Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-16 06:47:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

kubeapps: bump chart version to 5.2.0

Browse Source
This commit is contained in:
kubernetes-bitnami
2021-02-19 11:23:46 +00:00
parent 8acd0a700f
commit e8338a3b53
10 changed files with 112 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bitnami/kubeapps/templates/apprepositories.yaml
View File

@@ -11,8 +11,18 @@ metadata:
labels:{{ include "kubeapps.extraAppLabels" $ | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" $ }}
spec:
{{- if .type }}
type: {{ .type }}
{{- else }}
type: helm
{{- end }}
url: {{ .url }}
{{- if .ociRepositories }}
ociRepositories:
{{- range .ociRepositories }}
- {{ . }}
{{- end }}
{{- end }}
{{- if or $.Values.securityContext.enabled $.Values.apprepository.initialReposProxy.enabled .nodeSelector }}
syncJobPodTemplate:
spec:

21
bitnami/kubeapps/templates/apprepository-crd.yaml
View File

@@ -1,21 +0,0 @@
{{- if not (.Capabilities.APIVersions.Has "kubeapps.com/v1alpha1") -}}
# The condition above will be true if another instance of Kubeapps is
# already installed
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: apprepositories.kubeapps.com
annotations:
"helm.sh/hook": crd-install
labels:{{ include "kubeapps.extraAppLabels" $ | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" $ }}
spec:
group: kubeapps.com
scope: Namespaced
names:
kind: AppRepository
plural: apprepositories
shortNames:
- apprepos
version: v1alpha1
{{- end -}}

6
bitnami/kubeapps/templates/dashboard-config.yaml
View File

@@ -23,6 +23,10 @@ data:
root /app/custom-css/;
}
location /custom_locale.json {
root /app/custom-locale/;
}
location / {
# Redirects are required to be relative otherwise the internal hostname will be exposed
absolute_redirect off;
@@ -46,6 +50,8 @@ data:
}
custom_style.css: |-
{{- .Values.dashboard.customStyle | nindent 4 }}
custom_locale.json: |-
{{- .Values.dashboard.customLocale | toJson | nindent 4 }}
config.json: |-
{
"kubeappsCluster": "{{ template "kubeapps.kubeappsCluster" . -}}",

8
bitnami/kubeapps/templates/dashboard-deployment.yaml
View File

@@ -55,6 +55,8 @@ spec:
subPath: config.json
- mountPath: /app/custom-css
name: custom-css
- mountPath: /app/custom-locale
name: custom-locale
ports:
- name: http
containerPort: 8080
@@ -80,3 +82,9 @@ spec:
items:
- key: custom_style.css
path: custom_style.css
- name: custom-locale
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: custom_locale.json
path: custom_locale.json

94
bitnami/kubeapps/templates/kubeapps-frontend-config.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubeapps.frontend-config.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
labels: {{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.frontend-config.fullname" . }}
data:
k8s-api-proxy.conf: |-
@@ -22,10 +22,10 @@ data:
# Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
{{- end }}
{{- range .Values.clusters }}
{{- range .Values.clusters }}
{{- if .certificateAuthorityData }}
{{ .name }}-ca.pem: {{ .certificateAuthorityData }}
{{- end }}
{{- end }}
{{- end}}
vhost.conf: |-
# Retain the default nginx handling of requests without a "Connection" header
@@ -40,12 +40,12 @@ data:
server {
listen 8080;
{{- if .Values.frontend.largeClientHeaderBuffers }}
{{- if .Values.frontend.largeClientHeaderBuffers }}
large_client_header_buffers {{ .Values.frontend.largeClientHeaderBuffers }};
{{- end }}
{{- if .Values.enableIPv6 }}
{{- end }}
{{- if .Values.enableIPv6 }}
listen [::]:8080;
{{- end}}
{{- end}}
server_name _;
location /healthz {
@@ -57,47 +57,42 @@ data:
# Ensure each cluster can be reached (should only be
# used with an auth-proxy where k8s credentials never leave
# the cluster). See clusters option.
{{- range .Values.clusters }}
{{- range .Values.clusters }}
location ~* /api/clusters/{{ .name }} {
rewrite /api/clusters/{{ .name }}/(.*) /$1 break;
rewrite /api/clusters/{{ .name }} / break;
{{/* We need to split the API service URL(s) into the base url and the path segment so
those configurations using a path can be appropriately rewritten below while
ensuring the proxy_pass statement is given the base URL only. */}}
{{- $parsed := urlParse (default "https://kubernetes.default" .apiServiceURL) }}
{{- $apiServiceBaseURL := urlJoin (pick $parsed "scheme" "host") }}
{{- $apiServiceURLPath := $parsed.path }}
rewrite /api/clusters/{{ .name }}/(.*) {{ $apiServiceURLPath }}/$1 break;
rewrite /api/clusters/{{ .name }} {{ $apiServiceURLPath }}/ break;
# Helm returns a nil pointer error when accessing foo.bar if foo doesn't
# exist, even with the `default` function.
# See https://github.com/helm/helm/issues/8026#issuecomment-756538254
{{- $pinnipedConfig := .pinnipedConfig | default dict }}
{{- if and $.Values.pinnipedProxy.enabled $pinnipedConfig.exchangeCredentials }}
{{/* Helm returns a nil pointer error when accessing foo.bar if foo doesn't
exist, even with the `default` function.
See https://github.com/helm/helm/issues/8026#issuecomment-756538254 */}}
{{- $pinnipedConfig := .pinnipedConfig | default dict }}
{{- if and $.Values.pinnipedProxy.enabled $pinnipedConfig.enable }}
# If pinniped proxy is enabled *and* the current cluster is configured
# to exchange credentials then we route via pinnipedProxy to exchange
# credentials for client certificates.
{{- if .apiServiceURL }}
{{- if .apiServiceURL }}
proxy_set_header PINNIPED_PROXY_API_SERVER_URL {{ .apiServiceURL }};
{{- end }}
{{- if .certificateAuthorityData }}
{{- end }}
{{- if .certificateAuthorityData }}
proxy_set_header PINNIPED_PROXY_API_SERVER_CERT {{ .certificateAuthorityData }};
{{- end }}
{{- end }}
proxy_pass http://kubeapps-internal-pinniped-proxy.{{ $.Release.Namespace }}:{{ $.Values.pinnipedProxy.service.port }};
{{- else }}
{{- else }}
# Otherwise we route directly through to the clusters with existing credentials.
proxy_pass {{ default "https://kubernetes.default" .apiServiceURL }};
{{- if .certificateAuthorityData }}
proxy_pass {{ $apiServiceBaseURL }};
{{- if .certificateAuthorityData }}
proxy_ssl_trusted_certificate "./server_blocks/{{ .name }}-ca.pem";
{{- end }}
{{- end }}
include "./server_blocks/k8s-api-proxy.conf";
}
{{- end }}
# TODO: The following location is left for backwards compat but will no longer
# be needed once clients are sending the cluster name.
# Using regexp match instead of prefix one because the application can be
# deployed under a specific path i.e /kubeapps
location ~* /api/kube {
rewrite /api/kube/(.*) /$1 break;
rewrite /api/kube / break;
proxy_pass https://kubernetes.default;
{{- end }}
{{- end }}
include "./server_blocks/k8s-api-proxy.conf";
}
{{- end }}
# Forward '/api/assetsvc' to '/assetsvc'
# but preserving the encoding (eg. '%2F' is not converted to '/')
@@ -109,26 +104,32 @@ data:
rewrite ^ $request_uri; # pass the encoded url downstream as is,
rewrite /api/assetsvc([^?]*) /assetsvc$1?$args break;
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
# Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
{{- end }}
{{- end }}
{{- if .Values.frontend.proxypassExtraSetHeader }}
proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
{{- end }}
proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}};
}
location ~* /api/tiller-deploy {
location ~* /api/kubeops {
# Keep the connection open with the API server even if idle (the default is 60 seconds)
# Setting it to 10 minutes which should be enough for our current use case of deploying/upgrading/deleting apps
proxy_read_timeout 10m;
rewrite /api/tiller-deploy/(.*) /$1 break;
rewrite /api/tiller-deploy / break;
rewrite /api/kubeops/(.*) /$1 break;
rewrite /api/kubeops / break;
{{- if .Values.frontend.proxypassExtraSetHeader }}
proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
{{- end }}
proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}};
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
# Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
{{- end }}
{{- end }}
}
# The route for the Kubeapps backend API is not prefixed.
@@ -136,11 +137,14 @@ data:
rewrite /api/(.*) /backend/$1 break;
rewrite /api/ /backend break;
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
{{- if .Values.frontend.proxypassAccessTokenAsBearer }}
# Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
{{- end }}
{{- end }}
{{- if .Values.frontend.proxypassExtraSetHeader }}
proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }};
{{- end }}
proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}};
}

6
bitnami/kubeapps/templates/kubeapps-frontend-deployment.yaml
View File

@@ -68,6 +68,8 @@ spec:
- --pass-access-token=true
- --pass-authorization-header=true
- --skip-auth-regex=^\/config\.json$
- --skip-auth-regex=^\/custom_style\.css$
- --skip-auth-regex=^\/custom_locale\.json$
- --skip-auth-regex=^\/favicon.*\.png$
- --skip-auth-regex=^\/static\/
- --skip-auth-regex=^\/$
@@ -89,8 +91,8 @@ spec:
{{- end }}
{{- if and .Values.pinnipedProxy.enabled }}
- name: pinniped-proxy
args:
- /pinniped-proxy
command:
- pinniped-proxy
env:
- name: DEFAULT_PINNIPED_NAMESPACE
value: {{ .Values.pinnipedProxy.defaultPinnipedNamespace }}