Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-16 06:47:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/kubeapps] Bump chart version to 7.3.0 (#7314)

Browse Source 
* kubeapps: bump chart version to 7.3.0-dev0

* Update changes from dev

Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>

* Use the new kubeapps-apis image container

Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>

* Add new section into the values.yaml for redis

* Update README.md

* Use latest Redis chart version

Chart.lock will be automatically updated

* Update Chart.lock

Co-authored-by: Antonio Gamez Diaz <agamez@vmware.com>
Co-authored-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
This commit is contained in:
kubeapps-bot
2021-08-26 20:08:59 +02:00
committed by GitHub
parent f4e312ebe1
commit 75216a17be
13 changed files with 729 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
bitnami/kubeapps/Chart.lock
View File

@@ -5,5 +5,8 @@ dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 10.9.4
digest: sha256:f4d0abcb01ae285ae5f175e92030aeeef71e5543d73285303fcc1fa18d45e729
generated: "2021-08-25T19:15:23.873371643Z"
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 15.0.1
digest: sha256:1f04423073d4a65192c94e188f23e3e1ee5eab39988a2b747ab4d5589129d4f8
generated: "2021-08-26T15:20:41.709491535Z"

10
bitnami/kubeapps/Chart.yaml
View File

@@ -11,6 +11,14 @@ dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 10.x.x
# Currently redis is only used for an in-progress plugin for flux support.
# Our upstream bitnami/kubeapps chart should not include redis as a
# dependency yet, and in development we can set redis.enabled if developing
# other plugins only.
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 15.x.x
condition: redis.enabled
description: Kubeapps is a dashboard for your Kubernetes cluster that makes it easy to deploy and manage applications in your cluster using Helm
home: https://kubeapps.com
icon: https://raw.githubusercontent.com/kubeapps/kubeapps/master/docs/img/logo.png
@@ -25,4 +33,4 @@ maintainers:
name: kubeapps
sources:
- https://github.com/kubeapps/kubeapps
version: 7.2.3
version: 7.3.0

194
bitnami/kubeapps/README.md
View File

@@ -167,64 +167,66 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
### Dashboard parameters
| Name | Description | Value |
| ------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------------------- |
| `dashboard.image.registry` | Dashboard image registry | `docker.io` |
| `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` |
| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.3.4-debian-10-r0` |
| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` |
| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` |
| `dashboard.image.debug` | Enable image debug mode | `false` |
| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` |
| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` |
| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` |
| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` |
| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` |
| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` |
| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` |
| `dashboard.containerPort` | Dashboard HTTP container port | `8080` |
| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` |
| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` |
| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` |
| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` |
| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` |
| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` |
| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` |
| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` |
| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` |
| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` |
| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` |
| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` |
| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `dashboard.affinity` | Affinity for pod assignment | `{}` |
| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` |
| `dashboard.tolerations` | Tolerations for pod assignment | `[]` |
| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` |
| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` |
| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` |
| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` |
| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `[]` |
| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `[]` |
| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` |
| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` |
| Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------- |
| `dashboard.image.registry` | Dashboard image registry | `docker.io` |
| `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` |
| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.3.4-debian-10-r0` |
| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` |
| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` |
| `dashboard.image.debug` | Enable image debug mode | `false` |
| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` |
| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` |
| `dashboard.remoteComponentsUrl` | Remote URL that can be used to load custom components vs loading from the local filesystem | `""` |
| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` |
| `dashboard.defaultTheme` | Default theme used in the Dashboard if the user has not selected any theme yet. | `""` |
| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` |
| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` |
| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` |
| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` |
| `dashboard.containerPort` | Dashboard HTTP container port | `8080` |
| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` |
| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` |
| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` |
| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` |
| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` |
| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` |
| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` |
| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` |
| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` |
| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` |
| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` |
| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` |
| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `dashboard.affinity` | Affinity for pod assignment | `{}` |
| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` |
| `dashboard.tolerations` | Tolerations for pod assignment | `[]` |
| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` |
| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` |
| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` |
| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` |
| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `[]` |
| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `[]` |
| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` |
| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` |
### AppRepository Controller parameters
@@ -470,6 +472,72 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
| `postgresql.resources.requests.memory` | The requested memory for the PostreSQL container | `256Mi` |
### kubeappsapis parameters
| Name | Description | Value |
| ---------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `kubeappsapis.unsafeUseDemoSA` | If true, replace the user's credentials by a full-granted demo service account. Just intented for development purposes. | `false` |
| `kubeappsapis.enabledPlugins` | Enabled plugins for the Kubeapps-APIs service | `[]` |
| `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `docker.io` |
| `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `bitnami/kubeapps-apis` |
| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `2.3.4-debian-10-r0` |
| `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` |
| `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` |
| `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `1` |
| `kubeappsapis.terminationGracePeriodSeconds` | The grace time period for sig term | `300` |
| `kubeappsapis.extraEnvVars` | Array with extra environment variables to add to the KubeappsAPIs container | `[]` |
| `kubeappsapis.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container | `nil` |
| `kubeappsapis.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the KubeappsAPIs container | `nil` |
| `kubeappsapis.containerPort` | KubeappsAPIs HTTP container port | `50051` |
| `kubeappsapis.resources.limits.cpu` | The CPU limits for the KubeappsAPIs container | `250m` |
| `kubeappsapis.resources.limits.memory` | The memory limits for the KubeappsAPIs container | `256Mi` |
| `kubeappsapis.resources.requests.cpu` | The requested CPU for the KubeappsAPIs container | `25m` |
| `kubeappsapis.resources.requests.memory` | The requested memory for the KubeappsAPIs container | `32Mi` |
| `kubeappsapis.podSecurityContext.enabled` | Enabled KubeappsAPIs pods' Security Context | `true` |
| `kubeappsapis.podSecurityContext.fsGroup` | Set KubeappsAPIs pod's Security Context fsGroup | `1001` |
| `kubeappsapis.containerSecurityContext.enabled` | Enabled KubeappsAPIs containers' Security Context | `true` |
| `kubeappsapis.containerSecurityContext.runAsUser` | Set KubeappsAPIs container's Security Context runAsUser | `1001` |
| `kubeappsapis.containerSecurityContext.runAsNonRoot` | Set KubeappsAPIs container's Security Context runAsNonRoot | `true` |
| `kubeappsapis.livenessProbe.enabled` | Enable livenessProbe | `false` |
| `kubeappsapis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `kubeappsapis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `kubeappsapis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `kubeappsapis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `kubeappsapis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `kubeappsapis.readinessProbe.enabled` | Enable readinessProbe | `false` |
| `kubeappsapis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `kubeappsapis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `kubeappsapis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `kubeappsapis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `kubeappsapis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `kubeappsapis.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `kubeappsapis.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `kubeappsapis.lifecycleHooks` | Custom lifecycle hooks for KubeappsAPIs containers | `{}` |
| `kubeappsapis.podLabels` | Extra labels for KubeappsAPIs pods | `{}` |
| `kubeappsapis.podAnnotations` | Annotations for KubeappsAPIs pods | `{}` |
| `kubeappsapis.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `kubeappsapis.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `kubeappsapis.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `kubeappsapis.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `kubeappsapis.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `kubeappsapis.affinity` | Affinity for pod assignment | `{}` |
| `kubeappsapis.nodeSelector` | Node labels for pod assignment | `{}` |
| `kubeappsapis.tolerations` | Tolerations for pod assignment | `[]` |
| `kubeappsapis.priorityClassName` | Priority class name for KubeappsAPIs pods | `nil` |
| `kubeappsapis.hostAliases` | Custom host aliases for KubeappsAPIs pods | `[]` |
| `kubeappsapis.service.port` | KubeappsAPIs service HTTP port | `8080` |
| `kubeappsapis.service.annotations` | Additional custom annotations for KubeappsAPIs service | `{}` |
### Redis&trade; chart configuration
| Name | Description | Value |
| ---------------------------- | ---------------------------------------------------------------- | ------- |
| `redis.redisPassword` | Password used in Redis&trade; | `""` |
| `redis.enabled` | Enable the Redis&trade; deployment when deploying Kubeapps APIs. | `false` |
| `redis.replica.replicaCount` | Number of Redis&trade; replicas to deploy | `0` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
@@ -490,7 +558,7 @@ helm install kubeapps --namespace kubeapps -f custom-values.yaml bitnami/kubeapp
### Configuring Initial Repositories
By default, Kubeapps will track the [community Helm charts](https://github.com/helm/charts) and the [Kubernetes Service Catalog charts](https://github.com/kubernetes-incubator/service-catalog). To change these defaults, override with your desired parameters the `apprepository.initialRepos` object present in the [values.yaml](values.yaml) file.
By default, Kubeapps will track the [community Helm charts](https://github.com/helm/charts). To change these defaults, override with your desired parameters the `apprepository.initialRepos` object present in the [values.yaml](values.yaml) file.
### Enabling Operators
@@ -658,7 +726,7 @@ Besides, if you are using the OAuth2/OIDC login (more information at the [using
```bash
helm install kubeapps bitnami/kubeapps \
--namespace kubeapps \
# ... other OIDC flags
# ... other OIDC flags
--set authProxy.oauthLoginURI="/subpath/oauth2/login" \
--set authProxy.oauthLogoutURI="/subpath/oauth2/logout" \
--set authProxy.additionalFlags="{<other flags>,--proxy-prefix=/subpath/oauth2}"
@@ -700,9 +768,9 @@ Kubeapps uses the currently logged-in user credential to retrieve the list of al
To reduce this time, you can increase the number of checks that Kubeapps will perform in parallel (per connection) setting the value: `kubeops.burst=<desired_number>` and `kubeops.QPS=<desired_number>`. The default value, if not set, is 15 burst requests and 10 QPS afterwards.
### More questions?
### More questions?
Feel free to [open an issue](https://github.com/kubeapps/kubeapps/issues/new) if you have any questions!
Feel free to [open an issue](https://github.com/kubeapps/kubeapps/issues/new) if you have any questions!
## Troubleshooting
@@ -810,7 +878,7 @@ Kubeapps 2.3.1 (Chart version 6.0.0) introduces some breaking changes. Helm spec
1. Kubeapps will no longer create a database secret for you automatically but rather will rely on the default behavior of the PostgreSQL chart. If you try to upgrade Kubeapps and you installed it without setting a password, you will get the following error:
```console
Error: UPGRADE FAILED: template: kubeapps/templates/NOTES.txt:73:4: executing "kubeapps/templates/NOTES.txt" at <include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $)>: error calling include: template: kubeapps/charts/common/templates/_errors.tpl:18:48: executing "common.errors.upgrade.passwords.empty" at <fail>: error calling fail:
Error: UPGRADE FAILED: template: kubeapps/templates/NOTES.txt:73:4: executing "kubeapps/templates/NOTES.txt" at <include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $)>: error calling include: template: kubeapps/charts/common/templates/_errors.tpl:18:48: executing "common.errors.upgrade.passwords.empty" at <fail>: error calling fail:
PASSWORDS ERROR: you must provide your current passwords when upgrade the release
'postgresql.postgresqlPassword' must not be empty, please add '--set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD' to the command. To get the current value:
```

11
bitnami/kubeapps/templates/NOTES.txt
View File

@@ -1,5 +1,7 @@
{{- $postgresqlSecretName := include "kubeapps.postgresql.secretName" . -}}
{{- $redisSecretName := include "kubeapps.redis.secretName" . -}}
** Please be patient while the chart is being deployed **
Tip:
@@ -65,11 +67,20 @@ To access Kubeapps from outside your K8s cluster, follow the steps below:
##########################################################################################################
{{- end }}
{{ if and (.Values.redis.enabled) (not .Values.redis.existingSecret) (empty .Values.redis.redisPassword) -}}
##########################################################################################################
### WARNING: You did not provide a value for the redisPassword so one has been generated randomly ###
##########################################################################################################
{{- end }}
{{- $passwordValidationErrors := list -}}
{{- $postgresqlPasswordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" $postgresqlSecretName "subchart" true "context" $) -}}
{{- $passwordValidationErrors = append $passwordValidationErrors $postgresqlPasswordValidationErrors -}}
{{- $redisPasswordValidationErrors := include "common.validations.values.redis.passwords" (dict "secret" $redisSecretName "subchart" true "context" $) -}}
{{- $passwordValidationErrors = append $passwordValidationErrors $redisPasswordValidationErrors -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}}
{{- include "kubeapps.checkRollingTags" . }}
{{- include "kubeapps.validateValues" . }}

34
bitnami/kubeapps/templates/_helpers.tpl
View File

@@ -16,6 +16,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name for Redis dependency.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "kubeapps.redis.fullname" -}}
{{- $name := default "redis" .Values.redis.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for the apprepository-controller based on the fullname
*/}}
@@ -72,6 +81,20 @@ Create proxy_pass for the frontend config
http://{{ include "kubeapps.kubeops.fullname" . }}:{{ .Values.kubeops.service.port }}
{{- end -}}
{{/*
Create proxy_pass for the kubeappsapis
*/}}
{{- define "kubeapps.kubeappsapis.proxy_pass" -}}
http://{{ include "kubeapps.kubeappsapis.fullname" . }}:{{ .Values.kubeappsapis.service.port }}
{{- end -}}
{{/*
Create name for kubeappsapis based on the fullname
*/}}
{{- define "kubeapps.kubeappsapis.fullname" -}}
{{- printf "%s-internal-kubeappsapis" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for the secrets related to oauth2_proxy
*/}}
@@ -152,6 +175,17 @@ Return the Postgresql secret name
{{- end -}}
{{- end -}}
{{/*
Return the Redis secret name
*/}}
{{- define "kubeapps.redis.secretName" -}}
{{- if .Values.redis.existingSecret }}
{{- printf "%s" .Values.redis.existingSecret -}}
{{- else -}}
{{- printf "%s" (include "kubeapps.redis.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}

4
bitnami/kubeapps/templates/dashboard/configmap.yaml
View File

@@ -75,5 +75,7 @@ data:
"oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
"authProxySkipLoginPage": {{ .Values.authProxy.skipKubeappsLoginPage }},
"featureFlags": {{ .Values.featureFlags | toJson }},
"clusters": {{ template "kubeapps.clusterNames" . }}
"clusters": {{ template "kubeapps.clusterNames" . }},
"theme": "{{ .Values.dashboard.defaultTheme }}",
"remoteComponentsUrl": "{{ .Values.dashboard.remoteComponentsUrl }}"
}

37
bitnami/kubeapps/templates/frontend/configmap.yaml
View File

@@ -111,14 +111,15 @@ data:
rewrite ^ $request_uri; # pass the encoded url downstream as is,
rewrite /api/assetsvc([^?]*) /assetsvc$1?$args break;
{{- if .Values.frontend.proxypassExtraSetHeader }}
proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
{{- end }}
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
# Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
{{- end }}
{{- if .Values.frontend.proxypassExtraSetHeader }}
proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
{{- end }}
proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}};
}
@@ -128,30 +129,52 @@ data:
proxy_read_timeout 10m;
rewrite /api/kubeops/(.*) /$1 break;
rewrite /api/kubeops / break;
{{- if .Values.frontend.proxypassExtraSetHeader }}
proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
{{- end }}
proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}};
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
# Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
{{- end }}
proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}};
}
{{- if .Values.featureFlags.kubeappsAPIsServer }}
location ~* /apis {
rewrite ^ $request_uri; # pass the encoded url downstream as is,
rewrite /apis/([^?]*) /$1 break;
rewrite /apis / break;
{{- if .Values.frontend.proxypassExtraSetHeader }}
proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
{{- end }}
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
# Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
{{- end }}
proxy_pass {{ include "kubeapps.kubeappsapis.proxy_pass" . -}};
}
{{- end }}
# The route for the Kubeapps backend API is not prefixed.
location ~* /api/ {
rewrite /api/(.*) /backend/$1 break;
rewrite /api/ /backend break;
{{- if .Values.frontend.proxypassExtraSetHeader }}
proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
{{- end }}
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
# Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
{{- end }}
{{- if .Values.frontend.proxypassExtraSetHeader }}
proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
{{- end }}
proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}};
}

3
bitnami/kubeapps/templates/frontend/deployment.yaml
View File

@@ -123,8 +123,11 @@ spec:
- --skip-auth-regex=^\/config\.json$
- --skip-auth-regex=^\/manifest\.json$
- --skip-auth-regex=^\/custom_style\.css$
- --skip-auth-regex=^\/clr-ui.min\.css$
- --skip-auth-regex=^\/clr-ui-dark.min\.css$
- --skip-auth-regex=^\/custom_locale\.json$
- --skip-auth-regex=^\/favicon.*\.png$
- --skip-auth-regex=^\/favicon.*\.ico$
- --skip-auth-regex=^\/static\/
- --skip-auth-regex=^\/$
- --scope={{ .Values.authProxy.scope }}

167
bitnami/kubeapps/templates/kubeappsapis/deployment.yaml Normal file
View File

@@ -0,0 +1,167 @@
{{- if .Values.featureFlags.kubeappsAPIsServer }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "kubeapps.kubeappsapis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app.kubernetes.io/component: kubeappsapis
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.kubeappsapis.replicaCount }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: kubeappsapis
template:
metadata:
{{- if .Values.kubeappsapis.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: kubeappsapis
{{- if .Values.kubeappsapis.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.podLabels "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
{{- if .Values.kubeappsapis.unsafeUseDemoSA }}
serviceAccountName: {{ template "kubeapps.kubeappsapis.fullname" . }}
{{- end }}
{{- if .Values.kubeappsapis.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.hostAliases "context" $) | nindent 8 }}
{{- end }}
# Increase termination timeout to let remaining operations to finish before killing the pods
# This is because new releases/upgrades/deletions are synchronous operations
{{- if .Values.kubeappsapis.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeappsapis.podAffinityPreset "component" "kubeappsapis" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeappsapis.podAntiAffinityPreset "component" "kubeappsapis" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.kubeappsapis.nodeAffinityPreset.type "key" .Values.kubeappsapis.nodeAffinityPreset.key "values" .Values.kubeappsapis.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.kubeappsapis.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubeappsapis.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubeappsapis.priorityClassName }}
priorityClassName: {{ .Values.kubeappsapis.priorityClassName | quote }}
{{- end }}
{{- if .Values.kubeappsapis.podSecurityContext.enabled }}
securityContext: {{- omit .Values.kubeappsapis.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.kubeappsapis.terminationGracePeriodSeconds }}
containers:
- name: kubeappsapis
image: {{ include "common.images.image" (dict "imageRoot" .Values.kubeappsapis.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.kubeappsapis.image.pullPolicy | quote }}
{{- if .Values.kubeappsapis.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.kubeappsapis.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.kubeappsapis.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
command:
- /kubeapps-apis
args:
{{- range .Values.kubeappsapis.enabledPlugins }}
- --plugin-dir
- /plugins/{{ . }}
{{- end }}
{{- if .Values.clusters }}
- --clusters-config-path=/config/clusters.conf
{{- end }}
{{- if .Values.pinnipedProxy.enabled }}
- --pinniped-proxy-url=http://{{ template "kubeapps.pinniped-proxy.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.pinnipedProxy.containerPort }}
{{- end }}
{{- if .Values.kubeappsapis.unsafeUseDemoSA }}
- --unsafe-use-demo-sa=true
{{- end }}
env:
- name: PORT
value: {{ .Values.kubeappsapis.containerPort | quote }}
{{- if .Values.redis.enabled }}
# REDIS-* vars are required by the plugins for caching functionality
# TODO (gfichtenolt) this as required by the kubeapps apis service (which will
# longer-term pass something to the plugins so that the plugins won't need to
# know these details). Currently they're used directly by the flux plugin
- name: REDIS_ADDR
value: kubeapps-redis-master.{{ .Release.Namespace }}.svc.cluster.local:6379
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: {{ include "kubeapps.redis.secretName" . }}
- name: REDIS_DB
value: "0"
{{- end }}
# TODO(agamez): pass this configuration using a separated config file
# These env vars are currently (and temporarily) required by the 'helm' plugin
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ASSET_SYNCER_DB_URL
value: {{ template "kubeapps.postgresql.fullname" . }}-headless:{{ default "5432" .Values.postgresql.service.port }}
- name: ASSET_SYNCER_DB_NAME
value: {{ .Values.postgresql.postgresqlDatabase }}
- name: ASSET_SYNCER_DB_USERNAME
value: postgres
- name: ASSET_SYNCER_DB_USERPASSWORD
valueFrom:
secretKeyRef:
key: postgresql-password
name: {{ include "kubeapps.postgresql.secretName" . }}
{{- if .Values.kubeappsapis.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.kubeappsapis.extraEnvVarsCM .Values.kubeappsapis.extraEnvVarsSecret }}
envFrom:
{{- if .Values.kubeappsapis.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.kubeappsapis.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
ports:
- name: grpc-http
containerPort: {{ .Values.kubeappsapis.containerPort }}
{{- if .Values.kubeappsapis.livenessProbe.enabled }}
livenessProbe: {{- omit .Values.kubeappsapis.livenessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.kubeappsapis.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.kubeappsapis.readinessProbe.enabled }}
readinessProbe: {{- omit .Values.kubeappsapis.readinessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.kubeappsapis.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.kubeappsapis.resources }}
resources: {{- toYaml .Values.kubeappsapis.resources | nindent 12 }}
{{- end }}
{{- if .Values.clusters }}
volumeMounts:
- name: clusters-config
mountPath: /config
- name: ca-certs
mountPath: /etc/additional-clusters-cafiles
{{- end }}
{{- if .Values.clusters }}
volumes:
- name: clusters-config
configMap:
name: {{ template "kubeapps.clusters-config.fullname" . }}
- name: ca-certs
emptyDir: {}
{{- end }}
{{- end }}

55
bitnami/kubeapps/templates/kubeappsapis/rbac.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- if .Values.featureFlags.kubeappsAPIsServer }}
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}"
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeappsapis
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- "packageinstalls.packaging.carvel.dev"
- "packagerepositories.packaging.carvel.dev"
- "source.toolkit.fluxcd.io"
- "helm.toolkit.fluxcd.io"
resources: ['*']
verbs: ['*']
# So that our dev user is seen as having access to a namespace.
# We'll need to add rbac for our dev user to install later as well.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
{{- if .Values.kubeappsapis.unsafeUseDemoSA }}
# Dev-only ClusterRoleBinding to the ServiceAccount
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}"
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeappsapis
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}"
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.kubeappsapis.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
{{- end }}

30
bitnami/kubeapps/templates/kubeappsapis/service.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if .Values.featureFlags.kubeappsAPIsServer }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.kubeappsapis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeappsapis
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if or .Values.kubeappsapis.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.kubeappsapis.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.kubeappsapis.service.port }}
targetPort: grpc-http
protocol: TCP
name: grpc-http
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: kubeappsapis
{{- end }}

17
bitnami/kubeapps/templates/kubeappsapis/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.featureFlags.kubeappsAPIsServer }}
{{- if .Values.kubeappsapis.unsafeUseDemoSA }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubeapps.kubeappsapis.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeappsapis
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

234
bitnami/kubeapps/values.yaml
View File

@@ -437,6 +437,9 @@ dashboard:
## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/developer/custom-form-component-support.md
##
customComponents: ""
## @param dashboard.remoteComponentsUrl Remote URL that can be used to load custom components vs loading from the local filesystem
##
remoteComponentsUrl: ""
## @param dashboard.customLocale Custom translations injected to the Dashboard to customize the strings used in Kubeapps
## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/developer/translate-kubeapps.md
## e.g:
@@ -445,6 +448,12 @@ dashboard:
## "login-oidc": "Login with my company SSO"
##
customLocale: ""
## @param dashboard.defaultTheme Default theme used in the Dashboard if the user has not selected any theme yet.
## enum: [ "light", "dark" ]
## e.g:
## defaultTheme: dark
##
defaultTheme: ""
## @param dashboard.replicaCount Number of Dashboard replicas to deploy
##
replicaCount: 2
@@ -1451,6 +1460,7 @@ clusters:
##
featureFlags:
invalidateCache: true
kubeappsAPIsServer: true
## RBAC configuration
##
rbac:
@@ -1528,3 +1538,227 @@ postgresql:
requests:
memory: 256Mi
cpu: 250m
## @section kubeappsapis parameters
kubeappsapis:
## @param kubeappsapis.unsafeUseDemoSA If true, replace the user's credentials by a full-granted demo service account. Just intented for development purposes.
unsafeUseDemoSA: false
## @param kubeappsapis.enabledPlugins Enabled plugins for the Kubeapps-APIs service
## e.g:
## enabledPlugins:
## - helm
## - fluxv2
## - kapp_controller
##
enabledPlugins:
- helm
## Bitnami Kubeapps-APIs image
## ref: https://hub.docker.com/r/bitnami/kubeapps-apis/tags/
## @param kubeappsapis.image.registry Kubeapps-APIs image registry
## @param kubeappsapis.image.repository Kubeapps-APIs image repository
## @param kubeappsapis.image.tag Kubeapps-APIs image tag (immutable tags are recommended)
## @param kubeappsapis.image.pullPolicy Kubeapps-APIs image pull policy
## @param kubeappsapis.image.pullSecrets Kubeapps-APIs image pull secrets
##
image:
registry: docker.io
repository: bitnami/kubeapps-apis
tag: 2.3.4-debian-10-r0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param kubeappsapis.replicaCount Number of frontend replicas to deploy
##
replicaCount: 1
## @param kubeappsapis.terminationGracePeriodSeconds The grace time period for sig term
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution
##
terminationGracePeriodSeconds: 300
## @param kubeappsapis.extraEnvVars Array with extra environment variables to add to the KubeappsAPIs container
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param kubeappsapis.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container
##
extraEnvVarsCM:
## @param kubeappsapis.extraEnvVarsSecret Name of existing Secret containing extra env vars for the KubeappsAPIs container
##
extraEnvVarsSecret:
## @param kubeappsapis.containerPort KubeappsAPIs HTTP container port
##
containerPort: 50051
## KubeappsAPIs containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## @param kubeappsapis.resources.limits.cpu The CPU limits for the KubeappsAPIs container
## @param kubeappsapis.resources.limits.memory The memory limits for the KubeappsAPIs container
## @param kubeappsapis.resources.requests.cpu The requested CPU for the KubeappsAPIs container
## @param kubeappsapis.resources.requests.memory The requested memory for the KubeappsAPIs container
##
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 25m
memory: 32Mi
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context
## @param kubeappsapis.podSecurityContext.fsGroup Set KubeappsAPIs pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param kubeappsapis.containerSecurityContext.enabled Enabled KubeappsAPIs containers' Security Context
## @param kubeappsapis.containerSecurityContext.runAsUser Set KubeappsAPIs container's Security Context runAsUser
## @param kubeappsapis.containerSecurityContext.runAsNonRoot Set KubeappsAPIs container's Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
## Configure extra options for KubeappsAPIs containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param kubeappsapis.livenessProbe.enabled Enable livenessProbe
## @skip kubeappsapis.livenessProbe.httpGet
## @param kubeappsapis.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param kubeappsapis.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param kubeappsapis.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param kubeappsapis.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param kubeappsapis.livenessProbe.successThreshold Success threshold for livenessProbe
## KubeappsAPIs containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: false
httpGet:
path: /live
port: 50051
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param kubeappsapis.readinessProbe.enabled Enable readinessProbe
## @skip kubeappsapis.readinessProbe.httpGet
## @param kubeappsapis.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param kubeappsapis.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param kubeappsapis.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param kubeappsapis.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param kubeappsapis.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: false
httpGet:
path: /ready
port: 50051
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param kubeappsapis.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param kubeappsapis.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param kubeappsapis.lifecycleHooks Custom lifecycle hooks for KubeappsAPIs containers
##
lifecycleHooks: {}
## @param kubeappsapis.podLabels Extra labels for KubeappsAPIs pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param kubeappsapis.podAnnotations Annotations for KubeappsAPIs pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param kubeappsapis.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param kubeappsapis.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## nodeAffinityPreset Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param kubeappsapis.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param kubeappsapis.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param kubeappsapis.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param kubeappsapis.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: kubeappsapis.podAffinityPreset, kubeappsapis.podAntiAffinityPreset, and kubeappsapis.nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param kubeappsapis.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param kubeappsapis.tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param kubeappsapis.priorityClassName Priority class name for KubeappsAPIs pods
##
priorityClassName:
## @param kubeappsapis.hostAliases Custom host aliases for KubeappsAPIs pods
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## kubeappsapis service parameters
##
service:
## @param kubeappsapis.service.port KubeappsAPIs service HTTP port
##
port: 8080
## @param kubeappsapis.service.annotations Additional custom annotations for KubeappsAPIs service
##
annotations: {}
## @section Redis&trade; chart configuration
## ref: https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml
##
redis:
## @param redis.redisPassword Password used in Redis&trade;
## ref: https://github.com/bitnami/bitnami-docker-redis/blob/master/README.md#setting-the-server-password-on-first-run
##
redisPassword: ""
## @param redis.enabled Enable the Redis&trade; deployment when deploying Kubeapps APIs.
## We currently have the situation that Redis is required for the fluxv2 plugin only.
## Until such a point that we're releasing with the fluxv2 plugin enabled, or the
## plugin cache support has been generalised so all plugins use Redis, we'll need
## to manually enable this in dev while ensuring it is false for releases (as it
## is a conditional dependency in the Chart.yaml).
enabled: false
replica:
## @param redis.replica.replicaCount Number of Redis&trade; replicas to deploy
replicaCount: 0