mirror of
https://github.com/bitnami/charts.git
synced 2026-03-16 06:47:30 +08:00
[bitnami/*] Standardize documentation (#19835)
Signed-off-by: Jota Martos <jotamartos@vmware.com>
This commit is contained in:
Juan José Martos
@@ -9,9 +9,11 @@ Sealed Secrets are "one-way" encrypted K8s Secrets that can be created by anyone
|
||||
## TL;DR
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/sealed-secrets
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/sealed-secrets
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
## Introduction
|
||||
|
||||
Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads.
|
||||
@@ -32,9 +34,11 @@ Looking to use Sealed Secrets in production? Try [VMware Application Catalog](ht
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/sealed-secrets
|
||||
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/sealed-secrets
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The command deploys the Sealed Secrets controller on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
@@ -74,76 +78,76 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
### Sealed Secrets Parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
|
||||
| `image.registry` | Sealed Secrets image registry | `docker.io` |
|
||||
| `image.repository` | Sealed Secrets image repository | `bitnami/sealed-secrets` |
|
||||
| `image.tag` | Sealed Secrets image tag (immutable tags are recommended) | `0.24.2-debian-11-r0` |
|
||||
| `image.digest` | Sealed Secrets image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Sealed Secrets image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Sealed Secrets image pull secrets | `[]` |
|
||||
| `image.debug` | Enable Sealed Secrets image debug mode | `false` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `commandArgs` | Additional args (doesn't override the default ones) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `containerPorts.http` | Controller HTTP container port to open | `8080` |
|
||||
| `resources.limits` | The resources limits for the Sealed Secret containers | `{}` |
|
||||
| `resources.requests` | The requested resources for the Sealed Secret containers | `{}` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe on Sealed Secret containers | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe on Sealed Secret containers | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe on Sealed Secret containers | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `podSecurityContext.enabled` | Enabled Sealed Secret pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Sealed Secret pod's Security Context fsGroup | `1001` |
|
||||
| `podSecurityContext.seccompProfile.type` | Set Sealed Secret pod's Security Context seccompProfile type | `RuntimeDefault` |
|
||||
| `containerSecurityContext.enabled` | Enabled Sealed Secret containers' Security Context | `true` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Whether the Sealed Secret container can escalate privileges | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | Which privileges to drop in the Sealed Secret container | `["ALL"]` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Whether the Sealed Secret container has a read-only root filesystem | `true` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Indicates that the Sealed Secret container must run as a non-root user | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set Sealed Secret containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set Sealed Secret container's Security Context seccompProfile type | `RuntimeDefault` |
|
||||
| `hostAliases` | Sealed Secret pods host aliases | `[]` |
|
||||
| `podLabels` | Extra labels for Sealed Secret pods | `{}` |
|
||||
| `podAnnotations` | Annotations for Sealed Secret pods | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
|
||||
| `affinity` | Affinity for Sealed Secret pods assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for Sealed Secret pods assignment | `{}` |
|
||||
| `tolerations` | Tolerations for Sealed Secret pods assignment | `[]` |
|
||||
| `updateStrategy.type` | Sealed Secret statefulset strategy type | `RollingUpdate` |
|
||||
| `priorityClassName` | Sealed Secret pods' priorityClassName | `""` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `schedulerName` | Name of the k8s scheduler (other than default) for Sealed Secret pods | `""` |
|
||||
| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `""` |
|
||||
| `lifecycleHooks` | for the Sealed Secret container(s) to automate configuration before or after startup | `{}` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to Sealed Secret nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Sealed Secret nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Sealed Secret nodes | `""` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for the Sealed Secret pod(s) | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Sealed Secret container(s) | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the Sealed Secret pod(s) | `{}` |
|
||||
| `initContainers` | Add additional init containers to the Sealed Secret pod(s) | `{}` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------- |
|
||||
| `image.registry` | Sealed Secrets image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | Sealed Secrets image repository | `REPOSITORY_NAME/sealed-secrets` |
|
||||
| `image.tag` | Sealed Secrets image tag (immutable tags are recommended) | `0.24.2-debian-11-r0` |
|
||||
| `image.digest` | Sealed Secrets image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Sealed Secrets image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Sealed Secrets image pull secrets | `[]` |
|
||||
| `image.debug` | Enable Sealed Secrets image debug mode | `false` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `commandArgs` | Additional args (doesn't override the default ones) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `containerPorts.http` | Controller HTTP container port to open | `8080` |
|
||||
| `resources.limits` | The resources limits for the Sealed Secret containers | `{}` |
|
||||
| `resources.requests` | The requested resources for the Sealed Secret containers | `{}` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe on Sealed Secret containers | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe on Sealed Secret containers | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe on Sealed Secret containers | `false` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `podSecurityContext.enabled` | Enabled Sealed Secret pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Sealed Secret pod's Security Context fsGroup | `1001` |
|
||||
| `podSecurityContext.seccompProfile.type` | Set Sealed Secret pod's Security Context seccompProfile type | `RuntimeDefault` |
|
||||
| `containerSecurityContext.enabled` | Enabled Sealed Secret containers' Security Context | `true` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Whether the Sealed Secret container can escalate privileges | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | Which privileges to drop in the Sealed Secret container | `["ALL"]` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Whether the Sealed Secret container has a read-only root filesystem | `true` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Indicates that the Sealed Secret container must run as a non-root user | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set Sealed Secret containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set Sealed Secret container's Security Context seccompProfile type | `RuntimeDefault` |
|
||||
| `hostAliases` | Sealed Secret pods host aliases | `[]` |
|
||||
| `podLabels` | Extra labels for Sealed Secret pods | `{}` |
|
||||
| `podAnnotations` | Annotations for Sealed Secret pods | `{}` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
|
||||
| `affinity` | Affinity for Sealed Secret pods assignment | `{}` |
|
||||
| `nodeSelector` | Node labels for Sealed Secret pods assignment | `{}` |
|
||||
| `tolerations` | Tolerations for Sealed Secret pods assignment | `[]` |
|
||||
| `updateStrategy.type` | Sealed Secret statefulset strategy type | `RollingUpdate` |
|
||||
| `priorityClassName` | Sealed Secret pods' priorityClassName | `""` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `schedulerName` | Name of the k8s scheduler (other than default) for Sealed Secret pods | `""` |
|
||||
| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `""` |
|
||||
| `lifecycleHooks` | for the Sealed Secret container(s) to automate configuration before or after startup | `{}` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to Sealed Secret nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Sealed Secret nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Sealed Secret nodes | `""` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for the Sealed Secret pod(s) | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Sealed Secret container(s) | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the Sealed Secret pod(s) | `{}` |
|
||||
| `initContainers` | Add additional init containers to the Sealed Secret pod(s) | `{}` |
|
||||
|
||||
### Traffic Exposure Parameters
|
||||
|
||||
@@ -213,17 +217,20 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
|
||||
```console
|
||||
helm install my-release \
|
||||
--set livenessProbe.successThreshold=5 \
|
||||
oci://registry-1.docker.io/bitnamicharts/sealed-secrets
|
||||
oci://REGISTRY_NAME/REPOSITORY_NAME/sealed-secrets
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
|
||||
The above command sets the `livenessProbe.successThreshold` to `5`.
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/sealed-secrets
|
||||
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/sealed-secrets
|
||||
```
|
||||
|
||||
> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
||||
## Configuration and installation details
|
||||
|
||||
@@ -53,8 +53,8 @@ extraDeploy: []
|
||||
|
||||
## Bitnami Sealed Secrets image
|
||||
## ref: https://hub.docker.com/r/bitnami/redis/tags/
|
||||
## @param image.registry Sealed Secrets image registry
|
||||
## @param image.repository Sealed Secrets image repository
|
||||
## @param image.registry [default: REGISTRY_NAME] Sealed Secrets image registry
|
||||
## @param image.repository [default: REPOSITORY_NAME/sealed-secrets] Sealed Secrets image repository
|
||||
## @param image.tag Sealed Secrets image tag (immutable tags are recommended)
|
||||
## @param image.digest Sealed Secrets image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param image.pullPolicy Sealed Secrets image pull policy
|
||||
|
||||
Reference in New Issue
Block a user