Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-06 23:47:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/kubeapps] add Kubeapps chart

Browse Source
This commit is contained in:
Adnan Abdulhussein
2018-08-09 13:33:02 -07:00
parent 1895be03b3
commit 0a43cb8785
30 changed files with 1393 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bitnami/kubeapps/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
charts/*.tgz

21
bitnami/kubeapps/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

19
bitnami/kubeapps/Chart.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
name: kubeapps
version: 0.1.0
appVersion: 1.0.0.alpha.4
description: Kubeapps is a dashboard for your Kubernetes cluster that makes it easy to deploy and manage applications in your cluster using Helm
icon: https://raw.githubusercontent.com/kubeapps/kubeapps/master/docs/img/logo.png
keywords:
- helm
- dashboard
- service catalog
- deployment
home: https://kubeapps.com
sources:
- https://github.com/kubeapps/kubeapps
maintainers:
- name: bitnami-bot
email: containers@bitnami.com
- name: prydonius
email: adnan@bitnami.com

142
bitnami/kubeapps/README.md Normal file
View File

@@ -0,0 +1,142 @@
# <img src="https://github.com/kubeapps/kubeapps/raw/master/docs/img/logo.png" width="40" align="left"> Kubeapps
[![Build Status](https://travis-ci.org/kubeapps/kubeapps.svg?branch=master)](https://travis-ci.org/kubeapps/kubeapps)
[Kubeapps](https://kubeapps.com) is a web-based UI for deploying and managing applications in Kubernetes clusters. Kubeapps allows you to:
- Browse and deploy [Helm](https://github.com/helm/helm) charts from chart repositories
- Inspect, upgrade and delete Helm-based applications installed in the cluster
- Add custom and private chart repositories (supports [ChartMuseum](https://github.com/helm/chartmuseum) and [JFrog Artifactory](https://www.jfrog.com/confluence/display/RTF/Helm+Chart+Repositories))
- Browse and provision external services from the [Service Catalog](https://github.com/kubernetes-incubator/service-catalog) and available Service Brokers
- Connect Helm-based applications to external services with Service Catalog Bindings
- Secure authentication and authorization based on Kubernetes [Role-Based Access Control](docs/user/access-control.md)
## TL;DR;
```bash
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install --name kubeapps --namespace kubeapps bitnami/kubeapps
```
## Introduction
This chart bootstraps a [Kubeapps](https://kubeapps.com) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
It also packages the [Bitnami MongoDB chart](https://github.com/helm/charts/tree/master/stable/mongodb) which is required for bootstrapping a MongoDB deployment for the database requirements of the Kubeapps application.
## Prerequisites
- Kubernetes 1.8+ (tested with Azure Kubernetes Service, Google Kubernetes Engine, minikube and Docker for Desktop Kubernetes)
- Helm 2.9.1+
- PV provisioner support in the underlying infrastructure
- Administrative access to the cluster to create and update RBAC ClusterRoles
## Installing the Chart
To install the chart with the release name `kubeapps`:
```console
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install --name kubeapps --namespace kubeapps bitnami/kubeapps
```
The command deploys Kubeapps on the Kubernetes cluster in the `kubeapps` namespace. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Upgrading Kubeapps
To upgrade Kubeapps, first ensure you have the updated your local chart repository cache:
```console
$ helm repo update
```
Now upgrade Kubeapps:
```console
$ export RELEASE_NAME=kubeapps
$ export NAMESPACE=kubeapps
$ export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace $NAMESPACE $RELEASE_NAME-mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 --decode)
$ helm upgrade $RELEASE_NAME bitnami/kubeapps --set mongodb.mongodbRootPassword=$MONGODB_ROOT_PASSWORD
```
The above commands ensure the MongoDB password is set to the existing password and not regenerated by the chart.
## Uninstalling Kubeapps
To uninstall/delete the `kubeapps` deployment:
```console
$ helm delete --purge kubeapps
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
For a full list of configuration parameters of the Kubeapps chart, see the [values.yaml](values.yaml) file.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install --name kubeapps --namespace kubeapps \
--set chartsvc.service.port=9090 \
bitnami/kubeapps
```
The above command sets the port for the chartsvc Service to 9090.
Alternatively, a YAML file that specifies the values for parameters can be provided while installing the chart. For example,
```console
$ helm install --name kubeapps --namespace kubeapps -f custom-values.yaml bitnami/kubeapps
```
### Configuring Initial Repositories
By default, Kubeapps will track the [community Helm charts](https://github.com/helm/charts) and the [Kubernetes Service Catalog charts](https://github.com/kubernetes-incubator/service-catalog). To change these defaults, override the `apprepository.initialRepos` object:
```console
$ cat > custom-values.yaml <<EOF
apprepository:
initialRepos:
- name: example
url: https://charts.example.com
EOF
$ helm install --name kubeapps --namespace kubeapps bitnami/kubeapps -f custom-values.yaml
```
### Exposing Externally
#### LoadBalancer Service
The simplest way to expose the Kubeapps Dashboard is to assign a LoadBalancer type to the Kubeapps frontend Service. For example:
```console
$ helm install --name kubeapps --namespace kubeapps bitnami/kubeapps --set frontend.service.type=LoadBalancer
```
Wait for your cluster to assign a LoadBalancer IP or Hostname to the `kubeapps` Service and access it on that address:
```console
$ kubectl get services --namespace kubeapps --watch
```
#### Ingress
This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress](https://hub.kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://hub.kubeapps.com/charts/stable/traefik) you can utilize the ingress controller to expose Kubeapps.
To enable ingress integration, please set `ingress.enabled` to `true`
##### Hosts
Most likely you will only want to have one hostname that maps to this Kubeapps installation, however, it is possible to have more than one host. To facilitate this, the `ingress.hosts` object is an array.
##### Annotations
For annotations, please see [this document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. Annotations can be set using `ingress.annotations`.
##### TLS
TLS can be configured using the `ingress.tls` object in the same format that the Kubernetes Ingress requests. Please see [this example](https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tls) for more information.

6
bitnami/kubeapps/requirements.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: mongodb
repository: https://kubernetes-charts.storage.googleapis.com
version: 4.0.4
digest: sha256:415440e73af7d4b02a10a15f28bb2fc095cbdffdc2e1676d76e0f0eaa1632d50
generated: 2018-08-01T11:50:24.777058724-07:00

4
bitnami/kubeapps/requirements.yaml Normal file
View File

@@ -0,0 +1,4 @@
dependencies:
- name: mongodb
version: ">= 0"
repository: https://kubernetes-charts.storage.googleapis.com

19
bitnami/kubeapps/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,19 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
echo http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- end }}
{{- else if contains "NodePort" .Values.frontend.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kubeapps.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.frontend.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl get svc -w {{ template "kubeapps.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "kubeapps.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.frontend.service.port }}
{{- else if contains "ClusterIP" .Values.frontend.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "kubeapps.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:8080
{{- end }}

97
bitnami/kubeapps/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,97 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kubeapps.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kubeapps.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Render image reference
*/}}
{{- define "kubeapps.image" -}}
{{ .registry }}/{{ .repository }}:{{ .tag }}
{{- end -}}
{{/*
Create a default fully qualified app name for MongoDB dependency.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "kubeapps.mongodb.fullname" -}}
{{- $name := default "mongodb" .Values.mongodb.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kubeapps.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for the apprepository-controller based on the fullname
*/}}
{{- define "kubeapps.apprepository.fullname" -}}
{{ template "kubeapps.fullname" . }}-apprepository-controller
{{- end -}}
{{/*
Create name for the apprepository bootstrap job
*/}}
{{- define "kubeapps.apprepository-jobs-bootstrap.fullname" -}}
{{ template "kubeapps.fullname" . }}-apprepository-jobs-bootstrap
{{- end -}}
{{/*
Create name for the chartsvc based on the fullname
*/}}
{{- define "kubeapps.chartsvc.fullname" -}}
{{ template "kubeapps.fullname" . }}-chartsvc
{{- end -}}
{{/*
Create name for the dashboard based on the fullname
*/}}
{{- define "kubeapps.dashboard.fullname" -}}
{{ template "kubeapps.fullname" . }}-dashboard
{{- end -}}
{{/*
Create name for the dashboard config based on the fullname
*/}}
{{- define "kubeapps.dashboard-config.fullname" -}}
{{ template "kubeapps.fullname" . }}-dashboard-config
{{- end -}}
{{/*
Create name for the frontend config based on the fullname
*/}}
{{- define "kubeapps.frontend-config.fullname" -}}
{{ template "kubeapps.fullname" . }}-frontend-config
{{- end -}}
{{/*
Create name for the tiller-proxy based on the fullname
*/}}
{{- define "kubeapps.tiller-proxy.fullname" -}}
{{ template "kubeapps.fullname" . }}-tiller-proxy
{{- end -}}

17
bitnami/kubeapps/templates/apprepository-crd.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: apprepositories.kubeapps.com
labels:
app: {{ template "kubeapps.apprepository.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
group: kubeapps.com
names:
kind: AppRepository
plural: apprepositories
shortNames:
- apprepos
version: v1alpha1

47
bitnami/kubeapps/templates/apprepository-deployment.yaml Normal file
View File

@@ -0,0 +1,47 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:
app: {{ template "kubeapps.apprepository.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "kubeapps.apprepository.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "kubeapps.apprepository.fullname" . }}
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "kubeapps.apprepository.fullname" . }}
containers:
- name: controller
image: {{ template "kubeapps.image" .Values.apprepository.image }}
command:
- /apprepository-controller
args:
- --logtostderr
- --repo-sync-image={{ template "kubeapps.image" .Values.apprepository.syncImage }}
- --namespace={{ .Release.Namespace }}
- --mongo-url={{ template "kubeapps.mongodb.fullname" . }}
- --mongo-secret-name={{ template "kubeapps.mongodb.fullname" . }}
resources:
{{ toYaml .Values.apprepository.resources | indent 12 }}
{{- with .Values.apprepository.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.apprepository.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.apprepository.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

30
bitnami/kubeapps/templates/apprepository-jobs-bootstrap-config.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
annotations:
helm.sh/hook: post-install
helm.sh/hook-delete-policy: hook-succeeded
helm.sh/hook-weight: "-10"
labels:
app: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
apprepositories.yaml: |-
{{- range .Values.apprepository.initialRepos }}
apiVersion: kubeapps.com/v1alpha1
kind: AppRepository
metadata:
name: {{ .name }}
labels:
app: {{ template "kubeapps.apprepository.fullname" $ }}
chart: {{ template "kubeapps.chart" $ }}
release: {{ $.Release.Name }}
heritage: {{ $.Release.Service }}
spec:
type: helm
url: {{ .url }}
---
{{ end -}}

44
bitnami/kubeapps/templates/apprepository-jobs-bootstrap-rbac.yaml Normal file
View File

@@ -0,0 +1,44 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
annotations:
helm.sh/hook: post-install
helm.sh/hook-delete-policy: hook-succeeded
helm.sh/hook-weight: "-10"
labels:
app: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- get
- create
- delete
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
annotations:
helm.sh/hook: post-install
helm.sh/hook-delete-policy: hook-succeeded
helm.sh/hook-weight: "-10"
labels:
app: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
namespace: {{ .Release.Namespace }}

13
bitnami/kubeapps/templates/apprepository-jobs-bootstrap-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
annotations:
helm.sh/hook: post-install
helm.sh/hook-delete-policy: hook-succeeded
helm.sh/hook-weight: "-10"
labels:
app: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}

50
bitnami/kubeapps/templates/apprepository-jobs-bootstrap.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
annotations:
helm.sh/hook: post-install
helm.sh/hook-delete-policy: hook-succeeded
labels:
app: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
template:
metadata:
labels:
app: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
release: {{ .Release.Name }}
spec:
containers:
- name: kubectl
image: {{ template "kubeapps.image" .Values.apprepository.jobsImage }}
command:
- kubectl
- apply
- -f
- /tmp/apprepositories/apprepositories.yaml
volumeMounts:
- mountPath: /tmp/apprepositories
name: apprepositories-config
resources:
{{ toYaml .Values.apprepository.resources | indent 12 }}
volumes:
- name: apprepositories-config
configMap:
name: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
restartPolicy: OnFailure
serviceAccountName: {{ template "kubeapps.apprepository-jobs-bootstrap.fullname" . }}
{{- with .Values.apprepository.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.apprepository.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.apprepository.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

99
bitnami/kubeapps/templates/apprepository-rbac.yaml Normal file
View File

@@ -0,0 +1,99 @@
# Need a cluster role because client-go v5.0.1 does not support namespaced
# informers
# TODO: remove when we update to client-go v6.0.0
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:
app: {{ template "kubeapps.apprepository.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:
app: {{ template "kubeapps.apprepository.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kubeapps.apprepository.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:
app: {{ template "kubeapps.apprepository.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- get
- list
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:
app: {{ template "kubeapps.apprepository.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubeapps.apprepository.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace }}

9
bitnami/kubeapps/templates/apprepository-serviceaccount.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:
app: {{ template "kubeapps.apprepository.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}

52
bitnami/kubeapps/templates/chartsvc-deployment.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "kubeapps.chartsvc.fullname" . }}
labels:
app: {{ template "kubeapps.chartsvc.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "kubeapps.chartsvc.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "kubeapps.chartsvc.fullname" . }}
release: {{ .Release.Name }}
spec:
containers:
- name: chartsvc
image: {{ template "kubeapps.image" .Values.chartsvc.image }}
command:
- /chartsvc
args:
- --mongo-user=root
- --mongo-url={{ template "kubeapps.mongodb.fullname" . }}
env:
- name: MONGO_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "kubeapps.mongodb.fullname" . }}
key: mongodb-root-password
ports:
- name: http
containerPort: {{ .Values.chartsvc.service.port }}
resources:
{{ toYaml .Values.chartsvc.resources | indent 12 }}
{{- with .Values.chartsvc.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.chartsvc.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.chartsvc.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

19
bitnami/kubeapps/templates/chartsvc-service.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.chartsvc.fullname" . }}
labels:
app: {{ template "kubeapps.name" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.chartsvc.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app: {{ template "kubeapps.chartsvc.fullname" . }}
release: {{ .Release.Name }}

26
bitnami/kubeapps/templates/dashboard-config.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
labels:
app: {{ template "kubeapps.dashboard-config.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
vhost.conf: |-
server {
listen 8080;
server_name _;
gzip on;
gzip_static on;
location / {
try_files $uri /index.html;
}
}
config.json: |-
{
"namespace": "{{ .Release.Namespace }}"
}

66
bitnami/kubeapps/templates/dashboard-deployment.yaml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "kubeapps.dashboard.fullname" . }}
labels:
app: {{ template "kubeapps.dashboard.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "kubeapps.dashboard.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/dashboard-config.yaml") . | sha256sum }}
labels:
app: {{ template "kubeapps.dashboard.fullname" . }}
release: {{ .Release.Name }}
spec:
containers:
- name: dashboard
image: {{ template "kubeapps.image" .Values.dashboard.image }}
livenessProbe:
{{ toYaml .Values.dashboard.livenessProbe | indent 10 }}
readinessProbe:
{{ toYaml .Values.dashboard.readinessProbe | indent 10 }}
volumeMounts:
- name: vhost
mountPath: /opt/bitnami/nginx/conf/vhosts
- name: config
mountPath: /app/config.json
subPath: config.json
ports:
- name: http
containerPort: 8080
resources:
{{ toYaml .Values.dashboard.resources | indent 12 }}
volumes:
- name: vhost
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: vhost.conf
path: vhost.conf
- name: config
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: config.json
path: config.json
{{- with .Values.dashboard.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.dashboard.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.dashboard.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

19
bitnami/kubeapps/templates/dashboard-service.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.dashboard.fullname" . }}
labels:
app: {{ template "kubeapps.name" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.dashboard.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app: {{ template "kubeapps.dashboard.fullname" . }}
release: {{ .Release.Name }}

38
bitnami/kubeapps/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,38 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "kubeapps.fullname" . -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
app: {{ include "kubeapps.name" . }}
chart: {{ include "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . | quote }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
{{- end }}

58
bitnami/kubeapps/templates/kubeapps-frontend-config.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubeapps.frontend-config.fullname" . }}
labels:
app: {{ template "kubeapps.frontend-config.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
vhost.conf: |-
# Retain the default nginx handling of requests without a "Connection" header
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
server {
listen 8080;
server_name _;
location /healthz {
access_log off;
default_type text/plain;
return 200 "healthy\n";
}
location /api/kube {
rewrite /api/kube/(.*) /$1 break;
rewrite /api/kube / break;
proxy_pass https://kubernetes.default;
# Disable buffering for log streaming
proxy_buffering off;
# Hide Www-Authenticate to prevent it triggering a basic auth prompt in
# the browser with some clusters
proxy_hide_header Www-Authenticate;
}
location /api/chartsvc {
rewrite /api/chartsvc/(.*) /$1 break;
rewrite /api/chartsvc / break;
proxy_pass http://{{ template "kubeapps.chartsvc.fullname" . }}:{{ .Values.chartsvc.service.port }};
}
location /api/tiller-deploy {
rewrite /api/tiller-deploy/(.*) /$1 break;
rewrite /api/tiller-deploy / break;
proxy_pass http://{{ template "kubeapps.tiller-proxy.fullname" . }}:{{ .Values.tillerProxy.service.port }};
}
location / {
proxy_pass http://{{ template "kubeapps.dashboard.fullname" . }}:{{ .Values.dashboard.service.port }};
}
}

54
bitnami/kubeapps/templates/kubeapps-frontend-deployment.yaml Normal file
View File

@@ -0,0 +1,54 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "kubeapps.fullname" . }}
labels:
app: {{ template "kubeapps.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "kubeapps.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/kubeapps-frontend-config.yaml") . | sha256sum }}
labels:
app: {{ template "kubeapps.fullname" . }}
release: {{ .Release.Name }}
spec:
containers:
- name: nginx
image: {{ template "kubeapps.image" .Values.frontend.image }}
livenessProbe:
{{ toYaml .Values.frontend.livenessProbe | indent 10 }}
readinessProbe:
{{ toYaml .Values.frontend.readinessProbe | indent 10 }}
volumeMounts:
- name: vhost
mountPath: /opt/bitnami/nginx/conf/vhosts
ports:
- name: http
containerPort: 8080
resources:
{{ toYaml .Values.frontend.resources | indent 12 }}
volumes:
- name: vhost
configMap:
name: {{ template "kubeapps.frontend-config.fullname" . }}
{{- with .Values.frontend.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.frontend.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.frontend.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

19
bitnami/kubeapps/templates/kubeapps-frontend-service.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.fullname" . }}
labels:
app: {{ template "kubeapps.name" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.frontend.service.type }}
ports:
- port: {{ .Values.frontend.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app: {{ template "kubeapps.fullname" . }}
release: {{ .Release.Name }}

63
bitnami/kubeapps/templates/tiller-proxy-deployment.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "kubeapps.tiller-proxy.fullname" . }}
labels:
app: {{ template "kubeapps.tiller-proxy.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "kubeapps.tiller-proxy.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "kubeapps.tiller-proxy.fullname" . }}
release: {{ .Release.Name }}
spec:
containers:
- name: proxy
image: {{ template "kubeapps.image" .Values.tillerProxy.image }}
command:
- /proxy
args:
- --host={{ .Values.tillerProxy.host }}
{{- if .Values.tillerProxy.tls }}
- --tls
{{- if .Values.tillerProxy.tls.verify }}
- --tls-verify
{{- end }}
env:
- name: HELM_HOME
value: /etc/certs
volumeMounts:
- name: tiller-certs
mountPath: /etc/certs
{{- end }}
ports:
- name: http
containerPort: {{ .Values.chartsvc.service.port }}
resources:
{{ toYaml .Values.tillerProxy.resources | indent 12 }}
{{- if .Values.tillerProxy.tls }}
volumes:
- name: tiller-certs
secret:
secretName: {{ template "kubeapps.tiller-proxy.fullname" . }}
{{- end }}
{{- with .Values.tillerProxy.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tillerProxy.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tillerProxy.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

18
bitnami/kubeapps/templates/tiller-proxy-secret.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.tillerProxy.tls -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "kubeapps.tiller-proxy.fullname" . }}
labels:
app: {{ template "kubeapps.tiller-proxy.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
ca.crt: |-
{{ .Values.tillerProxy.tls.ca | b64enc | indent 4 }}
tls.crt: |-
{{ .Values.tillerProxy.tls.cert | b64enc | indent 4 }}
tls.key: |-
{{ .Values.tillerProxy.tls.key | b64enc | indent 4 }}
{{- end -}}

19
bitnami/kubeapps/templates/tiller-proxy-service.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.tiller-proxy.fullname" . }}
labels:
app: {{ template "kubeapps.name" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.tillerProxy.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app: {{ template "kubeapps.tiller-proxy.fullname" . }}
release: {{ .Release.Name }}

152
bitnami/kubeapps/templates/user-rbac.yaml Normal file
View File

@@ -0,0 +1,152 @@
# Preset Roles and ClusterRoles that can be bound to users for use with Kubeapps
# See https://github.com/kubeapps/kubeapps/blob/master/docs/user/access-control.md
{{- define "kubeapps.user-rbac.labels" -}}
labels:
app: {{ template "kubeapps.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- end }}
# kubeapps-applications-read
# Gives read-only access to all the elements within a Namespace.
# Usage:
# Apply kubeapps-applications-read clusterrole to user/serviceaccount in the desired namespace
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kubeapps-applications-read
{{ template "kubeapps.user-rbac.labels" . }}
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- list
- get
- watch
---
# kubeapps-service-catalog-read
# Gives read-only access to Service Instances and Bindings within a Namespace in Kubeapps.
# Usage:
# Apply kubeapps-service-catalog-read clusterrole to user/serviceaccount in the desired namespace
# AND apply kubeapps-service-catalog-browse to user/serviceaccount in all namespaces.
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kubeapps-service-catalog-browse
{{ template "kubeapps.user-rbac.labels" . }}
rules:
- apiGroups:
- servicecatalog.k8s.io
resources:
- clusterservicebrokers
- clusterserviceclasses
- clusterserviceplans
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kubeapps-service-catalog-read
{{ template "kubeapps.user-rbac.labels" . }}
rules:
- apiGroups:
- servicecatalog.k8s.io
resources:
- serviceinstances
- servicebindings
verbs:
- list
- get
# Allows viewing Service Binding credentials.
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
---
# kubeapps-service-catalog-write
# Gives write access to Service Instances and Bindings within a Namespace in Kubeapps.
# Usage:
# Apply kubeapps-service-catalog-write clusterrole to user/serviceaccount in the desired namespace.
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kubeapps-service-catalog-write
{{ template "kubeapps.user-rbac.labels" . }}
rules:
- apiGroups:
- servicecatalog.k8s.io
resources:
- serviceinstances
- servicebindings
verbs:
- create
- delete
---
# kubeapps-service-catalog-admin
# Gives admin access for the Service Broker configuration page in Kubeapps.
# Usage:
# Apply kubeapps-service-catalog-admin clusterrole to user/serviceaccount in all namespaces.
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kubeapps-service-catalog-admin
{{ template "kubeapps.user-rbac.labels" . }}
rules:
- apiGroups:
- servicecatalog.k8s.io
resources:
- clusterservicebrokers
verbs:
- patch
---
# kubeapps-repositories-read
# Gives read-only access to App Repositories in Kubeapps.
# Usage:
# Apply kubeapps-repositories-read role to user/serviceaccount in the kubeapps namespace.
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: kubeapps-repositories-read
{{ template "kubeapps.user-rbac.labels" . }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- list
- get
---
# kubeapps-repositories-write
# Gives write access to App Repositories in Kubeapps.
# Usage:
# Apply kubeapps-repositories-write role to user/serviceaccount in the kubeapps namespace.
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: kubeapps-repositories-write
{{ template "kubeapps.user-rbac.labels" . }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- get
- create
- update
- delete
# Allows creating secrets for storing repository credentials
- apiGroups:
- ""
resources:
- secrets
verbs:
- create

172
bitnami/kubeapps/values.yaml Normal file
View File

@@ -0,0 +1,172 @@
# Default values for kubeapps.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
apprepository:
image:
registry: docker.io
repository: kubeapps/apprepository-controller
tag: latest
# Image used to perform chart repository syncs
syncImage:
registry: docker.io
repository: kubeapps/chart-repo
tag: latest
# This image is used in a Helm post-install hook to bootstrap the initialRepos below
jobsImage:
registry: docker.io
repository: lachlanevenson/k8s-kubectl
tag: v1.9.9
initialRepos:
- name: stable
url: https://kubernetes-charts.storage.googleapis.com
- name: incubator
url: https://kubernetes-charts-incubator.storage.googleapis.com
- name: svc-cat
url: https://svc-catalog-charts.storage.googleapis.com
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
chartsvc:
image:
registry: docker.io
repository: kubeapps/chartsvc
tag: latest
service:
port: 8080
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
dashboard:
image:
registry: docker.io
repository: kubeapps/dashboard
tag: latest
service:
port: 8080
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 0
timeoutSeconds: 5
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
frontend:
image:
registry: docker.io
repository: bitnami/nginx
tag: 1.14.0-r27
service:
port: 80
type: ClusterIP
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 60
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 0
timeoutSeconds: 5
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
tillerProxy:
image:
registry: docker.io
repository: kubeapps/tiller-proxy
tag: latest
service:
port: 8080
host: tiller-deploy.kube-system:44134
tls: {}
# ca:
# cert:
# key:
# verify: false
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
ingress:
enabled: false
# annotations: {}
path: /
hosts:
- kubeapps.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
mongodb:
# Kubeapps uses MongoDB as a cache and persistence is not required
persistence:
enabled: false
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}