From e9db479acb28965fc1749749cc7de20699ba24cb Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Thu, 4 Jul 2024 14:53:32 +0200 Subject: [PATCH] Add headlamp chart Signed-off-by: Christian Berendt --- .charts.yml | 5 + charts/headlamp/.helmignore | 23 + charts/headlamp/Chart.yaml | 40 ++ charts/headlamp/README.md | 82 ++++ charts/headlamp/templates/NOTES.txt | 32 ++ charts/headlamp/templates/_helpers.tpl | 62 +++ .../templates/clusterrolebinding.yaml | 20 + charts/headlamp/templates/deployment.yaml | 191 +++++++++ charts/headlamp/templates/ingress.yaml | 47 ++ charts/headlamp/templates/pvc.yaml | 31 ++ charts/headlamp/templates/secret.yaml | 22 + charts/headlamp/templates/service.yaml | 15 + charts/headlamp/templates/serviceaccount.yaml | 12 + .../tests/expected_templates/default.yaml | 117 +++++ .../tests/expected_templates/extra-args.yaml | 122 ++++++ .../oidc-create-secret.yaml | 153 +++++++ .../expected_templates/oidc-directly-env.yaml | 137 ++++++ .../expected_templates/oidc-directly.yaml | 129 ++++++ .../oidc-external-secret.yaml | 119 ++++++ .../expected_templates/volumes-added.yaml | 124 ++++++ charts/headlamp/tests/readme.md | 56 +++ charts/headlamp/tests/test.sh | 66 +++ .../headlamp/tests/test_cases/extra-args.yaml | 5 + .../tests/test_cases/oidc-create-secret.yaml | 16 + .../tests/test_cases/oidc-directly-env.yaml | 10 + .../tests/test_cases/oidc-directly.yaml | 14 + .../test_cases/oidc-external-secret.yaml | 10 + .../tests/test_cases/volumes-added.yaml | 5 + charts/headlamp/values.schema.json | 400 ++++++++++++++++++ charts/headlamp/values.yaml | 204 +++++++++ 30 files changed, 2269 insertions(+) create mode 100644 charts/headlamp/.helmignore create mode 100644 charts/headlamp/Chart.yaml create mode 100644 charts/headlamp/README.md create mode 100644 charts/headlamp/templates/NOTES.txt create mode 100644 charts/headlamp/templates/_helpers.tpl create mode 100644 charts/headlamp/templates/clusterrolebinding.yaml create mode 100644 charts/headlamp/templates/deployment.yaml create mode 100644 charts/headlamp/templates/ingress.yaml create mode 100644 charts/headlamp/templates/pvc.yaml create mode 100644 charts/headlamp/templates/secret.yaml create mode 100644 charts/headlamp/templates/service.yaml create mode 100644 charts/headlamp/templates/serviceaccount.yaml create mode 100644 charts/headlamp/tests/expected_templates/default.yaml create mode 100644 charts/headlamp/tests/expected_templates/extra-args.yaml create mode 100644 charts/headlamp/tests/expected_templates/oidc-create-secret.yaml create mode 100644 charts/headlamp/tests/expected_templates/oidc-directly-env.yaml create mode 100644 charts/headlamp/tests/expected_templates/oidc-directly.yaml create mode 100644 charts/headlamp/tests/expected_templates/oidc-external-secret.yaml create mode 100644 charts/headlamp/tests/expected_templates/volumes-added.yaml create mode 100644 charts/headlamp/tests/readme.md create mode 100644 charts/headlamp/tests/test.sh create mode 100644 charts/headlamp/tests/test_cases/extra-args.yaml create mode 100644 charts/headlamp/tests/test_cases/oidc-create-secret.yaml create mode 100644 charts/headlamp/tests/test_cases/oidc-directly-env.yaml create mode 100644 charts/headlamp/tests/test_cases/oidc-directly.yaml create mode 100644 charts/headlamp/tests/test_cases/oidc-external-secret.yaml create mode 100644 charts/headlamp/tests/test_cases/volumes-added.yaml create mode 100644 charts/headlamp/values.schema.json create mode 100644 charts/headlamp/values.yaml diff --git a/.charts.yml b/.charts.yml index b6ab6f7..252b0bf 100644 --- a/.charts.yml +++ b/.charts.yml @@ -40,3 +40,8 @@ charts: version: 7.5.0 repository: url: https://kubernetes.github.io/dashboard + - name: headlamp + # https://artifacthub.io/packages/helm/headlamp/headlamp + version: 0.23.0 + repository: + url: https://headlamp-k8s.github.io/headlamp/ diff --git a/charts/headlamp/.helmignore b/charts/headlamp/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/headlamp/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/headlamp/Chart.yaml b/charts/headlamp/Chart.yaml new file mode 100644 index 0000000..85a7bb4 --- /dev/null +++ b/charts/headlamp/Chart.yaml @@ -0,0 +1,40 @@ +annotations: + artifacthub.io/category: monitoring-logging + artifacthub.io/license: Apache-2.0 + artifacthub.io/screenshots: | + - title: Cluster Overview + url: https://raw.githubusercontent.com/headlamp-k8s/headlamp/screenshots/screenshots/cluster_overview.png + - title: Cluster Chooser + url: https://raw.githubusercontent.com/headlamp-k8s/headlamp/screenshots/screenshots/cluster_chooser.png + - title: Nodes + url: https://raw.githubusercontent.com/headlamp-k8s/headlamp/screenshots/screenshots/nodes.png + - title: Resource edition + url: https://raw.githubusercontent.com/headlamp-k8s/headlamp/screenshots/screenshots/resource_edition.png + - title: Editor Documentation + url: https://raw.githubusercontent.com/headlamp-k8s/headlamp/screenshots/screenshots/editor_documentation.png + - title: Terminal + url: https://raw.githubusercontent.com/headlamp-k8s/headlamp/screenshots/screenshots/terminal.png +apiVersion: v2 +appVersion: 0.24.1 +description: Headlamp is an easy-to-use and extensible Kubernetes web UI. +home: https://headlamp.dev/ +icon: https://raw.githubusercontent.com/headlamp-k8s/headlamp/main/docs/headlamp_light.svg +keywords: +- kubernetes +- plugins +- kinvolk +- headlamp +- dashboard +- ui +- web +- monitoring +- logging +maintainers: +- name: kinvolk + url: https://kinvolk.io/ +name: headlamp +sources: +- https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp +- https://github.com/headlamp-k8s/headlamp +type: application +version: 0.23.0 diff --git a/charts/headlamp/README.md b/charts/headlamp/README.md new file mode 100644 index 0000000..278812b --- /dev/null +++ b/charts/headlamp/README.md @@ -0,0 +1,82 @@ +# headlamp + +Headlamp is an easy-to-use and extensible Kubernetes web UI. + +**Homepage:** + +## TL;DR + +```console +$ helm repo add headlamp https://headlamp-k8s.github.io/headlamp/ +$ helm install my-headlamp headlamp/headlamp --namespace kube-system +``` + + +## Maintainers + +See [MAINTAINERS.md](https://github.com/headlamp-k8s/headlamp/blob/main/MAINTAINERS.md) in the headlamp github repo. + +## Source Code + +* +* + +### Headlamp parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity settings for pod assignment | +| clusterRoleBinding.annotations | object | `{}` | Annotations to add to the cluster role binding | +| clusterRoleBinding.create | bool | `true` | Specified whether a cluster role binding should be created | +| env | list | `[]` | An optional list of environment variables | +| fullnameOverride | string | `""` | Overrides the full name of the chart | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent | +| image.registry | string | `"ghcr.io"` | Container image registry | +| image.repository | string | `"headlamp-k8s/headlamp"` | Container image name | +| image.tag | string | `""` | Container image tag, If "" uses appVersion in Chart.yaml | +| imagePullSecrets | list | `[]` | An optional list of references to secrets in the same namespace to use for pulling any of the images used | +| ingress.annotations | object | `{}` | Annotations for Ingress resource | +| ingress.enabled | bool | `false` | Enable ingress controller resource | +| ingress.ingressClassName | string | `""` | The ingress class name. Replacement for the deprecated "kubernetes.io/ingress.class" annotation | +| ingress.hosts | list | `[]` | Hostname(s) for the Ingress resource | +| ingress.tls | list | `[]` | Ingress TLS configuration | +| initContainers | list | `[]` | An optional list of init containers to be run before the main containers. | +| nameOverride | string | `""` | Overrides the name of the chart | +| nodeSelector | object | `{}` | Node labels for pod assignment | +| persistentVolumeClaim.accessModes | list | `[]` | accessModes for the persistent volume claim, eg: ReadWriteOnce, ReadOnlyMany, ReadWriteMany etc. | +| persistentVolumeClaim.annotations | object | `{}` | Annotations to add to the persistent volume claim (if enabled) | +| persistentVolumeClaim.enabled | bool | `false` | Enable Persistent Volume Claim | +| persistentVolumeClaim.selector | object | `{}` | selector for the persistent volume claim. | +| persistentVolumeClaim.size | string | `""` | size of the persistent volume claim, eg: 10Gi. Required if enabled is true. | +| persistentVolumeClaim.storageClassName | string | `""` | storageClassName for the persistent volume claim. | +| persistentVolumeClaim.volumeMode | string | `""` | volumeMode for the persistent volume claim, eg: Filesystem, Block. | +| podAnnotations | object | `{}` | Annotations to add to the pod | +| podSecurityContext | object | `{}` | Headlamp pod's Security Context | +| replicaCount | int | `1` | Number of desired pods | +| resources | object | `{}` | CPU/Memory resource requests/limits | +| securityContext | object | `{}` | Headlamp containers Security Context | +| service.port | int | `80` | Kubernetes Service port | +| service.type | string | `"ClusterIP"` | Kubernetes Service type | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use.(If not set and create is true, a name is generated using the fullname template) | +| tolerations | list | `[]` | Toleration labels for pod assignment | +| volumeMounts | list | `[]` | Headlamp containers volume mounts | +| volumes | list | `[]` | Headlamp pod's volumes | + + +### Headlamp Configuration + +| Key | Type | Default | Description | +|------------------------------------|--------|-----------------------|-------------------------------------------------------------------------------------------------------| +| config.baseURL | string | `""` | base url path at which headlamp should run | +| config.oidc.clientID | string | `""` | OIDC client ID | +| config.oidc.clientSecret | string | `""` | OIDC client secret | +| config.oidc.issuerURL | string | `""` | OIDC issuer URL | +| config.oidc.scopes | string | `""` | OIDC scopes to be used | +| config.oidc.secret.create | bool | `true` | Enable this option to have the chart automatically create the OIDC secret using the specified values. | +| config.oidc.secret.name | string | `oidc` | Name of the OIDC secret used by headlamp | +| config.oidc.externalSecret.enabled | bool | `false` | Enable this option if you want to use an external secret for OIDC configuration. | +| config.oidc.externalSecret.name | string | `""` | Name of the external OIDC secret to be used by headlamp. | +| config.pluginsDir | string | `"/headlamp/plugins"` | directory to look for plugins | +| config.extraArgs | array | `[]` | Extra arguments that can be given to the container | diff --git a/charts/headlamp/templates/NOTES.txt b/charts/headlamp/templates/NOTES.txt new file mode 100644 index 0000000..115cb83 --- /dev/null +++ b/charts/headlamp/templates/NOTES.txt @@ -0,0 +1,32 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "headlamp.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "headlamp.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "headlamp.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "headlamp.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} +{{- if .Values.clusterRoleBinding.create }} + {{- if and ( ge .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "24" ) }} +2. Get the token using + kubectl create token {{ include "headlamp.serviceAccountName" . }} --namespace {{.Release.Namespace}} + {{- else }} +2. Get the clusterrolebinding token using + export SECRET=$(kubectl get secrets --namespace {{ .Release.Namespace }} -o custom-columns=":metadata.name" | grep "{{ include "headlamp.fullname" . }}-token") + kubectl get secret $SECRET --namespace {{ .Release.Namespace }} --template=\{\{.data.token\}\} | base64 --decode + {{- end }} +{{- end }} diff --git a/charts/headlamp/templates/_helpers.tpl b/charts/headlamp/templates/_helpers.tpl new file mode 100644 index 0000000..47e103c --- /dev/null +++ b/charts/headlamp/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "headlamp.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "headlamp.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "headlamp.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "headlamp.labels" -}} +helm.sh/chart: {{ include "headlamp.chart" . }} +{{ include "headlamp.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "headlamp.selectorLabels" -}} +app.kubernetes.io/name: {{ include "headlamp.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "headlamp.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "headlamp.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/headlamp/templates/clusterrolebinding.yaml b/charts/headlamp/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..05179a3 --- /dev/null +++ b/charts/headlamp/templates/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.clusterRoleBinding.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "headlamp.fullname" . }}-admin + labels: + {{- include "headlamp.labels" . | nindent 4 }} + {{- with .Values.clusterRoleBinding.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: {{ include "headlamp.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/headlamp/templates/deployment.yaml b/charts/headlamp/templates/deployment.yaml new file mode 100644 index 0000000..dd18ea1 --- /dev/null +++ b/charts/headlamp/templates/deployment.yaml @@ -0,0 +1,191 @@ +{{- $oidc := .Values.config.oidc }} +{{- $env := .Values.env }} + +{{- $clientID := "" }} +{{- $clientSecret := "" }} +{{- $issuerURL := "" }} +{{- $scopes := "" }} + +# This block of code is used to extract the values from the env. +# This is done to check if the values are non-empty and if they are, they are used in the deployment.yaml. +{{- range $env }} + {{- if eq .name "OIDC_CLIENT_ID" }} + {{- $clientID = .value }} + {{- end }} + {{- if eq .name "OIDC_CLIENT_SECRET" }} + {{- $clientSecret = .value }} + {{- end }} + {{- if eq .name "OIDC_ISSUER_URL" }} + {{- $issuerURL = .value }} + {{- end }} + {{- if eq .name "OIDC_SCOPES" }} + {{- $scopes = .value }} + {{- end }} +{{- end }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "headlamp.fullname" . }} + labels: + {{- include "headlamp.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "headlamp.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "headlamp.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "headlamp.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.initContainers }} + initContainers: + {{ toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.registry}}/{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{ if or $oidc .Values.env }} + {{- if $oidc.externalSecret.enabled }} + # Check if externalSecret is enabled + envFrom: + - secretRef: + name: {{ $oidc.externalSecret.name }} + {{- else }} + env: + {{- if $oidc.secret.create }} + {{- if $oidc.clientID }} + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ $oidc.secret.name }} + key: clientID + {{- end }} + {{- if $oidc.clientSecret }} + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ $oidc.secret.name }} + key: clientSecret + {{- end }} + {{- if $oidc.issuerURL }} + - name: OIDC_ISSUER_URL + valueFrom: + secretKeyRef: + name: {{ $oidc.secret.name }} + key: issuerURL + {{- end }} + {{- if $oidc.scopes }} + - name: OIDC_SCOPES + valueFrom: + secretKeyRef: + name: {{ $oidc.secret.name }} + key: scopes + {{- end }} + {{- else }} + {{- if $oidc.clientID }} + - name: OIDC_CLIENT_ID + value: {{ $oidc.clientID }} + {{- end }} + {{- if $oidc.clientSecret }} + - name: OIDC_CLIENT_SECRET + value: {{ $oidc.clientSecret }} + {{- end }} + {{- if $oidc.issuerURL }} + - name: OIDC_ISSUER_URL + value: {{ $oidc.issuerURL }} + {{- end }} + {{- if $oidc.scopes }} + - name: OIDC_SCOPES + value: {{ $oidc.scopes }} + {{- end }} + {{- end }} + {{- if .Values.env }} + {{- toYaml .Values.env | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + args: + - "-in-cluster" + {{- with .Values.config.pluginsDir}} + - "-plugins-dir={{ . }}" + {{- end }} + {{- if not $oidc.externalSecret.enabled}} + # Check if externalSecret is disabled + {{- if or (ne $oidc.clientID "") (ne $clientID "") }} + # Check if clientID is non empty either from env or oidc.config + - "-oidc-client-id=$(OIDC_CLIENT_ID)" + {{- end }} + {{- if or (ne $oidc.clientSecret "") (ne $clientSecret "") }} + # Check if clientSecret is non empty either from env or oidc.config + - "-oidc-client-secret=$(OIDC_CLIENT_SECRET)" + {{- end }} + {{- if or (ne $oidc.issuerURL "") (ne $issuerURL "") }} + # Check if issuerURL is non empty either from env or oidc.config + - "-oidc-idp-issuer-url=$(OIDC_ISSUER_URL)" + {{- end }} + {{- if or (ne $oidc.scopes "") (ne $scopes "") }} + # Check if scopes are non empty either from env or oidc.config + - "-oidc-scopes=$(OIDC_SCOPES)" + {{- end }} + {{- else }} + - "-oidc-client-id=$(OIDC_CLIENT_ID)" + - "-oidc-client-secret=$(OIDC_CLIENT_SECRET)" + - "-oidc-idp-issuer-url=$(OIDC_ISSUER_URL)" + - "-oidc-scopes=$(OIDC_SCOPES)" + {{- end }} + {{- with .Values.config.baseURL }} + - "-base-url={{ . }}" + {{- end }} + {{- with .Values.config.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: 4466 + protocol: TCP + livenessProbe: + httpGet: + path: "{{ .Values.config.baseURL }}/" + port: http + readinessProbe: + httpGet: + path: "{{ .Values.config.baseURL }}/" + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.volumes}} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/headlamp/templates/ingress.yaml b/charts/headlamp/templates/ingress.yaml new file mode 100644 index 0000000..92c0635 --- /dev/null +++ b/charts/headlamp/templates/ingress.yaml @@ -0,0 +1,47 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "headlamp.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "headlamp.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .type }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/headlamp/templates/pvc.yaml b/charts/headlamp/templates/pvc.yaml new file mode 100644 index 0000000..86fc743 --- /dev/null +++ b/charts/headlamp/templates/pvc.yaml @@ -0,0 +1,31 @@ +{{- if .Values.persistentVolumeClaim.enabled -}} +{{- $fullName := include "headlamp.fullname" . -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $fullName }} + labels: + {{- include "headlamp.labels" . | nindent 4 }} + {{- with .Values.persistentVolumeClaim.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- range .Values.persistentVolumeClaim.accessModes}} + accessModes: + - {{ . }} + {{- end}} + resources: + requests: + storage: {{ .Values.persistentVolumeClaim.size }} + {{- with .Values.persistentVolumeClaim.volumeMode }} + volumeMode: {{ . }} + {{- end }} + {{- with .Values.persistentVolumeClaim.storageClass }} + storageClassName: {{ . }} + {{- end }} + {{- with .Values.persistentVolumeClaim.selector }} + selector: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end}} diff --git a/charts/headlamp/templates/secret.yaml b/charts/headlamp/templates/secret.yaml new file mode 100644 index 0000000..18a6f03 --- /dev/null +++ b/charts/headlamp/templates/secret.yaml @@ -0,0 +1,22 @@ +{{- with .Values.config.oidc }} +{{- if .secret.create -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .secret.name }} +type: Opaque +data: +{{- with .clientID }} + clientID: {{ . | b64enc | quote }} +{{- end }} +{{- with .clientSecret }} + clientSecret: {{ . | b64enc | quote }} +{{- end }} +{{- with .issuerURL }} + issuerURL: {{ . | b64enc | quote }} +{{- end }} +{{- with .scopes }} + scopes: {{ . | b64enc | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/headlamp/templates/service.yaml b/charts/headlamp/templates/service.yaml new file mode 100644 index 0000000..528f786 --- /dev/null +++ b/charts/headlamp/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "headlamp.fullname" . }} + labels: + {{- include "headlamp.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "headlamp.selectorLabels" . | nindent 4 }} diff --git a/charts/headlamp/templates/serviceaccount.yaml b/charts/headlamp/templates/serviceaccount.yaml new file mode 100644 index 0000000..f9a1350 --- /dev/null +++ b/charts/headlamp/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "headlamp.serviceAccountName" . }} + labels: + {{- include "headlamp.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/headlamp/tests/expected_templates/default.yaml b/charts/headlamp/tests/expected_templates/default.yaml new file mode 100644 index 0000000..b39fee5 --- /dev/null +++ b/charts/headlamp/tests/expected_templates/default.yaml @@ -0,0 +1,117 @@ +--- +# Source: headlamp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.20.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.23.1" + app.kubernetes.io/managed-by: Helm +--- +# Source: headlamp/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: oidc +type: Opaque +data: +--- +# Source: headlamp/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: headlamp-admin + labels: + helm.sh/chart: headlamp-0.20.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.23.1" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: headlamp + namespace: default +--- +# Source: headlamp/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.20.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.23.1" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp +--- +# Source: headlamp/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.20.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.23.1" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + template: + metadata: + labels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + spec: + serviceAccountName: headlamp + securityContext: + {} + containers: + - name: headlamp + securityContext: + privileged: false + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 100 + image: "ghcr.io/headlamp-k8s/headlamp:v0.23.1" + imagePullPolicy: IfNotPresent + + env: + args: + - "-in-cluster" + - "-plugins-dir=/headlamp/plugins" + ports: + - name: http + containerPort: 4466 + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: http + readinessProbe: + httpGet: + path: "/" + port: http + resources: + {} diff --git a/charts/headlamp/tests/expected_templates/extra-args.yaml b/charts/headlamp/tests/expected_templates/extra-args.yaml new file mode 100644 index 0000000..3aa7e44 --- /dev/null +++ b/charts/headlamp/tests/expected_templates/extra-args.yaml @@ -0,0 +1,122 @@ +--- +# Source: headlamp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: headlamp/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: oidc +type: Opaque +data: +--- +# Source: headlamp/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: headlamp-admin + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: headlamp + namespace: default +--- +# Source: headlamp/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp +--- +# Source: headlamp/templates/deployment.yaml +# This block of code is used to extract the values from the env. +# This is done to check if the values are non-empty and if they are, they are used in the deployment.yaml. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + template: + metadata: + labels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + spec: + serviceAccountName: headlamp + securityContext: + {} + containers: + - name: headlamp + securityContext: + privileged: false + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 100 + image: "ghcr.io/headlamp-k8s/headlamp:v0.24.0" + imagePullPolicy: IfNotPresent + + env: + args: + - "-in-cluster" + - "-plugins-dir=/headlamp/plugins" + # Check if externalSecret is disabled + - -insecure-ssl + ports: + - name: http + containerPort: 4466 + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: http + readinessProbe: + httpGet: + path: "/" + port: http + resources: + {} diff --git a/charts/headlamp/tests/expected_templates/oidc-create-secret.yaml b/charts/headlamp/tests/expected_templates/oidc-create-secret.yaml new file mode 100644 index 0000000..a6e659f --- /dev/null +++ b/charts/headlamp/tests/expected_templates/oidc-create-secret.yaml @@ -0,0 +1,153 @@ +--- +# Source: headlamp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: headlamp/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: oidc +type: Opaque +data: + clientID: "dGVzdENsaWVudElk" + clientSecret: "dGVzdENsaWVudFNlY3JldA==" + issuerURL: "dGVzdElzc3VlclVSTA==" + scopes: "dGVzdFNjb3Bl" +--- +# Source: headlamp/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: headlamp-admin + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: headlamp + namespace: default +--- +# Source: headlamp/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp +--- +# Source: headlamp/templates/deployment.yaml +# This block of code is used to extract the values from the env. +# This is done to check if the values are non-empty and if they are, they are used in the deployment.yaml. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + template: + metadata: + labels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + spec: + serviceAccountName: headlamp + securityContext: + {} + containers: + - name: headlamp + securityContext: + privileged: false + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 100 + image: "ghcr.io/headlamp-k8s/headlamp:v0.24.0" + imagePullPolicy: IfNotPresent + + env: + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: oidc + key: clientID + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: oidc + key: clientSecret + - name: OIDC_ISSUER_URL + valueFrom: + secretKeyRef: + name: oidc + key: issuerURL + - name: OIDC_SCOPES + valueFrom: + secretKeyRef: + name: oidc + key: scopes + args: + - "-in-cluster" + - "-plugins-dir=/headlamp/plugins" + # Check if externalSecret is disabled + # Check if clientID is non empty either from env or oidc.config + - "-oidc-client-id=$(OIDC_CLIENT_ID)" + # Check if clientSecret is non empty either from env or oidc.config + - "-oidc-client-secret=$(OIDC_CLIENT_SECRET)" + # Check if issuerURL is non empty either from env or oidc.config + - "-oidc-idp-issuer-url=$(OIDC_ISSUER_URL)" + # Check if scopes are non empty either from env or oidc.config + - "-oidc-scopes=$(OIDC_SCOPES)" + ports: + - name: http + containerPort: 4466 + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: http + readinessProbe: + httpGet: + path: "/" + port: http + resources: + {} diff --git a/charts/headlamp/tests/expected_templates/oidc-directly-env.yaml b/charts/headlamp/tests/expected_templates/oidc-directly-env.yaml new file mode 100644 index 0000000..0c1f341 --- /dev/null +++ b/charts/headlamp/tests/expected_templates/oidc-directly-env.yaml @@ -0,0 +1,137 @@ +--- +# Source: headlamp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: headlamp/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: oidc +type: Opaque +data: +--- +# Source: headlamp/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: headlamp-admin + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: headlamp + namespace: default +--- +# Source: headlamp/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp +--- +# Source: headlamp/templates/deployment.yaml +# This block of code is used to extract the values from the env. +# This is done to check if the values are non-empty and if they are, they are used in the deployment.yaml. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + template: + metadata: + labels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + spec: + serviceAccountName: headlamp + securityContext: + {} + containers: + - name: headlamp + securityContext: + privileged: false + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 100 + image: "ghcr.io/headlamp-k8s/headlamp:v0.24.0" + imagePullPolicy: IfNotPresent + + env: + - name: OIDC_CLIENT_ID + value: testClientId + - name: OIDC_CLIENT_SECRET + value: testClientSecret + - name: OIDC_ISSUER_URL + value: testIssuerURL + - name: OIDC_SCOPES + value: testScope + args: + - "-in-cluster" + - "-plugins-dir=/headlamp/plugins" + # Check if externalSecret is disabled + # Check if clientID is non empty either from env or oidc.config + - "-oidc-client-id=$(OIDC_CLIENT_ID)" + # Check if clientSecret is non empty either from env or oidc.config + - "-oidc-client-secret=$(OIDC_CLIENT_SECRET)" + # Check if issuerURL is non empty either from env or oidc.config + - "-oidc-idp-issuer-url=$(OIDC_ISSUER_URL)" + # Check if scopes are non empty either from env or oidc.config + - "-oidc-scopes=$(OIDC_SCOPES)" + ports: + - name: http + containerPort: 4466 + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: http + readinessProbe: + httpGet: + path: "/" + port: http + resources: + {} diff --git a/charts/headlamp/tests/expected_templates/oidc-directly.yaml b/charts/headlamp/tests/expected_templates/oidc-directly.yaml new file mode 100644 index 0000000..2a3a1b1 --- /dev/null +++ b/charts/headlamp/tests/expected_templates/oidc-directly.yaml @@ -0,0 +1,129 @@ +--- +# Source: headlamp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: headlamp/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: headlamp-admin + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: headlamp + namespace: default +--- +# Source: headlamp/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp +--- +# Source: headlamp/templates/deployment.yaml +# This block of code is used to extract the values from the env. +# This is done to check if the values are non-empty and if they are, they are used in the deployment.yaml. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + template: + metadata: + labels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + spec: + serviceAccountName: headlamp + securityContext: + {} + containers: + - name: headlamp + securityContext: + privileged: false + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 100 + image: "ghcr.io/headlamp-k8s/headlamp:v0.24.0" + imagePullPolicy: IfNotPresent + + env: + - name: OIDC_CLIENT_ID + value: testClientId + - name: OIDC_CLIENT_SECRET + value: testClientSecret + - name: OIDC_ISSUER_URL + value: testIssuerURL + - name: OIDC_SCOPES + value: testScope + args: + - "-in-cluster" + - "-plugins-dir=/headlamp/plugins" + # Check if externalSecret is disabled + # Check if clientID is non empty either from env or oidc.config + - "-oidc-client-id=$(OIDC_CLIENT_ID)" + # Check if clientSecret is non empty either from env or oidc.config + - "-oidc-client-secret=$(OIDC_CLIENT_SECRET)" + # Check if issuerURL is non empty either from env or oidc.config + - "-oidc-idp-issuer-url=$(OIDC_ISSUER_URL)" + # Check if scopes are non empty either from env or oidc.config + - "-oidc-scopes=$(OIDC_SCOPES)" + ports: + - name: http + containerPort: 4466 + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: http + readinessProbe: + httpGet: + path: "/" + port: http + resources: + {} diff --git a/charts/headlamp/tests/expected_templates/oidc-external-secret.yaml b/charts/headlamp/tests/expected_templates/oidc-external-secret.yaml new file mode 100644 index 0000000..c5d73da --- /dev/null +++ b/charts/headlamp/tests/expected_templates/oidc-external-secret.yaml @@ -0,0 +1,119 @@ +--- +# Source: headlamp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: headlamp/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: headlamp-admin + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: headlamp + namespace: default +--- +# Source: headlamp/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp +--- +# Source: headlamp/templates/deployment.yaml +# This block of code is used to extract the values from the env. +# This is done to check if the values are non-empty and if they are, they are used in the deployment.yaml. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + template: + metadata: + labels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + spec: + serviceAccountName: headlamp + securityContext: + {} + containers: + - name: headlamp + securityContext: + privileged: false + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 100 + image: "ghcr.io/headlamp-k8s/headlamp:v0.24.0" + imagePullPolicy: IfNotPresent + + # Check if externalSecret is enabled + envFrom: + - secretRef: + name: oidc + args: + - "-in-cluster" + - "-plugins-dir=/headlamp/plugins" + - "-oidc-client-id=$(OIDC_CLIENT_ID)" + - "-oidc-client-secret=$(OIDC_CLIENT_SECRET)" + - "-oidc-idp-issuer-url=$(OIDC_ISSUER_URL)" + - "-oidc-scopes=$(OIDC_SCOPES)" + ports: + - name: http + containerPort: 4466 + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: http + readinessProbe: + httpGet: + path: "/" + port: http + resources: + {} diff --git a/charts/headlamp/tests/expected_templates/volumes-added.yaml b/charts/headlamp/tests/expected_templates/volumes-added.yaml new file mode 100644 index 0000000..c7b022d --- /dev/null +++ b/charts/headlamp/tests/expected_templates/volumes-added.yaml @@ -0,0 +1,124 @@ +--- +# Source: headlamp/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: headlamp/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: oidc +type: Opaque +data: +--- +# Source: headlamp/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: headlamp-admin + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: headlamp + namespace: default +--- +# Source: headlamp/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp +--- +# Source: headlamp/templates/deployment.yaml +# This block of code is used to extract the values from the env. +# This is done to check if the values are non-empty and if they are, they are used in the deployment.yaml. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: headlamp + labels: + helm.sh/chart: headlamp-0.22.0 + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + app.kubernetes.io/version: "0.24.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + template: + metadata: + labels: + app.kubernetes.io/name: headlamp + app.kubernetes.io/instance: headlamp + spec: + serviceAccountName: headlamp + securityContext: + {} + containers: + - name: headlamp + securityContext: + privileged: false + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 100 + image: "ghcr.io/headlamp-k8s/headlamp:v0.24.0" + imagePullPolicy: IfNotPresent + + env: + args: + - "-in-cluster" + - "-plugins-dir=/headlamp/plugins" + # Check if externalSecret is disabled + ports: + - name: http + containerPort: 4466 + protocol: TCP + livenessProbe: + httpGet: + path: "/" + port: http + readinessProbe: + httpGet: + path: "/" + port: http + resources: + {} + volumes: + - emptyDir: {} + name: plugins diff --git a/charts/headlamp/tests/readme.md b/charts/headlamp/tests/readme.md new file mode 100644 index 0000000..1d64492 --- /dev/null +++ b/charts/headlamp/tests/readme.md @@ -0,0 +1,56 @@ +## Helm Template Testing + +The Helm template testing for the Headlamp chart ensures that the Helm templates generate the expected Kubernetes manifest files under different scenarios. This testing is crucial for validating changes to the Helm chart and ensuring its correctness before deployment. + +### Expected Templates (`charts/headlamp/tests/expected_templates`) + +The `expected_templates` directory contains YAML files representing the expected Kubernetes manifest files generated by the Helm templates. Each YAML file corresponds to a specific Helm template in the `charts/headlamp/templates` directory. These files serve as reference points for comparing the actual rendered templates during testing. + +Example: +- `deployment.yaml`: Represents the expected Kubernetes Deployment manifest. +- `service.yaml`: Represents the expected Kubernetes Service manifest. + +### Test Cases (`charts/headlamp/tests/test_cases`) + +The `test_cases` directory contains YAML files representing different test scenarios or configurations for the Helm chart. Each test case specifies a set of values for Helm chart configuration parameters (defined in `values.yaml`) to test various aspects of the chart under different conditions. + +Example: +- `volumes-added.yaml`: Tests the behavior of the Helm chart when additional volumes are specified. +- `ingress-enabled.yaml`: Tests the behavior of the Helm chart when Ingress is enabled. + +The Helm template testing script (`charts/headlamp/tests/test.sh`) dynamically renders Helm templates for each test case using the specified configuration values and compares them against the corresponding expected templates. This ensures that the Helm chart behaves as expected under different configurations. + +## Adding Test Cases and Expected Templates + +To enhance the coverage of the Helm template testing for the Headlamp chart, you can add more test cases and corresponding expected templates. Follow these guidelines to add new test cases and expected templates effectively: + +### Test Cases + +1. **Create a New Test Case Directory**: Inside the `charts/headlamp/tests/test_cases` directory, create a new directory representing the new test case. Choose a descriptive name for the directory that reflects the purpose or scenario of the test case. + +2. **Define Test Case Configuration**: Within the new test case directory, create a `values.yaml` file with custom name to define the configuration parameters for the Helm chart under the specific test scenario. Customize the values in this file to match the desired configuration for the test case. + +## Expected Templates + +1. **Create Expected Templates**: Inside the `charts/headlamp/tests/expected_templates` directory, create YAML files representing the expected Kubernetes manifest files for the Helm templates under the new test scenarios. Each expected template file should correspond to a Helm template in the templates directory. + +2. **Match Test Cases with Expected Templates**: Ensure that each test case directory in `test_cases` has a corresponding expected template file in `expected_templates`. The expected template file should have the same name as the test case directory to establish the association. + + +## Running Helm Template Testing + +To run the Helm template testing for the Headlamp chart, follow these steps: + +### Prerequisites + +- [Helm](https://helm.sh/) must be installed on your system. + +### Running the Tests + +1. Run the Helm template testing using the provided Make directive from your root headlamp folder: + + ```bash + make helm-template-test + ``` + +This will execute the `charts/headlamp/tests/test.sh` script, which dynamically renders and compares Helm templates for different test cases against their expected templates. diff --git a/charts/headlamp/tests/test.sh b/charts/headlamp/tests/test.sh new file mode 100644 index 0000000..0d32798 --- /dev/null +++ b/charts/headlamp/tests/test.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# Enable strict mode +set -euo pipefail + +# Set up variables +CHART_DIR="./charts/headlamp" +TEST_CASES_DIR="${CHART_DIR}/tests/test_cases" +EXPECTED_TEMPLATES_DIR="${CHART_DIR}/tests/expected_templates" + +# Function to render templates for a specific values file +render_templates() { + values_file="$1" + output_dir="$2" + # Render templates + helm template headlamp ${CHART_DIR} --values ${values_file} > "${output_dir}/rendered_templates.yaml" +} + +# Function to compare rendered templates with expected templates +compare_templates() { + values_file="$1" + output_dir="$2" + expected_file="$3" + # Compare rendered template with expected template + if ! diff_output=$(diff -u "${output_dir}/rendered_templates.yaml" "${expected_file}" 2>&1); then + echo "Template test failed for ${values_file} against ${expected_file}:" + echo "${diff_output}" + exit 1 + else + echo "Template test passed for ${values_file} against ${expected_file}" + fi +} + +# Check for default values.yaml test case +mkdir -p "${CHART_DIR}/tests/defaultvaluetest" +render_templates "${CHART_DIR}/values.yaml" ${CHART_DIR}/tests/defaultvaluetest +compare_templates "${CHART_DIR}/values.yaml" ${CHART_DIR}/tests/defaultvaluetest ${CHART_DIR}/tests/defaultvaluetest/rendered_templates.yaml +rm -rf ${CHART_DIR}/tests/defaultvaluetest + +# Check if TEST_CASES_DIR is not empty +if [ "$(ls -A ${TEST_CASES_DIR})" ]; then + # Iterate over each test case + for values_file in ${TEST_CASES_DIR}/*; do + case_name=$(basename "${values_file}") + output_dir="${CHART_DIR}/tests/${case_name}_output" + expected_file="${EXPECTED_TEMPLATES_DIR}/${case_name}" + + # Check if expected template exists for the current test case + if [ -f "${expected_file}" ]; then + # Create output directory for the current test case + mkdir -p "${output_dir}" + # Render templates for the current test case + render_templates "${values_file}" "${output_dir}" + # Compare rendered templates with expected templates for the current test case + compare_templates "${values_file}" "${output_dir}" "${expected_file}" + # Clean up temporary files + rm -rf "${output_dir}" + else + echo "No expected template found for ${values_file}. Skipping template testing." + fi + done +else + echo "No test cases found in ${TEST_CASES_DIR}. Skipping template testing." +fi + +echo "Template testing completed." diff --git a/charts/headlamp/tests/test_cases/extra-args.yaml b/charts/headlamp/tests/test_cases/extra-args.yaml new file mode 100644 index 0000000..51e69e4 --- /dev/null +++ b/charts/headlamp/tests/test_cases/extra-args.yaml @@ -0,0 +1,5 @@ +# This is a test case for extraArgs in the Headlamp deployment. +# Each test case is a dictionary with the following keys: +config: + extraArgs: + - -insecure-ssl diff --git a/charts/headlamp/tests/test_cases/oidc-create-secret.yaml b/charts/headlamp/tests/test_cases/oidc-create-secret.yaml new file mode 100644 index 0000000..7a5f652 --- /dev/null +++ b/charts/headlamp/tests/test_cases/oidc-create-secret.yaml @@ -0,0 +1,16 @@ +# This is a test case for the oidc.secret.create field in the Headlamp deployment. +# The oidc.secret.create field is a boolean that determines whether to create a secret for OIDC. +# The oidc.secret.name field is a string that specifies the name of the OIDC secret. +# The oidc.clientID field is a string that specifies the client ID for OIDC. +# The oidc.clientSecret field is a string that specifies the client secret for OIDC. +# The oidc.issuerURL field is a string that specifies the issuer URL for OIDC. +# The oidc.scopes field is a string that specifies the scopes for OIDC. +config: + oidc: + secret: + create: true + name: oidc + clientID: "testClientId" + clientSecret: "testClientSecret" + issuerURL: "testIssuerURL" + scopes: "testScope" diff --git a/charts/headlamp/tests/test_cases/oidc-directly-env.yaml b/charts/headlamp/tests/test_cases/oidc-directly-env.yaml new file mode 100644 index 0000000..53f9fe3 --- /dev/null +++ b/charts/headlamp/tests/test_cases/oidc-directly-env.yaml @@ -0,0 +1,10 @@ +# This is a test case where user can set env values directly for OIDC configuration. +env: + - name: OIDC_CLIENT_ID + value: testClientId + - name: OIDC_CLIENT_SECRET + value: testClientSecret + - name: OIDC_ISSUER_URL + value: testIssuerURL + - name: OIDC_SCOPES + value: testScope diff --git a/charts/headlamp/tests/test_cases/oidc-directly.yaml b/charts/headlamp/tests/test_cases/oidc-directly.yaml new file mode 100644 index 0000000..4a318c6 --- /dev/null +++ b/charts/headlamp/tests/test_cases/oidc-directly.yaml @@ -0,0 +1,14 @@ +# This is a test case for the direct OIDC configuration in the Headlamp deployment. +# The oidc.secret.create field is false to avoid creating a secret for OIDC. +# The oidc.clientID field is a string that specifies the client ID for OIDC. +# The oidc.clientSecret field is a string that specifies the client secret for OIDC. +# The oidc.issuerURL field is a string that specifies the issuer URL for OIDC. +# The oidc.scopes field is a string that specifies the scopes for OIDC. +config: + oidc: + secret: + create: false + clientID: "testClientId" + clientSecret: "testClientSecret" + issuerURL: "testIssuerURL" + scopes: "testScope" diff --git a/charts/headlamp/tests/test_cases/oidc-external-secret.yaml b/charts/headlamp/tests/test_cases/oidc-external-secret.yaml new file mode 100644 index 0000000..6773732 --- /dev/null +++ b/charts/headlamp/tests/test_cases/oidc-external-secret.yaml @@ -0,0 +1,10 @@ +# This is a test case for OIDC external secret. +# The oidc.externalSecret.enabled field is a boolean that determines whether to use an external secret for OIDC. +# The oidc.externalSecret.name field is a string that specifies the name of the external OIDC secret. +config: + oidc: + secret: + create: false + externalSecret: + enabled: true + name: oidc diff --git a/charts/headlamp/tests/test_cases/volumes-added.yaml b/charts/headlamp/tests/test_cases/volumes-added.yaml new file mode 100644 index 0000000..b84a646 --- /dev/null +++ b/charts/headlamp/tests/test_cases/volumes-added.yaml @@ -0,0 +1,5 @@ +# This is a test case for volumes in the Headlamp deployment. +# The volumes field is a list of dictionaries that specify the volumes to add to the Headlamp deployment. +volumes: + - name: plugins + emptyDir: {} diff --git a/charts/headlamp/values.schema.json b/charts/headlamp/values.schema.json new file mode 100644 index 0000000..dc42666 --- /dev/null +++ b/charts/headlamp/values.schema.json @@ -0,0 +1,400 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "replicaCount": { + "type": "integer", + "description": "Number of replicas to deploy", + "minimum": 1 + }, + "image": { + "type": "object", + "title": "Image", + "description": "Image to deploy", + "properties": { + "registry": { + "type": "string", + "description": "Registry of the image" + }, + "repository": { + "type": "string", + "description": "Repository of the image" + }, + "pullPolicy": { + "type": "string", + "description": "Pull policy of the image", + "enum": ["Always", "IfNotPresent", "Never"] + }, + "tag": { + "type": "string", + "description": "Tag of the image" + } + } + }, + "imagePullSecrets": { + "type": "array", + "description": "Image pull secrets", + "items": { + "type": "string" + } + }, + "nameOverride": { + "type": "string", + "description": "Override the name of the chart" + }, + "fullnameOverride": { + "type": "string", + "description": "Override the full name of the chart" + }, + "initContainers": { + "type": "array", + "description": "Init containers", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the init container" + }, + "image": { + "type": "string", + "description": "Image of the init container" + }, + "imagePullPolicy": { + "type": "string", + "description": "Pull policy of the init container", + "enum": ["Always", "IfNotPresent", "Never"] + }, + "command": { + "type": "array", + "description": "Command of the init container", + "items": { + "type": "string" + } + }, + "args": { + "type": "array", + "description": "Arguments of the init container", + "items": { + "type": "string" + } + }, + "resources": { + "type": "object", + "description": "Resources of the init container", + "properties": { + "limits": { + "type": "object", + "description": "Limits of the init container", + "properties": { + "cpu": { + "type": "string", + "description": "CPU limit" + }, + "memory": { + "type": "string", + "description": "Memory limit" + } + } + }, + "requests": { + "type": "object", + "description": "Requests of the init container", + "properties": { + "cpu": { + "type": "string", + "description": "CPU request" + }, + "memory": { + "type": "string", + "description": "Memory request" + } + } + } + } + }, + "env": { + "type": "array", + "description": "Environment variables of the init container", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the environment variable" + }, + "value": { + "type": "string", + "description": "Value of the environment variable" + } + } + } + }, + "volumeMounts": { + "type": "array", + "description": "Volume mounts of the init container", + "items": + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the volume mount" + }, + "mountPath": { + "type": "string", + "description": "Mount path of the volume mount" + }, + "readOnly": { + "type": "boolean", + "description": "Read only of the volume mount" + } + } + } + } + } + } + }, + "config": { + "type": "object", + "description": "Headlamp deployment configuration", + "properties": { + "baseURL": { + "type": "string", + "description": "Base URL of the application" + }, + "oidc": { + "type": "object", + "description": "OIDC configuration", + "properties": { + "secret": { + "type": "object", + "description": "Secret created by Headlamp to authenticate with the OIDC provider", + "properties": { + "name": { + "type": "string", + "description": "Name of the secret" + }, + "create": { + "type": "boolean", + "description": "Create the secret" + } + } + }, + "clientID": { + "type": "string", + "description": "Issuer of the OIDC provider" + }, + "clientSecret": { + "type": "string", + "description": "Client ID of the OIDC provider" + }, + "issuerURL": { + "type": "string", + "description": "Client secret of the OIDC provider" + }, + "scopes": { + "type": "string", + "description": "Scopes of the OIDC provider" + }, + "externalSecret": { + "type": "object", + "description": "External secret to use for OIDC configuration", + "properties": { + "name": { + "type": "string", + "description": "Name of the external secret" + }, + "enabled": { + "type": "boolean", + "description": "Enable the external secret" + } + } + } + } + }, + "pluginsDir": { + "type": "string", + "description": "Directory to load plugins from" + }, + "extraArgs": { + "type": "array", + "description": "Extra arguments to pass to the application", + "items": { + "type": "string" + } + } + } + }, + "env": { + "type": "array", + "description": "Environment variables to pass to the deployment", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the environment variable" + }, + "value": { + "type": "string", + "description": "Value of the environment variable" + } + }, + "required": ["name", "value"], + "additionalProperties": false + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Specifies whether a service account should be created" + }, + "annotations": { + "type": "object", + "description": "Annotations to add to the service account" + }, + "name": { + "type": "string", + "description": "The name of the service account to use" + } + } + }, + "clusterRoleBinding": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Specifies whether a cluster role binding should be created" + }, + "annotations": { + "type": "object", + "description": "Annotations to add to the cluster role binding" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Kubernetes Service type", + "enum": ["ClusterIP", "NodePort", "LoadBalancer", "ExternalName"] + }, + "port": { + "type": "integer", + "description": "Kubernetes Service port" + } + } + }, + "persistentVolumeClaim": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable Persistent Volume Claim" + }, + "annotations": { + "type": "object", + "description": "Annotations to add to the persistent volume claim (if enabled)" + }, + "accessModes": { + "type": "array", + "items": { + "type": "string" + } + }, + "size": { + "type": "string" + }, + "storageClassName": { + "type": "string" + }, + "selector": { + "type": "object", + "properties": { + "matchLabels": { + "type": "object" + }, + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "volumeMode": { + "type": "string" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable ingress controller resource" + }, + "annotations": { + "type": "object", + "description": "Annotations for Ingress resource" + }, + "ingressClassName": { + "type": "string", + "description": "Ingress class name" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "paths": { + "type": "array", + "items": { + "type": "object" + } + } + } + } + }, + "tls": { + "type": "array", + "items": { + "type": "object", + "properties": { + "secretName": { + "type": "string" + }, + "hosts": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + } +} diff --git a/charts/headlamp/values.yaml b/charts/headlamp/values.yaml new file mode 100644 index 0000000..4505408 --- /dev/null +++ b/charts/headlamp/values.yaml @@ -0,0 +1,204 @@ +# Default values for headlamp. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- Number of desired pods +replicaCount: 1 + +image: + # -- Container image registry + registry: ghcr.io + # -- Container image name + repository: headlamp-k8s/headlamp + # -- Image pull policy. One of Always, Never, IfNotPresent + pullPolicy: IfNotPresent + # -- Container image tag, If "" uses appVersion in Chart.yaml + tag: "" + +# -- An optional list of references to secrets in the same namespace to use for pulling any of the images used +imagePullSecrets: [] +# -- Overrides the name of the chart +nameOverride: "" +# -- Overrides the full name of the chart +fullnameOverride: "" + +# -- An optional list of init containers to be run before the main containers. +initContainers: [] + +config: + # -- base url path at which headlamp should run + baseURL: "" + oidc: + # Option 1: + # @param config.oidc.secret - OIDC secret configuration + # If you want to use an existing secret, set create to false and provide the name of the secret. + # If you want to create a new secret, set create to true and provide the name of the secret. + # Also provide the values for clientID, clientSecret, issuerURL, and scopes. + # Example: + # config: + # oidc: + # secret: + # create: true + # name: oidc + secret: + # -- Generate OIDC secret. If true, will generate a secret using .config.oidc. + create: true + # -- Name of the OIDC secret. + name: oidc + + # Option 2: + # @param config.oidc - OIDC env configuration + # If you want to set the OIDC configuration directly, set the following values. + # Example: + # config: + # oidc: + # clientID: "clientID" + # clientSecret: "clientSecret" + # issuerURL: "issuerURL" + # scopes: "scopes" + + # -- OIDC client ID + clientID: "" + # -- OIDC client secret + clientSecret: "" + # -- OIDC issuer URL + issuerURL: "" + # -- OIDC scopes to be used + scopes: "" + + # Option 3: + # @param config.oidc - External OIDC secret configuration + # If you want to use an external secret for OIDC configuration, enable this option. + # Provide the name of the secret to use. + # Example: + # config: + # oidc: + # secret: + # create: false + # externalSecret: + # enabled: true + # name: oidc + externalSecret: + enabled: false + name: "" + # -- directory to look for plugins + pluginsDir: "/headlamp/plugins" + # Extra arguments that can be given to the container. See charts/headlamp/README.md for more information. + extraArgs: [] + +# -- An optional list of environment variables +# env: +# - name: KUBERNETES_SERVICE_HOST +# value: "localhost" +# - name: KUBERNETES_SERVICE_PORT +# value: "6443" + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use.(If not set and create is true, a name is generated using the fullname template) + name: "" + +clusterRoleBinding: + # -- Specified whether a cluster role binding should be created + create: true + # -- Annotations to add to the cluster role binding + annotations: {} + +# -- Annotations to add to the pod +podAnnotations: {} + +# -- Headlamp pod's Security Context +podSecurityContext: + {} + # fsGroup: 2000 + +# -- Headlamp containers Security Context +securityContext: + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + runAsNonRoot: true + privileged: false + runAsUser: 100 + runAsGroup: 101 + +service: + # -- Kubernetes Service type + type: ClusterIP + # -- Kubernetes Service port + port: 80 + +# -- Headlamp containers volume mounts +volumeMounts: [] + +# -- Headlamp pod's volumes +volumes: [] + +persistentVolumeClaim: + # -- Enable Persistent Volume Claim + enabled: false + # -- Annotations to add to the persistent volume claim (if enabled) + annotations: + {} + # -- accessModes for the persistent volume claim, eg: ReadWriteOnce, ReadOnlyMany, ReadWriteMany etc. + accessModes: [] + # -- size of the persistent volume claim, eg: 10Gi. Required if enabled is true. + size: "" + # -- storageClassName for the persistent volume claim. + storageClassName: "" + # -- selector for the persistent volume claim. + selector: {} + # -- volumeMode for the persistent volume claim, eg: Filesystem, Block. + volumeMode: "" + +ingress: + # -- Enable ingress controller resource + enabled: false + # -- Annotations for Ingress resource + annotations: + {} + # kubernetes.io/tls-acme: "true" + + # -- Ingress class name. replacement for the deprecated "kubernetes.io/ingress.class" annotation + ingressClassName: "" + + # -- Hostname(s) for the Ingress resource + # Please refer to https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec for more information. + hosts: + [] + # - host: chart-example.local + # paths: + # - path: / + # type: ImplementationSpecifichosts + # -- Ingress TLS configuration + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# -- CPU/Memory resource requests/limits +resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# -- Node labels for pod assignment +nodeSelector: {} + +# -- Toleration labels for pod assignment +tolerations: [] + +# -- Affinity settings for pod assignment +affinity: {}