Skip to content

C
charts
Commit 06adcdad by Guangbo Chen Committed by Denise Schannon
Options

Bump chartmuseum to v2.3.1

parent 45edf905
Showing with 535 additions and 234 deletions
charts/chartmuseum/v2.3.1/Chart.yaml
apiVersion: v1 apiVersion: v1
description: Helm Chart Repository with support for Amazon S3 and Google Cloud Storage description: Host your own Helm Chart Repository
name: chartmuseum name: chartmuseum
version: 1.6.2 version: 2.3.1
appVersion: 0.7.1 appVersion: 0.9.0
home: https://github.com/chartmuseum/chartmuseum home: https://github.com/helm/chartmuseum
icon: file://../logo.png icon: file://../logo.png
keywords: keywords:
- chartmuseum - chartmuseum
......
charts/chartmuseum/v2.3.1/README.md
# ChartMuseum Helm Chart # ChartMuseum Helm Chart
Deploy your own private ChartMuseum. Deploy your own private ChartMuseum.
Please also see https://github.com/kubernetes-helm/chartmuseum Please also see https://github.com/kubernetes-helm/chartmuseum
...@@ -18,10 +18,22 @@ Please also see https://github.com/kubernetes-helm/chartmuseum ...@@ -18,10 +18,22 @@ Please also see https://github.com/kubernetes-helm/chartmuseum
- [permissions grant with IAM instance profile](#permissions-grant-with-iam-instance-profile) - [permissions grant with IAM instance profile](#permissions-grant-with-iam-instance-profile)
- [permissions grant with IAM assumed role](#permissions-grant-with-iam-assumed-role) - [permissions grant with IAM assumed role](#permissions-grant-with-iam-assumed-role)
- [Using with Google Cloud Storage](#using-with-google-cloud-storage) - [Using with Google Cloud Storage](#using-with-google-cloud-storage)
- [Using with Google Cloud Storage and a Google Service Account](#using-with-google-cloud-storage-and-a-google-service-account)
- [Using with Microsoft Azure Blob Storage](#using-with-microsoft-azure-blob-storage) - [Using with Microsoft Azure Blob Storage](#using-with-microsoft-azure-blob-storage)
- [Using with Alibaba Cloud OSS Storage](#using-with-alibaba-cloud-oss-storage) - [Using with Alibaba Cloud OSS Storage](#using-with-alibaba-cloud-oss-storage)
- [Using with Openstack Object Storage](#using-with-openstack-object-storage)
- [Using with Oracle Object Storage](#using-with-oracle-object-storage)
- [Using an existing secret](#using-an-existing-secret)
- [Using with local filesystem storage](#using-with-local-filesystem-storage) - [Using with local filesystem storage](#using-with-local-filesystem-storage)
- [Example storage class](#example-storage-class) - [Example storage class](#example-storage-class)
- [Authentication](#authentication)
- [Basic Authentication](#basic-authentication)
- [Bearer/Token auth](#bearertoken-auth)
- [Ingress](#ingress)
- [Hosts](#hosts)
- [Annotations](#annotations)
- [Extra Paths](#extra-paths)
- [Example Ingress configuration](#example-ingress-configuration)
- [Uninstall](#uninstall) - [Uninstall](#uninstall)
<!-- END doctoc generated TOC please keep comment here to allow auto update --> <!-- END doctoc generated TOC please keep comment here to allow auto update -->
...@@ -39,8 +51,14 @@ By default this chart will not have persistent storage, and the API service ...@@ -39,8 +51,14 @@ By default this chart will not have persistent storage, and the API service
will be *DISABLED*. This protects against unauthorized access to the API will be *DISABLED*. This protects against unauthorized access to the API
with default configuration values. with default configuration values.
For a more robust solution supply helm install with a custom values.yaml In addition, by default, pod `securityContext.fsGroup` is set to `1000`. This
You are also required to create the StorageClass resource ahead of time: is the user/group that the ChartMuseum container runs as, and is used to
enable local persitant storage. If your cluster has DenySecurityContext enabled,
you can set `securityContext` to `{}` and still use this chart with one of
the cloud storage options.
For a more robust solution supply helm install with a custom values.yaml
You are also required to create the StorageClass resource ahead of time:
``` ```
kubectl create -f /path/to/storage_class.yaml kubectl create -f /path/to/storage_class.yaml
``` ```
...@@ -48,68 +66,109 @@ kubectl create -f /path/to/storage_class.yaml ...@@ -48,68 +66,109 @@ kubectl create -f /path/to/storage_class.yaml
The following table lists common configurable parameters of the chart and The following table lists common configurable parameters of the chart and
their default values. See values.yaml for all available options. their default values. See values.yaml for all available options.
| Parameter | Description | Default | | Parameter | Description | Default |
|----------------------------------------|---------------------------------------------|-----------------------------------------------------| |-----------------------------------------|--------------------------------------------------------------------|--------------------------------------|
| `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.repository` | Container image to use | `chartmuseum/chartmuseum` | | `image.repository` | Container image to use | `chartmuseum/chartmuseum` |
| `image.tag` | Container image tag to deploy | `v0.7.1` | | `image.tag` | Container image tag to deploy | `v0.8.0` |
| `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` | | `persistence.accessMode` | Access mode to use for PVC | `ReadWriteOnce` |
| `persistence.enabled` | Whether to use a PVC for persistent storage | `false` | | `persistence.enabled` | Whether to use a PVC for persistent storage | `false` |
| `persistence.size` | Amount of space to claim for PVC | `8Gi` | | `persistence.size` | Amount of space to claim for PVC | `8Gi` |
| `persistence.storageClass` | Storage Class to use for PVC | `-` | | `persistence.labels` | Additional labels for PVC | `{}` |
| `replicaCount` | k8s replicas | `1` | | `persistence.storageClass` | Storage Class to use for PVC | `-` |
| `resources.limits.cpu` | Container maximum CPU | `100m` | | `persistence.volumeName` | Volume to use for PVC | `` |
| `resources.limits.memory` | Container maximum memory | `128Mi` | | `persistence.pv.enabled` | Whether to use a PV for persistent storage | `false` |
| `resources.requests.cpu` | Container requested CPU | `80m` | | `persistence.pv.capacity.storage` | Storage size to use for PV | `8Gi` |
| `resources.requests.memory` | Container requested memory | `64Mi` | | `persistence.pv.accessMode` | Access mode to use for PV | `ReadWriteOnce` |
| `serviceAccount.create` | If true, create the service account | `false` | | `persistence.pv.nfs.server` | NFS server for PV | `` |
| `serviceAccount.name` | Name of the serviceAccount to create or use | `{{ chartmuseum.fullname }}` | | `persistence.pv.nfs.path` | Storage Path | `` |
| `securityContext` | Map of securityContext for the pod | `{}` | | `persistence.pv.pvname` | Custom name for private volume | `` |
| `nodeSelector` | Map of node labels for pod assignment | `{}` | | `replicaCount` | k8s replicas | `1` |
| `tolerations` | List of node taints to tolerate | `[]` | | `resources.limits.cpu` | Container maximum CPU | `100m` |
| `affinity` | Map of node/pod affinities | `{}` | | `resources.limits.memory` | Container maximum memory | `128Mi` |
| `env.open.STORAGE` | Storage Backend to use | `local` | | `resources.requests.cpu` | Container requested CPU | `80m` |
| `env.open.ALIBABA_BUCKET` | Bucket to store charts in for Alibaba | `` | | `resources.requests.memory` | Container requested memory | `64Mi` |
| `env.open.ALIBABA_PREFIX` | Prefix to store charts under for Alibaba | `` | | `serviceAccount.create` | If true, create the service account | `false` |
| `env.open.ALIBABA_ENDPOINT` | Alternative Alibaba endpoint | `` | | `serviceAccount.name` | Name of the serviceAccount to create or use | `{{ chartmuseum.fullname }}` |
| `env.open.ALIBABA_SSE` | Server side encryption algorithm to use | `` | | `securityContext` | Map of securityContext for the pod | `{ fsGroup: 1000 }` |
| `env.open.AMAZON_BUCKET` | Bucket to store charts in for AWS | `` | | `nodeSelector` | Map of node labels for pod assignment | `{}` |
| `env.open.AMAZON_ENDPOINT` | Alternative AWS endpoint | `` | | `tolerations` | List of node taints to tolerate | `[]` |
| `env.open.AMAZON_PREFIX` | Prefix to store charts under for AWS | `` | | `affinity` | Map of node/pod affinities | `{}` |
| `env.open.AMAZON_REGION` | Region to use for bucket access for AWS | `` | | `env.open.STORAGE` | Storage Backend to use | `local` |
| `env.open.AMAZON_SSE` | Server side encryption algorithm to use | `` | | `env.open.STORAGE_ALIBABA_BUCKET` | Bucket to store charts in for Alibaba | `` |
| `env.open.GOOGLE_BUCKET` | Bucket to store charts in for GCP | `` | | `env.open.STORAGE_ALIBABA_PREFIX` | Prefix to store charts under for Alibaba | `` |
| `env.open.GOOGLE_PREFIX` | Prefix to store charts under for GCP | `` | | `env.open.STORAGE_ALIBABA_ENDPOINT` | Alternative Alibaba endpoint | `` |
| `env.open.STORAGE_MICROSOFT_CONTAINER` | Container to store charts under for MS | `` | | `env.open.STORAGE_ALIBABA_SSE` | Server side encryption algorithm to use | `` |
| `env.open.STORAGE_MICROSOFT_PREFIX` | Prefix to store charts under for MS | `` | | `env.open.STORAGE_AMAZON_BUCKET` | Bucket to store charts in for AWS | `` |
| `env.open.STORAGE_OPENSTACK_CONTAINER` | Container to store charts for openstack | `` | | `env.open.STORAGE_AMAZON_ENDPOINT` | Alternative AWS endpoint | `` |
| `env.open.STORAGE_OPENSTACK_PREFIX` | Prefix to store charts for openstack | `` | | `env.open.STORAGE_AMAZON_PREFIX` | Prefix to store charts under for AWS | `` |
| `env.open.STORAGE_OPENSTACK_REGION` | Region of openstack container | `` | | `env.open.STORAGE_AMAZON_REGION` | Region to use for bucket access for AWS | `` |
| `env.open.STORAGE_OPENSTACK_CACERT` | Path to a CA cert bundle for openstack | `` | | `env.open.STORAGE_AMAZON_SSE` | Server side encryption algorithm to use | `` |
| `env.open.CHART_POST_FORM_FIELD_NAME` | Form field to query for chart file content | `` | | `env.open.STORAGE_GOOGLE_BUCKET` | Bucket to store charts in for GCP | `` |
| `env.open.PROV_POST_FORM_FIELD_NAME` | Form field to query for chart provenance | `` | | `env.open.STORAGE_GOOGLE_PREFIX` | Prefix to store charts under for GCP | `` |
| `env.open.DEPTH` | levels of nested repos for multitenancy. | `0` | | `env.open.STORAGE_MICROSOFT_CONTAINER` | Container to store charts under for MS | `` |
| `env.open.DEBUG` | Show debug messages | `false` | | `env.open.STORAGE_MICROSOFT_PREFIX` | Prefix to store charts under for MS | `` |
| `env.open.LOG_JSON` | Output structured logs in JSON | `true` | | `env.open.STORAGE_OPENSTACK_CONTAINER` | Container to store charts for openstack | `` |
| `env.open.DISABLE_STATEFILES` | Disable use of index-cache.yaml | `false` | | `env.open.STORAGE_OPENSTACK_PREFIX` | Prefix to store charts for openstack | `` |
| `env.open.DISABLE_METRICS` | Disable Prometheus metrics | `true` | | `env.open.STORAGE_OPENSTACK_REGION` | Region of openstack container | `` |
| `env.open.DISABLE_API` | Disable all routes prefixed with /api | `true` | | `env.open.STORAGE_OPENSTACK_CACERT` | Path to a CA cert bundle for openstack | `` |
| `env.open.ALLOW_OVERWRITE` | Allow chart versions to be re-uploaded | `false` | | `env.open.STORAGE_ORACLE_COMPARTMENTID` | Compartment ID for Oracle Object Store | `` |
| `env.open.CHART_URL` | Absolute url for .tgzs in index.yaml | `` | | `env.open.STORAGE_ORACLE_BUCKET` | Bucket to store charts in Oracle Object Store | `` |
| `env.open.AUTH_ANONYMOUS_GET` | Allow anon GET operations when auth is used | `false` | | `env.open.STORAGE_ORACLE_PREFIX` | Prefix to store charts for Oracle object Store | `` |
| `env.open.CONTEXT_PATH` | Set the base context path | `` | | `env.open.CHART_POST_FORM_FIELD_NAME` | Form field to query for chart file content | `` |
| `env.open.INDEX_LIMIT` | Parallel scan limit for the repo indexer | `` | | `env.open.PROV_POST_FORM_FIELD_NAME` | Form field to query for chart provenance | `` |
| `env.open.CACHE` | Cache store, can be one of: redis | `` | | `env.open.DEPTH` | levels of nested repos for multitenancy. | `0` |
| `env.open.CACHE_REDIS_ADDR` | Address of Redis service (host:port) | `` | | `env.open.DEBUG` | Show debug messages | `false` |
| `env.open.CACHE_REDIS_DB` | Redis database to be selected after connect | `0` | | `env.open.LOG_JSON` | Output structured logs in JSON | `true` |
| `env.secret.BASIC_AUTH_USER` | Username for basic HTTP authentication | `` | | `env.open.DISABLE_STATEFILES` | Disable use of index-cache.yaml | `false` |
| `env.secret.BASIC_AUTH_PASS` | Password for basic HTTP authentication | `` | | `env.open.DISABLE_METRICS` | Disable Prometheus metrics | `true` |
| `env.secret.CACHE_REDIS_PASSWORD` | Redis requirepass server configuration | `` | | `env.open.DISABLE_API` | Disable all routes prefixed with /api | `true` |
| `gcp.secret.enabled` | Flag for the GCP service account | `false` | | `env.open.ALLOW_OVERWRITE` | Allow chart versions to be re-uploaded | `false` |
| `gcp.secret.name` | Secret name for the GCP json file | `` | | `env.open.CHART_URL` | Absolute url for .tgzs in index.yaml | `` |
| `gcp.secret.key` | Secret key for te GCP json file | `credentials.json` | | `env.open.AUTH_ANONYMOUS_GET` | Allow anon GET operations when auth is used | `false` |
| `service.type` | Kubernetes Service type | `ClusterIP` | | `env.open.CONTEXT_PATH` | Set the base context path | `` |
| `service.clusterIP` | Static clusterIP or None for headless services| `nil` | | `env.open.INDEX_LIMIT` | Parallel scan limit for the repo indexer | `` |
| `env.open.CACHE` | Cache store, can be one of: redis | `` |
| `env.open.CACHE_REDIS_ADDR` | Address of Redis service (host:port) | `` |
| `env.open.CACHE_REDIS_DB` | Redis database to be selected after connect | `0` |
| `env.open.BEARER_AUTH` | Enable bearer auth | `false` |
| `env.open.AUTH_REALM` | Realm used for bearer authentication | `` |
| `env.open.AUTH_SERVICE` | Service used for bearer authentication | `` |
| `env.field` | Expose pod information to containers through environment variables | `` |
| `env.existingSecret` | Name of the existing secret use values | `` |
| `env.existingSecret.BASIC_AUTH_USER` | Key name in the secret for the Username | `` |
| `env.existingSecret.BASIC_AUTH_PASS` | Key name in the secret for the Password | `` |
| `env.secret.BASIC_AUTH_USER` | Username for basic HTTP authentication | `` |
| `env.secret.BASIC_AUTH_PASS` | Password for basic HTTP authentication | `` |
| `env.secret.CACHE_REDIS_PASSWORD` | Redis requirepass server configuration | `` |
| `gcp.secret.enabled` | Flag for the GCP service account | `false` |
| `gcp.secret.name` | Secret name for the GCP json file | `` |
| `gcp.secret.key` | Secret key for te GCP json file | `credentials.json` |
| `oracle.secret.enabled` | Flag for Oracle OCI account | `false` |
| `oracle.secret.name` | Secret name for OCI config and key | `` |
| `oracle.secret.config` | Secret key that holds the OCI config | `config` |
| `oracle.secret.key_file` | Secret key that holds the OCI private key | `key_file` |
| `bearerAuth.secret.enabled` | Flag for bearer auth public key secret | `` |
| `bearerAuth.secret.publicKey` | The name of the secret with the public key | `` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.clusterIP` | Static clusterIP or None for headless services | `nil` |
| `service.externalTrafficPolicy` | Source IP preservation (only for Service type NodePort) | `Local` |
| `service.servicename` | Custom name for service | `` |
| `service.labels` | Additional labels for service | `{}` |
| `deployment.labels` | Additional labels for deployment | `{}` |
| `deployment.matchlabes` | Match labels for deployment selector | `{}` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.annotations` | Ingress annotations | `[]` |
| `ingress.labels` | Ingress labels | `[]` |
| `ingress.hosts[0].name` | Hostname for the ingress | `` |
| `ingress.hosts[0].path` | Path within the url structure | `` |
| `ingress.hosts[0].tls ` | Enable TLS on the ingress host | `false` |
| `ingress.hosts[0].tlsSecret` | TLS secret to use (must be manually created) | `` |
| `ingress.hosts[0].serviceName` | The name of the service to route traffic to. | `{{ .Values.service.externalPort }}` |
| `ingress.hosts[0].servicePort` | The port of the service to route traffic to. | `{{ .chartmuseum. }}` |
| `ingress.extraPaths[0].path` | Path within the url structure. | `` |
| `ingress.extraPaths[0].service` | The name of the service to route traffic to. | `` |
| `ingress.extraPaths[0].port` | The port of the service to route traffic to. | `` |
Specify each parameter using the `--set key=value[,key=value]` argument to Specify each parameter using the `--set key=value[,key=value]` argument to
`helm install`. `helm install`.
...@@ -233,7 +292,7 @@ env: ...@@ -233,7 +292,7 @@ env:
open: open:
STORAGE: google STORAGE: google
STORAGE_GOOGLE_BUCKET: my-gcs-bucket STORAGE_GOOGLE_BUCKET: my-gcs-bucket
STORAGE_GOOGLE_PREFIX: STORAGE_GOOGLE_PREFIX:
``` ```
### Using with Google Cloud Storage and a Google Service Account ### Using with Google Cloud Storage and a Google Service Account
...@@ -294,7 +353,7 @@ Run command to install ...@@ -294,7 +353,7 @@ Run command to install
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
``` ```
To set the values directly in the command line, use the follosing command. Note that we have to base64 encode the json file because we cannot pass a multi-line text as a value. To set the values directly in the command line, use the following command. Note that we have to base64 encode the json file because we cannot pass a multi-line text as a value.
```shell ```shell
export JSONKEY=$(cat my-project-77e35d85a593.json | base64) export JSONKEY=$(cat my-project-77e35d85a593.json | base64)
...@@ -317,7 +376,7 @@ env: ...@@ -317,7 +376,7 @@ env:
STORAGE: microsoft STORAGE: microsoft
STORAGE_MICROSOFT_CONTAINER: mycontainer STORAGE_MICROSOFT_CONTAINER: mycontainer
# prefix to store charts for microsoft storage backend # prefix to store charts for microsoft storage backend
STORAGE_MICROSOFT_PREFIX: STORAGE_MICROSOFT_PREFIX:
secret: secret:
AZURE_STORAGE_ACCOUNT: "********" ## azure storage account AZURE_STORAGE_ACCOUNT: "********" ## azure storage account
AZURE_STORAGE_ACCESS_KEY: "********" ## azure storage account access key AZURE_STORAGE_ACCESS_KEY: "********" ## azure storage account access key
...@@ -389,6 +448,75 @@ Run command to install ...@@ -389,6 +448,75 @@ Run command to install
```shell ```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
``` ```
### Using with Oracle Object Storage
Oracle (OCI) configuration and private key need to be added to a secret and are mounted at /home/chartmuseum/.oci. Your OCI config needs to be under [DEFAULT] and your `key_file` needs to be /home/chartmuseum/.oci/oci.key. See https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm
```shell
kubectl create secret generic chartmuseum-secret --from-file=config=".oci/config" --from-file=key_file=".oci/oci.key"
```
Then you can either use a `VALUES` yaml with your values or set those values in the command line:
```shell
helm install stable/chartmuseum --debug --set env.open.STORAGE=oracle,env.open.STORAGE_ORACLE_COMPARTMENTID=ocid1.compartment.oc1..abc123,env.open.STORAGE_ORACLE_BUCKET=myocibucket,env.open.STORAGE_ORACLE_PREFIX=chartmuseum,oracle.secret.enabled=true,oracle.secret.name=chartmuseum-secret
```
If you prefer to use a yaml file:
```yaml
env:
open:
STORAGE: oracle
STORAGE_ORACLE_COMPARTMENTID: ocid1.compartment.oc1..abc123
STORAGE_ORACLE_BUCKET: myocibucket
STORAGE_ORACLE_PREFIX: chartmuseum
oracle:
secret:
enabled: enabled
name: chartmuseum-secret
config: config
key_file: key_file
```
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
### Using an existing secret
It is possible to pre-create a secret in kubernetes and get this chart to use that
Given you are for example using the above AWS example
You could create a Secret like this
```shell
kubectl create secret generic chartmuseum-secret --from-literal="AWS_ACCESS_KEY_ID=myaccesskey" --from-literal="AWS_SECRET_ACCESS_KEY=mysecretaccesskey" --from-literal="BASIC_AUTH_USER=curator" --from-literal="BASIC_AUTH_PASS=mypassword"
```
Specify `custom.yaml` with such values
```yaml
env:
open:
STORAGE: amazonexistingSecret
STORAGE_AMAZON_BUCKET: my-s3-bucket
STORAGE_AMAZON_PREFIX:
STORAGE_AMAZON_REGION: us-east-1
existingSecret: chartmuseum-secret
```
and `existingSecret` will auto mapping all the data from secrets to the `ENV`.
Run command to install
```shell
helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
```
### Using with local filesystem storage ### Using with local filesystem storage
By default chartmuseum uses local filesystem storage. By default chartmuseum uses local filesystem storage.
...@@ -425,7 +553,7 @@ helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum ...@@ -425,7 +553,7 @@ helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
#### Example storage class #### Example storage class
Example storage-class.yaml provided here for use with a Ceph cluster. Example storage-class.yaml provided here for use with a Ceph cluster.
``` ```
kind: StorageClass kind: StorageClass
...@@ -443,10 +571,106 @@ parameters: ...@@ -443,10 +571,106 @@ parameters:
userSecretName: thesecret userSecretName: thesecret
``` ```
### Authentication
By default this chart does not have any authentication configured and allows anyone to fetch or upload (assuming the API is enabled) charts there are two supported methods of authentication
#### Basic Authentication
This allows all API routes to be protected by HTTP basic auth, this is configured either as plain text in the values that gets stored as a secret in the kubernetes cluster by setting:
```yaml
env:
secret:
BASIC_AUTH_USER: curator
BASIC_AUTH_PASS: mypassword
```
Or by using values from an existing secret in the cluster that can be created using:
'''shell
kubectl create secret generic chartmuseum-secret --from-literal="basic-auth-user=curator" --from-literal="basic-auth-pass=mypassword"
'''
This secret can be used in the values file as follows:
```yaml
env:
existingSecret: chartmuseum-secret
existingSecretMappings:
BASIC_AUTH_USER: basic-auth-user
BASIC_AUTH_PASS: basic-auth-pass
```
#### Bearer/Token auth
When using this ChartMuseum is configured with a public key, and will accept RS256 JWT tokens signed by the associated private key, passed in the Authorization header. You can use the [chartmuseum/auth](https://github.com/chartmuseum/auth) Go library to generate valid JWT tokens. For more information about how this works, please see [chartmuseum/auth-server-example](https://github.com/chartmuseum/auth-server-example)
To use this the public key should be stored in a secret this can be done with
```shell
kubectl create secret generic chartmuseum-public-key --from-file=public-key.pem
```
And Bearer/Token auth can be configured using the following values
```yaml
env:
open:
BEARER_AUTH: true
AUTH_REALM: <realm>
AUTH_SERVICE: <service>
bearerAuth:
secret:
enabled: true
publicKeySecret: chartmuseum-public-key
```
### Ingress
This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress](https://hub.kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://hub.kubeapps.com/charts/stable/traefik) you can utilize the ingress controller to expose Kubeapps.
To enable ingress integration, please set `ingress.enabled` to `true`
#### Hosts
Most likely you will only want to have one hostname that maps to this Chartmuseum installation, however, it is possible to have more than one host. To facilitate this, the `ingress.hosts` object is an array. TLS secrets referenced in the ingress host configuration must be manually created in the namespace.
In most cases, you should not specify values for `ingress.hosts[0].serviceName` and `ingress.hosts[0].servicePort`. However, some ingress controllers support advanced scenarios requiring you to specify these values. For example, [setting up an SSL redirect using the AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/tasks/ssl_redirect/).
#### Extra Paths
Specifying extra paths to prepend to every host configuration is especially useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions).
```shell
helm install --name my-chartmuseum stable/chartmuseum \
--set ingress.enabled=true \
--set ingress.hosts[0].name=chartmuseum.domain.com \
--set ingress.extraPaths[0].service=ssl-redirect \
--set ingress.extraPaths[0].port=use-annotation \
```
#### Annotations
For annotations, please see [this document for nginx](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) and [this document for Traefik](https://docs.traefik.io/configuration/backends/kubernetes/#general-annotations). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. Annotations can be set using `ingress.annotations`.
#### Example Ingress configuration
```shell
helm install --name my-chartmuseum stable/chartmuseum \
--set ingress.enabled=true \
--set ingress.hosts[0].name=chartmuseum.domain.com \
--set ingress.hosts[0].path=/
--set ingress.hosts[0].tls=true
--set ingress.hosts[0].tlsSecret=chartmuseum.tls-secret
```
## Uninstall ## Uninstall
By default, a deliberate uninstall will result in the persistent volume By default, a deliberate uninstall will result in the persistent volume
claim being deleted. claim being deleted.
```shell ```shell
helm delete my-chartmuseum helm delete my-chartmuseum
......
charts/chartmuseum/v2.3.1/questions.yml
labels:
io.cattle.role: project # options are cluster/project
questions: questions:
- variable: defaultImage - variable: defaultImage
default: true default: true
...@@ -8,15 +10,17 @@ questions: ...@@ -8,15 +10,17 @@ questions:
group: "Container Images" group: "Container Images"
subquestions: subquestions:
- variable: image.repository - variable: image.repository
default: "chartmuseum/chartmuseum" default: "ranchercharts/chartmuseum-chartmuseum"
description: "Docker image repository" description: "Docker image repository"
type: string type: string
label: Image Repository label: Image Repository
required: true
- variable: image.tag - variable: image.tag
default: "v0.7.1" default: "v0.9.0"
description: "Docker image tag" description: "Docker image tag"
type: string type: string
label: Image Tag label: Image Tag
required: true
# storage settings # storage settings
- variable: env.open.STORAGE - variable: env.open.STORAGE
required: true required: true
...@@ -27,8 +31,8 @@ questions: ...@@ -27,8 +31,8 @@ questions:
group: "Storage Options" group: "Storage Options"
options: options:
- "local" - "local"
- "amazon"
- "alibaba" - "alibaba"
- "amazon"
- "google" - "google"
- "microsoft" - "microsoft"
- "openstack" - "openstack"
...@@ -63,20 +67,23 @@ questions: ...@@ -63,20 +67,23 @@ questions:
label: OSS Bucket Name label: OSS Bucket Name
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=alibaba" show_if: "env.open.STORAGE=alibaba"
- variable: env.open.STORAGE_ALIBABA_PREFIX required: true
- variable: env.open.STORAGE_ALIBABA_ENDPOINT
default: "" default: ""
type: string type: string
description: "Prefix to store charts for alibaba storage backend" description: "OSS endpoint to store charts for alibaba storage backend"
label: OSS Bucket Prefix label: Alternative OSS Storage Endpoint
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=alibaba" show_if: "env.open.STORAGE=alibaba"
- variable: env.open.STORAGE_ALIBABA_ENDPOINT required: true
- variable: env.open.STORAGE_ALIBABA_PREFIX
default: "" default: ""
type: string type: string
description: "OSS endpoint to store charts for alibaba storage backend" description: "Prefix to store charts for alibaba storage backend"
label: Alternative OSS Storage Endpoint label: OSS Bucket Prefix
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=alibaba" show_if: "env.open.STORAGE=alibaba"
required: true
# Google Storage Options # Google Storage Options
- variable: env.open.STORAGE_GOOGLE_BUCKET - variable: env.open.STORAGE_GOOGLE_BUCKET
default: "" default: ""
...@@ -85,6 +92,7 @@ questions: ...@@ -85,6 +92,7 @@ questions:
label: GCS Bucket Name label: GCS Bucket Name
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=google" show_if: "env.open.STORAGE=google"
required: true
- variable: env.open.STORAGE_GOOGLE_PREFIX - variable: env.open.STORAGE_GOOGLE_PREFIX
default: "" default: ""
type: string type: string
...@@ -92,6 +100,7 @@ questions: ...@@ -92,6 +100,7 @@ questions:
label: GCS Bucket Prefix label: GCS Bucket Prefix
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=google" show_if: "env.open.STORAGE=google"
required: true
# Microsoft Azure Storage Options # Microsoft Azure Storage Options
- variable: env.open.STORAGE_MICROSOFT_CONTAINER - variable: env.open.STORAGE_MICROSOFT_CONTAINER
default: "" default: ""
...@@ -100,6 +109,7 @@ questions: ...@@ -100,6 +109,7 @@ questions:
label: Microsoft Azure Blob Storage Name label: Microsoft Azure Blob Storage Name
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=microsoft" show_if: "env.open.STORAGE=microsoft"
required: true
- variable: env.open.STORAGE_MICROSOFT_PREFIX - variable: env.open.STORAGE_MICROSOFT_PREFIX
default: "" default: ""
type: string type: string
...@@ -107,6 +117,7 @@ questions: ...@@ -107,6 +117,7 @@ questions:
label: Microsoft Azure Blob Storage Prefix label: Microsoft Azure Blob Storage Prefix
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=microsoft" show_if: "env.open.STORAGE=microsoft"
required: true
# OpenStack Storage Options # OpenStack Storage Options
- variable: env.open.STORAGE_OPENSTACK_CONTAINER - variable: env.open.STORAGE_OPENSTACK_CONTAINER
default: "" default: ""
...@@ -115,6 +126,7 @@ questions: ...@@ -115,6 +126,7 @@ questions:
label: Openstack Object Storage Container Name label: Openstack Object Storage Container Name
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=openstack" show_if: "env.open.STORAGE=openstack"
required: true
- variable: env.open.STORAGE_OPENSTACK_PREFIX - variable: env.open.STORAGE_OPENSTACK_PREFIX
default: "" default: ""
type: string type: string
...@@ -122,6 +134,7 @@ questions: ...@@ -122,6 +134,7 @@ questions:
label: Prefix To Openstack Object Storage Container label: Prefix To Openstack Object Storage Container
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=openstack" show_if: "env.open.STORAGE=openstack"
required: true
- variable: env.open.STORAGE_OPENSTACK_REGION - variable: env.open.STORAGE_OPENSTACK_REGION
default: "" default: ""
type: string type: string
...@@ -129,98 +142,14 @@ questions: ...@@ -129,98 +142,14 @@ questions:
label: Region Of Openstack Object Storage Container label: Region Of Openstack Object Storage Container
group: "Storage Options" group: "Storage Options"
show_if: "env.open.STORAGE=openstack" show_if: "env.open.STORAGE=openstack"
required: true
# Storage Secret # Storage Secret
- variable: env.secret.AWS_ACCESS_KEY_ID - variable: env.existingSecret
default: ""
type: string
description: "AWS access key id value"
label: AWS Access Key ID Value
group: "Storage Secret"
show_if: "env.open.STORAGE=amazon"
- variable: env.secret.AWS_SECRET_ACCESS_KEY
default: "" default: ""
type: string type: secret
description: "aws access key secret value " description: "Name of an existing secret to get the secret values from"
label: AWS Access Key Secret Value label: Select the Existing Secret
group: "Storage Secret"
show_if: "env.open.STORAGE=amazon"
- variable: env.secret.ALIBABA_CLOUD_ACCESS_KEY_ID
default: ""
type: string
description: "alibaba OSS access key id"
label: OSS Access Key ID
group: "Storage Secret" group: "Storage Secret"
show_if: "env.open.STORAGE=alibaba"
- variable: env.secret.ALIBABA_CLOUD_ACCESS_KEY_SECRET
default: ""
type: string
description: "alibaba OSS access key secret "
label: OSS Access Key Secret
group: "Storage Secret"
show_if: "env.open.STORAGE=alibaba"
- variable: gcp.secret.enabled
default: false
type: boolean
description: "Flag for the GCP service account"
label: Enable GCP Service Account
group: "Storage Secret"
show_if: "env.open.STORAGE=google"
show_subquestion_if: true
subquestions:
- variable: gcp.secret.name
default: ""
type: string
description: "secret name for the gcp json file"
label: Secret Name For The GCP Json File
- variable: gcp.secret.key
default: "credentials.json"
type: string
description: "Secret key for the GCP json file"
label: Secret Key For The GCP Json File
# Openstack Object Storage secret
- variable: env.secret.OS_AUTH_URL
default: ""
type: string
description: "Openstack object storage auth url"
label: Auth URL Of Openstack Object Storage
group: "Storage Secret"
show_if: "env.open.STORAGE=openstack"
- variable: env.secret.OS_TENANT_ID
default: ""
type: string
description: "Openstack object storage tenant id"
label: Tenant ID Of Openstack Object Storage
group: "Storage Secret"
show_if: "env.open.STORAGE=openstack"
- variable: env.secret.OS_USERNAME
default: ""
type: string
description: "Openstack object storage username"
label: Username Of Openstack Object Storage
group: "Storage Secret"
show_if: "env.open.STORAGE=openstack"
- variable: env.secret.OS_PASSWORD
default: ""
type: string
description: "Openstack object storage password"
label: Password Of Openstack Object Storage
group: "Storage Secret"
show_if: "env.open.STORAGE=openstack"
# Microsoft azure secret
- variable: env.secret.AZURE_STORAGE_ACCOUNT
default: ""
type: string
description: "azure storage account"
label: Azure Storage Account
group: "Storage Secret"
show_if: "env.open.STORAGE=microsoft"
- variable: env.secret.AZURE_STORAGE_ACCESS_KEY
default: ""
type: string
description: "azure storage account access key "
label: Azure Storage Account Access Key
group: "Storage Secret"
show_if: "env.open.STORAGE=microsoft"
# Local Storage Settings # Local Storage Settings
- variable: persistence.enabled - variable: persistence.enabled
default: true default: true
...@@ -252,14 +181,14 @@ questions: ...@@ -252,14 +181,14 @@ questions:
label: Uses Existing Persistent Volume Cliam for LocalStorage label: Uses Existing Persistent Volume Cliam for LocalStorage
# Service and L7 LoadBalancer # Service and L7 LoadBalancer
- variable: ingress.enabled - variable: ingress.enabled
default: true default: false
description: "Expose app using Layer 7 Load Balancer - ingress" description: "Expose app using Layer 7 Load Balancer - ingress"
type: boolean type: boolean
label: Expose app using Layer 7 Load Balancer label: Expose app using Layer 7 Load Balancer
show_subquestion_if: true show_subquestion_if: true
group: "Services and Load Balancing" group: "Services and Load Balancing"
subquestions: subquestions:
- variable: ingress.hosts[0] - variable: ingress.hosts[0].name
default: "xip.io" default: "xip.io"
description: "Hostname to your app installation" description: "Hostname to your app installation"
type: hostname type: hostname
...@@ -276,26 +205,7 @@ questions: ...@@ -276,26 +205,7 @@ questions:
options: options:
- "ClusterIP" - "ClusterIP"
- "NodePort" - "NodePort"
- "LoadBalancer"
# chartmuseum options # chartmuseum options
- variable: env.secret.BASIC_AUTH_USER
default: ""
description: "Username for basic http authentication"
type: string
label: Username For Basic Http Authentication (Optional)
group: "ChartMuseum Settings"
- variable: env.secret.BASIC_AUTH_PASS
default: ""
description: "Password for basic http authentication"
type: string
label: Password For Basic Http Authentication (Optional)
group: "ChartMuseum Settings"
- variable: env.open.CHART_URL
default: ""
description: "Absolute url for .tgzs in index.yaml"
type: string
label: Absolute URL For .tgzs In index.yaml
group: "ChartMuseum Settings"
- variable: env.open.SHOW_ADVANCED - variable: env.open.SHOW_ADVANCED
default: false default: false
description: "Show advanced ChartMuseum settings" description: "Show advanced ChartMuseum settings"
...@@ -304,10 +214,15 @@ questions: ...@@ -304,10 +214,15 @@ questions:
group: "ChartMuseum Settings" group: "ChartMuseum Settings"
show_subquestion_if: true show_subquestion_if: true
subquestions: subquestions:
- variable: env.open.CHART_URL
default: ""
description: "Absolute url for .tgzs in index.yaml"
type: string
label: Absolute URL For .tgzs In index.yaml
- variable: env.open.DEPTH - variable: env.open.DEPTH
default: "0" default: 0
description: "Levels of nested repos for multitenancy." description: "Levels of nested repos for multitenancy."
type: string type: int
label: Levels Of Nested Repos For Multitenancy label: Levels Of Nested Repos For Multitenancy
- variable: env.open.ALLOW_OVERWRITE - variable: env.open.ALLOW_OVERWRITE
default: false default: false
......
charts/chartmuseum/v2.3.1/templates/deployment.yaml
apiVersion: extensions/v1beta1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "chartmuseum.fullname" . }} name: {{ include "chartmuseum.fullname" . }}
...@@ -6,16 +6,21 @@ metadata: ...@@ -6,16 +6,21 @@ metadata:
{{ toYaml .Values.deployment.annotations | indent 4 }} {{ toYaml .Values.deployment.annotations | indent 4 }}
labels: labels:
{{ include "chartmuseum.labels.standard" . | indent 4 }} {{ include "chartmuseum.labels.standard" . | indent 4 }}
{{- if .Values.deployment.labels }}
{{ toYaml .Values.deployment.labels | indent 4 }}
{{- end }}
spec: spec:
replicas: {{ .Values.replicaCount }} replicas: {{ .Values.replicaCount }}
strategy: strategy:
{{ toYaml .Values.strategy | indent 4 }} {{ toYaml .Values.strategy | indent 4 }}
revisionHistoryLimit: 10 revisionHistoryLimit: 10
selector:
matchLabels:
app: {{ template "chartmuseum.name" . }}
release: {{ .Release.Name | quote }}
template: template:
metadata: metadata:
name: {{ include "chartmuseum.fullname" . }} name: {{ include "chartmuseum.fullname" . }}
annotations:
{{ toYaml .Values.replica.annotations | indent 8 }}
labels: labels:
app: {{ template "chartmuseum.name" . }} app: {{ template "chartmuseum.name" . }}
release: {{ .Release.Name | quote }} release: {{ .Release.Name | quote }}
...@@ -24,6 +29,11 @@ spec: ...@@ -24,6 +29,11 @@ spec:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
image: {{ .Values.image.repository }}:{{ .Values.image.tag }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.env.existingSecret }}
envFrom:
- secretRef:
name: {{ .Values.env.existingSecret }}
{{- end }}
env: env:
{{- range $name, $value := .Values.env.open }} {{- range $name, $value := .Values.env.open }}
{{- if not (empty $value) }} {{- if not (empty $value) }}
...@@ -31,10 +41,30 @@ spec: ...@@ -31,10 +41,30 @@ spec:
value: {{ $value | quote }} value: {{ $value | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- range $name, $value := .Values.env.field }}
{{- if not ( empty $value) }}
- name: {{ $name | quote }}
valueFrom:
fieldRef:
fieldPath: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.gcp.secret.enabled }} {{- if .Values.gcp.secret.enabled }}
- name: GOOGLE_APPLICATION_CREDENTIALS - name: GOOGLE_APPLICATION_CREDENTIALS
value: "/etc/secrets/google/credentials.json" value: "/etc/secrets/google/credentials.json"
{{- end }} {{- end }}
{{- if .Values.env.existingSecret }}
{{- $secret_name := .Values.env.existingSecret }}
{{- range $name, $key := .Values.env.existingSecretMappings }}
{{- if not ( empty $key) }}
- name: {{ $name | quote }}
valueFrom:
secretKeyRef:
name: {{ $secret_name | quote }}
key: {{ $key | quote }}
{{- end }}
{{- end }}
{{- else }}
{{- $secret_name := include "chartmuseum.fullname" . }} {{- $secret_name := include "chartmuseum.fullname" . }}
{{- range $name, $value := .Values.env.secret }} {{- range $name, $value := .Values.env.secret }}
{{- if not ( empty $value) }} {{- if not ( empty $value) }}
...@@ -45,6 +75,11 @@ spec: ...@@ -45,6 +75,11 @@ spec:
key: {{ $name | quote }} key: {{ $name | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
{{- if .Values.bearerAuth.secret.enabled }}
- name: AUTH_CERT_PATH
value: /var/keys/public-key.pem
{{ end }}
args: args:
- --port=8080 - --port=8080
{{- if eq .Values.env.open.STORAGE "local" }} {{- if eq .Values.env.open.STORAGE "local" }}
...@@ -63,16 +98,24 @@ spec: ...@@ -63,16 +98,24 @@ spec:
path: {{ .Values.env.open.CONTEXT_PATH }}/health path: {{ .Values.env.open.CONTEXT_PATH }}/health
port: http port: http
{{ toYaml .Values.probes.readiness | indent 10 }} {{ toYaml .Values.probes.readiness | indent 10 }}
{{- if eq .Values.env.open.STORAGE "local" }}
volumeMounts: volumeMounts:
{{- if eq .Values.env.open.STORAGE "local" }}
- mountPath: /storage - mountPath: /storage
name: storage-volume name: storage-volume
{{- end }} {{- end }}
{{- if .Values.gcp.secret.enabled }} {{- if .Values.gcp.secret.enabled }}
volumeMounts:
- mountPath: /etc/secrets/google - mountPath: /etc/secrets/google
name: {{ include "chartmuseum.fullname" . }}-gcp name: {{ include "chartmuseum.fullname" . }}-gcp
{{- end }} {{- end }}
{{- if .Values.oracle.secret.enabled }}
- mountPath: /home/chartmuseum/.oci
name: {{ include "chartmuseum.fullname" . }}-oracle
{{- end }}
{{- if .Values.bearerAuth.secret.enabled }}
- name: public-key
mountPath: /var/keys
readOnly: true
{{- end }}
{{- with .Values.resources }} {{- with .Values.resources }}
resources: resources:
{{ toYaml . | indent 10 }} {{ toYaml . | indent 10 }}
...@@ -121,3 +164,18 @@ spec: ...@@ -121,3 +164,18 @@ spec:
path: credentials.json path: credentials.json
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ if .Values.oracle.secret.enabled }}
- name: {{ include "chartmuseum.fullname" . }}-oracle
secret:
secretName: {{ .Values.oracle.secret.name }}
items:
- key: {{ .Values.oracle.secret.config }}
path: config
- key: {{ .Values.oracle.secret.key_file }}
path: oci.key
{{ end }}
{{- if .Values.bearerAuth.secret.enabled }}
- name: public-key
secret:
secretName: {{ .Values.bearerAuth.secret.publicKeySecret }}
{{- end }}
charts/chartmuseum/v2.3.1/templates/ingress.yaml
{{- if .Values.ingress.enabled }}
{{- $servicePort := .Values.service.externalPort -}} {{- $servicePort := .Values.service.externalPort -}}
{{- $serviceName := include "chartmuseum.fullname" . -}} {{- $serviceName := include "chartmuseum.fullname" . -}}
{{- if .Values.ingress.enabled }} {{- $ingressExtraPaths := .Values.ingress.extraPaths -}}
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
...@@ -15,17 +16,27 @@ metadata: ...@@ -15,17 +16,27 @@ metadata:
{{ include "chartmuseum.labels.standard" . | indent 4 }} {{ include "chartmuseum.labels.standard" . | indent 4 }}
spec: spec:
rules: rules:
{{- range $host := .Values.ingress.hosts }} {{- range .Values.ingress.hosts }}
- host: {{ $host }} - host: {{ .name }}
http: http:
paths: paths:
- path: {{- range $ingressExtraPaths }}
- path: {{ default "/" .path | quote }}
backend:
serviceName: {{ default $serviceName .service }}
servicePort: {{ default $servicePort .port }}
{{- end }}
- path: {{ default "/" .path | quote }}
backend: backend:
serviceName: {{ $serviceName }} serviceName: {{ default $serviceName .serviceName }}
servicePort: {{ $servicePort }} servicePort: {{ default $servicePort .servicePort }}
{{- end -}} {{- end }}
{{- if .Values.ingress.tls }}
tls: tls:
{{ toYaml .Values.ingress.tls | indent 4 }} {{- range .Values.ingress.hosts }}
{{- end -}} {{- if .tls }}
- hosts:
- {{ .name }}
secretName: {{ .tlsSecret }}
{{- end }}
{{- end }}
{{- end -}} {{- end -}}
charts/chartmuseum/v2.3.1/templates/pv.yaml 0 → 100644
{{- if .Values.persistence.pv.enabled -}}
apiVersion: v1
kind: PersistentVolume
metadata:
{{- if .Values.persistence.pv.pvname }}
name: {{ .Values.persistence.pv.pvname }}
{{- else }}
name: {{ include "chartmuseum.fullname" . }}
{{- end }}
labels:
app: {{ include "chartmuseum.fullname" . }}
release: {{ .Release.Name | quote }}
spec:
capacity:
storage: {{ .Values.persistence.pv.capacity.storage }}
accessModes:
- {{ .Values.persistence.pv.accessMode | quote }}
nfs:
server: {{ .Values.persistence.pv.nfs.server }}
path: {{ .Values.persistence.pv.nfs.path | quote }}
{{- end }}
\ No newline at end of file
charts/chartmuseum/v2.3.1/templates/pvc.yaml
...@@ -6,6 +6,9 @@ metadata: ...@@ -6,6 +6,9 @@ metadata:
labels: labels:
app: {{ include "chartmuseum.fullname" . }} app: {{ include "chartmuseum.fullname" . }}
release: {{ .Release.Name | quote }} release: {{ .Release.Name | quote }}
{{- if .Values.persistence.labels }}
{{ toYaml .Values.persistence.labels | indent 4 }}
{{- end }}
spec: spec:
accessModes: accessModes:
- {{ .Values.persistence.accessMode | quote }} - {{ .Values.persistence.accessMode | quote }}
...@@ -18,5 +21,7 @@ spec: ...@@ -18,5 +21,7 @@ spec:
{{- else }} {{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}" storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }} {{- end }}
{{- else if and .Values.persistence.volumeName (.Values.persistence.pv.enabled) }}
volumeName: "{{ .Values.persistence.volumeName }}"
{{- end }} {{- end }}
{{- end }} {{- end }}
charts/chartmuseum/v2.3.1/templates/secret.yaml
{{- if not .Values.env.existingSecret -}}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
...@@ -15,3 +16,4 @@ data: ...@@ -15,3 +16,4 @@ data:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}
charts/chartmuseum/v2.3.1/templates/service.yaml
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
{{- if .Values.service.servicename }}
name: {{ .Values.service.servicename }}
{{- else }}
name: {{ include "chartmuseum.fullname" . }} name: {{ include "chartmuseum.fullname" . }}
annotations: {{- end }}
{{ toYaml .Values.service.annotations | indent 4 }}
labels: labels:
{{ include "chartmuseum.labels.standard" . | indent 4 }} {{ include "chartmuseum.labels.standard" . | indent 4 }}
{{- if .Values.service.labels }}
{{ toYaml .Values.service.labels | indent 4 }}
{{- end }}
{{- if .Values.service.annotations }} {{- if .Values.service.annotations }}
annotations: annotations:
{{ toYaml .Values.service.annotations | indent 4 }} {{ toYaml .Values.service.annotations | indent 4 }}
{{- end }} {{- end }}
spec: spec:
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
{{- if eq .Values.service.type "ClusterIP" }} {{- if eq .Values.service.type "ClusterIP" }}
{{- if .Values.service.clusterIP }} {{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }} clusterIP: {{ .Values.service.clusterIP }}
......
