From 57e6e23c857ee30ab53882596d90233456c799a1 Mon Sep 17 00:00:00 2001 From: kubeapps-bot Date: Sun, 24 Oct 2021 21:15:34 +0000 Subject: [PATCH 1/2] bump chart version to 7.5.9 --- chart/kubeapps/Chart.lock | 6 +- chart/kubeapps/Chart.yaml | 2 +- chart/kubeapps/README.md | 560 +++++++++--------- chart/kubeapps/templates/NOTES.txt | 6 +- .../templates/assetsvc/deployment.yaml | 4 +- .../kubeapps/templates/assetsvc/service.yaml | 2 - .../templates/frontend/configmap.yaml | 2 + .../templates/frontend/deployment.yaml | 2 +- .../templates/kubeappsapis/deployment.yaml | 7 + .../{rbac_fluxv2.yaml => rbac.yaml} | 30 +- .../templates/kubeappsapis/service.yaml | 2 + .../kubeappsapis/serviceaccount.yaml | 4 + chart/kubeapps/templates/kubeops/rbac.yaml | 4 + chart/kubeapps/values.yaml | 10 +- 14 files changed, 334 insertions(+), 307 deletions(-) rename chart/kubeapps/templates/kubeappsapis/{rbac_fluxv2.yaml => rbac.yaml} (61%) diff --git a/chart/kubeapps/Chart.lock b/chart/kubeapps/Chart.lock index 1a750b65a71..3e1ac2c6dbc 100644 --- a/chart/kubeapps/Chart.lock +++ b/chart/kubeapps/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 1.10.0 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.12.3 + version: 10.12.2 - name: redis repository: https://charts.bitnami.com/bitnami version: 15.4.1 -digest: sha256:9efa553aecdfbf8e3199446831ac2492d718ec6cf07380f924ae9fead8243c38 -generated: "2021-10-10T22:58:07.960326-07:00" +digest: sha256:624869c765621f51da8446d0c472aa997710be01033badac8feea3dbb130e23e +generated: "2021-10-07T08:55:54.569891292Z" diff --git a/chart/kubeapps/Chart.yaml b/chart/kubeapps/Chart.yaml index 95ab56f13fb..15869def79a 100644 --- a/chart/kubeapps/Chart.yaml +++ b/chart/kubeapps/Chart.yaml @@ -33,4 +33,4 @@ maintainers: name: kubeapps sources: - https://github.com/kubeapps/kubeapps -version: 7.5.9-dev1 +version: 7.5.9 diff --git a/chart/kubeapps/README.md b/chart/kubeapps/README.md index 7baef34813f..eb3e2faa762 100644 --- a/chart/kubeapps/README.md +++ b/chart/kubeapps/README.md @@ -166,226 +166,225 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith ### Dashboard parameters -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------ | -------------------- | -| `dashboard.image.registry` | Dashboard image registry | `docker.io` | -| `dashboard.image.repository` | Dashboard image repository | `kubeapps/dashboard` | -| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `latest` | -| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | -| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | -| `dashboard.image.debug` | Enable image debug mode | `false` | -| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` | -| `dashboard.customAppViews` | Package names to signal a custom app view | `[]` | -| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` | -| `dashboard.remoteComponentsUrl` | Remote URL that can be used to load custom components vs loading from the local filesystem | `""` | -| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` | -| `dashboard.defaultTheme` | Default theme used in the Dashboard if the user has not selected any theme yet. | `""` | -| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` | -| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` | -| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` | -| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` | -| `dashboard.containerPort` | Dashboard HTTP container port | `8080` | -| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` | -| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` | -| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` | -| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` | -| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | -| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | -| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` | -| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` | -| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` | -| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` | -| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` | -| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` | -| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `dashboard.affinity` | Affinity for pod assignment | `{}` | -| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` | -| `dashboard.tolerations` | Tolerations for pod assignment | `[]` | -| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` | -| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` | -| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` | -| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` | -| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `[]` | -| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `[]` | -| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` | -| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` | +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------- | +| `dashboard.image.registry` | Dashboard image registry | `docker.io` | +| `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` | +| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.4.1-debian-10-r0` | +| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | +| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | +| `dashboard.image.debug` | Enable image debug mode | `false` | +| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` | +| `dashboard.customAppViews` | Package names to signal a custom app view | `[]` | +| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` | +| `dashboard.remoteComponentsUrl` | Remote URL that can be used to load custom components vs loading from the local filesystem | `""` | +| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` | +| `dashboard.defaultTheme` | Default theme used in the Dashboard if the user has not selected any theme yet. | `""` | +| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` | +| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` | +| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` | +| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` | +| `dashboard.containerPort` | Dashboard HTTP container port | `8080` | +| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` | +| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` | +| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` | +| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` | +| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | +| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | +| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` | +| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` | +| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` | +| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` | +| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` | +| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` | +| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `dashboard.affinity` | Affinity for pod assignment | `{}` | +| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` | +| `dashboard.tolerations` | Tolerations for pod assignment | `[]` | +| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` | +| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` | +| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` | +| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` | +| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `[]` | +| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `[]` | +| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` | +| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` | ### AppRepository Controller parameters -| Name | Description | Value | -| ----------------------------------------------------- | ----------------------------------------------------------------------------------------- | ----------------------------------- | -| `apprepository.image.registry` | Kubeapps AppRepository Controller image registry | `docker.io` | -| `apprepository.image.repository` | Kubeapps AppRepository Controller image repository | `kubeapps/apprepository-controller` | -| `apprepository.image.tag` | Kubeapps AppRepository Controller image tag (immutable tags are recommended) | `latest` | -| `apprepository.image.pullPolicy` | Kubeapps AppRepository Controller image pull policy | `IfNotPresent` | -| `apprepository.image.pullSecrets` | Kubeapps AppRepository Controller image pull secrets | `[]` | -| `apprepository.syncImage.registry` | Kubeapps Asset Syncer image registry | `docker.io` | -| `apprepository.syncImage.repository` | Kubeapps Asset Syncer image repository | `kubeapps/asset-syncer` | -| `apprepository.syncImage.tag` | Kubeapps Asset Syncer image tag (immutable tags are recommended) | `latest` | -| `apprepository.syncImage.pullPolicy` | Kubeapps Asset Syncer image pull policy | `IfNotPresent` | -| `apprepository.syncImage.pullSecrets` | Kubeapps Asset Syncer image pull secrets | `[]` | -| `apprepository.initialRepos` | Initial chart repositories to configure | `[]` | -| `apprepository.customAnnotations` | Custom annotations be added to each AppRepository-generated CronJob, Job and Pod | `{}` | -| `apprepository.customLabels` | Custom labels be added to each AppRepository-generated CronJob, Job and Pod | `{}` | -| `apprepository.initialReposProxy` | Proxy configuration to access chart repositories | `{}` | -| `apprepository.crontab` | Schedule for syncing App repositories (default to 10 minutes) | `""` | -| `apprepository.watchAllNamespaces` | Watch all namespaces to support separate AppRepositories per namespace | `true` | -| `apprepository.replicaCount` | Number of AppRepository Controller replicas to deploy | `1` | -| `apprepository.resources.limits.cpu` | The CPU limits for the AppRepository Controller container | `250m` | -| `apprepository.resources.limits.memory` | The memory limits for the AppRepository Controller container | `128Mi` | -| `apprepository.resources.requests.cpu` | The requested CPU for the AppRepository Controller container | `25m` | -| `apprepository.resources.requests.memory` | The requested memory for the AppRepository Controller container | `32Mi` | -| `apprepository.podSecurityContext.enabled` | Enabled AppRepository Controller pods' Security Context | `true` | -| `apprepository.podSecurityContext.fsGroup` | Set AppRepository Controller pod's Security Context fsGroup | `1001` | -| `apprepository.containerSecurityContext.enabled` | Enabled AppRepository Controller containers' Security Context | `true` | -| `apprepository.containerSecurityContext.runAsUser` | Set AppRepository Controller container's Security Context runAsUser | `1001` | -| `apprepository.containerSecurityContext.runAsNonRoot` | Set AppRepository Controller container's Security Context runAsNonRoot | `true` | -| `apprepository.lifecycleHooks` | Custom lifecycle hooks for AppRepository Controller containers | `{}` | -| `apprepository.podLabels` | Extra labels for AppRepository Controller pods | `{}` | -| `apprepository.podAnnotations` | Annotations for AppRepository Controller pods | `{}` | -| `apprepository.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `apprepository.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `apprepository.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `apprepository.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `apprepository.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `apprepository.affinity` | Affinity for pod assignment | `{}` | -| `apprepository.nodeSelector` | Node labels for pod assignment | `{}` | -| `apprepository.tolerations` | Tolerations for pod assignment | `[]` | -| `apprepository.priorityClassName` | Priority class name for AppRepository Controller pods | `""` | -| `apprepository.hostAliases` | Custom host aliases for AppRepository Controller pods | `[]` | +| Name | Description | Value | +| ----------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------- | +| `apprepository.image.registry` | Kubeapps AppRepository Controller image registry | `docker.io` | +| `apprepository.image.repository` | Kubeapps AppRepository Controller image repository | `bitnami/kubeapps-apprepository-controller` | +| `apprepository.image.tag` | Kubeapps AppRepository Controller image tag (immutable tags are recommended) | `2.4.1-scratch-r0` | +| `apprepository.image.pullPolicy` | Kubeapps AppRepository Controller image pull policy | `IfNotPresent` | +| `apprepository.image.pullSecrets` | Kubeapps AppRepository Controller image pull secrets | `[]` | +| `apprepository.syncImage.registry` | Kubeapps Asset Syncer image registry | `docker.io` | +| `apprepository.syncImage.repository` | Kubeapps Asset Syncer image repository | `bitnami/kubeapps-asset-syncer` | +| `apprepository.syncImage.tag` | Kubeapps Asset Syncer image tag (immutable tags are recommended) | `2.4.1-scratch-r0` | +| `apprepository.syncImage.pullPolicy` | Kubeapps Asset Syncer image pull policy | `IfNotPresent` | +| `apprepository.syncImage.pullSecrets` | Kubeapps Asset Syncer image pull secrets | `[]` | +| `apprepository.initialRepos` | Initial chart repositories to configure | `[]` | +| `apprepository.customAnnotations` | Custom annotations be added to each AppRepository-generated CronJob, Job and Pod | `{}` | +| `apprepository.customLabels` | Custom labels be added to each AppRepository-generated CronJob, Job and Pod | `{}` | +| `apprepository.initialReposProxy` | Proxy configuration to access chart repositories | `{}` | +| `apprepository.crontab` | Schedule for syncing App repositories (default to 10 minutes) | `""` | +| `apprepository.watchAllNamespaces` | Watch all namespaces to support separate AppRepositories per namespace | `true` | +| `apprepository.replicaCount` | Number of AppRepository Controller replicas to deploy | `1` | +| `apprepository.resources.limits.cpu` | The CPU limits for the AppRepository Controller container | `250m` | +| `apprepository.resources.limits.memory` | The memory limits for the AppRepository Controller container | `128Mi` | +| `apprepository.resources.requests.cpu` | The requested CPU for the AppRepository Controller container | `25m` | +| `apprepository.resources.requests.memory` | The requested memory for the AppRepository Controller container | `32Mi` | +| `apprepository.podSecurityContext.enabled` | Enabled AppRepository Controller pods' Security Context | `true` | +| `apprepository.podSecurityContext.fsGroup` | Set AppRepository Controller pod's Security Context fsGroup | `1001` | +| `apprepository.containerSecurityContext.enabled` | Enabled AppRepository Controller containers' Security Context | `true` | +| `apprepository.containerSecurityContext.runAsUser` | Set AppRepository Controller container's Security Context runAsUser | `1001` | +| `apprepository.containerSecurityContext.runAsNonRoot` | Set AppRepository Controller container's Security Context runAsNonRoot | `true` | +| `apprepository.lifecycleHooks` | Custom lifecycle hooks for AppRepository Controller containers | `{}` | +| `apprepository.podLabels` | Extra labels for AppRepository Controller pods | `{}` | +| `apprepository.podAnnotations` | Annotations for AppRepository Controller pods | `{}` | +| `apprepository.