openshift-console: bump to v4.10.0, helm chart v0.3.6
This commit is contained in:
parent
5b6043237d
commit
e21e9f1b63
23
openshift-console/.helmignore
Normal file
23
openshift-console/.helmignore
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*.orig
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
.vscode/
|
7
openshift-console/Chart.yaml
Normal file
7
openshift-console/Chart.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
appVersion: 4.10.0
|
||||||
|
description: OpenShift Cluster Console UI
|
||||||
|
icon: https://avatars0.githubusercontent.com/u/792337?s=200&v=4
|
||||||
|
name: openshift-console
|
||||||
|
type: application
|
||||||
|
version: 0.3.6
|
75
openshift-console/README.md
Normal file
75
openshift-console/README.md
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
# OpenShift Console (Bridge)
|
||||||
|
|
||||||
|
[Bridge](https://github.com/openshift/console) is the OpenShift console.
|
||||||
|
|
||||||
|
## TL;DR
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ helm repo add av1o https://av1o.gitlab.io/charts
|
||||||
|
$ helm install bridge av1o/openshift-console
|
||||||
|
```
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
This chart bootstraps a deployment of the OpenShift Console on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||||
|
|
||||||
|
The OpenShift Console is designed for running on OpenShift, however it works perfectly fine in native Kubernetes. Since the Console is unable to use the default OpenShift OAuth2, this chart is expecting a Dex deployment which is configured to generate OIDC tokens for the Kubernetes API server.
|
||||||
|
This behaviour can be configured with the `extraEnv` map.
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
- Kubernetes 1.12+
|
||||||
|
- Helm 3
|
||||||
|
|
||||||
|
## Installing the Chart
|
||||||
|
To install the chart with the release name `my-release`:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ helm install my-release av1o/openshift-console
|
||||||
|
```
|
||||||
|
|
||||||
|
The command deploys the console on the Kubernetes cluster in the default configuration.
|
||||||
|
|
||||||
|
> **Tip**: List all releases using `helm list`
|
||||||
|
|
||||||
|
## Uninstalling the Chart
|
||||||
|
|
||||||
|
To uninstall/delete the `my-release` deployment:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ helm delete my-release
|
||||||
|
```
|
||||||
|
|
||||||
|
## Parameters
|
||||||
|
|
||||||
|
The following table lists the configurable parameters of the OpenShift Console chart and their default values.
|
||||||
|
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------|
|
||||||
|
| `replicaCount` | Number of pods to run | 1 |
|
||||||
|
| `image.registry` | Docker image registry | `quay.io` |
|
||||||
|
| `image.repository` | Docker image name | `openshift/origin-console` |
|
||||||
|
| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` |
|
||||||
|
| `image.tag` | Docker image tag | `${CHART_VERSION}` |
|
||||||
|
| `imagePullSecrets` | Specify Image pull secrets | `[]` |
|
||||||
|
| `podAnnotations` | Map of annotations to add to the pods | See `values.yaml` |
|
||||||
|
| `podSecurityContext` | Map of security context to add to the pod | See `values.yaml` |
|
||||||
|
| `securityContext` | Map of security context to add to the container | See `values.yaml` |
|
||||||
|
| `service.type` | Service type | `ClusterIP` |
|
||||||
|
| `extraEnv` | Map of environment variables to include in the container | `{}` |
|
||||||
|
| `console.dex.host` | HTTP(S) address of the Dex instance | `https://dex.example.org` |
|
||||||
|
| `console.baseUrl` | HTTP(S) address of the Console | `https://console.example.org` |
|
||||||
|
| `console.impersonateOpenShift` | Install CRDs to trick the Console into showing some OpenShift-exclusive actions which work on Kubernetes. Note: requires `cluster-admin` | `false` |
|
||||||
|
| `console.oidc.enabled` | Enable OIDC authentication | `true` |
|
||||||
|
| `console.oidc.issuerUrl` | Issuer of the OIDC server | `https://dex.example.org` |
|
||||||
|
| `console.oidc.clientId` | OIDC client ID | `kubernetes` |
|
||||||
|
| `console.oidc.clientSecret` | OIDC client secret | `hunter2` |
|
||||||
|
| `rbac.enabled` | Install RBAC to trick the Console into behaving closer to how OpenShift does. Required `cluster-admin` and `console.impersonateOpenShift=true` | `false` |
|
||||||
|
| `ingress.className` | IngressClass resource to use. | |
|
||||||
|
| `sidecars` | Arbitrary sidecars to include as-is | `[]` |
|
||||||
|
|
||||||
|
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
|
||||||
|
|
||||||
|
### Version `0.2.X`
|
||||||
|
|
||||||
|
Version `0.2.0` and above require the `networking.k8s.io/v1` API for Ingress which is available in Kubernetes 1.19 and above.
|
4
openshift-console/ci/hostaliases.yaml
Normal file
4
openshift-console/ci/hostaliases.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
hostAliases:
|
||||||
|
- ip: "127.0.0.1"
|
||||||
|
hostnames:
|
||||||
|
- "kubernetes.default.svc"
|
7
openshift-console/ci/sidecar.yaml
Normal file
7
openshift-console/ci/sidecar.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
sidecars:
|
||||||
|
- name: your-image-name
|
||||||
|
image: your-image
|
||||||
|
imagePullPolicy: Always
|
||||||
|
ports:
|
||||||
|
- name: portname
|
||||||
|
containerPort: 1234
|
21
openshift-console/templates/NOTES.txt
Normal file
21
openshift-console/templates/NOTES.txt
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
1. Get the application URL by running these commands:
|
||||||
|
{{- if .Values.ingress.enabled }}
|
||||||
|
{{- range $host := .Values.ingress.hosts }}
|
||||||
|
{{- range .paths }}
|
||||||
|
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else if contains "NodePort" .Values.service.type }}
|
||||||
|
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "openshift-console.fullname" . }})
|
||||||
|
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||||
|
echo http://$NODE_IP:$NODE_PORT
|
||||||
|
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||||
|
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||||
|
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "openshift-console.fullname" . }}'
|
||||||
|
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "openshift-console.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
|
||||||
|
echo http://$SERVICE_IP:{{ .Values.service.port }}
|
||||||
|
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||||
|
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "openshift-console.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||||
|
echo "Visit http://127.0.0.1:8080 to use your application"
|
||||||
|
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
|
||||||
|
{{- end }}
|
75
openshift-console/templates/_helpers.tpl
Normal file
75
openshift-console/templates/_helpers.tpl
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "openshift-console.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "openshift-console.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride }}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||||
|
{{- if contains $name .Release.Name }}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- else }}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "openshift-console.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common labels
|
||||||
|
*/}}
|
||||||
|
{{- define "openshift-console.labels" -}}
|
||||||
|
helm.sh/chart: {{ include "openshift-console.chart" . }}
|
||||||
|
{{ include "openshift-console.selectorLabels" . }}
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Selector labels
|
||||||
|
*/}}
|
||||||
|
{{- define "openshift-console.selectorLabels" -}}
|
||||||
|
app.kubernetes.io/name: {{ include "openshift-console.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use
|
||||||
|
*/}}
|
||||||
|
{{- define "openshift-console.serviceAccountName" -}}
|
||||||
|
{{- if .Values.serviceAccount.create }}
|
||||||
|
{{- default (include "openshift-console.fullname" .) .Values.serviceAccount.name }}
|
||||||
|
{{- else }}
|
||||||
|
{{- default "default" .Values.serviceAccount.name }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Renders a value that contains template.
|
||||||
|
Usage:
|
||||||
|
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
|
||||||
|
*/}}
|
||||||
|
{{- define "common.tplvalues.render" -}}
|
||||||
|
{{- if typeIs "string" .value }}
|
||||||
|
{{- tpl .value .context }}
|
||||||
|
{{- else }}
|
||||||
|
{{- tpl (.value | toYaml) .context }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
21
openshift-console/templates/crd.yaml
Normal file
21
openshift-console/templates/crd.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{{- if .Values.console.impersonateOpenShift }}
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: apps.apps.openshift.io
|
||||||
|
spec:
|
||||||
|
group: apps.openshift.io
|
||||||
|
versions:
|
||||||
|
- name: v1
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
type: object
|
||||||
|
properties: {}
|
||||||
|
scope: Namespaced
|
||||||
|
names:
|
||||||
|
plural: apps
|
||||||
|
singular: app
|
||||||
|
kind: OpenShift
|
||||||
|
{{- end }}
|
125
openshift-console/templates/deployment.yaml
Normal file
125
openshift-console/templates/deployment.yaml
Normal file
@ -0,0 +1,125 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ include "openshift-console.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- with .Values.labels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml .Values.annotations | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
{{- if not .Values.autoscaling.enabled }}
|
||||||
|
replicas: {{ .Values.replicaCount }}
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "openshift-console.selectorLabels" . | nindent 6 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
{{- with .Values.podAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- with .Values.podLabels }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- include "openshift-console.selectorLabels" . | nindent 8 }}
|
||||||
|
spec:
|
||||||
|
{{- with .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||||
|
serviceAccountName: {{ include "openshift-console.serviceAccountName" . }}
|
||||||
|
{{- if .Values.podSecurityContext.enabled }}
|
||||||
|
securityContext:
|
||||||
|
{{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
volumes:
|
||||||
|
{{- if .Values.volumes }}
|
||||||
|
{{- range .Values.volumes }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
{{ toYaml .config | indent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.hostAliases }}
|
||||||
|
hostAliases:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}
|
||||||
|
{{- if .Values.securityContext.enabled }}
|
||||||
|
securityContext:
|
||||||
|
{{- omit .Values.securityContext "enabled" | toYaml | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
image: "{{ .Values.image.registry}}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
|
envFrom:
|
||||||
|
{{- with .Values.extraEnvFrom }}
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
env:
|
||||||
|
- name: BRIDGE_DOCUMENTATION_BASE_URL
|
||||||
|
value: https://kubernetes.io/docs/
|
||||||
|
- name: BRIDGE_DEX_API_HOST
|
||||||
|
value: {{ .Values.console.dex.host }}
|
||||||
|
- name: BRIDGE_BASE_ADDRESS
|
||||||
|
value: {{ .Values.console.baseUrl }}
|
||||||
|
{{- if .Values.console.oidc.enabled }}
|
||||||
|
- name: BRIDGE_USER_AUTH
|
||||||
|
value: oidc
|
||||||
|
- name: BRIDGE_K8S_AUTH
|
||||||
|
value: oidc
|
||||||
|
- name: BRIDGE_USER_AUTH_OIDC_ISSUER_URL
|
||||||
|
value: {{ .Values.console.oidc.issuerUrl }}
|
||||||
|
- name: BRIDGE_USER_AUTH_OIDC_CLIENT_ID
|
||||||
|
value: {{ .Values.console.oidc.clientId }}
|
||||||
|
- name: BRIDGE_USER_AUTH_OIDC_CLIENT_SECRET
|
||||||
|
value: {{ .Values.console.oidc.clientSecret }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range $key, $value := .Values.extraEnv }}
|
||||||
|
- name: {{ $key }}
|
||||||
|
value: {{ $value | quote }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: {{ .Values.service.port }}
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
{{- if .Values.volumes }}
|
||||||
|
{{- range .Values.volumes }}
|
||||||
|
- mountPath: {{ .mountPath }}
|
||||||
|
name: {{ .name }}
|
||||||
|
{{- if .subPath }}
|
||||||
|
subPath: {{ .subPath }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /health
|
||||||
|
port: http
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /health
|
||||||
|
port: http
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
|
{{- if .Values.sidecars }}
|
||||||
|
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $ ) | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
28
openshift-console/templates/hpa.yaml
Normal file
28
openshift-console/templates/hpa.yaml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{{- if .Values.autoscaling.enabled }}
|
||||||
|
apiVersion: autoscaling/v2beta1
|
||||||
|
kind: HorizontalPodAutoscaler
|
||||||
|
metadata:
|
||||||
|
name: {{ include "openshift-console.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
scaleTargetRef:
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
name: {{ include "openshift-console.fullname" . }}
|
||||||
|
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||||
|
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||||
|
metrics:
|
||||||
|
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||||
|
- type: Resource
|
||||||
|
resource:
|
||||||
|
name: cpu
|
||||||
|
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||||
|
- type: Resource
|
||||||
|
resource:
|
||||||
|
name: memory
|
||||||
|
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
41
openshift-console/templates/ingress.yaml
Normal file
41
openshift-console/templates/ingress.yaml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
{{- if .Values.ingress.enabled -}}
|
||||||
|
{{- $fullName := include "openshift-console.fullname" . -}}
|
||||||
|
{{- $svcPort := .Values.service.port -}}
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: {{ $fullName }}
|
||||||
|
labels:
|
||||||
|
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.ingress.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- omit . "kubernetes.io/ingress.class" | toYaml | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
ingressClassName: {{ .Values.ingress.className | default (get .Values.ingress.annotations "kubernetes.io/ingress.class") }}
|
||||||
|
{{- if .Values.ingress.tls }}
|
||||||
|
tls:
|
||||||
|
{{- range .Values.ingress.tls }}
|
||||||
|
- hosts:
|
||||||
|
{{- range .hosts }}
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
secretName: {{ .secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
rules:
|
||||||
|
{{- range .Values.ingress.hosts }}
|
||||||
|
- host: {{ .host | quote }}
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
{{- range .paths }}
|
||||||
|
- path: {{ . }}
|
||||||
|
pathType: ImplementationSpecific
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: {{ $fullName }}
|
||||||
|
port:
|
||||||
|
number: {{ $svcPort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
31
openshift-console/templates/rbac.yaml
Normal file
31
openshift-console/templates/rbac.yaml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{{- if and .Values.console.impersonateOpenShift .Values.rbac.enabled }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: {{ include "openshift-console.fullname" . }}-dashboards
|
||||||
|
namespace: openshift-config-managed
|
||||||
|
rules:
|
||||||
|
- verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ include "openshift-console.fullname" . }}-dashboards
|
||||||
|
# unfortunately this is hardcoded (https://github.com/openshift/console/blob/master/cmd/bridge/main.go#L576)
|
||||||
|
namespace: openshift-config-managed
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: {{ include "openshift-console.fullname" . }}-dashboards
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "openshift-console.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
15
openshift-console/templates/service.yaml
Normal file
15
openshift-console/templates/service.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "openshift-console.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
type: {{ .Values.service.type }}
|
||||||
|
ports:
|
||||||
|
- port: {{ .Values.service.port }}
|
||||||
|
targetPort: http
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
selector:
|
||||||
|
{{- include "openshift-console.selectorLabels" . | nindent 4 }}
|
12
openshift-console/templates/serviceaccount.yaml
Normal file
12
openshift-console/templates/serviceaccount.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
{{- if .Values.serviceAccount.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "openshift-console.serviceAccountName" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.serviceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
15
openshift-console/templates/tests/test-connection.yaml
Normal file
15
openshift-console/templates/tests/test-connection.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: "{{ include "openshift-console.fullname" . }}-test-connection"
|
||||||
|
labels:
|
||||||
|
{{- include "openshift-console.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
"helm.sh/hook": test-success
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: wget
|
||||||
|
image: busybox
|
||||||
|
command: ['wget']
|
||||||
|
args: ['{{ include "openshift-console.fullname" . }}:{{ .Values.service.port }}']
|
||||||
|
restartPolicy: Never
|
118
openshift-console/values.yaml
Normal file
118
openshift-console/values.yaml
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
# Default values for openshift-console.
|
||||||
|
# This is a YAML-formatted file.
|
||||||
|
# Declare variables to be passed into your templates.
|
||||||
|
|
||||||
|
replicaCount: 1
|
||||||
|
|
||||||
|
image:
|
||||||
|
registry: quay.io
|
||||||
|
repository: openshift/origin-console
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
# Overrides the image tag whose default is the chart appVersion.
|
||||||
|
tag: "4.14.0"
|
||||||
|
|
||||||
|
imagePullSecrets: []
|
||||||
|
nameOverride: ""
|
||||||
|
fullnameOverride: ""
|
||||||
|
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
|
||||||
|
podLabels: {}
|
||||||
|
podAnnotations:
|
||||||
|
linkerd.io/inject: enabled
|
||||||
|
sidecar.istio.io/inject: "true"
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 1001
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
enabled: true
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1001
|
||||||
|
|
||||||
|
service:
|
||||||
|
type: ClusterIP
|
||||||
|
port: 9000
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: false
|
||||||
|
className: ""
|
||||||
|
annotations: {}
|
||||||
|
# kubernetes.io/ingress.class: nginx
|
||||||
|
# kubernetes.io/tls-acme: "true"
|
||||||
|
hosts:
|
||||||
|
- host: chart-example.local
|
||||||
|
paths: []
|
||||||
|
tls: []
|
||||||
|
# - secretName: chart-example-tls
|
||||||
|
# hosts:
|
||||||
|
# - chart-example.local
|
||||||
|
|
||||||
|
extraEnvFrom: {}
|
||||||
|
|
||||||
|
extraEnv: {}
|
||||||
|
|
||||||
|
volumes: []
|
||||||
|
# - name: my-volume
|
||||||
|
# mountPath: /foo/bar
|
||||||
|
# config:
|
||||||
|
# emptyDir: {}
|
||||||
|
|
||||||
|
console:
|
||||||
|
dex:
|
||||||
|
host: https://dex.example.org
|
||||||
|
baseUrl: https://console.example.org
|
||||||
|
impersonateOpenShift: false
|
||||||
|
oidc:
|
||||||
|
enabled: true
|
||||||
|
issuerUrl: https://dex.example.org
|
||||||
|
clientId: kubernetes
|
||||||
|
clientSecret: hunter2
|
||||||
|
|
||||||
|
rbac:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
resources: {}
|
||||||
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||||
|
# choice for the user. This also increases chances charts run on environments with little
|
||||||
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||||
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||||
|
# limits:
|
||||||
|
# cpu: 100m
|
||||||
|
# memory: 128Mi
|
||||||
|
# requests:
|
||||||
|
# cpu: 100m
|
||||||
|
# memory: 128Mi
|
||||||
|
|
||||||
|
autoscaling:
|
||||||
|
enabled: false
|
||||||
|
minReplicas: 1
|
||||||
|
maxReplicas: 100
|
||||||
|
targetCPUUtilizationPercentage: 80
|
||||||
|
# targetMemoryUtilizationPercentage: 80
|
||||||
|
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
affinity: {}
|
||||||
|
|
||||||
|
sidecars: []
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
create: true
|
||||||
|
automountServiceAccountToken: true
|
||||||
|
annotations: {}
|
||||||
|
name: ""
|
||||||
|
|
||||||
|
hostAliases: []
|
||||||
|
# - ip: "127.0.0.1"
|
||||||
|
# hostnames:
|
||||||
|
# - "kubernetes.default.svc"
|
Loading…
Reference in New Issue
Block a user