Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-07 08:07:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/kubeapps] Update the cert-manager annotations (#7434)

Browse Source 
* Chart: update the cert-manager annotations

According to the documentation:
https://cert-manager.io/docs/usage/ingress/#optional-configuration,
the `kubernetes.io/tls-acme` annotations pertains to the kube-lego
project https://github.com/jetstack/kube-lego which is no longer maintained
and has been displaced by cert-manager.
As a result the cert-manager annotations should be used instead.

* Address PR comments

* Add default value to ingress.certManager

* Bump minor version
This commit is contained in:
Hervé
2021-09-16 15:33:21 +02:00
committed by GitHub
parent 99d6299426
commit 360d07c59b
6 changed files with 45 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/kubeapps/Chart.yaml
View File

@@ -33,4 +33,4 @@ maintainers:
name: kubeapps
sources:
- https://github.com/kubeapps/kubeapps
version: 7.4.0
version: 7.5.0

32
bitnami/kubeapps/README.md
View File

@@ -80,21 +80,23 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
### Traffic Exposure Parameters
| Name | Description | Value |
| --------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
| `ingress.enabled` | Enable ingress record generation for Kubeapps | `false` |
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
| `ingress.hostname` | Default host for the ingress record | `kubeapps.local` |
| `ingress.path` | Default path for the ingress record | `/` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` |
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
| Name | Description | Value |
| --------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
| `ingress.enabled` | Enable ingress record generation for Kubeapps | `false` |
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` |
| `ingress.hostname` | Default host for the ingress record | `kubeapps.local` |
| `ingress.path` | Default path for the ingress record | `/` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` |
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
| `ingress.certManager.clusterIssuer` | Cert-manager integration: specify the ClusterIssuer to use | `""` |
| `ingress.certManager.httpIngressClass` | Cert-manager integration: specify the IngressClass to use to solve the challenges | `""` |
| `ingress.certManager.commonName` | Cert-manager integration: specify the common name | `""` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
### Frontend parameters

2
bitnami/kubeapps/templates/_helpers.tpl
View File

@@ -211,7 +211,7 @@ kubeapps: ingress.tls
to be used by the Ingress Controller.
Please use any of these alternatives:
- Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates.
- Relay on cert-manager to create it by setting `ingress.certManager=true`
- Relay on cert-manager to create it by configuring `ingress.certManager.clusterIssuer`
- Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
{{- end -}}
{{- end -}}

10
bitnami/kubeapps/templates/ingress.yaml
View File

@@ -9,8 +9,14 @@ metadata:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- if .Values.ingress.certManager.clusterIssuer }}
cert-manager.io/cluster-issuer: {{ .Values.ingress.certManager.clusterIssuer }}
{{- end }}
{{- if .Values.ingress.certManager.httpIngressClass }}
acme.cert-manager.io/http01-ingress-class: {{ .Values.ingress.certManager.httpIngressClass }}
{{- end }}
{{- if .Values.ingress.certManager.commonName }}
cert-manager.io/common-name: {{ .Values.ingress.certManager.commonName }}
{{- end }}
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" . ) | nindent 4 }}

9
bitnami/kubeapps/values.schema.json
View File

@@ -68,13 +68,20 @@
}
},
"certManager": {
"type": "boolean",
"type": "object",
"form": true,
"title": "Use cert-manager to auto-generate the TLS certificate",
"description": "Add the corresponding annotations for cert-manager to auto-generate the TLS certificate",
"hidden": {
"value": false,
"path": "ingress/enabled"
},
"properties": {
"clusterIssuer": {
"type": "string",
"title": "Cert-manager cluster issuer",
"form": true
}
}
}
}

15
bitnami/kubeapps/values.yaml
View File

@@ -63,7 +63,7 @@ ingress:
##
pathType: ImplementationSpecific
## @param ingress.annotations [object] Additional custom annotations for the ingress record
## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added
## NOTE: The `ingress.certManager` values are intended to be used for managing the cert-manager annotations
##
annotations:
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
@@ -71,13 +71,18 @@ ingress:
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
## You can:
## - Use the `ingress.secrets` parameter to create this TLS secret
## - Relay on cert-manager to create it by setting `ingress.certManager=true`
## - Relay on cert-manager to create it by configuring `ingress.certManager.clusterIssuer`
## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
##
tls: false
## @param ingress.certManager Add the corresponding annotations for cert-manager integration
##
certManager: false
## @param ingress.certManager Set up the cert-manager integration
## For more information, see: https://cert-manager.io/docs/usage/ingress/#optional-configuration
## e.g.:
## certManager:
## clusterIssuer:
## httpIngressClass:
## commonName:
certManager: {}
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false