
||||
|
|
@ -24,4 +24,4 @@ name: kamaji
|
|||
sources:
|
||||
- https://github.com/clastix/kamaji
|
||||
type: application
|
||||
version: 0.10.2
|
||||
version: 0.11.0
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# kamaji
|
||||
|
||||
  
|
||||
  
|
||||
|
||||
Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler.
|
||||
|
||||
|
|
@ -67,7 +67,6 @@ Here the values you can override:
|
|||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| affinity | object | `{}` | Kubernetes affinity rules to apply to Kamaji controller pods |
|
||||
| configPath | string | `"./kamaji.yaml"` | Configuration file path alternative. (default "./kamaji.yaml") |
|
||||
| datastore.basicAuth.passwordSecret.keyPath | string | `nil` | The Secret key where the data is stored. |
|
||||
| datastore.basicAuth.passwordSecret.name | string | `nil` | The name of the Secret containing the password used to connect to the relational database. |
|
||||
| datastore.basicAuth.passwordSecret.namespace | string | `nil` | The namespace of the Secret containing the password used to connect to the relational database. |
|
||||
|
|
@ -91,7 +90,7 @@ Here the values you can override:
|
|||
| datastore.tlsConfig.clientCertificate.privateKey.namespace | string | `nil` | Namespace of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. |
|
||||
| etcd.compactionInterval | int | `0` | ETCD Compaction interval (e.g. "5m0s"). (default: "0" (disabled)) |
|
||||
| etcd.deploy | bool | `true` | Install an etcd with enabled multi-tenancy along with Kamaji |
|
||||
| etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/coreos/etcd","tag":"v3.5.4"}` | Install specific etcd image |
|
||||
| etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/coreos/etcd","tag":"v3.5.6"}` | Install specific etcd image |
|
||||
| etcd.livenessProbe | object | `{"failureThreshold":8,"httpGet":{"path":"/health?serializable=true","port":2381,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":10,"timeoutSeconds":15}` | The livenessProbe for the etcd container |
|
||||
| etcd.overrides.caSecret.name | string | `"etcd-certs"` | Name of the secret which contains CA's certificate and private key. (default: "etcd-certs") |
|
||||
| etcd.overrides.caSecret.namespace | string | `"kamaji-system"` | Namespace of the secret which contains CA's certificate and private key. (default: "kamaji-system") |
|
||||
|
|
@ -126,11 +125,10 @@ Here the values you can override:
|
|||
| resources.requests.cpu | string | `"100m"` | |
|
||||
| resources.requests.memory | string | `"20Mi"` | |
|
||||
| securityContext | object | `{"allowPrivilegeEscalation":false}` | The securityContext to apply to the Kamaji controller container only. It does not apply to the Kamaji RBAC proxy container. |
|
||||
| service.port | int | `8443` | |
|
||||
| service.type | string | `"ClusterIP"` | |
|
||||
| serviceAccount.annotations | object | `{}` | |
|
||||
| serviceAccount.create | bool | `true` | |
|
||||
| serviceAccount.name | string | `"kamaji-controller-manager"` | |
|
||||
| serviceMonitor.enabled | bool | `false` | Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured |
|
||||
| temporaryDirectoryPath | string | `"/tmp/kamaji"` | Directory which will be used to work with temporary files. (default "/tmp/kamaji") |
|
||||
| tolerations | list | `[]` | Kubernetes node taints that the Kamaji controller pods would tolerate |
|
||||
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/inject-ca-from: kamaji-system/kamaji-serving-cert
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
creationTimestamp: null
|
||||
name: datastores.kamaji.clastix.io
|
||||
spec:
|
||||
group: kamaji.clastix.io
|
||||
|
|
@ -15,254 +15,225 @@ spec:
|
|||
singular: datastore
|
||||
scope: Cluster
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- description: Kamaji data store driver
|
||||
jsonPath: .spec.driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Age
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: DataStore is the Schema for the datastores API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: DataStoreSpec defines the desired state of DataStore.
|
||||
properties:
|
||||
basicAuth:
|
||||
description: In case of authentication enabled for the given data
|
||||
store, specifies the username and password pair. This value is optional.
|
||||
properties:
|
||||
password:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded. It
|
||||
has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret reference
|
||||
where the content is stored. This value is mandatory.
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to reference
|
||||
a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which
|
||||
the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
username:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded. It
|
||||
has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret reference
|
||||
where the content is stored. This value is mandatory.
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to reference
|
||||
a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which
|
||||
the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
required:
|
||||
- password
|
||||
- username
|
||||
type: object
|
||||
driver:
|
||||
description: The driver to use to connect to the shared datastore.
|
||||
type: string
|
||||
endpoints:
|
||||
description: List of the endpoints to connect to the shared datastore.
|
||||
No need for protocol, just bare IP/FQDN and port.
|
||||
items:
|
||||
- additionalPrinterColumns:
|
||||
- description: Kamaji data store driver
|
||||
jsonPath: .spec.driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Age
|
||||
jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: DataStore is the Schema for the datastores API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: DataStoreSpec defines the desired state of DataStore.
|
||||
properties:
|
||||
basicAuth:
|
||||
description: In case of authentication enabled for the given data store, specifies the username and password pair. This value is optional.
|
||||
properties:
|
||||
password:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
|
||||
minLength: 1
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
username:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
|
||||
minLength: 1
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
required:
|
||||
- password
|
||||
- username
|
||||
type: object
|
||||
driver:
|
||||
description: The driver to use to connect to the shared datastore.
|
||||
enum:
|
||||
- etcd
|
||||
- MySQL
|
||||
- PostgreSQL
|
||||
type: string
|
||||
type: array
|
||||
tlsConfig:
|
||||
description: Defines the TLS/SSL configuration required to connect
|
||||
to the data store in a secure way.
|
||||
properties:
|
||||
certificateAuthority:
|
||||
description: Retrieve the Certificate Authority certificate and
|
||||
private key, such as bare content of the file, or a SecretReference.
|
||||
The key reference is required since etcd authentication is based
|
||||
on certificates, and Kamaji is responsible in creating this.
|
||||
properties:
|
||||
certificate:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded.
|
||||
It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret
|
||||
reference where the content is stored. This value
|
||||
is mandatory.
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to
|
||||
reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which
|
||||
the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
privateKey:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded.
|
||||
It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret
|
||||
reference where the content is stored. This value
|
||||
is mandatory.
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to
|
||||
reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which
|
||||
the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
required:
|
||||
- certificate
|
||||
type: object
|
||||
clientCertificate:
|
||||
description: Specifies the SSL/TLS key and private key pair used
|
||||
to connect to the data store.
|
||||
properties:
|
||||
certificate:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded.
|
||||
It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret
|
||||
reference where the content is stored. This value
|
||||
is mandatory.
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to
|
||||
reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which
|
||||
the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
privateKey:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded.
|
||||
It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret
|
||||
reference where the content is stored. This value
|
||||
is mandatory.
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to
|
||||
reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which
|
||||
the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
required:
|
||||
- certificate
|
||||
- privateKey
|
||||
type: object
|
||||
required:
|
||||
- certificateAuthority
|
||||
- clientCertificate
|
||||
type: object
|
||||
required:
|
||||
- driver
|
||||
- endpoints
|
||||
- tlsConfig
|
||||
type: object
|
||||
status:
|
||||
description: DataStoreStatus defines the observed state of DataStore.
|
||||
properties:
|
||||
usedBy:
|
||||
description: List of the Tenant Control Planes, namespaced named,
|
||||
using this data store.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
endpoints:
|
||||
description: List of the endpoints to connect to the shared datastore. No need for protocol, just bare IP/FQDN and port.
|
||||
items:
|
||||
type: string
|
||||
minItems: 1
|
||||
type: array
|
||||
tlsConfig:
|
||||
description: Defines the TLS/SSL configuration required to connect to the data store in a secure way.
|
||||
properties:
|
||||
certificateAuthority:
|
||||
description: Retrieve the Certificate Authority certificate and private key, such as bare content of the file, or a SecretReference. The key reference is required since etcd authentication is based on certificates, and Kamaji is responsible in creating this.
|
||||
properties:
|
||||
certificate:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
|
||||
minLength: 1
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
privateKey:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
|
||||
minLength: 1
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
required:
|
||||
- certificate
|
||||
type: object
|
||||
clientCertificate:
|
||||
description: Specifies the SSL/TLS key and private key pair used to connect to the data store.
|
||||
properties:
|
||||
certificate:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
|
||||
minLength: 1
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
privateKey:
|
||||
properties:
|
||||
content:
|
||||
description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value.
|
||||
format: byte
|
||||
type: string
|
||||
secretReference:
|
||||
properties:
|
||||
keyPath:
|
||||
description: Name of the key for the given Secret reference where the content is stored. This value is mandatory.
|
||||
minLength: 1
|
||||
type: string
|
||||
name:
|
||||
description: name is unique within a namespace to reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which the secret name must be unique.
|
||||
type: string
|
||||
required:
|
||||
- keyPath
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
required:
|
||||
- certificate
|
||||
- privateKey
|
||||
type: object
|
||||
required:
|
||||
- certificateAuthority
|
||||
- clientCertificate
|
||||
type: object
|
||||
required:
|
||||
- driver
|
||||
- endpoints
|
||||
- tlsConfig
|
||||
type: object
|
||||
status:
|
||||
description: DataStoreStatus defines the observed state of DataStore.
|
||||
properties:
|
||||
usedBy:
|
||||
description: List of the Tenant Control Planes, namespaced named, using this data store.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -61,3 +61,31 @@ Create the name of the service account to use
|
|||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the Service to user for webhooks
|
||||
*/}}
|
||||
{{- define "kamaji.webhookServiceName" -}}
|
||||
{{- printf "%s-webhook-service" (include "kamaji.fullname" .) }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the Service to user for metrics
|
||||
*/}}
|
||||
{{- define "kamaji.metricsServiceName" -}}
|
||||
{{- printf "%s-metrics-service" (include "kamaji.fullname" .) }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the cert-manager secret
|
||||
*/}}
|
||||
{{- define "kamaji.webhookSecretName" -}}
|
||||
{{- printf "%s-webhook-server-cert" (include "kamaji.fullname" .) }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the cert-manager Certificate
|
||||
*/}}
|
||||
{{- define "kamaji.certificateName" -}}
|
||||
{{- printf "%s-serving-cert" (include "kamaji.fullname" .) }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kamaji.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: certificate
|
||||
name: {{ include "kamaji.certificateName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
dnsNames:
|
||||
- {{ include "kamaji.webhookServiceName" . }}.{{ .Release.Namespace }}.svc
|
||||
- {{ include "kamaji.webhookServiceName" . }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||
issuerRef:
|
||||
kind: Issuer
|
||||
name: kamaji-selfsigned-issuer
|
||||
secretName: {{ include "kamaji.webhookSecretName" . }}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kamaji.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: issuer
|
||||
name: kamaji-selfsigned-issuer
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
|
|
@ -28,18 +28,7 @@ spec:
|
|||
serviceAccountName: {{ include "kamaji.serviceAccountName" . }}
|
||||
containers:
|
||||
- args:
|
||||
- --secure-listen-address=0.0.0.0:8443
|
||||
- --upstream=http://127.0.0.1:8080/
|
||||
- --logtostderr=true
|
||||
- --v=10
|
||||
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
|
||||
name: kube-rbac-proxy
|
||||
ports:
|
||||
- containerPort: 8443
|
||||
name: https
|
||||
protocol: TCP
|
||||
- args:
|
||||
- --config-file={{ .Values.configPath }}
|
||||
- manager
|
||||
- --health-probe-bind-address={{ .Values.healthProbeBindAddress }}
|
||||
- --leader-elect
|
||||
- --metrics-bind-address={{ .Values.metricsBindAddress }}
|
||||
|
|
@ -52,7 +41,16 @@ spec:
|
|||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /manager
|
||||
- /kamaji
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: SERVICE_ACCOUNT
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.serviceAccountName
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- with .Values.livenessProbe }}
|
||||
|
|
@ -61,6 +59,12 @@ spec:
|
|||
{{- end }}
|
||||
name: manager
|
||||
ports:
|
||||
- containerPort: 9443
|
||||
name: webhook-server
|
||||
protocol: TCP
|
||||
- containerPort: 8080
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
- containerPort: 8081
|
||||
name: healthcheck
|
||||
protocol: TCP
|
||||
|
|
@ -72,7 +76,21 @@ spec:
|
|||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
||||
name: cert
|
||||
readOnly: true
|
||||
terminationGracePeriodSeconds: 10
|
||||
volumes:
|
||||
- name: tmp
|
||||
emptyDir:
|
||||
medium: Memory
|
||||
- name: cert
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: {{ include "kamaji.webhookSecretName" . }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@ apiVersion: kamaji.clastix.io/v1alpha1
|
|||
kind: DataStore
|
||||
metadata:
|
||||
name: {{ include "datastore.fullname" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install
|
||||
labels:
|
||||
{{- include "datastore.labels" . | nindent 4 }}
|
||||
spec:
|
||||
|
|
@ -10,7 +12,12 @@ spec:
|
|||
{{- include "datastore.endpoints" . | indent 4 }}
|
||||
{{- if (and .Values.datastore.basicAuth.usernameSecret.name .Values.datastore.basicAuth.passwordSecret.name) }}
|
||||
basicAuth:
|
||||
{{- .Values.datastore.basicAuth | toYaml | nindent 4 }}
|
||||
username:
|
||||
secretReference:
|
||||
{{- .Values.datastore.basicAuth.usernameSecret | toYaml | nindent 8 }}
|
||||
password:
|
||||
secretReference:
|
||||
{{- .Values.datastore.basicAuth.passwordSecret | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
tlsConfig:
|
||||
certificateAuthority:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,50 @@
|
|||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kamaji.certificateName" . }}
|
||||
labels:
|
||||
{{- include "kamaji.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: mutating-webhook-configuration
|
||||
name: kamaji-mutating-webhook-configuration
|
||||
webhooks:
|
||||
- admissionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
service:
|
||||
name: {{ include "kamaji.webhookServiceName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /mutate-kamaji-clastix-io-v1alpha1-datastore
|
||||
failurePolicy: Fail
|
||||
name: mdatastore.kb.io
|
||||
rules:
|
||||
- apiGroups:
|
||||
- kamaji.clastix.io
|
||||
apiVersions:
|
||||
- v1alpha1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- datastores
|
||||
sideEffects: None
|
||||
- admissionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
service:
|
||||
name: {{ include "kamaji.webhookServiceName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /mutate-kamaji-clastix-io-v1alpha1-tenantcontrolplane
|
||||
failurePolicy: Fail
|
||||
name: mtenantcontrolplane.kb.io
|
||||
rules:
|
||||
- apiGroups:
|
||||
- kamaji.clastix.io
|
||||
apiVersions:
|
||||
- v1alpha1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- tenantcontrolplanes
|
||||
sideEffects: None
|
||||
|
|
@ -66,6 +66,16 @@ rules:
|
|||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
|
|
@ -114,12 +124,6 @@ rules:
|
|||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- kamaji.clastix.io
|
||||
resources:
|
||||
- datastores/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- kamaji.clastix.io
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -1,16 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "kamaji.fullname" . }}
|
||||
labels:
|
||||
{{- include "kamaji.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: metrics
|
||||
name: {{ include "kamaji.metricsServiceName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- name: https
|
||||
port: {{ .Values.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: https
|
||||
- port: 8080
|
||||
name: metrics
|
||||
protocol: TCP
|
||||
targetPort: metrics
|
||||
selector:
|
||||
{{- include "kamaji.selectorLabels" . | nindent 4 }}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kamaji.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: webhook
|
||||
app.kubernetes.io/instance: webhook-service
|
||||
name: {{ include "kamaji.webhookServiceName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
protocol: TCP
|
||||
name: webhook-server
|
||||
targetPort: webhook-server
|
||||
selector:
|
||||
{{- include "kamaji.selectorLabels" . | nindent 4 }}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kamaji.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: servicemonitor
|
||||
name: {{ include "kamaji.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
endpoints:
|
||||
- path: /metrics
|
||||
port: metrics
|
||||
scheme: http
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ include "kamaji.name" . }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kamaji.certificateName" . }}
|
||||
labels:
|
||||
{{- include "kamaji.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: validating-webhook-configuration
|
||||
name: kamaji-validating-webhook-configuration
|
||||
webhooks:
|
||||
- admissionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
service:
|
||||
name: {{ include "kamaji.webhookServiceName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate--v1-secret
|
||||
failurePolicy: Ignore
|
||||
name: vdatastoresecrets.kb.io
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
apiVersions:
|
||||
- v1
|
||||
operations:
|
||||
- DELETE
|
||||
resources:
|
||||
- secrets
|
||||
sideEffects: None
|
||||
- admissionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
service:
|
||||
name: {{ include "kamaji.webhookServiceName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-kamaji-clastix-io-v1alpha1-datastore
|
||||
failurePolicy: Fail
|
||||
name: vdatastore.kb.io
|
||||
rules:
|
||||
- apiGroups:
|
||||
- kamaji.clastix.io
|
||||
apiVersions:
|
||||
- v1alpha1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
- DELETE
|
||||
resources:
|
||||
- datastores
|
||||
sideEffects: None
|
||||
- admissionReviewVersions:
|
||||
- v1
|
||||
clientConfig:
|
||||
service:
|
||||
name: {{ include "kamaji.webhookServiceName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
path: /validate-kamaji-clastix-io-v1alpha1-tenantcontrolplane
|
||||
failurePolicy: Fail
|
||||
name: vtenantcontrolplane.kb.io
|
||||
rules:
|
||||
- apiGroups:
|
||||
- kamaji.clastix.io
|
||||
apiVersions:
|
||||
- v1alpha1
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- tenantcontrolplanes
|
||||
sideEffects: None
|
||||
|
|
@ -15,8 +15,10 @@ image:
|
|||
# -- A list of extra arguments to add to the kamaji controller default ones
|
||||
extraArgs: []
|
||||
|
||||
# -- Configuration file path alternative. (default "./kamaji.yaml")
|
||||
configPath: "./kamaji.yaml"
|
||||
|
||||
serviceMonitor:
|
||||
# -- Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured
|
||||
enabled: false
|
||||
|
||||
etcd:
|
||||
# -- Install an etcd with enabled multi-tenancy along with Kamaji
|
||||
|
|
@ -31,7 +33,7 @@ etcd:
|
|||
# -- Install specific etcd image
|
||||
image:
|
||||
repository: quay.io/coreos/etcd
|
||||
tag: "v3.5.4"
|
||||
tag: "v3.5.6"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- The livenessProbe for the etcd container
|
||||
|
|
@ -127,10 +129,6 @@ securityContext:
|
|||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 8443
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 200m
|
||||
|
|
|
|||
|
|
@ -1,5 +1,9 @@
|
|||
# Datadog changelog
|
||||
|
||||
## 3.10.5
|
||||
|
||||
* Only expose the shared volume for the auth-token in non autopilot environments.
|
||||
|
||||
## 3.10.4
|
||||
|
||||
* Fix documentation for `agents.containers.traceAgent.env` and `agents.containers.securityAgent.env`
|
||||
|
|
|
|||
|
|
@ -19,4 +19,4 @@ name: datadog
|
|||
sources:
|
||||
- https://app.datadoghq.com/account/settings#agent/kubernetes
|
||||
- https://github.com/DataDog/datadog-agent
|
||||
version: 3.10.4
|
||||
version: 3.10.5
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Datadog
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
|
||||
|
||||
|
|
|
|||
|
|
@ -163,8 +163,11 @@
|
|||
{{- end }}
|
||||
- name: config
|
||||
mountPath: {{ template "datadog.confPath" . }}
|
||||
{{- if (not .Values.providers.gke.autopilot) }}
|
||||
- name: auth-token
|
||||
mountPath: {{ template "datadog.confPath" . }}/auth
|
||||
readOnly: false
|
||||
{{- end }}
|
||||
{{- include "container-crisocket-volumemounts" . | nindent 4 }}
|
||||
{{- include "container-cloudinit-volumemounts" . | nindent 4 }}
|
||||
{{- if .Values.agents.useConfigMap }}
|
||||
|
|
|
|||
|
|
@ -56,9 +56,11 @@
|
|||
- name: config
|
||||
mountPath: {{ template "datadog.confPath" . }}
|
||||
{{- if eq .Values.targetSystem "linux" }}
|
||||
{{- if (not .Values.providers.gke.autopilot) }}
|
||||
- name: auth-token
|
||||
mountPath: /etc/datadog-agent/auth
|
||||
mountPath: {{ template "datadog.confPath" . }}/auth
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
- name: logdatadog
|
||||
mountPath: /var/log/datadog
|
||||
- name: tmpdir
|
||||
|
|
|
|||
|
|
@ -52,9 +52,11 @@
|
|||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: {{ template "datadog.confPath" . }}
|
||||
{{- if (not .Values.providers.gke.autopilot) }}
|
||||
- name: auth-token
|
||||
mountPath: {{ template "datadog.confPath" . }}/auth
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if eq .Values.targetSystem "linux" }}
|
||||
- name: logdatadog
|
||||
mountPath: /var/log/datadog
|
||||
|
|
|
|||
|
|
@ -53,9 +53,11 @@
|
|||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: {{ template "datadog.confPath" . }}
|
||||
{{- if (not .Values.providers.gke.autopilot) }}
|
||||
- name: auth-token
|
||||
mountPath: {{ template "datadog.confPath" . }}/auth
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.agents.useConfigMap }}
|
||||
- name: datadog-yaml
|
||||
mountPath: {{ template "datadog.confPath" . }}/datadog.yaml
|
||||
|
|
|
|||
|
|
@ -9,8 +9,10 @@
|
|||
secretKeyRef:
|
||||
name: {{ template "datadog.apiSecretName" . }}
|
||||
key: api-key
|
||||
{{- if (not .Values.providers.gke.autopilot) }}
|
||||
- name: DD_AUTH_TOKEN_FILE_PATH
|
||||
value: {{ template "datadog.confPath" . }}/auth/token
|
||||
{{- end }}
|
||||
{{ include "components-common-env" . }}
|
||||
{{- if .Values.datadog.kubelet.host }}
|
||||
- name: DD_KUBERNETES_KUBELET_HOST
|
||||
|
|
|
|||
|
|
@ -132,8 +132,10 @@ spec:
|
|||
{{ include "system-probe-init" . | nindent 6 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if (not .Values.providers.gke.autopilot) }}
|
||||
- name: auth-token
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
- name: installinfo
|
||||
configMap:
|
||||
name: {{ include "agents-install-info-configmap-name" . }}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
annotations:
|
||||
artifacthub.io/images: |
|
||||
- name: consul
|
||||
image: hashicorp/consul:1.14.2
|
||||
image: hashicorp/consul:1.14.4
|
||||
- name: consul-k8s-control-plane
|
||||
image: hashicorp/consul-k8s-control-plane:1.0.2
|
||||
image: hashicorp/consul-k8s-control-plane:1.0.3
|
||||
- name: consul-dataplane
|
||||
image: hashicorp/consul-dataplane:1.0.0
|
||||
image: hashicorp/consul-dataplane:1.0.1
|
||||
- name: envoy
|
||||
image: envoyproxy/envoy:v1.23.1
|
||||
artifacthub.io/license: MPL-2.0
|
||||
|
|
@ -25,7 +25,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.21.0-0'
|
||||
catalog.cattle.io/release-name: consul
|
||||
apiVersion: v2
|
||||
appVersion: 1.14.2
|
||||
appVersion: 1.14.4
|
||||
description: Official HashiCorp Consul Chart
|
||||
home: https://www.consul.io
|
||||
icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png
|
||||
|
|
@ -34,4 +34,4 @@ name: consul
|
|||
sources:
|
||||
- https://github.com/hashicorp/consul
|
||||
- https://github.com/hashicorp/consul-k8s
|
||||
version: 1.0.2
|
||||
version: 1.0.3
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
|
|||
|
||||
The following pre-requisites must be met before installing Consul on Kubernetes.
|
||||
|
||||
* **Kubernetes 1.22.x - 1.25.x** - This represents the earliest versions of Kubernetes tested.
|
||||
* **Kubernetes 1.23.x - 1.26.x** - This represents the earliest versions of Kubernetes tested.
|
||||
It is possible that this chart works with earlier versions, but it is
|
||||
untested.
|
||||
* Helm install
|
||||
|
|
|
|||
|
|
@ -15,6 +15,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: api-gateway-controller
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.apiGateway.controller.replicas }}
|
||||
selector:
|
||||
|
|
@ -46,6 +49,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: api-gateway-controller
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "consul.fullname" . }}-api-gateway-controller
|
||||
containers:
|
||||
|
|
|
|||
|
|
@ -24,6 +24,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: client
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.client.updateStrategy }}
|
||||
updateStrategy:
|
||||
|
|
@ -47,6 +50,9 @@ spec:
|
|||
{{- if .Values.client.extraLabels }}
|
||||
{{- toYaml .Values.client.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if .Values.global.secretsBackend.vault.enabled }}
|
||||
"vault.hashicorp.com/agent-inject": "true"
|
||||
|
|
|
|||
|
|
@ -11,6 +11,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: cni
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.connectInject.cni.updateStrategy }}
|
||||
updateStrategy:
|
||||
|
|
@ -29,6 +32,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: cni
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
consul.hashicorp.com/connect-inject: "false"
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: connect-injector
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.connectInject.replicas }}
|
||||
selector:
|
||||
|
|
@ -41,6 +44,9 @@ spec:
|
|||
{{- if .Values.connectInject.extraLabels }}
|
||||
{{- toYaml .Values.connectInject.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if .Values.connectInject.annotations }}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: create-federation-secret
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
{{- /* Hook weight needs to be 1 so that the service account is provisioned first */}}
|
||||
|
|
@ -29,6 +32,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: create-federation-secret
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -15,6 +15,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: license
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-weight": "100"
|
||||
|
|
@ -31,6 +34,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: license
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: gossip-encryption-autogenerate
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "1"
|
||||
|
|
@ -27,6 +30,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: gossip-encryption-autogenerate
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -46,6 +46,9 @@ metadata:
|
|||
release: {{ $root.Release.Name }}
|
||||
component: ingress-gateway
|
||||
ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
|
||||
{{- if $root.Values.global.extraLabels }}
|
||||
{{- toYaml $root.Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ default $defaults.replicas .replicas }}
|
||||
selector:
|
||||
|
|
@ -66,6 +69,9 @@ spec:
|
|||
component: ingress-gateway
|
||||
ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
|
||||
consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller
|
||||
{{- if $root.Values.global.extraLabels }}
|
||||
{{- toYaml $root.Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
"consul.hashicorp.com/gateway-kind": "ingress-gateway"
|
||||
|
|
|
|||
|
|
@ -19,6 +19,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: mesh-gateway
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.meshGateway.replicas }}
|
||||
selector:
|
||||
|
|
@ -35,6 +38,9 @@ spec:
|
|||
release: {{ .Release.Name }}
|
||||
component: mesh-gateway
|
||||
consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
"consul.hashicorp.com/gateway-kind": "mesh-gateway"
|
||||
|
|
|
|||
|
|
@ -15,6 +15,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: partition-init
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install
|
||||
"helm.sh/hook-weight": "2"
|
||||
|
|
@ -28,6 +31,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: partition-init
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if (and .Values.global.secretsBackend.vault.enabled (or .Values.global.tls.enabled .Values.global.acls.manageSystemACLs)) }}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: server-acl-init-cleanup
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-weight": "0"
|
||||
|
|
@ -39,6 +42,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: server-acl-init-cleanup
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -29,6 +29,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: server-acl-init
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
|
|
@ -38,6 +41,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: server-acl-init
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if .Values.global.secretsBackend.vault.enabled }}
|
||||
|
|
|
|||
|
|
@ -31,6 +31,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: server
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
serviceName: {{ template "consul.fullname" . }}-server
|
||||
podManagementPolicy: Parallel
|
||||
|
|
@ -59,6 +62,9 @@ spec:
|
|||
{{- if .Values.server.extraLabels }}
|
||||
{{- toYaml .Values.server.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if .Values.global.secretsBackend.vault.enabled }}
|
||||
"vault.hashicorp.com/agent-inject": "true"
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: sync-catalog
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
|
|
@ -32,6 +35,9 @@ spec:
|
|||
{{- if .Values.syncCatalog.extraLabels }}
|
||||
{{- toYaml .Values.syncCatalog.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if .Values.syncCatalog.annotations }}
|
||||
|
|
|
|||
|
|
@ -48,6 +48,9 @@ metadata:
|
|||
release: {{ $root.Release.Name }}
|
||||
component: terminating-gateway
|
||||
terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
|
||||
{{- if $root.Values.global.extraLabels }}
|
||||
{{- toYaml $root.Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ default $defaults.replicas .replicas }}
|
||||
selector:
|
||||
|
|
@ -68,6 +71,9 @@ spec:
|
|||
component: terminating-gateway
|
||||
terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}
|
||||
consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller
|
||||
{{- if $root.Values.global.extraLabels }}
|
||||
{{- toYaml $root.Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
"consul.hashicorp.com/gateway-kind": "terminating-gateway"
|
||||
|
|
|
|||
|
|
@ -13,6 +13,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: tls-init-cleanup
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
|
|
@ -27,6 +30,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: tls-init-cleanup
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: tls-init
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-weight": "1"
|
||||
|
|
@ -27,6 +30,9 @@ spec:
|
|||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: tls-init
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
spec:
|
||||
|
|
|
|||
|
|
@ -11,6 +11,9 @@ metadata:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: webhook-cert-manager
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
|
|
@ -28,6 +31,9 @@ spec:
|
|||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: webhook-cert-manager
|
||||
{{- if .Values.global.extraLabels }}
|
||||
{{- toYaml .Values.global.extraLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
"consul.hashicorp.com/config-checksum": {{ include (print $.Template.BasePath "/webhook-cert-manager-configmap.yaml") . | sha256sum }}
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ global:
|
|||
# image: "hashicorp/consul-enterprise:1.10.0-ent"
|
||||
# ```
|
||||
# @default: hashicorp/consul:<latest version>
|
||||
image: "hashicorp/consul:1.14.2"
|
||||
image: "hashicorp/consul:1.14.4"
|
||||
|
||||
# Array of objects containing image pull secret names that will be applied to each service account.
|
||||
# This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image.
|
||||
|
|
@ -83,7 +83,7 @@ global:
|
|||
# image that is used for functionality such as catalog sync.
|
||||
# This can be overridden per component.
|
||||
# @default: hashicorp/consul-k8s-control-plane:<latest version>
|
||||
imageK8S: hashicorp/consul-k8s-control-plane:1.0.2
|
||||
imageK8S: hashicorp/consul-k8s-control-plane:1.0.3
|
||||
|
||||
# The name of the datacenter that the agents should
|
||||
# register as. This can't be changed once the Consul cluster is up and running
|
||||
|
|
@ -261,7 +261,7 @@ global:
|
|||
secretName: null
|
||||
|
||||
connectInject:
|
||||
# Configuration to the Vault Secret that Kubernetes will use on
|
||||
# Configuration to the Vault Secret that Kubernetes uses on
|
||||
# Kubernetes pod creation, deletion, and update, to get CA certificates
|
||||
# used issued from vault to send webhooks to the ConnectInject.
|
||||
caCert:
|
||||
|
|
@ -270,7 +270,7 @@ global:
|
|||
# @type: string
|
||||
secretName: null
|
||||
|
||||
# Configuration to the Vault Secret that Kubernetes will use on
|
||||
# Configuration to the Vault Secret that Kubernetes uses on
|
||||
# Kubernetes pod creation, deletion, and update, to get TLS certificates
|
||||
# used issued from vault to send webhooks to the ConnectInject.
|
||||
tlsCert:
|
||||
|
|
@ -325,7 +325,7 @@ global:
|
|||
# If true, the Helm chart will enable TLS for Consul
|
||||
# servers and clients and all consul-k8s-control-plane components, as well as generate certificate
|
||||
# authority (optional) and server and client certificates.
|
||||
# This setting is required for [Cluster Peering](/docs/connect/cluster-peering/k8s).
|
||||
# This setting is required for [Cluster Peering](https://developer.hashicorp.com/consul/docs/connect/cluster-peering/k8s).
|
||||
enabled: false
|
||||
|
||||
# If true, turns on the auto-encrypt feature on clients and servers.
|
||||
|
|
@ -567,7 +567,7 @@ global:
|
|||
# The name (and tag) of the consul-dataplane Docker image used for the
|
||||
# connect-injected sidecar proxies and mesh, terminating, and ingress gateways.
|
||||
# @default: hashicorp/consul-dataplane:<latest supported version>
|
||||
imageConsulDataplane: "hashicorp/consul-dataplane:1.0.0"
|
||||
imageConsulDataplane: "hashicorp/consul-dataplane:1.0.1"
|
||||
|
||||
# Configuration for running this Helm chart on the Red Hat OpenShift platform.
|
||||
# This Helm chart currently supports OpenShift v4.x+.
|
||||
|
|
@ -647,6 +647,19 @@ global:
|
|||
# @type: string
|
||||
secretKey: null
|
||||
|
||||
# Extra labels to attach to all pods, deployments, daemonsets, statefulsets, and jobs. This should be a YAML map.
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# ```yaml
|
||||
# extraLabels:
|
||||
# labelKey: label-value
|
||||
# anotherLabelKey: another-label-value
|
||||
# ```
|
||||
#
|
||||
# @type: map
|
||||
extraLabels: {}
|
||||
|
||||
# Server, when enabled, configures a server cluster to run. This should
|
||||
# be disabled if you plan on connecting to a Consul cluster external to
|
||||
# the Kube cluster.
|
||||
|
|
@ -844,9 +857,9 @@ server:
|
|||
# This configures the PodDisruptionBudget (https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
|
||||
# for the server cluster.
|
||||
disruptionBudget:
|
||||
# This will enable/disable registering a PodDisruptionBudget for the server
|
||||
# cluster. If this is enabled, it will only register the budget so long as
|
||||
# the server cluster is enabled.
|
||||
# Enables registering a PodDisruptionBudget for the server
|
||||
# cluster. If enabled, it only registers the budget so long as
|
||||
# the server cluster is enabled. To disable, set to `false`.
|
||||
enabled: true
|
||||
|
||||
# The maximum number of unavailable pods. By default, this will be
|
||||
|
|
@ -1936,7 +1949,7 @@ connectInject:
|
|||
|
||||
# Configures consul-cni plugin for Consul Service mesh services
|
||||
cni:
|
||||
# If true, then all traffic redirection setup will use the consul-cni plugin.
|
||||
# If true, then all traffic redirection setup uses the consul-cni plugin.
|
||||
# Requires connectInject.enabled to also be true.
|
||||
# @type: boolean
|
||||
enabled: false
|
||||
|
|
@ -2330,11 +2343,11 @@ connectInject:
|
|||
memory: "150Mi"
|
||||
cpu: "50m"
|
||||
|
||||
# [Mesh Gateways](/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters.
|
||||
# [Mesh Gateways](https://developer.hashicorp.com/consul/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters.
|
||||
meshGateway:
|
||||
# If [mesh gateways](/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs
|
||||
# If [mesh gateways](https://developer.hashicorp.com/consul/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs
|
||||
# gateways and Consul Connect will be configured to use gateways.
|
||||
# This setting is required for [Cluster Peering](/docs/connect/cluster-peering/k8s).
|
||||
# This setting is required for [Cluster Peering](https://developer.hashicorp.com/consul/docs/connect/cluster-peering/k8s).
|
||||
# Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``.
|
||||
enabled: false
|
||||
|
||||
|
|
@ -2883,9 +2896,9 @@ apiGateway:
|
|||
# @type: string
|
||||
nodeSelector: null
|
||||
|
||||
# This value defines the tolerations that will be assigned to a gateway pod.
|
||||
# Toleration settings for gateway pods created with the managed gateway class.
|
||||
# This should be a multi-line string matching the
|
||||
# Tolerations (https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec.
|
||||
# [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec.
|
||||
#
|
||||
# @type: string
|
||||
tolerations: null
|
||||
|
|
|
|||
|
|
@ -4,9 +4,9 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.19-0'
|
||||
catalog.cattle.io/release-name: intel-device-plugins-operator
|
||||
apiVersion: v2
|
||||
appVersion: 0.25.1
|
||||
appVersion: 0.26.0
|
||||
description: A Helm chart for Intel Device Plugins Operator for Kubernetes
|
||||
icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4
|
||||
name: intel-device-plugins-operator
|
||||
type: application
|
||||
version: 0.25.1
|
||||
version: 0.26.0
|
||||
|
|
|
|||
|
|
@ -102,6 +102,10 @@ spec:
|
|||
- balanced
|
||||
- packed
|
||||
type: string
|
||||
provisioningConfig:
|
||||
description: ProvisioningConfig is a ConfigMap used to pass the configuration
|
||||
of QAT devices into qat initcontainer.
|
||||
type: string
|
||||
type: object
|
||||
status:
|
||||
description: 'QatDevicePluginStatus defines the observed state of QatDevicePlugin.
|
||||
|
|
|
|||
|
|
@ -41,4 +41,4 @@ sources:
|
|||
- https://github.com/jenkinsci/docker-inbound-agent
|
||||
- https://github.com/maorfr/kube-tasks
|
||||
- https://github.com/jenkinsci/configuration-as-code-plugin
|
||||
version: 4.3.0
|
||||
version: 4.3.1
|
||||
|
|
|
|||
|
|
@ -209,6 +209,51 @@ controller:
|
|||
|
||||
Further JCasC examples can be found [here](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos).
|
||||
|
||||
#### Breaking out large Config as Code scripts
|
||||
|
||||
Jenkins Config as Code scripts can become quite large, and maintaining all of your scripts within one yaml file can be difficult. The Config as Code plugin itself suggests updating the `CASC_JENKINS_CONFIG` environment variable to be a comma seperated list of paths for the plugin to traverse, picking up the yaml files as needed.
|
||||
However, under the Jenkins helm chart, this `CASC_JENKINS_CONFIG` value is maintained through the templates. A better solution is to split your `controller.JCasC.configScripts` into seperate values files, and provide each file during the helm install.
|
||||
|
||||
For example, you can have a values file (e.g values_main.yaml) that defines the values described in the `VALUES_SUMMARY.md` for your Jenkins configuration:
|
||||
|
||||
```yaml
|
||||
jenkins:
|
||||
controller:
|
||||
jenkinsUrlProtocol: https
|
||||
installPlugins: false
|
||||
...
|
||||
```
|
||||
|
||||
In a second file (e.g values_jenkins_casc.yaml), you can define a section of your config scripts:
|
||||
|
||||
```yaml
|
||||
jenkins:
|
||||
controller:
|
||||
JCasC:
|
||||
configScripts:
|
||||
jenkinsCasc: |
|
||||
jenkins:
|
||||
disableRememberMe: false
|
||||
mode: NORMAL
|
||||
...
|
||||
```
|
||||
|
||||
And keep extending your config scripts by creating more files (so not all config scripts are located in one yaml file for better maintenance):
|
||||
|
||||
values_jenkins_unclassified.yaml
|
||||
|
||||
```yaml
|
||||
jenkins:
|
||||
controller:
|
||||
JCasC:
|
||||
configScripts:
|
||||
unclassifiedCasc: |
|
||||
unclassified:
|
||||
...
|
||||
```
|
||||
|
||||
When installing, you provide all relevant yaml files (e.g `helm install -f values_main.yaml -f values_jenkins_casc.yaml -f values_jenkins_unclassified.yaml ...`). Instead of updating the `CASC_JENKINS_CONFIG` environment variable to include multiple paths, multiple CasC yaml files will be created in the same path `var/jenkins_home/casc_configs`.
|
||||
|
||||
#### Config as Code With or Without Auto-Reload
|
||||
|
||||
Config as Code changes (to `controller.JCasC.configScripts`) can either force a new pod to be created and only be applied at next startup, or can be auto-reloaded on-the-fly.
|
||||
|
|
|
|||
|
|
@ -1,7 +1,33 @@
|
|||
# Changelog
|
||||
|
||||
## Unreleased
|
||||
## 2.16.1
|
||||
|
||||
### Fixed
|
||||
|
||||
* serviceAccount projected volume is properly provisioned for GKE clusters >= 1.20.
|
||||
[#735](https://github.com/Kong/charts/pull/735)
|
||||
|
||||
## 2.16.0
|
||||
|
||||
### Improvements
|
||||
|
||||
* Let users specify their own labels and annotations for generated PodSecurityPolicy.
|
||||
[#721](https://github.com/Kong/charts/pull/721)
|
||||
* Enable the admission webhook by default. This can reject configuration, but
|
||||
is not expected to be a meaningfully breaking change. Existing configuration
|
||||
is not affected, and any new changes that the webhook would reject would also
|
||||
be rejected by Kong.
|
||||
[#727](https://github.com/Kong/charts/pull/727)
|
||||
* Replaced static secret with projected volume in deployment.
|
||||
[#722](https://github.com/Kong/charts/pull/722)
|
||||
* Reject invalid log config values.
|
||||
[#733](https://github.com/Kong/charts/pull/733)
|
||||
* Update custom resource definitions to latest v2.8.1 from
|
||||
kong/kubernetes-ingress-controller
|
||||
[#730](https://github.com/Kong/charts/pull/730)
|
||||
* Respect setting `.Values.deployment.serviceAccount.automountServiceAccountToken` in
|
||||
migrations Jobs. This was already the case for the Deployment.
|
||||
[#729](https://github.com/Kong/charts/pull/729)
|
||||
|
||||
## 2.15.3
|
||||
|
||||
|
|
|
|||
|
|
@ -20,4 +20,4 @@ maintainers:
|
|||
name: kong
|
||||
sources:
|
||||
- https://github.com/Kong/charts/tree/main/charts/kong
|
||||
version: 2.15.3
|
||||
version: 2.16.1
|
||||
|
|
|
|||
|
|
@ -565,7 +565,7 @@ namespaces. Limiting access requires several changes to configuration:
|
|||
- Set `ingressController.watchNamespaces` to a list of namespaces you want to
|
||||
watch. The chart will automatically generate roles for each namespace and
|
||||
assign them to the controller's service account.
|
||||
- Optionally set `ingressContrller.installCRDs=false` if your user role (the
|
||||
- Optionally set `ingressController.installCRDs=false` if your user role (the
|
||||
role you use when running `helm install`, not the controller service
|
||||
account's role) does not have access to get CRDs. By default, the chart
|
||||
attempts to look up the controller CRDs for [a legacy behavior
|
||||
|
|
@ -716,10 +716,10 @@ section of `values.yaml` file:
|
|||
| ingressClassAnnotations | The ingress-class value for controller | kong |
|
||||
| args | List of ingress-controller cli arguments | [] |
|
||||
| watchNamespaces | List of namespaces to watch. Watches all namespaces if empty | [] |
|
||||
| admissionWebhook.enabled | Whether to enable the validating admission webhook | false |
|
||||
| admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Fail |
|
||||
| admissionWebhook.enabled | Whether to enable the validating admission webhook | true |
|
||||
| admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Ignore |
|
||||
| admissionWebhook.port | The port the ingress controller will listen on for admission webhooks | 8080 |
|
||||
| admissionWebhook.certificate.provided | Whether to generate the admission webhook certificate if not provided | false |
|
||||
| admissionWebhook.certificate.provided | Use a provided certificate. When set to false, the chart will automatically generate a certificate. | false |
|
||||
| admissionWebhook.certificate.secretName | Name of the TLS secret for the provided webhook certificate | |
|
||||
| admissionWebhook.certificate.caBundle | PEM encoded CA bundle which will be used to validate the provided webhook certificate | |
|
||||
| deployment.userDefinedVolumes | Create volumes. Please go to Kubernetes doc for the spec of the volumes | |
|
||||
|
|
@ -788,6 +788,8 @@ kong:
|
|||
| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` |
|
||||
| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | |
|
||||
| podSecurityPolicy.enabled | Enable podSecurityPolicy for Kong | `false` |
|
||||
| podSecurityPolicy.labels | Labels to add to podSecurityPolicy for Kong | `{}` |
|
||||
| podSecurityPolicy.annotations | Annotations to add to podSecurityPolicy for Kong | `{}` |
|
||||
| podSecurityPolicy.spec | Collection of [PodSecurityPolicy settings](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#what-is-a-pod-security-policy) | |
|
||||
| priorityClassName | Set pod scheduling priority class for Kong pods | `""` |
|
||||
| secretVolumes | Mount given secrets as a volume in Kong container to override default certs and keys. | `[]` |
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
# generated using: kubectl kustomize github.com/kong/kubernetes-ingress-controller/config/crd?ref=main
|
||||
# generated using: kubectl kustomize github.com/kong/kubernetes-ingress-controller/config/crd?ref=v2.8.1
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
controller-gen.kubebuilder.io/version: v0.11.1
|
||||
creationTimestamp: null
|
||||
name: ingressclassparameterses.configuration.konghq.com
|
||||
spec:
|
||||
|
|
@ -19,7 +19,7 @@ spec:
|
|||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressClassParameters is the Schema for the IngressClassParameters
|
||||
API
|
||||
API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
|
|
@ -34,6 +34,7 @@ spec:
|
|||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Spec is the IngressClassParameters specification.
|
||||
properties:
|
||||
enableLegacyRegexDetection:
|
||||
default: false
|
||||
|
|
@ -44,7 +45,7 @@ spec:
|
|||
type: boolean
|
||||
serviceUpstream:
|
||||
default: false
|
||||
description: Offload load-balancing to kube-proxy or sidecar
|
||||
description: Offload load-balancing to kube-proxy or sidecar.
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
|
|
@ -55,7 +56,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
controller-gen.kubebuilder.io/version: v0.11.1
|
||||
creationTimestamp: null
|
||||
name: kongclusterplugins.configuration.konghq.com
|
||||
spec:
|
||||
|
|
@ -93,7 +94,7 @@ spec:
|
|||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: KongClusterPlugin is the Schema for the kongclusterplugins API
|
||||
description: KongClusterPlugin is the Schema for the kongclusterplugins API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
|
|
@ -101,24 +102,33 @@ spec:
|
|||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
config:
|
||||
description: Config contains the plugin configuration.
|
||||
description: Config contains the plugin configuration. It's a list of
|
||||
keys and values required to configure the plugin. Please read the documentation
|
||||
of the plugin being configured to set values in here. For any plugin
|
||||
in Kong, anything that goes in the `config` JSON key in the Admin API
|
||||
request, goes into this property. Only one of `config` or `configFrom`
|
||||
may be used in a KongClusterPlugin, not both at once.
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
configFrom:
|
||||
description: ConfigFrom references a secret containing the plugin configuration.
|
||||
This should be used when the plugin configuration contains sensitive
|
||||
information, such as AWS credentials in the Lambda plugin or the client
|
||||
secret in the OIDC plugin. Only one of `config` or `configFrom` may
|
||||
be used in a KongClusterPlugin, not both at once.
|
||||
properties:
|
||||
secretKeyRef:
|
||||
description: NamespacedSecretValueFromSource represents the source
|
||||
of a secret value specifying the secret namespace
|
||||
description: Specifies a name, a namespace, and a key of a secret
|
||||
to refer to.
|
||||
properties:
|
||||
key:
|
||||
description: the key containing the value
|
||||
description: The key containing the value.
|
||||
type: string
|
||||
name:
|
||||
description: the secret containing the key
|
||||
description: The secret containing the key.
|
||||
type: string
|
||||
namespace:
|
||||
description: The namespace containing the secret
|
||||
description: The namespace containing the secret.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
|
|
@ -127,10 +137,10 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
consumerRef:
|
||||
description: ConsumerRef is a reference to a particular consumer
|
||||
description: ConsumerRef is a reference to a particular consumer.
|
||||
type: string
|
||||
disabled:
|
||||
description: Disabled set if the plugin is disabled or not
|
||||
description: Disabled set if the plugin is disabled or not.
|
||||
type: boolean
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
|
|
@ -140,7 +150,13 @@ spec:
|
|||
metadata:
|
||||
type: object
|
||||
ordering:
|
||||
description: Ordering overrides the normal plugin execution order
|
||||
description: 'Ordering overrides the normal plugin execution order. It''s
|
||||
only available on Kong Enterprise. `<phase>` is a request processing
|
||||
phase (for example, `access` or `body_filter`) and `<plugin>` is the
|
||||
name of the plugin that will run before or after the KongPlugin. For
|
||||
example, a KongPlugin with `plugin: rate-limiting` and `before.access:
|
||||
["key-auth"]` will create a rate limiting plugin that limits requests
|
||||
_before_ they are authenticated.'
|
||||
properties:
|
||||
after:
|
||||
additionalProperties:
|
||||
|
|
@ -161,7 +177,7 @@ spec:
|
|||
type: object
|
||||
plugin:
|
||||
description: PluginName is the name of the plugin to which to apply the
|
||||
config
|
||||
config.
|
||||
type: string
|
||||
protocols:
|
||||
description: Protocols configures plugin to run on requests received on
|
||||
|
|
@ -197,7 +213,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
controller-gen.kubebuilder.io/version: v0.11.1
|
||||
creationTimestamp: null
|
||||
name: kongconsumers.configuration.konghq.com
|
||||
spec:
|
||||
|
|
@ -225,7 +241,7 @@ spec:
|
|||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: KongConsumer is the Schema for the kongconsumers API
|
||||
description: KongConsumer is the Schema for the kongconsumers API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
|
|
@ -239,8 +255,8 @@ spec:
|
|||
type: string
|
||||
type: array
|
||||
custom_id:
|
||||
description: CustomID existing unique ID for the consumer - useful for
|
||||
mapping Kong with users in your existing database
|
||||
description: CustomID is a Kong cluster-unique existing ID for the consumer
|
||||
- useful for mapping Kong with users in your existing database.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
|
|
@ -250,7 +266,7 @@ spec:
|
|||
metadata:
|
||||
type: object
|
||||
username:
|
||||
description: Username unique username of the consumer.
|
||||
description: Username is a Kong cluster-unique username of the consumer.
