Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-10 03:17:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
07483a5ed964b409266dc025e4b55bf2eb0f621c
charts/bitnami/envoy-gateway/templates/NOTES.txt
Juan Ariza Toledano 07483a5ed9 [bitnami/*] docs: update BSI warning on charts' notes (#35340) 
Signed-off-by: juan131 <juan.ariza@broadcom.com>
2025-07-30 13:18:50 +02:00

101 lines
5.2 KiB
Plaintext
Raw Blame History

CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
⚠ WARNING: Since August 28th, 2025, only a limited subset of images/charts are available for free.
Subscribe to Bitnami Secure Images to receive continued support and security updates.
More info at https://bitnami.com and https://github.com/bitnami/containers/issues/83267
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ include "common.names.namespace" . | quote }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
{{- else }}
Check the status of the pods by running this command:
kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ include "common.names.namespace" . | quote }}
Check the Envoy Gateway documentation for instructions on how to handle routing, traffic and rate limiting:
https://gateway.envoyproxy.io/latest/tasks/quickstart/#what-to-explore-next
{{- if .Values.rbac.create }}
{{- if .Values.watchAllNamespaces }}
WARNING: Envoy Gateway can access all secrets in the cluster. This could pose a security risk if the application gets compromised.
You can limit allowed namespaces by setting watchAllNamespaces = false and configuring watchNamespaces
{{- else }}
Envoy Gateway can ONLY access resources in the following namespaces:
{{ $namespaces := .Values.watchNamespaces | default (list (include "common.names.namespace" .)) }}
{{- range $namespace := $namespaces }}
- {{ $namespace }}
{{- end }}
Envoy Gateway won't be able to access resources in other namespaces. You can configure this behavior by setting watchNamespaces
{{- end }}
{{- end }}
{{- if .Values.exposeAdmin }}
WARNING: The administration interface is accessible. This could pose a security threat if not properly monitored.
{{ include "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.service.ports.admin }})
{{- end }}
Access the administration interface following the steps below:
{{- $port := .Values.service.ports.admin | toString }}
1. Get the Envoy Gateway admin URL by running these commands:
{{- if and .Values.exposeAdmin (contains "NodePort" .Values.service.type) }}
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo "Admin URL: http://$NODE_IP:$NODE_PORT/"
{{- else if and .Values.exposeAdmin (contains "LoadBalancer" .Values.service.type) }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "common.names.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
echo "Admin URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.ports.admin }}{{ end }}/"
{{- else if and .Values.exposeAdmin (contains "ClusterIP" .Values.service.type) }}
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.admin }}:{{ .Values.service.ports.admin }} &
echo "Admin URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.ports.admin }}{{ end }}/"
{{- else }}
pod=$(kubectl get --namespace {{ include "common.names.namespace" . }} pods -o name | grep {{ include "common.names.fullname" . }} | head -n 1)
kubectl port-forward --namespace {{ include "common.names.namespace" . }} ${pod} {{ .Values.containerPorts.admin }}:{{ .Values.containerPorts.admin }} &
echo "Admin URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.containerPorts.admin }}{{ end }}/"
{{- end }}
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.ratelimitImage }}
{{- include "common.warnings.rollingTag" .Values.envoyImage }}
{{- include "envoy-gateway.validateValues" . }}
{{- include "common.warnings.resources" (dict "sections" (list "" "certgen") "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.ratelimitImage .Values.envoyImage .Values.image) "context" $) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.ratelimitImage .Values.envoyImage .Values.image) "context" $) }}
Reference in New Issue View Git Blame Copy Permalink