diff --git a/revad/Chart.yaml b/revad/Chart.yaml index acb9b94..65511c4 100644 --- a/revad/Chart.yaml +++ b/revad/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: revad description: The Reva daemon (revad) helm chart type: application -version: 1.4.1 +version: 1.4.2 appVersion: v1.18.0 -kubeVersion: ">= 1.19.0" +kubeVersion: '>= 1.19.0' icon: https://reva.link/logo.svg home: https://reva.link sources: @@ -23,7 +23,7 @@ keywords: - sync-and-share annotations: artifacthub.io/changes: | - - "Update revad image to v1.18.0" + - "Add imagePullSecrets to deployment" artifacthub.io/images: | - name: revad image: cs3org/revad:v1.18.0 diff --git a/revad/README.md b/revad/README.md index e39630f..2abd3a0 100644 --- a/revad/README.md +++ b/revad/README.md @@ -14,7 +14,7 @@ This chart creates a Reva deployment on a [Kubernetes](http://kubernetes.io) clu To install the chart with the release name `my-reva`: ```console -$ helm install my-reva cs3org/revad +helm install my-reva cs3org/revad ``` ## Uninstalling the Chart @@ -22,46 +22,47 @@ $ helm install my-reva cs3org/revad To uninstall/delete the deployment: ```console -$ helm delete my-reva +helm delete my-reva ``` ## Configuration The following configurations may be set. It is recommended to use `values.yaml` for overwriting the revad config. -| Parameter | Description | Default | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | -| `replicaCount` | How many replicas to run. | `1` | -| `image.repository` | Name of the image to run, without the tag. | [`cs3org/revad`](https://hub.docker.com/r/cs3org/revad) | -| `image.tag` | The image tag to use. | `v1.7.0` | -| `image.pullPolicy` | The kubernetes image pull policy. | `Always` | -| `service.type` | The kubernetes service type to use. | `ClusterIP` | -| `service.grpc.port` | Revad's GRPC Service port. To be set on the `address` under the `[grpc]` section of the config. | `19000`. Can be explicitly disabled by setting `service.grpc` to `null`. | -| `service.http.port` | Revad's HTTP Service port. To be set on the `address` under the `[http]` section of the config. | `19001`. Can be explicitly disabled by setting `service.http` to `null`. | -| `extraVolumeMounts` | Array of additional volume mounts. | `[]` | -| `extraVolumes` | Array of additional volumes. | `[]` | -| `emptyDir.sizeLimit` | `emptyDir` `sizeLimit` if a Persistent Volume is not used | `""` | -| `persistentVolume.enabled` | If true, Revad will create a Persistent Volume Claim. | `false` | -| `persistentVolume.accessModes` | Revad data Persistent Volume access modes. | `[ReadWriteOnce]` | -| `persistentVolume.annotations` | Revad data Persistent Volume annotations. | `{}` | -| `persistentVolume.existingClaim` | Revad data pre-existing Persistent Volume Claim's name. | `""` | -| `persistentVolume.mountPath` | Revad data Persistent Volume mount root path. To be set as the `storage` service `root`. | `/var/tmp/reva` | -| `persistentVolume.subPath` | Subdirectory of the Persistent Volume to mount as Revad's datadir. | `""` | -| `persistentVolume.size` | Revad data Persistent Volume size. | `2Gi` | -| `persistentVolume.storageClass` | [PVC Storage Class](https://kubernetes.io/docs/concepts/storage/storage-classes/#the-storageclass-resource). | `unset` | -| `persistentVolume.volumeBindingMode` | [PVC Binding Mode](https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode). | `unset` | -| `env` | Dictionary of environment variables passed to the container in `NAME:value` form. | `{}` | -| `extraEnv` | List of environment variables passed to the container in pod field (`name` and `value`/`valueFrom`) form. | `[]` | -| `envFrom` | List of sources (ConfigMap/Secret) to populate environment variables in the container. | `[]` | -| `ingress.enabled` | Whether to create an Ingress resource to access the reva daemon services. | `false`. Individual ingress resources might be disabled by setting `ingress.services.{http,grpc}` to `null`. | -| `ingress.services.{http,grpc}.hostname` | The {HTTP, gRPC} service ingress hostname. | `{http,grpc}.revad.local` | -| `ingress.services.{http,grpc}.path` | The {HTTP, gRPC} service ingress path. | `/` | -| `ingress.services.{http,grpc}.annotations` | {HTTP, gRPC} ingress resource annotations. | `{}` | -| `ingress.services.{http,grpc}.tls` | {HTTP, gRPC} ingress TLS configuration (YAML). | `[]` | -| `configFiles.revad\\.toml` | Revad [config file](https://reva.link/docs/config/). Mounted on `/etc/revad/`. | [`examples/standalone/standalone.toml`](https://github.com/cs3org/reva/blob/master/examples/standalone/standalone.toml) | -| `configFiles.users\\.json` | Revad `users.json` for the `auth_manager` and `userprovider` services. Mounted on `/etc/revad/`. | [`examples/standalone/users.demo.json`](https://github.com/cs3org/reva/blob/master/examples/standalone/users.demo.json) | -| `configFiles.groups\\.json` | Revad `groups.json` for the `groupprovider` service. Mounted on `/etc/revad/`. | [`examples/standalone/groups.demo.json`](https://github.com/cs3org/reva/blob/master/examples/standalone/groups.demo.json) | -| `configFiles.ocm-providers\\.json` | Revad `ocm-providers.json` for the `ocmproviderauthorizer` service. Mounted on `/etc/revad/`. | `[]` | +| Parameter | Description | Default | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | +| `replicaCount` | How many replicas to run. | `1` | +| `image.repository` | Name of the image to run, without the tag. | [`cs3org/revad`](https://hub.docker.com/r/cs3org/revad) | +| `image.tag` | The image tag to use. | `v1.7.0` | +| `image.pullPolicy` | The kubernetes image pull policy. | `Always` | +| `image.pullSecrets` | List of names of secrets containing container image registry access keys. | `[]` | +| `service.type` | The kubernetes service type to use. | `ClusterIP` | +| `service.grpc.port` | Revad's GRPC Service port. To be set on the `address` under the `[grpc]` section of the config. | `19000`. Can be explicitly disabled by setting `service.grpc` to `null`. | +| `service.http.port` | Revad's HTTP Service port. To be set on the `address` under the `[http]` section of the config. | `19001`. Can be explicitly disabled by setting `service.http` to `null`. | +| `extraVolumeMounts` | Array of additional volume mounts. | `[]` | +| `extraVolumes` | Array of additional volumes. | `[]` | +| `emptyDir.sizeLimit` | `emptyDir` `sizeLimit` if a Persistent Volume is not used | `""` | +| `persistentVolume.enabled` | If true, Revad will create a Persistent Volume Claim. | `false` | +| `persistentVolume.accessModes` | Revad data Persistent Volume access modes. | `[ReadWriteOnce]` | +| `persistentVolume.annotations` | Revad data Persistent Volume annotations. | `{}` | +| `persistentVolume.existingClaim` | Revad data pre-existing Persistent Volume Claim's name. | `""` | +| `persistentVolume.mountPath` | Revad data Persistent Volume mount root path. To be set as the `storage` service `root`. | `/var/tmp/reva` | +| `persistentVolume.subPath` | Subdirectory of the Persistent Volume to mount as Revad's datadir. | `""` | +| `persistentVolume.size` | Revad data Persistent Volume size. | `2Gi` | +| `persistentVolume.storageClass` | [PVC Storage Class](https://kubernetes.io/docs/concepts/storage/storage-classes/#the-storageclass-resource). | `unset` | +| `persistentVolume.volumeBindingMode` | [PVC Binding Mode](https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode). | `unset` | +| `env` | Dictionary of environment variables passed to the container in `NAME:value` form. | `{}` | +| `extraEnv` | List of environment variables passed to the container in pod field (`name` and `value`/`valueFrom`) form. | `[]` | +| `envFrom` | List of sources (ConfigMap/Secret) to populate environment variables in the container. | `[]` | +| `ingress.enabled` | Whether to create an Ingress resource to access the reva daemon services. | `false`. Individual ingress resources might be disabled by setting `ingress.services.{http,grpc}` to `null`. | +| `ingress.services.{http,grpc}.hostname` | The {HTTP, gRPC} service ingress hostname. | `{http,grpc}.revad.local` | +| `ingress.services.{http,grpc}.path` | The {HTTP, gRPC} service ingress path. | `/` | +| `ingress.services.{http,grpc}.annotations` | {HTTP, gRPC} ingress resource annotations. | `{}` | +| `ingress.services.{http,grpc}.tls` | {HTTP, gRPC} ingress TLS configuration (YAML). | `[]` | +| `configFiles.revad\\.toml` | Revad [config file](https://reva.link/docs/config/). Mounted on `/etc/revad/`. | [`examples/standalone/standalone.toml`](https://github.com/cs3org/reva/blob/master/examples/standalone/standalone.toml) | +| `configFiles.users\\.json` | Revad `users.json` for the `auth_manager` and `userprovider` services. Mounted on `/etc/revad/`. | [`examples/standalone/users.demo.json`](https://github.com/cs3org/reva/blob/master/examples/standalone/users.demo.json) | +| `configFiles.groups\\.json` | Revad `groups.json` for the `groupprovider` service. Mounted on `/etc/revad/`. | [`examples/standalone/groups.demo.json`](https://github.com/cs3org/reva/blob/master/examples/standalone/groups.demo.json) | +| `configFiles.ocm-providers\\.json` | Revad `ocm-providers.json` for the `ocmproviderauthorizer` service. Mounted on `/etc/revad/`. | `[]` | > **Note:** `service.grpc` and `service.http` can't be both `null`. diff --git a/revad/templates/deployment.yaml b/revad/templates/deployment.yaml index ad1193f..0c2085d 100644 --- a/revad/templates/deployment.yaml +++ b/revad/templates/deployment.yaml @@ -20,6 +20,7 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: - name: http containerPort: {{ .Values.service.http.port }} @@ -57,6 +58,12 @@ spec: envFrom: {{ toYaml .Values.envFrom | indent 12 }} {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range (default .Values.image.pullSecrets) }} + - name: {{ . }} + {{- end }} + {{- end }} volumes: - name: {{ include "revad.fullname" . }}-configfiles configMap: diff --git a/revad/values.yaml b/revad/values.yaml index a7dcb09..510f08e 100644 --- a/revad/values.yaml +++ b/revad/values.yaml @@ -4,6 +4,8 @@ image: repository: cs3org/revad tag: v1.18.0 pullPolicy: Always + pullSecrets: + [] service: type: ClusterIP @@ -16,7 +18,7 @@ extraVolumeMounts: [] extraVolumes: [] emptyDir: - sizeLimit: "" + sizeLimit: '' persistentVolume: ## If true, revad will create/use a Persistent Volume Claim @@ -31,25 +33,26 @@ persistentVolume: annotations: {} ## If defined, PVC MUST be created manually before volume will be bound - existingClaim: "" + existingClaim: '' mountPath: /var/tmp/reva ## Subdirectory of the PV to mount. If the root directory is not empty - subPath: "" + subPath: '' size: 2Gi ## If set to "-", storageClassName: "": disables dynamic provisioning ## If undefined or null, chooses the default provisioner. # storageClass: "-" - # volumeBindingMode: "" ## Environment variables in NAME:VALUE (dict) form -env: {} +env: + {} # REVA_ENV: value ## Environment variables in {name,value/valueFrom} (list) form -extraEnv: [] +extraEnv: + [] # - name: REVA_ENV # value: value # - name: REVA_ENV_FROM @@ -63,7 +66,8 @@ extraEnv: [] # name: secret # key: secret_key -envFrom: [] +envFrom: + [] # - configMapRef: # name: reva-envars # - secretRef: @@ -75,10 +79,12 @@ ingress: http: hostname: http.revad.local path: / - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # nginx.ingress.kubernetes.io/ssl-redirect: "true" - tls: [] + tls: + [] # Secrets must be present in the namespace beforehand. # - secretName: http-revad-tls # hosts: @@ -86,11 +92,13 @@ ingress: grpc: hostname: grpc.revad.local path: / - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # nginx.ingress.kubernetes.io/ssl-redirect: "true" # nginx.ingress.kubernetes.io/backend-protocol: "GRPC" - tls: [] + tls: + [] # - secretName: grpc-revad-tls # hosts: # - grpc.revad.local diff --git a/wopiserver/Chart.yaml b/wopiserver/Chart.yaml index e7139b5..5e1cf25 100644 --- a/wopiserver/Chart.yaml +++ b/wopiserver/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: wopiserver description: A Vendor-neutral Web-application Open Platform Interface (WOPI) gateway for EFSS systems type: application -version: 0.5.1 +version: 0.5.2 appVersion: v8.3.3 -kubeVersion: ">= 1.19.0" +kubeVersion: '>= 1.19.0' home: https://github.com/cs3org/wopiserver sources: - https://github.com/cs3org/wopiserver @@ -18,8 +18,8 @@ keywords: - efss annotations: artifacthub.io/changes: | - - "update image to cs3org/wopiserver:v8.3.3" + - "Add imagePullSecrets to deployment" artifacthub.io/images: | - name: wopiserver image: cs3org/wopiserver:v8.3.3 - artifacthub.io/containsSecurityUpdates: "false" + artifacthub.io/containsSecurityUpdates: 'false' diff --git a/wopiserver/README.md b/wopiserver/README.md index 8dc43f6..298765a 100644 --- a/wopiserver/README.md +++ b/wopiserver/README.md @@ -40,6 +40,7 @@ The following configurations may be set. It is recommended to use `values.yaml` | `image.pullPolicy` | The kubernetes image pull policy. | `IfNotPresent` | | `image.repository` | Name of the image to run, without the tag. | [`cs3org/wopiserver`](https://hub.docker.com/r/cs3org/wopiserver) | | `image.tag` | The image tag to use. | `v8.3.2` | +| `image.pullSecrets` | List of names of secrets containing container image registry access keys. | `[]` | | `ingress.annotations` | Ingress annotations. | `{}` | | `ingress.enabled` | Whether to create an Ingress resource to access the wopiserver. | `false` | | `ingress.hostname` | The ingress hostname. | `wopi.local` | diff --git a/wopiserver/templates/deployment.yaml b/wopiserver/templates/deployment.yaml index afe51df..42f7469 100644 --- a/wopiserver/templates/deployment.yaml +++ b/wopiserver/templates/deployment.yaml @@ -55,6 +55,12 @@ spec: httpGet: path: / port: http + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range (default .Values.image.pullSecrets) }} + - name: {{ . }} + {{- end }} + {{- end }} volumes: - name: tmp-volume emptyDir: {} diff --git a/wopiserver/values.yaml b/wopiserver/values.yaml index 8483b1a..19e802d 100644 --- a/wopiserver/values.yaml +++ b/wopiserver/values.yaml @@ -4,7 +4,8 @@ image: repository: cs3org/wopiserver tag: v8.3.3 pullPolicy: IfNotPresent - + pullSecrets: + [] service: type: ClusterIP port: 8880 @@ -41,10 +42,12 @@ ingress: enabled: false hostname: wopi.local path: /wopi - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # nginx.ingress.kubernetes.io/ssl-redirect: "true" - tls: [] + tls: + [] # Secrets must be present in the namespace beforehand. # - secretName: wopi-tls # hosts: @@ -60,7 +63,8 @@ securityContext: runAsGroup: 1000 # -- Resources to apply to all services. -resources: {} +resources: + {} # limits: # cpu: 100m # memory: 128Mi