|
||||
type: string
|
||||
type: object
|
||||
served: true
|
||||
|
|
@ -262,7 +278,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
controller-gen.kubebuilder.io/version: v0.11.1
|
||||
creationTimestamp: null
|
||||
name: kongingresses.configuration.konghq.com
|
||||
spec:
|
||||
|
|
@ -281,7 +297,7 @@ spec:
|
|||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: KongIngress is the Schema for the kongingresses API
|
||||
description: KongIngress is the Schema for the kongingresses API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
|
|
@ -298,19 +314,23 @@ spec:
|
|||
proxy:
|
||||
description: Proxy defines additional connection options for the routes
|
||||
to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`,
|
||||
e.t.c.
|
||||
etc.
|
||||
properties:
|
||||
connect_timeout:
|
||||
description: The timeout in milliseconds for establishing a connection
|
||||
to the upstream server.
|
||||
description: "The timeout in milliseconds for\testablishing a connection
|
||||
to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\"
|
||||
annotation instead."
|
||||
minimum: 0
|
||||
type: integer
|
||||
path:
|
||||
description: The path to be used in requests to the upstream server.(optional)
|
||||
description: '(optional) The path to be used in requests to the upstream
|
||||
server. Deprecated: use Service''s "konghq.com/path" annotation
|
||||
instead.'
|
||||
pattern: ^/.*$
|
||||
type: string
|
||||
protocol:
|
||||
description: The protocol used to communicate with the upstream.
|
||||
description: 'The protocol used to communicate with the upstream.
|
||||
Deprecated: use Service''s "konghq.com/protocol" annotation instead.'
|
||||
enum:
|
||||
- http
|
||||
- https
|
||||
|
|
@ -321,17 +341,20 @@ spec:
|
|||
- udp
|
||||
type: string
|
||||
read_timeout:
|
||||
description: The timeout in milliseconds between two successive read
|
||||
operations for transmitting a request to the upstream server.
|
||||
description: 'The timeout in milliseconds between two successive read
|
||||
operations for transmitting a request to the upstream server. Deprecated:
|
||||
use Service''s "konghq.com/read-timeout" annotation instead.'
|
||||
minimum: 0
|
||||
type: integer
|
||||
retries:
|
||||
description: The number of retries to execute upon failure to proxy.
|
||||
description: 'The number of retries to execute upon failure to proxy.
|
||||
Deprecated: use Service''s "konghq.com/retries" annotation instead.'
|
||||
minimum: 0
|
||||
type: integer
|
||||
write_timeout:
|
||||
description: The timeout in milliseconds between two successive write
|
||||
operations for transmitting a request to the upstream server.
|
||||
description: 'The timeout in milliseconds between two successive write
|
||||
operations for transmitting a request to the upstream server. Deprecated:
|
||||
use Service''s "konghq.com/write-timeout" annotation instead.'
|
||||
minimum: 0
|
||||
type: integer
|
||||
type: object
|
||||
|
|
@ -345,35 +368,44 @@ spec:
|
|||
items:
|
||||
type: string
|
||||
type: array
|
||||
description: Headers contains one or more lists of values indexed
|
||||
description: 'Headers contains one or more lists of values indexed
|
||||
by header name that will cause this Route to match if present in
|
||||
the request. The Host header cannot be used with this attribute.
|
||||
Deprecated: use Ingress'' "konghq.com/headers" annotation instead.'
|
||||
type: object
|
||||
https_redirect_status_code:
|
||||
description: HTTPSRedirectStatusCode is the status code Kong responds
|
||||
with when all properties of a Route match except the protocol.
|
||||
description: 'HTTPSRedirectStatusCode is the status code Kong responds
|
||||
with when all properties of a Route match except the protocol. Deprecated:
|
||||
use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code"
|
||||
annotations instead.'
|
||||
type: integer
|
||||
methods:
|
||||
description: Methods is a list of HTTP methods that match this Route.
|
||||
description: 'Methods is a list of HTTP methods that match this Route.
|
||||
Deprecated: use Ingress'' "konghq.com/override-protocols" annotation
|
||||
instead.'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
path_handling:
|
||||
description: PathHandling controls how the Service path, Route path
|
||||
description: 'PathHandling controls how the Service path, Route path
|
||||
and requested path are combined when sending a request to the upstream.
|
||||
Deprecated: use Ingress'' "konghq.com/path-handling" annotation
|
||||
instead.'
|
||||
enum:
|
||||
- v0
|
||||
- v1
|
||||
type: string
|
||||
preserve_host:
|
||||
description: PreserveHost sets When matching a Route via one of the
|
||||
description: 'PreserveHost sets When matching a Route via one of the
|
||||
hosts domain names, use the request Host header in the upstream
|
||||
request headers. If set to false, the upstream Host header will
|
||||
be that of the Service’s host.
|
||||
be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host"
|
||||
annotation instead.'
|
||||
type: boolean
|
||||
protocols:
|
||||
description: Protocols is an array of the protocols this Route should
|
||||
allow.
|
||||
description: 'Protocols is an array of the protocols this Route should
|
||||
allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation
|
||||
instead.'
|
||||
items:
|
||||
enum:
|
||||
- http
|
||||
|
|
@ -386,27 +418,32 @@ spec:
|
|||
type: string
|
||||
type: array
|
||||
regex_priority:
|
||||
description: RegexPriority is a number used to choose which route
|
||||
description: 'RegexPriority is a number used to choose which route
|
||||
resolves a given request when several routes match it using regexes
|
||||
simultaneously.
|
||||
simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority"
|
||||
annotation instead.'
|
||||
type: integer
|
||||
request_buffering:
|
||||
description: RequestBuffering sets whether to enable request body
|
||||
buffering or not.
|
||||
description: 'RequestBuffering sets whether to enable request body
|
||||
buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering"
|
||||
annotation instead.'
|
||||
type: boolean
|
||||
response_buffering:
|
||||
description: ResponseBuffering sets whether to enable response body
|
||||
buffering or not.
|
||||
description: 'ResponseBuffering sets whether to enable response body
|
||||
buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering"
|
||||
annotation instead.'
|
||||
type: boolean
|
||||
snis:
|
||||
description: SNIs is a list of SNIs that match this Route when using
|
||||
stream routing.
|
||||
description: 'SNIs is a list of SNIs that match this Route when using
|
||||
stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation
|
||||
instead.'
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
strip_path:
|
||||
description: StripPath sets When matching a Route via one of the paths
|
||||
strip the matching prefix from the upstream request URL.
|
||||
description: 'StripPath sets When matching a Route via one of the
|
||||
paths strip the matching prefix from the upstream request URL. Deprecated:
|
||||
use Ingress'' "konghq.com/strip-path" annotation instead.'
|
||||
type: boolean
|
||||
type: object
|
||||
upstream:
|
||||
|
|
@ -589,7 +626,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
controller-gen.kubebuilder.io/version: v0.11.1
|
||||
creationTimestamp: null
|
||||
name: kongplugins.configuration.konghq.com
|
||||
spec:
|
||||
|
|
@ -627,7 +664,7 @@ spec:
|
|||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: KongPlugin is the Schema for the kongplugins API
|
||||
description: KongPlugin is the Schema for the kongplugins API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
|
|
@ -635,21 +672,30 @@ spec:
|
|||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
config:
|
||||
description: Config contains the plugin configuration.
|
||||
description: Config contains the plugin configuration. It's a list of
|
||||
keys and values required to configure the plugin. Please read the documentation
|
||||
of the plugin being configured to set values in here. For any plugin
|
||||
in Kong, anything that goes in the `config` JSON key in the Admin API
|
||||
request, goes into this property. Only one of `config` or `configFrom`
|
||||
may be used in a KongPlugin, not both at once.
|
||||
type: object
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
configFrom:
|
||||
description: ConfigFrom references a secret containing the plugin configuration.
|
||||
This should be used when the plugin configuration contains sensitive
|
||||
information, such as AWS credentials in the Lambda plugin or the client
|
||||
secret in the OIDC plugin. Only one of `config` or `configFrom` may
|
||||
be used in a KongPlugin, not both at once.
|
||||
properties:
|
||||
secretKeyRef:
|
||||
description: SecretValueFromSource represents the source of a secret
|
||||
value
|
||||
description: Specifies a name and a key of a secret to refer to. The
|
||||
namespace is implicitly set to the one of referring object.
|
||||
properties:
|
||||
key:
|
||||
description: the key containing the value
|
||||
description: The key containing the value.
|
||||
type: string
|
||||
name:
|
||||
description: the secret containing the key
|
||||
description: The secret containing the key.
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
|
|
@ -657,10 +703,10 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
consumerRef:
|
||||
description: ConsumerRef is a reference to a particular consumer
|
||||
description: ConsumerRef is a reference to a particular consumer.
|
||||
type: string
|
||||
disabled:
|
||||
description: Disabled set if the plugin is disabled or not
|
||||
description: Disabled set if the plugin is disabled or not.
|
||||
type: boolean
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
|
|
@ -670,7 +716,13 @@ spec:
|
|||
metadata:
|
||||
type: object
|
||||
ordering:
|
||||
description: Ordering overrides the normal plugin execution order
|
||||
description: 'Ordering overrides the normal plugin execution order. It''s
|
||||
only available on Kong Enterprise. `<phase>` is a request processing
|
||||
phase (for example, `access` or `body_filter`) and `<plugin>` is the
|
||||
name of the plugin that will run before or after the KongPlugin. For
|
||||
example, a KongPlugin with `plugin: rate-limiting` and `before.access:
|
||||
["key-auth"]` will create a rate limiting plugin that limits requests
|
||||
_before_ they are authenticated.'
|
||||
properties:
|
||||
after:
|
||||
additionalProperties:
|
||||
|
|
@ -691,7 +743,7 @@ spec:
|
|||
type: object
|
||||
plugin:
|
||||
description: PluginName is the name of the plugin to which to apply the
|
||||
config
|
||||
config.
|
||||
type: string
|
||||
protocols:
|
||||
description: Protocols configures plugin to run on requests received on
|
||||
|
|
@ -727,7 +779,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
controller-gen.kubebuilder.io/version: v0.11.1
|
||||
creationTimestamp: null
|
||||
name: tcpingresses.configuration.konghq.com
|
||||
spec:
|
||||
|
|
@ -753,7 +805,7 @@ spec:
|
|||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: TCPIngress is the Schema for the tcpingresses API
|
||||
description: TCPIngress is the Schema for the tcpingresses API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
|
|
@ -768,7 +820,7 @@ spec:
|
|||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TCPIngressSpec defines the desired state of TCPIngress
|
||||
description: Spec is the TCPIngress specification.
|
||||
properties:
|
||||
rules:
|
||||
description: A list of rules used to configure the Ingress.
|
||||
|
|
@ -783,6 +835,7 @@ spec:
|
|||
properties:
|
||||
serviceName:
|
||||
description: Specifies the name of the referenced service.
|
||||
minLength: 1
|
||||
type: string
|
||||
servicePort:
|
||||
description: Specifies the port of the referenced service.
|
||||
|
|
@ -796,9 +849,12 @@ spec:
|
|||
type: object
|
||||
host:
|
||||
description: Host is the fully qualified domain name of a network
|
||||
host, as defined by RFC 3986. If a Host is specified, the
|
||||
protocol must be TLS over TCP. A plain-text TCP request cannot
|
||||
be routed based on Host. It can only be routed based on Port.
|
||||
host, as defined by RFC 3986. If a Host is not specified,
|
||||
then port-based TCP routing is performed. Kong doesn't care
|
||||
about the content of the TCP stream in this case. If a Host
|
||||
is specified, the protocol must be TLS over TCP. A plain-text
|
||||
TCP request cannot be routed based on Host. It can only be
|
||||
routed based on Port.
|
||||
type: string
|
||||
port:
|
||||
description: Port is the port on which to accept TCP or TLS
|
||||
|
|
@ -811,6 +867,7 @@ spec:
|
|||
type: integer
|
||||
required:
|
||||
- backend
|
||||
- port
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
|
|
@ -838,7 +895,7 @@ spec:
|
|||
type: array
|
||||
type: object
|
||||
status:
|
||||
description: TCPIngressStatus defines the observed state of TCPIngress
|
||||
description: TCPIngressStatus defines the observed state of TCPIngress.
|
||||
properties:
|
||||
loadBalancer:
|
||||
description: LoadBalancer contains the current status of the load-balancer.
|
||||
|
|
@ -909,7 +966,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.9.2
|
||||
controller-gen.kubebuilder.io/version: v0.11.1
|
||||
creationTimestamp: null
|
||||
name: udpingresses.configuration.konghq.com
|
||||
spec:
|
||||
|
|
@ -935,7 +992,7 @@ spec:
|
|||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: UDPIngress is the Schema for the udpingresses API
|
||||
description: UDPIngress is the Schema for the udpingresses API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
|
|
@ -950,7 +1007,7 @@ spec:
|
|||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: UDPIngressSpec defines the desired state of UDPIngress
|
||||
description: Spec is the UDPIngress specification.
|
||||
properties:
|
||||
rules:
|
||||
description: A list of rules used to configure the Ingress.
|
||||
|
|
@ -965,6 +1022,7 @@ spec:
|
|||
properties:
|
||||
serviceName:
|
||||
description: Specifies the name of the referenced service.
|
||||
minLength: 1
|
||||
type: string
|
||||
servicePort:
|
||||
description: Specifies the port of the referenced service.
|
||||
|
|
@ -980,6 +1038,9 @@ spec:
|
|||
description: Port indicates the port for the Kong proxy to accept
|
||||
incoming traffic on, which will then be routed to the service
|
||||
Backend.
|
||||
format: int32
|
||||
maximum: 65535
|
||||
minimum: 1
|
||||
type: integer
|
||||
required:
|
||||
- backend
|
||||
|
|
@ -988,7 +1049,7 @@ spec:
|
|||
type: array
|
||||
type: object
|
||||
status:
|
||||
description: UDPIngressStatus defines the observed state of UDPIngress
|
||||
description: UDPIngressStatus defines the observed state of UDPIngress.
|
||||
properties:
|
||||
loadBalancer:
|
||||
description: LoadBalancer contains the current status of the load-balancer.
|
||||
|
|
|
|||
|
|
@ -927,6 +927,11 @@ the template that it itself is using form the above sections.
|
|||
|
||||
{{- $userEnv := dict -}}
|
||||
{{- range $key, $val := .Values.env }}
|
||||
{{- if (contains "_log" $key) -}}
|
||||
{{- if (eq (typeOf $val) "bool") -}}
|
||||
{{- fail (printf "env.%s must use string 'off' to disable. Without quotes, YAML will coerce the value to a boolean and Kong will reject it" $key) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $upper := upper $key -}}
|
||||
{{- $var := printf "KONG_%s" $upper -}}
|
||||
{{- $_ := set $userEnv $var $val -}}
|
||||
|
|
|
|||
|
|
@ -298,6 +298,28 @@ spec:
|
|||
{{- include "kong.userDefinedVolumes" . | nindent 8 -}}
|
||||
{{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
|
||||
- name: {{ template "kong.serviceAccountTokenName" . }}
|
||||
{{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well.
|
||||
See the related documentation of semver module that Helm depends on for semverCompare:
|
||||
https://github.com/Masterminds/semver#working-with-prerelease-versions
|
||||
Related Helm issue: https://github.com/helm/helm/issues/3810 */}}
|
||||
{{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
expirationSeconds: 3607
|
||||
path: token
|
||||
- configMap:
|
||||
items:
|
||||
- key: ca.crt
|
||||
path: ca.crt
|
||||
name: kube-root-ca.crt
|
||||
- downwardAPI:
|
||||
items:
|
||||
- fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
path: namespace
|
||||
{{- else }}
|
||||
secret:
|
||||
secretName: {{ template "kong.serviceAccountTokenName" . }}
|
||||
items:
|
||||
|
|
@ -307,5 +329,6 @@ spec:
|
|||
path: ca.crt
|
||||
- key: namespace
|
||||
path: namespace
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -33,10 +33,12 @@ spec:
|
|||
spec:
|
||||
{{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
|
||||
serviceAccountName: {{ template "kong.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
{{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }}
|
||||
automountServiceAccountToken: true
|
||||
{{- else }}
|
||||
automountServiceAccountToken: false
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
{{- if .Values.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.image.pullSecrets }}
|
||||
|
|
|
|||
|
|
@ -33,10 +33,12 @@ spec:
|
|||
spec:
|
||||
{{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
|
||||
serviceAccountName: {{ template "kong.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
{{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }}
|
||||
automountServiceAccountToken: true
|
||||
{{- else }}
|
||||
automountServiceAccountToken: false
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
{{- if .Values.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.image.pullSecrets }}
|
||||
|
|
|
|||
|
|
@ -41,10 +41,12 @@ spec:
|
|||
spec:
|
||||
{{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
|
||||
serviceAccountName: {{ template "kong.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
{{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }}
|
||||
automountServiceAccountToken: true
|
||||
{{- else }}
|
||||
automountServiceAccountToken: false
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
{{- if .Values.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.image.pullSecrets }}
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue