Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-04-02 23:37:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/kubeapps] New major version: standardization (#6301)

Browse Source 
* [bitnami/kubeapps] New major version: standardization

Signed-off-by: juan131 <juanariza@vmware.com>

* Update bitnami/kubeapps/README.md

Co-authored-by: Michael Nelson <absoludity@gmail.com>

* Update bitnami/kubeapps/README.md

Co-authored-by: Michael Nelson <absoludity@gmail.com>

* Reorder parameters

Signed-off-by: juan131 <juanariza@vmware.com>

* Apply suggestions from code review

Co-authored-by: Antonio Gámez <antgamdia@gmail.com>

* Update Chart.lock

Signed-off-by: juan131 <juanariza@vmware.com>

* Fix kubeapps chart to use helper for pinniped-proxy full name.

* Remove hardcore settings and unused macros

Signed-off-by: juan131 <juanariza@vmware.com>

* [bitnami/kubeapps] New major version: standardization

Signed-off-by: juan131 <juanariza@vmware.com>

* Merge conflicts

Signed-off-by: juan131 <juanariza@vmware.com>

* Remove some pending hardcore references

Signed-off-by: juan131 <juanariza@vmware.com>

* Switch values order

Signed-off-by: juan131 <juanariza@vmware.com>

* [bitnami/kubeapps] Update components versions

Signed-off-by: Bitnami Containers <containers@bitnami.com>

Co-authored-by: Michael Nelson <absoludity@gmail.com>
Co-authored-by: Antonio Gámez <antgamdia@gmail.com>
Co-authored-by: Bitnami Containers <containers@bitnami.com>
This commit is contained in:
Juan Ariza Toledano
2021-05-12 17:56:41 +02:00
committed by GitHub
parent b96dd20080
commit fa481f6c14
49 changed files with 3277 additions and 1718 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -37,5 +37,3 @@ request, mention that information here.-->
- [ ] Chart version bumped in `Chart.yaml` according to [semver](http://semver.org/).
- [ ] Variables are documented in the README.md
- [ ] Title of the PR starts with chart name (e.g. `[bitnami/chart]`)
:warning: Keep in mind that if you want to make changes to the kubeapps chart, please implement them in the [kubeapps repository](https://github.com/kubeapps/kubeapps/tree/master/chart/kubeapps). This is only a synchronized mirror.

6
bitnami/kubeapps/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 1.4.3
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 10.3.18
digest: sha256:7e02170e3674d24949c420931e5d008449c185c44d05fe73d72c96a8514c9a67
generated: "2021-04-27T17:09:59.360429792+02:00"
version: 10.4.3
digest: sha256:5bea8fec70b627945acf0f833e2f9ee0546a7c7eb4e79b29c1ceef78d8650a71
generated: "2021-05-12T15:22:26.370125885Z"

4
bitnami/kubeapps/Chart.yaml
View File

@@ -10,7 +10,7 @@ dependencies:
version: 1.x.x
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: '10.X.X'
version: 10.x.x
description: Kubeapps is a dashboard for your Kubernetes cluster that makes it easy to deploy and manage applications in your cluster using Helm
home: https://kubeapps.com
icon: https://raw.githubusercontent.com/kubeapps/kubeapps/master/docs/img/logo.png
@@ -25,4 +25,4 @@ maintainers:
name: kubeapps
sources:
- https://github.com/kubeapps/kubeapps
version: 6.1.2
version: 7.0.0

544
bitnami/kubeapps/README.md
View File

@@ -29,9 +29,10 @@ It also packages the [Bitnami PostgreSQL chart](https://github.com/bitnami/chart
## Prerequisites
- Kubernetes 1.15+ (tested with Azure Kubernetes Service, Google Kubernetes Engine, minikube and Docker for Desktop Kubernetes)
- Kubernetes 1.16+ (tested with both bare-metal and managed clusters, including EKS, AKS, GKE and Tanzu Kubernetes Grid, as well as dev clusters, such as Kind, Minikube and Docker for Desktop Kubernetes)
- Helm 3.0.2+
- Administrative access to the cluster to create Custom Resource Definitions (CRDs)
- PV provisioner support in the underlying infrastructure (required for PostgreSQL database)
## Installing the Chart
@@ -51,7 +52,417 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
## Parameters
For a full list of configuration parameters of the Kubeapps chart, see the [values.yaml](values.yaml) file.
### Global parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `nil` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `nil` |
### Common parameters
| Name | Description | Value |
| ------------------- | -------------------------------------------------- | ------- |
| `kubeVersion` | Override Kubernetes version | `nil` |
| `nameOverride` | String to partially override common.names.fullname | `nil` |
| `fullnameOverride` | String to fully override common.names.fullname | `nil` |
| `commonLabels` | Labels to add to all deployed objects | `{}` |
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `enableIPv6` | Enable IPv6 configuration | `false` |
### Traffic Exposure Parameters
| Name | Description | Value |
| --------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ |
| `ingress.enabled` | Enable ingress record generation for Kubeapps | `false` |
| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `nil` |
| `ingress.hostname` | Default host for the ingress record | `kubeapps.local` |
| `ingress.path` | Default path for the ingress record | `/` |
| `ingress.pathType` | Ingress path type | `ImplementationSpecific` |
| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` |
| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` |
| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` |
| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
| `ingress.secrets` | Custom TLS certificates as secrets | `[]` |
### Frontend parameters
| Name | Description | Value |
| ------------------------------------------------ | ----------------------------------------------------------------------------------------- | ----------------------- |
| `frontend.image.registry` | NGINX image registry | `docker.io` |
| `frontend.image.repository` | NGINX image repository | `bitnami/nginx` |
| `frontend.image.tag` | NGINX image tag (immutable tags are recommended) | `1.19.10-debian-10-r11` |
| `frontend.image.pullPolicy` | NGINX image pull policy | `IfNotPresent` |
| `frontend.image.pullSecrets` | NGINX image pull secrets | `[]` |
| `frontend.image.debug` | Enable image debug mode | `false` |
| `frontend.proxypassAccessTokenAsBearer` | Use access_token as the Bearer when talking to the k8s api server | `false` |
| `frontend.proxypassExtraSetHeader` | Set an additional proxy header for all requests proxied via NGINX | `nil` |
| `frontend.largeClientHeaderBuffers` | Set large_client_header_buffers in NGINX config | `4 32k` |
| `frontend.replicaCount` | Number of frontend replicas to deploy | `2` |
| `frontend.resources.limits.cpu` | The CPU limits for the NGINX container | `250m` |
| `frontend.resources.limits.memory` | The memory limits for the NGINX container | `128Mi` |
| `frontend.resources.requests.cpu` | The requested CPU for the NGINX container | `25m` |
| `frontend.resources.requests.memory` | The requested memory for the NGINX container | `32Mi` |
| `frontend.extraEnvVars` | Array with extra environment variables to add to the NGINX container | `[]` |
| `frontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the NGINX container | `nil` |
| `frontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the NGINX container | `nil` |
| `frontend.containerPort` | NGINX HTTP container port | `8080` |
| `frontend.podSecurityContext.enabled` | Enabled frontend pods' Security Context | `true` |
| `frontend.podSecurityContext.fsGroup` | Set frontend pod's Security Context fsGroup | `1001` |
| `frontend.containerSecurityContext.enabled` | Enabled NGINX containers' Security Context | `true` |
| `frontend.containerSecurityContext.runAsUser` | Set NGINX container's Security Context runAsUser | `1001` |
| `frontend.containerSecurityContext.runAsNonRoot` | Set NGINX container's Security Context runAsNonRoot | `true` |
| `frontend.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `frontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `frontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `frontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `frontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `frontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `frontend.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `frontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `frontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `frontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `frontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `frontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `frontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `frontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `frontend.lifecycleHooks` | Custom lifecycle hooks for frontend containers | `{}` |
| `frontend.podLabels` | Extra labels for frontend pods | `{}` |
| `frontend.podAnnotations` | Annotations for frontend pods | `{}` |
| `frontend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `frontend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `frontend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `frontend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `frontend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `frontend.affinity` | Affinity for pod assignment | `{}` |
| `frontend.nodeSelector` | Node labels for pod assignment | `{}` |
| `frontend.tolerations` | Tolerations for pod assignment | `[]` |
| `frontend.priorityClassName` | Priority class name for frontend pods | `nil` |
| `frontend.hostAliases` | Custom host aliases for frontend pods | `[]` |
| `frontend.extraVolumes` | Optionally specify extra list of additional volumes for frontend pods | `[]` |
| `frontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for frontend container(s) | `[]` |
| `frontend.sidecars` | Add additional sidecar containers to the frontend pod | `{}` |
| `frontend.initContainers` | Add additional init containers to the frontend pods | `{}` |
| `frontend.service.type` | Frontend service type | `ClusterIP` |
| `frontend.service.port` | Frontend service HTTP port | `80` |
| `frontend.service.nodePort` | Node port for HTTP | `nil` |
| `frontend.service.clusterIP` | Frontend service Cluster IP | `nil` |
| `frontend.service.loadBalancerIP` | Frontend service Load Balancer IP | `nil` |
| `frontend.service.loadBalancerSourceRanges` | Frontend service Load Balancer sources | `[]` |
| `frontend.service.externalTrafficPolicy` | Frontend service external traffic policy | `Cluster` |
| `frontend.service.annotations` | Additional custom annotations for frontend service | `{}` |
### Dashboard parameters
| Name | Description | Value |
| ------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------------------- |
| `dashboard.image.registry` | Dashboard image registry | `docker.io` |
| `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` |
| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.3.2-debian-10-r0` |
| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` |
| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` |
| `dashboard.image.debug` | Enable image debug mode | `false` |
| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` |
| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` |
| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` |
| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` |
| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` |
| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `nil` |
| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `nil` |
| `dashboard.containerPort` | Dashboard HTTP container port | `8080` |
| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` |
| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` |
| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` |
| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` |
| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` |
| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` |
| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` |
| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` |
| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` |
| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` |
| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` |
| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` |
| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `dashboard.affinity` | Affinity for pod assignment | `{}` |
| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` |
| `dashboard.tolerations` | Tolerations for pod assignment | `[]` |
| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `nil` |
| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` |
| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` |
| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` |
| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `{}` |
| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `{}` |
| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` |
| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` |
### AppRepository Controller parameters
| Name | Description | Value |
| ----------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------- |
| `apprepository.image.registry` | Kubeapps AppRepository Controller image registry | `docker.io` |
| `apprepository.image.repository` | Kubeapps AppRepository Controller image repository | `bitnami/kubeapps-apprepository-controller` |
| `apprepository.image.tag` | Kubeapps AppRepository Controller image tag (immutable tags are recommended) | `2.3.2-scratch-r0` |
| `apprepository.image.pullPolicy` | Kubeapps AppRepository Controller image pull policy | `IfNotPresent` |
| `apprepository.image.pullSecrets` | Kubeapps AppRepository Controller image pull secrets | `[]` |
| `apprepository.syncImage.registry` | Kubeapps Asset Syncer image registry | `docker.io` |
| `apprepository.syncImage.repository` | Kubeapps Asset Syncer image repository | `bitnami/kubeapps-asset-syncer` |
| `apprepository.syncImage.tag` | Kubeapps Asset Syncer image tag (immutable tags are recommended) | `2.3.2-scratch-r0` |
| `apprepository.syncImage.pullPolicy` | Kubeapps Asset Syncer image pull policy | `IfNotPresent` |
| `apprepository.syncImage.pullSecrets` | Kubeapps Asset Syncer image pull secrets | `[]` |
| `apprepository.initialRepos` | Initial chart repositories to configure | `[]` |
| `apprepository.initialReposProxy` | Proxy configuration to access chart repositories | `{}` |
| `apprepository.crontab` | Schedule for syncing App repositories (default to 10 minutes) | `nil` |
| `apprepository.watchAllNamespaces` | Watch all namespaces to support separate AppRepositories per namespace | `true` |
| `apprepository.replicaCount` | Number of AppRepository Controller replicas to deploy | `1` |
| `apprepository.resources.limits.cpu` | The CPU limits for the AppRepository Controller container | `250m` |
| `apprepository.resources.limits.memory` | The memory limits for the AppRepository Controller container | `128Mi` |
| `apprepository.resources.requests.cpu` | The requested CPU for the AppRepository Controller container | `25m` |
| `apprepository.resources.requests.memory` | The requested memory for the AppRepository Controller container | `32Mi` |
| `apprepository.podSecurityContext.enabled` | Enabled AppRepository Controller pods' Security Context | `true` |
| `apprepository.podSecurityContext.fsGroup` | Set AppRepository Controller pod's Security Context fsGroup | `1001` |
| `apprepository.containerSecurityContext.enabled` | Enabled AppRepository Controller containers' Security Context | `true` |
| `apprepository.containerSecurityContext.runAsUser` | Set AppRepository Controller container's Security Context runAsUser | `1001` |
| `apprepository.containerSecurityContext.runAsNonRoot` | Set AppRepository Controller container's Security Context runAsNonRoot | `true` |
| `apprepository.lifecycleHooks` | Custom lifecycle hooks for AppRepository Controller containers | `{}` |
| `apprepository.podLabels` | Extra labels for AppRepository Controller pods | `{}` |
| `apprepository.podAnnotations` | Annotations for AppRepository Controller pods | `{}` |
| `apprepository.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `apprepository.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `apprepository.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `apprepository.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `apprepository.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `apprepository.affinity` | Affinity for pod assignment | `{}` |
| `apprepository.nodeSelector` | Node labels for pod assignment | `{}` |
| `apprepository.tolerations` | Tolerations for pod assignment | `[]` |
| `apprepository.priorityClassName` | Priority class name for AppRepository Controller pods | `nil` |
| `apprepository.hostAliases` | Custom host aliases for AppRepository Controller pods | `[]` |
### Kubeops parameters
| Name | Description | Value |
| ----------------------------------------------- | ----------------------------------------------------------------------------------------- | -------------------------- |
| `kubeops.image.registry` | Kubeops image registry | `docker.io` |
| `kubeops.image.repository` | Kubeops image repository | `bitnami/kubeapps-kubeops` |
| `kubeops.image.tag` | Kubeops image tag (immutable tags are recommended) | `2.3.2-scratch-r0` |
| `kubeops.image.pullPolicy` | Kubeops image pull policy | `IfNotPresent` |
| `kubeops.image.pullSecrets` | Kubeops image pull secrets | `[]` |
| `kubeops.namespaceHeaderName` | Additional header name for trusted namespaces | `nil` |
| `kubeops.namespaceHeaderPattern` | Additional header pattern for trusted namespaces | `nil` |
| `kubeops.qps` | Kubeops QPS (queries per second) rate | `nil` |
| `kubeops.burst` | Kubeops burst rate | `nil` |
| `kubeops.replicaCount` | Number of Kubeops replicas to deploy | `2` |
| `kubeops.terminationGracePeriodSeconds` | The grace time period for sig term | `300` |
| `kubeops.extraEnvVars` | Array with extra environment variables to add to the Kubeops container | `[]` |
| `kubeops.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Kubeops container | `nil` |
| `kubeops.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Kubeops container | `nil` |
| `kubeops.containerPort` | Kubeops HTTP container port | `8080` |
| `kubeops.resources.limits.cpu` | The CPU limits for the Kubeops container | `250m` |
| `kubeops.resources.limits.memory` | The memory limits for the Kubeops container | `256Mi` |
| `kubeops.resources.requests.cpu` | The requested CPU for the Kubeops container | `25m` |
| `kubeops.resources.requests.memory` | The requested memory for the Kubeops container | `32Mi` |
| `kubeops.podSecurityContext.enabled` | Enabled Kubeops pods' Security Context | `true` |
| `kubeops.podSecurityContext.fsGroup` | Set Kubeops pod's Security Context fsGroup | `1001` |
| `kubeops.containerSecurityContext.enabled` | Enabled Kubeops containers' Security Context | `true` |
| `kubeops.containerSecurityContext.runAsUser` | Set Kubeops container's Security Context runAsUser | `1001` |
| `kubeops.containerSecurityContext.runAsNonRoot` | Set Kubeops container's Security Context runAsNonRoot | `true` |
| `kubeops.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `kubeops.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `kubeops.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `kubeops.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `kubeops.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `kubeops.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `kubeops.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `kubeops.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `kubeops.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `kubeops.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `kubeops.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `kubeops.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `kubeops.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `kubeops.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `kubeops.lifecycleHooks` | Custom lifecycle hooks for Kubeops containers | `{}` |
| `kubeops.podLabels` | Extra labels for Kubeops pods | `{}` |
| `kubeops.podAnnotations` | Annotations for Kubeops pods | `{}` |
| `kubeops.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `kubeops.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `kubeops.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `kubeops.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `kubeops.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `kubeops.affinity` | Affinity for pod assignment | `{}` |
| `kubeops.nodeSelector` | Node labels for pod assignment | `{}` |
| `kubeops.tolerations` | Tolerations for pod assignment | `[]` |
| `kubeops.priorityClassName` | Priority class name for Kubeops pods | `nil` |
| `kubeops.hostAliases` | Custom host aliases for Kubeops pods | `[]` |
| `kubeops.service.port` | Kubeops service HTTP port | `8080` |
| `kubeops.service.annotations` | Additional custom annotations for Kubeops service | `{}` |
### Assetsvc parameters
| Name | Description | Value |
| ------------------------------------------------ | ----------------------------------------------------------------------------------------- | --------------------------- |
| `assetsvc.image.registry` | Kubeapps Assetsvc image registry | `docker.io` |
| `assetsvc.image.repository` | Kubeapps Assetsvc image repository | `bitnami/kubeapps-assetsvc` |
| `assetsvc.image.tag` | Kubeapps Assetsvc image tag (immutable tags are recommended) | `2.3.2-scratch-r0` |
| `assetsvc.image.pullPolicy` | Kubeapps Assetsvc image pull policy | `IfNotPresent` |
| `assetsvc.image.pullSecrets` | Kubeapps Assetsvc image pull secrets | `[]` |
| `assetsvc.replicaCount` | Number of Assetsvc replicas to deploy | `2` |
| `assetsvc.extraEnvVars` | Array with extra environment variables to add to the Assetsvc container | `[]` |
| `assetsvc.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Assetsvc container | `nil` |
| `assetsvc.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Assetsvc container | `nil` |
| `assetsvc.containerPort` | Assetsvc HTTP container port | `8080` |
| `assetsvc.resources.limits.cpu` | The CPU limits for the Assetsvc container | `250m` |
| `assetsvc.resources.limits.memory` | The memory limits for the Assetsvc container | `128Mi` |
| `assetsvc.resources.requests.cpu` | The requested CPU for the Assetsvc container | `25m` |
| `assetsvc.resources.requests.memory` | The requested memory for the Assetsvc container | `32Mi` |
| `assetsvc.podSecurityContext.enabled` | Enabled Assetsvc pods' Security Context | `true` |
| `assetsvc.podSecurityContext.fsGroup` | Set Assetsvc pod's Security Context fsGroup | `1001` |
| `assetsvc.containerSecurityContext.enabled` | Enabled Assetsvc containers' Security Context | `true` |
| `assetsvc.containerSecurityContext.runAsUser` | Set Assetsvc container's Security Context runAsUser | `1001` |
| `assetsvc.containerSecurityContext.runAsNonRoot` | Set Assetsvc container's Security Context runAsNonRoot | `true` |
| `assetsvc.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `assetsvc.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` |
| `assetsvc.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `assetsvc.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `assetsvc.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `assetsvc.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `assetsvc.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `assetsvc.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `assetsvc.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `assetsvc.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `assetsvc.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `assetsvc.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `assetsvc.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `assetsvc.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `assetsvc.lifecycleHooks` | Custom lifecycle hooks for Assetsvc containers | `{}` |
| `assetsvc.podLabels` | Extra labels for Assetsvc pods | `{}` |
| `assetsvc.podAnnotations` | Annotations for Assetsvc pods | `{}` |