charts/chartmuseum/v2.3.1/values.yaml
...@@ -4,12 +4,13 @@ strategy: ...@@ -4,12 +4,13 @@ strategy:
rollingUpdate: rollingUpdate:
maxUnavailable: 0 maxUnavailable: 0
image: image:
repository: chartmuseum/chartmuseum # repository: chartmuseum/chartmuseum
tag: v0.7.1 repository: ranchercharts/chartmuseum-chartmuseum
tag: v0.9.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
open: open:
# storage backend, can be one of: local, alibaba, amazon, google, microsoft # storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle
STORAGE: local STORAGE: local
# oss bucket to store charts for alibaba storage backend # oss bucket to store charts for alibaba storage backend
STORAGE_ALIBABA_BUCKET: STORAGE_ALIBABA_BUCKET:
...@@ -46,6 +47,12 @@ env: ...@@ -46,6 +47,12 @@ env:
STORAGE_OPENSTACK_REGION: STORAGE_OPENSTACK_REGION:
# path to a CA cert bundle for your openstack endpoint # path to a CA cert bundle for your openstack endpoint
STORAGE_OPENSTACK_CACERT: STORAGE_OPENSTACK_CACERT:
# compartment id for for oracle storage backend
STORAGE_ORACLE_COMPARTMENTID:
# oci bucket to store charts for oracle storage backend
STORAGE_ORACLE_BUCKET:
# prefix to store charts for oracle storage backend
STORAGE_ORACLE_PREFIX:
# form field which will be queried for the chart file content # form field which will be queried for the chart file content
CHART_POST_FORM_FIELD_NAME: chart CHART_POST_FORM_FIELD_NAME: chart
# form field which will be queried for the provenance file content # form field which will be queried for the provenance file content
...@@ -78,6 +85,14 @@ env: ...@@ -78,6 +85,14 @@ env:
CACHE_REDIS_ADDR: CACHE_REDIS_ADDR:
# Redis database to be selected after connect # Redis database to be selected after connect
CACHE_REDIS_DB: 0 CACHE_REDIS_DB: 0
# enable bearer auth
BEARER_AUTH: false
# auth realm used for bearer auth
AUTH_REALM:
# auth service used for bearer auth
AUTH_SERVICE:
field:
# POD_IP: status.podIP
secret: secret:
# username for basic http authentication # username for basic http authentication
BASIC_AUTH_USER: BASIC_AUTH_USER:
...@@ -87,21 +102,31 @@ env: ...@@ -87,21 +102,31 @@ env:
GOOGLE_CREDENTIALS_JSON: GOOGLE_CREDENTIALS_JSON:
# Redis requirepass server configuration # Redis requirepass server configuration
CACHE_REDIS_PASSWORD: CACHE_REDIS_PASSWORD:
# Name of an existing secret to get the secret values from
existingSecret:
# Stores Enviromnt Variable to secret key name mappings
existingSecretMappings:
# username for basic http authentication
BASIC_AUTH_USER:
# password for basic http authentication
BASIC_AUTH_PASS:
# GCP service account json file
GOOGLE_CREDENTIALS_JSON:
# Redis requirepass server configuration
CACHE_REDIS_PASSWORD:
deployment: deployment:
## Chartmuseum Deployment annotations ## Chartmuseum Deployment annotations
annotations: {} annotations: {}
# name: value
replica:
## Chartmuseum Replicas annotations
annotations: {}
## Read more about kube2iam to provide access to s3 https://github.com/jtblin/kube2iam
# iam.amazonaws.com/role: role-arn
service: service:
servicename:
type: ClusterIP type: ClusterIP
externalTrafficPolicy: Local
# clusterIP: None # clusterIP: None
externalPort: 8080 externalPort: 8080
nodePort: nodePort:
annotations: {} annotations: {}
labels: {}
resources: {} resources: {}
# limits: # limits:
...@@ -129,7 +154,12 @@ serviceAccount: ...@@ -129,7 +154,12 @@ serviceAccount:
create: false create: false
# name: # name:
securityContext: {} # UID/GID 1000 is the default user "chartmuseum" used in
# the container image starting in v0.8.0 and above. This
# is required for local persistant storage. If your cluster
# does not allow this, try setting securityContext: {}
securityContext:
fsGroup: 1000
nodeSelector: {} nodeSelector: {}
...@@ -141,6 +171,8 @@ persistence: ...@@ -141,6 +171,8 @@ persistence:
enabled: false enabled: false
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 8Gi size: 8Gi
labels: {}
# name: value
## A manually managed Persistent Volume and Claim ## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true ## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound ## If defined, PVC must be created manually before volume will be bound
...@@ -154,6 +186,16 @@ persistence: ...@@ -154,6 +186,16 @@ persistence:
## GKE, AWS & OpenStack) ## GKE, AWS & OpenStack)
## ##
# storageClass: "-" # storageClass: "-"
# volumeName:
pv:
enabled: false
pvname:
capacity:
storage: 8Gi
accessMode: ReadWriteOnce
nfs:
server:
path:
## Ingress for load balancer ## Ingress for load balancer
ingress: ingress:
...@@ -172,18 +214,19 @@ ingress: ...@@ -172,18 +214,19 @@ ingress:
## Chartmuseum Ingress hostnames ## Chartmuseum Ingress hostnames
## Must be provided if Ingress is enabled ## Must be provided if Ingress is enabled
## ##
# hosts: # hosts:
# chartmuseum.domain.com: # - name: chartmuseum.domain1.com
# - /charts # path: /
# - /index.yaml # tls: false
# - name: chartmuseum.domain2.com
## Chartmuseum Ingress TLS configuration # path: /
## Secrets must be manually created in the namespace #
## # ## Set this to true in order to enable TLS on the ingress record
# tls: # tls: true
# - secretName: chartmuseum-server-tls #
# hosts: # ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
# - chartmuseum.domain.com # ## Secrets must be added manually to the namespace
# tlsSecret: chartmuseum.domain2-tls
# Adding secrets to tiller is not a great option, so If you want to use an existing # Adding secrets to tiller is not a great option, so If you want to use an existing
# secret that contains the json file, you can use the following entries # secret that contains the json file, you can use the following entries
...@@ -194,3 +237,16 @@ gcp: ...@@ -194,3 +237,16 @@ gcp:
name: name:
# Secret key that holds the json value. # Secret key that holds the json value.
key: credentials.json key: credentials.json
oracle:
secret:
enabled: false
# Name of the secret that contains the encoded config and key
name:
# Secret key that holds the oci config
config: config
# Secret key that holds the oci private key
key_file: key_file
bearerAuth:
secret:
enabled: false
publicKeySecret: chartmuseum-public-key
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment