From 75216a17be2319852a5fba27b52c7f1a9427e9cd Mon Sep 17 00:00:00 2001 From: kubeapps-bot <83830777+kubeapps-bot@users.noreply.github.com> Date: Thu, 26 Aug 2021 20:08:59 +0200 Subject: [PATCH] [bitnami/kubeapps] Bump chart version to 7.3.0 (#7314) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * kubeapps: bump chart version to 7.3.0-dev0 * Update changes from dev Signed-off-by: Antonio Gamez Diaz * Use the new kubeapps-apis image container Signed-off-by: Antonio Gamez Diaz * Add new section into the values.yaml for redis * Update README.md * Use latest Redis chart version Chart.lock will be automatically updated * Update Chart.lock Co-authored-by: Antonio Gamez Diaz Co-authored-by: Carlos Rodríguez Hernández --- bitnami/kubeapps/Chart.lock | 7 +- bitnami/kubeapps/Chart.yaml | 10 +- bitnami/kubeapps/README.md | 194 ++++++++++----- bitnami/kubeapps/templates/NOTES.txt | 11 + bitnami/kubeapps/templates/_helpers.tpl | 34 +++ .../templates/dashboard/configmap.yaml | 4 +- .../templates/frontend/configmap.yaml | 37 ++- .../templates/frontend/deployment.yaml | 3 + .../templates/kubeappsapis/deployment.yaml | 167 +++++++++++++ .../kubeapps/templates/kubeappsapis/rbac.yaml | 55 ++++ .../templates/kubeappsapis/service.yaml | 30 +++ .../kubeappsapis/serviceaccount.yaml | 17 ++ bitnami/kubeapps/values.yaml | 234 ++++++++++++++++++ 13 files changed, 729 insertions(+), 74 deletions(-) create mode 100644 bitnami/kubeapps/templates/kubeappsapis/deployment.yaml create mode 100644 bitnami/kubeapps/templates/kubeappsapis/rbac.yaml create mode 100644 bitnami/kubeapps/templates/kubeappsapis/service.yaml create mode 100644 bitnami/kubeapps/templates/kubeappsapis/serviceaccount.yaml diff --git a/bitnami/kubeapps/Chart.lock b/bitnami/kubeapps/Chart.lock index 6609a179d6..8b37f235d9 100644 --- a/bitnami/kubeapps/Chart.lock +++ b/bitnami/kubeapps/Chart.lock @@ -5,5 +5,8 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami version: 10.9.4 -digest: sha256:f4d0abcb01ae285ae5f175e92030aeeef71e5543d73285303fcc1fa18d45e729 -generated: "2021-08-25T19:15:23.873371643Z" +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 15.0.1 +digest: sha256:1f04423073d4a65192c94e188f23e3e1ee5eab39988a2b747ab4d5589129d4f8 +generated: "2021-08-26T15:20:41.709491535Z" diff --git a/bitnami/kubeapps/Chart.yaml b/bitnami/kubeapps/Chart.yaml index 33b9ba5911..4c9248c56e 100644 --- a/bitnami/kubeapps/Chart.yaml +++ b/bitnami/kubeapps/Chart.yaml @@ -11,6 +11,14 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami version: 10.x.x + # Currently redis is only used for an in-progress plugin for flux support. + # Our upstream bitnami/kubeapps chart should not include redis as a + # dependency yet, and in development we can set redis.enabled if developing + # other plugins only. + - name: redis + repository: https://charts.bitnami.com/bitnami + version: 15.x.x + condition: redis.enabled description: Kubeapps is a dashboard for your Kubernetes cluster that makes it easy to deploy and manage applications in your cluster using Helm home: https://kubeapps.com icon: https://raw.githubusercontent.com/kubeapps/kubeapps/master/docs/img/logo.png @@ -25,4 +33,4 @@ maintainers: name: kubeapps sources: - https://github.com/kubeapps/kubeapps -version: 7.2.3 +version: 7.3.0 diff --git a/bitnami/kubeapps/README.md b/bitnami/kubeapps/README.md index 539efa0d05..f2b7153066 100644 --- a/bitnami/kubeapps/README.md +++ b/bitnami/kubeapps/README.md @@ -167,64 +167,66 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith ### Dashboard parameters -| Name | Description | Value | -| ------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------------------- | -| `dashboard.image.registry` | Dashboard image registry | `docker.io` | -| `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` | -| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.3.4-debian-10-r0` | -| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | -| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | -| `dashboard.image.debug` | Enable image debug mode | `false` | -| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` | -| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` | -| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` | -| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` | -| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` | -| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` | -| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` | -| `dashboard.containerPort` | Dashboard HTTP container port | `8080` | -| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` | -| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` | -| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` | -| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` | -| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | -| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | -| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` | -| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` | -| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` | -| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` | -| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` | -| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` | -| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `dashboard.affinity` | Affinity for pod assignment | `{}` | -| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` | -| `dashboard.tolerations` | Tolerations for pod assignment | `[]` | -| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` | -| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` | -| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` | -| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` | -| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `[]` | -| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `[]` | -| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` | -| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` | +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------- | +| `dashboard.image.registry` | Dashboard image registry | `docker.io` | +| `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` | +| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.3.4-debian-10-r0` | +| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | +| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | +| `dashboard.image.debug` | Enable image debug mode | `false` | +| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` | +| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` | +| `dashboard.remoteComponentsUrl` | Remote URL that can be used to load custom components vs loading from the local filesystem | `""` | +| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` | +| `dashboard.defaultTheme` | Default theme used in the Dashboard if the user has not selected any theme yet. | `""` | +| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` | +| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` | +| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` | +| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` | +| `dashboard.containerPort` | Dashboard HTTP container port | `8080` | +| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` | +| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` | +| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` | +| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` | +| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | +| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | +| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` | +| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` | +| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` | +| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` | +| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` | +| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` | +| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `dashboard.affinity` | Affinity for pod assignment | `{}` | +| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` | +| `dashboard.tolerations` | Tolerations for pod assignment | `[]` | +| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` | +| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` | +| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` | +| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` | +| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `[]` | +| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `[]` | +| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` | +| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` | ### AppRepository Controller parameters @@ -470,6 +472,72 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `postgresql.resources.requests.memory` | The requested memory for the PostreSQL container | `256Mi` | +### kubeappsapis parameters + +| Name | Description | Value | +| ---------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `kubeappsapis.unsafeUseDemoSA` | If true, replace the user's credentials by a full-granted demo service account. Just intented for development purposes. | `false` | +| `kubeappsapis.enabledPlugins` | Enabled plugins for the Kubeapps-APIs service | `[]` | +| `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `docker.io` | +| `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `bitnami/kubeapps-apis` | +| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `2.3.4-debian-10-r0` | +| `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` | +| `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` | +| `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `1` | +| `kubeappsapis.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | +| `kubeappsapis.extraEnvVars` | Array with extra environment variables to add to the KubeappsAPIs container | `[]` | +| `kubeappsapis.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container | `nil` | +| `kubeappsapis.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the KubeappsAPIs container | `nil` | +| `kubeappsapis.containerPort` | KubeappsAPIs HTTP container port | `50051` | +| `kubeappsapis.resources.limits.cpu` | The CPU limits for the KubeappsAPIs container | `250m` | +| `kubeappsapis.resources.limits.memory` | The memory limits for the KubeappsAPIs container | `256Mi` | +| `kubeappsapis.resources.requests.cpu` | The requested CPU for the KubeappsAPIs container | `25m` | +| `kubeappsapis.resources.requests.memory` | The requested memory for the KubeappsAPIs container | `32Mi` | +| `kubeappsapis.podSecurityContext.enabled` | Enabled KubeappsAPIs pods' Security Context | `true` | +| `kubeappsapis.podSecurityContext.fsGroup` | Set KubeappsAPIs pod's Security Context fsGroup | `1001` | +| `kubeappsapis.containerSecurityContext.enabled` | Enabled KubeappsAPIs containers' Security Context | `true` | +| `kubeappsapis.containerSecurityContext.runAsUser` | Set KubeappsAPIs container's Security Context runAsUser | `1001` | +| `kubeappsapis.containerSecurityContext.runAsNonRoot` | Set KubeappsAPIs container's Security Context runAsNonRoot | `true` | +| `kubeappsapis.livenessProbe.enabled` | Enable livenessProbe | `false` | +| `kubeappsapis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `kubeappsapis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `kubeappsapis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `kubeappsapis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `kubeappsapis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `kubeappsapis.readinessProbe.enabled` | Enable readinessProbe | `false` | +| `kubeappsapis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `kubeappsapis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `kubeappsapis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `kubeappsapis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `kubeappsapis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `kubeappsapis.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `kubeappsapis.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `kubeappsapis.lifecycleHooks` | Custom lifecycle hooks for KubeappsAPIs containers | `{}` | +| `kubeappsapis.podLabels` | Extra labels for KubeappsAPIs pods | `{}` | +| `kubeappsapis.podAnnotations` | Annotations for KubeappsAPIs pods | `{}` | +| `kubeappsapis.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeappsapis.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `kubeappsapis.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `kubeappsapis.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `kubeappsapis.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `kubeappsapis.affinity` | Affinity for pod assignment | `{}` | +| `kubeappsapis.nodeSelector` | Node labels for pod assignment | `{}` | +| `kubeappsapis.tolerations` | Tolerations for pod assignment | `[]` | +| `kubeappsapis.priorityClassName` | Priority class name for KubeappsAPIs pods | `nil` | +| `kubeappsapis.hostAliases` | Custom host aliases for KubeappsAPIs pods | `[]` | +| `kubeappsapis.service.port` | KubeappsAPIs service HTTP port | `8080` | +| `kubeappsapis.service.annotations` | Additional custom annotations for KubeappsAPIs service | `{}` | + + +### Redis™ chart configuration + +| Name | Description | Value | +| ---------------------------- | ---------------------------------------------------------------- | ------- | +| `redis.redisPassword` | Password used in Redis™ | `""` | +| `redis.enabled` | Enable the Redis™ deployment when deploying Kubeapps APIs. | `false` | +| `redis.replica.replicaCount` | Number of Redis™ replicas to deploy | `0` | + + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash @@ -490,7 +558,7 @@ helm install kubeapps --namespace kubeapps -f custom-values.yaml bitnami/kubeapp ### Configuring Initial Repositories -By default, Kubeapps will track the [community Helm charts](https://github.com/helm/charts) and the [Kubernetes Service Catalog charts](https://github.com/kubernetes-incubator/service-catalog). To change these defaults, override with your desired parameters the `apprepository.initialRepos` object present in the [values.yaml](values.yaml) file. +By default, Kubeapps will track the [community Helm charts](https://github.com/helm/charts). To change these defaults, override with your desired parameters the `apprepository.initialRepos` object present in the [values.yaml](values.yaml) file. ### Enabling Operators @@ -658,7 +726,7 @@ Besides, if you are using the OAuth2/OIDC login (more information at the [using ```bash helm install kubeapps bitnami/kubeapps \ --namespace kubeapps \ - # ... other OIDC flags + # ... other OIDC flags --set authProxy.oauthLoginURI="/subpath/oauth2/login" \ --set authProxy.oauthLogoutURI="/subpath/oauth2/logout" \ --set authProxy.additionalFlags="{,--proxy-prefix=/subpath/oauth2}" @@ -700,9 +768,9 @@ Kubeapps uses the currently logged-in user credential to retrieve the list of al To reduce this time, you can increase the number of checks that Kubeapps will perform in parallel (per connection) setting the value: `kubeops.burst=` and `kubeops.QPS=`. The default value, if not set, is 15 burst requests and 10 QPS afterwards. -### More questions? +### More questions? -Feel free to [open an issue](https://github.com/kubeapps/kubeapps/issues/new) if you have any questions! +Feel free to [open an issue](https://github.com/kubeapps/kubeapps/issues/new) if you have any questions! ## Troubleshooting @@ -810,7 +878,7 @@ Kubeapps 2.3.1 (Chart version 6.0.0) introduces some breaking changes. Helm spec 1. Kubeapps will no longer create a database secret for you automatically but rather will rely on the default behavior of the PostgreSQL chart. If you try to upgrade Kubeapps and you installed it without setting a password, you will get the following error: ```console -Error: UPGRADE FAILED: template: kubeapps/templates/NOTES.txt:73:4: executing "kubeapps/templates/NOTES.txt" at : error calling include: template: kubeapps/charts/common/templates/_errors.tpl:18:48: executing "common.errors.upgrade.passwords.empty" at : error calling fail: +Error: UPGRADE FAILED: template: kubeapps/templates/NOTES.txt:73:4: executing "kubeapps/templates/NOTES.txt" at : error calling include: template: kubeapps/charts/common/templates/_errors.tpl:18:48: executing "common.errors.upgrade.passwords.empty" at : error calling fail: PASSWORDS ERROR: you must provide your current passwords when upgrade the release 'postgresql.postgresqlPassword' must not be empty, please add '--set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD' to the command. To get the current value: ``` diff --git a/bitnami/kubeapps/templates/NOTES.txt b/bitnami/kubeapps/templates/NOTES.txt index 83bb36324b..6c8d80bdc9 100644 --- a/bitnami/kubeapps/templates/NOTES.txt +++ b/bitnami/kubeapps/templates/NOTES.txt @@ -1,5 +1,7 @@ {{- $postgresqlSecretName := include "kubeapps.postgresql.secretName" . -}} +{{- $redisSecretName := include "kubeapps.redis.secretName" . -}} + ** Please be patient while the chart is being deployed ** Tip: @@ -65,11 +67,20 @@ To access Kubeapps from outside your K8s cluster, follow the steps below: ########################################################################################################## {{- end }} +{{ if and (.Values.redis.enabled) (not .Values.redis.existingSecret) (empty .Values.redis.redisPassword) -}} +########################################################################################################## +### WARNING: You did not provide a value for the redisPassword so one has been generated randomly ### +########################################################################################################## +{{- end }} + {{- $passwordValidationErrors := list -}} {{- $postgresqlPasswordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" $postgresqlSecretName "subchart" true "context" $) -}} {{- $passwordValidationErrors = append $passwordValidationErrors $postgresqlPasswordValidationErrors -}} +{{- $redisPasswordValidationErrors := include "common.validations.values.redis.passwords" (dict "secret" $redisSecretName "subchart" true "context" $) -}} +{{- $passwordValidationErrors = append $passwordValidationErrors $redisPasswordValidationErrors -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} {{- include "kubeapps.checkRollingTags" . }} {{- include "kubeapps.validateValues" . }} diff --git a/bitnami/kubeapps/templates/_helpers.tpl b/bitnami/kubeapps/templates/_helpers.tpl index 53c80b32a8..ae90897ea8 100644 --- a/bitnami/kubeapps/templates/_helpers.tpl +++ b/bitnami/kubeapps/templates/_helpers.tpl @@ -16,6 +16,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create a default fully qualified app name for Redis dependency. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "kubeapps.redis.fullname" -}} +{{- $name := default "redis" .Values.redis.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create name for the apprepository-controller based on the fullname */}} @@ -72,6 +81,20 @@ Create proxy_pass for the frontend config http://{{ include "kubeapps.kubeops.fullname" . }}:{{ .Values.kubeops.service.port }} {{- end -}} +{{/* +Create proxy_pass for the kubeappsapis +*/}} +{{- define "kubeapps.kubeappsapis.proxy_pass" -}} +http://{{ include "kubeapps.kubeappsapis.fullname" . }}:{{ .Values.kubeappsapis.service.port }} +{{- end -}} + +{{/* +Create name for kubeappsapis based on the fullname +*/}} +{{- define "kubeapps.kubeappsapis.fullname" -}} +{{- printf "%s-internal-kubeappsapis" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create name for the secrets related to oauth2_proxy */}} @@ -152,6 +175,17 @@ Return the Postgresql secret name {{- end -}} {{- end -}} +{{/* +Return the Redis secret name +*/}} +{{- define "kubeapps.redis.secretName" -}} + {{- if .Values.redis.existingSecret }} + {{- printf "%s" .Values.redis.existingSecret -}} + {{- else -}} + {{- printf "%s" (include "kubeapps.redis.fullname" .) -}} + {{- end -}} +{{- end -}} + {{/* Compile all warnings into a single message, and call fail. */}} diff --git a/bitnami/kubeapps/templates/dashboard/configmap.yaml b/bitnami/kubeapps/templates/dashboard/configmap.yaml index e2fa529492..16a94b2802 100644 --- a/bitnami/kubeapps/templates/dashboard/configmap.yaml +++ b/bitnami/kubeapps/templates/dashboard/configmap.yaml @@ -75,5 +75,7 @@ data: "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }}, "authProxySkipLoginPage": {{ .Values.authProxy.skipKubeappsLoginPage }}, "featureFlags": {{ .Values.featureFlags | toJson }}, - "clusters": {{ template "kubeapps.clusterNames" . }} + "clusters": {{ template "kubeapps.clusterNames" . }}, + "theme": "{{ .Values.dashboard.defaultTheme }}", + "remoteComponentsUrl": "{{ .Values.dashboard.remoteComponentsUrl }}" } diff --git a/bitnami/kubeapps/templates/frontend/configmap.yaml b/bitnami/kubeapps/templates/frontend/configmap.yaml index dac783226f..4840caf207 100644 --- a/bitnami/kubeapps/templates/frontend/configmap.yaml +++ b/bitnami/kubeapps/templates/frontend/configmap.yaml @@ -111,14 +111,15 @@ data: rewrite ^ $request_uri; # pass the encoded url downstream as is, rewrite /api/assetsvc([^?]*) /assetsvc$1?$args break; + {{- if .Values.frontend.proxypassExtraSetHeader }} + proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; + {{- end }} + {{- if .Values.frontend.proxypassAccessTokenAsBearer }} # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; {{- end }} - {{- if .Values.frontend.proxypassExtraSetHeader }} - proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; - {{- end }} proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}}; } @@ -128,30 +129,52 @@ data: proxy_read_timeout 10m; rewrite /api/kubeops/(.*) /$1 break; rewrite /api/kubeops / break; + {{- if .Values.frontend.proxypassExtraSetHeader }} proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; {{- end }} - proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}}; {{- if .Values.frontend.proxypassAccessTokenAsBearer }} # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; {{- end }} + + proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}}; } + {{- if .Values.featureFlags.kubeappsAPIsServer }} + location ~* /apis { + rewrite ^ $request_uri; # pass the encoded url downstream as is, + rewrite /apis/([^?]*) /$1 break; + rewrite /apis / break; + + {{- if .Values.frontend.proxypassExtraSetHeader }} + proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; + {{- end }} + + {{- if .Values.frontend.proxypassAccessTokenAsBearer }} + # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. + proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; + {{- end }} + + proxy_pass {{ include "kubeapps.kubeappsapis.proxy_pass" . -}}; + } + {{- end }} + # The route for the Kubeapps backend API is not prefixed. location ~* /api/ { rewrite /api/(.*) /backend/$1 break; rewrite /api/ /backend break; + {{- if .Values.frontend.proxypassExtraSetHeader }} + proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; + {{- end }} + {{- if .Values.frontend.proxypassAccessTokenAsBearer }} # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; {{- end }} - {{- if .Values.frontend.proxypassExtraSetHeader }} - proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; - {{- end }} proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}}; } diff --git a/bitnami/kubeapps/templates/frontend/deployment.yaml b/bitnami/kubeapps/templates/frontend/deployment.yaml index 05f56f773f..cbba8ba890 100644 --- a/bitnami/kubeapps/templates/frontend/deployment.yaml +++ b/bitnami/kubeapps/templates/frontend/deployment.yaml @@ -123,8 +123,11 @@ spec: - --skip-auth-regex=^\/config\.json$ - --skip-auth-regex=^\/manifest\.json$ - --skip-auth-regex=^\/custom_style\.css$ + - --skip-auth-regex=^\/clr-ui.min\.css$ + - --skip-auth-regex=^\/clr-ui-dark.min\.css$ - --skip-auth-regex=^\/custom_locale\.json$ - --skip-auth-regex=^\/favicon.*\.png$ + - --skip-auth-regex=^\/favicon.*\.ico$ - --skip-auth-regex=^\/static\/ - --skip-auth-regex=^\/$ - --scope={{ .Values.authProxy.scope }} diff --git a/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml b/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml new file mode 100644 index 0000000000..59a845a49f --- /dev/null +++ b/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml @@ -0,0 +1,167 @@ +{{- if .Values.featureFlags.kubeappsAPIsServer }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "kubeapps.kubeappsapis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app.kubernetes.io/component: kubeappsapis + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.kubeappsapis.replicaCount }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: kubeappsapis + template: + metadata: + {{- if .Values.kubeappsapis.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: kubeappsapis + {{- if .Values.kubeappsapis.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + {{- include "kubeapps.imagePullSecrets" . | indent 6 }} + {{- if .Values.kubeappsapis.unsafeUseDemoSA }} + serviceAccountName: {{ template "kubeapps.kubeappsapis.fullname" . }} + {{- end }} + {{- if .Values.kubeappsapis.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.hostAliases "context" $) | nindent 8 }} + {{- end }} + # Increase termination timeout to let remaining operations to finish before killing the pods + # This is because new releases/upgrades/deletions are synchronous operations + {{- if .Values.kubeappsapis.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeappsapis.podAffinityPreset "component" "kubeappsapis" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeappsapis.podAntiAffinityPreset "component" "kubeappsapis" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.kubeappsapis.nodeAffinityPreset.type "key" .Values.kubeappsapis.nodeAffinityPreset.key "values" .Values.kubeappsapis.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.kubeappsapis.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubeappsapis.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubeappsapis.priorityClassName }} + priorityClassName: {{ .Values.kubeappsapis.priorityClassName | quote }} + {{- end }} + {{- if .Values.kubeappsapis.podSecurityContext.enabled }} + securityContext: {{- omit .Values.kubeappsapis.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.kubeappsapis.terminationGracePeriodSeconds }} + containers: + - name: kubeappsapis + image: {{ include "common.images.image" (dict "imageRoot" .Values.kubeappsapis.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.kubeappsapis.image.pullPolicy | quote }} + {{- if .Values.kubeappsapis.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.kubeappsapis.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.kubeappsapis.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + command: + - /kubeapps-apis + args: + {{- range .Values.kubeappsapis.enabledPlugins }} + - --plugin-dir + - /plugins/{{ . }} + {{- end }} + {{- if .Values.clusters }} + - --clusters-config-path=/config/clusters.conf + {{- end }} + {{- if .Values.pinnipedProxy.enabled }} + - --pinniped-proxy-url=http://{{ template "kubeapps.pinniped-proxy.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.pinnipedProxy.containerPort }} + {{- end }} + {{- if .Values.kubeappsapis.unsafeUseDemoSA }} + - --unsafe-use-demo-sa=true + {{- end }} + env: + - name: PORT + value: {{ .Values.kubeappsapis.containerPort | quote }} + {{- if .Values.redis.enabled }} + # REDIS-* vars are required by the plugins for caching functionality + # TODO (gfichtenolt) this as required by the kubeapps apis service (which will + # longer-term pass something to the plugins so that the plugins won't need to + # know these details). Currently they're used directly by the flux plugin + - name: REDIS_ADDR + value: kubeapps-redis-master.{{ .Release.Namespace }}.svc.cluster.local:6379 + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: redis-password + name: {{ include "kubeapps.redis.secretName" . }} + - name: REDIS_DB + value: "0" + {{- end }} + # TODO(agamez): pass this configuration using a separated config file + # These env vars are currently (and temporarily) required by the 'helm' plugin + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ASSET_SYNCER_DB_URL + value: {{ template "kubeapps.postgresql.fullname" . }}-headless:{{ default "5432" .Values.postgresql.service.port }} + - name: ASSET_SYNCER_DB_NAME + value: {{ .Values.postgresql.postgresqlDatabase }} + - name: ASSET_SYNCER_DB_USERNAME + value: postgres + - name: ASSET_SYNCER_DB_USERPASSWORD + valueFrom: + secretKeyRef: + key: postgresql-password + name: {{ include "kubeapps.postgresql.secretName" . }} + {{- if .Values.kubeappsapis.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.kubeappsapis.extraEnvVarsCM .Values.kubeappsapis.extraEnvVarsSecret }} + envFrom: + {{- if .Values.kubeappsapis.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.kubeappsapis.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: grpc-http + containerPort: {{ .Values.kubeappsapis.containerPort }} + {{- if .Values.kubeappsapis.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.kubeappsapis.livenessProbe "enabled" | toYaml | nindent 12 }} + {{- else if .Values.kubeappsapis.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.kubeappsapis.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.kubeappsapis.readinessProbe "enabled" | toYaml | nindent 12 }} + {{- else if .Values.kubeappsapis.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.kubeappsapis.resources }} + resources: {{- toYaml .Values.kubeappsapis.resources | nindent 12 }} + {{- end }} + {{- if .Values.clusters }} + volumeMounts: + - name: clusters-config + mountPath: /config + - name: ca-certs + mountPath: /etc/additional-clusters-cafiles + {{- end }} + {{- if .Values.clusters }} + volumes: + - name: clusters-config + configMap: + name: {{ template "kubeapps.clusters-config.fullname" . }} + - name: ca-certs + emptyDir: {} + {{- end }} +{{- end }} diff --git a/bitnami/kubeapps/templates/kubeappsapis/rbac.yaml b/bitnami/kubeapps/templates/kubeappsapis/rbac.yaml new file mode 100644 index 0000000000..5a4072fb5b --- /dev/null +++ b/bitnami/kubeapps/templates/kubeappsapis/rbac.yaml @@ -0,0 +1,55 @@ +{{- if .Values.featureFlags.kubeappsAPIsServer }} +{{- if .Values.rbac.create -}} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: kubeappsapis + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "packageinstalls.packaging.carvel.dev" + - "packagerepositories.packaging.carvel.dev" + - "source.toolkit.fluxcd.io" + - "helm.toolkit.fluxcd.io" + resources: ['*'] + verbs: ['*'] + # So that our dev user is seen as having access to a namespace. + # We'll need to add rbac for our dev user to install later as well. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] +{{- if .Values.kubeappsapis.unsafeUseDemoSA }} +# Dev-only ClusterRoleBinding to the ServiceAccount +--- +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: kubeappsapis + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" +subjects: + - kind: ServiceAccount + name: {{ template "kubeapps.kubeappsapis.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} +{{- end }} diff --git a/bitnami/kubeapps/templates/kubeappsapis/service.yaml b/bitnami/kubeapps/templates/kubeappsapis/service.yaml new file mode 100644 index 0000000000..8fc422f385 --- /dev/null +++ b/bitnami/kubeapps/templates/kubeappsapis/service.yaml @@ -0,0 +1,30 @@ +{{- if .Values.featureFlags.kubeappsAPIsServer }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kubeapps.kubeappsapis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: kubeappsapis + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if or .Values.kubeappsapis.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.kubeappsapis.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.kubeappsapis.service.port }} + targetPort: grpc-http + protocol: TCP + name: grpc-http + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: kubeappsapis +{{- end }} diff --git a/bitnami/kubeapps/templates/kubeappsapis/serviceaccount.yaml b/bitnami/kubeapps/templates/kubeappsapis/serviceaccount.yaml new file mode 100644 index 0000000000..5dc5e3a58b --- /dev/null +++ b/bitnami/kubeapps/templates/kubeappsapis/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.featureFlags.kubeappsAPIsServer }} + {{- if .Values.kubeappsapis.unsafeUseDemoSA }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kubeapps.kubeappsapis.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: kubeappsapis + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bitnami/kubeapps/values.yaml b/bitnami/kubeapps/values.yaml index 657609b4f2..b34ad0f7e4 100644 --- a/bitnami/kubeapps/values.yaml +++ b/bitnami/kubeapps/values.yaml @@ -437,6 +437,9 @@ dashboard: ## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/developer/custom-form-component-support.md ## customComponents: "" + ## @param dashboard.remoteComponentsUrl Remote URL that can be used to load custom components vs loading from the local filesystem + ## + remoteComponentsUrl: "" ## @param dashboard.customLocale Custom translations injected to the Dashboard to customize the strings used in Kubeapps ## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/developer/translate-kubeapps.md ## e.g: @@ -445,6 +448,12 @@ dashboard: ## "login-oidc": "Login with my company SSO" ## customLocale: "" + ## @param dashboard.defaultTheme Default theme used in the Dashboard if the user has not selected any theme yet. + ## enum: [ "light", "dark" ] + ## e.g: + ## defaultTheme: dark + ## + defaultTheme: "" ## @param dashboard.replicaCount Number of Dashboard replicas to deploy ## replicaCount: 2 @@ -1451,6 +1460,7 @@ clusters: ## featureFlags: invalidateCache: true + kubeappsAPIsServer: true ## RBAC configuration ## rbac: @@ -1528,3 +1538,227 @@ postgresql: requests: memory: 256Mi cpu: 250m + +## @section kubeappsapis parameters +kubeappsapis: + ## @param kubeappsapis.unsafeUseDemoSA If true, replace the user's credentials by a full-granted demo service account. Just intented for development purposes. + unsafeUseDemoSA: false + ## @param kubeappsapis.enabledPlugins Enabled plugins for the Kubeapps-APIs service + ## e.g: + ## enabledPlugins: + ## - helm + ## - fluxv2 + ## - kapp_controller + ## + enabledPlugins: + - helm + ## Bitnami Kubeapps-APIs image + ## ref: https://hub.docker.com/r/bitnami/kubeapps-apis/tags/ + ## @param kubeappsapis.image.registry Kubeapps-APIs image registry + ## @param kubeappsapis.image.repository Kubeapps-APIs image repository + ## @param kubeappsapis.image.tag Kubeapps-APIs image tag (immutable tags are recommended) + ## @param kubeappsapis.image.pullPolicy Kubeapps-APIs image pull policy + ## @param kubeappsapis.image.pullSecrets Kubeapps-APIs image pull secrets + ## + image: + registry: docker.io + repository: bitnami/kubeapps-apis + tag: 2.3.4-debian-10-r0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param kubeappsapis.replicaCount Number of frontend replicas to deploy + ## + replicaCount: 1 + ## @param kubeappsapis.terminationGracePeriodSeconds The grace time period for sig term + ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution + ## + terminationGracePeriodSeconds: 300 + ## @param kubeappsapis.extraEnvVars Array with extra environment variables to add to the KubeappsAPIs container + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param kubeappsapis.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container + ## + extraEnvVarsCM: + ## @param kubeappsapis.extraEnvVarsSecret Name of existing Secret containing extra env vars for the KubeappsAPIs container + ## + extraEnvVarsSecret: + ## @param kubeappsapis.containerPort KubeappsAPIs HTTP container port + ## + containerPort: 50051 + ## KubeappsAPIs containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param kubeappsapis.resources.limits.cpu The CPU limits for the KubeappsAPIs container + ## @param kubeappsapis.resources.limits.memory The memory limits for the KubeappsAPIs container + ## @param kubeappsapis.resources.requests.cpu The requested CPU for the KubeappsAPIs container + ## @param kubeappsapis.resources.requests.memory The requested memory for the KubeappsAPIs container + ## + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 25m + memory: 32Mi + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context + ## @param kubeappsapis.podSecurityContext.fsGroup Set KubeappsAPIs pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context (only main container) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param kubeappsapis.containerSecurityContext.enabled Enabled KubeappsAPIs containers' Security Context + ## @param kubeappsapis.containerSecurityContext.runAsUser Set KubeappsAPIs container's Security Context runAsUser + ## @param kubeappsapis.containerSecurityContext.runAsNonRoot Set KubeappsAPIs container's Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## Configure extra options for KubeappsAPIs containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param kubeappsapis.livenessProbe.enabled Enable livenessProbe + ## @skip kubeappsapis.livenessProbe.httpGet + ## @param kubeappsapis.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param kubeappsapis.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param kubeappsapis.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param kubeappsapis.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param kubeappsapis.livenessProbe.successThreshold Success threshold for livenessProbe + ## KubeappsAPIs containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: false + httpGet: + path: /live + port: 50051 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param kubeappsapis.readinessProbe.enabled Enable readinessProbe + ## @skip kubeappsapis.readinessProbe.httpGet + ## @param kubeappsapis.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param kubeappsapis.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param kubeappsapis.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param kubeappsapis.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param kubeappsapis.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: false + httpGet: + path: /ready + port: 50051 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param kubeappsapis.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param kubeappsapis.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param kubeappsapis.lifecycleHooks Custom lifecycle hooks for KubeappsAPIs containers + ## + lifecycleHooks: {} + ## @param kubeappsapis.podLabels Extra labels for KubeappsAPIs pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param kubeappsapis.podAnnotations Annotations for KubeappsAPIs pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param kubeappsapis.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param kubeappsapis.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## nodeAffinityPreset Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param kubeappsapis.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param kubeappsapis.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param kubeappsapis.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param kubeappsapis.affinity Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## NOTE: kubeappsapis.podAffinityPreset, kubeappsapis.podAntiAffinityPreset, and kubeappsapis.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param kubeappsapis.nodeSelector Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param kubeappsapis.tolerations Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param kubeappsapis.priorityClassName Priority class name for KubeappsAPIs pods + ## + priorityClassName: + ## @param kubeappsapis.hostAliases Custom host aliases for KubeappsAPIs pods + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## kubeappsapis service parameters + ## + service: + ## @param kubeappsapis.service.port KubeappsAPIs service HTTP port + ## + port: 8080 + ## @param kubeappsapis.service.annotations Additional custom annotations for KubeappsAPIs service + ## + annotations: {} + +## @section Redis™ chart configuration +## ref: https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml +## +redis: + ## @param redis.redisPassword Password used in Redis™ + ## ref: https://github.com/bitnami/bitnami-docker-redis/blob/master/README.md#setting-the-server-password-on-first-run + ## + redisPassword: "" + ## @param redis.enabled Enable the Redis™ deployment when deploying Kubeapps APIs. + ## We currently have the situation that Redis is required for the fluxv2 plugin only. + ## Until such a point that we're releasing with the fluxv2 plugin enabled, or the + ## plugin cache support has been generalised so all plugins use Redis, we'll need + ## to manually enable this in dev while ensuring it is false for releases (as it + ## is a conditional dependency in the Chart.yaml). + enabled: false + replica: + ## @param redis.replica.replicaCount Number of Redis™ replicas to deploy + replicaCount: 0