Skip to content
This repository has been archived by the owner on Dec 4, 2024. It is now read-only.

Commit

Permalink
chore: bump opsportal chart (#344)
Browse files Browse the repository at this point in the history
* chore: copy prev opsportal-11 to opsportal-12

* chore: bump opsportal chart ref and revision

* chore: update chart values link

Co-authored-by: Shane Utt <[email protected]>
(cherry picked from commit 349150e)
natmegs authored and joejulian committed Jul 8, 2020
1 parent a12adf1 commit 86c1d06
Showing 1 changed file with 68 additions and 0 deletions.
68 changes: 68 additions & 0 deletions addons/opsportal/1.1.x/opsportal-12.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
---
apiVersion: kubeaddons.mesosphere.io/v1beta2
kind: Addon
metadata:
name: opsportal
namespace: kubeaddons
labels:
kubeaddons.mesosphere.io/name: opsportal
annotations:
catalog.kubeaddons.mesosphere.io/addon-revision: "1.1.0-12"
appversion.kubeaddons.mesosphere.io/opsportal: "1.1.0"
endpoint.kubeaddons.mesosphere.io/opsportal: /ops/portal/
values.chart.helm.kubeaddons.mesosphere.io/opsportal: "https://raw.githubusercontent.com/mesosphere/charts/6c5e399d3ac34a9fdf65cc26c577d5ab54c39be3/stable/opsportal/values.yaml"
spec:
kubernetes:
minSupportedVersion: v1.15.6
cloudProvider:
- name: aws
enabled: true
- name: azure
enabled: true
- name: gcp
enabled: true
- name: docker
enabled: true
- name: none
enabled: true
chartReference:
chart: opsportal
repo: https://mesosphere.github.io/charts/stable
version: 0.3.21
valuesRemap:
"kommander-ui.ingress.extraAnnotations.traefik\\.ingress\\.kubernetes\\.io/auth-url": "ingress.auth.auth-url"
values: |
---
landing:
resources:
requests:
cpu: 100m
memory: 128Mi
opsportalRBAC:
enabled: true
path: /ops/portal
graphqlPath: /ops/portal/graphql
## traefik-forward-auth 2.0 introduces RBAC support and now requires that users, regardless of whitelist,
## be allowed access to a resource via explicit RBAC policy. Upon upgrade, whitelisted users would no longer
## have access to ops portal resources unless an appropriate role binding existed. To prevent breakage,
## the allowAllAuthenticated option, when true, will result in the group `system:authenticated` being bound to
## to the opsportal-admin role. This mimics the existing security policy where any authenticated and whitelisted user
## has full access to the opsportal. This option will be removed in the 0.3 release of this chart.
allowAllAuthenticated: false
kommander-ui:
enabled: true
# Mode must be either production|konvoy, konvoy forcing ui in "konvoy mode"
mode: konvoy
displayName: Konvoy Cluster
### This must match the serviceName set in the ingress backend below
service:
name: opsportal
ingress:
enabled: true
traefikFrontendRuleType: PathPrefixStrip
path: /ops/portal
extraAnnotations:
traefik.ingress.kubernetes.io/priority: "1"
traefik.ingress.kubernetes.io/auth-type: forward
traefik.ingress.kubernetes.io/auth-url: http://traefik-forward-auth-kubeaddons.kubeaddons.svc.cluster.local:4181/
traefik.ingress.kubernetes.io/auth-response-headers: X-Forwarded-User,Impersonate-User,Impersonate-Group

0 comments on commit 86c1d06

Please sign in to comment.