Skip to content

Commit

Permalink
Add dev changes back
Browse files Browse the repository at this point in the history 
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
  • Loading branch information
@antgamdia
antgamdia committed Sep 15, 2023
1 parent 84c117d commit 057a013
Show file tree
Hide file tree
Showing 8 changed files with 354 additions and 15 deletions.
53 changes: 51 additions & 2 deletions chart/kubeapps/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
<!--- app-name: Kubeapps -->

# Kubeapps packaged by Bitnami

Kubeapps is a web-based UI for launching and managing applications on Kubernetes. It allows users to deploy trusted applications and operators to control users access to the cluster.
Expand Down Expand Up @@ -535,6 +533,57 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
| `kubeappsapis.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` |
| `kubeappsapis.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |

### OCI Catalog chart configuration

| Name | Description | Value |
| -------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------------------- |
| `ociCatalog.enabled` | Enable the OCI catalog gRPC service for cataloging | `false` |
| `ociCatalog.image.registry` | OCI Catalog image registry | `docker.io` |
| `ociCatalog.image.repository` | OCI Catalog image repository | `kubeapps/oci-catalog` |
| `ociCatalog.image.tag` | OCI Catalog image tag (immutable tags are recommended) | `latest` |
| `ociCatalog.image.digest` | OCI Catalog image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `ociCatalog.image.pullPolicy` | OCI Catalog image pull policy | `IfNotPresent` |
| `ociCatalog.image.pullSecrets` | Dashboard image pull secrets | `[]` |
| `ociCatalog.image.debug` | Enable image debug mode | `false` |
| `ociCatalog.extraFlags` | Additional command line flags for OCI Catalog | `[]` |
| `ociCatalog.extraEnvVars` | Array with extra environment variables to add to the oci-catalog container | `[]` |
| `ociCatalog.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the OCI Catalog container | `""` |
| `ociCatalog.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the OCI Catalog container | `""` |
| `ociCatalog.containerPorts.grpc` | OCI Catalog gRPC container port | `50061` |
| `ociCatalog.resources.limits.cpu` | The CPU limits for the OCI Catalog container | `250m` |
| `ociCatalog.resources.limits.memory` | The memory limits for the OCI Catalog container | `256Mi` |
| `ociCatalog.resources.requests.cpu` | The requested CPU for the OCI Catalog container | `25m` |
| `ociCatalog.resources.requests.memory` | The requested memory for the OCI Catalog container | `32Mi` |
| `ociCatalog.containerSecurityContext.enabled` | Enabled OCI Catalog containers' Security Context | `true` |
| `ociCatalog.containerSecurityContext.runAsUser` | Set OCI Catalog container's Security Context runAsUser | `1001` |
| `ociCatalog.containerSecurityContext.runAsNonRoot` | Set OCI Catalog container's Security Context runAsNonRoot | `true` |
| `ociCatalog.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `ociCatalog.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `ociCatalog.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `ociCatalog.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `ociCatalog.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `ociCatalog.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `ociCatalog.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `ociCatalog.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `ociCatalog.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `ociCatalog.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `ociCatalog.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `ociCatalog.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `ociCatalog.startupProbe.enabled` | Enable startupProbe | `false` |
| `ociCatalog.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
| `ociCatalog.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `ociCatalog.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `ociCatalog.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `ociCatalog.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `ociCatalog.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `ociCatalog.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `ociCatalog.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `ociCatalog.lifecycleHooks` | Custom lifecycle hooks for OCI Catalog containers | `{}` |
| `ociCatalog.command` | Override default container command (useful when using custom images) | `[]` |
| `ociCatalog.args` | Override default container args (useful when using custom images) | `[]` |
| `ociCatalog.extraVolumes` | Optionally specify extra list of additional volumes for the OCI Catalog pod(s) | `[]` |
| `ociCatalog.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the OCI Catalog container(s) | `[]` |

### Redis&reg; chart configuration

| Name | Description | Value |
Expand Down
7 changes: 7 additions & 0 deletions chart/kubeapps/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,13 @@ Return the proper kubeappsapis image name
{{- include "common.images.image" (dict "imageRoot" .Values.kubeappsapis.image "global" .Values.global) -}}
{{- end -}}

{{/*
Return the proper oci-catalog image name
*/}}
{{- define "kubeapps.ociCatalog.image" -}}
{{- include "common.images.image" (dict "imageRoot" .Values.ociCatalog.image "global" .Values.global) -}}
{{- end -}}

{{/*
Create a default fully qualified app name for PostgreSQL dependency.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
Expand Down
15 changes: 10 additions & 5 deletions chart/kubeapps/templates/apprepository/apprepositories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,14 @@ spec:
- {{ . }}
{{- end }}
{{- end }}
{{- if or $.Values.apprepository.containerSecurityContext.enabled $.Values.apprepository.initialReposProxy.enabled .nodeSelector }}
{{- if or $.Values.apprepository.podSecurityContext.enabled $.Values.apprepository.containerSecurityContext.enabled $.Values.apprepository.initialReposProxy.enabled .nodeSelector .tolerations}}
syncJobPodTemplate:
spec:
{{- if $.Values.apprepository.initialReposProxy.enabled }}
{{- if or $.Values.apprepository.initialReposProxy.enabled $.Values.apprepository.containerSecurityContext.enabled }}
containers:
- env:
-
{{- if $.Values.apprepository.initialReposProxy.enabled }}
env:
- name: https_proxy
value: {{ $.Values.apprepository.initialReposProxy.httpsProxy }}
- name: http_proxy
Expand All @@ -37,8 +39,11 @@ spec:
value: {{ $.Values.apprepository.initialReposProxy.noProxy }}
{{- end }}
{{- if $.Values.apprepository.containerSecurityContext.enabled }}
securityContext:
runAsUser: {{ $.Values.apprepository.containerSecurityContext.runAsUser }}
securityContext: {{- omit $.Values.apprepository.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- end }}
{{- if $.Values.apprepository.podSecurityContext.enabled }}
securityContext: {{- omit $.Values.apprepository.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .nodeSelector }}
nodeSelector: {{- toYaml .nodeSelector | nindent 8 }}
Expand Down
4 changes: 4 additions & 0 deletions chart/kubeapps/templates/apprepository/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,10 @@ spec:
env:
- name: REPO_SYNC_IMAGE
value: {{ include "kubeapps.apprepository.syncImage" . }}
{{- if .Values.ociCatalog.enabled }}
- name: OCI_CATALOG_URL
value: {{ printf "%s:%d" (include "kubeapps.kubeappsapis.fullname" .) (int .Values.ociCatalog.containerPorts.grpc) | quote }}
{{- end }}
{{- if .Values.apprepository.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.apprepository.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
Expand Down
37 changes: 36 additions & 1 deletion chart/kubeapps/templates/apprepository/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ SPDX-License-Identifier: APACHE-2.0

{{- if .Values.packaging.helm.enabled }}
{{- if .Values.rbac.create -}}
# Role for managing events, jobs and cronjobs in the release namespace
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
Expand Down Expand Up @@ -40,6 +41,19 @@ rules:
- jobs
verbs:
- create
---
# ClusterRole for managing AppRepository objects in every namespace,
# so that we can update the finalizers on AppRepository objects
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- kubeapps.com
resources:
Expand All @@ -48,8 +62,10 @@ rules:
verbs:
- get
- list
- update
- watch
- create
- update
- patch
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
Expand All @@ -70,6 +86,25 @@ subjects:
name: {{ template "kubeapps.apprepository.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
# ClusterRoleBinding for the apprepository controller SA
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kubeapps.apprepository.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.apprepository.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
# Define role, but no binding, so users can be bound to this role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
Expand Down
Loading

0 comments on commit 057a013

Please sign in to comment.