| `assetsvc.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `assetsvc.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `assetsvc.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `assetsvc.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `assetsvc.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `assetsvc.affinity` | Affinity for pod assignment | `{}` |
| `assetsvc.nodeSelector` | Node labels for pod assignment | `{}` |
| `assetsvc.tolerations` | Tolerations for pod assignment | `[]` |
| `assetsvc.priorityClassName` | Priority class name for Assetsvc pods | `nil` |
| `assetsvc.hostAliases` | Custom host aliases for Assetsvc pods | `[]` |
| `assetsvc.service.port` | Assetsvc service HTTP port | `8080` |
| `assetsvc.service.annotations` | Additional custom annotations for Assetsvc service | `{}` |
### Auth Proxy parameters
| Name | Description | Value |
| ------------------------------------------------- | ----------------------------------------------------------------------------- | ---------------------- |
| `authProxy.enabled` | Specifies whether Kubeapps should configure OAuth login/logout | `false` |
| `authProxy.image.registry` | OAuth2 Proxy image registry | `docker.io` |
| `authProxy.image.repository` | OAuth2 Proxy image repository | `bitnami/oauth2-proxy` |
| `authProxy.image.tag` | OAuth2 Proxy image tag (immutable tags are recommended) | `7.1.2-debian-10-r22` |
| `authProxy.image.pullPolicy` | OAuth2 Proxy image pull policy | `IfNotPresent` |
| `authProxy.image.pullSecrets` | OAuth2 Proxy image pull secrets | `[]` |
| `authProxy.external` | Use an external Auth Proxy instead of deploying its own one | `false` |
| `authProxy.oauthLoginURI` | OAuth Login URI to which the Kubeapps frontend redirects for authn | `/oauth2/start` |
| `authProxy.oauthLogoutURI` | OAuth Logout URI to which the Kubeapps frontend redirects for authn | `/oauth2/sign_out` |
| `authProxy.skipKubeappsLoginPage` | Skip the Kubeapps login page when using OIDC and directly redirect to the IdP | `false` |
| `authProxy.provider` | OAuth provider | `""` |
| `authProxy.clientID` | OAuth Client ID | `""` |
| `authProxy.clientSecret` | OAuth Client secret | `""` |
| `authProxy.cookieSecret` | Secret used by oauth2-proxy to encrypt any credentials | `""` |
| `authProxy.emailDomain` | Allowed email domains | `*` |
| `authProxy.additionalFlags` | Additional flags for oauth2-proxy | `[]` |
| `authProxy.containerPort` | Auth Proxy HTTP container port | `3000` |
| `authProxy.containerSecurityContext.enabled` | Enabled Auth Proxy containers' Security Context | `true` |
| `authProxy.containerSecurityContext.runAsUser` | Set Auth Proxy container's Security Context runAsUser | `1001` |
| `authProxy.containerSecurityContext.runAsNonRoot` | Set Auth Proxy container's Security Context runAsNonRoot | `true` |
| `authProxy.resources.limits.cpu` | The CPU limits for the OAuth2 Proxy container | `250m` |
| `authProxy.resources.limits.memory` | The memory limits for the OAuth2 Proxy container | `128Mi` |
| `authProxy.resources.requests.cpu` | The requested CPU for the OAuth2 Proxy container | `25m` |
| `authProxy.resources.requests.memory` | The requested memory for the OAuth2 Proxy container | `32Mi` |
### Pinniped Proxy parameters
| Name | Description | Value |
| ----------------------------------------------------- | ------------------------------------------------------------------------ | --------------------------------- |
| `pinnipedProxy.enabled` | Specifies whether Kubeapps should configure Pinniped Proxy | `false` |
| `pinnipedProxy.image.registry` | Pinniped Proxy image registry | `docker.io` |
| `pinnipedProxy.image.repository` | Pinniped Proxy image repository | `bitnami/kubeapps-pinniped-proxy` |
| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `2.3.2-debian-10-r0` |
| `pinnipedProxy.image.pullPolicy` | Pinniped Proxy image pull policy | `IfNotPresent` |
| `pinnipedProxy.image.pullSecrets` | Pinniped Proxy image pull secrets | `[]` |
| `pinnipedProxy.defaultPinnipedNamespace` | Specify the (default) namespace in which pinniped concierge is installed | `pinniped-concierge` |
| `pinnipedProxy.defaultAuthenticatorType` | Specify the (default) authenticator type | `JWTAuthenticator` |
| `pinnipedProxy.defaultAuthenticatorName` | Specify the (default) authenticator name | `jwt-authenticator` |
| `pinnipedProxy.defaultPinnipedAPISuffix` | Specify the (default) API suffix | `pinniped.dev` |
| `pinnipedProxy.containerPort` | Kubeops HTTP container port | `3333` |
| `pinnipedProxy.containerSecurityContext.enabled` | Enabled Pinniped Proxy containers' Security Context | `true` |
| `pinnipedProxy.containerSecurityContext.runAsUser` | Set Pinniped Proxy container's Security Context runAsUser | `1001` |
| `pinnipedProxy.containerSecurityContext.runAsNonRoot` | Set Pinniped Proxy container's Security Context runAsNonRoot | `true` |
| `pinnipedProxy.resources.limits.cpu` | The CPU limits for the Pinniped Proxy container | `250m` |
| `pinnipedProxy.resources.limits.memory` | The memory limits for the Pinniped Proxy container | `128Mi` |
| `pinnipedProxy.resources.requests.cpu` | The requested CPU for the Pinniped Proxy container | `25m` |
| `pinnipedProxy.resources.requests.memory` | The requested memory for the Pinniped Proxy container | `32Mi` |
### Other Parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------------------------------------- | ----------------------- |
| `allowNamespaceDiscovery` | Allow users to discover available namespaces (only the ones they have access) | `true` |
| `clusters` | List of clusters that Kubeapps can target for deployments | `[]` |
| `featureFlags` | Feature flags (used to switch on development features) | `{}` |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `testImage.registry` | NGINX image registry | `docker.io` |
| `testImage.repository` | NGINX image repository | `bitnami/nginx` |
| `testImage.tag` | NGINX image tag (immutable tags are recommended) | `1.19.10-debian-10-r11` |
| `testImage.pullPolicy` | NGINX image pull policy | `IfNotPresent` |
| `testImage.pullSecrets` | NGINX image pull secrets | `[]` |
### Database Parameters
| Name | Description | Value |
| -------------------------------------- | ---------------------------------------------------------------------------- | -------- |
| `postgresql.enabled` | Deploy a PostgreSQL server to satisfy the applications database requirements | `true` |
| `postgresql.replication.enabled` | Enable replication for high availability | `true` |
| `postgresql.postgresqlDatabase` | Database name for Kubeapps to be created on the first run | `assets` |
| `postgresql.postgresqlPassword` | Password for 'postgres' user | `""` |
| `postgresql.persistence.enabled` | Enable persistence on PostgreSQL using PVC(s) | `false` |
| `postgresql.persistence.size` | Persistent Volume size | `8Gi` |
| `postgresql.securityContext.enabled` | Enabled PostgreSQL replicas pods' Security Context | `false` |
| `postgresql.resources.limits` | The resources limits for the PostreSQL container | `{}` |
| `postgresql.resources.requests.cpu` | The requested CPU for the PostreSQL container | `250m` |
| `postgresql.resources.requests.memory` | The requested memory for the PostreSQL container | `256Mi` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -103,7 +514,6 @@ To enable ingress integration, please set `ingress.enabled` to `true`
Most likely you will only want to have one hostname that maps to this Kubeapps installation (use the `ingress.hostname` parameter to set the hostname), however, it is possible to have more than one host. To facilitate this, the `ingress.extraHosts` object is an array.
If you plan to serve Kubeapps under a subpath (eg., `example.com/subpath`), you will have to disable the default path by setting `ingress.hostname=""` and the enter the hostname and path in the extraHost array; for instance: `ingress.extraHosts[0].name="example.com"` and `ingress.extraHosts[0].path="/subpath"`
##### Annotations
For annotations, please see [this document](https://github.com/kubeapps/kubeapps/blob/master/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. Annotations can be set using `ingress.annotations`.
@@ -140,8 +550,8 @@ In the first two cases, it's needed a certificate and a key. We would expect the
```
- If you are going to use Helm to manage the certificates based on the parameters, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry.
- In case you are going to manage TLS secrects separately, please know that you can must a TLS secret with name *INGRESS_HOSTNAME-tls* (where *INGRESS_HOSTNAME* is a placeholder to be replaced with the hostname you set using the `ingress.hostname` parameter).
- To use self-signed certificates created by Helm, set `ingress.tls` to `true` and `ingress.certManager` to `false`.
- In case you are going to manage TLS secrets separately, please know that you must use a TLS secret with name *INGRESS_HOSTNAME-tls* (where *INGRESS_HOSTNAME* is a placeholder to be replaced with the hostname you set using the `ingress.hostname` parameter).
- To use self-signed certificates created by Helm, set both `ingress.tls` and `ingress.selfSigned` to `true`.
- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, set `ingress.certManager` boolean to true to enable the corresponding annotations for cert-manager.
## Upgrading Kubeapps
@@ -190,7 +600,7 @@ kubectl delete namespace kubeapps
- [How to install Kubeapps in production scenarios?](#how-to-install-kubeapps-in-production-scenarios)
- [How to use Kubeapps?](#how-to-use-kubeapps)
- [How to configure Kubeapps with Ingress](#how-to-configure-kubeapps-with-ingress)
* [Serving Kubeapps in a subpath](#serving-kubeapps-in-a-subpath)
- [Serving Kubeapps in a subpath](#serving-kubeapps-in-a-subpath)
- [Can Kubeapps install apps into more than one cluster?](#can-kubeapps-install-apps-into-more-than-one-cluster)
- [Can Kubeapps be installed without Internet connection?](#can-kubeapps-be-installed-without-internet-connection)
- [Does Kubeapps support private repositories?](#does-kubeapps-support-private-repositories)
@@ -223,6 +633,7 @@ helm install kubeapps --namespace kubeapps \
--set ingress.hostname=example.com \
bitnami/kubeapps
```
#### Serving Kubeapps in a subpath
You may want to serve Kubeapps with a subpath, for instance `http://example.com/subpath`, you have to set the proper Ingress configuration. If you are using the ingress configuration provided by the Kubeapps chart, you will have to set the `ingress.extraHosts` parameter:
@@ -235,6 +646,7 @@ helm install kubeapps --namespace kubeapps \
--set ingress.extraHosts[0].path="/catalog"
bitnami/kubeapps
```
Besides, if you are using the OAuth2/OIDC login (more information at the [using an OIDC provider documentation](https://github.com/kubeapps/kubeapps/blob/master/docs/user/using-an-OIDC-provider.md)), you will need, also, to configure the different URLs:
```bash
@@ -286,14 +698,13 @@ To reduce this time, you can increase the number of checks that Kubeapps will pe
Feel free to [open an issue](https://github.com/kubeapps/kubeapps/issues/new) if you have any questions!
## Troubleshooting
### Nginx Ipv6 error
When starting the application with the `--set enableIPv6=true` option, the Nginx server present in the services `kubeapps` and `kubeapps-internal-dashboard` may fail with the following:
```
```console
nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol)
```
@@ -303,13 +714,13 @@ This usually means that your cluster is not compatible with IPv6. To disable it,
If during installation you run into an error similar to:
```
```console
Error: release kubeapps failed: clusterroles.rbac.authorization.k8s.io "kubeapps-apprepository-controller" is forbidden: attempt to grant extra privileges: [{[get] [batch] [cronjobs] [] []...
```
Or:
```
```console
Error: namespaces "kubeapps" is forbidden: User "system:serviceaccount:kube-system:default" cannot get namespaces in the namespace "kubeapps"
```
@@ -330,25 +741,23 @@ helm install --name kubeapps --namespace kubeapps bitnami/kubeapps --set rbac.cr
It is possible that when upgrading Kubeapps an error appears. That can be caused by a breaking change in the new chart or because the current chart installation is in an inconsistent state. If you find issues upgrading Kubeapps you can follow these steps:
> Note: These steps assume that you have installed Kubeapps in the namespace `kubeapps` using the name `kubeapps`. If that is not the case replace the command with your namespace and/or name.
> Note: If you are upgrading from 2.3.1 see the [following section](#upgrading-to-2-3-1).
> Note: If you are upgrading from 2.3.1 see the [following section](#upgrading-to-2-3-1).
> Note: If you are upgrading from 1.X to 2.X see the [following section](#upgrading-to-2-0).
1. (Optional) Backup your personal repositories (if you have any):
1. (Optional) Backup your personal repositories (if you have any):
```bash
kubectl get apprepository -A -o yaml > <repo name>.yaml
```
2. Delete Kubeapps:
2. Delete Kubeapps:
```bash
helm del --purge kubeapps
```
3. (Optional) Delete the App Repositories CRD:
3. (Optional) Delete the App Repositories CRD:
> **Warning**: Don't execute this step if you have more than one Kubeapps installation in your cluster.
@@ -356,7 +765,7 @@ helm del --purge kubeapps
kubectl delete crd apprepositories.kubeapps.com
```
4. (Optional) Clean the Kubeapps namespace:
4. (Optional) Clean the Kubeapps namespace:
> **Warning**: Don't execute this step if you have workloads other than Kubeapps in the `kubeapps` namespace.
@@ -364,14 +773,14 @@ kubectl delete crd apprepositories.kubeapps.com
kubectl delete namespace kubeapps
```
5. Install the latest version of Kubeapps (using any custom modifications you need):
5. Install the latest version of Kubeapps (using any custom modifications you need):
```bash
helm repo update
helm install --name kubeapps --namespace kubeapps bitnami/kubeapps
```
6. (Optional) Restore any repositories you backed up in the first step:
6. (Optional) Restore any repositories you backed up in the first step:
```bash
kubectl apply -f <repo name>.yaml
@@ -379,53 +788,14 @@ kubectl apply -f <repo name>.yaml
After that you should be able to access the new version of Kubeapps. If the above doesn't work for you or you run into any other issues please open an [issue](https://github.com/kubeapps/kubeapps/issues/new).
### Upgrading to 2.0.1 (Chart 5.0.0)
### Upgrading to chart version 7.0.0
[On November 13, 2020, Helm 2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm 3 and to be consistent with the Helm project itself regarding the Helm 2 EOL.
In this release, no breaking changes were included in Kubeapps (version 2.3.2). However, the chart adopted the standardizations included in the rest of the charts in the Bitnami catalog.
**What changes were introduced in this major version?**
Most of these standardizations simply add new parameters that allow to add more customizations such as adding custom env. variables, volumes or sidecar containers. That said, some of them include breaking changes:
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Move dependency information from the *requirements.yaml* to the *Chart.yaml*
- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock*
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
- In the case of PostgreSQL subchart, apart from the same changes that are described in this section, there are also other major changes due to the master/slave nomenclature was replaced by primary/readReplica. [Here](https://github.com/bitnami/charts/pull/4385) you can find more information about the changes introduced.
**Considerations when upgrading to this version**
- If you want to upgrade to this version using Helm 2, this scenario is not supported as this version doesn't support Helm 2 anymore
- If you installed the previous version with Helm 2 and wants to upgrade to this version with Helm 3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm 2 to 3
- If you want to upgrade to this version from a previous one installed with Helm 3, you shouldn't face any issues related to the new `apiVersion`. Due to the PostgreSQL major version bump, it's necessary to remove the existing statefulsets:
> Note: The command below assumes that Kubeapps has been deployed in the kubeapps namespace using "kubeapps" as release name, if that's not the case, adapt the command accordingly.
```console
$ kubectl delete statefulset -n kubeapps kubeapps-postgresql-master kubeapps-postgresql-slave
```
**Useful links**
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
### Upgrading to 2.0
Kubeapps 2.0 (Chart version 4.0.0) introduces some breaking changes:
- Helm 2 is no longer supported. If you are still using some Helm 2 charts, [migrate them with the available tools](https://helm.sh/docs/topics/v2_v3_migration/). Note that some charts (but not all of them) may require to be migrated to the [new Chart specification (v2)](https://helm.sh/docs/topics/charts/#the-apiversion-field). If you are facing any issue managing this migration and Kubeapps, please open a new issue!
- MongoDB&reg; is no longer supported. Since 2.0, the only database supported is PostgreSQL.
- PostgreSQL chart dependency has been upgraded to a new major version.
Due to the last point, it's necessary to run a command before upgrading to Kubeapps 2.0:
> Note: The command below assumes that Kubeapps has been deployed in the kubeapps namespace using "kubeapps" as release name, if that's not the case, adapt the command accordingly.
```bash
kubectl delete statefulset -n kubeapps kubeapps-postgresql-master kubeapps-postgresql-slave
```
After that you should be able to upgrade Kubeapps as always and the database will be repopulated.
- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels).
- `securityContext.*` parameters are deprecated in favor of `XXX.podSecurityContext.*` and `XXX.containerSecurityContext.*`, where XXX is placeholder you need to replace with the actual component(s). For instance, to modify the container security context for "kubeops" use `kubeops.podSecurityContext` and `kubeops.containerSecurityContext` parameters.
### Upgrading to 2.3.1
@@ -470,3 +840,51 @@ After that, you will be able to upgrade Kubeapps to 2.3.1 using the existing dat
```console
$ helm upgrade kubeapps bitnami/kubeapps -n kubeapps --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD
```
### Upgrading to 2.0.1 (Chart 5.0.0)
[On November 13, 2020, Helm 2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm 3 and to be consistent with the Helm project itself regarding the Helm 2 EOL.
**What changes were introduced in this major version?**
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Move dependency information from the *requirements.yaml* to the *Chart.yaml*
- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock*
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
- In the case of PostgreSQL subchart, apart from the same changes that are described in this section, there are also other major changes due to the master/slave nomenclature was replaced by primary/readReplica. [Here](https://github.com/bitnami/charts/pull/4385) you can find more information about the changes introduced.
**Considerations when upgrading to this version**
- If you want to upgrade to this version using Helm 2, this scenario is not supported as this version doesn't support Helm 2 anymore
- If you installed the previous version with Helm 2 and wants to upgrade to this version with Helm 3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm 2 to 3
- If you want to upgrade to this version from a previous one installed with Helm 3, you shouldn't face any issues related to the new `apiVersion`. Due to the PostgreSQL major version bump, it's necessary to remove the existing statefulsets:
> Note: The command below assumes that Kubeapps has been deployed in the kubeapps namespace using "kubeapps" as release name, if that's not the case, adapt the command accordingly.
```console
$ kubectl delete statefulset -n kubeapps kubeapps-postgresql-master kubeapps-postgresql-slave
```
**Useful links**
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
### Upgrading to 2.0
Kubeapps 2.0 (Chart version 4.0.0) introduces some breaking changes:
- Helm 2 is no longer supported. If you are still using some Helm 2 charts, [migrate them with the available tools](https://helm.sh/docs/topics/v2_v3_migration/). Note that some charts (but not all of them) may require to be migrated to the [new Chart specification (v2)](https://helm.sh/docs/topics/charts/#the-apiversion-field). If you are facing any issue managing this migration and Kubeapps, please open a new issue!
- MongoDB&reg; is no longer supported. Since 2.0, the only database supported is PostgreSQL.
- PostgreSQL chart dependency has been upgraded to a new major version.
Due to the last point, it's necessary to run a command before upgrading to Kubeapps 2.0:
> Note: The command below assumes that Kubeapps has been deployed in the kubeapps namespace using "kubeapps" as release name, if that's not the case, adapt the command accordingly.
```bash
kubectl delete statefulset -n kubeapps kubeapps-postgresql-master kubeapps-postgresql-slave
```
After that you should be able to upgrade Kubeapps as always and the database will be repopulated.

2
bitnami/kubeapps/templates/NOTES.txt
View File

@@ -71,3 +71,5 @@ To access Kubeapps from outside your K8s cluster, follow the steps below:
{{- $passwordValidationErrors = append $passwordValidationErrors $postgresqlPasswordValidationErrors -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}}
{{- include "kubeapps.checkRollingTags" . }}
{{- include "kubeapps.validateValues" . }}

137
bitnami/kubeapps/templates/_helpers.tpl
View File

@@ -1,39 +1,10 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kubeapps.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels for additional kubeapps applications. Used on resources whose app name is different
from kubeapps
*/}}
{{- define "kubeapps.extraAppLabels" -}}
chart: {{ include "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
helm.sh/chart: {{ include "kubeapps.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ include "common.names.name" . }}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "kubeapps.labels" -}}
app: {{ include "common.names.name" . }}
{{ template "kubeapps.extraAppLabels" . }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "kubeapps.imagePullSecrets" -}}
{{ include "common.images.pullSecrets" (dict "images" (list .Values.frontend.image .Values.dashboard.image .Values.apprepository.image .Values.apprepository.syncImage .Values.assetsvc.image .Values.kubeops.image .Values.authProxy.image .Values.pinnipedProxy.image .Values.hooks.image .Values.testImage) "global" .Values.global) }}
{{ include "common.images.pullSecrets" (dict "images" (list .Values.frontend.image .Values.dashboard.image .Values.apprepository.image .Values.apprepository.syncImage .Values.assetsvc.image .Values.kubeops.image .Values.authProxy.image .Values.pinnipedProxy.image .Values.testImage) "global" .Values.global) }}
{{- end -}}
{{/*
@@ -49,98 +20,63 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
Create name for the apprepository-controller based on the fullname
*/}}
{{- define "kubeapps.apprepository.fullname" -}}
{{ include "common.names.fullname" . }}-internal-apprepository-controller
{{- end -}}
{{/*
Create name for the apprepository pre-upgrade job
*/}}
{{- define "kubeapps.apprepository-job-postupgrade.fullname" -}}
{{ include "common.names.fullname" . }}-internal-apprepository-job-postupgrade
{{- end -}}
{{/*
Create name for the apprepository cleanup job
*/}}
{{- define "kubeapps.apprepository-jobs-cleanup.fullname" -}}
{{ include "common.names.fullname" . }}-internal-apprepository-jobs-cleanup
{{- end -}}
{{/*
Create name for the db-secret secret bootstrap job
*/}}
{{- define "kubeapps.db-secret-jobs-cleanup.fullname" -}}
{{ include "common.names.fullname" . }}-internal-db-secret-jobs-cleanup
{{- end -}}
{{/*
Create name for the kubeapps upgrade job
*/}}
{{- define "kubeapps.kubeapps-jobs-upgrade.fullname" -}}
{{ include "common.names.fullname" . }}-internal-kubeapps-jobs-upgrade
{{- printf "%s-internal-apprepository-controller" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for the assetsvc based on the fullname
*/}}
{{- define "kubeapps.assetsvc.fullname" -}}
{{ include "common.names.fullname" . }}-internal-assetsvc
{{- printf "%s-internal-assetsvc" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for the dashboard based on the fullname
*/}}
{{- define "kubeapps.dashboard.fullname" -}}
{{ include "common.names.fullname" . }}-internal-dashboard
{{- printf "%s-internal-dashboard" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for the dashboard config based on the fullname
*/}}
{{- define "kubeapps.dashboard-config.fullname" -}}
{{ include "common.names.fullname" . }}-internal-dashboard-config
{{- printf "%s-internal-dashboard-config" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for the frontend config based on the fullname
*/}}
{{- define "kubeapps.frontend-config.fullname" -}}
{{ include "common.names.fullname" . }}-frontend-config
{{- end -}}
{{/*
Create proxy_pass for the frontend config
*/}}
{{- define "kubeapps.frontend-config.proxy_pass" -}}
http://{{ template "kubeapps.kubeops.fullname" . }}:{{ .Values.kubeops.service.port }}
{{- printf "%s-frontend-config" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for kubeops based on the fullname
*/}}
{{- define "kubeapps.kubeops.fullname" -}}
{{ include "common.names.fullname" . }}-internal-kubeops
{{- printf "%s-internal-kubeops" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for the kubeops config based on the fullname
*/}}
{{- define "kubeapps.kubeops-config.fullname" -}}
{{ include "common.names.fullname" . }}-kubeops-config
{{- printf "%s-kubeops-config" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create name for the secrets related to an app repository
Create proxy_pass for the frontend config
*/}}
{{- define "kubeapps.apprepository-secret.name" -}}
apprepo-{{ .name }}-secrets
{{- define "kubeapps.frontend-config.proxy_pass" -}}
http://{{ include "kubeapps.kubeops.fullname" . }}:{{ .Values.kubeops.service.port }}
{{- end -}}
{{/*
Create name for the secrets related to oauth2_proxy
*/}}
{{- define "kubeapps.oauth2_proxy-secret.name" -}}
{{ template "common.names.fullname" . }}-oauth2
{{- printf "%s-oauth2" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
@@ -148,7 +84,7 @@ Create name for pinniped-proxy based on the fullname.
Currently used for a service name only.
*/}}
{{- define "kubeapps.pinniped-proxy.fullname" -}}
{{ include "common.names.fullname" . }}-internal-pinniped-proxy
{{- printf "%s-internal-pinniped-proxy" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
@@ -167,9 +103,9 @@ Frontend service port number
*/}}
{{- define "kubeapps.frontend-port-number" -}}
{{- if .Values.authProxy.enabled -}}
3000
{{ .Values.authProxy.containerPort | int }}
{{- else -}}
8080
{{ .Values.frontend.containerPort | int }}
{{- end -}}
{{- end -}}
@@ -215,3 +151,46 @@ Return the Postgresql secret name
{{- printf "%s" (include "kubeapps.postgresql.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "kubeapps.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "kubeapps.validateValues.ingress.tls" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of Kubeapps - TLS configuration for Ingress
*/}}
{{- define "kubeapps.validateValues.ingress.tls" -}}
{{- if and .Values.ingress.enabled .Values.ingress.tls (not .Values.ingress.certManager) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }}
kubeapps: ingress.tls
You enabled the TLS configuration for the default ingress hostname but
you did not enable any of the available mechanisms to create the TLS secret
to be used by the Ingress Controller.
Please use any of these alternatives:
- Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates.
- Relay on cert-manager to create it by setting `ingress.certManager=true`
- Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
{{- end -}}
{{- end -}}
{{/*
Check if there are rolling tags in the images
*/}}
{{- define "kubeapps.checkRollingTags" -}}
{{- include "common.warnings.rollingTag" .Values.frontend.image }}
{{- include "common.warnings.rollingTag" .Values.dashboard.image }}
{{- include "common.warnings.rollingTag" .Values.apprepository.image }}
{{- include "common.warnings.rollingTag" .Values.assetsvc.image }}
{{- include "common.warnings.rollingTag" .Values.kubeops.image }}
{{- include "common.warnings.rollingTag" .Values.authProxy.image }}
{{- include "common.warnings.rollingTag" .Values.pinnipedProxy.image }}
{{- end -}}

40
bitnami/kubeapps/templates/apprepositories-secret.yaml
View File

@@ -1,40 +0,0 @@
{{- range .Values.apprepository.initialRepos }}
{{- if or .caCert .authorizationHeader }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "kubeapps.apprepository-secret.name" . }}
{{- if .namespace }}
namespace: {{ .namespace }}
{{- end }}
labels:{{ include "kubeapps.labels" $ | nindent 4 }}
data:
{{- if .caCert }}
ca.crt: |-
{{ .caCert | b64enc }}
{{- end }}
{{- if .authorizationHeader }}
authorizationHeader: |-
{{ .authorizationHeader | b64enc }}
{{- end }}
---
{{/* credentials are required in the release namespace for syncer jobs */}}
{{- if .namespace }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ .namespace }}-apprepo-{{ .name }}"
labels:{{ include "kubeapps.labels" $ | nindent 4 }}
data:
{{- if .caCert }}
ca.crt: |-
{{ .caCert | b64enc }}
{{- end }}
{{- if .authorizationHeader }}
authorizationHeader: |-
{{ .authorizationHeader | b64enc }}
{{- end }}
---
{{- end }}
{{- end }}
{{- end }}

61
bitnami/kubeapps/templates/apprepositories.yaml
View File

@@ -1,61 +0,0 @@
{{- range .Values.apprepository.initialRepos }}
apiVersion: kubeapps.com/v1alpha1
kind: AppRepository
metadata:
name: {{ .name }}
{{- if .namespace }}
namespace: {{ .namespace }}
{{- end }}
labels:{{ include "kubeapps.extraAppLabels" $ | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" $ }}
spec:
{{- if .type }}
type: {{ .type }}
{{- else }}
type: helm
{{- end }}
url: {{ .url }}
{{- if .ociRepositories }}
ociRepositories:
{{- range .ociRepositories }}
- {{ . }}
{{- end }}
{{- end }}
{{- if or $.Values.securityContext.enabled $.Values.apprepository.initialReposProxy.enabled .nodeSelector }}
syncJobPodTemplate:
spec:
{{- if $.Values.apprepository.initialReposProxy.enabled }}
containers:
- env:
- name: https_proxy
value: {{ $.Values.apprepository.initialReposProxy.https_proxy }}
- name: http_proxy
value: {{ $.Values.apprepository.initialReposProxy.http_proxy }}
- name: no_proxy
value: {{ $.Values.apprepository.initialReposProxy.no_proxy }}
{{- end }}
{{- if $.Values.securityContext.enabled }}
securityContext:
runAsUser: {{ $.Values.securityContext.runAsUser }}
{{- end }}
{{- if .nodeSelector }}
nodeSelector: {{- toYaml .nodeSelector | nindent 8 }}
{{- end }}
{{- end }}
{{- if or .caCert .authorizationHeader }}
auth:
{{- if .caCert }}
customCA:
secretKeyRef:
key: ca.crt
name: {{ template "kubeapps.apprepository-secret.name" . }}
{{- end }}
{{- if .authorizationHeader }}
header:
secretKeyRef:
key: authorizationHeader
name: {{ template "kubeapps.apprepository-secret.name" . }}
{{- end }}
{{- end }}
---
{{ end -}}

75
bitnami/kubeapps/templates/apprepository-deployment.yaml
View File

@@ -1,75 +0,0 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:
{{- include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" . }}
spec:
replicas: {{ .Values.apprepository.replicaCount }}
selector:
matchLabels:
app: {{ template "kubeapps.apprepository.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
{{- with .Values.apprepository.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
app: {{ template "kubeapps.apprepository.fullname" . }}
release: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: {{ template "common.names.name" . }}
spec:
serviceAccountName: {{ template "kubeapps.apprepository.fullname" . }}
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
{{- if .Values.apprepository.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.apprepository.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.apprepository.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
containers:
- name: controller
image: {{ include "common.images.image" (dict "imageRoot" .Values.apprepository.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.apprepository.image.pullPolicy | quote }}
command:
- /apprepository-controller
args:
- --user-agent-comment=kubeapps/{{ .Chart.AppVersion }}
- --repo-sync-image={{ include "common.images.image" (dict "imageRoot" .Values.apprepository.syncImage "global" .Values.global) }}
{{- if .Values.global }}
{{- if.Values.global.imagePullSecrets }}
{{- range $key, $value := .Values.global.imagePullSecrets }}
- --repo-sync-image-pullsecrets={{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
- --repo-sync-cmd=/asset-syncer
- --namespace={{ .Release.Namespace }}
{{- if .Values.postgresql.existingSecret }}
- --database-secret-name={{ .Values.postgresql.existingSecret }}
{{- else }}
- --database-secret-name={{ template "kubeapps.postgresql.fullname" . }}
{{- end }}
- --database-secret-key=postgresql-password
- --database-url={{ template "kubeapps.postgresql.fullname" . }}:5432
- --database-user=postgres
- --database-name=assets
{{- if .Values.apprepository.crontab }}
- --crontab={{ .Values.apprepository.crontab }}
{{- end }}
- --repos-per-namespace={{ .Values.apprepository.watchAllNamespaces}}
{{- if .Values.apprepository.resources }}
resources: {{- toYaml .Values.apprepository.resources | nindent 12 }}
{{- end }}

161
bitnami/kubeapps/templates/apprepository-rbac.yaml
View File

@@ -1,161 +0,0 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- create
- get
- list
- update
- watch
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- apiGroups:
- kubeapps.com
resources:
- apprepositories
- apprepositories/finalizers
verbs:
- get
- list
- update
- watch
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubeapps.apprepository.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace }}
---
# Define role, but no binding, so users can be bound to this role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ .Release.Name }}-repositories-read
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- list
- get
---
# Define role, but no binding, so users can be bound to this role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ .Release.Name }}-repositories-write
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- "*"
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
---
# The Kubeapps app repository controller can read and watch its own
# AppRepository resources cluster-wide. The read and write cluster-roles can
# also be bound to users in specific namespaces as required.
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:{{ .Release.Namespace }}:apprepositories-read"
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" . }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
- apprepositories/finalizers
verbs:
- get
- list
- watch
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: "kubeapps:controller:{{ .Release.Namespace }}:apprepositories-read"
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "kubeapps:{{ .Release.Namespace }}:apprepositories-read"
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:{{ .Release.Namespace }}:apprepositories-write"
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" . }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- '*'
- apiGroups:
- ""
resources:
- secrets
verbs:
- '*'
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:{{ .Release.Namespace }}:apprepositories-refresh"
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" . }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- get
- update
{{- end -}}

13
bitnami/kubeapps/templates/apprepository-serviceaccount.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubeapps.apprepository-job-postupgrade.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.apprepository.fullname" . }}

55
bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml Normal file
View File

@@ -0,0 +1,55 @@
{{- range .Values.apprepository.initialRepos }}
{{- if or .caCert .authorizationHeader }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "apprepo-%s-secrets" .name }}
{{- if .namespace }}
namespace: {{ .namespace | quote }}
{{- else }}
namespace: {{ $.Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- if .caCert }}
ca.crt: |-
{{ .caCert | b64enc }}
{{- end }}
{{- if .authorizationHeader }}
authorizationHeader: |-
{{ .authorizationHeader | b64enc }}
{{- end }}
---
{{/* credentials are required in the release namespace for syncer jobs */}}
{{- if .namespace }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-apprepo-%s" .namespace .name }}
namespace: {{ $.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
{{- if .caCert }}
ca.crt: |-
{{ .caCert | b64enc }}
{{- end }}
{{- if .authorizationHeader }}
authorizationHeader: |-
{{ .authorizationHeader | b64enc }}
{{- end }}
---
{{- end }}
{{- end }}
{{- end }}

64
bitnami/kubeapps/templates/apprepository/apprepositories.yaml Normal file
View File

@@ -0,0 +1,64 @@
{{- range .Values.apprepository.initialRepos }}
apiVersion: kubeapps.com/v1alpha1
kind: AppRepository
metadata:
name: {{ .name }}
{{- if .namespace }}
namespace: {{ .namespace | quote }}
{{- else }}
namespace: {{ $.Release.Namespace | quote }}
{{- end }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ default "helm" .type }}
url: {{ .url }}
{{- if .ociRepositories }}
ociRepositories:
{{- range .ociRepositories }}
- {{ . }}
{{- end }}
{{- end }}
{{- if or $.Values.apprepository.containerSecurityContext.enabled $.Values.apprepository.initialReposProxy.enabled .nodeSelector }}
syncJobPodTemplate:
spec:
{{- if $.Values.apprepository.initialReposProxy.enabled }}
containers:
- env:
- name: https_proxy
value: {{ $.Values.apprepository.initialReposProxy.httpsProxy }}
- name: http_proxy
value: {{ $.Values.apprepository.initialReposProxy.httpProxy }}
- name: no_proxy
value: {{ $.Values.apprepository.initialReposProxy.noProxy }}
{{- end }}
{{- if $.Values.apprepository.containerSecurityContext.enabled }}
securityContext:
runAsUser: {{ $.Values.apprepository.containerSecurityContext.runAsUser }}
{{- end }}
{{- if .nodeSelector }}
nodeSelector: {{- toYaml .nodeSelector | nindent 8 }}
{{- end }}
{{- end }}
{{- if or .caCert .authorizationHeader }}
auth:
{{- if .caCert }}
customCA:
secretKeyRef:
key: ca.crt
name: {{ printf "apprepo-%s-secrets" .name }}
{{- end }}
{{- if .authorizationHeader }}
header:
secretKeyRef:
key: authorizationHeader
name: {{ printf "apprepo-%s-secrets" .name }}
{{- end }}
{{- end }}
---
{{ end -}}

94
bitnami/kubeapps/templates/apprepository/deployment.yaml Normal file
View File

@@ -0,0 +1,94 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.apprepository.replicaCount }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: apprepository
template:
metadata:
{{- if .Values.apprepository.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: apprepository
{{- if .Values.apprepository.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.apprepository.podLabels "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
serviceAccountName: {{ template "kubeapps.apprepository.fullname" . }}
{{- if .Values.apprepository.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.apprepository.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.apprepository.podAffinityPreset "component" "apprepository" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.apprepository.podAntiAffinityPreset "component" "apprepository" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.apprepository.nodeAffinityPreset.type "key" .Values.apprepository.nodeAffinityPreset.key "values" .Values.apprepository.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.apprepository.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.apprepository.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.apprepository.priorityClassName }}
priorityClassName: {{ .Values.apprepository.priorityClassName | quote }}
{{- end }}
{{- if .Values.apprepository.podSecurityContext.enabled }}
securityContext: {{- omit .Values.apprepository.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: controller
image: {{ include "common.images.image" (dict "imageRoot" .Values.apprepository.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.apprepository.image.pullPolicy | quote }}
{{- if .Values.apprepository.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.apprepository.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.apprepository.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
command:
- /apprepository-controller
args:
- --user-agent-comment=kubeapps/{{ .Chart.AppVersion }}
- --repo-sync-image={{ include "common.images.image" (dict "imageRoot" .Values.apprepository.syncImage "global" .Values.global) }}
{{- if .Values.global }}
{{- if.Values.global.imagePullSecrets }}
{{- range $key, $value := .Values.global.imagePullSecrets }}
- --repo-sync-image-pullsecrets={{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
- --repo-sync-cmd=/asset-syncer
- --namespace={{ .Release.Namespace }}
{{- if .Values.postgresql.existingSecret }}
- --database-secret-name={{ .Values.postgresql.existingSecret }}
{{- else }}
- --database-secret-name={{ template "kubeapps.postgresql.fullname" . }}
{{- end }}
- --database-secret-key=postgresql-password
- --database-url={{ template "kubeapps.postgresql.fullname" . }}:{{ default "5432" .Values.postgresql.service.port }}
- --database-user=postgres
- --database-name={{ .Values.postgresql.postgresqlDatabase }}
{{- if .Values.apprepository.crontab }}
- --crontab={{ .Values.apprepository.crontab }}
{{- end }}
- --repos-per-namespace={{ .Values.apprepository.watchAllNamespaces }}
{{- if .Values.apprepository.resources }}
resources: {{- toYaml .Values.apprepository.resources | nindent 12 }}
{{- end }}

217
bitnami/kubeapps/templates/apprepository/rbac.yaml Normal file
View File

@@ -0,0 +1,217 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- create
- get
- list
- update
- watch
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- apiGroups:
- kubeapps.com
resources:
- apprepositories
- apprepositories/finalizers
verbs:
- get
- list
- update
- watch
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubeapps.apprepository.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace }}
---
# Define role, but no binding, so users can be bound to this role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ .Release.Name }}-repositories-read
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- list
- get
---
# Define role, but no binding, so users can be bound to this role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ .Release.Name }}-repositories-write
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- "*"
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
---
# The Kubeapps app repository controller can read and watch its own
# AppRepository resources cluster-wide. The read and write cluster-roles can
# also be bound to users in specific namespaces as required.
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:{{ .Release.Namespace }}:apprepositories-read"
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
- apprepositories/finalizers
verbs:
- get
- list
- watch
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: "kubeapps:controller:{{ .Release.Namespace }}:apprepositories-read"
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "kubeapps:{{ .Release.Namespace }}:apprepositories-read"
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:{{ .Release.Namespace }}:apprepositories-write"
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- '*'
- apiGroups:
- ""
resources:
- secrets
verbs:
- '*'
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:{{ .Release.Namespace }}:apprepositories-refresh"
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- kubeapps.com
resources:
- apprepositories
verbs:
- get
- update
{{- end -}}

13
bitnami/kubeapps/templates/apprepository/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubeapps.apprepository.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: apprepository
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}

78
bitnami/kubeapps/templates/assetsvc-deployment.yaml
View File

@@ -1,78 +0,0 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "kubeapps.assetsvc.fullname" . }}
labels:
{{- include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.assetsvc.fullname" . }}
spec:
replicas: {{ .Values.assetsvc.replicaCount }}
selector:
matchLabels:
app: {{ template "kubeapps.assetsvc.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
{{- with .Values.assetsvc.podAnnotations }}
annotations:
{{- toYaml . | nindent 8}}
{{- end }}
labels:
app: {{ template "kubeapps.assetsvc.fullname" . }}
app.kubernetes.io/name: {{ template "common.names.name" . }}
release: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
{{- if .Values.assetsvc.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.assetsvc.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.assetsvc.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
containers:
- name: assetsvc
image: {{ include "common.images.image" (dict "imageRoot" .Values.assetsvc.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.assetsvc.image.pullPolicy | quote }}
command:
- /assetsvc
args:
- --database-user=postgres
- --database-name=assets
- --database-url={{ template "kubeapps.postgresql.fullname" . }}-headless:5432
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: postgresql-password
{{- if .Values.postgresql.existingSecret }}
name: {{ .Values.postgresql.existingSecret }}
{{- else }}
name: {{ template "kubeapps.postgresql.fullname" . }}
{{- end }}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PORT
value: {{ .Values.assetsvc.service.port | quote }}
ports:
- name: http
containerPort: {{ .Values.assetsvc.service.port }}
{{- if .Values.assetsvc.livenessProbe }}
livenessProbe: {{- toYaml .Values.assetsvc.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.assetsvc.readinessProbe }}
readinessProbe: {{- toYaml .Values.assetsvc.readinessProbe | nindent 12 }}
{{- end }}
{{- if .Values.assetsvc.resource }}
resources: {{- toYaml .Values.assetsvc.resources | nindent 12 }}
{{- end }}

16
bitnami/kubeapps/templates/assetsvc-service.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.assetsvc.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "common.names.name" . }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.assetsvc.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app: {{ template "kubeapps.assetsvc.fullname" . }}
release: {{ .Release.Name }}

97
bitnami/kubeapps/templates/assetsvc/deployment.yaml Normal file
View File

@@ -0,0 +1,97 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "kubeapps.assetsvc.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: assetsvc
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.assetsvc.replicaCount }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: assetsvc
template:
metadata:
{{- if .Values.assetsvc.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: assetsvc
{{- if .Values.assetsvc.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.podLabels "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
{{- if .Values.assetsvc.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.assetsvc.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.assetsvc.podAffinityPreset "component" "assetsvc" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.assetsvc.podAntiAffinityPreset "component" "assetsvc" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.assetsvc.nodeAffinityPreset.type "key" .Values.assetsvc.nodeAffinityPreset.key "values" .Values.assetsvc.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.assetsvc.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.assetsvc.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.assetsvc.priorityClassName }}
priorityClassName: {{ .Values.assetsvc.priorityClassName | quote }}
{{- end }}
{{- if .Values.assetsvc.podSecurityContext.enabled }}
securityContext: {{- omit .Values.assetsvc.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: assetsvc
image: {{ include "common.images.image" (dict "imageRoot" .Values.assetsvc.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.assetsvc.image.pullPolicy | quote }}
{{- if .Values.assetsvc.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.assetsvc.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.assetsvc.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
command:
- /assetsvc
args:
- --database-user=postgres
- --database-name={{ .Values.postgresql.postgresqlDatabase }}
- --database-url={{ template "kubeapps.postgresql.fullname" . }}-headless:{{ default "5432" .Values.postgresql.service.port }}
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
key: postgresql-password
name: {{ include "kubeapps.postgresql.secretName" . }}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PORT
value: {{ .Values.assetsvc.containerPort | quote }}
ports:
- name: http
containerPort: {{ .Values.assetsvc.containerPort }}
{{- if .Values.assetsvc.livenessProbe.enabled }}
livenessProbe: {{- omit .Values.assetsvc.livenessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.assetsvc.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.assetsvc.readinessProbe.enabled }}
readinessProbe: {{- omit .Values.assetsvc.readinessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.assetsvc.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.assetsvc.resource }}
resources: {{- toYaml .Values.assetsvc.resources | nindent 12 }}
{{- end }}

28
bitnami/kubeapps/templates/assetsvc/service.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.assetsvc.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: assetsvc
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if or .Values.assetsvc.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.assetsvc.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.assetsvc.service.port }}
targetPort: http
protocol: TCP
name: http
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: assetsvc

102
bitnami/kubeapps/templates/dashboard-deployment.yaml
View File

@@ -1,102 +0,0 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "kubeapps.dashboard.fullname" . }}
labels:
{{- include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.dashboard.fullname" . }}
spec:
replicas: {{ .Values.dashboard.replicaCount }}
selector:
matchLabels:
app: {{ template "kubeapps.dashboard.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/dashboard-config.yaml") . | sha256sum }}
{{- with .Values.dashboard.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
app: {{ template "kubeapps.dashboard.fullname" . }}
app.kubernetes.io/name: {{ template "common.names.name" . }}
release: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
chart: {{ template "kubeapps.chart" . }}
helm.sh/chart: {{ template "kubeapps.chart" . }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
{{- if .Values.dashboard.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.dashboard.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.dashboard.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
containers:
- name: dashboard
image: {{ include "common.images.image" (dict "imageRoot" .Values.dashboard.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.dashboard.image.pullPolicy | quote }}
{{- if .Values.dashboard.livenessProbe }}
livenessProbe: {{- toYaml .Values.dashboard.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.dashboard.readinessProbe }}
readinessProbe: {{- toYaml .Values.dashboard.readinessProbe | nindent 12 }}
{{- end }}
volumeMounts:
- name: vhost
mountPath: /opt/bitnami/nginx/conf/server_blocks
- name: config
mountPath: /app/config.json
subPath: config.json
- mountPath: /app/custom-css
name: custom-css
- mountPath: /app/custom-locale
name: custom-locale
- mountPath: /app/custom-components
name: custom-components
ports:
- name: http
containerPort: {{ .Values.dashboard.service.port }}
{{- if .Values.dashboard.resources }}
resources: {{- toYaml .Values.dashboard.resources | nindent 12 }}
{{- end }}
volumes:
- name: vhost
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: vhost.conf
path: vhost.conf
- name: config
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: config.json
path: config.json
- name: custom-css
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: custom_style.css
path: custom_style.css
- name: custom-locale
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: custom_locale.json
path: custom_locale.json
- name: custom-components
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: custom_components.js
path: custom_components.js

15
bitnami/kubeapps/templates/dashboard-service.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.dashboard.fullname" . }}
labels:{{ include "kubeapps.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.dashboard.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app: {{ template "kubeapps.dashboard.fullname" . }}
release: {{ .Release.Name }}

15
bitnami/kubeapps/templates/dashboard-config.yaml → bitnami/kubeapps/templates/dashboard/configmap.yaml
View File

@@ -2,17 +2,24 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.dashboard-config.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: dashboard
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
vhost.conf: |-
server {
listen {{ .Values.dashboard.service.port }};
listen {{ .Values.dashboard.containerPort }};
{{- if .Values.frontend.largeClientHeaderBuffers }}
large_client_header_buffers {{ .Values.frontend.largeClientHeaderBuffers }};
{{- end }}
{{- if .Values.enableIPv6 }}
listen [::]:{{ .Values.dashboard.service.port }};
listen [::]:{{ .Values.dashboard.containerPort }};
{{- end}}
server_name _;

153
bitnami/kubeapps/templates/dashboard/deployment.yaml Normal file
View File

@@ -0,0 +1,153 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "kubeapps.dashboard.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: dashboard
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.dashboard.replicaCount }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: dashboard
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/dashboard/configmap.yaml") . | sha256sum }}
{{- if .Values.dashboard.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: dashboard
{{- if .Values.dashboard.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.podLabels "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
{{- if .Values.dashboard.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.dashboard.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dashboard.podAffinityPreset "component" "dashboard" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dashboard.podAntiAffinityPreset "component" "dashboard" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.dashboard.nodeAffinityPreset.type "key" .Values.dashboard.nodeAffinityPreset.key "values" .Values.dashboard.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.dashboard.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.dashboard.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.dashboard.priorityClassName }}
priorityClassName: {{ .Values.dashboard.priorityClassName | quote }}
{{- end }}
{{- if .Values.dashboard.podSecurityContext.enabled }}
securityContext: {{- omit .Values.dashboard.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.dashboard.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: dashboard
image: {{ include "common.images.image" (dict "imageRoot" .Values.dashboard.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.dashboard.image.pullPolicy | quote }}
{{- if .Values.dashboard.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.dashboard.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.dashboard.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.dashboard.image.debug | quote }}
{{- if .Values.dashboard.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.dashboard.extraEnvVarsCM .Values.dashboard.extraEnvVarsSecret }}
envFrom:
{{- if .Values.dashboard.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.dashboard.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
{{- if .Values.dashboard.livenessProbe.enabled }}
livenessProbe: {{- omit .Values.dashboard.livenessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.dashboard.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.dashboard.readinessProbe.enabled }}
readinessProbe: {{- omit .Values.dashboard.readinessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.dashboard.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.dashboard.containerPort }}
{{- if .Values.dashboard.resources }}
resources: {{- toYaml .Values.dashboard.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: vhost
mountPath: /opt/bitnami/nginx/conf/server_blocks
- name: config
mountPath: /app/config.json
subPath: config.json
- mountPath: /app/custom-css
name: custom-css
- mountPath: /app/custom-locale
name: custom-locale
- mountPath: /app/custom-components
name: custom-components
{{- if .Values.dashboard.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.dashboard.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: vhost
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: vhost.conf
path: vhost.conf
- name: config
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: config.json
path: config.json
- name: custom-css
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: custom_style.css
path: custom_style.css
- name: custom-locale
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: custom_locale.json
path: custom_locale.json
- name: custom-components
configMap:
name: {{ template "kubeapps.dashboard-config.fullname" . }}
items:
- key: custom_components.js
path: custom_components.js
{{- if .Values.dashboard.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraVolumes "context" $) | nindent 8 }}
{{- end }}

28
bitnami/kubeapps/templates/dashboard/service.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.dashboard.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: dashboard
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if or .Values.dashboard.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.dashboard.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.dashboard.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.dashboard.service.port }}
targetPort: http
protocol: TCP
name: http
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: dashboard

4
bitnami/kubeapps/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

21
bitnami/kubeapps/templates/kubeapps-frontend-config.yaml → bitnami/kubeapps/templates/frontend/configmap.yaml
View File

@@ -2,8 +2,15 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubeapps.frontend-config.fullname" . }}
labels: {{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.frontend-config.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: frontend
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
k8s-api-proxy.conf: |-
# Disable buffering for log streaming
@@ -22,11 +29,11 @@ data:
# Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server.
proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
{{- end }}
{{- range .Values.clusters }}
{{- range .Values.clusters }}
{{- if .certificateAuthorityData }}
{{ .name }}-ca.pem: {{ .certificateAuthorityData }}
{{- end }}
{{- end}}
{{- end}}
vhost.conf: |-
# Retain the default nginx handling of requests without a "Connection" header
map $http_upgrade $connection_upgrade {
@@ -39,12 +46,12 @@ data:
proxy_set_header Connection $connection_upgrade;
server {
listen 8080;
listen {{ .Values.frontend.containerPort }};
{{- if .Values.frontend.largeClientHeaderBuffers }}
large_client_header_buffers {{ .Values.frontend.largeClientHeaderBuffers }};
{{- end }}
{{- if .Values.enableIPv6 }}
listen [::]:8080;
listen [::]:{{ .Values.frontend.containerPort }};
{{- end}}
server_name _;
@@ -82,7 +89,7 @@ data:
{{- if .certificateAuthorityData }}
proxy_set_header PINNIPED_PROXY_API_SERVER_CERT {{ .certificateAuthorityData }};
{{- end }}
proxy_pass http://kubeapps-internal-pinniped-proxy.{{ $.Release.Namespace }}:{{ $.Values.pinnipedProxy.service.port }};
proxy_pass http://{{ template "kubeapps.pinniped-proxy.fullname" $ }}.{{ $.Release.Namespace }}:{{ $.Values.pinnipedProxy.service.port }};
{{- else }}
# Otherwise we route directly through to the clusters with existing credentials.
proxy_pass {{ $apiServiceBaseURL }};

196
bitnami/kubeapps/templates/frontend/deployment.yaml Normal file
View File

@@ -0,0 +1,196 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: frontend
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.frontend.replicaCount }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: frontend
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/frontend/configmap.yaml") . | sha256sum }}
{{- if .Values.frontend.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.frontend.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: frontend
{{- if .Values.frontend.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.frontend.podLabels "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
{{- if .Values.frontend.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.frontend.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.frontend.podAffinityPreset "component" "frontend" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.frontend.podAntiAffinityPreset "component" "frontend" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.frontend.nodeAffinityPreset.type "key" .Values.frontend.nodeAffinityPreset.key "values" .Values.frontend.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.frontend.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.frontend.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.frontend.priorityClassName }}
priorityClassName: {{ .Values.frontend.priorityClassName | quote }}
{{- end }}
{{- if .Values.frontend.podSecurityContext.enabled }}
securityContext: {{- omit .Values.frontend.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.frontend.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: nginx
image: {{ include "common.images.image" (dict "imageRoot" .Values.frontend.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.frontend.image.pullPolicy | quote }}
{{- if .Values.frontend.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.frontend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.frontend.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.frontend.image.debug | quote }}
{{- if .Values.frontend.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.frontend.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.frontend.extraEnvVarsCM .Values.frontend.extraEnvVarsSecret }}
envFrom:
{{- if .Values.frontend.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.frontend.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.frontend.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.frontend.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
{{- if .Values.frontend.livenessProbe.enabled }}
livenessProbe: {{- omit .Values.frontend.livenessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.dashboard.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.frontend.readinessProbe.enabled }}
readinessProbe: {{- omit .Values.frontend.readinessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.frontend.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.frontend.containerPort }}
{{- if .Values.frontend.resources }}
resources: {{- toYaml .Values.frontend.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: vhost
mountPath: /opt/bitnami/nginx/conf/server_blocks
{{- if .Values.frontend.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.frontend.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }}
- name: auth-proxy
image: {{ include "common.images.image" (dict "imageRoot" .Values.authProxy.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.authProxy.image.pullPolicy | quote }}
{{- if .Values.authProxy.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.authProxy.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
args:
- --provider={{ required "You must fill \".Values.authProxy.provider\" with the provider. Valid values at https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview" .Values.authProxy.provider }}
- --upstream=http://localhost:{{ .Values.frontend.containerPort }}/
- --http-address=0.0.0.0:{{ .Values.authProxy.containerPort }}
- --email-domain={{ .Values.authProxy.emailDomain }}
- --pass-basic-auth=false
- --pass-access-token=true
- --pass-authorization-header=true
- --skip-auth-regex=^\/config\.json$
- --skip-auth-regex=^\/manifest\.json$
- --skip-auth-regex=^\/custom_style\.css$
- --skip-auth-regex=^\/custom_locale\.json$
- --skip-auth-regex=^\/favicon.*\.png$
- --skip-auth-regex=^\/static\/
- --skip-auth-regex=^\/$
- --scope=openid email groups
{{- range .Values.authProxy.additionalFlags }}
- {{ . }}
{{- end }}
env:
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "kubeapps.oauth2_proxy-secret.name" . }}
key: clientID
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "kubeapps.oauth2_proxy-secret.name" . }}
key: clientSecret
- name: OAUTH2_PROXY_COOKIE_SECRET
valueFrom:
secretKeyRef:
name: {{ template "kubeapps.oauth2_proxy-secret.name" . }}
key: cookieSecret
ports:
- name: proxy
containerPort: {{ .Values.authProxy.containerPort }}
{{- if .Values.authProxy.resources }}
resources: {{- toYaml .Values.authProxy.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if and (gt (len .Values.clusters) 1) (not .Values.authProxy.enabled) }}
{{ fail "clusters can be configured only when using an auth proxy for cluster oidc authentication."}}
{{- end }}
{{- if and .Values.pinnipedProxy.enabled }}
- name: pinniped-proxy
image: {{ include "common.images.image" (dict "imageRoot" .Values.pinnipedProxy.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.pinnipedProxy.image.pullPolicy | quote }}
{{- if .Values.pinnipedProxy.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.pinnipedProxy.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
command:
- pinniped-proxy
env:
- name: DEFAULT_PINNIPED_NAMESPACE
value: {{ .Values.pinnipedProxy.defaultPinnipedNamespace }}
- name: DEFAULT_PINNIPED_AUTHENTICATOR_TYPE
value: {{ .Values.pinnipedProxy.defaultAuthenticatorType }}
- name: DEFAULT_PINNIPED_AUTHENTICATOR_NAME
value: {{ .Values.pinnipedProxy.defaultAuthenticatorName }}
- name: DEFAULT_PINNIPED_API_SUFFIX
value: {{ .Values.pinnipedProxy.defaultPinnipedAPISuffix }}
- name: RUST_LOG
value: info
ports:
- name: pinniped-proxy
containerPort: {{ .Values.pinnipedProxy.containerPort }}
{{- if .Values.pinnipedProxy.resources }}
resources: {{- toYaml .Values.pinnipedProxy.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.pinnipedProxy.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.pinnipedProxy.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: vhost
configMap:
name: {{ template "kubeapps.frontend-config.fullname" . }}
{{- if .Values.frontend.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.frontend.extraVolumes "context" $) | nindent 8 }}
{{- end }}

11
bitnami/kubeapps/templates/oauth2-secret.yaml → bitnami/kubeapps/templates/frontend/oauth2-secret.yaml
View File

@@ -3,10 +3,15 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ template "kubeapps.oauth2_proxy-secret.name" . }}
{{- if .namespace }}
namespace: {{ .namespace }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: frontend
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
labels:{{ include "kubeapps.labels" $ | nindent 4 }}
data:
clientID: {{ required "You must fill \".Values.authProxy.clientID\" with the Client ID of the provider" .Values.authProxy.clientID | b64enc }}
clientSecret: {{ required "You must fill \".Values.authProxy.clientSecret\" with the Client Secret of the provider" .Values.authProxy.clientSecret | b64enc }}

76
bitnami/kubeapps/templates/frontend/service.yaml Normal file
View File

@@ -0,0 +1,76 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: frontend
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if or .Values.frontend.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.frontend.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.frontend.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.frontend.service.type }}
{{- if and .Values.frontend.service.clusterIP (eq .Values.frontend.service.type "ClusterIP") }}
clusterIP: {{ .Values.frontend.service.clusterIP }}
{{- end }}
{{- if (or (eq .Values.frontend.service.type "LoadBalancer") (eq .Values.frontend.service.type "NodePort")) }}
externalTrafficPolicy: {{ .Values.frontend.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if (and (eq .Values.frontend.service.type "LoadBalancer") .Values.frontend.service.loadBalancerSourceRanges) }}
loadBalancerSourceRanges: {{- toYaml .Values.frontend.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if and (eq .Values.frontend.service.type "LoadBalancer") (not (empty .Values.frontend.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.frontend.service.loadBalancerIP }}
{{- end }}
ports:
- port: {{ .Values.frontend.service.port }}
{{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }}
targetPort: proxy
{{- else }}
targetPort: http
{{- end }}
{{- if and (or (eq .Values.frontend.service.type "NodePort") (eq .Values.frontend.service.type "LoadBalancer")) (not (empty .Values.frontend.service.nodePort)) }}
nodePort: {{ .Values.frontend.service.nodePort }}
{{- else if eq .Values.frontend.service.type "ClusterIP" }}
nodePort: null
{{- end }}
protocol: TCP
name: http
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: frontend
{{- if .Values.pinnipedProxy.enabled }}
---
# Include an additional ClusterIP service for the pinniped-proxy as some configurations
# require the normal frontend service to use NodePort.
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.pinniped-proxy.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: frontend
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.pinnipedProxy.service.port }}
targetPort: pinniped-proxy
protocol: TCP
name: pinniped-proxy
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: frontend
{{- end }}

20
bitnami/kubeapps/templates/ingress.yaml
View File

@@ -3,13 +3,20 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "common.names.fullname" . }}
labels: {{ include "kubeapps.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" . ) | nindent 4 }}
{{- end }}
spec:
rules:
@@ -17,6 +24,9 @@ spec:
- host: {{ .Values.ingress.hostname }}
http:
paths:
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
@@ -33,11 +43,11 @@ spec:
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if or .Values.ingress.tls .Values.ingress.extraTls }}
{{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
tls:
{{- if .Values.ingress.tls }}
{{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }}
- hosts:
- {{ .Values.ingress.hostname }}
- {{ .Values.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- if .Values.ingress.extraTls }}

137
bitnami/kubeapps/templates/kubeapps-frontend-deployment.yaml
View File

@@ -1,137 +0,0 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}
labels:
{{- include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "common.names.fullname" . }}
spec:
replicas: {{ .Values.frontend.replicaCount }}
selector:
matchLabels:
app: {{ template "common.names.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/kubeapps-frontend-config.yaml") . | sha256sum }}
{{- with .Values.frontend.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
app: {{ template "common.names.fullname" . }}
app.kubernetes.io/name: {{ template "common.names.name" . }}
release: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
{{- if .Values.frontend.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.frontend.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.frontend.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
containers:
- name: nginx
image: {{ include "common.images.image" (dict "imageRoot" .Values.frontend.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.frontend.image.pullPolicy | quote }}
{{- if .Values.frontend.livenessProbe }}
livenessProbe: {{- toYaml .Values.frontend.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.frontend.readinessProbe }}
readinessProbe: {{- toYaml .Values.frontend.readinessProbe | nindent 12 }}
{{- end }}
volumeMounts:
- name: vhost
mountPath: /opt/bitnami/nginx/conf/server_blocks
ports:
- name: http
containerPort: 8080
{{- if .Values.frontend.resources }}
resources: {{- toYaml .Values.frontend.resources | nindent 12 }}
{{- end }}
{{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }}
- name: auth-proxy
args:
- --provider={{ required "You must fill \".Values.authProxy.provider\" with the provider. Valid values at https://pusher.github.io/oauth2_proxy/auth-configuration" .Values.authProxy.provider }}
- --upstream=http://localhost:8080/
- --http-address=0.0.0.0:3000
- --email-domain={{ .Values.authProxy.emailDomain }}
- --pass-basic-auth=false
- --pass-access-token=true
- --pass-authorization-header=true
- --skip-auth-regex=^\/config\.json$
- --skip-auth-regex=^\/manifest\.json$
- --skip-auth-regex=^\/custom_style\.css$
- --skip-auth-regex=^\/custom_locale\.json$
- --skip-auth-regex=^\/favicon.*\.png$
- --skip-auth-regex=^\/static\/
- --skip-auth-regex=^\/$
- --scope=openid email groups
{{- range .Values.authProxy.additionalFlags }}
- {{ . }}
{{- end }}
image: {{ include "common.images.image" (dict "imageRoot" .Values.authProxy.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.authProxy.image.pullPolicy | quote }}
env:
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "kubeapps.oauth2_proxy-secret.name" . }}
key: clientID
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "kubeapps.oauth2_proxy-secret.name" . }}
key: clientSecret
- name: OAUTH2_PROXY_COOKIE_SECRET
valueFrom:
secretKeyRef:
name: {{ template "kubeapps.oauth2_proxy-secret.name" . }}
key: cookieSecret
ports:
- name: proxy
containerPort: 3000
{{- if .Values.authProxy.resources }}
resources: {{- toYaml .Values.authProxy.resources | nindent 12 }}
{{- end }}
{{- end }}
{{- if and (gt (len .Values.clusters) 1) (not .Values.authProxy.enabled) }}
{{ fail "clusters can be configured only when using an auth proxy for cluster oidc authentication."}}
{{- end }}
{{- if and .Values.pinnipedProxy.enabled }}
- name: pinniped-proxy
command:
- pinniped-proxy
env:
- name: DEFAULT_PINNIPED_NAMESPACE
value: {{ .Values.pinnipedProxy.defaultPinnipedNamespace }}
- name: DEFAULT_PINNIPED_AUTHENTICATOR_TYPE
value: {{ .Values.pinnipedProxy.defaultAuthenticatorType }}
- name: DEFAULT_PINNIPED_AUTHENTICATOR_NAME
value: {{ .Values.pinnipedProxy.defaultAuthenticatorName }}
- name: DEFAULT_PINNIPED_API_SUFFIX
value: {{ .Values.pinnipedProxy.defaultPinnipedAPISuffix }}
- name: RUST_LOG
value: info
image: {{ include "common.images.image" (dict "imageRoot" .Values.pinnipedProxy.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.pinnipedProxy.image.pullPolicy | quote }}
ports:
- name: pinniped-proxy
containerPort: 3333
{{- if .Values.pinnipedProxy.resources }}
resources: {{- toYaml .Values.pinnipedProxy.resources | nindent 12 }}
{{- end }}
{{- end }}
volumes:
- name: vhost
configMap:
name: {{ template "kubeapps.frontend-config.fullname" . }}

48
bitnami/kubeapps/templates/kubeapps-frontend-service.yaml
View File

@@ -1,48 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}
labels:{{ include "kubeapps.labels" . | nindent 4 }}
{{- if .Values.frontend.service.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.service.annotations "context" $) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.frontend.service.type }}
{{- if and (eq .Values.frontend.service.type "LoadBalancer") (not (empty .Values.frontend.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.frontend.service.loadBalancerIP }}
{{- end }}
ports:
- port: {{ .Values.frontend.service.port }}
{{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }}
targetPort: proxy
{{- else }}
targetPort: http
{{- end }}
{{- if and (eq .Values.frontend.service.type "NodePort") (not (empty .Values.frontend.service.nodePort)) }}
nodePort: {{ .Values.frontend.service.nodePort }}
{{- end }}
protocol: TCP
name: http
selector:
app: {{ template "common.names.fullname" . }}
release: {{ .Release.Name }}
{{- if .Values.pinnipedProxy.enabled }}
---
# Include an additional ClusterIP service for the pinniped-proxy as some configurations
# require the normal frontend service to use NodePort.
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.pinniped-proxy.fullname" . }}
labels:{{ include "kubeapps.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.pinnipedProxy.service.port }}
targetPort: pinniped-proxy
protocol: TCP
name: pinniped-proxy
selector:
app: {{ template "common.names.fullname" . }}
release: {{ .Release.Name }}
{{- end }}

14
bitnami/kubeapps/templates/kubeops-config.yaml
View File

@@ -1,14 +0,0 @@
{{- if gt (len .Values.clusters) 0 -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubeapps.kubeops-config.fullname" . }}
labels:
app: {{ template "kubeapps.kubeops-config.fullname" . }}
chart: {{ template "kubeapps.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
clusters.conf: |-
{{ .Values.clusters | toPrettyJson | indent 4 }}
{{- end -}}

108
bitnami/kubeapps/templates/kubeops-deployment.yaml
View File

@@ -1,108 +0,0 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
labels:
{{- include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.kubeops.fullname" . }}
spec:
replicas: {{ .Values.kubeops.replicaCount }}
selector:
matchLabels:
app: {{ template "kubeapps.kubeops.fullname" . }}
release: {{ .Release.Name }}
template:
metadata:
{{- with .Values.kubeops.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
app: {{ template "kubeapps.kubeops.fullname" . }}
app.kubernetes.io/name: {{ template "common.names.name" . }}
release: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
serviceAccountName: {{ template "kubeapps.kubeops.fullname" . }}
# Increase termination timeout to let remaining operations to finish before killing the pods
# This is because new releases/upgrades/deletions are synchronous operations
terminationGracePeriodSeconds: 300
{{- if .Values.kubeops.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubeops.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubeops.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
containers:
- name: kubeops
image: {{ include "common.images.image" (dict "imageRoot" .Values.kubeops.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.kubeops.image.pullPolicy | quote }}
command:
- /kubeops
args:
- --user-agent-comment=kubeapps/{{ .Chart.AppVersion }}
- --assetsvc-url=http://{{ template "kubeapps.assetsvc.fullname" . }}:{{ .Values.assetsvc.service.port }}
{{- if .Values.clusters }}
- --clusters-config-path=/config/clusters.conf
{{- end }}
{{- if .Values.pinnipedProxy.enabled }}
- --pinniped-proxy-url=http://kubeapps-internal-pinniped-proxy.{{ .Release.Namespace }}:{{ .Values.pinnipedProxy.service.port }}
{{- end }}
{{- if .Values.kubeops.burst }}
- --burst={{ .Values.kubeops.burst }}
{{- end }}
{{- if .Values.kubeops.QPS }}
- --qps={{ .Values.kubeops.QPS }}
{{- end }}
{{- if .Values.kubeops.namespaceHeaderName }}
- --ns-header-name={{ .Values.kubeops.namespaceHeaderName }}
{{- end }}
{{- if .Values.kubeops.namespaceHeaderPattern }}
- --ns-header-pattern={{ .Values.kubeops.namespaceHeaderPattern }}
{{- end }}
{{- if .Values.clusters }}
volumeMounts:
- name: kubeops-config
mountPath: /config
- name: ca-certs
mountPath: /etc/additional-clusters-cafiles
{{- end }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PORT
value: {{ .Values.kubeops.service.port | quote }}
{{- if .Values.kubeops.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.kubeops.service.port }}
{{- if .Values.kubeops.livenessProbe }}
livenessProbe: {{- toYaml .Values.kubeops.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.kubeops.readinessProbe }}
readinessProbe: {{- toYaml .Values.kubeops.readinessProbe | nindent 12 }}
{{- end }}
{{- if .Values.kubeops.resources }}
resources: {{- toYaml .Values.kubeops.resources | nindent 12 }}
{{- end }}
{{- if .Values.clusters }}
volumes:
- name: kubeops-config
configMap:
name: {{ template "kubeapps.kubeops-config.fullname" . }}
- name: ca-certs
emptyDir: {}
{{- end }}

99
bitnami/kubeapps/templates/kubeops-rbac.yaml
View File

@@ -1,99 +0,0 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.kubeops.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
- delete
- apiGroups:
- "kubeapps.com"
resources:
- apprepositories
verbs:
- get
- list
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.kubeops.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubeapps.kubeops.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.allowNamespaceDiscovery }}
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}"
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.kubeops.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}"
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.kubeops.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}"
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}"
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.kubeops.fullname" . }}
rules:
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests/icon
verbs:
- get
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}"
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.kubeops.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}"
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

15
bitnami/kubeapps/templates/kubeops-service.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
labels:{{ include "kubeapps.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.kubeops.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app: {{ template "kubeapps.kubeops.fullname" . }}
release: {{ .Release.Name }}

6
bitnami/kubeapps/templates/kubeops-serviceaccount.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
labels:{{ include "kubeapps.extraAppLabels" . | nindent 4 }}
app: {{ template "kubeapps.kubeops.fullname" . }}

18
bitnami/kubeapps/templates/kubeops/config.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if gt (len .Values.clusters) 0 }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubeapps.kubeops-config.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
clusters.conf: |-
{{ .Values.clusters | toPrettyJson | indent 4 }}
{{- end }}

142
bitnami/kubeapps/templates/kubeops/deployment.yaml Normal file
View File

@@ -0,0 +1,142 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.kubeops.replicaCount }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: kubeops
template:
metadata:
{{- if .Values.kubeops.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 8 }}
app.kubernetes.io/component: kubeops
{{- if .Values.kubeops.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.kubeops.podLabels "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "kubeapps.imagePullSecrets" . | indent 6 }}
serviceAccountName: {{ template "kubeapps.kubeops.fullname" . }}
{{- if .Values.kubeops.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.hostAliases "context" $) | nindent 8 }}
{{- end }}
# Increase termination timeout to let remaining operations to finish before killing the pods
# This is because new releases/upgrades/deletions are synchronous operations
{{- if .Values.kubeops.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeops.podAffinityPreset "component" "kubeops" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeops.podAntiAffinityPreset "component" "kubeops" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.kubeops.nodeAffinityPreset.type "key" .Values.kubeops.nodeAffinityPreset.key "values" .Values.kubeops.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.kubeops.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubeops.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubeops.priorityClassName }}
priorityClassName: {{ .Values.kubeops.priorityClassName | quote }}
{{- end }}
{{- if .Values.kubeops.podSecurityContext.enabled }}
securityContext: {{- omit .Values.kubeops.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.kubeops.terminationGracePeriodSeconds }}
containers:
- name: kubeops
image: {{ include "common.images.image" (dict "imageRoot" .Values.kubeops.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.kubeops.image.pullPolicy | quote }}
{{- if .Values.kubeops.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.kubeops.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.kubeops.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
command:
- /kubeops
args:
- --user-agent-comment=kubeapps/{{ .Chart.AppVersion }}
- --assetsvc-url=http://{{ template "kubeapps.assetsvc.fullname" . }}:{{ .Values.assetsvc.service.port }}
{{- if .Values.clusters }}
- --clusters-config-path=/config/clusters.conf
{{- end }}
{{- if .Values.pinnipedProxy.enabled }}
- --pinniped-proxy-url=http://{{ template "kubeapps.pinniped-proxy.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.pinnipedProxy.service.port }}
{{- end }}
{{- if .Values.kubeops.burst }}
- --burst={{ .Values.kubeops.burst }}
{{- end }}
{{- if .Values.kubeops.QPS }}
- --qps={{ .Values.kubeops.QPS }}
{{- end }}
{{- if .Values.kubeops.namespaceHeaderName }}
- --ns-header-name={{ .Values.kubeops.namespaceHeaderName }}
{{- end }}
{{- if .Values.kubeops.namespaceHeaderPattern }}
- --ns-header-pattern={{ .Values.kubeops.namespaceHeaderPattern }}
{{- end }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: PORT
value: {{ .Values.kubeops.containerPort | quote }}
{{- if .Values.kubeops.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.kubeops.extraEnvVarsCM .Values.kubeops.extraEnvVarsSecret }}
envFrom:
{{- if .Values.kubeops.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.kubeops.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.kubeops.containerPort }}
{{- if .Values.kubeops.livenessProbe.enabled }}
livenessProbe: {{- omit .Values.kubeops.livenessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.kubeops.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.kubeops.readinessProbe.enabled }}
readinessProbe: {{- omit .Values.kubeops.readinessProbe "enabled" | toYaml | nindent 12 }}
{{- else if .Values.kubeops.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.kubeops.resources }}
resources: {{- toYaml .Values.kubeops.resources | nindent 12 }}
{{- end }}
{{- if .Values.clusters }}
volumeMounts:
- name: kubeops-config
mountPath: /config
- name: ca-certs
mountPath: /etc/additional-clusters-cafiles
{{- end }}
{{- if .Values.clusters }}
volumes:
- name: kubeops-config
configMap:
name: {{ template "kubeapps.kubeops-config.fullname" . }}
- name: ca-certs
emptyDir: {}
{{- end }}

141
bitnami/kubeapps/templates/kubeops/rbac.yaml Normal file
View File

@@ -0,0 +1,141 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
- delete
- apiGroups:
- "kubeapps.com"
resources:
- apprepositories
verbs:
- get
- list
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubeapps.kubeops.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.allowNamespaceDiscovery }}
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}"
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}"
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}"
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}"
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests/icon
verbs:
- get
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}"
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}"
subjects:
- kind: ServiceAccount
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

28
bitnami/kubeapps/templates/kubeops/service.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if or .Values.kubeops.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.kubeops.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.kubeops.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.kubeops.service.port }}
targetPort: http
protocol: TCP
name: http
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: kubeops

13
bitnami/kubeapps/templates/kubeops/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubeapps.kubeops.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: kubeops
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}

17
bitnami/kubeapps/templates/tests/test-assetsvc.yaml
View File

@@ -21,18 +21,13 @@ spec:
- |
n=0
until [ "$n" -ge 5 ]; do
if curl -o /tmp/output $ASSETSVC_HOST:$ASSETSVC_PORT/v1/clusters/default/namespaces/{{ .Release.Namespace }}/charts && cat /tmp/output && cat /tmp/output | grep wordpress; then
break
fi
sleep 10
((n+=1))
if curl -o /tmp/output $ASSETSVC_HOST:$ASSETSVC_PORT/v1/clusters/default/namespaces/{{ .Release.Namespace }}/charts && cat /tmp/output && cat /tmp/output | grep wordpress; then
break
fi
sleep 10
((n+=1))
done
if [ "$n" -eq 5 ]; then
exit 1
exit 1
fi
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
restartPolicy: Never

5
bitnami/kubeapps/templates/tests/test-dashboard.yaml
View File

@@ -15,9 +15,4 @@ spec:
- sh
- -c
- curl -o /tmp/output $DASHBOARD_HOST && cat /tmp/output && cat /tmp/output | grep 'You need to enable JavaScript to run this app'
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
restartPolicy: Never

22
bitnami/kubeapps/templates/tls-secrets.yaml
View File

@@ -5,8 +5,14 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
labels: {{ include "kubeapps.labels" $ | nindent 4 }}
namespace: {{ $.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
@@ -14,15 +20,21 @@ data:
---
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls (not .Values.ingress.certManager) }}
{{- if and .Values.ingress.tls .Values.ingress.selfSigned }}
{{- $ca := genCA "kubeapps-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
namespace: {{ .Release.Namespace }}
labels: {{ include "kubeapps.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}

18
bitnami/kubeapps/values.schema.json
View File

@@ -130,24 +130,6 @@
}
}
}
},
"securityContext": {
"properties": {
"enabled": {
"title": "Enable security context",
"type": "boolean",
"default": false
},
"fsgroup": {
"title": "File System Group ID",
"type": "integer"
},
"runAsUser": {
"title": "File System User ID",
"type": "integer"
}
},
"title": "Security Context"
}
}
}

1808
bitnami/kubeapps/values.yaml
View File

File diff suppressed because it is too large Load Diff

8
githooks/pre-commit/kubeapps
View File

@@ -1,8 +0,0 @@
#!/bin/bash
if git diff --name-only --cached | grep '/kubeapps/'; then
printf '\n\U1F6AB Commit cancelled\n\nKubeapps changes detected in this repository.\nPlease, implement them in the kubeapps repository (https://github.com/kubeapps/kubeapps/tree/master/chart/kubeapps).\n'
exit 1
fi
exit 0