Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Helm Chart Improvements #242

Merged
merged 6 commits into from
Feb 4, 2024
Merged

Helm Chart Improvements #242

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4a62d46
Add toggle for enable/disable TLS in OpenShift Route
Jaydee94 Feb 2, 2024
983d319
Update chart/kubeseal-webgui/values.yaml
Jaydee94 Feb 4, 2024
59487c8
Update chart/kubeseal-webgui/values.yaml
Jaydee94 Feb 4, 2024
137d8ce
Change order of service account name rendering
Jaydee94 Feb 4, 2024
ac90eb3
Update deployment.yaml
Jaydee94 Feb 4, 2024
65722fa
Merge branch 'master' into fix-helm-issues
Jaydee94 Feb 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion chart/kubeseal-webgui/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
name: kubeseal-webgui
description: A Helm chart for installing kubeseal-webgui
version: 5.1.5
version: 5.2.0
appVersion: 4.2.5
75 changes: 38 additions & 37 deletions chart/kubeseal-webgui/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,40 +24,41 @@ The command removes all the Kubernetes components associated with the chart and

## Configuration

| Parameter | Description | Default |
| ----------------------------------------- | ----------------------------------------------- | -------------------------------- |
| `replicaCount` | Number of nodes | `1` |
| `annotations` | Optional annotations for the pods | `{}` |
| `api.image.repository` | Image-Repository and name of the api image. | `kubesealwebgui/api` |
| `api.image.tag` | Image Tag of the api image. | `4.2.5` |
| `api.environment` | Additional env variables for the api image. | `{}` |
| `api.loglevel` | Loglevel for the api image. | `INFO` |
| `ui.image.repository` | Image-Repository and name of the ui image. | `kubesealwebgui/ui` |
| `ui.image.tag` | Image Tag of the ui image. | `4.2.5` |
| `image.pullPolicy` | Image Pull Policy | `Always` |
| `nameOverride` | Name-Override for the objects | `""` |
| `fullnameOverride` | Fullname-Override for the objects | `""` |
| `serviceaccount.create` | Add serviceaccount for listing namespaces | `true` |
| `tolerations` | Add tolerations to the deployment. | `[]` |
| `affinity` | Add affinity rules to the deployment. | `{}` |
| `nodeSelector` | Add a nodeSelector to the deployment. | `{}` |
| `displayName` | Optional display name for the kubeseal instance | `""` |
| `resources.limits.cpu` | Limits CPU | `100m` |
| `resources.limits.memory` | Limits memory | `256Mi` |
| `resources.requests.cpu` | Requests CPU | `20m` |
| `resources.requests.memory` | Requests memory | `20m` |
| `ingress.enabled` | Enable an ingress route | `false` |
| `ingress.annotations` | Additional annotations for the ingress object. | `{}` |
| `ingress.ingressClassName` | Additional ingressClassName. | `""` |
| `ingress.hostname` | The hostname for the ingress route | `kubeseal-webgui.example.com` |
| `ingress.tls.enabled` | Enable TLS for the ingress route | `false` |
| `ingress.tls.secretName` | The secret name for private and public key | `""` |
| `route.enabled` | Deploy OpenShift route | `false` |
| `route.hostname` | Set Hostname of the route | `""` |
| `route.tls.termination` | TLS Termination of the route | `""` |
| `route.tls.insecureEdgeTerminationPolicy` | TLS insecureEdgeTerminationPolicy of the route | `""` |
| `sealedSecrets.autoFetchCert` | Load the cert from the Controller on start | `false` |
| `sealedSecrets.controllerName` | Deployment name of the Controller | `sealed-secrets-controller` |
| `sealedSecrets.controllerNamespace` | Namespace the Controller resides in | `kube-system` |
| `sealedSecrets.cert` | Public-Key of your SealedSecrets controller | `""` |
| `api.environment` | Additional API environment variables | `{}` |
| Parameter | Description | Default |
| ----------------------------------------- | ------------------------------------------------- | ----------------------------- |
| `replicaCount` | Number of nodes | `1` |
| `annotations` | Optional annotations for the pods | `{}` |
| `api.image.repository` | Image-Repository and name of the api image. | `kubesealwebgui/api` |
| `api.image.tag` | Image Tag of the api image. | `4.2.5` |
| `api.environment` | Additional env variables for the api image. | `{}` |
| `api.loglevel` | Loglevel for the api image. | `INFO` |
| `ui.image.repository` | Image-Repository and name of the ui image. | `kubesealwebgui/ui` |
| `ui.image.tag` | Image Tag of the ui image. | `4.2.5` |
| `image.pullPolicy` | Image Pull Policy | `Always` |
| `nameOverride` | Name-Override for the objects | `""` |
| `fullnameOverride` | Fullname-Override for the objects | `""` |
| `customServiceAccountName` | Optionallyn define your own serviceaccount to use | `true` |
| `tolerations` | Add tolerations to the deployment. | `[]` |
| `affinity` | Add affinity rules to the deployment. | `{}` |
| `nodeSelector` | Add a nodeSelector to the deployment. | `{}` |
| `displayName` | Optional display name for the kubeseal instance | `""` |
| `resources.limits.cpu` | Limits CPU | `100m` |
| `resources.limits.memory` | Limits memory | `256Mi` |
| `resources.requests.cpu` | Requests CPU | `20m` |
| `resources.requests.memory` | Requests memory | `20m` |
| `ingress.enabled` | Enable an ingress route | `false` |
| `ingress.annotations` | Additional annotations for the ingress object. | `{}` |
| `ingress.ingressClassName` | Additional ingressClassName. | `""` |
| `ingress.hostname` | The hostname for the ingress route | `kubeseal-webgui.example.com` |
| `ingress.tls.enabled` | Enable TLS for the ingress route | `false` |
| `ingress.tls.secretName` | The secret name for private and public key | `""` |
| `route.enabled` | Deploy OpenShift route | `false` |
| `route.hostname` | Set Hostname of the route | `""` |
| `route.tls.enabled` | Enable/Disable TLS for OpenShift Route | `true` |
| `route.tls.termination` | TLS Termination of the route | `""` |
| `route.tls.insecureEdgeTerminationPolicy` | TLS insecureEdgeTerminationPolicy of the route | `""` |
| `sealedSecrets.autoFetchCert` | Load the cert from the Controller on start | `false` |
| `sealedSecrets.controllerName` | Deployment name of the Controller | `sealed-secrets-controller` |
| `sealedSecrets.controllerNamespace` | Namespace the Controller resides in | `kube-system` |
| `sealedSecrets.cert` | Public-Key of your SealedSecrets controller | `""` |
| `api.environment` | Additional API environment variables | `{}` |
2 changes: 1 addition & 1 deletion chart/kubeseal-webgui/templates/clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.serviceaccount.create }}
{{- if not .Values.customServiceAccountName }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
Expand Down
2 changes: 1 addition & 1 deletion chart/kubeseal-webgui/templates/clusterrolebinding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.serviceaccount.create }}
{{- if not .Values.customServiceAccountName }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
Expand Down
4 changes: 1 addition & 3 deletions chart/kubeseal-webgui/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,7 @@ spec:
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.serviceaccount.create }}
serviceAccountName: kubeseal-webgui
{{- end }}
serviceAccountName: {{ .Values.customServiceAccountName | default "kubeseal-webgui" | quote }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | nindent 8 }}
Expand Down
2 changes: 2 additions & 0 deletions chart/kubeseal-webgui/templates/route-ui.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,10 @@ spec:
weight: 100
port:
targetPort: ui
{{- if .Values.route.tls.enabled }}
tls:
termination: {{ .Values.route.tls.termination }}
insecureEdgeTerminationPolicy: {{ .Values.route.tls.insecureEdgeTerminationPolicy }}
{{- end }}
wildcardPolicy: None
{{- end }}
2 changes: 1 addition & 1 deletion chart/kubeseal-webgui/templates/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.serviceaccount.create }}
{{- if not .Values.customServiceAccountName }}
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
9 changes: 5 additions & 4 deletions chart/kubeseal-webgui/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,10 @@ fullnameOverride: ""
# Optionally setup a display name for your kubeseal-webgui instance.
displayName: ""

# Set this value to false if you already have a default serviceaccount who is allowed to list namespaces.
serviceaccount:
create: true
# Set this value to specify a ServiceAccount that is allowed to list namespaces.
# Leave empty to use the ServiceAccount shipped with this chart.
# If you use a custom ServiceAccount, it must be able to list namespaces in your cluster.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line can probably be left out, as it duplicates line 28

customServiceAccountName: ""

affinity: {}

Expand All @@ -45,7 +46,6 @@ resources:
memory: 256Mi

# Setup an ingress route optionally

ingress:
enabled: false
annotations: {}
Expand All @@ -61,6 +61,7 @@ route:
enabled: false
hostname: ""
tls:
enabled: true
termination: edge
insecureEdgeTerminationPolicy: None

Expand Down
Loading