[bitnami/kiam] Resolves problems with the kiam chart. (#4780)

* Various fixes and more reasonable defaults. * Fix some warnings and typos. * Use bitnami standard variable name. * Do turn on hostnetwork for agents. * [bitnami/kiam] Update components versions Signed-off-by: Bitnami Containers <containers@bitnami.com> Co-authored-by: Marcos Bjoerkelund <marcos@bitnami.com> Co-authored-by: Bitnami Containers <containers@bitnami.com>
2026-03-05 14:57:31 +08:00 · 2020-12-18 04:44:15 -05:00
parent 5ee088e859
commit aac54433b8
7 changed files with 25 additions and 25 deletions
--- a/bitnami/kiam/Chart.yaml
+++ b/bitnami/kiam/Chart.yaml
@@ -23,4 +23,4 @@ name: kiam
 sources:
  - 'https://github.com/bitnami/bitnami-docker-kiam'
  - 'https://github.com/uswitch/kiam'
-version: 0.1.9
+version: 0.2.0
--- a/bitnami/kiam/README.md
+++ b/bitnami/kiam/README.md
@@ -103,11 +103,11 @@ The following tables lists the configurable parameters of the kiam chart and the
 | `server.podSecurityPolicy.create`           | Create a PodSecurityPolicy resources                                                        | `true`                                   |
 | `server.podSecurityPolicy.allowedHostPaths` | Extra host paths to allow in the PodSecurityPolicy                                          | `[]`                                     |
 | `server.tlsSecret`                          | Name of a secret with TLS certificates for the container                                    | `nil`                                    |
-| `server.dnsPolicy`                          | Pod DNS policy                                                                              | `ClusterFirstWithHostNet`                |
+| `server.dnsPolicy`                          | Pod DNS policy                                                                              | `Default`                                |
 | `server.extraEnvVars`                       | Array containing extra env vars to configure kiam server                                    | `nil`                                    |
 | `server.extraEnvVarsCM`                     | ConfigMap containing extra env vars to configure kiam server                                | `nil`                                    |
 | `server.extraEnvVarsSecret`                 | Secret containing extra env vars to configure kiam server (in case of sensitive data)       | `nil`                                    |
-| `server.roleBaseArn`                        | Base ARN for IAM roles. If not set kiam will detect it automatically                        | `ClusterFirstWithHostNet`                |
+| `server.roleBaseArn`                        | Base ARN for IAM roles. If not set kiam will detect it automatically                        | `null`                                   |
 | `server.cacheSyncInterval`                  | Cache synchronization interval                                                              | `1m`                                     |
 | `server.containerSecurityContext`           | Container security podSecurityContext                                                       | `{ runAsUser: 1001, runAsNonRoot: true}` |
 | `server.podSecurityContext`                 | Pod security context                                                                        | `{}`                                     |
@@ -175,7 +175,7 @@ The following tables lists the configurable parameters of the kiam chart and the
 | `agent.extraEnvVarsSecret`                  | Secret containing extra env vars to configure kiam agent (in case of sensitive data)       | `nil`                                    |
 | `agent.containerSecurityContext`            | Container security podSecurityContext                                                      | `{ runAsUser: 1001, runAsNonRoot: true}` |
 | `agent.podSecurityContext`                  | Pod security context                                                                       | `{}`                                     |
-| `agent.useHostNetwork`                      | Use host networking (ports will be directly exposed in the host)                           | `false`                                  |
+| `agent.useHostNetwork`                      | Use host networking (ports will be directly exposed in the host)                           | `true`                                   |
 | `agent.resources.limits`                    | The resources limits for the kiam container                                                | `{}`                                     |
 | `agent.resources.requests`                  | The requested resources for the kiam container                                             | `{}`                                     |
 | `agent.lifecycleHooks`                      | LifecycleHooks to set additional configuration at startup.                                 | `{}` (evaluated as a template)           |
@@ -206,7 +206,7 @@ The following tables lists the configurable parameters of the kiam chart and the
 | Parameter                                 | Description                                           | Default                        |
 |-------------------------------------------|-------------------------------------------------------|--------------------------------|
 | `server.service.type`                     | Kubernetes service type                               | `ClusterIP`                    |
-| `server.service.port`                     | Service HTTPS port                                    | `443`                          |
+| `server.service.port`                     | Service HTTPS port                                    | `8443`                         |
 | `server.service.nodePorts.http`           | Service HTTPS NodePort                                | `nil`                          |
 | `server.service.nodePorts.metrics`        | Service metrics NodePort                              | `nil`                          |
 | `server.service.clusterIP`                | kiam service clusterIP IP                             | `None`                         |
--- a/bitnami/kiam/templates/agent/agent-daemonset.yaml
+++ b/bitnami/kiam/templates/agent/agent-daemonset.yaml
@@ -32,7 +32,7 @@ spec:
      {{- include "kiam.imagePullSecrets" . | nindent 6 }}
      serviceAccountName: {{ template "kiam.agent.serviceAccountName" . }}
      dnsPolicy: {{ .Values.agent.dnsPolicy }}
-      hostNetwork: true
+      hostNetwork: {{ .Values.agent.useHostNetwork }}
      {{- if .Values.agent.affinity }}
      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.agent.affinity "context" $) | nindent 8 }}
      {{- else }}
--- a/bitnami/kiam/templates/server/server-daemonset.yaml
+++ b/bitnami/kiam/templates/server/server-daemonset.yaml
@@ -32,7 +32,7 @@ spec:
      {{- include "kiam.imagePullSecrets" . | nindent 6 }}
      serviceAccountName: {{ template "kiam.server.serviceAccountName" . }}
      dnsPolicy: {{ .Values.server.dnsPolicy }}
-      hostNetwork: true
+      hostNetwork: {{ .Values.server.useHostNetwork }}
      {{- if .Values.server.affinity }}
      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.server.affinity "context" $) | nindent 8 }}
      {{- else }}
@@ -108,7 +108,7 @@ spec:
            {{- end }}
          {{- end }}
          ports:
-            - name: http
+            - name: grpclb
              containerPort: {{ .Values.server.containerPort }}
              protocol: TCP
            {{- if .Values.server.metrics.enabled }}
--- a/bitnami/kiam/templates/server/server-deployment.yaml
+++ b/bitnami/kiam/templates/server/server-deployment.yaml
@@ -33,7 +33,7 @@ spec:
      {{- include "kiam.imagePullSecrets" . | nindent 6 }}
      serviceAccountName: {{ template "kiam.server.serviceAccountName" . }}
      dnsPolicy: {{ .Values.server.dnsPolicy }}
-      hostNetwork: true
+      hostNetwork: {{ .Values.server.useHostNetwork }}
      {{- if .Values.server.affinity }}
      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.server.affinity "context" $) | nindent 8 }}
      {{- else }}
@@ -109,7 +109,7 @@ spec:
            {{- end }}
          {{- end }}
          ports:
-            - name: http
+            - name: grpclb
              containerPort: {{ .Values.server.containerPort }}
              protocol: TCP
            {{- if .Values.server.metrics.enabled }}
--- a/bitnami/kiam/templates/server/server-service.yaml
+++ b/bitnami/kiam/templates/server/server-service.yaml
@@ -33,9 +33,9 @@ spec:
  loadBalancerIP: {{ .Values.server.service.loadBalancerIP }}
  {{- end }}
  ports:
-    - name: http
+    - name: grpclb
      port: {{ .Values.server.service.port }}
-      targetPort: http
+      targetPort: {{ .Values.server.containerPort }}
      protocol: TCP
      {{- if (and (or (eq .Values.server.service.type "NodePort") (eq .Values.server.service.type "LoadBalancer")) (not (empty .Values.server.service.nodePorts.http))) }}
      nodePort: {{ .Values.server.service.nodePorts.http }}
--- a/bitnami/kiam/values.yaml
+++ b/bitnami/kiam/values.yaml
@@ -31,7 +31,7 @@ extraDeploy: []
 image:
  registry: docker.io
  repository: bitnami/kiam
-  tag: 3.6.0-debian-10-r63
+  tag: 3.6.0-debian-10-r64
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -57,7 +57,7 @@ server:
    type: ClusterIP
    ## HTTPS Port
    ##
-    port: 443
+    port: 8443
    ## Specify the nodePort values for the LoadBalancer and NodePort service types.
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
    ##
@@ -66,7 +66,7 @@ server:
      metrics:
    ## Service clusterIP.
    ##
-    clusterIP:
+    clusterIP: None
    ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
    ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
    ##
@@ -91,6 +91,10 @@ server:
  ##
  resourceType: daemonset

+  ## Whether the kiam server should use host network
+  ##
+  useHostNetwork: false
+
  ## Number of nodes
  ##
  replicaCount: 1
@@ -132,7 +136,7 @@ server:

  ## Additional kiam arguments
  ##
-  extraArgs: []
+  extraArgs: {}

  ## Specifies whether a ServiceAccount should be created
  ##
@@ -166,7 +170,7 @@ server:
  ## Pod DNS policy
  ## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy
  ##
-  dnsPolicy: ClusterFirstWithHostNet
+  dnsPolicy: Default

  ## Base ARN for IAM roles
  ## If not specified use EC2 metadata service to detect ARN prefix
@@ -183,10 +187,6 @@ server:
  ## Session duration for STS tokens
  ##
  sessionDuration: 15m
-  ## Use hostNetwork for server
-  ## Set this to true when running the servers on the same nodes as the agents
-  ##
-  useHostNetwork: false

  ## Agent TLS Certificate filenames
  ##
@@ -499,10 +499,10 @@ agent:
  ##
  tlsSecret:

-  ## Use hostNetwork for server
-  ## Set this to true when running the servers on the same nodes as the agents
+  ## Use hostNetwork for agent
+  ## This is necessary for intercepting the metadata URL for nodes.
  ##
-  useHostNetwork: false
+  useHostNetwork: true

  ## Agent TLS Certificate filenames
  ##
@@ -532,7 +532,7 @@ agent:

  ## Additional kiam arguments
  ##
-  extraArgs: []
+  extraArgs: {}

  ## Timeout when creating the kiam gateway
  ##