dan
/
improwised-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Re-add freeipa chart with new updates

main
Rakshit Menpara 2022-07-07 19:33:03 +05:30
parent 30fa274d4a
commit 4b20832584
10 changed files with 469 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
charts/freeipa/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.16.0
digest: sha256:f41cb9ff725b7c9fa2725634196a6813566d630342f86a74903ed114b282c8c0
generated: "2022-07-07T18:36:26.440625049+05:30"

12
charts/freeipa/Chart.yaml
View File

@ -1,6 +1,6 @@
apiVersion: v2
name: freeipa
description: A Helm chart for Kubernetes
description: FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System).
maintainers:
- name: improwised
# A chart can be either an 'application' or a 'library' chart.
@ -15,8 +15,14 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.0
version: 0.3.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 1.16.0
appVersion: 4.9.10
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
tags:
- bitnami-common
version: 1.x.x

125
charts/freeipa/templates/deployment.yaml
View File

@ -1,125 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "freeipa.fullname" . }}
labels:
{{- include "freeipa.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "freeipa.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "freeipa.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "freeipa.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- name: freeipa-server-data
persistentVolumeClaim:
claimName: freeipa-data-pvc
- name: cgroups
hostPath:
path: /sys/fs/cgroup
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- -U
- --realm={{ default "localhost.com" .Values.args.realm }}
- --domain={{ default "localhost" .Values.args.domain }}
- --ds-password={{ default "freeipa" .Values.args.dspassword }}
- --admin-password={{ default "freeipa" .Values.args.adminpassword }}
- --unattended
{{- if .Values.args.nohostdns }}
- --no-host-dns
{{- end }}
{{- if .Values.args.nontp }}
- --no-ntp
{{- end }}
{{- if .Values.args.setupdns }}
- --setup-dns
{{- end }}
{{- if and (eq .Values.args.setupdns true) (eq .Values.args.autoforwarders true) }}
- --auto-forwarders
{{- end }}
{{- if and (eq .Values.args.setupdns true) (eq .Values.args.allowzoneoverlap true) }}
- --allow-zone-overlap
{{- end }}
{{- if .Values.args.sshtrustdns }}
- --ssh-trust-dns
{{- end }}
ports:
- containerPort: 636
protocol: TCP
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
{{- if .Values.args.setupdns }}
- containerPort: 53
protocol: UDP
{{- end }}
- containerPort: 88
protocol: TCP
- containerPort: 88
protocol: UDP
# ports:
# - name: http
# containerPort: 80
# protocol: TCP
volumeMounts:
- name: freeipa-server-data
mountPath: /data
- name: cgroups
mountPath: /sys/fs/cgroup
readOnly: true
env:
- name: IPA_SERVER_HOSTNAME
value: {{ default "localhost" .Values.hostname }}
readinessProbe:
exec:
command: [ "/usr/bin/systemctl", "status", "ipa" ]
initialDelaySeconds: 300
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
# livenessProbe:
# httpGet:
# path: /
# port: http
# readinessProbe:
# httpGet:
# path: /
# port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

28
charts/freeipa/templates/hpa.yaml
View File

@ -1,28 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "freeipa.fullname" . }}
labels:
{{- include "freeipa.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "freeipa.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

84
charts/freeipa/templates/ingress.yaml
View File

@ -1,41 +1,67 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "freeipa.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
{{- if .Values.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "freeipa.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- toYaml . | nindent 4 }}
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- if .Values.ingress.extraPaths }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraPaths "context" $) | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s" (include "common.names.fullname" .)) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-ui" (include "common.names.fullname" $)) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }}
tls:
{{- if and .Values.ingress.tls (or .Values.ingress.existingSecret (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }}
- hosts:
- {{ .Values.ingress.hostname | quote }}
{{- if .Values.ingress.existingSecret }}
secretName: {{ .Values.ingress.existingSecret }}
{{- else }}
secretName: {{ printf "%s-tls" .Values.ingress.hostname }}
{{- end }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- toYaml .Values.ingress.extraTls | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

13
charts/freeipa/templates/pvc.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: freeipa-data-pvc
spec:
accessModes:
- ReadWriteOnce
{{- if .Values.storageClassName }}
storageClassName: {{ .Values.storageClassName }}
{{- end }}
resources:
requests:
storage: {{ .Values.volumestorage }}

49
charts/freeipa/templates/service.yaml
View File

@ -1,12 +1,41 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "freeipa.fullname" . }}
labels:
{{- include "freeipa.labels" . | nindent 4 }}
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.commonAnnotations .Values.service.annotations }}
annotations:
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
#clusterIP: {{ .Values.service.clusterIP }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: ldaps
port: 636
@ -32,10 +61,8 @@ spec:
port: 88
protocol: UDP
targetPort: 88
# ports:
# - port: {{ .Values.service.port }}
# targetPort: http
# protocol: TCP
# name: http
selector:
{{- include "freeipa.selectorLabels" . | nindent 4 }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
ports:

12
charts/freeipa/templates/serviceaccount.yaml
View File

@ -1,12 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "freeipa.serviceAccountName" . }}
labels:
{{- include "freeipa.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

177
charts/freeipa/templates/statefulset.yaml Normal file
View File

@ -0,0 +1,177 @@
---
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
replicas: 1
podManagementPolicy: OrderedReady
serviceName: {{ include "common.names.fullname" . }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.podLabels "context" $ ) | nindent 8 }}
{{- end }}
spec:
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: freeipa
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
args:
- -U
- --realm={{ default "localhost.com" .Values.args.realm }}
- --domain={{ default "localhost" .Values.args.domain }}
- --ds-password={{ default "freeipa" .Values.args.dspassword }}
- --admin-password={{ default "freeipa" .Values.args.adminpassword }}
- --unattended
{{- if .Values.args.nohostdns }}
- --no-host-dns
{{- end }}
{{- if .Values.args.nontp }}
- --no-ntp
{{- end }}
{{- if .Values.args.setupdns }}
- --setup-dns
{{- end }}
{{- if and (eq .Values.args.setupdns true) (eq .Values.args.autoforwarders true) }}
- --auto-forwarders
{{- end }}
{{- if and (eq .Values.args.setupdns true) (eq .Values.args.allowzoneoverlap true) }}
- --allow-zone-overlap
{{- end }}
{{- if .Values.args.sshtrustdns }}
- --ssh-trust-dns
{{- end }}
ports:
{{- if .Values.args.setupdns }}
- containerPort: 53
protocol: TCP
- containerPort: 53
protocol: UDP
{{- end }}
- containerPort: 80
protocol: TCP
- containerPort: 88
protocol: TCP
- containerPort: 88
protocol: UDP
- containerPort: 123
protocol: UDP
- containerPort: 389
protocol: TCP
- containerPort: 443
protocol: TCP
- containerPort: 464
protocol: TCP
- containerPort: 464
protocol: UDP
- containerPort: 636
protocol: TCP
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
env:
- name: IPA_SERVER_HOSTNAME
value: {{ default "localhost" .Values.hostname }}
- name: IPA_SERVER_IP
value: ""
# - name: IPA_SERVER_INSTALL_OPTS
# value: {{ .Values.install_opts }} {{ .Values.realm }}
# - name: PASSWORD
# valueFrom:
# secretKeyRef:
# name: {{ include "common.names.fullname" . }}-password
# key: admin.password
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
readinessProbe:
exec:
command:
- "/usr/bin/systemctl"
- status
- ipa
initialDelaySeconds: 60
timeoutSeconds: 10
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
{{- end }}
volumeMounts:
- name: {{ include "common.names.fullname" . }}-data
mountPath: "/data"
- name: {{ include "common.names.fullname" . }}-run
mountPath: "/run"
- name: {{ include "common.names.fullname" . }}-tmp
mountPath: "/tmp"
- name: {{ include "common.names.fullname" . }}-journal
mountPath: "/var/log/journal"
- name: cgroups
mountPath: /sys/fs/cgroup
readOnly: true
volumes:
- name: {{ include "common.names.fullname" . }}-run
emptyDir: {}
- name: {{ include "common.names.fullname" . }}-tmp
emptyDir: {}
- name: {{ include "common.names.fullname" . }}-journal
emptyDir: {}
- name: cgroups
hostPath:
path: /sys/fs/cgroup
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.names.fullname" . }}-data
{{- if .Values.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }}
{{- end }}

206
charts/freeipa/values.yaml
View File

@ -4,17 +4,44 @@
replicaCount: 1
hostname: freeipa.example.testy
hostname: freeipa.example.org
image:
repository: freeipa/freeipa-server
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "centos-8"
tag: "fedora-36-4.9.10"
# # IPA Server must know it's own hostname to work properly....
# # These values will probs need to be overwritten or could use lookup function?
# app_domain: apps.mycluster.example.com
# admin_password: Passw0rd
# realm: "-r redhatlabs.dev"
# # sensible defaults
# install_opts: "-U --setup-dns --no-forwarders --no-ntp"
# container_args: "ipa-server-install"
# volume: 5Gi
# # this can be used if not using helm install to set the correct ns
# # namespaceOverride: ipa
# # this example is using the ldap admin user and password as the bind creds
# # and expects a group in ldap called `student`
# # disabled by default so as to not overwrite existing oauth configs in openshift-config ns
# ocp_auth:
# enabled: false
# bind_dn: "uid=admin,cn=users,cn=accounts,dc=redhatlabs,dc=dev"
# bind_password: Passw0rd
# base: "cn=student,cn=groups,cn=accounts,dc=redhatlabs,dc=dev"
# domain: "dc=redhatlabs,dc=dev"
# machineconfig:
# ignition_version: 3.1.0
args:
realm: EXAMPLE.TESTY
domain: example.testy
realm: EXAMPLE.ORG
domain: example.org
dspassword: ASDF1poiu2QWER3mnbv4 #pragma: allowlist secret
adminpassword: ASDF1poiu2QWER3mnbv4 #pragma: allowlist secret
nohostdns: true
@ -24,51 +51,166 @@ args:
allowzoneoverlap: true # if setup dns is true thiw will be applicable
sshtrustdns: false
volumestorage: 1Gi
## Enable persistence using Persistent Volume Claims
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable HashiCorp Consul data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir
##
enabled: true
## @param persistence.storageClass Persistent Volume storage class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## @param persistence.accessModes Persistent Volume Access Mode
##
accessModes:
- ReadWriteOnce
## @param persistence.size PVC Storage Request for HashiCorp Consul data volume
##
size: 5Gi
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
containerSecurityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
## Container security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled HashiCorp Consul Prometheus Exporter securityContext
## @param metrics.containerSecurityContext.runAsUser User ID for the HashiCorp Consul Prometheus Exporter
## @param metrics.containerSecurityContext.runAsNonRoot Force the container to be run as non root
##
service:
type: ClusterIP
#clusterIP: 10.43.201.201
port: 80
## Configure the ingress resource that allows you to access the Consul UI
## ref: https://kubernetes.io/docs/user-guide/ingress/
##
ingress:
## @param ingress.enabled Enable ingress resource for Management console
##
enabled: false
## @param ingress.path Path for the default host
##
path: /
## @param ingress.apiVersion Override API Version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
## DEPRECATED: Use ingress.annotations instead of ingress.certManager
## certManager: false
##
## @param ingress.hostname Default host for the ingress resource, a host pointing to this will be created
##
hostname: example.org
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
## @param ingress.ingressClassName Set the ingerssClassName on the ingress record for k8s 1.18+
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## or a custom one if you use the tls.existingSecret parameter
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
## Example:
## existingSecret: name-of-existing-secret
##
tls: false
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: consul-ui.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host.
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - consul-ui.local
## secretName: rconsul-ui.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: consul-ui.local-tls
## key:
## certificate:
##
secrets: []
## @param ingress.existingSecret It is you own the certificate as secret.
existingSecret: ""
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
@ -94,3 +236,19 @@ nodeSelector: {}
tolerations: []
affinity: {}
## Enable diagnostic mode in the deployment
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the deployment
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the deployment
##
args:
- infinity