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `apprepository.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `apprepository.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `apprepository.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `apprepository.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `apprepository.affinity` | Affinity for pod assignment | `{}` | +| `apprepository.nodeSelector` | Node labels for pod assignment | `{}` | +| `apprepository.tolerations` | Tolerations for pod assignment | `[]` | +| `apprepository.priorityClassName` | Priority class name for AppRepository Controller pods | `""` | +| `apprepository.hostAliases` | Custom host aliases for AppRepository Controller pods | `[]` | ### Kubeops parameters -| Name | Description | Value | -| ----------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------ | -| `kubeops.image.registry` | Kubeops image registry | `docker.io` | -| `kubeops.image.repository` | Kubeops image repository | `kubeapps/kubeops` | -| `kubeops.image.tag` | Kubeops image tag (immutable tags are recommended) | `latest` | -| `kubeops.image.pullPolicy` | Kubeops image pull policy | `IfNotPresent` | -| `kubeops.image.pullSecrets` | Kubeops image pull secrets | `[]` | -| `kubeops.namespaceHeaderName` | Additional header name for trusted namespaces | `""` | -| `kubeops.namespaceHeaderPattern` | Additional header pattern for trusted namespaces | `""` | -| `kubeops.qps` | Kubeops QPS (queries per second) rate | `""` | -| `kubeops.burst` | Kubeops burst rate | `""` | -| `kubeops.replicaCount` | Number of Kubeops replicas to deploy | `2` | -| `kubeops.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | -| `kubeops.extraEnvVars` | Array with extra environment variables to add to the Kubeops container | `[]` | -| `kubeops.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Kubeops container | `""` | -| `kubeops.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Kubeops container | `""` | -| `kubeops.containerPort` | Kubeops HTTP container port | `8080` | -| `kubeops.resources.limits.cpu` | The CPU limits for the Kubeops container | `250m` | -| `kubeops.resources.limits.memory` | The memory limits for the Kubeops container | `256Mi` | -| `kubeops.resources.requests.cpu` | The requested CPU for the Kubeops container | `25m` | -| `kubeops.resources.requests.memory` | The requested memory for the Kubeops container | `32Mi` | -| `kubeops.podSecurityContext.enabled` | Enabled Kubeops pods' Security Context | `true` | -| `kubeops.podSecurityContext.fsGroup` | Set Kubeops pod's Security Context fsGroup | `1001` | -| `kubeops.containerSecurityContext.enabled` | Enabled Kubeops containers' Security Context | `true` | -| `kubeops.containerSecurityContext.runAsUser` | Set Kubeops container's Security Context runAsUser | `1001` | -| `kubeops.containerSecurityContext.runAsNonRoot` | Set Kubeops container's Security Context runAsNonRoot | `true` | -| `kubeops.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `kubeops.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `kubeops.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `kubeops.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `kubeops.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `kubeops.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `kubeops.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `kubeops.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `kubeops.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `kubeops.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `kubeops.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `kubeops.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `kubeops.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `kubeops.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `kubeops.lifecycleHooks` | Custom lifecycle hooks for Kubeops containers | `{}` | -| `kubeops.podLabels` | Extra labels for Kubeops pods | `{}` | -| `kubeops.podAnnotations` | Annotations for Kubeops pods | `{}` | -| `kubeops.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeops.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `kubeops.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeops.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `kubeops.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `kubeops.affinity` | Affinity for pod assignment | `{}` | -| `kubeops.nodeSelector` | Node labels for pod assignment | `{}` | -| `kubeops.tolerations` | Tolerations for pod assignment | `[]` | -| `kubeops.priorityClassName` | Priority class name for Kubeops pods | `""` | -| `kubeops.hostAliases` | Custom host aliases for Kubeops pods | `[]` | -| `kubeops.service.port` | Kubeops service HTTP port | `8080` | -| `kubeops.service.annotations` | Additional custom annotations for Kubeops service | `{}` | +| Name | Description | Value | +| ----------------------------------------------- | ----------------------------------------------------------------------------------------- | -------------------------- | +| `kubeops.image.registry` | Kubeops image registry | `docker.io` | +| `kubeops.image.repository` | Kubeops image repository | `bitnami/kubeapps-kubeops` | +| `kubeops.image.tag` | Kubeops image tag (immutable tags are recommended) | `2.4.1-scratch-r0` | +| `kubeops.image.pullPolicy` | Kubeops image pull policy | `IfNotPresent` | +| `kubeops.image.pullSecrets` | Kubeops image pull secrets | `[]` | +| `kubeops.namespaceHeaderName` | Additional header name for trusted namespaces | `""` | +| `kubeops.namespaceHeaderPattern` | Additional header pattern for trusted namespaces | `""` | +| `kubeops.qps` | Kubeops QPS (queries per second) rate | `""` | +| `kubeops.burst` | Kubeops burst rate | `""` | +| `kubeops.replicaCount` | Number of Kubeops replicas to deploy | `2` | +| `kubeops.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | +| `kubeops.extraEnvVars` | Array with extra environment variables to add to the Kubeops container | `[]` | +| `kubeops.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Kubeops container | `""` | +| `kubeops.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Kubeops container | `""` | +| `kubeops.containerPort` | Kubeops HTTP container port | `8080` | +| `kubeops.resources.limits.cpu` | The CPU limits for the Kubeops container | `250m` | +| `kubeops.resources.limits.memory` | The memory limits for the Kubeops container | `256Mi` | +| `kubeops.resources.requests.cpu` | The requested CPU for the Kubeops container | `25m` | +| `kubeops.resources.requests.memory` | The requested memory for the Kubeops container | `32Mi` | +| `kubeops.podSecurityContext.enabled` | Enabled Kubeops pods' Security Context | `true` | +| `kubeops.podSecurityContext.fsGroup` | Set Kubeops pod's Security Context fsGroup | `1001` | +| `kubeops.containerSecurityContext.enabled` | Enabled Kubeops containers' Security Context | `true` | +| `kubeops.containerSecurityContext.runAsUser` | Set Kubeops container's Security Context runAsUser | `1001` | +| `kubeops.containerSecurityContext.runAsNonRoot` | Set Kubeops container's Security Context runAsNonRoot | `true` | +| `kubeops.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `kubeops.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `kubeops.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `kubeops.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `kubeops.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `kubeops.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `kubeops.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `kubeops.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `kubeops.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `kubeops.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `kubeops.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `kubeops.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `kubeops.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `kubeops.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `kubeops.lifecycleHooks` | Custom lifecycle hooks for Kubeops containers | `{}` | +| `kubeops.podLabels` | Extra labels for Kubeops pods | `{}` | +| `kubeops.podAnnotations` | Annotations for Kubeops pods | `{}` | +| `kubeops.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeops.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `kubeops.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeops.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `kubeops.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `kubeops.affinity` | Affinity for pod assignment | `{}` | +| `kubeops.nodeSelector` | Node labels for pod assignment | `{}` | +| `kubeops.tolerations` | Tolerations for pod assignment | `[]` | +| `kubeops.priorityClassName` | Priority class name for Kubeops pods | `""` | +| `kubeops.hostAliases` | Custom host aliases for Kubeops pods | `[]` | +| `kubeops.service.port` | Kubeops service HTTP port | `8080` | +| `kubeops.service.annotations` | Additional custom annotations for Kubeops service | `{}` | ### Assetsvc parameters -| Name | Description | Value | -| ------------------------------------------------ | ----------------------------------------------------------------------------------------- | ------------------- | -| `assetsvc.enabled` | Specifies whether this deprecated component should be installed. | `false` | -| `assetsvc.image.registry` | Kubeapps Assetsvc image registry | `docker.io` | -| `assetsvc.image.repository` | Kubeapps Assetsvc image repository | `kubeapps/assetsvc` | -| `assetsvc.image.tag` | Kubeapps Assetsvc image tag (immutable tags are recommended) | `latest` | -| `assetsvc.image.pullPolicy` | Kubeapps Assetsvc image pull policy | `IfNotPresent` | -| `assetsvc.image.pullSecrets` | Kubeapps Assetsvc image pull secrets | `[]` | -| `assetsvc.replicaCount` | Number of Assetsvc replicas to deploy | `1` | -| `assetsvc.extraEnvVars` | Array with extra environment variables to add to the Assetsvc container | `[]` | -| `assetsvc.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Assetsvc container | `""` | -| `assetsvc.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Assetsvc container | `""` | -| `assetsvc.containerPort` | Assetsvc HTTP container port | `8080` | -| `assetsvc.resources.limits.cpu` | The CPU limits for the Assetsvc container | `250m` | -| `assetsvc.resources.limits.memory` | The memory limits for the Assetsvc container | `128Mi` | -| `assetsvc.resources.requests.cpu` | The requested CPU for the Assetsvc container | `25m` | -| `assetsvc.resources.requests.memory` | The requested memory for the Assetsvc container | `32Mi` | -| `assetsvc.podSecurityContext.enabled` | Enabled Assetsvc pods' Security Context | `true` | -| `assetsvc.podSecurityContext.fsGroup` | Set Assetsvc pod's Security Context fsGroup | `1001` | -| `assetsvc.containerSecurityContext.enabled` | Enabled Assetsvc containers' Security Context | `true` | -| `assetsvc.containerSecurityContext.runAsUser` | Set Assetsvc container's Security Context runAsUser | `1001` | -| `assetsvc.containerSecurityContext.runAsNonRoot` | Set Assetsvc container's Security Context runAsNonRoot | `true` | -| `assetsvc.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `assetsvc.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `assetsvc.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `assetsvc.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `assetsvc.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `assetsvc.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `assetsvc.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `assetsvc.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `assetsvc.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `assetsvc.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `assetsvc.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `assetsvc.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `assetsvc.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `assetsvc.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `assetsvc.lifecycleHooks` | Custom lifecycle hooks for Assetsvc containers | `{}` | -| `assetsvc.podLabels` | Extra labels for Assetsvc pods | `{}` | -| `assetsvc.podAnnotations` | Annotations for Assetsvc pods | `{}` | -| `assetsvc.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `assetsvc.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `assetsvc.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `assetsvc.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `assetsvc.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `assetsvc.affinity` | Affinity for pod assignment | `{}` | -| `assetsvc.nodeSelector` | Node labels for pod assignment | `{}` | -| `assetsvc.tolerations` | Tolerations for pod assignment | `[]` | -| `assetsvc.priorityClassName` | Priority class name for Assetsvc pods | `""` | -| `assetsvc.hostAliases` | Custom host aliases for Assetsvc pods | `[]` | -| `assetsvc.service.port` | Assetsvc service HTTP port | `8080` | -| `assetsvc.service.annotations` | Additional custom annotations for Assetsvc service | `{}` | +| Name | Description | Value | +| ------------------------------------------------ | ----------------------------------------------------------------------------------------- | --------------------------- | +| `assetsvc.image.registry` | Kubeapps Assetsvc image registry | `docker.io` | +| `assetsvc.image.repository` | Kubeapps Assetsvc image repository | `bitnami/kubeapps-assetsvc` | +| `assetsvc.image.tag` | Kubeapps Assetsvc image tag (immutable tags are recommended) | `2.4.1-scratch-r0` | +| `assetsvc.image.pullPolicy` | Kubeapps Assetsvc image pull policy | `IfNotPresent` | +| `assetsvc.image.pullSecrets` | Kubeapps Assetsvc image pull secrets | `[]` | +| `assetsvc.replicaCount` | Number of Assetsvc replicas to deploy | `1` | +| `assetsvc.extraEnvVars` | Array with extra environment variables to add to the Assetsvc container | `[]` | +| `assetsvc.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Assetsvc container | `""` | +| `assetsvc.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Assetsvc container | `""` | +| `assetsvc.containerPort` | Assetsvc HTTP container port | `8080` | +| `assetsvc.resources.limits.cpu` | The CPU limits for the Assetsvc container | `250m` | +| `assetsvc.resources.limits.memory` | The memory limits for the Assetsvc container | `128Mi` | +| `assetsvc.resources.requests.cpu` | The requested CPU for the Assetsvc container | `25m` | +| `assetsvc.resources.requests.memory` | The requested memory for the Assetsvc container | `32Mi` | +| `assetsvc.podSecurityContext.enabled` | Enabled Assetsvc pods' Security Context | `true` | +| `assetsvc.podSecurityContext.fsGroup` | Set Assetsvc pod's Security Context fsGroup | `1001` | +| `assetsvc.containerSecurityContext.enabled` | Enabled Assetsvc containers' Security Context | `true` | +| `assetsvc.containerSecurityContext.runAsUser` | Set Assetsvc container's Security Context runAsUser | `1001` | +| `assetsvc.containerSecurityContext.runAsNonRoot` | Set Assetsvc container's Security Context runAsNonRoot | `true` | +| `assetsvc.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `assetsvc.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `assetsvc.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `assetsvc.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `assetsvc.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `assetsvc.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `assetsvc.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `assetsvc.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `assetsvc.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `assetsvc.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `assetsvc.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `assetsvc.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `assetsvc.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `assetsvc.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `assetsvc.lifecycleHooks` | Custom lifecycle hooks for Assetsvc containers | `{}` | +| `assetsvc.podLabels` | Extra labels for Assetsvc pods | `{}` | +| `assetsvc.podAnnotations` | Annotations for Assetsvc pods | `{}` | +| `assetsvc.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `assetsvc.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `assetsvc.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `assetsvc.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `assetsvc.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `assetsvc.affinity` | Affinity for pod assignment | `{}` | +| `assetsvc.nodeSelector` | Node labels for pod assignment | `{}` | +| `assetsvc.tolerations` | Tolerations for pod assignment | `[]` | +| `assetsvc.priorityClassName` | Priority class name for Assetsvc pods | `""` | +| `assetsvc.hostAliases` | Custom host aliases for Assetsvc pods | `[]` | +| `assetsvc.service.port` | Assetsvc service HTTP port | `8080` | +| `assetsvc.service.annotations` | Additional custom annotations for Assetsvc service | `{}` | ### Auth Proxy parameters @@ -423,26 +422,26 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith ### Pinniped Proxy parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | -| `pinnipedProxy.enabled` | Specifies whether Kubeapps should configure Pinniped Proxy | `false` | -| `pinnipedProxy.image.registry` | Pinniped Proxy image registry | `docker.io` | -| `pinnipedProxy.image.repository` | Pinniped Proxy image repository | `kubeapps/pinniped-proxy` | -| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `latest` | -| `pinnipedProxy.image.pullPolicy` | Pinniped Proxy image pull policy | `IfNotPresent` | -| `pinnipedProxy.image.pullSecrets` | Pinniped Proxy image pull secrets | `[]` | -| `pinnipedProxy.defaultPinnipedNamespace` | Specify the (default) namespace in which pinniped concierge is installed | `pinniped-concierge` | -| `pinnipedProxy.defaultAuthenticatorType` | Specify the (default) authenticator type | `JWTAuthenticator` | -| `pinnipedProxy.defaultAuthenticatorName` | Specify the (default) authenticator name | `jwt-authenticator` | -| `pinnipedProxy.defaultPinnipedAPISuffix` | Specify the (default) API suffix | `pinniped.dev` | -| `pinnipedProxy.containerPort` | Kubeops HTTP container port | `3333` | -| `pinnipedProxy.containerSecurityContext.enabled` | Enabled Pinniped Proxy containers' Security Context | `true` | -| `pinnipedProxy.containerSecurityContext.runAsUser` | Set Pinniped Proxy container's Security Context runAsUser | `1001` | -| `pinnipedProxy.containerSecurityContext.runAsNonRoot` | Set Pinniped Proxy container's Security Context runAsNonRoot | `true` | -| `pinnipedProxy.resources.limits.cpu` | The CPU limits for the Pinniped Proxy container | `250m` | -| `pinnipedProxy.resources.limits.memory` | The memory limits for the Pinniped Proxy container | `128Mi` | -| `pinnipedProxy.resources.requests.cpu` | The requested CPU for the Pinniped Proxy container | `25m` | -| `pinnipedProxy.resources.requests.memory` | The requested memory for the Pinniped Proxy container | `32Mi` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------ | --------------------------------- | +| `pinnipedProxy.enabled` | Specifies whether Kubeapps should configure Pinniped Proxy | `false` | +| `pinnipedProxy.image.registry` | Pinniped Proxy image registry | `docker.io` | +| `pinnipedProxy.image.repository` | Pinniped Proxy image repository | `bitnami/kubeapps-pinniped-proxy` | +| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `2.4.1-debian-10-r0` | +| `pinnipedProxy.image.pullPolicy` | Pinniped Proxy image pull policy | `IfNotPresent` | +| `pinnipedProxy.image.pullSecrets` | Pinniped Proxy image pull secrets | `[]` | +| `pinnipedProxy.defaultPinnipedNamespace` | Specify the (default) namespace in which pinniped concierge is installed | `pinniped-concierge` | +| `pinnipedProxy.defaultAuthenticatorType` | Specify the (default) authenticator type | `JWTAuthenticator` | +| `pinnipedProxy.defaultAuthenticatorName` | Specify the (default) authenticator name | `jwt-authenticator` | +| `pinnipedProxy.defaultPinnipedAPISuffix` | Specify the (default) API suffix | `pinniped.dev` | +| `pinnipedProxy.containerPort` | Kubeops HTTP container port | `3333` | +| `pinnipedProxy.containerSecurityContext.enabled` | Enabled Pinniped Proxy containers' Security Context | `true` | +| `pinnipedProxy.containerSecurityContext.runAsUser` | Set Pinniped Proxy container's Security Context runAsUser | `1001` | +| `pinnipedProxy.containerSecurityContext.runAsNonRoot` | Set Pinniped Proxy container's Security Context runAsNonRoot | `true` | +| `pinnipedProxy.resources.limits.cpu` | The CPU limits for the Pinniped Proxy container | `250m` | +| `pinnipedProxy.resources.limits.memory` | The memory limits for the Pinniped Proxy container | `128Mi` | +| `pinnipedProxy.resources.requests.cpu` | The requested CPU for the Pinniped Proxy container | `25m` | +| `pinnipedProxy.resources.requests.memory` | The requested memory for the Pinniped Proxy container | `32Mi` | ### Other Parameters @@ -478,58 +477,59 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith ### kubeappsapis parameters -| Name | Description | Value | -| ---------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------ | -| `kubeappsapis.enabledPlugins` | Enabled plugins for the Kubeapps-APIs service | `["helm"]` | -| `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `docker.io` | -| `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `kubeapps/kubeapps-apis` | -| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `latest` | -| `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` | -| `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` | -| `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `1` | -| `kubeappsapis.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | -| `kubeappsapis.extraEnvVars` | Array with extra environment variables to add to the KubeappsAPIs container | `[]` | -| `kubeappsapis.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container | `""` | -| `kubeappsapis.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the KubeappsAPIs container | `""` | -| `kubeappsapis.containerPort` | KubeappsAPIs HTTP container port | `50051` | -| `kubeappsapis.resources.limits.cpu` | The CPU limits for the KubeappsAPIs container | `250m` | -| `kubeappsapis.resources.limits.memory` | The memory limits for the KubeappsAPIs container | `256Mi` | -| `kubeappsapis.resources.requests.cpu` | The requested CPU for the KubeappsAPIs container | `25m` | -| `kubeappsapis.resources.requests.memory` | The requested memory for the KubeappsAPIs container | `32Mi` | -| `kubeappsapis.podSecurityContext.enabled` | Enabled KubeappsAPIs pods' Security Context | `true` | -| `kubeappsapis.podSecurityContext.fsGroup` | Set KubeappsAPIs pod's Security Context fsGroup | `1001` | -| `kubeappsapis.containerSecurityContext.enabled` | Enabled KubeappsAPIs containers' Security Context | `true` | -| `kubeappsapis.containerSecurityContext.runAsUser` | Set KubeappsAPIs container's Security Context runAsUser | `1001` | -| `kubeappsapis.containerSecurityContext.runAsNonRoot` | Set KubeappsAPIs container's Security Context runAsNonRoot | `true` | -| `kubeappsapis.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `kubeappsapis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `kubeappsapis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `kubeappsapis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `kubeappsapis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `kubeappsapis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `kubeappsapis.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `kubeappsapis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `kubeappsapis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `kubeappsapis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `kubeappsapis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `kubeappsapis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `kubeappsapis.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `kubeappsapis.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `kubeappsapis.lifecycleHooks` | Custom lifecycle hooks for KubeappsAPIs containers | `{}` | -| `kubeappsapis.podLabels` | Extra labels for KubeappsAPIs pods | `{}` | -| `kubeappsapis.podAnnotations` | Annotations for KubeappsAPIs pods | `{}` | -| `kubeappsapis.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeappsapis.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `kubeappsapis.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeappsapis.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `kubeappsapis.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `kubeappsapis.affinity` | Affinity for pod assignment | `{}` | -| `kubeappsapis.nodeSelector` | Node labels for pod assignment | `{}` | -| `kubeappsapis.tolerations` | Tolerations for pod assignment | `[]` | -| `kubeappsapis.priorityClassName` | Priority class name for KubeappsAPIs pods | `""` | -| `kubeappsapis.hostAliases` | Custom host aliases for KubeappsAPIs pods | `[]` | -| `kubeappsapis.service.port` | KubeappsAPIs service HTTP port | `8080` | -| `kubeappsapis.service.annotations` | Additional custom annotations for KubeappsAPIs service | `{}` | +| Name | Description | Value | +| ---------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `kubeappsapis.unsafeUseDemoSA` | If true, replace the user's credentials by a full-granted demo service account. Just intended for development purposes. | `false` | +| `kubeappsapis.enabledPlugins` | Enabled plugins for the Kubeapps-APIs service | `["helm"]` | +| `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `docker.io` | +| `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `bitnami/kubeapps-apis` | +| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `2.4.1-debian-10-r0` | +| `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` | +| `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` | +| `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `1` | +| `kubeappsapis.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | +| `kubeappsapis.extraEnvVars` | Array with extra environment variables to add to the KubeappsAPIs container | `[]` | +| `kubeappsapis.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container | `""` | +| `kubeappsapis.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the KubeappsAPIs container | `""` | +| `kubeappsapis.containerPort` | KubeappsAPIs HTTP container port | `50051` | +| `kubeappsapis.resources.limits.cpu` | The CPU limits for the KubeappsAPIs container | `250m` | +| `kubeappsapis.resources.limits.memory` | The memory limits for the KubeappsAPIs container | `256Mi` | +| `kubeappsapis.resources.requests.cpu` | The requested CPU for the KubeappsAPIs container | `25m` | +| `kubeappsapis.resources.requests.memory` | The requested memory for the KubeappsAPIs container | `32Mi` | +| `kubeappsapis.podSecurityContext.enabled` | Enabled KubeappsAPIs pods' Security Context | `true` | +| `kubeappsapis.podSecurityContext.fsGroup` | Set KubeappsAPIs pod's Security Context fsGroup | `1001` | +| `kubeappsapis.containerSecurityContext.enabled` | Enabled KubeappsAPIs containers' Security Context | `true` | +| `kubeappsapis.containerSecurityContext.runAsUser` | Set KubeappsAPIs container's Security Context runAsUser | `1001` | +| `kubeappsapis.containerSecurityContext.runAsNonRoot` | Set KubeappsAPIs container's Security Context runAsNonRoot | `true` | +| `kubeappsapis.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `kubeappsapis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `kubeappsapis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `kubeappsapis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `kubeappsapis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `kubeappsapis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `kubeappsapis.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `kubeappsapis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `kubeappsapis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `kubeappsapis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `kubeappsapis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `kubeappsapis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `kubeappsapis.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `kubeappsapis.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `kubeappsapis.lifecycleHooks` | Custom lifecycle hooks for KubeappsAPIs containers | `{}` | +| `kubeappsapis.podLabels` | Extra labels for KubeappsAPIs pods | `{}` | +| `kubeappsapis.podAnnotations` | Annotations for KubeappsAPIs pods | `{}` | +| `kubeappsapis.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeappsapis.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `kubeappsapis.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeappsapis.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `kubeappsapis.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `kubeappsapis.affinity` | Affinity for pod assignment | `{}` | +| `kubeappsapis.nodeSelector` | Node labels for pod assignment | `{}` | +| `kubeappsapis.tolerations` | Tolerations for pod assignment | `[]` | +| `kubeappsapis.priorityClassName` | Priority class name for KubeappsAPIs pods | `""` | +| `kubeappsapis.hostAliases` | Custom host aliases for KubeappsAPIs pods | `[]` | +| `kubeappsapis.service.port` | KubeappsAPIs service HTTP port | `8080` | +| `kubeappsapis.service.annotations` | Additional custom annotations for KubeappsAPIs service | `{}` | ### Redis™ chart configuration diff --git a/chart/kubeapps/templates/NOTES.txt b/chart/kubeapps/templates/NOTES.txt index 30452e11e6a..49a98cf2c8d 100644 --- a/chart/kubeapps/templates/NOTES.txt +++ b/chart/kubeapps/templates/NOTES.txt @@ -1,3 +1,7 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + {{- $postgresqlSecretName := include "kubeapps.postgresql.secretName" . -}} {{- $redisSecretName := include "kubeapps.redis.secretName" . -}} @@ -48,7 +52,7 @@ To access Kubeapps from outside your K8s cluster, follow the steps below: Watch the status by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo "Kubeapps URL: http{{ if eq ( .Values.frontend.service.port | toString ) "443" }}s{{ end }}://$SERVICE_IP:{{ .Values.frontend.service.port }}" + echo "Kubeapps URL: http://$SERVICE_IP:{{ .Values.frontend.service.port }}" {{- else if contains "ClusterIP" .Values.frontend.service.type }} diff --git a/chart/kubeapps/templates/assetsvc/deployment.yaml b/chart/kubeapps/templates/assetsvc/deployment.yaml index 9daaa0085f0..bf2654e73eb 100644 --- a/chart/kubeapps/templates/assetsvc/deployment.yaml +++ b/chart/kubeapps/templates/assetsvc/deployment.yaml @@ -1,4 +1,3 @@ -{{- if .Values.assetsvc.enabled }} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: @@ -93,7 +92,6 @@ spec: {{- else if .Values.assetsvc.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.customReadinessProbe "context" $) | nindent 12 }} {{- end }} - {{- if .Values.assetsvc.resources }} + {{- if .Values.assetsvc.resource }} resources: {{- toYaml .Values.assetsvc.resources | nindent 12 }} {{- end }} -{{- end }} diff --git a/chart/kubeapps/templates/assetsvc/service.yaml b/chart/kubeapps/templates/assetsvc/service.yaml index 2ed77a1fcf2..90e7c0ed1ba 100644 --- a/chart/kubeapps/templates/assetsvc/service.yaml +++ b/chart/kubeapps/templates/assetsvc/service.yaml @@ -1,4 +1,3 @@ -{{- if .Values.assetsvc.enabled }} apiVersion: v1 kind: Service metadata: @@ -27,4 +26,3 @@ spec: name: http selector: {{- include "common.labels.matchLabels" . | nindent 4 }} app.kubernetes.io/component: assetsvc -{{- end }} diff --git a/chart/kubeapps/templates/frontend/configmap.yaml b/chart/kubeapps/templates/frontend/configmap.yaml index 903e140bea3..4840caf207a 100644 --- a/chart/kubeapps/templates/frontend/configmap.yaml +++ b/chart/kubeapps/templates/frontend/configmap.yaml @@ -142,6 +142,7 @@ data: proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}}; } + {{- if .Values.featureFlags.kubeappsAPIsServer }} location ~* /apis { rewrite ^ $request_uri; # pass the encoded url downstream as is, rewrite /apis/([^?]*) /$1 break; @@ -158,6 +159,7 @@ data: proxy_pass {{ include "kubeapps.kubeappsapis.proxy_pass" . -}}; } + {{- end }} # The route for the Kubeapps backend API is not prefixed. location ~* /api/ { diff --git a/chart/kubeapps/templates/frontend/deployment.yaml b/chart/kubeapps/templates/frontend/deployment.yaml index 34a5ff12f19..039aed43c85 100644 --- a/chart/kubeapps/templates/frontend/deployment.yaml +++ b/chart/kubeapps/templates/frontend/deployment.yaml @@ -164,7 +164,7 @@ spec: {{- if and (gt (len .Values.clusters) 1) (not .Values.authProxy.enabled) }} {{ fail "clusters can be configured only when using an auth proxy for cluster oidc authentication."}} {{- end }} - {{- if .Values.pinnipedProxy.enabled }} + {{- if and .Values.pinnipedProxy.enabled }} - name: pinniped-proxy image: {{ include "common.images.image" (dict "imageRoot" .Values.pinnipedProxy.image "global" .Values.global) }} imagePullPolicy: {{ .Values.pinnipedProxy.image.pullPolicy | quote }} diff --git a/chart/kubeapps/templates/kubeappsapis/deployment.yaml b/chart/kubeapps/templates/kubeappsapis/deployment.yaml index 82b7ba7a1ed..59a845a49f0 100644 --- a/chart/kubeapps/templates/kubeappsapis/deployment.yaml +++ b/chart/kubeapps/templates/kubeappsapis/deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.featureFlags.kubeappsAPIsServer }} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: @@ -28,7 +29,9 @@ spec: {{- end }} spec: {{- include "kubeapps.imagePullSecrets" . | indent 6 }} + {{- if .Values.kubeappsapis.unsafeUseDemoSA }} serviceAccountName: {{ template "kubeapps.kubeappsapis.fullname" . }} + {{- end }} {{- if .Values.kubeappsapis.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.hostAliases "context" $) | nindent 8 }} {{- end }} @@ -78,6 +81,9 @@ spec: {{- if .Values.pinnipedProxy.enabled }} - --pinniped-proxy-url=http://{{ template "kubeapps.pinniped-proxy.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.pinnipedProxy.containerPort }} {{- end }} + {{- if .Values.kubeappsapis.unsafeUseDemoSA }} + - --unsafe-use-demo-sa=true + {{- end }} env: - name: PORT value: {{ .Values.kubeappsapis.containerPort | quote }} @@ -158,3 +164,4 @@ spec: - name: ca-certs emptyDir: {} {{- end }} +{{- end }} diff --git a/chart/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml b/chart/kubeapps/templates/kubeappsapis/rbac.yaml similarity index 61% rename from chart/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml rename to chart/kubeapps/templates/kubeappsapis/rbac.yaml index 98d19190ee7..5a4072fb5b5 100644 --- a/chart/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml +++ b/chart/kubeapps/templates/kubeappsapis/rbac.yaml @@ -1,9 +1,10 @@ -{{- if has "fluxv2" .Values.kubeappsapis.enabledPlugins }} +{{- if .Values.featureFlags.kubeappsAPIsServer }} {{- if .Values.rbac.create -}} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRole metadata: - name: "kubeapps:controller:kubeapps-apis-fluxv2-plugin" + name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" + namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeappsapis {{- if .Values.commonLabels }} @@ -13,18 +14,26 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} rules: - - apiGroups: ["source.toolkit.fluxcd.io"] - resources: ["helmrepositories"] - verbs: ["get", "list", "watch"] - # needed by fluxv2 plug-in to check whether flux CRDs have been installed - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] + - apiGroups: + - "packageinstalls.packaging.carvel.dev" + - "packagerepositories.packaging.carvel.dev" + - "source.toolkit.fluxcd.io" + - "helm.toolkit.fluxcd.io" + resources: ['*'] + verbs: ['*'] + # So that our dev user is seen as having access to a namespace. + # We'll need to add rbac for our dev user to install later as well. + - apiGroups: [""] + resources: ["secrets"] verbs: ["get", "list"] +{{- if .Values.kubeappsapis.unsafeUseDemoSA }} +# Dev-only ClusterRoleBinding to the ServiceAccount --- apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: - name: "kubeapps:controller:kubeapps-apis-fluxv2-plugin" + name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" + namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeappsapis {{- if .Values.commonLabels }} @@ -36,10 +45,11 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: "kubeapps:controller:kubeapps-apis-fluxv2-plugin" + name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" subjects: - kind: ServiceAccount name: {{ template "kubeapps.kubeappsapis.fullname" . }} namespace: {{ .Release.Namespace }} {{- end }} {{- end }} +{{- end }} diff --git a/chart/kubeapps/templates/kubeappsapis/service.yaml b/chart/kubeapps/templates/kubeappsapis/service.yaml index 3ff1803d082..8fc422f3851 100644 --- a/chart/kubeapps/templates/kubeappsapis/service.yaml +++ b/chart/kubeapps/templates/kubeappsapis/service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.featureFlags.kubeappsAPIsServer }} apiVersion: v1 kind: Service metadata: @@ -26,3 +27,4 @@ spec: name: grpc-http selector: {{- include "common.labels.matchLabels" . | nindent 4 }} app.kubernetes.io/component: kubeappsapis +{{- end }} diff --git a/chart/kubeapps/templates/kubeappsapis/serviceaccount.yaml b/chart/kubeapps/templates/kubeappsapis/serviceaccount.yaml index b3c64aa071a..5dc5e3a58be 100644 --- a/chart/kubeapps/templates/kubeappsapis/serviceaccount.yaml +++ b/chart/kubeapps/templates/kubeappsapis/serviceaccount.yaml @@ -1,3 +1,5 @@ +{{- if .Values.featureFlags.kubeappsAPIsServer }} + {{- if .Values.kubeappsapis.unsafeUseDemoSA }} apiVersion: v1 kind: ServiceAccount metadata: @@ -11,3 +13,5 @@ metadata: {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} + {{- end }} +{{- end }} diff --git a/chart/kubeapps/templates/kubeops/rbac.yaml b/chart/kubeapps/templates/kubeops/rbac.yaml index 9a00d28010e..90dd59bc1b0 100644 --- a/chart/kubeapps/templates/kubeops/rbac.yaml +++ b/chart/kubeapps/templates/kubeops/rbac.yaml @@ -56,6 +56,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRole metadata: name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}" + namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeops {{- if .Values.commonLabels }} @@ -76,6 +77,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}" + namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeops {{- if .Values.commonLabels }} @@ -98,6 +100,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRole metadata: name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}" + namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeops {{- if .Values.commonLabels }} @@ -118,6 +121,7 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}" + namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeops {{- if .Values.commonLabels }} diff --git a/chart/kubeapps/values.yaml b/chart/kubeapps/values.yaml index ad1dcfc5f71..f72012496e1 100644 --- a/chart/kubeapps/values.yaml +++ b/chart/kubeapps/values.yaml @@ -1085,13 +1085,8 @@ kubeops: ## @section Assetsvc parameters ## Assetsvc parameters -## @deprecated +## assetsvc: - ## @param assetsvc.enabled Specifies whether this deprecated component should be installed. - ## As per Kubeapps v2.4.0 it is no longer used in the UI. - ## In future releases, this service will get entirely removed. - ## - enabled: false ## Bitnami Kubeapps Assetsvc image ## ref: https://hub.docker.com/r/bitnami/kubeapps-assetsvc/tags/ ## @param assetsvc.image.registry Kubeapps Assetsvc image registry @@ -1510,6 +1505,7 @@ clusters: ## featureFlags: invalidateCache: true + kubeappsAPIsServer: true ## RBAC configuration ## rbac: @@ -1590,6 +1586,8 @@ postgresql: ## @section kubeappsapis parameters kubeappsapis: + ## @param kubeappsapis.unsafeUseDemoSA If true, replace the user's credentials by a full-granted demo service account. Just intended for development purposes. + unsafeUseDemoSA: false ## @param kubeappsapis.enabledPlugins Enabled plugins for the Kubeapps-APIs service ## e.g: ## enabledPlugins: From 1322bec1a0eff518eb1cc6b70b5a889a22c7ed03 Mon Sep 17 00:00:00 2001 From: Michael Nelson Date: Mon, 25 Oct 2021 09:34:10 +1100 Subject: [PATCH 2/2] Re-establish dev changes. Signed-off-by: Michael Nelson --- chart/kubeapps/Chart.lock | 6 +- chart/kubeapps/Chart.yaml | 2 +- chart/kubeapps/README.md | 560 +++++++++--------- chart/kubeapps/templates/NOTES.txt | 2 +- .../templates/assetsvc/deployment.yaml | 4 +- .../kubeapps/templates/assetsvc/service.yaml | 2 + .../templates/frontend/configmap.yaml | 2 - .../templates/frontend/deployment.yaml | 2 +- .../templates/kubeappsapis/deployment.yaml | 7 - .../{rbac.yaml => rbac_fluxv2.yaml} | 30 +- .../templates/kubeappsapis/service.yaml | 2 - .../kubeappsapis/serviceaccount.yaml | 4 - chart/kubeapps/templates/kubeops/rbac.yaml | 4 - chart/kubeapps/values.yaml | 10 +- 14 files changed, 307 insertions(+), 330 deletions(-) rename chart/kubeapps/templates/kubeappsapis/{rbac.yaml => rbac_fluxv2.yaml} (61%) diff --git a/chart/kubeapps/Chart.lock b/chart/kubeapps/Chart.lock index 3e1ac2c6dbc..1a750b65a71 100644 --- a/chart/kubeapps/Chart.lock +++ b/chart/kubeapps/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 1.10.0 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.12.2 + version: 10.12.3 - name: redis repository: https://charts.bitnami.com/bitnami version: 15.4.1 -digest: sha256:624869c765621f51da8446d0c472aa997710be01033badac8feea3dbb130e23e -generated: "2021-10-07T08:55:54.569891292Z" +digest: sha256:9efa553aecdfbf8e3199446831ac2492d718ec6cf07380f924ae9fead8243c38 +generated: "2021-10-10T22:58:07.960326-07:00" diff --git a/chart/kubeapps/Chart.yaml b/chart/kubeapps/Chart.yaml index 15869def79a..825ac1fa56b 100644 --- a/chart/kubeapps/Chart.yaml +++ b/chart/kubeapps/Chart.yaml @@ -33,4 +33,4 @@ maintainers: name: kubeapps sources: - https://github.com/kubeapps/kubeapps -version: 7.5.9 +version: 7.5.10-dev0 diff --git a/chart/kubeapps/README.md b/chart/kubeapps/README.md index eb3e2faa762..7baef34813f 100644 --- a/chart/kubeapps/README.md +++ b/chart/kubeapps/README.md @@ -166,225 +166,226 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith ### Dashboard parameters -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------- | -| `dashboard.image.registry` | Dashboard image registry | `docker.io` | -| `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` | -| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.4.1-debian-10-r0` | -| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | -| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | -| `dashboard.image.debug` | Enable image debug mode | `false` | -| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` | -| `dashboard.customAppViews` | Package names to signal a custom app view | `[]` | -| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` | -| `dashboard.remoteComponentsUrl` | Remote URL that can be used to load custom components vs loading from the local filesystem | `""` | -| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` | -| `dashboard.defaultTheme` | Default theme used in the Dashboard if the user has not selected any theme yet. | `""` | -| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` | -| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` | -| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` | -| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` | -| `dashboard.containerPort` | Dashboard HTTP container port | `8080` | -| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` | -| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` | -| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` | -| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` | -| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | -| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | -| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` | -| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` | -| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` | -| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` | -| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` | -| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` | -| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `dashboard.affinity` | Affinity for pod assignment | `{}` | -| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` | -| `dashboard.tolerations` | Tolerations for pod assignment | `[]` | -| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` | -| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` | -| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` | -| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` | -| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `[]` | -| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `[]` | -| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` | -| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` | +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------ | -------------------- | +| `dashboard.image.registry` | Dashboard image registry | `docker.io` | +| `dashboard.image.repository` | Dashboard image repository | `kubeapps/dashboard` | +| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `latest` | +| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | +| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | +| `dashboard.image.debug` | Enable image debug mode | `false` | +| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` | +| `dashboard.customAppViews` | Package names to signal a custom app view | `[]` | +| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` | +| `dashboard.remoteComponentsUrl` | Remote URL that can be used to load custom components vs loading from the local filesystem | `""` | +| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` | +| `dashboard.defaultTheme` | Default theme used in the Dashboard if the user has not selected any theme yet. | `""` | +| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` | +| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` | +| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` | +| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` | +| `dashboard.containerPort` | Dashboard HTTP container port | `8080` | +| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` | +| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` | +| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` | +| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` | +| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | +| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | +| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` | +| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` | +| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` | +| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` | +| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` | +| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` | +| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `dashboard.affinity` | Affinity for pod assignment | `{}` | +| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` | +| `dashboard.tolerations` | Tolerations for pod assignment | `[]` | +| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` | +| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` | +| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` | +| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` | +| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `[]` | +| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `[]` | +| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` | +| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` | ### AppRepository Controller parameters -| Name | Description | Value | -| ----------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------- | -| `apprepository.image.registry` | Kubeapps AppRepository Controller image registry | `docker.io` | -| `apprepository.image.repository` | Kubeapps AppRepository Controller image repository | `bitnami/kubeapps-apprepository-controller` | -| `apprepository.image.tag` | Kubeapps AppRepository Controller image tag (immutable tags are recommended) | `2.4.1-scratch-r0` | -| `apprepository.image.pullPolicy` | Kubeapps AppRepository Controller image pull policy | `IfNotPresent` | -| `apprepository.image.pullSecrets` | Kubeapps AppRepository Controller image pull secrets | `[]` | -| `apprepository.syncImage.registry` | Kubeapps Asset Syncer image registry | `docker.io` | -| `apprepository.syncImage.repository` | Kubeapps Asset Syncer image repository | `bitnami/kubeapps-asset-syncer` | -| `apprepository.syncImage.tag` | Kubeapps Asset Syncer image tag (immutable tags are recommended) | `2.4.1-scratch-r0` | -| `apprepository.syncImage.pullPolicy` | Kubeapps Asset Syncer image pull policy | `IfNotPresent` | -| `apprepository.syncImage.pullSecrets` | Kubeapps Asset Syncer image pull secrets | `[]` | -| `apprepository.initialRepos` | Initial chart repositories to configure | `[]` | -| `apprepository.customAnnotations` | Custom annotations be added to each AppRepository-generated CronJob, Job and Pod | `{}` | -| `apprepository.customLabels` | Custom labels be added to each AppRepository-generated CronJob, Job and Pod | `{}` | -| `apprepository.initialReposProxy` | Proxy configuration to access chart repositories | `{}` | -| `apprepository.crontab` | Schedule for syncing App repositories (default to 10 minutes) | `""` | -| `apprepository.watchAllNamespaces` | Watch all namespaces to support separate AppRepositories per namespace | `true` | -| `apprepository.replicaCount` | Number of AppRepository Controller replicas to deploy | `1` | -| `apprepository.resources.limits.cpu` | The CPU limits for the AppRepository Controller container | `250m` | -| `apprepository.resources.limits.memory` | The memory limits for the AppRepository Controller container | `128Mi` | -| `apprepository.resources.requests.cpu` | The requested CPU for the AppRepository Controller container | `25m` | -| `apprepository.resources.requests.memory` | The requested memory for the AppRepository Controller container | `32Mi` | -| `apprepository.podSecurityContext.enabled` | Enabled AppRepository Controller pods' Security Context | `true` | -| `apprepository.podSecurityContext.fsGroup` | Set AppRepository Controller pod's Security Context fsGroup | `1001` | -| `apprepository.containerSecurityContext.enabled` | Enabled AppRepository Controller containers' Security Context | `true` | -| `apprepository.containerSecurityContext.runAsUser` | Set AppRepository Controller container's Security Context runAsUser | `1001` | -| `apprepository.containerSecurityContext.runAsNonRoot` | Set AppRepository Controller container's Security Context runAsNonRoot | `true` | -| `apprepository.lifecycleHooks` | Custom lifecycle hooks for AppRepository Controller containers | `{}` | -| `apprepository.podLabels` | Extra labels for AppRepository Controller pods | `{}` | -| `apprepository.podAnnotations` | Annotations for AppRepository Controller pods | `{}` | -| `apprepository.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `apprepository.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `apprepository.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `apprepository.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `apprepository.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `apprepository.affinity` | Affinity for pod assignment | `{}` | -| `apprepository.nodeSelector` | Node labels for pod assignment | `{}` | -| `apprepository.tolerations` | Tolerations for pod assignment | `[]` | -| `apprepository.priorityClassName` | Priority class name for AppRepository Controller pods | `""` | -| `apprepository.hostAliases` | Custom host aliases for AppRepository Controller pods | `[]` | +| Name | Description | Value | +| ----------------------------------------------------- | ----------------------------------------------------------------------------------------- | ----------------------------------- | +| `apprepository.image.registry` | Kubeapps AppRepository Controller image registry | `docker.io` | +| `apprepository.image.repository` | Kubeapps AppRepository Controller image repository | `kubeapps/apprepository-controller` | +| `apprepository.image.tag` | Kubeapps AppRepository Controller image tag (immutable tags are recommended) | `latest` | +| `apprepository.image.pullPolicy` | Kubeapps AppRepository Controller image pull policy | `IfNotPresent` | +| `apprepository.image.pullSecrets` | Kubeapps AppRepository Controller image pull secrets | `[]` | +| `apprepository.syncImage.registry` | Kubeapps Asset Syncer image registry | `docker.io` | +| `apprepository.syncImage.repository` | Kubeapps Asset Syncer image repository | `kubeapps/asset-syncer` | +| `apprepository.syncImage.tag` | Kubeapps Asset Syncer image tag (immutable tags are recommended) | `latest` | +| `apprepository.syncImage.pullPolicy` | Kubeapps Asset Syncer image pull policy | `IfNotPresent` | +| `apprepository.syncImage.pullSecrets` | Kubeapps Asset Syncer image pull secrets | `[]` | +| `apprepository.initialRepos` | Initial chart repositories to configure | `[]` | +| `apprepository.customAnnotations` | Custom annotations be added to each AppRepository-generated CronJob, Job and Pod | `{}` | +| `apprepository.customLabels` | Custom labels be added to each AppRepository-generated CronJob, Job and Pod | `{}` | +| `apprepository.initialReposProxy` | Proxy configuration to access chart repositories | `{}` | +| `apprepository.crontab` | Schedule for syncing App repositories (default to 10 minutes) | `""` | +| `apprepository.watchAllNamespaces` | Watch all namespaces to support separate AppRepositories per namespace | `true` | +| `apprepository.replicaCount` | Number of AppRepository Controller replicas to deploy | `1` | +| `apprepository.resources.limits.cpu` | The CPU limits for the AppRepository Controller container | `250m` | +| `apprepository.resources.limits.memory` | The memory limits for the AppRepository Controller container | `128Mi` | +| `apprepository.resources.requests.cpu` | The requested CPU for the AppRepository Controller container | `25m` | +| `apprepository.resources.requests.memory` | The requested memory for the AppRepository Controller container | `32Mi` | +| `apprepository.podSecurityContext.enabled` | Enabled AppRepository Controller pods' Security Context | `true` | +| `apprepository.podSecurityContext.fsGroup` | Set AppRepository Controller pod's Security Context fsGroup | `1001` | +| `apprepository.containerSecurityContext.enabled` | Enabled AppRepository Controller containers' Security Context | `true` | +| `apprepository.containerSecurityContext.runAsUser` | Set AppRepository Controller container's Security Context runAsUser | `1001` | +| `apprepository.containerSecurityContext.runAsNonRoot` | Set AppRepository Controller container's Security Context runAsNonRoot | `true` | +| `apprepository.lifecycleHooks` | Custom lifecycle hooks for AppRepository Controller containers | `{}` | +| `apprepository.podLabels` | Extra labels for AppRepository Controller pods | `{}` | +| `apprepository.podAnnotations` | Annotations for AppRepository Controller pods | `{}` | +| `apprepository.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `apprepository.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `apprepository.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `apprepository.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `apprepository.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `apprepository.affinity` | Affinity for pod assignment | `{}` | +| `apprepository.nodeSelector` | Node labels for pod assignment | `{}` | +| `apprepository.tolerations` | Tolerations for pod assignment | `[]` | +| `apprepository.priorityClassName` | Priority class name for AppRepository Controller pods | `""` | +| `apprepository.hostAliases` | Custom host aliases for AppRepository Controller pods | `[]` | ### Kubeops parameters -| Name | Description | Value | -| ----------------------------------------------- | ----------------------------------------------------------------------------------------- | -------------------------- | -| `kubeops.image.registry` | Kubeops image registry | `docker.io` | -| `kubeops.image.repository` | Kubeops image repository | `bitnami/kubeapps-kubeops` | -| `kubeops.image.tag` | Kubeops image tag (immutable tags are recommended) | `2.4.1-scratch-r0` | -| `kubeops.image.pullPolicy` | Kubeops image pull policy | `IfNotPresent` | -| `kubeops.image.pullSecrets` | Kubeops image pull secrets | `[]` | -| `kubeops.namespaceHeaderName` | Additional header name for trusted namespaces | `""` | -| `kubeops.namespaceHeaderPattern` | Additional header pattern for trusted namespaces | `""` | -| `kubeops.qps` | Kubeops QPS (queries per second) rate | `""` | -| `kubeops.burst` | Kubeops burst rate | `""` | -| `kubeops.replicaCount` | Number of Kubeops replicas to deploy | `2` | -| `kubeops.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | -| `kubeops.extraEnvVars` | Array with extra environment variables to add to the Kubeops container | `[]` | -| `kubeops.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Kubeops container | `""` | -| `kubeops.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Kubeops container | `""` | -| `kubeops.containerPort` | Kubeops HTTP container port | `8080` | -| `kubeops.resources.limits.cpu` | The CPU limits for the Kubeops container | `250m` | -| `kubeops.resources.limits.memory` | The memory limits for the Kubeops container | `256Mi` | -| `kubeops.resources.requests.cpu` | The requested CPU for the Kubeops container | `25m` | -| `kubeops.resources.requests.memory` | The requested memory for the Kubeops container | `32Mi` | -| `kubeops.podSecurityContext.enabled` | Enabled Kubeops pods' Security Context | `true` | -| `kubeops.podSecurityContext.fsGroup` | Set Kubeops pod's Security Context fsGroup | `1001` | -| `kubeops.containerSecurityContext.enabled` | Enabled Kubeops containers' Security Context | `true` | -| `kubeops.containerSecurityContext.runAsUser` | Set Kubeops container's Security Context runAsUser | `1001` | -| `kubeops.containerSecurityContext.runAsNonRoot` | Set Kubeops container's Security Context runAsNonRoot | `true` | -| `kubeops.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `kubeops.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `kubeops.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `kubeops.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `kubeops.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `kubeops.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `kubeops.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `kubeops.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `kubeops.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `kubeops.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `kubeops.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `kubeops.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `kubeops.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `kubeops.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `kubeops.lifecycleHooks` | Custom lifecycle hooks for Kubeops containers | `{}` | -| `kubeops.podLabels` | Extra labels for Kubeops pods | `{}` | -| `kubeops.podAnnotations` | Annotations for Kubeops pods | `{}` | -| `kubeops.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeops.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `kubeops.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeops.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `kubeops.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `kubeops.affinity` | Affinity for pod assignment | `{}` | -| `kubeops.nodeSelector` | Node labels for pod assignment | `{}` | -| `kubeops.tolerations` | Tolerations for pod assignment | `[]` | -| `kubeops.priorityClassName` | Priority class name for Kubeops pods | `""` | -| `kubeops.hostAliases` | Custom host aliases for Kubeops pods | `[]` | -| `kubeops.service.port` | Kubeops service HTTP port | `8080` | -| `kubeops.service.annotations` | Additional custom annotations for Kubeops service | `{}` | +| Name | Description | Value | +| ----------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------ | +| `kubeops.image.registry` | Kubeops image registry | `docker.io` | +| `kubeops.image.repository` | Kubeops image repository | `kubeapps/kubeops` | +| `kubeops.image.tag` | Kubeops image tag (immutable tags are recommended) | `latest` | +| `kubeops.image.pullPolicy` | Kubeops image pull policy | `IfNotPresent` | +| `kubeops.image.pullSecrets` | Kubeops image pull secrets | `[]` | +| `kubeops.namespaceHeaderName` | Additional header name for trusted namespaces | `""` | +| `kubeops.namespaceHeaderPattern` | Additional header pattern for trusted namespaces | `""` | +| `kubeops.qps` | Kubeops QPS (queries per second) rate | `""` | +| `kubeops.burst` | Kubeops burst rate | `""` | +| `kubeops.replicaCount` | Number of Kubeops replicas to deploy | `2` | +| `kubeops.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | +| `kubeops.extraEnvVars` | Array with extra environment variables to add to the Kubeops container | `[]` | +| `kubeops.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Kubeops container | `""` | +| `kubeops.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Kubeops container | `""` | +| `kubeops.containerPort` | Kubeops HTTP container port | `8080` | +| `kubeops.resources.limits.cpu` | The CPU limits for the Kubeops container | `250m` | +| `kubeops.resources.limits.memory` | The memory limits for the Kubeops container | `256Mi` | +| `kubeops.resources.requests.cpu` | The requested CPU for the Kubeops container | `25m` | +| `kubeops.resources.requests.memory` | The requested memory for the Kubeops container | `32Mi` | +| `kubeops.podSecurityContext.enabled` | Enabled Kubeops pods' Security Context | `true` | +| `kubeops.podSecurityContext.fsGroup` | Set Kubeops pod's Security Context fsGroup | `1001` | +| `kubeops.containerSecurityContext.enabled` | Enabled Kubeops containers' Security Context | `true` | +| `kubeops.containerSecurityContext.runAsUser` | Set Kubeops container's Security Context runAsUser | `1001` | +| `kubeops.containerSecurityContext.runAsNonRoot` | Set Kubeops container's Security Context runAsNonRoot | `true` | +| `kubeops.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `kubeops.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `kubeops.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `kubeops.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `kubeops.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `kubeops.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `kubeops.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `kubeops.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `kubeops.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `kubeops.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `kubeops.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `kubeops.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `kubeops.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `kubeops.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `kubeops.lifecycleHooks` | Custom lifecycle hooks for Kubeops containers | `{}` | +| `kubeops.podLabels` | Extra labels for Kubeops pods | `{}` | +| `kubeops.podAnnotations` | Annotations for Kubeops pods | `{}` | +| `kubeops.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeops.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `kubeops.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeops.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `kubeops.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `kubeops.affinity` | Affinity for pod assignment | `{}` | +| `kubeops.nodeSelector` | Node labels for pod assignment | `{}` | +| `kubeops.tolerations` | Tolerations for pod assignment | `[]` | +| `kubeops.priorityClassName` | Priority class name for Kubeops pods | `""` | +| `kubeops.hostAliases` | Custom host aliases for Kubeops pods | `[]` | +| `kubeops.service.port` | Kubeops service HTTP port | `8080` | +| `kubeops.service.annotations` | Additional custom annotations for Kubeops service | `{}` | ### Assetsvc parameters -| Name | Description | Value | -| ------------------------------------------------ | ----------------------------------------------------------------------------------------- | --------------------------- | -| `assetsvc.image.registry` | Kubeapps Assetsvc image registry | `docker.io` | -| `assetsvc.image.repository` | Kubeapps Assetsvc image repository | `bitnami/kubeapps-assetsvc` | -| `assetsvc.image.tag` | Kubeapps Assetsvc image tag (immutable tags are recommended) | `2.4.1-scratch-r0` | -| `assetsvc.image.pullPolicy` | Kubeapps Assetsvc image pull policy | `IfNotPresent` | -| `assetsvc.image.pullSecrets` | Kubeapps Assetsvc image pull secrets | `[]` | -| `assetsvc.replicaCount` | Number of Assetsvc replicas to deploy | `1` | -| `assetsvc.extraEnvVars` | Array with extra environment variables to add to the Assetsvc container | `[]` | -| `assetsvc.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Assetsvc container | `""` | -| `assetsvc.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Assetsvc container | `""` | -| `assetsvc.containerPort` | Assetsvc HTTP container port | `8080` | -| `assetsvc.resources.limits.cpu` | The CPU limits for the Assetsvc container | `250m` | -| `assetsvc.resources.limits.memory` | The memory limits for the Assetsvc container | `128Mi` | -| `assetsvc.resources.requests.cpu` | The requested CPU for the Assetsvc container | `25m` | -| `assetsvc.resources.requests.memory` | The requested memory for the Assetsvc container | `32Mi` | -| `assetsvc.podSecurityContext.enabled` | Enabled Assetsvc pods' Security Context | `true` | -| `assetsvc.podSecurityContext.fsGroup` | Set Assetsvc pod's Security Context fsGroup | `1001` | -| `assetsvc.containerSecurityContext.enabled` | Enabled Assetsvc containers' Security Context | `true` | -| `assetsvc.containerSecurityContext.runAsUser` | Set Assetsvc container's Security Context runAsUser | `1001` | -| `assetsvc.containerSecurityContext.runAsNonRoot` | Set Assetsvc container's Security Context runAsNonRoot | `true` | -| `assetsvc.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `assetsvc.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `assetsvc.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `assetsvc.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `assetsvc.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `assetsvc.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `assetsvc.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `assetsvc.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `assetsvc.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `assetsvc.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `assetsvc.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `assetsvc.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `assetsvc.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `assetsvc.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `assetsvc.lifecycleHooks` | Custom lifecycle hooks for Assetsvc containers | `{}` | -| `assetsvc.podLabels` | Extra labels for Assetsvc pods | `{}` | -| `assetsvc.podAnnotations` | Annotations for Assetsvc pods | `{}` | -| `assetsvc.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `assetsvc.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `assetsvc.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `assetsvc.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `assetsvc.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `assetsvc.affinity` | Affinity for pod assignment | `{}` | -| `assetsvc.nodeSelector` | Node labels for pod assignment | `{}` | -| `assetsvc.tolerations` | Tolerations for pod assignment | `[]` | -| `assetsvc.priorityClassName` | Priority class name for Assetsvc pods | `""` | -| `assetsvc.hostAliases` | Custom host aliases for Assetsvc pods | `[]` | -| `assetsvc.service.port` | Assetsvc service HTTP port | `8080` | -| `assetsvc.service.annotations` | Additional custom annotations for Assetsvc service | `{}` | +| Name | Description | Value | +| ------------------------------------------------ | ----------------------------------------------------------------------------------------- | ------------------- | +| `assetsvc.enabled` | Specifies whether this deprecated component should be installed. | `false` | +| `assetsvc.image.registry` | Kubeapps Assetsvc image registry | `docker.io` | +| `assetsvc.image.repository` | Kubeapps Assetsvc image repository | `kubeapps/assetsvc` | +| `assetsvc.image.tag` | Kubeapps Assetsvc image tag (immutable tags are recommended) | `latest` | +| `assetsvc.image.pullPolicy` | Kubeapps Assetsvc image pull policy | `IfNotPresent` | +| `assetsvc.image.pullSecrets` | Kubeapps Assetsvc image pull secrets | `[]` | +| `assetsvc.replicaCount` | Number of Assetsvc replicas to deploy | `1` | +| `assetsvc.extraEnvVars` | Array with extra environment variables to add to the Assetsvc container | `[]` | +| `assetsvc.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Assetsvc container | `""` | +| `assetsvc.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Assetsvc container | `""` | +| `assetsvc.containerPort` | Assetsvc HTTP container port | `8080` | +| `assetsvc.resources.limits.cpu` | The CPU limits for the Assetsvc container | `250m` | +| `assetsvc.resources.limits.memory` | The memory limits for the Assetsvc container | `128Mi` | +| `assetsvc.resources.requests.cpu` | The requested CPU for the Assetsvc container | `25m` | +| `assetsvc.resources.requests.memory` | The requested memory for the Assetsvc container | `32Mi` | +| `assetsvc.podSecurityContext.enabled` | Enabled Assetsvc pods' Security Context | `true` | +| `assetsvc.podSecurityContext.fsGroup` | Set Assetsvc pod's Security Context fsGroup | `1001` | +| `assetsvc.containerSecurityContext.enabled` | Enabled Assetsvc containers' Security Context | `true` | +| `assetsvc.containerSecurityContext.runAsUser` | Set Assetsvc container's Security Context runAsUser | `1001` | +| `assetsvc.containerSecurityContext.runAsNonRoot` | Set Assetsvc container's Security Context runAsNonRoot | `true` | +| `assetsvc.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `assetsvc.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `assetsvc.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `assetsvc.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `assetsvc.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `assetsvc.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `assetsvc.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `assetsvc.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `assetsvc.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `assetsvc.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `assetsvc.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `assetsvc.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `assetsvc.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `assetsvc.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `assetsvc.lifecycleHooks` | Custom lifecycle hooks for Assetsvc containers | `{}` | +| `assetsvc.podLabels` | Extra labels for Assetsvc pods | `{}` | +| `assetsvc.podAnnotations` | Annotations for Assetsvc pods | `{}` | +| `assetsvc.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `assetsvc.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `assetsvc.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `assetsvc.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `assetsvc.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `assetsvc.affinity` | Affinity for pod assignment | `{}` | +| `assetsvc.nodeSelector` | Node labels for pod assignment | `{}` | +| `assetsvc.tolerations` | Tolerations for pod assignment | `[]` | +| `assetsvc.priorityClassName` | Priority class name for Assetsvc pods | `""` | +| `assetsvc.hostAliases` | Custom host aliases for Assetsvc pods | `[]` | +| `assetsvc.service.port` | Assetsvc service HTTP port | `8080` | +| `assetsvc.service.annotations` | Additional custom annotations for Assetsvc service | `{}` | ### Auth Proxy parameters @@ -422,26 +423,26 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith ### Pinniped Proxy parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------ | --------------------------------- | -| `pinnipedProxy.enabled` | Specifies whether Kubeapps should configure Pinniped Proxy | `false` | -| `pinnipedProxy.image.registry` | Pinniped Proxy image registry | `docker.io` | -| `pinnipedProxy.image.repository` | Pinniped Proxy image repository | `bitnami/kubeapps-pinniped-proxy` | -| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `2.4.1-debian-10-r0` | -| `pinnipedProxy.image.pullPolicy` | Pinniped Proxy image pull policy | `IfNotPresent` | -| `pinnipedProxy.image.pullSecrets` | Pinniped Proxy image pull secrets | `[]` | -| `pinnipedProxy.defaultPinnipedNamespace` | Specify the (default) namespace in which pinniped concierge is installed | `pinniped-concierge` | -| `pinnipedProxy.defaultAuthenticatorType` | Specify the (default) authenticator type | `JWTAuthenticator` | -| `pinnipedProxy.defaultAuthenticatorName` | Specify the (default) authenticator name | `jwt-authenticator` | -| `pinnipedProxy.defaultPinnipedAPISuffix` | Specify the (default) API suffix | `pinniped.dev` | -| `pinnipedProxy.containerPort` | Kubeops HTTP container port | `3333` | -| `pinnipedProxy.containerSecurityContext.enabled` | Enabled Pinniped Proxy containers' Security Context | `true` | -| `pinnipedProxy.containerSecurityContext.runAsUser` | Set Pinniped Proxy container's Security Context runAsUser | `1001` | -| `pinnipedProxy.containerSecurityContext.runAsNonRoot` | Set Pinniped Proxy container's Security Context runAsNonRoot | `true` | -| `pinnipedProxy.resources.limits.cpu` | The CPU limits for the Pinniped Proxy container | `250m` | -| `pinnipedProxy.resources.limits.memory` | The memory limits for the Pinniped Proxy container | `128Mi` | -| `pinnipedProxy.resources.requests.cpu` | The requested CPU for the Pinniped Proxy container | `25m` | -| `pinnipedProxy.resources.requests.memory` | The requested memory for the Pinniped Proxy container | `32Mi` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------ | ------------------------- | +| `pinnipedProxy.enabled` | Specifies whether Kubeapps should configure Pinniped Proxy | `false` | +| `pinnipedProxy.image.registry` | Pinniped Proxy image registry | `docker.io` | +| `pinnipedProxy.image.repository` | Pinniped Proxy image repository | `kubeapps/pinniped-proxy` | +| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `latest` | +| `pinnipedProxy.image.pullPolicy` | Pinniped Proxy image pull policy | `IfNotPresent` | +| `pinnipedProxy.image.pullSecrets` | Pinniped Proxy image pull secrets | `[]` | +| `pinnipedProxy.defaultPinnipedNamespace` | Specify the (default) namespace in which pinniped concierge is installed | `pinniped-concierge` | +| `pinnipedProxy.defaultAuthenticatorType` | Specify the (default) authenticator type | `JWTAuthenticator` | +| `pinnipedProxy.defaultAuthenticatorName` | Specify the (default) authenticator name | `jwt-authenticator` | +| `pinnipedProxy.defaultPinnipedAPISuffix` | Specify the (default) API suffix | `pinniped.dev` | +| `pinnipedProxy.containerPort` | Kubeops HTTP container port | `3333` | +| `pinnipedProxy.containerSecurityContext.enabled` | Enabled Pinniped Proxy containers' Security Context | `true` | +| `pinnipedProxy.containerSecurityContext.runAsUser` | Set Pinniped Proxy container's Security Context runAsUser | `1001` | +| `pinnipedProxy.containerSecurityContext.runAsNonRoot` | Set Pinniped Proxy container's Security Context runAsNonRoot | `true` | +| `pinnipedProxy.resources.limits.cpu` | The CPU limits for the Pinniped Proxy container | `250m` | +| `pinnipedProxy.resources.limits.memory` | The memory limits for the Pinniped Proxy container | `128Mi` | +| `pinnipedProxy.resources.requests.cpu` | The requested CPU for the Pinniped Proxy container | `25m` | +| `pinnipedProxy.resources.requests.memory` | The requested memory for the Pinniped Proxy container | `32Mi` | ### Other Parameters @@ -477,59 +478,58 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith ### kubeappsapis parameters -| Name | Description | Value | -| ---------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `kubeappsapis.unsafeUseDemoSA` | If true, replace the user's credentials by a full-granted demo service account. Just intended for development purposes. | `false` | -| `kubeappsapis.enabledPlugins` | Enabled plugins for the Kubeapps-APIs service | `["helm"]` | -| `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `docker.io` | -| `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `bitnami/kubeapps-apis` | -| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `2.4.1-debian-10-r0` | -| `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` | -| `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` | -| `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `1` | -| `kubeappsapis.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | -| `kubeappsapis.extraEnvVars` | Array with extra environment variables to add to the KubeappsAPIs container | `[]` | -| `kubeappsapis.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container | `""` | -| `kubeappsapis.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the KubeappsAPIs container | `""` | -| `kubeappsapis.containerPort` | KubeappsAPIs HTTP container port | `50051` | -| `kubeappsapis.resources.limits.cpu` | The CPU limits for the KubeappsAPIs container | `250m` | -| `kubeappsapis.resources.limits.memory` | The memory limits for the KubeappsAPIs container | `256Mi` | -| `kubeappsapis.resources.requests.cpu` | The requested CPU for the KubeappsAPIs container | `25m` | -| `kubeappsapis.resources.requests.memory` | The requested memory for the KubeappsAPIs container | `32Mi` | -| `kubeappsapis.podSecurityContext.enabled` | Enabled KubeappsAPIs pods' Security Context | `true` | -| `kubeappsapis.podSecurityContext.fsGroup` | Set KubeappsAPIs pod's Security Context fsGroup | `1001` | -| `kubeappsapis.containerSecurityContext.enabled` | Enabled KubeappsAPIs containers' Security Context | `true` | -| `kubeappsapis.containerSecurityContext.runAsUser` | Set KubeappsAPIs container's Security Context runAsUser | `1001` | -| `kubeappsapis.containerSecurityContext.runAsNonRoot` | Set KubeappsAPIs container's Security Context runAsNonRoot | `true` | -| `kubeappsapis.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `kubeappsapis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `kubeappsapis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `kubeappsapis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `kubeappsapis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `kubeappsapis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `kubeappsapis.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `kubeappsapis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `kubeappsapis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `kubeappsapis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `kubeappsapis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `kubeappsapis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `kubeappsapis.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `kubeappsapis.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `kubeappsapis.lifecycleHooks` | Custom lifecycle hooks for KubeappsAPIs containers | `{}` | -| `kubeappsapis.podLabels` | Extra labels for KubeappsAPIs pods | `{}` | -| `kubeappsapis.podAnnotations` | Annotations for KubeappsAPIs pods | `{}` | -| `kubeappsapis.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeappsapis.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `kubeappsapis.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeappsapis.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `kubeappsapis.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `kubeappsapis.affinity` | Affinity for pod assignment | `{}` | -| `kubeappsapis.nodeSelector` | Node labels for pod assignment | `{}` | -| `kubeappsapis.tolerations` | Tolerations for pod assignment | `[]` | -| `kubeappsapis.priorityClassName` | Priority class name for KubeappsAPIs pods | `""` | -| `kubeappsapis.hostAliases` | Custom host aliases for KubeappsAPIs pods | `[]` | -| `kubeappsapis.service.port` | KubeappsAPIs service HTTP port | `8080` | -| `kubeappsapis.service.annotations` | Additional custom annotations for KubeappsAPIs service | `{}` | +| Name | Description | Value | +| ---------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------ | +| `kubeappsapis.enabledPlugins` | Enabled plugins for the Kubeapps-APIs service | `["helm"]` | +| `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `docker.io` | +| `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `kubeapps/kubeapps-apis` | +| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `latest` | +| `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` | +| `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` | +| `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `1` | +| `kubeappsapis.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | +| `kubeappsapis.extraEnvVars` | Array with extra environment variables to add to the KubeappsAPIs container | `[]` | +| `kubeappsapis.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container | `""` | +| `kubeappsapis.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the KubeappsAPIs container | `""` | +| `kubeappsapis.containerPort` | KubeappsAPIs HTTP container port | `50051` | +| `kubeappsapis.resources.limits.cpu` | The CPU limits for the KubeappsAPIs container | `250m` | +| `kubeappsapis.resources.limits.memory` | The memory limits for the KubeappsAPIs container | `256Mi` | +| `kubeappsapis.resources.requests.cpu` | The requested CPU for the KubeappsAPIs container | `25m` | +| `kubeappsapis.resources.requests.memory` | The requested memory for the KubeappsAPIs container | `32Mi` | +| `kubeappsapis.podSecurityContext.enabled` | Enabled KubeappsAPIs pods' Security Context | `true` | +| `kubeappsapis.podSecurityContext.fsGroup` | Set KubeappsAPIs pod's Security Context fsGroup | `1001` | +| `kubeappsapis.containerSecurityContext.enabled` | Enabled KubeappsAPIs containers' Security Context | `true` | +| `kubeappsapis.containerSecurityContext.runAsUser` | Set KubeappsAPIs container's Security Context runAsUser | `1001` | +| `kubeappsapis.containerSecurityContext.runAsNonRoot` | Set KubeappsAPIs container's Security Context runAsNonRoot | `true` | +| `kubeappsapis.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `kubeappsapis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `kubeappsapis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `kubeappsapis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `kubeappsapis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `kubeappsapis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `kubeappsapis.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `kubeappsapis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `kubeappsapis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `kubeappsapis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `kubeappsapis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `kubeappsapis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `kubeappsapis.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `kubeappsapis.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `kubeappsapis.lifecycleHooks` | Custom lifecycle hooks for KubeappsAPIs containers | `{}` | +| `kubeappsapis.podLabels` | Extra labels for KubeappsAPIs pods | `{}` | +| `kubeappsapis.podAnnotations` | Annotations for KubeappsAPIs pods | `{}` | +| `kubeappsapis.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeappsapis.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `kubeappsapis.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeappsapis.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `kubeappsapis.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `kubeappsapis.affinity` | Affinity for pod assignment | `{}` | +| `kubeappsapis.nodeSelector` | Node labels for pod assignment | `{}` | +| `kubeappsapis.tolerations` | Tolerations for pod assignment | `[]` | +| `kubeappsapis.priorityClassName` | Priority class name for KubeappsAPIs pods | `""` | +| `kubeappsapis.hostAliases` | Custom host aliases for KubeappsAPIs pods | `[]` | +| `kubeappsapis.service.port` | KubeappsAPIs service HTTP port | `8080` | +| `kubeappsapis.service.annotations` | Additional custom annotations for KubeappsAPIs service | `{}` | ### Redis™ chart configuration diff --git a/chart/kubeapps/templates/NOTES.txt b/chart/kubeapps/templates/NOTES.txt index 49a98cf2c8d..6709e4719d4 100644 --- a/chart/kubeapps/templates/NOTES.txt +++ b/chart/kubeapps/templates/NOTES.txt @@ -52,7 +52,7 @@ To access Kubeapps from outside your K8s cluster, follow the steps below: Watch the status by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo "Kubeapps URL: http://$SERVICE_IP:{{ .Values.frontend.service.port }}" + echo "Kubeapps URL: http{{ if eq ( .Values.frontend.service.port | toString ) "443" }}s{{ end }}://$SERVICE_IP:{{ .Values.frontend.service.port }}" {{- else if contains "ClusterIP" .Values.frontend.service.type }} diff --git a/chart/kubeapps/templates/assetsvc/deployment.yaml b/chart/kubeapps/templates/assetsvc/deployment.yaml index bf2654e73eb..9daaa0085f0 100644 --- a/chart/kubeapps/templates/assetsvc/deployment.yaml +++ b/chart/kubeapps/templates/assetsvc/deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.assetsvc.enabled }} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: @@ -92,6 +93,7 @@ spec: {{- else if .Values.assetsvc.customReadinessProbe }} readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.customReadinessProbe "context" $) | nindent 12 }} {{- end }} - {{- if .Values.assetsvc.resource }} + {{- if .Values.assetsvc.resources }} resources: {{- toYaml .Values.assetsvc.resources | nindent 12 }} {{- end }} +{{- end }} diff --git a/chart/kubeapps/templates/assetsvc/service.yaml b/chart/kubeapps/templates/assetsvc/service.yaml index 90e7c0ed1ba..2ed77a1fcf2 100644 --- a/chart/kubeapps/templates/assetsvc/service.yaml +++ b/chart/kubeapps/templates/assetsvc/service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.assetsvc.enabled }} apiVersion: v1 kind: Service metadata: @@ -26,3 +27,4 @@ spec: name: http selector: {{- include "common.labels.matchLabels" . | nindent 4 }} app.kubernetes.io/component: assetsvc +{{- end }} diff --git a/chart/kubeapps/templates/frontend/configmap.yaml b/chart/kubeapps/templates/frontend/configmap.yaml index 4840caf207a..903e140bea3 100644 --- a/chart/kubeapps/templates/frontend/configmap.yaml +++ b/chart/kubeapps/templates/frontend/configmap.yaml @@ -142,7 +142,6 @@ data: proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}}; } - {{- if .Values.featureFlags.kubeappsAPIsServer }} location ~* /apis { rewrite ^ $request_uri; # pass the encoded url downstream as is, rewrite /apis/([^?]*) /$1 break; @@ -159,7 +158,6 @@ data: proxy_pass {{ include "kubeapps.kubeappsapis.proxy_pass" . -}}; } - {{- end }} # The route for the Kubeapps backend API is not prefixed. location ~* /api/ { diff --git a/chart/kubeapps/templates/frontend/deployment.yaml b/chart/kubeapps/templates/frontend/deployment.yaml index 039aed43c85..34a5ff12f19 100644 --- a/chart/kubeapps/templates/frontend/deployment.yaml +++ b/chart/kubeapps/templates/frontend/deployment.yaml @@ -164,7 +164,7 @@ spec: {{- if and (gt (len .Values.clusters) 1) (not .Values.authProxy.enabled) }} {{ fail "clusters can be configured only when using an auth proxy for cluster oidc authentication."}} {{- end }} - {{- if and .Values.pinnipedProxy.enabled }} + {{- if .Values.pinnipedProxy.enabled }} - name: pinniped-proxy image: {{ include "common.images.image" (dict "imageRoot" .Values.pinnipedProxy.image "global" .Values.global) }} imagePullPolicy: {{ .Values.pinnipedProxy.image.pullPolicy | quote }} diff --git a/chart/kubeapps/templates/kubeappsapis/deployment.yaml b/chart/kubeapps/templates/kubeappsapis/deployment.yaml index 59a845a49f0..82b7ba7a1ed 100644 --- a/chart/kubeapps/templates/kubeappsapis/deployment.yaml +++ b/chart/kubeapps/templates/kubeappsapis/deployment.yaml @@ -1,4 +1,3 @@ -{{- if .Values.featureFlags.kubeappsAPIsServer }} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: @@ -29,9 +28,7 @@ spec: {{- end }} spec: {{- include "kubeapps.imagePullSecrets" . | indent 6 }} - {{- if .Values.kubeappsapis.unsafeUseDemoSA }} serviceAccountName: {{ template "kubeapps.kubeappsapis.fullname" . }} - {{- end }} {{- if .Values.kubeappsapis.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.hostAliases "context" $) | nindent 8 }} {{- end }} @@ -81,9 +78,6 @@ spec: {{- if .Values.pinnipedProxy.enabled }} - --pinniped-proxy-url=http://{{ template "kubeapps.pinniped-proxy.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.pinnipedProxy.containerPort }} {{- end }} - {{- if .Values.kubeappsapis.unsafeUseDemoSA }} - - --unsafe-use-demo-sa=true - {{- end }} env: - name: PORT value: {{ .Values.kubeappsapis.containerPort | quote }} @@ -164,4 +158,3 @@ spec: - name: ca-certs emptyDir: {} {{- end }} -{{- end }} diff --git a/chart/kubeapps/templates/kubeappsapis/rbac.yaml b/chart/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml similarity index 61% rename from chart/kubeapps/templates/kubeappsapis/rbac.yaml rename to chart/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml index 5a4072fb5b5..98d19190ee7 100644 --- a/chart/kubeapps/templates/kubeappsapis/rbac.yaml +++ b/chart/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml @@ -1,10 +1,9 @@ -{{- if .Values.featureFlags.kubeappsAPIsServer }} +{{- if has "fluxv2" .Values.kubeappsapis.enabledPlugins }} {{- if .Values.rbac.create -}} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRole metadata: - name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} + name: "kubeapps:controller:kubeapps-apis-fluxv2-plugin" labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeappsapis {{- if .Values.commonLabels }} @@ -14,26 +13,18 @@ metadata: annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} rules: - - apiGroups: - - "packageinstalls.packaging.carvel.dev" - - "packagerepositories.packaging.carvel.dev" - - "source.toolkit.fluxcd.io" - - "helm.toolkit.fluxcd.io" - resources: ['*'] - verbs: ['*'] - # So that our dev user is seen as having access to a namespace. - # We'll need to add rbac for our dev user to install later as well. - - apiGroups: [""] - resources: ["secrets"] + - apiGroups: ["source.toolkit.fluxcd.io"] + resources: ["helmrepositories"] + verbs: ["get", "list", "watch"] + # needed by fluxv2 plug-in to check whether flux CRDs have been installed + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] verbs: ["get", "list"] -{{- if .Values.kubeappsapis.unsafeUseDemoSA }} -# Dev-only ClusterRoleBinding to the ServiceAccount --- apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: - name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} + name: "kubeapps:controller:kubeapps-apis-fluxv2-plugin" labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeappsapis {{- if .Values.commonLabels }} @@ -45,11 +36,10 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" + name: "kubeapps:controller:kubeapps-apis-fluxv2-plugin" subjects: - kind: ServiceAccount name: {{ template "kubeapps.kubeappsapis.fullname" . }} namespace: {{ .Release.Namespace }} {{- end }} {{- end }} -{{- end }} diff --git a/chart/kubeapps/templates/kubeappsapis/service.yaml b/chart/kubeapps/templates/kubeappsapis/service.yaml index 8fc422f3851..3ff1803d082 100644 --- a/chart/kubeapps/templates/kubeappsapis/service.yaml +++ b/chart/kubeapps/templates/kubeappsapis/service.yaml @@ -1,4 +1,3 @@ -{{- if .Values.featureFlags.kubeappsAPIsServer }} apiVersion: v1 kind: Service metadata: @@ -27,4 +26,3 @@ spec: name: grpc-http selector: {{- include "common.labels.matchLabels" . | nindent 4 }} app.kubernetes.io/component: kubeappsapis -{{- end }} diff --git a/chart/kubeapps/templates/kubeappsapis/serviceaccount.yaml b/chart/kubeapps/templates/kubeappsapis/serviceaccount.yaml index 5dc5e3a58be..b3c64aa071a 100644 --- a/chart/kubeapps/templates/kubeappsapis/serviceaccount.yaml +++ b/chart/kubeapps/templates/kubeappsapis/serviceaccount.yaml @@ -1,5 +1,3 @@ -{{- if .Values.featureFlags.kubeappsAPIsServer }} - {{- if .Values.kubeappsapis.unsafeUseDemoSA }} apiVersion: v1 kind: ServiceAccount metadata: @@ -13,5 +11,3 @@ metadata: {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} - {{- end }} -{{- end }} diff --git a/chart/kubeapps/templates/kubeops/rbac.yaml b/chart/kubeapps/templates/kubeops/rbac.yaml index 90dd59bc1b0..9a00d28010e 100644 --- a/chart/kubeapps/templates/kubeops/rbac.yaml +++ b/chart/kubeapps/templates/kubeops/rbac.yaml @@ -56,7 +56,6 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRole metadata: name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeops {{- if .Values.commonLabels }} @@ -77,7 +76,6 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeops {{- if .Values.commonLabels }} @@ -100,7 +98,6 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRole metadata: name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeops {{- if .Values.commonLabels }} @@ -121,7 +118,6 @@ apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} app.kubernetes.io/component: kubeops {{- if .Values.commonLabels }} diff --git a/chart/kubeapps/values.yaml b/chart/kubeapps/values.yaml index f72012496e1..ad1dcfc5f71 100644 --- a/chart/kubeapps/values.yaml +++ b/chart/kubeapps/values.yaml @@ -1085,8 +1085,13 @@ kubeops: ## @section Assetsvc parameters ## Assetsvc parameters -## +## @deprecated assetsvc: + ## @param assetsvc.enabled Specifies whether this deprecated component should be installed. + ## As per Kubeapps v2.4.0 it is no longer used in the UI. + ## In future releases, this service will get entirely removed. + ## + enabled: false ## Bitnami Kubeapps Assetsvc image ## ref: https://hub.docker.com/r/bitnami/kubeapps-assetsvc/tags/ ## @param assetsvc.image.registry Kubeapps Assetsvc image registry @@ -1505,7 +1510,6 @@ clusters: ## featureFlags: invalidateCache: true - kubeappsAPIsServer: true ## RBAC configuration ## rbac: @@ -1586,8 +1590,6 @@ postgresql: ## @section kubeappsapis parameters kubeappsapis: - ## @param kubeappsapis.unsafeUseDemoSA If true, replace the user's credentials by a full-granted demo service account. Just intended for development purposes. - unsafeUseDemoSA: false ## @param kubeappsapis.enabledPlugins Enabled plugins for the Kubeapps-APIs service ## e.g: ## enabledPlugins: