diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 1c1503db..b672ca7c 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -73,3 +73,19 @@ jobs: with: charts: application unittest-version: v0.5.x + + check-helm-docs: + name: Check Helm Docs + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{github.event.pull_request.head.sha}} + - name: Run helm-docs and check diff + # TODO: Move to upstream once https://github.com/losisin/helm-docs-github-action/pull/270 is merged + uses: losisin/helm-docs-github-action@0f2a7b456e9e4393faa24d4d2e1636bdb0a5b9b9 + with: + output-file: ./README.md + template-files: ./README.md.gotmpl + sort-values-order: file + fail-on-diff: true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..582d93ad --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,11 @@ +repos: + - repo: https://github.com/norwoodj/helm-docs + rev: v1.14.2 + hooks: + - id: helm-docs-built + args: + - --chart-search-root=. + - --values-file=values.yaml + - --output-file=./../README.md + - --template-files=./README.md.gotmpl + - --sort-values-order=file diff --git a/Makefile b/Makefile index 5ea97e05..1922a157 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,14 @@ SHELL := /bin/bash -VERSION ?= 0.0.1 +install-hooks: + command -v pre-commit 2>&1 >/dev/null || pip install pre-commit + pre-commit install bump-chart: - sed -i "s/^version:.*/version: $(VERSION)/" application/Chart.yaml + @test -n "$(VERSION)" || (echo "VERSION environment variable is not set"; exit 1) + sed -i 's/^version: [0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}/version: $(VERSION)/' application/Chart.yaml + +build-docs: install-hooks + # Running helm-docs-built twice to ensure that the generated docs are up-to-date + pre-commit run helm-docs-built --all-files || true + pre-commit run helm-docs-built --all-files diff --git a/README.md b/README.md index f02cfb8b..2ac2dd03 100644 --- a/README.md +++ b/README.md @@ -2,541 +2,407 @@ # Application -Generic helm chart for applications which are: +Generic helm chart for applications which: -- stateless -- create only namespace scoped resources (e.g. it doesn't need CRB - cluster role bindings) +- are stateless +- creates only namespace scoped resources (e.g. it doesn't need CRB - Cluster Role Bindings) - don't need privileged containers - don't call the underlying Kubernetes API or use the underlying etcd as a database by defining custom resources -- run either as deployment or cronjob +- run either as deployment, job or cronjob ## Installing the Chart -To install the chart with the release name my-application in namespace test: +To install the chart with the release name `my-application` in namespace `test`: - helm repo add stakater https://stakater.github.io/stakater-charts - helm repo update - helm install my-application stakater/application --namespace test +```shell +helm repo add stakater https://stakater.github.io/stakater-charts +helm repo update +helm install my-application stakater/application --namespace test +``` ## Uninstall the Chart To uninstall the chart: - helm delete - -## Parameters - -| Name | Description | Value | -| -----------------------|--------------------------------------------------------------------------|---------------------------------------------| -| applicationName | Name of the application | `application` | -| namespaceOverride | Override default release namespace with a custom value | `application` | -| labels.group | Label to define application group | `com.stakater.platform` | -| labels.team | Label to define team | `stakater` | - -### Deployment Paramaters - -| Name | Description | Value | -|------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------| -| deployment.enabled | Enable deployment on helm chart deployments | `true` | -| deployment.strategy | Strategy for updating deployments | `RollingUpdate`| -| deployment.reloadOnChange | Reload deployment if configMap/secret mounted are updated | `true` | -| deployment.nodeSelector | Select node to deploy this application | `{}` | -| deployment.hostAliases | Adding entries to a Pod's /etc/hosts file provides Pod-level override of hostname resolution when DNS and other options are not applicable | `[]` | -| deployment.additionalLabels | Additional labels for Deployment | `{}` | -| deployment.podLabels | Additional label added on pod which is used in Service's Label Selector | `{}` | -| deployment.annotations | Annotations on deployments | `{}` | -| deployment.additionalPodAnnotations | Additional Pod Annotations added on pod created by this Deployment | `{}` | -| deployment.replicas | Replicas to be created | `` | -| deployment.imagePullSecrets | Secrets used to pull image | `""` | -| deployment.env | Environment variables to be passed to the app container | `{}` | -| deployment.volumes | Volumes to be added to the pod | `{}` | -| deployment.volumeMounts | Mount path for Volumes | `{}` | -| deployment.revisionHistoryLimit | The number of old history to retain to allow rollback | `2` | -| deployment.command | Command for primary container of deployment | `[]` | -| deployment.args | Arg for primary container of deployment | `[]` | -| deployment.priorityClassName | Defines the priority class for pod scheduling | `""` | -| deployment.tolerations | Taint tolerations for nodes | `[]` | -| deployment.affinity | Affinity for pod/node | `[]` | -| deployment.topologySpreadConstraints | Topology spread constraints definitions | `[]` | -| deployment.ports | Ports for primary container | `[]` | -| deployment.securityContext | Security Context for the pod | `{}` | -| deployment.additionalContainers | Add additional containers besides init and app containers | `[]` | -| deployment.containerSecurityContext | Add security context at container level | `{}` | -| deployment.terminationGracePeriodSeconds | Graceful termination timeout | `` | -| deployment.lifecycle | Container lifecycle management for graceful startup and shutdown procedures | `{}` | - -#### Deployment Resources Parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| deployment.resources | Application pod resource requests & limits | See below | - -##### Requests and Limits - -``` - resources: - limits: - memory: 256Mi - cpu: 0.5 - requests: - memory: 128Mi - cpu: 0.1 +```shell +helm delete --namespace test my-application ``` -#### Deployment InitContainers Parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| deployment.initContainers | Init containers which runs before the app container | `{}` | - - -#### Deployment fluentd Parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| deployment.fluentdConfigAnnotations | Annotations for fluentd Configurations | `{}` | - -#### Deployment Image Parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| deployment.image.repository | Image repository for the application | `repository/image-name` | -| deployment.image.tag | Tag of the application image | `null` | -| deployment.image.digest | Digest of the application image | `` | -| deployment.image.pullPolicy | Pull policy for the application image | `IfNotPresent` | - -#### Deployment envFrom Parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| deployment.envFrom | Environment variables to be picked from configmap or secret | `{}` | -| deployment.envFrom.type | Type of data i.e. Configmap or Secret | `` | -| deployment.envFrom.name | Name of Configmap or Secret, if set empty, set to application name | `` | -| deployment.envFrom.nameSuffix | Suffix Name of Configmap or Secret, applicationName is appended as prefix | `` | - -#### Deployment Probes Paramaters - -##### Startup Probe -StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. - -| Name | Description | Value | -| ------------------------ |---------------------------------------------------------------------------------------------|------------------------| -| deployment.startupProbe.enabled | Enabled startup probe | false | -| deployment.startupProbe.failureThreshold | When a probe fails, Kubernetes will try failureThreshold times before giving up. | 30 | -| deployment.startupProbe.periodSeconds | Perform probe everytime after specified periodSeconds | 10 | -| deployment.startupProbe.successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed. | | -| deployment.startupProbe.timeoutSeconds | Number of seconds after which the probe times out. | | -| deployment.startupProbe.httpGet | Describes an action based on HTTP Get requests | path: '/path' port: 8080 | -| deployment.startupProbe.exec | Kubelet executes the specified command to perform the probe | {} | - - -##### Readiness Probe -Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| deployment.readinessProbe.enabled | Enabled readiness probe | true | -| deployment.readinessProbe.failureThreshold | When a probe fails, Kubernetes will try failureThreshold times before giving up. | 3 | -| deployment.readinessProbe.periodSeconds | Perform probe everytime after specified periodSeconds | 10 | -| deployment.readinessProbe.successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| deployment.readinessProbe.timeoutSeconds | Number of seconds after which the probe times out. | 1 | -| deployment.readinessProbe.initialDelaySeconds | Number of seconds after the container has started before liveness or readiness probes are initiated. | 10 | -| deployment.readinessProbe.httpGet | Describes an action based on HTTP Get requests | path: '/path' port: 8080 | -| deployment.readinessProbe.exec | Kubelet executes the specified command to perform the probe | {} | - -##### Liveness Probe -Periodic probe of container liveness. Container will be restarted if the probe fails. - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| deployment.livenessProbe.enabled | Enabled livenessProbe probe | true | -| deployment.livenessProbe.failureThreshold | When a probe fails, Kubernetes will try failureThreshold times before giving up. | 3 | -| deployment.livenessProbe.periodSeconds | Perform probe everytime after specified periodSeconds | 10 | -| deployment.livenessProbe.successThreshold | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| deployment.livenessProbe.timeoutSeconds | Number of seconds after which the probe times out. | 1 | -| deployment.livenessProbe.initialDelaySeconds | Number of seconds after the container has started before liveness or readiness probes are initiated. | 10 | -| deployment.livenessProbe.httpGet | Describes an action based on HTTP Get requests | path: '/path' port: 8080 | -| deployment.livenessProbe.exec | Kubelet executes the specified command to perform the probe | {} | - -#### Deployment OpenshiftOAuthProxy Paramaters - -| Name | Description | Value | -|-------------------------------------------|-------------------------------------------------------| --------------- | -| deployment.openshiftOAuthProxy.enabled | Add Openshift OAuth Proxy as SideCar Container | `false` | -| deployment.openshiftOAuthProxy.port | Application port so proxy should forward to this port | `8080` | -| deployment.openshiftOAuthProxy.secretName | Secret name containing the TLS cert | `openshift-oauth-proxy-tls`| -| deployment.openshiftOAuthProxy.image | image for oauth sidecar container | `openshift/oauth-proxy:latest`| -| deployment.openshiftOAuthProxy.disableTLSArg | If disabled --http-address=:8081 will be used instead of --https-address=:8443 | false | - -### Deployment Dns Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| deployment.dnsConfig | Enable pod disruption budget | `{}` | - -### PodDisruptionBudget Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| pdb.enabled | Enable pod disruption budget | `false` | -| pdb.minAvailable | The number of pods that must be available after the eviction. If both minAvailable and maxUnavailable is set, minAvailable is preferred | `1`| -| pdb.maxUnavailable | The number of pods that can be unavailable after the eviction. Either minAvailable or maxUnavailable needs to be provided | `` | - - -### Persistence Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| persistence.enabled | Enable persistence | `false` | -| persistence.mountPVC | Whether to mount the created PVC to the deployment | `false` | -| persistence.mountPath | If `persistence.mountPVC` is set, so where to mount the volume in the deployment | `/` | -| persistence.name | Name of the PVC. | `` | -| persistence.accessMode | Access mode for volume | `ReadWriteOnce` | -| persistence.storageClass | StorageClass of the volume | `-` | -| persistence.additionalLabels | Additional labels for persistent volume | `{}` | -| persistence.annotations | Annotations for persistent volume | `{}` | -| persistence.storageSize | Size of the persistent volume | `8Gi` -| persistence.volumeName | Name of the volume | `` -| persistence.volumeMode | PVC volume mode | `` - -### Service Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| service.enabled | Enable service in helm chart | `true` | -| service.additionalLabels | Additional labels for service | `{}` | -| service.annotations | Annotations for service | `{}` | -| service.ports | Ports for applications service | - port: 8080
  name: http
  protocol: TCP
  targetPort: 8080 | -| service.type | Type of service | `ClusterIP` | -| service.clusterIP | Fixed IP for a ClusterIP service. Set to `None` for an headless service. | `null` | - - - -### Ingress Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| ingress.enabled | Enable ingress | `false` | -| ingress.hosts | Array of hosts to be served by this ingress. | `[]` | -| ingress.hosts[].host | Host to be served. [See example](application/values-test.yaml). | `[]` | -| ingress.hosts[].paths | Paths against the host. If not specified, default configuration is added, [See example](application/values-test.yaml). | `[]` | -| ingress.additionalLabels | Labels for ingress | `{}` | -| ingress.annotations | Annotations for ingress | `{}` | -| ingress.tls | TLS block for ingress | `[]` | -| ingress.ingressClassName | Name of the ingress class | '' | - -### Route Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| route.enabled | Enable Route incase of Openshift | `false` | -| route.host | Host of route. If no host is added then openshift inserts the default hostname | nil | -| route.annotations | Annotations for route | `{}` | -| route.additionalLables | Labels for route | `{}` | -| route.port.targetPort | Port of the service that serves pods | `http` | -| route.wildcardPolicy | Route wildcard policy | `None` | -| route.tls.termination | TLS termination strategy | `edge` | -| route.tls.insecureEdgeTerminationPolicy | TLS termination policy for insecure traffic | `Redirect` | -| route.path | path of route traffic | -| route.to.weight | portion of requests to be handled by the service | `100` -| route.alternateBackends | For the purpose of multiple services supporting a route | -| route.alternateBackends.kind | Kind of supporting resource | `Service` -| route.alternateBackends.name | Name of supporting service | -| route.alternateBackends.weight | portion of requests to be handled by supporting service | - -### Forecastle Paramaters - -Stakater [Forecastle](https://github.com/stakater/Forecastle) parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| forecastle.enabled | Enable Forecastle | `false` | -| forecastle.additionalLabels | Additional labels for Forecastle Custom Resource | `{}` | -| forecastle.icon | URL of application icon display on forecastle dashboard | `https://raw.githubusercontent.com/stakater/ForecastleIcons/master/stakater-big.png` | -| forecastle.displayName | Name of the application to be displayed on Forecastle dashboard | `application` | -| forecastle.group | Group application on Forecastle dashboard | if not defined Namespace name is used | -| forecastle.properties | Additional properties for Custom Resource | `{}` | -| forecastle.networkRestricted | Whether app is network restricted or not | `false` | - -### RBAC Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| rbac.enabled | Enable RBAC | `true` | -| rbac.serviceAccount.enabled | Enable serviceAccount | `false` | -| rbac.serviceAccount.name | Name of the existing serviceAccount | `""` | -| rbac.serviceAccount.additionalLabels | Labels for serviceAccount | `{}` | -| rbac.serviceAccount.annotations | Annotations for serviceAccount | `{}` | -| rbac.roles | Array of roles | `[]` | - -### ConfigMap Paramaters - -| Name | Description | Value | -|----------------------------|------------------------------------------------------------------------------------|----------------| -| configMap.enabled | Enable configMaps | `false` | -| configMap.additionalLabels | Labels for configMaps | `{}` | -| configMap.annotations | Annotations for configMaps | `{}` | -| configMap.files | Map of configMap files with suffixes and data contained in those files | `{}` | - -### Secret Paramaters - -| Name | Description | Value | -|---------------------------------|---------------------------------------------------------------------------------|------------------------| -| secret.enabled | Enable secret | `false` | -| secret.additionalLabels | Labels for secret | `{}` | -| secret.annotations | Annotations for secret | `{}` | -| secret.files | Map of secret files with suffixes and data contained in those files | `{}` | -| secret.files.[name].stringData | Allow to provide the clear text content inside the secret | `{}` | -| secret.files.[name].data | Allow to provide the text content inside the secret that will be base64 encoded | `{}` | -| secret.files.[name].encodedData | Allow to provide the text content inside the secret already base64 encoded | `{}` | - -### ServiceMonitor Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| serviceMonitor.enabled | Enable serviceMonitor | `false` | -| serviceMonitor.additionalLabels | Labels for serviceMonitor | `{}` | -| serviceMonitor.annotations | Annotations for serviceMonitor | `{}` | -| serviceMonitor.jobLabel | Job Label used for application selector | `k8s-app` | -| serviceMonitor.endpoints | Array of endpoints to be scraped by prometheus | - interval: 5s
  path: /actuator/prometheus
  port: http | - -### Autoscaling Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| autoscaling.enabled | Enable horizontal pod autoscaler | `false` | -| autoscaling.additionalLabels | Labels for horizontal pod autoscaler | `{}` | -| autoscaling.annotations | Annotations for horizontal pod autoscaler | `{}` | -| autoscaling.minReplicas | Sets minimum replica count when autoscaling is enabled | `1` | -| autoscaling.maxReplicas | Sets maximum replica count when autoscaling is enabled | `10` | -| autoscaling.metrics | Configuration for hpa metrics, set when autoscaling is enabled | `{}` | +## Values -### VPA - Vertical Pod Autoscaler Parameters +### Parameters -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| vpa.enabled | Enable vertical pod autoscaler | `false` | -| vpa.additionalLabels | Labels for vertical pod autoscaler | `{}` | -| vpa.annotations | Annotations for vertical pod autoscaler | `{}` | -| vpa.containerPolicies | container policies for individual containers. | `[]` | - - -### EndpointMonitor Paramaters - -Stakater [IngressMonitorController](https://github.com/stakater/IngressMonitorController) EndpointMonitor parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| endpointMonitor.enabled | Enable endpointMonitor for IMC (https://github.com/stakater/IngressMonitorController) | `false` | -| endpointMonitor.additionalLabels | Labels for endpointMonitor | `{}` | -| endpointMonitor.annotations | Annotations for endpointMonitor | `{}` | -| endpointMonitor.additionalConfig | Additional Config for endpointMonitor | `{}` | - -### SealedSecret Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| sealedSecret.enabled | Enable sealed secret | `false` | -| sealedSecret.additionalLabels | Labels for sealed secret | `{}` | -| sealedSecret.annotations | Annotations that apply to all sealed secrets created under `files` | `{}` | -| sealedSecret.files | Map of secret files with name and encrypted data contained in those files | `{}` | -| sealedSecret.files.[name].annotations | Annotations that apply to the secret created through sealed secret | `{}` | -| sealedSecret.files.[name].labels | Labels that apply to the secret created through sealed secret | `{}` | -| sealedSecret.files.[name].type | Type of secret created through sealed secret | `Opaque` | -| sealedSecret.files.[name].clusterWide | When set to true, adds annotation `sealedsecrets.bitnami.com/cluster-wide: true` to the secret created through sealed secret, setting the scope of the secret to cluster wide. | `false` | - -### Cert-manager Certificate Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| certificate.enabled | Enable Certificate Custom Resource | `false` | -| certificate.enabled | Enable Certificate Custom Resource | `false` | -| certificate.additionalLabels | Additional labels for Certificate Custom Resource | `{}` | -| certificate.annotations | Annotations for Certificate Custom Resource | `{}` | -| certificate.secretName | SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource | `tls-cert` | -| certificate.duration | The requested ‘duration’ (i.e. lifetime) of the Certificate | `8760h0m0s` | -| certificate.renewBefore | The amount of time before the currently issued certificate’s notAfter time that cert-manager will begin to attempt to renew the certificate | `720h0m0s` | -| certificate.subject | Full X509 name specification for certificate | `{}` | -| certificate.commonName | CommonName is the common name as specified on the DER encoded CSR | `admin-app` | -| certificate.keyAlgorithm | KeyAlgorithm is the private key algorithm of the corresponding private key for this certificate | `rsa` | -| certificate.keyEncoding | KeyEncoding is the private key cryptography standards (PKCS) for this certificate’s private key to be encoded in | `pkcs1` | -| certificate.keySize | KeySize is the key bit size of the corresponding private key for this certificate | `2048` | -| certificate.isCA | IsCA will mark this Certificate as valid for certificate signing | `false` | -| certificate.usages | Usages is the set of x509 usages that are requested for the certificate | `{}` | -| certificate.dnsNames | DNSNames is a list of DNS subjectAltNames to be set on the Certificate. | `{}` | -| certificate.ipAddresses | IPAddresses is a list of IP address subjectAltNames to be set on the Certificate. | `{}` | -| certificate.uriSANs | URISANs is a list of URI subjectAltNames to be set on the Certificate. | `{}` | -| certificate.emailSANs | EmailSANs is a list of email subjectAltNames to be set on the Certificate. | `{}` | -| certificate.privateKey.enabled | Enable private key for the certificate | `false` | -| certificate.privateKey.rotationPolicy | Denotes how private keys should be generated or sourced when a Certificate is being issued. | `Always` | -| certificate.issuerRef.name | IssuerRef is a reference to the issuer for this certificate. Name of the resource being referred to | `ca-issuer` | -| certificate.issuerRef.kind | Kind of the resource being referred to | `ClusterIssuer` | -| certificate.keystores.enabled | Enables keystore configuration. Keystores configures additional keystore output formats stored in the secretName Secret resource | `false` | -| certificate.keystores.pkcs12.create | Enables PKCS12 keystore creation for the Certificate. PKCS12 configures options for storing a PKCS12 keystore in the spec.secretName Secret resource | `true` | -| certificate.keystores.pkcs12.key | The key of the entry in the Secret resource’s data field to be used | `test_key` | -| certificate.keystores.pkcs12.name | The name of the Secret resource being referred to | `test-creds` | -| certificate.keystores.jks.create | Enables jks keystore creation for the Certificate. JKS configures options for storing a JKS keystore in the spec.secretName Secret resource | `false` | -| certificate.keystores.jks.key | The key of the entry in the Secret resource’s data field to be used | `test_key` | -| certificate.keystores.jks.name | The name of the Secret resource being referred to | `test-creds` | - -### Alertmanager Config Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| alertmanagerConfig.enabled | Enable alertmanagerConfig for this app (Will be merged in the base config) | `false` | -| alertmanagerConfig.selectionLabels | Labels for this config to be selected for merging in alertmanager base config | `alertmanagerConfig: "workload"` | -| alertmanagerConfig.spec.route | The Alertmanager route definition for alerts matching the resource’s namespace. It will be added to the generated Alertmanager configuration as a first-level route | `{}` | -| alertmanagerConfig.spec.receivers | List of receivers | `[]` | -| alertmanagerConfig.spec.inhibitRules | InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing | `[]` | - -### PrometheusRule Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| prometheusRule.enabled | Enable prometheusRule for this app | `false` | -| prometheusRule.additionalLabels | Kubernetes labels object, these additional labels will be added to PrometheusRule CRD | `{}` | -| prometheusRule.spec.groups | PrometheusRules in their groups to be added | `[]` | - -### SecretProviderClass Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| secretProviderClass.enabled | Enables Secret Provider Class Custom Resource | `false` | -| secretProviderClass.name | Name of Secret Provider Class Custom Resource | `""` | -| secretProviderClass.provider | Provider of Secret Provider Class Custom Resource | `""` | -| secretProviderClass.vaultAddress | Address of vault | `""` | -| secretProviderClass.roleName | Name of the role being referred to in vault | `""` | -| secretProviderClass.objects | The object created from the secret in vault | `[]` | -| secretProviderClass.secretObjects | This creates the kubernetes secret | `""` | -### ExternalSecret Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| externalSecret.enabled | Enables External Secret Custom Resource | `false` | -| externalSecret.secretStore.name | Defines name of default SecretStore to use when fetching the secret data | `tenant-vault-secret-store` | -| externalSecret.secretStore.kind | Defines kind as SecretStore or ClusterSecretStore | `SecretStore` | -| externalSecret.refreshInterval | Amount of time before the values reading again from the SecretStore provider | `1m` | -| externalSecret.files | Array of secret files with name and remote reference data contained in those files | `[]` | - -### NetworkPolicy Paramaters -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| networkPolicy.enabled | Enable NetworkPolicy | `false` | -| networkPolicy.additionalLabels | Kubernetes labels object | `{}` | -| networkPolicy.annotations | Annotations for NetworkPolicy | `{}` | -| networkPolicy.ingress | Ingress ruels for NetworkPolicy | `[]` | -| networkPolicy.egress | egress rules for NetworkPolicy | `[]` | - -### Backup Paramaters -| Name | Description | Value | -| ---- | ----------- | ----- | -| backup.enabled | Enable Backup | `false` | -| backup.namespace | Backup Namespace | `""` | -| backup.storageLocation | StorageLocation for Backup | `""` | -| backup.includedNamespaces | Namespaces to be included in Backup | `[]` | -| backup.excludedResources | Resources to be excluded in Backup | `[]` | -| backup.ttl | Time Duration for Backup | `1h0m0s` | -| backup.snapshotVolumes | Weather SnapshotVolumes in Backup | `true` | - -### Grafana Dashboard Paramaters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| grafanaDashboard.enabled | Enables Grafana Dashboard | `false` | -| grafanaDashboard.additionalLabels | Kubernetes labels object | `{}` | -| grafanaDashboard.annotations | Annotations for Grafana Dashboard | `{}` | -| grafanaDashboard.contents.key | Used as name of Grafana Dashboard object | `""` | -| grafanaDashboard.contents.key.json | json string used as content of Grafana Dashboard object | `""` | -| grafanaDashboard.contents.key.url| Url used to fetch dashboard content. According to GrafanaDashboard behavior, if both url and json are specified then the GrafanaDashboard content will be updated with fetched content from url | `""` | -| grafanaDashboard.contents.key.instanceSelector | selects Grafana instances for import | `{}` | -| grafanaDashboard.contents.key.folder | folder assignment for dashboard | `""` | -| grafanaDashboard.contents.key.configMapRef | dashboard from configmap | `[]` | -| grafanaDashboard.contents.key.datasources | maps required data sources to existing ones | `{}` | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| namespaceOverride | string | `""` | Override the namespace for all resources. | +| componentOverride | string | `""` | Override the component label for all resources. | +| partOfOverride | string | `""` | Override the partOf label for all resources. | +| applicationName | string | `{{ .Chart.Name }}` | Application name. | ### CronJob Parameters -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| `cronJob.enabled` | Enable cronjob in application chart | `""` | -| `cronJob.jobs` | cronjobs spec | {} | - -Job parameter for each cronjob object at `cronJob.jobs` - -| Name | Description | -| ----------------------------------- | -------------------------------------------------------------- | -| `.schedule` | Schedule of cronjob | -| `.timeZone` | Time zone of cronjob (Supported on K8s version 1.27 or Higher) | -| `.image.repository` | Repository of container image of cronjob | -| `.image.tag` | Tag of container image of cronjob | -| `.image.digest` | Digest of container image of cronjob | -| `.image.imagePullPolicy` | ImagePullPolicy of container image of cronjob | -| `.command` | Command of container of job | -| `.args` | Args of container of job | -| `.priorityClassName` | Defines the priority class of job | -| `.resources` | Resources of container of job | -| `.additionalLabels` | Additional labels of cronjob | -| `.annotations` | Annotation of cronjob | -| `.successfulJobsHistoryLimit` | Successful jobs historyLimit of cronjob | -| `.concurrencyPolicy` | ConcurrencyPolicy of cronjob | -| `.failedJobsHistoryLimit` | FailedJobsHistoryLimit of cronjob | -| `.volumeMounts` | Volume mounts of cronjob | -| `.volumes` | Volumes of cronjob | -| `.nodeSelector` | Node selector of cronjob | -| `.affinity` | Affinity of cronjob | -| `.tolerations` | Tolerations of cronjob | -| `.restartPolicy` | RestartPolicy of cronjob | -| `.imagePullSecrets` | ImagePullSecrets of cronjob | -| `.activeDeadlineSeconds` | ActiveDeadlineSeconds of job | -| `.backoffLimit` | BackoffLimit of job | -| `.additionalPodAnnotations` | Additional annotations of pod of job | -| `.additionalPodLabels` | Additional labels of pod of job | -| `.topologySpreadConstraints` | TopologySpreadConstraints of pod of job | -| `.securityContext` | SecurityContext of pod of job | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cronJob.enabled | bool | `false` | Deploy CronJob resources. | +| cronJob.jobs | object | `nil` | Map of CronJob resources. Key will be used as a name suffix for the CronJob. Value is the CronJob configuration. See values for more details. | ### Job Parameters -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| `job.enabled` | Enable job in application chart | `""` | -| `job.jobs` | jobs spec | {} | - -Job parameter for each job object at `job.jobs` - -| Name | Description | -| ----------------------------------- | --------------------------------------------- | -| `.image.repository` | Repository of container image of job | -| `.image.tag` | Tag of container image of job | -| `.image.digest` | Digest of container image of job | -| `.image.imagePullPolicy` | ImagePullPolicy of container image of job | -| `.command` | Command of container of job | -| `.args` | Args of container of job | -| `.resources` | Resources of container of job | -| `.additionalLabels` | Additional labels of job | -| `.annotations` | Annotation of job | -| `.volumeMounts` | Volume mounts of job | -| `.volumes` | Volumes of job | -| `.nodeSelector` | Node selector of job | -| `.affinity` | Affinity of job | -| `.tolerations` | Tolerations of job | -| `.restartPolicy` | RestartPolicy of job | -| `.imagePullSecrets` | ImagePullSecrets of job | -| `.activeDeadlineSeconds` | ActiveDeadlineSeconds of job | -| `.backoffLimit` | BackoffLimit of job | -| `.additionalPodAnnotations` | Additional annotations of pod of job | -| `.additionalPodLabels` | Additional labels of pod of job | -| `.topologySpreadConstraints` | TopologySpreadConstraints of pod of job | -| `.securityContext` | SecurityContext of pod of job | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| job.enabled | bool | `false` | Deploy Job resources. | +| job.jobs | object | `nil` | Map of Job resources. Key will be used as a name suffix for the Job. Value is the Job configuration. See values for more details. | + +### Deployment Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| deployment.enabled | bool | `true` | Enable Deployment. | +| deployment.additionalLabels | object | `nil` | Additional labels for Deployment. | +| deployment.podLabels | object | `nil` | Additional pod labels which are used in Service's Label Selector. | +| deployment.annotations | object | `nil` | Annotations for Deployment. | +| deployment.additionalPodAnnotations | object | `nil` | Additional pod annotations. | +| deployment.strategy.type | string | `"RollingUpdate"` | Type of deployment strategy. | +| deployment.strategy.rollingUpdate.maxUnavailable | string | `"25%"` | Max unavailable pods during update. | +| deployment.strategy.rollingUpdate.maxSurge | string | `"25%"` | Max surge pods during update. | +| deployment.reloadOnChange | bool | `true` | Reload deployment if attached Secret/ConfigMap changes. | +| deployment.nodeSelector | object | `nil` | Select the node where the pods should be scheduled. | +| deployment.hostAliases | list | `nil` | Add host aliases to the pods. | +| deployment.initContainers | object | `nil` | Add init containers to the pods. | +| deployment.fluentdConfigAnnotations | object | `nil` | Configuration details for fluentdConfigurations. Only works for specific setup, see . | +| deployment.replicas | int | `nil` | Number of replicas. | +| deployment.imagePullSecrets | string | `""` | Secret to be used for pulling the images (a single secret is supported). | +| deployment.envFrom | object | `nil` | Mount environment variables from ConfigMap or Secret to the pod. | +| deployment.env | object | `nil` | Environment variables to be added to the pod. | +| deployment.volumes | object | `nil` | Volumes to be added to the pod. Key is the name of the volume. Value is the volume definition. | +| deployment.volumeMounts | object | `nil` | Mount path for Volumes. Key is the name of the volume. Value is the volume mount definition. | +| deployment.priorityClassName | string | `""` | Define the priority class for the pod. | +| deployment.tolerations | list | `nil` | Taint tolerations for the pods. | +| deployment.affinity | object | `nil` | Affinity for the pods. | +| deployment.topologySpreadConstraints | list | `nil` | Topology spread constraints for the pods. | +| deployment.revisionHistoryLimit | int | `2` | Number of ReplicaSet revisions to retain. | +| deployment.image.repository | string | `""` | Repository. | +| deployment.image.tag | string | `""` | Tag. | +| deployment.image.digest | string | `""` | Image digest. If set to a non-empty value, digest takes precedence on the tag. | +| deployment.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. | +| deployment.dnsConfig | object | `nil` | DNS config for the pods. | +| deployment.startupProbe | object | See below | Startup probe. Must specify either one of the following field when enabled: httpGet, exec, tcpSocket, grpc | +| deployment.startupProbe.enabled | bool | `false` | Enable Startup probe. | +| deployment.startupProbe.failureThreshold | int | `30` | Number of retries before marking the pod as failed. | +| deployment.startupProbe.periodSeconds | int | `10` | Time between retries. | +| deployment.startupProbe.successThreshold | int | `1` | Number of successful probes before marking the pod as ready. | +| deployment.startupProbe.timeoutSeconds | int | `1` | Time before the probe times out. | +| deployment.startupProbe.httpGet | object | `{}` | HTTP Get probe. | +| deployment.startupProbe.exec | object | `{}` | Exec probe. | +| deployment.startupProbe.tcpSocket | object | `{}` | TCP Socket probe. | +| deployment.startupProbe.grpc | object | `{}` | gRPC probe. | +| deployment.readinessProbe | object | See below | Readiness probe. Must specify either one of the following field when enabled: httpGet, exec, tcpSocket, grpc | +| deployment.readinessProbe.enabled | bool | `false` | Enable Readiness probe. | +| deployment.readinessProbe.failureThreshold | int | `30` | Number of retries before marking the pod as failed. | +| deployment.readinessProbe.periodSeconds | int | `10` | Time between retries. | +| deployment.readinessProbe.successThreshold | int | `1` | Number of successful probes before marking the pod as ready. | +| deployment.readinessProbe.timeoutSeconds | int | `1` | Time before the probe times out. | +| deployment.readinessProbe.httpGet | object | `{}` | HTTP Get probe. | +| deployment.readinessProbe.exec | object | `{}` | Exec probe. | +| deployment.readinessProbe.tcpSocket | object | `{}` | TCP Socket probe. | +| deployment.readinessProbe.grpc | object | `{}` | gRPC probe. | +| deployment.livenessProbe | object | See below | Liveness probe. Must specify either one of the following field when enabled: httpGet, exec, tcpSocket, grpc | +| deployment.livenessProbe.enabled | bool | `false` | Enable Liveness probe. | +| deployment.livenessProbe.failureThreshold | int | `30` | Number of retries before marking the pod as failed. | +| deployment.livenessProbe.periodSeconds | int | `10` | Time between retries. | +| deployment.livenessProbe.successThreshold | int | `1` | Number of successful probes before marking the pod as ready. | +| deployment.livenessProbe.timeoutSeconds | int | `1` | Time before the probe times out. | +| deployment.livenessProbe.httpGet | object | `{}` | HTTP Get probe. | +| deployment.livenessProbe.exec | object | `{}` | Exec probe. | +| deployment.livenessProbe.tcpSocket | object | `{}` | TCP Socket probe. | +| deployment.livenessProbe.grpc | object | `{}` | gRPC probe. | +| deployment.resources | object | `{"limits":{"cpu":0.5,"memory":"256Mi"},"requests":{"cpu":0.1,"memory":"128Mi"}}` | Resource limits and requests for the pod. | +| deployment.containerSecurityContext | object | `{"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Security Context at Container Level. | +| deployment.openshiftOAuthProxy.enabled | bool | `false` | Enable [OpenShift OAuth Proxy](https://github.com/openshift/oauth-proxy). | +| deployment.openshiftOAuthProxy.port | int | `8080` | Port on which application is running inside container. | +| deployment.openshiftOAuthProxy.secretName | string | `"openshift-oauth-proxy-tls"` | Secret name for the OAuth Proxy TLS certificate. | +| deployment.openshiftOAuthProxy.image | string | `"openshift/oauth-proxy:latest"` | Image for the OAuth Proxy. | +| deployment.openshiftOAuthProxy.disableTLSArg | bool | `false` | If disabled `--http-address=:8081` will be used instead of `--https-address=:8443`. It can be useful when an ingress is enabled for the application. | +| deployment.securityContext | object | `nil` | Security Context for the pod. | +| deployment.command | list | `[]` | Command for the app container. | +| deployment.args | list | `[]` | Args for the app container. | +| deployment.ports | list | `nil` | List of ports for the app container. | +| deployment.hostNetwork | bool | `nil` | Host network connectivity. | +| deployment.terminationGracePeriodSeconds | int | `nil` | Gracefull termination period. | +| deployment.lifecycle | object | `{}` | Lifecycle configuration for the pod. | +| deployment.additionalContainers | list | `nil` | Additional containers besides init and app containers (without templating). | +| persistence.enabled | bool | `false` | Enable persistence. | +| persistence.mountPVC | bool | `false` | Whether to mount the created PVC to the deployment. | +| persistence.mountPath | string | `"/"` | If `persistence.mountPVC` is enabled, where to mount the volume in the containers. | +| persistence.name | string | `{{ include "application.name" $ }}-data` | Name of the PVC. | +| persistence.accessMode | string | `"ReadWriteOnce"` | Access mode for volume. | +| persistence.storageClass | string | `nil` | Storage class for volume. If defined, use that value If set to "-" or "", disable dynamic provisioning If undefined or set to null (the default), no storageClass spec is set, choosing the default provisioner. | +| persistence.additionalLabels | object | `nil` | Additional labels for persistent volume. | +| persistence.annotations | object | `nil` | Annotations for persistent volume. | +| persistence.storageSize | string | `"8Gi"` | Size of the persistent volume. | +| persistence.volumeMode | string | `""` | PVC Volume Mode. | +| persistence.volumeName | string | `""` | Name of the volume. | + +### Service Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| service.enabled | bool | `true` | Enable Service. | +| service.additionalLabels | object | `nil` | Additional labels for service. | +| service.annotations | object | `nil` | Annotations for service. | +| service.ports | list | `[{"name":"http","port":8080,"protocol":"TCP","targetPort":8080}]` | Ports for applications service. | +| service.type | string | `"ClusterIP"` | Type of service. | +| service.clusterIP | string | `nil` | Fixed IP for a ClusterIP service. Set to `None` for an headless service | + +### Ingress Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| ingress.enabled | bool | `false` | Enable Ingress. | +| ingress.ingressClassName | string | `""` | Name of the ingress class. | +| ingress.hosts[0].host | tpl/string | `"chart-example.local"` | Hostname. | +| ingress.hosts[0].paths[0].path | string | `"/"` | Path. | +| ingress.hosts[0].paths[0].pathType | string | `ImplementationSpecific` | Path type. | +| ingress.hosts[0].paths[0].serviceName | string | `{{ include "application.name" $ }}` | Service name. | +| ingress.hosts[0].paths[0].servicePort | string | `http` | Service port. | +| ingress.additionalLabels | object | `nil` | Additional labels for ingress. | +| ingress.annotations | object | `nil` | Annotations for ingress. | +| ingress.tls | list | `nil` | TLS configuration for ingress. Secrets must exist in the namespace. You may also configure Certificate resource to generate the secret. | + +### Route Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| route.enabled | bool | `false` | Deploy a Route (OpenShift) resource. | +| route.additionalLabels | object | `nil` | Additional labels for Route. | +| route.annotations | object | `nil` | Annotations for Route. | +| route.host | string | `nil` | Explicit host. If no host is added then openshift inserts the default hostname. | +| route.path | string | `nil` | Path. | +| route.port | object | `{"targetPort":"http"}` | Service port. | +| route.to.weight | int | `100` | Service weight. | +| route.wildcardPolicy | string | `"None"` | Wildcard policy. | +| route.tls.termination | string | `"edge"` | TLS termination strategy. | +| route.tls.insecureEdgeTerminationPolicy | string | `"Redirect"` | TLS insecure termination policy. | +| route.alternateBackends | list | `nil` | Alternate backend with it's weight. | + +### SecretProviderClass Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| secretProviderClass.enabled | bool | `false` | Deploy a [Secrets Store CSI Driver SecretProviderClass](https://secrets-store-csi-driver.sigs.k8s.io/) resource. | +| secretProviderClass.name | string | `""` | Name of the SecretProviderClass. Required if `secretProviderClass.enabled` is set to `true`. | +| secretProviderClass.provider | string | `""` | Name of the provider. Required if `secretProviderClass.enabled` is set to `true`. | +| secretProviderClass.vaultAddress | string | `""` | Vault Address. Required if `secretProviderClass.provider` is set to `vault`. | +| secretProviderClass.roleName | tpl/string | `""` | Vault Role Name. Required if `secretProviderClass.provider` is set to `vault`. | +| secretProviderClass.objects | list | `nil` | Objects definitions. | +| secretProviderClass.secretObjects | list | `nil` | Objects mapping. | + +### ForecastleApp Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| forecastle.enabled | bool | `false` | Deploy a [ForecastleApp](https://github.com/stakater/Forecastle) resource. | +| forecastle.additionalLabels | object | `nil` | Additional labels for ForecastleApp. | +| forecastle.icon | string | `"https://raw.githubusercontent.com/stakater/ForecastleIcons/master/stakater-big.png"` | Icon URL. | +| forecastle.displayName | string | `""` | Application Name. Required if `forecastle.enabled` is set to `true`. | +| forecastle.group | string | `{{ .Release.Namespace }}` | Application Group. | +| forecastle.properties | object | `nil` | Custom properties. | +| forecastle.networkRestricted | bool | `false` | Is application network restricted?. | + +### RBAC Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| rbac.enabled | bool | `true` | Enable RBAC. | +| rbac.serviceAccount.enabled | bool | `false` | Deploy Service Account. | +| rbac.serviceAccount.name | string | `{{ include "application.name" $ }}` | Service Account Name. | +| rbac.serviceAccount.additionalLabels | object | `nil` | Additional labels for Service Account. | +| rbac.serviceAccount.annotations | object | `nil` | Annotations for Service Account. | +| rbac.roles | list | `nil` | Namespaced Roles. | + +### ConfigMap Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| configMap.enabled | bool | `false` | Deploy additional ConfigMaps. | +| configMap.additionalLabels | object | `nil` | Additional labels for ConfigMaps. | +| configMap.annotations | object | `nil` | Annotations for ConfigMaps. | +| configMap.files | object | `nil` | List of ConfigMap entries. Key will be used as a name suffix for the ConfigMap. Value is the ConfigMap content. | + +### SealedSecret Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| sealedSecret.enabled | bool | `false` | Deploy [SealedSecret](https://github.com/bitnami-labs/sealed-secrets) resources. | +| sealedSecret.additionalLabels | object | `nil` | Additional labels for SealedSecret. | +| sealedSecret.annotations | object | `nil` | Annotations for SealedSecret. | +| sealedSecret.files | object | `nil` | List of SealedSecret entries. Key will be used as a name suffix for the SealedSecret. Value is the SealedSecret content. | + +### Secret Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| secret.enabled | bool | `false` | Deploy additional Secret resources. | +| secret.additionalLabels | object | `nil` | Additional labels for Secret. | +| secret.annotations | object | `nil` | Annotations for Secret. | +| secret.files | object | `nil` | List of Secrets entries. Key will be used as a name suffix for the Secret. There a three allowed modes: - `data`: Data is base64 encoded by the chart - `encodedData`: Use raw values (already base64ed) inside the data map - `stringData`: Use raw values inside the stringData map | + +### ServiceMonitor Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| serviceMonitor.enabled | bool | `false` | Deploy a ServiceMonitor (Prometheus Operator) resource. | +| serviceMonitor.additionalLabels | object | `nil` | Additional labels for ServiceMonitor. | +| serviceMonitor.annotations | object | `nil` | Annotations for ServiceMonitor. | +| serviceMonitor.endpoints | list | `[{"interval":"5s","path":"/actuator/prometheus","port":"http"}]` | Service endpoints from which prometheus will scrape data. | + +### Autoscaling - Horizontal Pod Autoscaling Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaling. | +| autoscaling.additionalLabels | object | `nil` | Additional labels for HPA. | +| autoscaling.annotations | object | `nil` | Annotations for HPA. | +| autoscaling.minReplicas | int | `1` | Minimum number of replicas. | +| autoscaling.maxReplicas | int | `10` | Maximum number of replicas. | +| autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":60,"type":"Utilization"}},"type":"Resource"},{"resource":{"name":"memory","target":{"averageUtilization":60,"type":"Utilization"}},"type":"Resource"}]` | Metrics used for autoscaling. | + +### VPA - Vertical Pod Autoscaler Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| vpa.enabled | bool | `false` | Enable Vertical Pod Autoscaling. | +| vpa.additionalLabels | object | `nil` | Additional labels for VPA. | +| vpa.annotations | object | `nil` | Annotations for VPA. | +| vpa.containerPolicies | list | `[]` | Container policies for individual containers. | +| vpa.updatePolicy | object | `{"updateMode":"Auto"}` | Update policy. | + +### EndpointMonitor Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| endpointMonitor.enabled | bool | `false` | Deploy an [IMC EndpointMonitor](https://github.com/stakater/IngressMonitorController) resource. | +| endpointMonitor.additionalLabels | object | `nil` | Additional labels for EndpointMonitor. | +| endpointMonitor.annotations | object | `nil` | Annotations for EndpointMonitor. | + +### cert-manager Certificate Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| certificate.enabled | bool | `false` | Deploy a [cert-manager Certificate](https://cert-manager.io) resource. | +| certificate.additionalLabels | object | `nil` | Additional labels for Certificate. | +| certificate.annotations | object | `nil` | Annotations for Certificate. | +| certificate.secretName | tpl/string | `"tls-cert"` | Name of the secret resource that will be automatically created and managed by this Certificate resource. | +| certificate.duration | string | `"8760h0m0s"` | The requested "duration" (i.e. lifetime) of the Certificate. | +| certificate.renewBefore | string | `"720h0m0s"` | The amount of time before the currently issued certificate's notAfter time that cert-manager will begin to attempt to renew the certificate. | +| certificate.subject | tpl/object | `nil` | Full X509 name specification for certificate. | +| certificate.commonName | string | `"admin-app"` | Common name as specified on the DER encoded CSR. | +| certificate.keyAlgorithm | string | `"rsa"` | Private key algorithm of the corresponding private key for this certificate. | +| certificate.keyEncoding | string | `"pkcs1"` | Private key cryptography standards (PKCS) for this certificate's private key to be encoded in. | +| certificate.keySize | int | `2048` | Key bit size of the corresponding private key for this certificate. | +| certificate.isCA | bool | `false` | Mark this Certificate as valid for certificate signing. | +| certificate.usages | list | `nil` | Set of x509 usages that are requested for the certificate. | +| certificate.dnsNames | tpl/list | `nil` | List of DNS subjectAltNames to be set on the certificate. | +| certificate.ipAddresses | list | `nil` | List of IP address subjectAltNames to be set on the certificate. | +| certificate.uriSANs | list | `nil` | List of URI subjectAltNames to be set on the certificate. | +| certificate.emailSANs | list | `nil` | List of email subjectAltNames to be set on the Certificate. | +| certificate.privateKey.enabled | bool | `false` | Enable Private Key for the certificate. | +| certificate.privateKey.rotationPolicy | string | `"Always"` | Denotes how private keys should be generated or sourced when a certificate is being issued. | +| certificate.issuerRef.name | string | `"ca-issuer"` | Reference to the issuer for this certificate. | +| certificate.issuerRef.kind | string | `"ClusterIssuer"` | Kind of the issuer being referred to. | +| certificate.issuerRef.group | string | `"cert-manager.io"` | Group of the issuer resource being refered to. | +| certificate.keystores.enabled | bool | `false` | Enables keystore configuration. Keystores configures additional keystore output formats stored in the spec.secretName Secret resource. | +| certificate.keystores.pkcs12.create | bool | `true` | Enables PKCS12 keystore creation for the Certificate. PKCS12 configures options for storing a PKCS12 keystore in the spec.secretName Secret resource. | +| certificate.keystores.pkcs12.key | string | `"test_key"` | Key of the entry in the Secret resource's data field to be used. | +| certificate.keystores.pkcs12.name | string | `"test-creds"` | Name of the Secret resource being referred to. | +| certificate.keystores.jks.create | bool | `false` | Enables jks keystore creation for the Certificate. JKS configures options for storing a JKS keystore in the spec.secretName Secret resource. | +| certificate.keystores.jks.key | tpl/string | `"test_key"` | Key of the entry in the Secret resource's data field to be used. | +| certificate.keystores.jks.name | string | `"test-creds"` | Name of the Secret resource being referred to. | + +### AlertmanagerConfig Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| alertmanagerConfig.enabled | bool | `false` | Deploy an AlertmanagerConfig (Prometheus Operator) resource. | +| alertmanagerConfig.selectionLabels | object | `{"alertmanagerConfig":"workload"}` | Labels to be picked up by Alertmanager to add it to base config. Read more about it at [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.html](OpenShift's AlermanagerConfig documentation) under .spec.alertmanagerConfigSelector. | +| alertmanagerConfig.spec | object | `{"inhibitRules":[],"receivers":[],"route":null}` | AlertmanagerConfig spec. Read more about it at [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1alpha1.html](OpenShift's AlermanagerConfig documentation). | +| alertmanagerConfig.spec.route | object | `nil` | Route definition for alerts matching the resource’s namespace. It will be added to the generated Alertmanager configuration as a first-level route. | +| alertmanagerConfig.spec.receivers | list | `[]` | List of receivers. | +| alertmanagerConfig.spec.inhibitRules | list | `[]` | Inhibition rules that allows to mute alerts when other alerts are already firing. | + +### PrometheusRule Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| prometheusRule.enabled | bool | `false` | Deploy a PrometheusRule (Prometheus Operator) resource. | +| prometheusRule.additionalLabels | object | `nil` | Additional labels for PrometheusRule. | +| prometheusRule.groups | list | `[]` | Groups with alerting rules. Read more about it at [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.html](OpenShift's PrometheusRule documentation). | + +### ExternalSecret Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| externalSecret.enabled | bool | `false` | Deploy [ExternalSecret](https://external-secrets.io/latest/) resources. | +| externalSecret.additionalLabels | object | `nil` | Additional labels for ExternalSecret. | +| externalSecret.annotations | object | `nil` | Annotations for ExternalSecret. | +| externalSecret.secretStore | object | `{"kind":"SecretStore","name":"tenant-vault-secret-store"}` | Default values for the SecretStore. Can be overriden per ExternalSecret in the `externalSecret.files` object. | +| externalSecret.secretStore.name | string | `"tenant-vault-secret-store"` | Name of the SecretStore to use. | +| externalSecret.secretStore.kind | string | `"SecretStore"` | Kind of the SecretStore being refered to. | +| externalSecret.refreshInterval | string | `"1m"` | RefreshInterval is the amount of time before the values are read again from the SecretStore provider. | +| externalSecret.files | object | `nil` | List of ExternalSecret entries. Key will be used as a name suffix for the ExternalSecret. There a two allowed modes: - `data`: Data defines the connection between the Kubernetes Secret keys and the Provider data - `dataFrom`: Used to fetch all properties from the Provider key | + +### NetworkPolicy Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| networkPolicy.enabled | bool | `false` | Enable Network Policy. | +| networkPolicy.additionalLabels | object | `nil` | Additional labels for Network Policy. | +| networkPolicy.annotations | object | `nil` | Annotations for Network Policy. | +| networkPolicy.ingress | list | `nil` | Ingress rules for Network Policy. | +| networkPolicy.egress | list | `nil` | Egress rules for Network Policy. | + +### PodDisruptionBudget Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| pdb.enabled | bool | `false` | Enable Pod Disruption Budget. | +| pdb.minAvailable | int | `1` | Minimum number of pods that must be available after eviction. | +| pdb.maxUnavailable | int | `nil` | Maximum number of unavailable pods during voluntary disruptions. | + +### GrafanaDashboard Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| grafanaDashboard.enabled | bool | `false` | Deploy [GrafanaDashboard](https://github.com/grafana/grafana-operator) resources. | +| grafanaDashboard.additionalLabels | object | `nil` | Additional labels for GrafanaDashboard. | +| grafanaDashboard.annotations | object | `nil` | Annotations for GrafanaDashboard. | +| grafanaDashboard.contents | object | `nil` | List of GrafanaDashboard entries. Key will be used as a name suffix for the GrafanaDashboard. Value is the GrafanaDashboard content. According to GrafanaDashboard behavior, `url` field takes precedence on the `json` field. | + +### Backup Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| backup.enabled | bool | `false` | Deploy a [Velero/OADP Backup](https://velero.io/docs/main/api-types/backup/) resource. | +| backup.namespace | string | `{{ .Release.Namespace }}` | Namespace for Backup. | +| backup.additionalLabels | object | `nil` | Additional labels for Backup. | +| backup.annotations | object | `nil` | Annotations for Backup. | +| backup.defaultVolumesToRestic | bool | `true` | Whether to use Restic to take snapshots of all pod volumes by default. | +| backup.snapshotVolumes | bool | `true` | Whether to take snapshots of persistent volumes as part of the backup. | +| backup.storageLocation | string | `nil` | Name of the backup storage location where the backup should be stored. | +| backup.ttl | string | `"1h0m0s"` | How long the Backup should be retained for. | +| backup.includedResources | list | `nil` | List of resource types to include in the backup. | +| backup.excludedResources | list | `nil` | List of resource types to exclude from the backup. | ## Naming convention for ConfigMap, Secret, SealedSecret and ExternalSecret -Name format of ConfigMap, Secret, SealedSecret and ExternalSecret is ```{{ template "application.name" $ }}-{{ $nameSuffix }}``` then: +Name format of ConfigMap, Secret, SealedSecret and ExternalSecret is `{{ template "application.name" $ }}-{{ $nameSuffix }}` then: -- ```{{ template "application.name" }}``` is a helper function that outputs ```.Values.applicationName``` if exist else return chart name as output -- `nameSuffix` is the each key in ```secret.files```,```configMap.files```, ```sealedSecret.files``` and ```externalSecret.files``` +- `{{ template "application.name" }}` is a helper function that outputs `.Values.applicationName` if exist else return chart name as output +- `nameSuffix` is the each key in `secret.files`, `configMap.files`, `sealedSecret.files` and `externalSecret.files` For example if we have following values file: -``` +```yaml applicationName: helloworld # {{ template "application.name" $ }} configMap: @@ -545,24 +411,25 @@ configMap: key: value ``` -then the configmap name will be ``helloworld-config`` +then the configmap name will be named `helloworld-config`. ## Consuming environment variable in application chart -In order to use environment variable in deployment or cronjob, you will have to provide environment variable in *key/value* pair in `env` value. where key being environment variable key and value varies in different scenarios +In order to use environment variable in deployment or cronjob, you will have to provide environment variable in *key/value* pair in `env` value. where key being environment variable key and value varies in different scenarios -- For simple key/value environment variable, just provide `value: ` - ``` - env: - KEY: - value: MY_VALUE +- For simple key/value environment variable, just provide `value: ` + + ```yaml + env: + KEY: + value: MY_VALUE ``` - To get environement variable value from **ConfigMap** - - Suppose we have configmap created from applicaion chart - - ``` + + Suppose we have a configmap created from application chart + + ```yaml applicationName: my-application configMap: enabled: true @@ -571,8 +438,10 @@ In order to use environment variable in deployment or cronjob, you will have to LOG: DEBUG VERBOSE: v1 ``` + To get environment variable value from above created configmap, we will need to add following - ``` + + ```yaml env: APP_LOG_LEVEL: valueFrom: @@ -580,75 +449,81 @@ In order to use environment variable in deployment or cronjob, you will have to name: my-application-appication-config key: LOG ``` + To get all environment variables key/values from **ConfigMap**, where configmap key being key of environment variable and value being value + + ```yaml + envFrom: + application-config-env: + type: configmap + nameSuffix: application-config ``` - envFrom: - application-config-env: - type: configmap - nameSuffix: application-config - ``` - you can either provide `nameSuffix` which means name added after prefix ```-``` or static name with ```name``` of configmap. + + You can either provide `nameSuffix` which means name added after prefix `-` or static name with `name` of configmap. - To get environment variable value from **Secret** - + Suppose we have secret created from application chart - ``` - applicationName: my-application - secret: - enabled: true - files: - db-credentials: - PASSWORD: skljd#2Qer!! - USER: postgres + + ```yaml + applicationName: my-application + secret: + enabled: true + files: + db-credentials: + PASSWORD: skljd#2Qer!! + USER: postgres ``` To get environment variable value from above created secret, we will need to add following + + ```yaml + env: + KEY: + valueFrom: + secretKeyRef: + name: my-application-db-credentials + key: USER ``` - env: - KEY: - valueFrom: - secretKeyRef: - name: my-application-db-credentials - key: USER - ``` To get environement variable value from **Secret**, where secret key being key of environment variable and value being value - ``` + + ```yaml envFrom: database-credentials: type: secret nameSuffix: db-credentials ``` - you can either provide `nameSuffix` which means name added after prefix ```-``` or static name with ```name``` of secret + you can either provide `nameSuffix` which means name added after prefix `-` or static name with `name` of secret - **Note:** first key after ``envFrom`` is just used to uniquely identify different objects in ``envFrom`` block. Make sure to keep it unique and relevant + **Note:** first key after `envFrom` is just used to uniquely identify different objects in `envFrom` block. Make sure to keep it unique and relevant ## Configuring probes To disable liveness or readiness probe, set value of `enabled` to `false`. -``` - livenessProbe: - enabled: false +```yaml +livenessProbe: + enabled: false ``` By default probe handler type is `httpGet`. You just need to override `port` and `path` as per your need. -``` - livenessProbe: - enabled: true - httpGet: - path: '/path' - port: 8080 +```yaml +livenessProbe: + enabled: true + httpGet: + path: '/path' + port: 8080 ``` In order to use `exec` handler, you can define field `livenessProbe.exec` in your values.yaml. -``` - livenessProbe: - enabled: true - exec: - command: - - cat - - /tmp/healthy +```yaml +livenessProbe: + enabled: true + exec: + command: + - cat + - /tmp/healthy ``` diff --git a/README.md.gotmpl b/README.md.gotmpl new file mode 100644 index 00000000..8b4809d3 --- /dev/null +++ b/README.md.gotmpl @@ -0,0 +1,168 @@ +[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) + +# Application + +Generic helm chart for applications which: + +- are stateless +- creates only namespace scoped resources (e.g. it doesn't need CRB - Cluster Role Bindings) +- don't need privileged containers +- don't call the underlying Kubernetes API or use the underlying etcd as a database by defining custom resources +- run either as deployment, job or cronjob + +## Installing the Chart + +To install the chart with the release name `my-application` in namespace `test`: + +```shell +helm repo add stakater https://stakater.github.io/stakater-charts +helm repo update +helm install my-application stakater/application --namespace test +``` + +## Uninstall the Chart + +To uninstall the chart: + +```shell +helm delete --namespace test my-application +``` + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} + +## Naming convention for ConfigMap, Secret, SealedSecret and ExternalSecret + +Name format of ConfigMap, Secret, SealedSecret and ExternalSecret is `{{`{{ template "application.name" $ }}-{{ $nameSuffix }}`}}` then: + +- `{{`{{ template "application.name" }}`}}` is a helper function that outputs `.Values.applicationName` if exist else return chart name as output +- `nameSuffix` is the each key in `secret.files`, `configMap.files`, `sealedSecret.files` and `externalSecret.files` + +For example if we have following values file: + +```yaml +applicationName: helloworld # {{`{{ template "application.name" $ }}`}} + +configMap: + files: + config: # {{`{{ $nameSuffix }}`}} + key: value +``` + +then the configmap name will be named `helloworld-config`. + +## Consuming environment variable in application chart + +In order to use environment variable in deployment or cronjob, you will have to provide environment variable in *key/value* pair in `env` value. where key being environment variable key and value varies in different scenarios + +- For simple key/value environment variable, just provide `value: ` + + ```yaml + env: + KEY: + value: MY_VALUE + ``` + + - To get environement variable value from **ConfigMap** + + Suppose we have a configmap created from application chart + + ```yaml + applicationName: my-application + configMap: + enabled: true + files: + application-config: + LOG: DEBUG + VERBOSE: v1 + ``` + + To get environment variable value from above created configmap, we will need to add following + + ```yaml + env: + APP_LOG_LEVEL: + valueFrom: + configMapKeyRef: + name: my-application-appication-config + key: LOG + ``` + + To get all environment variables key/values from **ConfigMap**, where configmap key being key of environment variable and value being value + + ```yaml + envFrom: + application-config-env: + type: configmap + nameSuffix: application-config + ``` + + You can either provide `nameSuffix` which means name added after prefix `-` or static name with `name` of configmap. + +- To get environment variable value from **Secret** + + Suppose we have secret created from application chart + + ```yaml + applicationName: my-application + secret: + enabled: true + files: + db-credentials: + PASSWORD: skljd#2Qer!! + USER: postgres + ``` + + To get environment variable value from above created secret, we will need to add following + + ```yaml + env: + KEY: + valueFrom: + secretKeyRef: + name: my-application-db-credentials + key: USER + ``` + + To get environement variable value from **Secret**, where secret key being key of environment variable and value being value + + ```yaml + envFrom: + database-credentials: + type: secret + nameSuffix: db-credentials + ``` + you can either provide `nameSuffix` which means name added after prefix `-` or static name with `name` of secret + + **Note:** first key after `envFrom` is just used to uniquely identify different objects in `envFrom` block. Make sure to keep it unique and relevant + +## Configuring probes + +To disable liveness or readiness probe, set value of `enabled` to `false`. + +```yaml +livenessProbe: + enabled: false +``` + +By default probe handler type is `httpGet`. You just need to override `port` and `path` as per your need. + +```yaml +livenessProbe: + enabled: true + httpGet: + path: '/path' + port: 8080 +``` + +In order to use `exec` handler, you can define field `livenessProbe.exec` in your values.yaml. + +```yaml +livenessProbe: + enabled: true + exec: + command: + - cat + - /tmp/healthy +``` diff --git a/application/templates/alertmanagerconfig.yaml b/application/templates/alertmanagerconfig.yaml index 122c4e03..9b5156cf 100644 --- a/application/templates/alertmanagerconfig.yaml +++ b/application/templates/alertmanagerconfig.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{ toYaml .Values.alertmanagerConfig.selectionLabels | indent 4 }} spec: {{- if .Values.alertmanagerConfig.spec.route }} @@ -14,7 +14,7 @@ spec: {{ toYaml .Values.alertmanagerConfig.spec.route | indent 6 }} {{- end -}} {{- if .Values.alertmanagerConfig.spec.receivers }} - receivers: + receivers: {{ toYaml .Values.alertmanagerConfig.spec.receivers | indent 6 }} {{- end -}} {{- if .Values.alertmanagerConfig.spec.inhibitRules }} diff --git a/application/templates/backup.yaml b/application/templates/backup.yaml index 3fcdb05d..08bb31ed 100644 --- a/application/templates/backup.yaml +++ b/application/templates/backup.yaml @@ -5,17 +5,24 @@ metadata: name: {{ printf "%s-backup" .Values.applicationName | trunc 63 | quote }} namespace: {{ .Values.backup.namespace | default ( include "application.namespace" . ) | quote }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} +{{- if .Values.backup.additionalLabels }} +{{ toYaml .Values.backup.additionalLabels | indent 4 }} +{{- end }} +{{- if .Values.backup.annotations }} + annotations: +{{ toYaml .Values.backup.annotations | indent 4 }} +{{- end }} spec: labelSelector: matchLabels: app.kubernetes.io/part-of: {{ include "application.name" . }} includedNamespaces: - {{ include "application.namespace" . }} - defaultVolumesToRestic: {{ .Values.backup.defaultVolumesToRestic | default true }} - snapshotVolumes: {{ .Values.backup.snapshotVolumes | default true }} + defaultVolumesToRestic: {{ .Values.backup.defaultVolumesToRestic }} + snapshotVolumes: {{ .Values.backup.snapshotVolumes }} storageLocation: {{ .Values.backup.storageLocation | quote }} - ttl: {{ .Values.backup.ttl | default "1h0m0s" }} + ttl: {{ .Values.backup.ttl }} {{- if .Values.backup.includedResources }} includedResources: {{ toYaml .Values.backup.includedResources | indent 4 }} diff --git a/application/templates/certificate.yaml b/application/templates/certificate.yaml index c9601031..133361bb 100644 --- a/application/templates/certificate.yaml +++ b/application/templates/certificate.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "application.name" . }}-certificate namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.certificate.additionalLabels }} {{ toYaml .Values.certificate.additionalLabels | indent 4 }} {{- end }} @@ -23,7 +23,7 @@ spec: subject: {{ include "application.tplvalues.render" ( dict "value" .Values.certificate.subject "context" $ ) | indent 4 }} commonName: {{ include "application.tplvalues.render" ( dict "value" .Values.certificate.commonName "context" $ ) }} - {{- if .Values.certificate.isCA }} + {{- if .Values.certificate.isCA }} isCA: {{ .Values.certificate.isCA }} {{- end }} usages: diff --git a/application/templates/deployment.yaml b/application/templates/deployment.yaml index a3dce5c8..e6347308 100644 --- a/application/templates/deployment.yaml +++ b/application/templates/deployment.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.deployment.additionalLabels }} {{ toYaml .Values.deployment.additionalLabels | indent 4 }} {{- end }} @@ -14,7 +14,7 @@ metadata: {{- if .Values.deployment.annotations }} {{ toYaml .Values.deployment.annotations | indent 4 }} {{- end }} -{{- if .Values.deployment.reloadOnChange }} +{{- if .Values.deployment.reloadOnChange }} reloader.stakater.com/auto: "true" {{- end }} name: {{ template "application.name" . }} @@ -211,7 +211,7 @@ spec: {{- toYaml .Values.deployment.startupProbe.grpc | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.deployment.livenessProbe.enabled }} + {{- if .Values.deployment.livenessProbe.enabled }} livenessProbe: failureThreshold: {{ .Values.deployment.livenessProbe.failureThreshold }} periodSeconds: {{ .Values.deployment.livenessProbe.periodSeconds }} @@ -232,7 +232,7 @@ spec: {{- toYaml .Values.deployment.livenessProbe.grpc | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.deployment.readinessProbe.enabled }} + {{- if .Values.deployment.readinessProbe.enabled }} readinessProbe: failureThreshold: {{ .Values.deployment.readinessProbe.failureThreshold }} periodSeconds: {{ .Values.deployment.readinessProbe.periodSeconds }} diff --git a/application/templates/endpointmonitor.yaml b/application/templates/endpointmonitor.yaml index 52cbf62b..6bed6f8d 100644 --- a/application/templates/endpointmonitor.yaml +++ b/application/templates/endpointmonitor.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.endpointMonitor.additionalLabels }} {{ toYaml .Values.endpointMonitor.additionalLabels | indent 4 }} {{- end }} diff --git a/application/templates/externalsecrets.yaml b/application/templates/externalsecrets.yaml index 682510c5..cf41f772 100644 --- a/application/templates/externalsecrets.yaml +++ b/application/templates/externalsecrets.yaml @@ -8,6 +8,13 @@ metadata: namespace: {{ include "application.namespace" $ }} labels: {{- include "application.labels" $ | nindent 4 }} +{{- if $.Values.externalSecret.additionalLabels }} +{{ toYaml $.Values.externalSecret.additionalLabels | indent 4 }} +{{- end }} +{{- if $.Values.externalSecret.annotations }} + annotations: +{{ toYaml $.Values.externalSecret.annotations | indent 4 }} +{{- end }} spec: refreshInterval: {{ $.Values.externalSecret.refreshInterval }} {{- if and (not $data.data) (not $data.dataFrom) }} @@ -25,15 +32,9 @@ spec: - extract: {{ toYaml $data.dataFrom | indent 6 }} {{- end }} - {{- if $data.secretStore }} - secretStoreRef: - name: {{ $data.secretStore.name }} - kind: {{ $data.secretStore.kind | default "SecretStore" }} - {{- else }} secretStoreRef: - name: {{ $.Values.externalSecret.secretStore.name }} - kind: {{ $.Values.externalSecret.secretStore.kind | default "SecretStore" }} - {{- end}} + name: {{ default $.Values.externalSecret.secretStore.name ($data.secretStore).name }} + kind: {{ default $.Values.externalSecret.secretStore.kind ($data.secretStore).kind }} target: name: {{ template "application.name" $ }}-{{ $nameSuffix }} template: @@ -41,11 +42,11 @@ spec: {{- if or $data.annotations $data.labels}} metadata: {{- if $data.annotations }} - annotations: + annotations: {{ toYaml $data.annotations | indent 10 }} {{- end }} {{- if $data.labels }} - labels: + labels: {{ toYaml $data.labels | indent 10 }} {{- end }} {{- end }} diff --git a/application/templates/forecastle.yaml b/application/templates/forecastle.yaml index 1a72296c..dc3b724b 100644 --- a/application/templates/forecastle.yaml +++ b/application/templates/forecastle.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.forecastle.additionalLabels }} {{ toYaml .Values.forecastle.additionalLabels | indent 4 }} {{- end }} diff --git a/application/templates/hpa.yaml b/application/templates/hpa.yaml index f1796d3a..1a253e00 100644 --- a/application/templates/hpa.yaml +++ b/application/templates/hpa.yaml @@ -10,7 +10,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- with .Values.autoscaling.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/application/templates/ingress.yaml b/application/templates/ingress.yaml index e37f1e00..4777aa87 100644 --- a/application/templates/ingress.yaml +++ b/application/templates/ingress.yaml @@ -7,7 +7,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.ingress.additionalLabels }} {{ toYaml .Values.ingress.additionalLabels | indent 4 }} {{- end }} diff --git a/application/templates/networkpolicy.yaml b/application/templates/networkpolicy.yaml index 92394199..de00109e 100644 --- a/application/templates/networkpolicy.yaml +++ b/application/templates/networkpolicy.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.networkPolicy.additionalLabels }} {{ toYaml .Values.networkPolicy.additionalLabels | indent 4 }} {{- end }} diff --git a/application/templates/pdb.yaml b/application/templates/pdb.yaml index 7e97266a..ea52980b 100644 --- a/application/templates/pdb.yaml +++ b/application/templates/pdb.yaml @@ -8,7 +8,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} spec: diff --git a/application/templates/prometheusrule.yaml b/application/templates/prometheusrule.yaml index 46831b83..08e36917 100644 --- a/application/templates/prometheusrule.yaml +++ b/application/templates/prometheusrule.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.prometheusRule.additionalLabels }} {{ toYaml .Values.prometheusRule.additionalLabels | indent 4 }} {{- end }} diff --git a/application/templates/pvc.yaml b/application/templates/pvc.yaml index a6940981..1113850e 100644 --- a/application/templates/pvc.yaml +++ b/application/templates/pvc.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.persistence.additionalLabels }} {{ toYaml .Values.persistence.additionalLabels | indent 4 }} {{- end }} @@ -31,10 +31,10 @@ spec: storageClassName: "{{ .Values.persistence.storageClass }}" {{- end }} {{- end }} -{{- if .Values.persistence.volumeMode }} +{{- if .Values.persistence.volumeMode }} volumeMode: "{{ .Values.persistence.volumeMode }}" {{- end }} -{{- if .Values.persistence.volumeName }} +{{- if .Values.persistence.volumeName }} volumeName: "{{ .Values.persistence.volumeName }}" {{- end }} {{- end }} diff --git a/application/templates/route.yaml b/application/templates/route.yaml index 396a3db1..580be2e2 100644 --- a/application/templates/route.yaml +++ b/application/templates/route.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.route.additionalLabels }} {{ toYaml .Values.route.additionalLabels | indent 4 }} {{- end }} diff --git a/application/templates/service.yaml b/application/templates/service.yaml index cba72c8b..820bf4e2 100644 --- a/application/templates/service.yaml +++ b/application/templates/service.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ template "application.namespace" $ }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.service.additionalLabels }} {{- toYaml .Values.service.additionalLabels | nindent 4 }} {{- end }} diff --git a/application/templates/serviceaccount.yaml b/application/templates/serviceaccount.yaml index deebd2b3..3c361ddb 100644 --- a/application/templates/serviceaccount.yaml +++ b/application/templates/serviceaccount.yaml @@ -6,7 +6,7 @@ metadata: name: {{ default (include "application.name" .) .Values.rbac.serviceAccount.name }} namespace: {{ template "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- with .Values.rbac.serviceAccount.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/application/templates/servicemonitor.yaml b/application/templates/servicemonitor.yaml index 293a56a1..90676ed7 100644 --- a/application/templates/servicemonitor.yaml +++ b/application/templates/servicemonitor.yaml @@ -6,7 +6,7 @@ metadata: name: {{ template "application.name" . }}-svc-monitor namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- if .Values.serviceMonitor.additionalLabels }} {{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }} {{- end }} @@ -19,7 +19,7 @@ metadata: spec: selector: matchLabels: -{{ include "application.labels" . | indent 6 }} +{{ include "application.labels" $ | indent 6 }} namespaceSelector: matchNames: - {{ include "application.namespace" . }} diff --git a/application/templates/vpa.yaml b/application/templates/vpa.yaml index 1117b32b..fcc9979f 100644 --- a/application/templates/vpa.yaml +++ b/application/templates/vpa.yaml @@ -9,7 +9,7 @@ metadata: name: {{ template "application.name" . }} namespace: {{ include "application.namespace" . }} labels: - {{- include "application.labels" . | nindent 4 }} + {{- include "application.labels" $ | nindent 4 }} {{- with .Values.vpa.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/application/tests/deployment_test.yaml b/application/tests/deployment_test.yaml index d8f18322..30baea1f 100644 --- a/application/tests/deployment_test.yaml +++ b/application/tests/deployment_test.yaml @@ -3,6 +3,9 @@ suite: Deployment templates: - deployment.yaml +set: + deployment.image.repository: example-image + tests: - it: does not include OAuth proxy container if disabled set: diff --git a/application/values.yaml b/application/values.yaml index 0e8bac83..805f813e 100644 --- a/application/values.yaml +++ b/application/values.yaml @@ -1,31 +1,33 @@ -# -- Same as nameOverride but for the namespace. +# -- (string) Override the namespace for all resources. +# @section -- Parameters namespaceOverride: "" -# -- Same as nameOverride but for the component. +# -- (string) Override the component label for all resources. +# @section -- Parameters componentOverride: "" -# -- Same as nameOverride but for the partOf. +# -- (string) Override the partOf label for all resources. +# @section -- Parameters partOfOverride: "" -########################################################## -# Name of the application. -########################################################## -applicationName: "application" - -########################################################## -# Global labels -# These labels will be added on all resources, -# and you can add additional labels from below -# on individual resource -########################################################## +# -- (string) Application name. +# @default -- `{{ .Chart.Name }}` +# @section -- Parameters +applicationName: "" cronJob: + # -- (bool) Deploy CronJob resources. + # @section -- CronJob Parameters enabled: false + # -- (object) Map of CronJob resources. + # Key will be used as a name suffix for the CronJob. Value is the CronJob configuration. + # See values for more details. + # @section -- CronJob Parameters jobs: # db-migration: # schedule: "* * * 8 *" # priorityClassName: high-priority - # env: + # env: # KEY: # value: VALUE # image: @@ -39,54 +41,72 @@ cronJob: # requests: # memory: 5Gi # cpu: 1 - + job: + # -- (bool) Deploy Job resources. + # @section -- Job Parameters enabled: false + # -- (object) Map of Job resources. + # Key will be used as a name suffix for the Job. Value is the Job configuration. + # See values for more details. + # @section -- Job Parameters jobs: # db-migration: # additionalPodAnnotations: # helm.sh/hook: "pre-install,pre-upgrade" # helm.sh/hook-weight: "-1" # helm.sh/hook-delete-policy: "before-hook-creation" - # env: + # env: # KEY: # value: VALUE - # image: + # image: # repository: docker.io/nginx # tag: v1.0.0 # digest: '' # if set to a non empty value, digest takes precedence on the tag # imagePullPolicy: IfNotPresent # command: ["/bin/bash"] # args: ["-c","sleep 5000"] - # resources: + # resources: # requests: # memory: 5Gi # cpu: 1 - -########################################################## -# Deployment -########################################################## deployment: - + # -- (bool) Enable Deployment. + # @section -- Deployment Parameters enabled: true - # By default deploymentStrategy is set to rollingUpdate with maxSurge of 25% and maxUnavailable of 25% - # You can change type to `Recreate` or can uncomment `rollingUpdate` specification and adjust them to your usage. + # -- (object) Additional labels for Deployment. + # @section -- Deployment Parameters + additionalLabels: + # -- (object) Additional pod labels which are used in Service's Label Selector. + # @section -- Deployment Parameters + podLabels: + # -- (object) Annotations for Deployment. + # @section -- Deployment Parameters + annotations: + # -- (object) Additional pod annotations. + # @section -- Deployment Parameters + additionalPodAnnotations: strategy: + # -- (string) Type of deployment strategy. + # @section -- Deployment Parameters type: RollingUpdate - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% - - # Reload deployment if configMap/secret updates + rollingUpdate: + # -- (string) Max unavailable pods during update. + # @section -- Deployment Parameters + maxUnavailable: 25% + # -- (string) Max surge pods during update. + # @section -- Deployment Parameters + maxSurge: 25% + # -- (bool) Reload deployment if attached Secret/ConfigMap changes. + # @section -- Deployment Parameters reloadOnChange: true - - # Select nodes to deploy which matches the following labels + # -- (object) Select the node where the pods should be scheduled. + # @section -- Deployment Parameters nodeSelector: - # cloud.google.com/gke-nodepool: default-pool - - # Init containers which runs before the app container + # -- (list) Add host aliases to the pods. + # @section -- Deployment Parameters hostAliases: # - ip: "127.0.0.1" # hostnames: @@ -96,42 +116,34 @@ deployment: # hostnames: # - "foo.remote" # - "bar.remote" - - # Init containers which runs before the app container + # -- (object) Add init containers to the pods. + # @section -- Deployment Parameters initContainers: - # init-contaner: + # init-something: # image: busybox # imagePullPolicy: IfNotPresent # command: ['/bin/sh'] - - # Additional labels for Deployment - additionalLabels: - # key: value - - # Additional label added on pod which is used in Service's Label Selector - podLabels: - # env: prod - - # Annotations on deployments - annotations: - - # Additional Pod Annotations added on pod created by this Deployment - additionalPodAnnotations: - # key: value - - # Annotations for fluentd Configurations + # -- (object) Configuration details for fluentdConfigurations. + # Only works for specific setup, see . + # @section -- Deployment Parameters fluentdConfigAnnotations: - # fluentd: - # regex: hello - # timeFormat: world - - # Replicas to be created + # regex: hello + # regexFirstLine: hello + # timeFormat: world + # notifications: + # key: value + # pattern: value + # slack: + # webhookURL: https://hooks.slack.com/services/XXXXX/XXXXX/XXXXX + # channelName: "#channel" + # -- (int) Number of replicas. + # @section -- Deployment Parameters replicas: - - # Secrets used to pull image + # -- (string) Secret to be used for pulling the images (a single secret is supported). + # @section -- Deployment Parameters imagePullSecrets: "" - - # If want to mount Envs from configmap or secret + # -- (object) Mount environment variables from ConfigMap or Secret to the pod. + # @section -- Deployment Parameters envFrom: # production-cm: # type: configmap @@ -142,8 +154,8 @@ deployment: # postgres-config: # type: secret # nameSuffix: postgres - - # Environment variables to be passed to the app container + # -- (object) Environment variables to be added to the pod. + # @section -- Deployment Parameters env: # ENVIRONMENT: # value: "dev" @@ -152,8 +164,9 @@ deployment: # configMapKeyRef: # name: config # key: frequency - - # Volumes to be added to the pod + # -- (object) Volumes to be added to the pod. + # Key is the name of the volume. Value is the volume definition. + # @section -- Deployment Parameters volumes: # configmap-volume: # configMap: @@ -164,27 +177,27 @@ deployment: # persistent-volume-name: # persistentVolumeClaim: # claimName: claim-name - - # Mount path for Volumes + # -- (object) Mount path for Volumes. + # Key is the name of the volume. Value is the volume mount definition. + # @section -- Deployment Parameters volumeMounts: # volume-name: # mountPath: path # subPath: szy - # volume-name-2: # mountPath: path-2 - - # priorityClassName defines the priority class for pod scheduling - priorityClassName: '' - - # Taint tolerations for nodes + # -- (string) Define the priority class for the pod. + # @section -- Deployment Parameters + priorityClassName: "" + # -- (list) Taint tolerations for the pods. + # @section -- Deployment Parameters tolerations: # - key: "dedicated" # operator: "Equal" # value: "app" # effect: "NoSchedule" - - # Pod affinity and pod anti-affinity allow you to specify rules about how pods should be placed relative to other pods. + # -- (object) Affinity for the pods. + # @section -- Deployment Parameters affinity: # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: @@ -194,8 +207,8 @@ deployment: # operator: In # values: # - ssd - - # Topology spread constraints + # -- (list) Topology spread constraints for the pods. + # @section -- Deployment Parameters topologySpreadConstraints: # - maxSkew: 1 # topologyKey: kubernetes.io/hostname @@ -215,58 +228,128 @@ deployment: # operator: In # values: # - ssd - - # Number of ReplicaSet versions to retain + # -- (int) Number of ReplicaSet revisions to retain. + # @section -- Deployment Parameters revisionHistoryLimit: 2 - - # Image of the app container image: - repository: repository/image-name - tag: '' - digest: '' # if set to a non empty value, digest takes precedence on the tag + # -- (string) Repository. + # @section -- Deployment Parameters + repository: "" + # -- (string) Tag. + # @section -- Deployment Parameters + tag: "" + # -- (string) Image digest. If set to a non-empty value, digest takes precedence on the tag. + # @section -- Deployment Parameters + digest: "" + # -- (string) Image pull policy. + # @section -- Deployment Parameters pullPolicy: IfNotPresent + # -- (object) DNS config for the pods. + # @section -- Deployment Parameters dnsConfig: # options: # - name: ndots # value: '1' - # Startup, Readiness and Liveness probes + # -- (object) Startup probe. + # @default -- See below + # Must specify either one of the following field when enabled: httpGet, exec, tcpSocket, grpc + # @section -- Deployment Parameters startupProbe: + # -- (bool) Enable Startup probe. + # @section -- Deployment Parameters enabled: false + # -- (int) Number of retries before marking the pod as failed. + # @section -- Deployment Parameters failureThreshold: 30 + # -- (int) Time between retries. + # @section -- Deployment Parameters periodSeconds: 10 - # Must specify either one of the following field when enabled + # -- (int) Number of successful probes before marking the pod as ready. + # @section -- Deployment Parameters + successThreshold: 1 + # -- (int) Time before the probe times out. + # @section -- Deployment Parameters + timeoutSeconds: 1 + # -- (object) HTTP Get probe. + # @section -- Deployment Parameters httpGet: {} + # -- (object) Exec probe. + # @section -- Deployment Parameters exec: {} + # -- (object) TCP Socket probe. + # @section -- Deployment Parameters tcpSocket: {} + # -- (object) gRPC probe. + # @section -- Deployment Parameters grpc: {} + # -- (object) Readiness probe. + # @default -- See below + # Must specify either one of the following field when enabled: httpGet, exec, tcpSocket, grpc + # @section -- Deployment Parameters readinessProbe: + # -- (bool) Enable Readiness probe. + # @section -- Deployment Parameters enabled: false - failureThreshold: 3 + # -- (int) Number of retries before marking the pod as failed. + # @section -- Deployment Parameters + failureThreshold: 30 + # -- (int) Time between retries. + # @section -- Deployment Parameters periodSeconds: 10 + # -- (int) Number of successful probes before marking the pod as ready. + # @section -- Deployment Parameters successThreshold: 1 + # -- (int) Time before the probe times out. + # @section -- Deployment Parameters timeoutSeconds: 1 - initialDelaySeconds: 10 - # Must specify either one of the following field when enabled + # -- (object) HTTP Get probe. + # @section -- Deployment Parameters httpGet: {} + # -- (object) Exec probe. + # @section -- Deployment Parameters exec: {} + # -- (object) TCP Socket probe. + # @section -- Deployment Parameters tcpSocket: {} + # -- (object) gRPC probe. + # @section -- Deployment Parameters grpc: {} + # -- (object) Liveness probe. + # @default -- See below + # Must specify either one of the following field when enabled: httpGet, exec, tcpSocket, grpc + # @section -- Deployment Parameters livenessProbe: + # -- (bool) Enable Liveness probe. + # @section -- Deployment Parameters enabled: false - failureThreshold: 3 + # -- (int) Number of retries before marking the pod as failed. + # @section -- Deployment Parameters + failureThreshold: 30 + # -- (int) Time between retries. + # @section -- Deployment Parameters periodSeconds: 10 + # -- (int) Number of successful probes before marking the pod as ready. + # @section -- Deployment Parameters successThreshold: 1 + # -- (int) Time before the probe times out. + # @section -- Deployment Parameters timeoutSeconds: 1 - initialDelaySeconds: 10 - # Must specify either one of the following field when enabled + # -- (object) HTTP Get probe. + # @section -- Deployment Parameters httpGet: {} + # -- (object) Exec probe. + # @section -- Deployment Parameters exec: {} + # -- (object) TCP Socket probe. + # @section -- Deployment Parameters tcpSocket: {} + # -- (object) gRPC probe. + # @section -- Deployment Parameters grpc: {} - - # Resources to be defined for pod + # -- (object) Resource limits and requests for the pod. + # @section -- Deployment Parameters resources: limits: memory: 256Mi @@ -274,93 +357,118 @@ deployment: requests: memory: 128Mi cpu: 0.1 - - # Security Context at Container Level + # -- (object) Security Context at Container Level. + # @section -- Deployment Parameters containerSecurityContext: readOnlyRootFilesystem: true runAsNonRoot: true - openshiftOAuthProxy: + # -- (bool) Enable [OpenShift OAuth Proxy](https://github.com/openshift/oauth-proxy). + # @section -- Deployment Parameters enabled: false - port: 8080 # Port on which application is running inside container + # -- (int) Port on which application is running inside container. + # @section -- Deployment Parameters + port: 8080 + # -- (string) Secret name for the OAuth Proxy TLS certificate. + # @section -- Deployment Parameters secretName: "openshift-oauth-proxy-tls" - image: openshift/oauth-proxy:latest # If you have a custom container for oauth-proxy that can be updated here - disableTLSArg: false # If disabled --http-address=:8081 will be used instead of --https-address=:8443 , to be used when an ingress is used for application - # Add additional containers besides init and app containers - additionalContainers: - # - name: sidecar-contaner - # image: busybox - # imagePullPolicy: IfNotPresent - # command: ['/bin/sh'] - - # Security Context for the pod + # -- (string) Image for the OAuth Proxy. + # @section -- Deployment Parameters + image: openshift/oauth-proxy:latest + # -- (bool) If disabled `--http-address=:8081` will be used instead of `--https-address=:8443`. + # It can be useful when an ingress is enabled for the application. + # @section -- Deployment Parameters + disableTLSArg: false + # -- (object) Security Context for the pod. + # @section -- Deployment Parameters securityContext: # fsGroup: 2000 - - # Command for primary container + # -- (list) Command for the app container. + # @section -- Deployment Parameters command: [] - - # Args for primary contaner + # -- (list) Args for the app container. + # @section -- Deployment Parameters args: [] - - # List of ports for the primary container + # -- (list) List of ports for the app container. + # @section -- Deployment Parameters ports: - #- containerPort: 8080 - # name: http - # protocol: TCP - #- containerPort: 8778 - # name: jolokia - # protocol: TCP - #- containerPort: 8443 - # name: https - # protocol: TCP - - # Networking using the host network + # - containerPort: 8080 + # name: http + # protocol: TCP + # - containerPort: 8443 + # name: https + # protocol: TCP + # -- (bool) Host network connectivity. + # @section -- Deployment Parameters hostNetwork: - - # Graceful termination timeout + # -- (int) Gracefull termination period. + # @section -- Deployment Parameters terminationGracePeriodSeconds: - - # Default lifecycle configuration + # -- (object) Lifecycle configuration for the pod. + # @section -- Deployment Parameters lifecycle: {} - # Example for a preStop hook: # preStop: # exec: # command: ["/bin/bash", "-c", "sleep 20"] + # -- (list) Additional containers besides init and app containers (without templating). + # @section -- Deployment Parameters + additionalContainers: + # - name: sidecar-container + # image: busybox + # imagePullPolicy: IfNotPresent + # command: ['/bin/sh'] -########################################################## -# Add Storage volumes to the pods -########################################################## persistence: + # -- (bool) Enable persistence. + # @section -- Deployment Parameters enabled: false + # -- (bool) Whether to mount the created PVC to the deployment. + # @section -- Deployment Parameters mountPVC: false + # -- (string) If `persistence.mountPVC` is enabled, where to mount the volume in the containers. + # @section -- Deployment Parameters mountPath: "/" + # -- (string) Name of the PVC. + # @default -- `{{ include "application.name" $ }}-data` + # @section -- Deployment Parameters name: "" + # -- (string) Access mode for volume. + # @section -- Deployment Parameters accessMode: ReadWriteOnce - ## If defined, storageClass: - ## If set to "-", storageClass: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClass spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "-" + # -- (string) Storage class for volume. + # If defined, use that value + # If set to "-" or "", disable dynamic provisioning + # If undefined or set to null (the default), no storageClass spec is + # set, choosing the default provisioner. + # @section -- Deployment Parameters + storageClass: null + # -- (object) Additional labels for persistent volume. + # @section -- Deployment Parameters additionalLabels: - # key: "value" + # key: value + # -- (object) Annotations for persistent volume. + # @section -- Deployment Parameters annotations: - # "helm.sh/resource-policy": keep + # "helm.sh/resource-policy": keep + # -- (string) Size of the persistent volume. + # @section -- Deployment Parameters storageSize: 8Gi + # -- (string) PVC Volume Mode. + # @section -- Deployment Parameters volumeMode: "" + # -- (string) Name of the volume. + # @section -- Deployment Parameters volumeName: "" - -########################################################## -# Service object for servicing pods -########################################################## service: + # -- (bool) Enable Service. + # @section -- Service Parameters enabled: true + # -- (object) Additional labels for service. + # @section -- Service Parameters additionalLabels: - # expose: "true" - + # -- (object) Annotations for service. + # @section -- Service Parameters annotations: # config.xposer.stakater.com/Domain: stakater.com # config.xposer.stakater.com/IngressNameTemplate: '{{ "{{.Service}}-{{.Namespace}}" }}' @@ -372,157 +480,197 @@ service: # kubernetes.io/ingress.class: external-ingress # ingress.kubernetes.io/rewrite-target: / # ingress.kubernetes.io/force-ssl-redirect: true - + # -- (list) Ports for applications service. + # @section -- Service Parameters ports: - port: 8080 name: http protocol: TCP targetPort: 8080 + # -- (string) Type of service. + # @section -- Service Parameters type: ClusterIP - - # Set to 'None' will make this service headless + # -- (string) Fixed IP for a ClusterIP service. + # Set to `None` for an headless service + # @section -- Service Parameters clusterIP: -########################################################## -# Ingress object for exposing services -########################################################## ingress: + # -- (bool) Enable Ingress. + # @section -- Ingress Parameters enabled: false - - # Name of the ingress class - ingressClassName: '' - - # List of host addresses to be exposed by this Ingress + # -- (string) Name of the ingress class. + # @section -- Ingress Parameters + ingressClassName: "" hosts: - - host: chart-example.local + - # -- (tpl/string) Hostname. + # @section -- Ingress Parameters + host: chart-example.local paths: - - path: / - # pathType: '' - # serviceName: '' - # servicePort: '' - # Additional labels for this Ingress + - # -- (string) Path. + # @section -- Ingress Parameters + path: / + # -- (string) Path type. + # @default -- `ImplementationSpecific` + # @section -- Ingress Parameters + pathType: + # -- (string) Service name. + # @default -- `{{ include "application.name" $ }}` + # @section -- Ingress Parameters + serviceName: + # -- (string) Service port. + # @default -- `http` + # @section -- Ingress Parameters + servicePort: + # -- (object) Additional labels for ingress. + # @section -- Ingress Parameters additionalLabels: - - # Add annotations to this Ingress + # -- (object) Annotations for ingress. + # @section -- Ingress Parameters annotations: # kubernetes.io/ingress.class: external-ingress # ingress.kubernetes.io/rewrite-target: / # ingress.kubernetes.io/force-ssl-redirect: true - - # TLS details for this Ingress + # -- (list) TLS configuration for ingress. + # Secrets must exist in the namespace. + # You may also configure Certificate resource to generate the secret. + # @section -- Ingress Parameters tls: - # Secrets must be manually created in the namespace. # - secretName: chart-example-tls # hosts: # - chart-example.local -########################################################## -# Route object for exposing services (OpenShift) -########################################################## route: + # -- (bool) Deploy a Route (OpenShift) resource. + # @section -- Route Parameters enabled: false - - # Add annotations to this Route + # -- (object) Additional labels for Route. + # @section -- Route Parameters + additionalLabels: + # -- (object) Annotations for Route. + # @section -- Route Parameters annotations: # kubernetes.io/ingress.class: external-ingress # ingress.kubernetes.io/rewrite-target: / # ingress.kubernetes.io/force-ssl-redirect: true - - # Additional labels for this Route - additionalLabels: - - # If no host is added then openshift inserts the default hostname. To Add host explicitly, use host attribute + # -- (string) Explicit host. + # If no host is added then openshift inserts the default hostname. + # @section -- Route Parameters host: - + # -- (string) Path. + # @section -- Route Parameters path: - # Port of the service that serves pods + # -- (object) Service port. + # @section -- Route Parameters port: targetPort: http - to: - weight: 100 - + # -- (int) Service weight. + # @section -- Route Parameters + weight: 100 + # -- (string) Wildcard policy. + # @section -- Route Parameters wildcardPolicy: None - tls: - # TLS Termination strategy + # -- (string) TLS termination strategy. + # @section -- Route Parameters termination: edge + # -- (string) TLS insecure termination policy. + # @section -- Route Parameters insecureEdgeTerminationPolicy: Redirect - + # -- (list) Alternate backend with it's weight. + # @section -- Route Parameters alternateBackends: # kind: Service # name: alternate-application # weight: 20 -########################################################## -# SecretProviderClass -########################################################## secretProviderClass: + # -- (bool) Deploy a [Secrets Store CSI Driver SecretProviderClass](https://secrets-store-csi-driver.sigs.k8s.io/) resource. + # @section -- SecretProviderClass Parameters enabled: false + # -- (string) Name of the SecretProviderClass. + # Required if `secretProviderClass.enabled` is set to `true`. + # @section -- SecretProviderClass Parameters name: "" - # name: example + # -- (string) Name of the provider. + # Required if `secretProviderClass.enabled` is set to `true`. + # @section -- SecretProviderClass Parameters provider: "" # provider: vault + # -- (string) Vault Address. + # Required if `secretProviderClass.provider` is set to `vault`. + # @section -- SecretProviderClass Parameters vaultAddress: "" # vaultAddress: http://vault:8200 + # -- (tpl/string) Vault Role Name. + # Required if `secretProviderClass.provider` is set to `vault`. + # @section -- SecretProviderClass Parameters roleName: "" # roleName: example-role - objects: - #- objectName: MONGO_HOST - # secretPath: testing/data/mongoDb - # secretKey: MONGO_HOST + # -- (list) Objects definitions. + # @section -- SecretProviderClass Parameters + objects: + # - objectName: MONGO_HOST + # secretPath: testing/data/mongoDb + # secretKey: MONGO_HOST + # -- (list) Objects mapping. + # @section -- SecretProviderClass Parameters secretObjects: - #- data: - # - key: MONGO_HOST - # objectName: host - # secretName: secret-mongo-host - # type: Opaque + # - data: + # - key: MONGO_HOST + # objectName: host + # secretName: secret-mongo-host + # type: Opaque -########################################################## -# Expose Application on Forecastle Dashboard -# https://github.com/stakater/Forecastle -########################################################## forecastle: + # -- (bool) Deploy a [ForecastleApp](https://github.com/stakater/Forecastle) resource. + # @section -- ForecastleApp Parameters enabled: false - - # Add additional labels on Forecastle Custom Resource + # -- (object) Additional labels for ForecastleApp. + # @section -- ForecastleApp Parameters additionalLabels: - - # URL of the icon for the custom app + # -- (string) Icon URL. + # @section -- ForecastleApp Parameters icon: https://raw.githubusercontent.com/stakater/ForecastleIcons/master/stakater-big.png - - # Name of the application to be displayed on the Forecastle Dashboard - displayName: "application" - - # Group for the custom app (default: .Release.Namespace) + # -- (string) Application Name. + # Required if `forecastle.enabled` is set to `true`. + # @section -- ForecastleApp Parameters + displayName: "" + # -- (string) Application Group. + # @default -- `{{ .Release.Namespace }}` + # @section -- ForecastleApp Parameters group: "" - - # Add properties to Custom Resource + # -- (object) Custom properties. + # @section -- ForecastleApp Parameters properties: - - # Whether app is network restricted or not + # Owner: foo + # -- (bool) Is application network restricted?. + # @section -- ForecastleApp Parameters networkRestricted: false -########################################################## -# Role Based Access Control (RBAC) -########################################################## rbac: + # -- (bool) Enable RBAC. + # @section -- RBAC Parameters enabled: true - - # Service Account to use by pods serviceAccount: + # -- (bool) Deploy Service Account. + # @section -- RBAC Parameters enabled: false + # -- (string) Service Account Name. + # @default -- `{{ include "application.name" $ }}` + # @section -- RBAC Parameters name: "" - - # Additional Labels on service account + # -- (object) Additional labels for Service Account. + # @section -- RBAC Parameters additionalLabels: # key: value - - # Annotations on service account + # -- (object) Annotations for Service Account. + # @section -- RBAC Parameters annotations: # key: value - - # Create Roles (Namespaced) + # -- (list) Namespaced Roles. + # @section -- RBAC Parameters roles: # - name: configmaps # rules: @@ -541,17 +689,22 @@ rbac: # verbs: # - get -########################################################## -# Additional ConfigMaps -########################################################## configMap: + # -- (bool) Deploy additional ConfigMaps. + # @section -- ConfigMap Parameters enabled: false + # -- (object) Additional labels for ConfigMaps. + # @section -- ConfigMap Parameters additionalLabels: # key: value + # -- (object) Annotations for ConfigMaps. + # @section -- ConfigMap Parameters annotations: # key: value + # -- (object) List of ConfigMap entries. + # Key will be used as a name suffix for the ConfigMap. Value is the ConfigMap content. + # @section -- ConfigMap Parameters files: - # nameSuffix of configMap # code-config: # key1: value1 # key2: value2 @@ -559,94 +712,110 @@ configMap: # key1: value1 # key2: value2 -########################################################## -# SealedSecrets -########################################################## sealedSecret: + # -- (bool) Deploy [SealedSecret](https://github.com/bitnami-labs/sealed-secrets) resources. + # @section -- SealedSecret Parameters enabled: false + # -- (object) Additional labels for SealedSecret. + # @section -- SealedSecret Parameters additionalLabels: - #key: value + # key: value + # -- (object) Annotations for SealedSecret. + # @section -- SealedSecret Parameters annotations: - #key: value + # key: value + # -- (object) List of SealedSecret entries. + # Key will be used as a name suffix for the SealedSecret. Value is the SealedSecret content. + # @section -- SealedSecret Parameters files: -# #nameSuffix of sealedSecret -# example: -# encryptedData: -# name: AgBghrdepGMKmp/rdtJrkBv/CWpJbtmoMsbKQ7QiZZ2kUoLeeTbrDnhmJY03kWKkNW4kN/sQRf6r1vvBEaR4nkHt5f/ayAeaH3NveI3bdb0xv/svvWjyjehwqwr/kNEAVWxRoUij0Y7MyIEAr4hnV2UnrhgvcjPJLNA8bK6spA+kuT328Vpyceyvnm6yArNn1aYlEckaFHrnculHWRpG73iRYxS5GWAY7EdkLXx7OLLWoopHtLcupklYyPfraJzPvBNZ5/PsyjlUBvoQbGV3cZlrdEj1WHj2S1RQ13ddf2WGtMHmY83t9B3LFZAZuA7BBt4rjludbwQm3/tJ5Kas1dDsSIRIIF7MTeum9YfRB8XUz8IxVKQ/JDskeynrWe3VzN/3HFVnv9GGFy+BCVXZKVU/roIRancz+nXkyoOHS722ZpBi53dfLItoS5dG+0EzArMTQzK/KXHz3b1rxp5oWWDNt3WggTiSg2zwy5ZR8VV2ToTDof6UrFmbCZv/kKriyxbVSxIo3KFnvuRiUZ5MwC0TNut4mW3LKyJfHqkUuLa1mYV6tKF58qBnoj/+JaibAIBEudT9hms5U52p7/jKmgHuop7XPEsz4OVwER//Vbv7X6ctoXtyPu6mZyOfOyJHM8Qj/H7/gwMBYhZHQ96DWrVmZOsWSRpZGJni4Xm7rgt2cFj6UtWv6lvl8aOi/HSZVC3TwWZ9mQrk -# annotations: -# key: value -# labels: -# key: value -# clusterWide: true -# example2: -# encryptedData: -# name: AgBghrdepGMKmp/rdtJrkBv/CWpJbtmoMsbKQ7QiZZ2kUoLeeTbrDnhmJY03kWKkNW4kN/sQRf6r1vvBEaR4nkHt5f/ayAeaH3NveI3bdb0xv/svvWjyjehwqwr/kNEAVWxRoUij0Y7MyIEAr4hnV2UnrhgvcjPJLNA8bK6spA+kuT328Vpyceyvnm6yArNn1aYlEckaFHrnculHWRpG73iRYxS5GWAY7EdkLXx7OLLWoopHtLcupklYyPfraJzPvBNZ5/PsyjlUBvoQbGV3cZlrdEj1WHj2S1RQ13ddf2WGtMHmY83t9B3LFZAZuA7BBt4rjludbwQm3/tJ5Kas1dDsSIRIIF7MTeum9YfRB8XUz8IxVKQ/JDskeynrWe3VzN/3HFVnv9GGFy+BCVXZKVU/roIRancz+nXkyoOHS722ZpBi53dfLItoS5dG+0EzArMTQzK/KXHz3b1rxp5oWWDNt3WggTiSg2zwy5ZR8VV2ToTDof6UrFmbCZv/kKriyxbVSxIo3KFnvuRiUZ5MwC0TNut4mW3LKyJfHqkUuLa1mYV6tKF58qBnoj/+JaibAIBEudT9hms5U52p7/jKmgHuop7XPEsz4OVwER//Vbv7X6ctoXtyPu6mZyOfOyJHM8Qj/H7/gwMBYhZHQ96DWrVmZOsWSRpZGJni4Xm7rgt2cFj6UtWv6lvl8aOi/HSZVC3TwWZ9mQrk +# example: +# encryptedData: +# name: AgBghrdepGMKmp/rdtJrkBv/CWpJbtmoMsbKQ7QiZZ2kUoLeeTbrDnhmJY03kWKkNW4kN/sQRf6r1vvBEaR4nkHt5f/ayAeaH3NveI3bdb0xv/svvWjyjehwqwr/kNEAVWxRoUij0Y7MyIEAr4hnV2UnrhgvcjPJLNA8bK6spA+kuT328Vpyceyvnm6yArNn1aYlEckaFHrnculHWRpG73iRYxS5GWAY7EdkLXx7OLLWoopHtLcupklYyPfraJzPvBNZ5/PsyjlUBvoQbGV3cZlrdEj1WHj2S1RQ13ddf2WGtMHmY83t9B3LFZAZuA7BBt4rjludbwQm3/tJ5Kas1dDsSIRIIF7MTeum9YfRB8XUz8IxVKQ/JDskeynrWe3VzN/3HFVnv9GGFy+BCVXZKVU/roIRancz+nXkyoOHS722ZpBi53dfLItoS5dG+0EzArMTQzK/KXHz3b1rxp5oWWDNt3WggTiSg2zwy5ZR8VV2ToTDof6UrFmbCZv/kKriyxbVSxIo3KFnvuRiUZ5MwC0TNut4mW3LKyJfHqkUuLa1mYV6tKF58qBnoj/+JaibAIBEudT9hms5U52p7/jKmgHuop7XPEsz4OVwER//Vbv7X6ctoXtyPu6mZyOfOyJHM8Qj/H7/gwMBYhZHQ96DWrVmZOsWSRpZGJni4Xm7rgt2cFj6UtWv6lvl8aOi/HSZVC3TwWZ9mQrk +# annotations: +# key: value +# labels: +# key: value +# clusterWide: true +# example2: +# encryptedData: +# name: AgBghrdepGMKmp/rdtJrkBv/CWpJbtmoMsbKQ7QiZZ2kUoLeeTbrDnhmJY03kWKkNW4kN/sQRf6r1vvBEaR4nkHt5f/ayAeaH3NveI3bdb0xv/svvWjyjehwqwr/kNEAVWxRoUij0Y7MyIEAr4hnV2UnrhgvcjPJLNA8bK6spA+kuT328Vpyceyvnm6yArNn1aYlEckaFHrnculHWRpG73iRYxS5GWAY7EdkLXx7OLLWoopHtLcupklYyPfraJzPvBNZ5/PsyjlUBvoQbGV3cZlrdEj1WHj2S1RQ13ddf2WGtMHmY83t9B3LFZAZuA7BBt4rjludbwQm3/tJ5Kas1dDsSIRIIF7MTeum9YfRB8XUz8IxVKQ/JDskeynrWe3VzN/3HFVnv9GGFy+BCVXZKVU/roIRancz+nXkyoOHS722ZpBi53dfLItoS5dG+0EzArMTQzK/KXHz3b1rxp5oWWDNt3WggTiSg2zwy5ZR8VV2ToTDof6UrFmbCZv/kKriyxbVSxIo3KFnvuRiUZ5MwC0TNut4mW3LKyJfHqkUuLa1mYV6tKF58qBnoj/+JaibAIBEudT9hms5U52p7/jKmgHuop7XPEsz4OVwER//Vbv7X6ctoXtyPu6mZyOfOyJHM8Qj/H7/gwMBYhZHQ96DWrVmZOsWSRpZGJni4Xm7rgt2cFj6UtWv6lvl8aOi/HSZVC3TwWZ9mQrk -########################################################## -# Additional Secrets -########################################################## secret: + # -- (bool) Deploy additional Secret resources. + # @section -- Secret Parameters enabled: false + # -- (object) Additional labels for Secret. + # @section -- Secret Parameters additionalLabels: # key: value + # -- (object) Annotations for Secret. + # @section -- Secret Parameters annotations: # key: value + # -- (object) List of Secrets entries. + # Key will be used as a name suffix for the Secret. + # There a three allowed modes: + # - `data`: Data is base64 encoded by the chart + # - `encodedData`: Use raw values (already base64ed) inside the data map + # - `stringData`: Use raw values inside the stringData map + # @section -- Secret Parameters files: -# nameSuffix of Secret -# credentials: -# data: -# secretKey1: secretValue1 -# secretKey2: secretValue2 -# password: -# data: -# secretKey1: secretValue1 -# secretKey2: secretValue2 -# apiKey: -# stringData: -# secretKey1: secretValue1 -# secretKey2: secretValue2 -# secondApiKeu: -# encodedData: -# secretKey1: dGVzdFZhbHVl -# secretKey2: dGVzdFZhbHVl + # credentials: + # data: + # secretKey1: secretValue1 + # secretKey2: secretValue2 + # password: + # data: + # secretKey1: secretValue1 + # secretKey2: secretValue2 + # apiKey: + # stringData: + # secretKey1: secretValue1 + # secretKey2: secretValue2 + # secondApiKeu: + # encodedData: + # secretKey1: dGVzdFZhbHVl + # secretKey2: dGVzdFZhbHVl -########################################################## -# Service Monitor to collect Prometheus metrices -########################################################## serviceMonitor: + # -- (bool) Deploy a ServiceMonitor (Prometheus Operator) resource. + # @section -- ServiceMonitor Parameters enabled: false - - # Additional labels + # -- (object) Additional labels for ServiceMonitor. + # @section -- ServiceMonitor Parameters additionalLabels: # key: value - - # Additional annotations + # -- (object) Annotations for ServiceMonitor. + # @section -- ServiceMonitor Parameters annotations: # key: value - - # List of the endpoints of service from which prometheus will scrape data + # -- (list) Service endpoints from which prometheus will scrape data. + # @section -- ServiceMonitor Parameters endpoints: - interval: 5s path: /actuator/prometheus port: http -########################################################## -# HPA - Horizontal Pod Autoscaling -########################################################## autoscaling: -# enabled is a boolean flag for enabling or disabling autoscaling + # -- (bool) Enable Horizontal Pod Autoscaling. + # @section -- Autoscaling - Horizontal Pod Autoscaling Parameters enabled: false -# additionalLabels defines additional labels + # -- (object) Additional labels for HPA. + # @section -- Autoscaling - Horizontal Pod Autoscaling Parameters additionalLabels: # key: value -# annotations defines annotations in key value pair + # -- (object) Annotations for HPA. + # @section -- Autoscaling - Horizontal Pod Autoscaling Parameters annotations: # key: value -# minReplicas sets the minimum number of replicas + # -- (int) Minimum number of replicas. + # @section -- Autoscaling - Horizontal Pod Autoscaling Parameters minReplicas: 1 -# maxReplicas sets the maximum number of replicas + # -- (int) Maximum number of replicas. + # @section -- Autoscaling - Horizontal Pod Autoscaling Parameters maxReplicas: 10 -# metrics is the list of metrics used for hpa + # -- (list) Metrics used for autoscaling. + # @section -- Autoscaling - Horizontal Pod Autoscaling Parameters metrics: - type: Resource resource: @@ -661,55 +830,62 @@ autoscaling: type: Utilization averageUtilization: 60 -########################################################## -# VPA - Vertical Pod Autoscaling -########################################################## vpa: -# enabled is a boolean flag for enabling or disabling vpa + # -- (bool) Enable Vertical Pod Autoscaling. + # @section -- VPA - Vertical Pod Autoscaler Parameters enabled: false -# additionalLabels defines additional labels + # -- (object) Additional labels for VPA. + # @section -- VPA - Vertical Pod Autoscaler Parameters additionalLabels: # key: value -# annotations defines annotations in key value pair + # -- (object) Annotations for VPA. + # @section -- VPA - Vertical Pod Autoscaler Parameters annotations: # key: value -# container policies for individual containers. + # -- (list) Container policies for individual containers. + # @section -- VPA - Vertical Pod Autoscaler Parameters containerPolicies: [] + # -- (object) Update policy. + # @section -- VPA - Vertical Pod Autoscaler Parameters updatePolicy: updateMode: Auto -########################################################## -# EndpointMonitor for IMC -# https://github.com/stakater/IngressMonitorController -########################################################## endpointMonitor: + # -- (bool) Deploy an [IMC EndpointMonitor](https://github.com/stakater/IngressMonitorController) resource. + # @section -- EndpointMonitor Parameters enabled: false - - # Additional labels + # -- (object) Additional labels for EndpointMonitor. + # @section -- EndpointMonitor Parameters additionalLabels: # key: value - - # Additional annotations + # -- (object) Annotations for EndpointMonitor. + # @section -- EndpointMonitor Parameters annotations: # key: value -########################################################## -# Certficate CRD to generate the certificate -########################################################## certificate: + # -- (bool) Deploy a [cert-manager Certificate](https://cert-manager.io) resource. + # @section -- cert-manager Certificate Parameters enabled: false - - # Additional labels + # -- (object) Additional labels for Certificate. + # @section -- cert-manager Certificate Parameters additionalLabels: # key: value - - # Additional annotations + # -- (object) Annotations for Certificate. + # @section -- cert-manager Certificate Parameters annotations: # key: value - + # -- (tpl/string) Name of the secret resource that will be automatically created and managed by this Certificate resource. + # @section -- cert-manager Certificate Parameters secretName: tls-cert + # -- (string) The requested "duration" (i.e. lifetime) of the Certificate. + # @section -- cert-manager Certificate Parameters duration: 8760h0m0s # 1 year + # -- (string) The amount of time before the currently issued certificate's notAfter time that cert-manager will begin to attempt to renew the certificate. + # @section -- cert-manager Certificate Parameters renewBefore: 720h0m0s # 30d + # -- (tpl/object) Full X509 name specification for certificate. + # @section -- cert-manager Certificate Parameters subject: # organizations: # - stakater @@ -721,54 +897,104 @@ certificate: # - Stockholm # provinces: # - Stockholm + # -- (string) Common name as specified on the DER encoded CSR. + # @section -- cert-manager Certificate Parameters commonName: admin-app + # -- (string) Private key algorithm of the corresponding private key for this certificate. + # @section -- cert-manager Certificate Parameters keyAlgorithm: rsa + # -- (string) Private key cryptography standards (PKCS) for this certificate's private key to be encoded in. + # @section -- cert-manager Certificate Parameters keyEncoding: pkcs1 + # -- (int) Key bit size of the corresponding private key for this certificate. + # @section -- cert-manager Certificate Parameters keySize: 2048 + # -- (bool) Mark this Certificate as valid for certificate signing. + # @section -- cert-manager Certificate Parameters isCA: false + # -- (list) Set of x509 usages that are requested for the certificate. + # @section -- cert-manager Certificate Parameters usages: # - digital signature # - client auth + # -- (tpl/list) List of DNS subjectAltNames to be set on the certificate. + # @section -- cert-manager Certificate Parameters dnsNames: # - admin-app + # -- (list) List of IP address subjectAltNames to be set on the certificate. + # @section -- cert-manager Certificate Parameters ipAddresses: # - 192.168.0.5 + # -- (list) List of URI subjectAltNames to be set on the certificate. + # @section -- cert-manager Certificate Parameters uriSANs: # - spiffe://cluster.local/ns/sandbox/sa/example + # -- (list) List of email subjectAltNames to be set on the Certificate. + # @section -- cert-manager Certificate Parameters emailSANs: - # - emailSubjectAltNames + # - foo@bar.tld privateKey: + # -- (bool) Enable Private Key for the certificate. + # @section -- cert-manager Certificate Parameters enabled: false + # -- (string) Denotes how private keys should be generated or sourced when a certificate is being issued. + # @section -- cert-manager Certificate Parameters rotationPolicy: Always issuerRef: + # -- (string) Reference to the issuer for this certificate. + # @section -- cert-manager Certificate Parameters name: ca-issuer - # We can reference ClusterIssuers by changing the kind here. + # -- (string) Kind of the issuer being referred to. + # @section -- cert-manager Certificate Parameters kind: ClusterIssuer - group: #cert-manager.io + # kind: Issuer + # -- (string) Group of the issuer resource being refered to. + # @section -- cert-manager Certificate Parameters + group: cert-manager.io keystores: + # -- (bool) Enables keystore configuration. + # Keystores configures additional keystore output formats stored in the spec.secretName Secret resource. + # @section -- cert-manager Certificate Parameters enabled: false pkcs12: + # -- (bool) Enables PKCS12 keystore creation for the Certificate. + # PKCS12 configures options for storing a PKCS12 keystore in the spec.secretName Secret resource. + # @section -- cert-manager Certificate Parameters create: true + # -- (string) Key of the entry in the Secret resource's data field to be used. + # @section -- cert-manager Certificate Parameters key: test_key + # -- (string) Name of the Secret resource being referred to. + # @section -- cert-manager Certificate Parameters name: test-creds jks: + # -- (bool) Enables jks keystore creation for the Certificate. + # JKS configures options for storing a JKS keystore in the spec.secretName Secret resource. + # @section -- cert-manager Certificate Parameters create: false + # -- (tpl/string) Key of the entry in the Secret resource's data field to be used. + # @section -- cert-manager Certificate Parameters key: test_key + # -- (string) Name of the Secret resource being referred to. + # @section -- cert-manager Certificate Parameters name: test-creds -########################################################## -# AlertmanagerConfig object for defining application -# specific alertmanager configurations -########################################################## alertmanagerConfig: + # -- (bool) Deploy an AlertmanagerConfig (Prometheus Operator) resource. + # @section -- AlertmanagerConfig Parameters enabled: false - - # AlertmanagerConfig selectionLabels to specify label to be picked up by Alertmanager to add it to base config. Read more about it at [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.html] under .spec.alertmanagerConfigSelector + # -- (object) Labels to be picked up by Alertmanager to add it to base config. + # Read more about it at [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/alertmanager-monitoring-coreos-com-v1.html](OpenShift's AlermanagerConfig documentation) under .spec.alertmanagerConfigSelector. + # @section -- AlertmanagerConfig Parameters selectionLabels: - alertmanagerConfig: "workload" - - # AlertmanagerConfig spec, read details here [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1alpha1.html] + alertmanagerConfig: workload + # -- (object) AlertmanagerConfig spec. + # Read more about it at [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/alertmanagerconfig-monitoring-coreos-com-v1alpha1.html](OpenShift's AlermanagerConfig documentation). + # @section -- AlertmanagerConfig Parameters spec: + # -- (object) Route definition for alerts matching the resource’s namespace. + # It will be added to the generated Alertmanager configuration as a first-level route. + # @section -- AlertmanagerConfig Parameters route: # receiver: "null" # groupBy: @@ -782,8 +1008,12 @@ alertmanagerConfig: # groupWait: 30s # groupInterval: 5m # repeatInterval: 12h + # -- (list) List of receivers. + # @section -- AlertmanagerConfig Parameters receivers: [] # - name: "null" + # -- (list) Inhibition rules that allows to mute alerts when other alerts are already firing. + # @section -- AlertmanagerConfig Parameters inhibitRules: [] # - sourceMatch: # severity: 'critical' @@ -791,20 +1021,18 @@ alertmanagerConfig: # severity: 'warning' # equal: ['cluster', 'service'] -########################################################## -# PrometheusRule object for defining application -# alerting rules -########################################################## prometheusRule: + # -- (bool) Deploy a PrometheusRule (Prometheus Operator) resource. + # @section -- PrometheusRule Parameters enabled: false - - # PrometheusRule labels + # -- (object) Additional labels for PrometheusRule. + # @section -- PrometheusRule Parameters additionalLabels: # prometheus: stakater-workload-monitoring # role: alert-rules - - # Groups with alerting rules. Read more here [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.html] - + # -- (list) Groups with alerting rules. + # Read more about it at [https://docs.openshift.com/container-platform/4.7/rest_api/monitoring_apis/prometheusrule-monitoring-coreos-com-v1.html](OpenShift's PrometheusRule documentation). + # @section -- PrometheusRule Parameters groups: [] # - name: example-app-uptime # rules: @@ -817,46 +1045,69 @@ prometheusRule: # labels: # severity: critical -########################################################## -# External Secrets -########################################################## externalSecret: + # -- (bool) Deploy [ExternalSecret](https://external-secrets.io/latest/) resources. + # @section -- ExternalSecret Parameters enabled: false - - # Default SecretStore for all externalsecrets defines which SecretStore to use when fetching the secret data + # -- (object) Additional labels for ExternalSecret. + # @section -- ExternalSecret Parameters + additionalLabels: + # key: value + # -- (object) Annotations for ExternalSecret. + # @section -- ExternalSecret Parameters + annotations: + # key: value + # -- (object) Default values for the SecretStore. + # Can be overriden per ExternalSecret in the `externalSecret.files` object. + # @section -- ExternalSecret Parameters secretStore: + # -- (string) Name of the SecretStore to use. + # @section -- ExternalSecret Parameters name: tenant-vault-secret-store - #kind: ClusterSecretStore # Defaults to SecretStore if not specified - - # RefreshInterval is the amount of time before the values reading again from the SecretStore provider + # -- (string) Kind of the SecretStore being refered to. + # @section -- ExternalSecret Parameters + kind: SecretStore + #kind: ClusterSecretStore + # -- (string) RefreshInterval is the amount of time before the values are read again from the SecretStore provider. + # @section -- ExternalSecret Parameters refreshInterval: "1m" + # -- (object) List of ExternalSecret entries. + # Key will be used as a name suffix for the ExternalSecret. + # There a two allowed modes: + # - `data`: Data defines the connection between the Kubernetes Secret keys and the Provider data + # - `dataFrom`: Used to fetch all properties from the Provider key + # @section -- ExternalSecret Parameters files: # mongodb: - # # Data defines the connection between the Kubernetes Secret keys and the Provider data # data: # mongo-password: - # remoteRef: + # remoteRef: # key: monodb - # property: passowrd + # property: password # secretStore: - # name: secret-store-name-2 # specify if value is other than default secretstore + # name: secret-store-name-2 # labels: - # stakater.com/app: mongodb - # # + # stakater.com/app: mongodb + # annotations: + # key: value # postgres: - ## Used to fetch all properties from the Provider key - # dataFrom: - # key: postgres + # dataFrom: + # key: postgres -########################################################## -# Network Policy -########################################################## networkPolicy: + # -- (bool) Enable Network Policy. + # @section -- NetworkPolicy Parameters enabled: false + # -- (object) Additional labels for Network Policy. + # @section -- NetworkPolicy Parameters additionalLabels: # key: value + # -- (object) Annotations for Network Policy. + # @section -- NetworkPolicy Parameters annotations: # key: value + # -- (list) Ingress rules for Network Policy. + # @section -- NetworkPolicy Parameters ingress: # - from: # - ipBlock: @@ -872,6 +1123,8 @@ networkPolicy: # ports: # - protocol: TCP # port: 6379 + # -- (list) Egress rules for Network Policy. + # @section -- NetworkPolicy Parameters egress: # - to: # - ipBlock: @@ -880,46 +1133,42 @@ networkPolicy: # - protocol: TCP # port: 5978 -########################################################## -# Pod disruption budget - PDB -########################################################## pdb: + # -- (bool) Enable Pod Disruption Budget. + # @section -- PodDisruptionBudget Parameters enabled: false + # -- (int) Minimum number of pods that must be available after eviction. + # @section -- PodDisruptionBudget Parameters minAvailable: 1 -# maxUnavailable: 1 + # -- (int) Maximum number of unavailable pods during voluntary disruptions. + # @section -- PodDisruptionBudget Parameters + maxUnavailable: + # maxUnavailable: 1 -########################################################## -# grafanaDashboard object for defining application -# Grafana Dashboard -########################################################## grafanaDashboard: + # -- (bool) Deploy [GrafanaDashboard](https://github.com/grafana/grafana-operator) resources. + # @section -- GrafanaDashboard Parameters enabled: false - - # GrafanaDashboard additonal labels + # -- (object) Additional labels for GrafanaDashboard. + # @section -- GrafanaDashboard Parameters additionalLabels: # grafanaDashboard: grafana-operator - - # GrafanaDashboard annotations + # -- (object) Annotations for GrafanaDashboard. + # @section -- GrafanaDashboard Parameters annotations: # key: value - - # GrafanaDashboard contents - # this includes pairs of dashboard name and associated json content - # Accoroding to GrafanaDashboard behavior, if both url and json are specified then the GrafanaDashboard content will be updated with fetched content from url + # -- (object) List of GrafanaDashboard entries. + # Key will be used as a name suffix for the GrafanaDashboard. Value is the GrafanaDashboard content. + # According to GrafanaDashboard behavior, `url` field takes precedence on the `json` field. + # @section -- GrafanaDashboard Parameters contents: # dashboard-name-1: # json: |- # { # "data" # } - # url: http://hostname/path/to/file.json # dashboard-name-2: - # json: |- - # { - # "data" - # } # url: http://hostname/path/to/file.json - # dashboard-test-name-2: # allowCrossNamespaceImport: true # configMapRef: @@ -933,8 +1182,37 @@ grafanaDashboard: # matchLabels: # app: test-2 -########################################################## -# Backup object for creating back using OADP/Velero -########################################################## backup: + # -- (bool) Deploy a [Velero/OADP Backup](https://velero.io/docs/main/api-types/backup/) resource. + # @section -- Backup Parameters enabled: false + # -- (string) Namespace for Backup. + # @default -- `{{ .Release.Namespace }}` + # @section -- Backup Parameters + namespace: + # -- (object) Additional labels for Backup. + # @section -- Backup Parameters + additionalLabels: + # grafanaDashboard: grafana-operator + # -- (object) Annotations for Backup. + # @section -- Backup Parameters + annotations: + # key: value + # -- (bool) Whether to use Restic to take snapshots of all pod volumes by default. + # @section -- Backup Parameters + defaultVolumesToRestic: true + # -- (bool) Whether to take snapshots of persistent volumes as part of the backup. + # @section -- Backup Parameters + snapshotVolumes: true + # -- (string) Name of the backup storage location where the backup should be stored. + # @section -- Backup Parameters + storageLocation: + # -- (string) How long the Backup should be retained for. + # @section -- Backup Parameters + ttl: "1h0m0s" + # -- (list) List of resource types to include in the backup. + # @section -- Backup Parameters + includedResources: + # -- (list) List of resource types to exclude from the backup. + # @section -- Backup Parameters + excludedResources: