Skip to content

C
charts
Commit 69d24284 by Guangbo Chen
Options

bump chartmuseum to v1.6.2

parent 84cc6f5b
Showing with 1419 additions and 40 deletions
charts/chartmuseum/latest/Chart.yaml
apiVersion: v1
description: Helm Chart Repository with support for Amazon S3 and Google Cloud Storage
name: chartmuseum
version: 1.6.0
version: 1.6.2
appVersion: 0.7.1
home: https://github.com/chartmuseum/chartmuseum
icon: https://raw.githubusercontent.com/chartmuseum/chartmuseum/master/logo.png
icon: file://../logo.png
keywords:
- chartmuseum
- helm
......
charts/chartmuseum/latest/README.md
......@@ -25,7 +25,7 @@ Please also see https://github.com/kubernetes-helm/chartmuseum
- [Uninstall](#uninstall)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
## Prerequisites
......@@ -46,7 +46,7 @@ kubectl create -f /path/to/storage_class.yaml
```
The following table lists common configurable parameters of the chart and
their default values. See values.yaml for all available options.
their default values. See values.yaml for all available options.
| Parameter | Description | Default |
|----------------------------------------|---------------------------------------------|-----------------------------------------------------|
......@@ -108,6 +108,8 @@ their default values. See values.yaml for all available options.
| `gcp.secret.enabled` | Flag for the GCP service account | `false` |
| `gcp.secret.name` | Secret name for the GCP json file | `` |
| `gcp.secret.key` | Secret key for te GCP json file | `credentials.json` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.clusterIP` | Static clusterIP or None for headless services| `nil` |
Specify each parameter using the `--set key=value[,key=value]` argument to
`helm install`.
......@@ -165,7 +167,7 @@ env:
STORAGE_AMAZON_REGION: us-east-1
secret:
AWS_ACCESS_KEY_ID: "********" ## aws access key id value
AWS_SECRET_ACCESS_KEY: "********" ## aws access key secret value
AWS_SECRET_ACCESS_KEY: "********" ## aws access key secret value
```
Run command to install
......@@ -318,7 +320,7 @@ env:
STORAGE_MICROSOFT_PREFIX:
secret:
AZURE_STORAGE_ACCOUNT: "********" ## azure storage account
AZURE_STORAGE_ACCESS_KEY: "********" ## azure storage account access key
AZURE_STORAGE_ACCESS_KEY: "********" ## azure storage account access key
```
Run command to install
......@@ -346,7 +348,7 @@ env:
STORAGE_ALIBABA_ENDPOINT: oss-cn-beijing.aliyuncs.com
secret:
ALIBABA_CLOUD_ACCESS_KEY_ID: "********" ## alibaba OSS access key id
ALIBABA_CLOUD_ACCESS_KEY_SECRET: "********" ## alibaba OSS access key secret
ALIBABA_CLOUD_ACCESS_KEY_SECRET: "********" ## alibaba OSS access key secret
```
Run command to install
......@@ -389,8 +391,8 @@ helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
### Using with local filesystem storage
By default chartmuseum uses local filesystem storage.
But on pod recreation it will lose all charts, to prevent that enable persistent storage.
By default chartmuseum uses local filesystem storage.
But on pod recreation it will lose all charts, to prevent that enable persistent storage.
```yaml
env:
......@@ -438,12 +440,12 @@ parameters:
adminSecretNamespace: default
pool: chartstore
userId: user
userSecretName: thesecret
userSecretName: thesecret
```
## Uninstall
## Uninstall
By default, a deliberate uninstall will result in the persistent volume
By default, a deliberate uninstall will result in the persistent volume
claim being deleted.
```shell
......
charts/chartmuseum/latest/questions.yml
......@@ -245,6 +245,11 @@ questions:
group: "Storage Options"
label: Default StorageClass for Local Storage
show_if: "env.open.STORAGE=local&&persistence.enabled=true"
- variable: persistence.existingClaim
default: ""
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Uses Existing Persistent Volume Cliam for LocalStorage
# Service and L7 LoadBalancer
- variable: ingress.enabled
default: true
......
charts/chartmuseum/latest/templates/NOTES.txt
......@@ -25,6 +25,6 @@ OR
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "chartmuseum.name" . }}" -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8080{{ .Values.env.open.CONTEXT_PATH }}/
kubectl port-forward $POD_NAME 8080:8080
kubectl port-forward $POD_NAME 8080:8080 --namespace {{ .Release.Namespace }}
{{- end }}
charts/chartmuseum/latest/templates/deployment.yaml
......@@ -100,7 +100,7 @@ spec:
{{- end }}
volumes:
- name: storage-volume
{{- if and .Values.persistence.enabled (eq .Values.env.open.STORAGE "local") }}
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "chartmuseum.fullname" .) }}
{{- else }}
......
charts/chartmuseum/latest/templates/ingress.yaml
{{- if .Values.ingress.enabled -}}
{{- $servicePort := .Values.service.externalPort -}}
{{- $serviceName := include "chartmuseum.fullname" . -}}
{{- if .Values.ingress.enabled }}
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "chartmuseum.fullname" . }}
labels:
app: {{ template "chartmuseum.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ include "chartmuseum.fullname" . }}
annotations:
{{ toYaml .Values.ingress.annotations | indent 4 }}
labels:
......@@ -19,15 +15,15 @@ metadata:
{{ include "chartmuseum.labels.standard" . | indent 4 }}
spec:
rules:
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host }}
http:
paths:
- path:
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host }}
http:
paths:
- path:
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
......
charts/chartmuseum/latest/templates/pvc.yaml
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
{{- if eq .Values.env.open.STORAGE "local" }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
......@@ -21,4 +20,3 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/chartmuseum/latest/templates/service.yaml
......@@ -12,6 +12,11 @@ metadata:
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if eq .Values.service.type "ClusterIP" }}
{{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- end }}
ports:
- port: {{ .Values.service.externalPort }}
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
......
charts/chartmuseum/latest/values.yaml
......@@ -98,18 +98,18 @@ replica:
# iam.amazonaws.com/role: role-arn
service:
type: ClusterIP
# clusterIP: None
externalPort: 8080
nodePort:
annotations: {}
# resources: {}
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 80m
memory: 64Mi
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 80m
# memory: 64Mi
probes:
liveness:
......
charts/chartmuseum/v1.6.0/.helmignore 0 → 100644
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# OWNERS file for Kubernetes
OWNERS
charts/chartmuseum/v1.6.0/Chart.yaml 0 → 100644
apiVersion: v1
description: Helm Chart Repository with support for Amazon S3 and Google Cloud Storage
name: chartmuseum
version: 1.6.0
appVersion: 0.7.1
home: https://github.com/chartmuseum/chartmuseum
icon: https://raw.githubusercontent.com/chartmuseum/chartmuseum/master/logo.png
keywords:
- chartmuseum
- helm
- charts repo
maintainers:
- name: codefresh-io
email: opensource@codefresh.io
- name: cloudposse
email: hello@cloudposse.com
- name: chartmuseum
email: chartmuseum@gmail.com
charts/chartmuseum/v1.6.0/OWNERS 0 → 100644
approvers:
- jdolitsky
- goruha
reviewers:
- jdolitsky
- goruha
charts/chartmuseum/v1.6.0/README.md 0 → 100644
# ChartMuseum Helm Chart
Deploy your own private ChartMuseum.
Please also see https://github.com/kubernetes-helm/chartmuseum
## Table of Content
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [Prerequisites](#prerequisites)
- [Configuration](#configuration)
- [Installation](#installation)
- [Using with Amazon S3](#using-with-amazon-s3)
- [permissions grant with access keys](#permissions-grant-with-access-keys)
- [permissions grant with IAM instance profile](#permissions-grant-with-iam-instance-profile)
- [permissions grant with IAM assumed role](#permissions-grant-with-iam-assumed-role)
- [Using with Google Cloud Storage](#using-with-google-cloud-storage)
- [Using with Microsoft Azure Blob Storage](#using-with-microsoft-azure-blob-storage)
- [Using with Alibaba Cloud OSS Storage](#using-with-alibaba-cloud-oss-storage)
- [Using with local filesystem storage](#using-with-local-filesystem-storage)
- [Example storage class](#example-storage-class)
- [Uninstall](#uninstall)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
## Prerequisites
* Kubernetes with extensions/v1beta1 available
* [If enabled] A persistent storage resource and RW access to it
* [If enabled] Kubernetes StorageClass for dynamic provisioning
## Configuration
By default this chart will not have persistent storage, and the API service
will be *DISABLED*. This protects against unauthorized access to the API
with default configuration values.
For a more robust solution supply helm install with a custom values.yaml
You are also required to create the StorageClass resource ahead of time:
```
kubectl create -f /path/to/storage_class.yaml
```
The following table lists common configurable parameters of the chart and
their default values. See values.yaml for all available options.
| Parameter | Description | Default |
|----------------------------------------|---------------------------------------------|-----------------------------------------------------|
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.repository` | Container image to use | `chartmuseum/chartmuseum` |
| `image.tag` | Container image tag to deploy | `v0.7.1` |
| `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` |
| `persistence.enabled` | Whether to use a PVC for persistent storage | `false` |
| `persistence.size` | Amount of space to claim for PVC | `8Gi` |
| `persistence.storageClass` | Storage Class to use for PVC | `-` |
| `replicaCount` | k8s replicas | `1` |
| `resources.limits.cpu` | Container maximum CPU | `100m` |
| `resources.limits.memory` | Container maximum memory | `128Mi` |
| `resources.requests.cpu` | Container requested CPU | `80m` |
| `resources.requests.memory` | Container requested memory | `64Mi` |
| `serviceAccount.create` | If true, create the service account | `false` |
| `serviceAccount.name` | Name of the serviceAccount to create or use | `{{ chartmuseum.fullname }}` |
| `securityContext` | Map of securityContext for the pod | `{}` |
| `nodeSelector` | Map of node labels for pod assignment | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `affinity` | Map of node/pod affinities | `{}` |
| `env.open.STORAGE` | Storage Backend to use | `local` |
| `env.open.ALIBABA_BUCKET` | Bucket to store charts in for Alibaba | `` |
| `env.open.ALIBABA_PREFIX` | Prefix to store charts under for Alibaba | `` |
| `env.open.ALIBABA_ENDPOINT` | Alternative Alibaba endpoint | `` |
| `env.open.ALIBABA_SSE` | Server side encryption algorithm to use | `` |
| `env.open.AMAZON_BUCKET` | Bucket to store charts in for AWS | `` |
| `env.open.AMAZON_ENDPOINT` | Alternative AWS endpoint | `` |
| `env.open.AMAZON_PREFIX` | Prefix to store charts under for AWS | `` |
| `env.open.AMAZON_REGION` | Region to use for bucket access for AWS | `` |
| `env.open.AMAZON_SSE` | Server side encryption algorithm to use | `` |
| `env.open.GOOGLE_BUCKET` | Bucket to store charts in for GCP | `` |
| `env.open.GOOGLE_PREFIX` | Prefix to store charts under for GCP | `` |
| `env.open.STORAGE_MICROSOFT_CONTAINER` | Container to store charts under for MS | `` |
| `env.open.STORAGE_MICROSOFT_PREFIX` | Prefix to store charts under for MS | `` |
| `env.open.STORAGE_OPENSTACK_CONTAINER` | Container to store charts for openstack | `` |
| `env.open.STORAGE_OPENSTACK_PREFIX` | Prefix to store charts for openstack | `` |
| `env.open.STORAGE_OPENSTACK_REGION` | Region of openstack container | `` |
| `env.open.STORAGE_OPENSTACK_CACERT` | Path to a CA cert bundle for openstack | `` |
| `env.open.CHART_POST_FORM_FIELD_NAME` | Form field to query for chart file content | `` |
| `env.open.PROV_POST_FORM_FIELD_NAME` | Form field to query for chart provenance | `` |
| `env.open.DEPTH` | levels of nested repos for multitenancy. | `0` |
| `env.open.DEBUG` | Show debug messages | `false` |
| `env.open.LOG_JSON` | Output structured logs in JSON | `true` |
| `env.open.DISABLE_STATEFILES` | Disable use of index-cache.yaml | `false` |
| `env.open.DISABLE_METRICS` | Disable Prometheus metrics | `true` |
| `env.open.DISABLE_API` | Disable all routes prefixed with /api | `true` |
| `env.open.ALLOW_OVERWRITE` | Allow chart versions to be re-uploaded | `false` |
| `env.open.CHART_URL` | Absolute url for .tgzs in index.yaml | `` |
| `env.open.AUTH_ANONYMOUS_GET` | Allow anon GET operations when auth is used | `false` |
| `env.open.CONTEXT_PATH` | Set the base context path | `` |
| `env.open.INDEX_LIMIT` | Parallel scan limit for the repo indexer | `` |
| `env.open.CACHE` | Cache store, can be one of: redis | `` |
| `env.open.CACHE_REDIS_ADDR` | Address of Redis service (host:port) | `` |
| `env.open.CACHE_REDIS_DB` | Redis database to be selected after connect | `0` |
| `env.secret.BASIC_AUTH_USER` | Username for basic HTTP authentication | `` |
| `env.secret.BASIC_AUTH_PASS` | Password for basic HTTP authentication | `` |
| `env.secret.CACHE_REDIS_PASSWORD` | Redis requirepass server configuration | `` |
| `gcp.secret.enabled` | Flag for the GCP service account | `false` |
| `gcp.secret.name` | Secret name for the GCP json file | `` |
| `gcp.secret.key` | Secret key for te GCP json file | `credentials.json` |
Specify each parameter using the `--set key=value[,key=value]` argument to
`helm install`.
## Installation
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
### Using with Amazon S3
Make sure your environment is properly setup to access `my-s3-bucket`
You need at least the following permissions inside your IAM Policy
```yaml
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListObjects",
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::my-s3-bucket"
},
{
"Sid": "AllowObjectsCRUD",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my-s3-bucket/*"
}
]
}
```
You can grant it to `chartmuseum` by several ways:
#### permissions grant with access keys
Grant permissions to `special user` and us it's access keys for auth on aws
Specify `custom.yaml` with such values
```yaml
env:
open:
STORAGE: amazon
STORAGE_AMAZON_BUCKET: my-s3-bucket
STORAGE_AMAZON_PREFIX:
STORAGE_AMAZON_REGION: us-east-1
secret:
AWS_ACCESS_KEY_ID: "********" ## aws access key id value
AWS_SECRET_ACCESS_KEY: "********" ## aws access key secret value
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
#### permissions grant with IAM instance profile
You can grant permissions to k8s node IAM instance profile.
For more information read this [article](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)
Specify `custom.yaml` with such values
```yaml
env:
open:
STORAGE: amazon
STORAGE_AMAZON_BUCKET: my-s3-bucket
STORAGE_AMAZON_PREFIX:
STORAGE_AMAZON_REGION: us-east-1
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
#### permissions grant with IAM assumed role
To provide access with assumed role you need to install [kube2iam](https://github.com/kubernetes/charts/tree/master/stable/kube2iam)
and create role with granded permissions.
Specify `custom.yaml` with such values
```yaml
env:
open:
STORAGE: amazon
STORAGE_AMAZON_BUCKET: my-s3-bucket
STORAGE_AMAZON_PREFIX:
STORAGE_AMAZON_REGION: us-east-1
replica:
annotations:
iam.amazonaws.com/role: "{assumed role name}"
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
### Using with Google Cloud Storage
Make sure your environment is properly setup to access `my-gcs-bucket`
Specify `custom.yaml` with such values
```yaml
env:
open:
STORAGE: google
STORAGE_GOOGLE_BUCKET: my-gcs-bucket
STORAGE_GOOGLE_PREFIX:
```
### Using with Google Cloud Storage and a Google Service Account
A Google service account credentials are stored in a json file. There are two approaches here. Ideally you don't want to send your secrets to tiller. In that case, before installing this chart, you should create a secret with those credentials:
```shell
kubectl create secret generic chartmuseum-secret --from-file=credentials.json="my-project-45e35d85a593.json"
```
Then you can either use a `VALUES` yaml with your values or set those values in the command line:
```shell
helm install stable/chartmuseum --debug --set gcp.secret.enabled=true,env.open.STORAGE=google,env.open.DISABLE_API=false,env.open.STORAGE_GOOGLE_BUCKET=my-gcp-chartmuseum,gcp.secret.name=chartmuseum-secret
```
If you prefer to use a yaml file:
```yaml
env:
open:
STORAGE: google
STORAGE_GOOGLE_BUCKET: my-gcs-bucket
STORAGE_GOOGLE_PREFIX:
gcp:
secret:
enabled: true
name: chartmuseum-secret
key: credentials.json
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
In case that you don't mind adding your secret to tiller (you shouldn't do it), this are the commands
```yaml
env:
open:
STORAGE: google
STORAGE_GOOGLE_BUCKET: my-gcs-bucket
STORAGE_GOOGLE_PREFIX:
secret:
GOOGLE_CREDENTIALS_JSON: my-json-file-base64-encoded
gcp:
secret:
enabled: true
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
To set the values directly in the command line, use the follosing command. Note that we have to base64 encode the json file because we cannot pass a multi-line text as a value.
```shell
export JSONKEY=$(cat my-project-77e35d85a593.json | base64)
helm install stable/chartmuseum --debug --set gcp.secret.enabled=true,env.secret.GOOGLE_CREDENTIALS_JSON=${JSONKEY},env.open.STORAGE=google,env.open.DISABLE_API=false,env.open.STORAGE_GOOGLE_BUCKET=my-gcp-chartmuseum
```
### Using with Microsoft Azure Blob Storage
Make sure your environment is properly setup to access `mycontainer`.
To do so, you must set the following env vars:
- `AZURE_STORAGE_ACCOUNT`
- `AZURE_STORAGE_ACCESS_KEY`
Specify `custom.yaml` with such values
```yaml
env:
open:
STORAGE: microsoft
STORAGE_MICROSOFT_CONTAINER: mycontainer
# prefix to store charts for microsoft storage backend
STORAGE_MICROSOFT_PREFIX:
secret:
AZURE_STORAGE_ACCOUNT: "********" ## azure storage account
AZURE_STORAGE_ACCESS_KEY: "********" ## azure storage account access key
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
### Using with Alibaba Cloud OSS Storage
Make sure your environment is properly setup to access `my-oss-bucket`.
To do so, you must set the following env vars:
- `ALIBABA_CLOUD_ACCESS_KEY_ID`
- `ALIBABA_CLOUD_ACCESS_KEY_SECRET`
Specify `custom.yaml` with such values
```yaml
env:
open:
STORAGE: alibaba
STORAGE_ALIBABA_BUCKET: my-oss-bucket
STORAGE_ALIBABA_PREFIX:
STORAGE_ALIBABA_ENDPOINT: oss-cn-beijing.aliyuncs.com
secret:
ALIBABA_CLOUD_ACCESS_KEY_ID: "********" ## alibaba OSS access key id
ALIBABA_CLOUD_ACCESS_KEY_SECRET: "********" ## alibaba OSS access key secret
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
### Using with Openstack Object Storage
Make sure your environment is properly setup to access `mycontainer`.
To do so, you must set the following env vars (depending on your openstack version):
- `OS_AUTH_URL`
- either `OS_PROJECT_NAME` or `OS_TENANT_NAME` or `OS_PROJECT_ID` or `OS_TENANT_ID`
- either `OS_DOMAIN_NAME` or `OS_DOMAIN_ID`
- either `OS_USERNAME` or `OS_USERID`
- `OS_PASSWORD`
Specify `custom.yaml` with such values
```yaml
env:
open:
STORAGE: openstack
STORAGE_OPENSTACK_CONTAINER: mycontainer
STORAGE_OPENSTACK_PREFIX:
STORAGE_OPENSTACK_REGION: YOURREGION
secret:
OS_AUTH_URL: https://myauth.url.com/v2.0/
OS_TENANT_ID: yourtenantid
OS_USERNAME: yourusername
OS_PASSWORD: yourpassword
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
### Using with local filesystem storage
By default chartmuseum uses local filesystem storage.
But on pod recreation it will lose all charts, to prevent that enable persistent storage.
```yaml
env:
open:
STORAGE: local
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 8Gi
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
## Chartmuseum data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
#### Example storage class
Example storage-class.yaml provided here for use with a Ceph cluster.
```
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: storage-volume
provisioner: kubernetes.io/rbd
parameters:
monitors: "10.11.12.13:4567,10.11.12.14:4567"
adminId: admin
adminSecretName: thesecret
adminSecretNamespace: default
pool: chartstore
userId: user
userSecretName: thesecret
```
## Uninstall
By default, a deliberate uninstall will result in the persistent volume
claim being deleted.
```shell
helm delete my-chartmuseum
```
To delete the deployment and its history:
```shell
helm delete --purge my-chartmuseum
```
charts/chartmuseum/v1.6.0/questions.yml 0 → 100644
questions:
- variable: defaultImage
default: true
description: "Use default Docker image"
label: Use Default Image
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: image.repository
default: "chartmuseum/chartmuseum"
description: "Docker image repository"
type: string
label: Image Repository
- variable: image.tag
default: "v0.7.1"
description: "Docker image tag"
type: string
label: Image Tag
# storage settings
- variable: env.open.STORAGE
required: true
default: "local"
description: "Storage Backend to use"
type: enum
label: Storage Backend To Use
group: "Storage Options"
options:
- "local"
- "amazon"
- "alibaba"
- "google"
- "microsoft"
- "openstack"
- variable: env.open.STORAGE_AMAZON_BUCKET
default: ""
type: string
description: "S3 bucket to store charts for amazon storage backend"
label: S3 Bucket Name
group: "Storage Options"
required: true
show_if: "env.open.STORAGE=amazon"
- variable: env.open.STORAGE_AMAZON_PREFIX
default: ""
type: string
description: "prefix to store charts for amazon storage backend"
label: Prefix To Store Charts Under for AWS S3 (Optional)
group: "Storage Options"
show_if: "env.open.STORAGE=amazon"
- variable: env.open.STORAGE_AMAZON_REGION
default: ""
required: true
type: string
description: "Region to use for bucket access for AWS "
label: Region for S3 Bucket Storage
group: "Storage Options"
show_if: "env.open.STORAGE=amazon"
# Alibaba Cloud Storage Options
- variable: env.open.STORAGE_ALIBABA_BUCKET
default: ""
type: string
description: "OSS bucket to store charts for alibaba storage backend"
label: OSS Bucket Name
group: "Storage Options"
show_if: "env.open.STORAGE=alibaba"
- variable: env.open.STORAGE_ALIBABA_PREFIX
default: ""
type: string
description: "Prefix to store charts for alibaba storage backend"
label: OSS Bucket Prefix
group: "Storage Options"
show_if: "env.open.STORAGE=alibaba"
- variable: env.open.STORAGE_ALIBABA_ENDPOINT
default: ""
type: string
description: "OSS endpoint to store charts for alibaba storage backend"
label: Alternative OSS Storage Endpoint
group: "Storage Options"
show_if: "env.open.STORAGE=alibaba"
# Google Storage Options
- variable: env.open.STORAGE_GOOGLE_BUCKET
default: ""
type: string
description: "GCS bucket to store charts for google storage backend"
label: GCS Bucket Name
group: "Storage Options"
show_if: "env.open.STORAGE=google"
- variable: env.open.STORAGE_GOOGLE_PREFIX
default: ""
type: string
description: "Prefix to store charts for google storage backend"
label: GCS Bucket Prefix
group: "Storage Options"
show_if: "env.open.STORAGE=google"
# Microsoft Azure Storage Options
- variable: env.open.STORAGE_MICROSOFT_CONTAINER
default: ""
type: string
description: "Container to store charts for microsoft storage backend"
label: Microsoft Azure Blob Storage Name
group: "Storage Options"
show_if: "env.open.STORAGE=microsoft"
- variable: env.open.STORAGE_MICROSOFT_PREFIX
default: ""
type: string
description: "Prefix to store charts for microsoft storage backend"
label: Microsoft Azure Blob Storage Prefix
group: "Storage Options"
show_if: "env.open.STORAGE=microsoft"
# OpenStack Storage Options
- variable: env.open.STORAGE_OPENSTACK_CONTAINER
default: ""
type: string
description: "Prefix to store charts for openstack storage backend"
label: Openstack Object Storage Container Name
group: "Storage Options"
show_if: "env.open.STORAGE=openstack"
- variable: env.open.STORAGE_OPENSTACK_PREFIX
default: ""
type: string
description: "Prefix to store charts for openstack storage backend"
label: Prefix To Openstack Object Storage Container
group: "Storage Options"
show_if: "env.open.STORAGE=openstack"
- variable: env.open.STORAGE_OPENSTACK_REGION
default: ""
type: string
description: "Region of openstack container"
label: Region Of Openstack Object Storage Container
group: "Storage Options"
show_if: "env.open.STORAGE=openstack"
# Storage Secret
- variable: env.secret.AWS_ACCESS_KEY_ID
default: ""
type: string
description: "AWS access key id value"
label: AWS Access Key ID Value
group: "Storage Secret"
show_if: "env.open.STORAGE=amazon"
- variable: env.secret.AWS_SECRET_ACCESS_KEY
default: ""
type: string
description: "aws access key secret value "
label: AWS Access Key Secret Value
group: "Storage Secret"
show_if: "env.open.STORAGE=amazon"
- variable: env.secret.ALIBABA_CLOUD_ACCESS_KEY_ID
default: ""
type: string
description: "alibaba OSS access key id"
label: OSS Access Key ID
group: "Storage Secret"
show_if: "env.open.STORAGE=alibaba"
- variable: env.secret.ALIBABA_CLOUD_ACCESS_KEY_SECRET
default: ""
type: string
description: "alibaba OSS access key secret "
label: OSS Access Key Secret
group: "Storage Secret"
show_if: "env.open.STORAGE=alibaba"
- variable: gcp.secret.enabled
default: false
type: boolean
description: "Flag for the GCP service account"
label: Enable GCP Service Account
group: "Storage Secret"
show_if: "env.open.STORAGE=google"
show_subquestion_if: true
subquestions:
- variable: gcp.secret.name
default: ""
type: string
description: "secret name for the gcp json file"
label: Secret Name For The GCP Json File
- variable: gcp.secret.key
default: "credentials.json"
type: string
description: "Secret key for the GCP json file"
label: Secret Key For The GCP Json File
# Openstack Object Storage secret
- variable: env.secret.OS_AUTH_URL
default: ""
type: string
description: "Openstack object storage auth url"
label: Auth URL Of Openstack Object Storage
group: "Storage Secret"
show_if: "env.open.STORAGE=openstack"
- variable: env.secret.OS_TENANT_ID
default: ""
type: string
description: "Openstack object storage tenant id"
label: Tenant ID Of Openstack Object Storage
group: "Storage Secret"
show_if: "env.open.STORAGE=openstack"
- variable: env.secret.OS_USERNAME
default: ""
type: string
description: "Openstack object storage username"
label: Username Of Openstack Object Storage
group: "Storage Secret"
show_if: "env.open.STORAGE=openstack"
- variable: env.secret.OS_PASSWORD
default: ""
type: string
description: "Openstack object storage password"
label: Password Of Openstack Object Storage
group: "Storage Secret"
show_if: "env.open.STORAGE=openstack"
# Microsoft azure secret
- variable: env.secret.AZURE_STORAGE_ACCOUNT
default: ""
type: string
description: "azure storage account"
label: Azure Storage Account
group: "Storage Secret"
show_if: "env.open.STORAGE=microsoft"
- variable: env.secret.AZURE_STORAGE_ACCESS_KEY
default: ""
type: string
description: "azure storage account access key "
label: Azure Storage Account Access Key
group: "Storage Secret"
show_if: "env.open.STORAGE=microsoft"
# Local Storage Settings
- variable: persistence.enabled
default: true
type: boolean
description: "use a PVC for persistent storage for local storage"
label: Enable Persistent Storage For Local Storage
group: "Storage Options"
show_if: "env.open.STORAGE=local"
show_subquestion_if: true
subquestions:
- variable: persistence.size
default: "10Gi"
type: string
description: "Local Storage Persistent Volume Size"
label: Local Storage Volume Size
group: "Storage Options"
show_if: "env.open.STORAGE=local&&persistence.enabled=true"
- variable: persistence.storageClass
default: ""
description: "If undefined or null, uses the default StorageClass. Default to null"
type: storageclass
group: "Storage Options"
label: Default StorageClass for Local Storage
show_if: "env.open.STORAGE=local&&persistence.enabled=true"
- variable: persistence.existingClaim
default: ""
description: "If not empty, uses the specified existing PVC instead of creating new one"
type: pvc
label: Existing Persistent Volume for LocalStorage
# Service and L7 LoadBalancer
- variable: ingress.enabled
default: true
description: "Expose app using Layer 7 Load Balancer - ingress"
type: boolean
label: Expose app using Layer 7 Load Balancer
show_subquestion_if: true
group: "Services and Load Balancing"
subquestions:
- variable: ingress.hosts[0]
default: "xip.io"
description: "Hostname to your app installation"
type: hostname
required: true
label: Hostname
- variable: service.type
required: true
default: "NodePort"
description: "ChartMuseum Service Type"
type: enum
label: Service Type For ChartMuseum
group: "Services and Load Balancing"
show_if: "ingress.enabled=false"
options:
- "ClusterIP"
- "NodePort"
- "LoadBalancer"
# chartmuseum options
- variable: env.secret.BASIC_AUTH_USER
default: ""
description: "Username for basic http authentication"
type: string
label: Username For Basic Http Authentication (Optional)
group: "ChartMuseum Settings"
- variable: env.secret.BASIC_AUTH_PASS
default: ""
description: "Password for basic http authentication"
type: string
label: Password For Basic Http Authentication (Optional)
group: "ChartMuseum Settings"
- variable: env.open.CHART_URL
default: ""
description: "Absolute url for .tgzs in index.yaml"
type: string
label: Absolute URL For .tgzs In index.yaml
group: "ChartMuseum Settings"
- variable: env.open.SHOW_ADVANCED
default: false
description: "Show advanced ChartMuseum settings"
type: boolean
label: Show Advanced ChartMuseum Settings
group: "ChartMuseum Settings"
show_subquestion_if: true
subquestions:
- variable: env.open.DEPTH
default: "0"
description: "Levels of nested repos for multitenancy."
type: string
label: Levels Of Nested Repos For Multitenancy
- variable: env.open.ALLOW_OVERWRITE
default: false
description: "Allow chart versions to be re-uploaded"
type: boolean
label: Allow Chart Versions To Be Re-uploaded
- variable: env.open.AUTH_ANONYMOUS_GET
default: false
description: "Allow anonymous GET operations when auth is used"
type: boolean
label: Allow Anonymous GET Operations When Auth Is Used
- variable: env.open.DISABLE_METRICS
default: true
description: "Disable Prometheus metrics of Chartmuseum"
type: boolean
label: Disable Prometheus Metrics
charts/chartmuseum/v1.6.0/templates/NOTES.txt 0 → 100644
** Please be patient while the chart is being deployed **
Get the ChartMuseum URL by running:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "chartmuseum.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT{{ .Values.env.open.CONTEXT_PATH }}/
{{- else if contains "LoadBalancer" .Values.service.type }}
** Please ensure an external IP is associated to the {{ template "chartmuseum.fullname" . }} service before proceeding **
** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "chartmuseum.fullname" . }} **
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "chartmuseum.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.externalPort }}{{ .Values.env.open.CONTEXT_PATH }}/
OR
export SERVICE_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "chartmuseum.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo http://$SERVICE_HOST:{{ .Values.service.externalPort }}{{ .Values.env.open.CONTEXT_PATH }}/
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "chartmuseum.name" . }}" -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:8080{{ .Values.env.open.CONTEXT_PATH }}/
kubectl port-forward $POD_NAME 8080:8080
{{- end }}
charts/chartmuseum/v1.6.0/templates/_helpers.tpl 0 → 100644
{{- /*
name defines a template for the name of the chartmuseum chart.
The prevailing wisdom is that names should only contain a-z, 0-9 plus dot (.) and dash (-), and should
not exceed 63 characters.
Parameters:
- .Values.nameOverride: Replaces the computed name with this given name
- .Values.namePrefix: Prefix
- .Values.global.namePrefix: Global prefix
- .Values.nameSuffix: Suffix
- .Values.global.nameSuffix: Global suffix
The applied order is: "global prefix + prefix + name + suffix + global suffix"
Usage: 'name: "{{- template "chartmuseum.name" . -}}"'
*/ -}}
{{- define "chartmuseum.name"}}
{{- $global := default (dict) .Values.global -}}
{{- $base := default .Chart.Name .Values.nameOverride -}}
{{- $gpre := default "" $global.namePrefix -}}
{{- $pre := default "" .Values.namePrefix -}}
{{- $suf := default "" .Values.nameSuffix -}}
{{- $gsuf := default "" $global.nameSuffix -}}
{{- $name := print $gpre $pre $base $suf $gsuf -}}
{{- $name | lower | trunc 54 | trimSuffix "-" -}}
{{- end -}}
{{- /*
fullname defines a suitably unique name for a resource by combining
the release name and the chartmuseum chart name.
The prevailing wisdom is that names should only contain a-z, 0-9 plus dot (.) and dash (-), and should
not exceed 63 characters.
Parameters:
- .Values.fullnameOverride: Replaces the computed name with this given name
- .Values.fullnamePrefix: Prefix
- .Values.global.fullnamePrefix: Global prefix
- .Values.fullnameSuffix: Suffix
- .Values.global.fullnameSuffix: Global suffix
The applied order is: "global prefix + prefix + name + suffix + global suffix"
Usage: 'name: "{{- template "chartmuseum.fullname" . -}}"'
*/ -}}
{{- define "chartmuseum.fullname"}}
{{- $global := default (dict) .Values.global -}}
{{- $base := default (printf "%s-%s" .Release.Name .Chart.Name) .Values.fullnameOverride -}}
{{- $gpre := default "" $global.fullnamePrefix -}}
{{- $pre := default "" .Values.fullnamePrefix -}}
{{- $suf := default "" .Values.fullnameSuffix -}}
{{- $gsuf := default "" $global.fullnameSuffix -}}
{{- $name := print $gpre $pre $base $suf $gsuf -}}
{{- $name | lower | trunc 54 | trimSuffix "-" -}}
{{- end -}}
{{- /*
chartmuseum.labels.standard prints the standard chartmuseum Helm labels.
The standard labels are frequently used in metadata.
*/ -}}
{{- define "chartmuseum.labels.standard" -}}
app: {{ template "chartmuseum.name" . }}
chart: {{ template "chartmuseum.chartref" . }}
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
{{- end -}}
{{- /*
chartmuseum.chartref prints a chart name and version.
It does minimal escaping for use in Kubernetes labels.
Example output:
chartmuseum-0.4.5
*/ -}}
{{- define "chartmuseum.chartref" -}}
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
{{- end -}}
charts/chartmuseum/v1.6.0/templates/deployment.yaml 0 → 100644
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ include "chartmuseum.fullname" . }}
annotations:
{{ toYaml .Values.deployment.annotations | indent 4 }}
labels:
{{ include "chartmuseum.labels.standard" . | indent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
{{ toYaml .Values.strategy | indent 4 }}
revisionHistoryLimit: 10
template:
metadata:
name: {{ include "chartmuseum.fullname" . }}
annotations:
{{ toYaml .Values.replica.annotations | indent 8 }}
labels:
app: {{ template "chartmuseum.name" . }}
release: {{ .Release.Name | quote }}
spec:
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
{{- range $name, $value := .Values.env.open }}
{{- if not (empty $value) }}
- name: {{ $name | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.gcp.secret.enabled }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/etc/secrets/google/credentials.json"
{{- end }}
{{- $secret_name := include "chartmuseum.fullname" . }}
{{- range $name, $value := .Values.env.secret }}
{{- if not ( empty $value) }}
- name: {{ $name | quote }}
valueFrom:
secretKeyRef:
name: {{ $secret_name }}
key: {{ $name | quote }}
{{- end }}
{{- end }}
args:
- --port=8080
{{- if eq .Values.env.open.STORAGE "local" }}
- --storage-local-rootdir=/storage
{{- end }}
ports:
- name: http
containerPort: 8080
livenessProbe:
httpGet:
path: {{ .Values.env.open.CONTEXT_PATH }}/health
port: http
{{ toYaml .Values.probes.liveness | indent 10 }}
readinessProbe:
httpGet:
path: {{ .Values.env.open.CONTEXT_PATH }}/health
port: http
{{ toYaml .Values.probes.readiness | indent 10 }}
{{- if eq .Values.env.open.STORAGE "local" }}
volumeMounts:
- mountPath: /storage
name: storage-volume
{{- end }}
{{- if .Values.gcp.secret.enabled }}
volumeMounts:
- mountPath: /etc/secrets/google
name: {{ include "chartmuseum.fullname" . }}-gcp
{{- end }}
{{- with .Values.resources }}
resources:
{{ toYaml . | indent 10 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ include "chartmuseum.fullname" . }}
{{- else if .Values.serviceAccount.name }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
{{- with .Values.securityContext }}
securityContext:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: storage-volume
{{- if and .Values.persistence.enabled (eq .Values.env.open.STORAGE "local") }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "chartmuseum.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{ if .Values.gcp.secret.enabled }}
- name: {{ include "chartmuseum.fullname" . }}-gcp
secret:
{{ if .Values.env.secret.GOOGLE_CREDENTIALS_JSON }}
secretName: {{ include "chartmuseum.fullname" . }}
items:
- key: GOOGLE_CREDENTIALS_JSON
path: credentials.json
{{ else }}
secretName: {{ .Values.gcp.secret.name }}
items:
- key: {{ .Values.gcp.secret.key }}
path: credentials.json
{{ end }}
{{ end }}
charts/chartmuseum/v1.6.0/templates/ingress.yaml 0 → 100644
{{- if .Values.ingress.enabled -}}
{{- $servicePort := .Values.service.externalPort -}}
{{- $serviceName := include "chartmuseum.fullname" . -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "chartmuseum.fullname" . }}
labels:
app: {{ template "chartmuseum.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
{{ toYaml .Values.ingress.annotations | indent 4 }}
labels:
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels | indent 4 }}
{{- end }}
{{ include "chartmuseum.labels.standard" . | indent 4 }}
spec:
rules:
{{- range $host := .Values.ingress.hosts }}
- host: {{ $host }}
http:
paths:
- path:
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end -}}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
charts/chartmuseum/v1.6.0/templates/pvc.yaml 0 → 100644
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
{{- if eq .Values.env.open.STORAGE "local" }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "chartmuseum.fullname" . }}
labels:
app: {{ include "chartmuseum.fullname" . }}
release: {{ .Release.Name | quote }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/chartmuseum/v1.6.0/templates/secret.yaml 0 → 100644
apiVersion: v1
kind: Secret
metadata:
name: {{ include "chartmuseum.fullname" . }}
labels:
{{ include "chartmuseum.labels.standard" . | indent 4 }}
type: Opaque
data:
{{- range $name, $value := .Values.env.secret }}
{{- if not (empty $value) }}
{{- if eq $name "GOOGLE_CREDENTIALS_JSON" }}
{{ $name }}: {{ $value }}
{{- else }}
{{ $name }}: {{ $value | b64enc }}
{{- end }}
{{- end }}
{{- end }}
charts/chartmuseum/v1.6.0/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
name: {{ include "chartmuseum.fullname" . }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
labels:
{{ include "chartmuseum.labels.standard" . | indent 4 }}
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.externalPort }}
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
nodePort: {{.Values.service.nodePort}}
{{- else }}
targetPort: http
{{- end }}
protocol: TCP
name: http
selector:
app: {{ template "chartmuseum.name" . }}
release: {{ .Release.Name | quote }}
charts/chartmuseum/v1.6.0/templates/serviceaccount.yaml 0 → 100644
{{- if .Values.serviceAccount.create -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "chartmuseum.fullname" . }}
labels:
{{ include "chartmuseum.labels.standard" . | indent 4 }}
{{- end -}}
charts/chartmuseum/v1.6.0/values.yaml 0 → 100644
replicaCount: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
image:
repository: chartmuseum/chartmuseum
tag: v0.7.1
pullPolicy: IfNotPresent
env:
open:
# storage backend, can be one of: local, alibaba, amazon, google, microsoft
STORAGE: local
# oss bucket to store charts for alibaba storage backend
STORAGE_ALIBABA_BUCKET:
# prefix to store charts for alibaba storage backend
STORAGE_ALIBABA_PREFIX:
# oss endpoint to store charts for alibaba storage backend
STORAGE_ALIBABA_ENDPOINT:
# server side encryption algorithm for alibaba storage backend, can be one
# of: AES256 or KMS
STORAGE_ALIBABA_SSE:
# s3 bucket to store charts for amazon storage backend
STORAGE_AMAZON_BUCKET:
# prefix to store charts for amazon storage backend
STORAGE_AMAZON_PREFIX:
# region of s3 bucket to store charts
STORAGE_AMAZON_REGION:
# alternative s3 endpoint
STORAGE_AMAZON_ENDPOINT:
# server side encryption algorithm
STORAGE_AMAZON_SSE:
# gcs bucket to store charts for google storage backend
STORAGE_GOOGLE_BUCKET:
# prefix to store charts for google storage backend
STORAGE_GOOGLE_PREFIX:
# container to store charts for microsoft storage backend
STORAGE_MICROSOFT_CONTAINER:
# prefix to store charts for microsoft storage backend
STORAGE_MICROSOFT_PREFIX:
# container to store charts for openstack storage backend
STORAGE_OPENSTACK_CONTAINER:
# prefix to store charts for openstack storage backend
STORAGE_OPENSTACK_PREFIX:
# region of openstack container
STORAGE_OPENSTACK_REGION:
# path to a CA cert bundle for your openstack endpoint
STORAGE_OPENSTACK_CACERT:
# form field which will be queried for the chart file content
CHART_POST_FORM_FIELD_NAME: chart
# form field which will be queried for the provenance file content
PROV_POST_FORM_FIELD_NAME: prov
# levels of nested repos for multitenancy. The default depth is 0 (singletenant server)
DEPTH: 0
# show debug messages
DEBUG: false
# output structured logs as json
LOG_JSON: true
# disable use of index-cache.yaml
DISABLE_STATEFILES: false
# disable Prometheus metrics
DISABLE_METRICS: true
# disable all routes prefixed with /api
DISABLE_API: false
# allow chart versions to be re-uploaded
ALLOW_OVERWRITE: false
# absolute url for .tgzs in index.yaml
CHART_URL:
# allow anonymous GET operations when auth is used
AUTH_ANONYMOUS_GET: false
# sets the base context path
CONTEXT_PATH:
# parallel scan limit for the repo indexer
INDEX_LIMIT: 0
# cache store, can be one of: redis (leave blank for inmemory cache)
CACHE:
# address of Redis service (host:port)
CACHE_REDIS_ADDR:
# Redis database to be selected after connect
CACHE_REDIS_DB: 0
secret:
# username for basic http authentication
BASIC_AUTH_USER:
# password for basic http authentication
BASIC_AUTH_PASS:
# GCP service account json file
GOOGLE_CREDENTIALS_JSON:
# Redis requirepass server configuration
CACHE_REDIS_PASSWORD:
deployment:
## Chartmuseum Deployment annotations
annotations: {}
# name: value
replica:
## Chartmuseum Replicas annotations
annotations: {}
## Read more about kube2iam to provide access to s3 https://github.com/jtblin/kube2iam
# iam.amazonaws.com/role: role-arn
service:
type: ClusterIP
externalPort: 8080
nodePort:
annotations: {}
# resources: {}
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 80m
memory: 64Mi
probes:
liveness:
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readiness:
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
serviceAccount:
create: false
# name:
securityContext: {}
nodeSelector: {}
tolerations: []
affinity: {}
persistence:
enabled: false
accessMode: ReadWriteOnce
size: 8Gi
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
# existingClaim:
## Chartmuseum data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## Ingress for load balancer
ingress:
enabled: false
## Chartmuseum Ingress labels
##
# labels:
# dns: "route53"
## Chartmuseum Ingress annotations
##
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
## Chartmuseum Ingress hostnames
## Must be provided if Ingress is enabled
##
# hosts:
# chartmuseum.domain.com:
# - /charts
# - /index.yaml
## Chartmuseum Ingress TLS configuration
## Secrets must be manually created in the namespace
##
# tls:
# - secretName: chartmuseum-server-tls
# hosts:
# - chartmuseum.domain.com
# Adding secrets to tiller is not a great option, so If you want to use an existing
# secret that contains the json file, you can use the following entries
gcp:
secret:
enabled: false
# Name of the secret that contains the encoded json
name:
# Secret key that holds the json value.
key: credentials.json
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment