feat: Add timetable helm chart and argo application

.release-please-manifest.json

@@ -5,6 +5,7 @@
   "helm/configserver": "0.1.22",
   "helm/kafka": "0.1.7",
   "helm/template": "0.2.4",
+  "helm/timetable": "0.0.1",
   "helm/wahlrecht": "0.2.0",
   "helm/zookeeper": "0.1.5"
 }

argocd/app-of-apps/test/values.yaml

@@ -69,7 +69,13 @@ applications:
     createNamespace: false
     repoURL: https://git.2martens.de/2martens/cloud-configuration.git
     syncWave: 2
-
+  - name: timetable
+    project: default
+    targetRevision: main
+    namespace: timetable
+    createNamespace: false
+    repoURL: https://git.2martens.de/2martens/cloud-configuration.git
+    syncWave: 5
 
 overall:
   destinationServer: https://kubernetes.default.svc

argocd/thanos/monitoring/templates/thanos-query-deployment.yaml

@@ -48,6 +48,9 @@ spec:
         - --query.replica-label=rule_replica
         - --endpoint=dnssrv+_grpc._tcp.thanos-store.thanos.svc.cluster.local:10901
         - --endpoint=dnssrv+_grpc._tcp.thanos-receive-ingestor-default.thanos.svc.cluster.local:10901
+        {{- range .Values.clusters }}
+        - --endpoint=_grpc._tcp.{{ .thanosEndpoint }}:10901
+        {{- end }}
         - --query.auto-downsampling
         env:
         - name: HOST_IP_ADDRESS

argocd/thanos/monitoring/values.yaml

@@ -0,0 +1,2 @@
+clusters:
+  - thanosEndpoint: 10.0.0.4

argocd/timetable/test/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: template
+  repository: https://repo.2martens.de/charts
+  version: 0.2.4
+digest: sha256:cb94ee0765d3d746702deb9973670fc7118c39e29093443d738541342b4f04e0
+generated: "2024-01-06T15:35:51.393485+01:00"

argocd/timetable/test/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v2
+name: timetable
+version: 0.1.0
+type: application
+dependencies:
+  - name: template
+    version: 0.2.4
+    repository: https://repo.2martens.de/charts

argocd/timetable/test/default_values.yaml

@@ -0,0 +1 @@
+../../../helm/timetable/values.yaml

argocd/timetable/test/overwrite_values.yaml

@@ -0,0 +1,54 @@
+image:
+  tag: "0.1.0"
+revisionHistoryLimit: 3
+ingress:
+  enabled: true
+  className: public
+  hosts:
+    - host: api.2martens.de
+      paths:
+        - path: /v1/formations/
+          pathType: Prefix
+        - path: /v1/routes/
+          pathType: Prefix
+        - path: /v1/timetables/
+          pathType: Prefix
+        - path: /v1/users/
+          pathType: Prefix
+        - path: /doc/v1/timetable/
+          pathType: Prefix
+        - path: /api-docs/v1/timetable/
+          pathType: Prefix
+  tls:
+    - secretName: timetable-tls
+      hosts:
+        - api.2martens.de
+resources:
+  requests:
+    cpu: 200m
+    memory: 512Mi
+  limits:
+    cpu: 1000m
+    memory: 512Mi
+application:
+  configserver:
+    scheme: http
+    host: configserver.spring-support
+    port: 8888
+    prefix: /config
+  kafka:
+    host: kafka.kafka
+    port: 9092
+
+vault:
+  enabled: true
+  applicationName: timetable
+
+readinessProbe:
+  initialDelaySeconds: 70
+
+livenessProbe:
+  initialDelaySeconds: 70
+
+prometheus:
+  useCRDs: true

argocd/timetable/test/templates

@@ -0,0 +1 @@
+../../../helm/timetable/templates

argocd/timetable/test/values.yaml

@@ -0,0 +1,195 @@
+# Copy these values to your application chart completely and then modify those bits where
+# the default for your application differs. The image.repository is a prime candidate for that.
+
+replicaCount: 1
+# revisionHistoryLimit: can be configured to reduce/increase amount of stored replica sets for rollback
+revisionHistoryLimit: 3
+image:
+  repository: 2martens/timetable
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is latest
+  tag: "0.1.0"
+# If image is not accessible for Kubernetes without authentication, configure required secrets here
+# will be added verbatim to imagePullSecrets in deployment pod template
+imagePullSecrets: []
+# Overrides the name being used in, for example, annotations
+# by default it is the chart name
+nameOverride: ""
+# Overrides the name being used for the name of Kubernetes resources
+# by default release name if it contains the chart name, otherwise releaseName-chartName
+fullnameOverride: ""
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+# Configure annotations for the pod, will be added verbatim to key annotations in pod metadata
+podAnnotations: {}
+# Configure the security context of the application pod
+podSecurityContext: {}
+# fsGroup: 2000
+
+# Configure security context of the application container
+securityContext: {}
+#   capabilities:
+#     drop:
+#     - ALL
+#   readOnlyRootFilesystem: true
+#   runAsNonRoot: true
+#   runAsUser: 1000
+
+application:
+  port: 12100
+  actuatorPort: 12101
+  namespace: template # update to match the desired namespace
+  profile: prod
+  isSpring: true
+  keycloak:
+    url: https://id.2martens.de
+    realm: 2martens
+  configserver:
+    scheme: http
+    host: configserver.spring-support
+    port: 8888
+    prefix: /config
+  kafka:
+    host: kafka.kafka
+    port: 9092
+prometheus:
+  enabled: true
+  # only enable if you have the Prometheus operator installed, otherwise it will fail due to missing CRDs
+  useCRDs: true
+  # namespace: the namespace of the Prometheus installation
+  # the value is templated
+  namespace:
+  # name of helm release or argo cd application
+  releaseName:
+# Overwrite with application specific environment variables
+# Each item has key and value, where the value is parsed as a template
+environment:
+  - name: PORT
+    value: "{{ .Values.application.port }}"
+  - name: ACTUATOR_PORT
+    value: "{{ .Values.application.actuatorPort }}"
+  - name: KEYCLOAK_URL
+    value: "{{ .Values.application.keycloak.url }}"
+  - name: KEYCLOAK_REALM
+    value: "{{ .Values.application.keycloak.realm }}"
+  - name: CONFIGSERVER_SCHEME
+    value: "{{ .Values.application.configserver.scheme }}"
+  - name: CONFIGSERVER_HOST
+    value: "{{ .Values.application.configserver.host }}"
+  - name: CONFIGSERVER_PORT
+    value: "{{ .Values.application.configserver.port }}"
+  - name: CONFIGSERVER_PREFIX
+    value: "{{ .Values.application.configserver.prefix }}"
+  - name: KAFKA_HOST
+    value: "{{ .Values.application.kafka.host }}"
+  - name: KAFKA_PORT
+    value: "{{ .Values.application.kafka.port }}"
+enableServiceLinks: false
+# Contents of this object will be added to a Kubernetes secret data section and Base64 encoded
+# External secrets are not supported by this template
+secrets:
+  # Needs to be overwritten. Will be ignored if vault is enabled.
+  MONGODB_CONNECTION_STRING: ""
+  # Needs to be overwritten. Will be ignored if vault is enabled.
+  CLIENT_SECRET: ""
+# Configure the service
+service:
+  type: ClusterIP
+  # port is targeting the containerPort http, described by application.port
+  port: 12100
+  # actuatorPort is targeting the containerPort http-actuator, described by application.actuatorPort
+  # only used if application.isSpring=true
+  actuatorPort: 12101
+# Configure the liveness probe
+# Defaults fitting for Spring Boot application that has livenessProbe enabled
+livenessProbe:
+  enabled: true
+  path: /actuator/health/liveness
+  port: http-actuator
+  initialDelaySeconds: 70
+  periodSeconds: 120
+# Configure the readiness probe
+# Defaults fitting for Spring Boot application that has readinessProbe enabled
+readinessProbe:
+  enabled: true
+  path: /actuator/health/readiness
+  port: http-actuator
+  initialDelaySeconds: 70
+  periodSeconds: 10
+  # Allows you to specify the number of seconds the application can take to answer readinessProbe
+  # before failure is assumed by Kubernetes
+  timeoutSeconds: 1
+# Configure ingress if desired (exposing app beyond the boundaries of the cluster)
+ingress:
+  enabled: true
+  className: "public"
+  annotations:
+    cert-manager.io/cluster-issuer: lets-encrypt
+  # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: api.2martens.de
+      paths:
+        - path: /v1/formations/
+          pathType: Prefix
+        - path: /v1/routes/
+          pathType: Prefix
+        - path: /v1/timetables/
+          pathType: Prefix
+        - path: /v1/users/
+          pathType: Prefix
+        - path: /doc/v1/timetable/
+          pathType: Prefix
+        - path: /api-docs/v1/timetable/
+          pathType: Prefix
+  tls:
+    - secretName: timetable-tls
+      hosts:
+        - api.2martens.de
+resources:
+  requests:
+    cpu: 200m
+    memory: 512Mi
+  limits:
+    cpu: 1000m
+    memory: 512Mi
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
+# Configure autoscaling
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+vault:
+  # If enabled, no ordinary secret resource will be created, even if secrets value is populated.
+  enabled: true
+  # name of the Vault secrets applications
+  applicationName: "timetable"
+  # id of the organization in Vault secrets
+  organizationId: ""
+  # id of the project in Vault secrets
+  projectId: ""
+  # if not provided, vault-secrets-operator-system will be used
+  operatorNamespace: ""
+# Configure nodeSelector, contents will be added verbatim to key nodeSelector in deployment pod template
+nodeSelector: {}
+# Configure tolerations, contents will be added verbatim to key tolerations in deployment pod template
+tolerations: []
+# Configure affinity, contents will be added verbatim to key affinity in deployment pod template
+affinity: {}
+# podSpec: will be added at the bottom of the pod template in the deployment
+podSpec: {}
+# containerSpec: will be added at the bottom of the container specification in the pod template
+containerSpec: {}

helm/timetable/.helmignore

@@ -0,0 +1,27 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# environment values
+environments/
+default_values.yaml
+overwrite_values.yaml

helm/timetable/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: template
+  repository: file://../template
+  version: 0.2.4
+digest: sha256:c7b42f6956258c0f59f4e7513f925fef4162e251bb3fd05f3e94351be9cdade1
+generated: "2024-01-06T15:29:31.868909+01:00"

helm/timetable/Chart.yaml

@@ -0,0 +1,28 @@
+apiVersion: v2
+name: timetable
+description: Installs the Timetable backend into the Kubernetes cluster
+type: application
+version: 0.1.0
+maintainers:
+  - name: Jim Martens
+    url: https://2martens.de
+sources:
+  - https://git.2martens.de/2martens/wahlrecht
+dependencies:
+  - name: template
+    version: 0.2.4
+    repository: file://../template
+annotations:
+  artifacthub.io/images: |
+    - name: 2martens/timetable:latest
+      image: 2martens/timetable:latest
+      platforms:
+        - linux/amd64
+        - linux/arm64
+  artifacthub.io/changes: |
+    - kind: added
+      description: Added timetable chart
+  artifacthub.io/signKey: |
+    fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
+    url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc
+  artifacthub.io/prerelease: true

helm/timetable/README.md

@@ -0,0 +1,41 @@
+# Wahlrecht API
+
+This chart installs the Wahlrecht API
+into the Kubernetes cluster.
+
+## Configuration
+
+* by default, it expects a Spring Boot config server running inside the cluster, available under
+  http://configserver:8888/config
+  ```yaml
+  application:
+    configserver:
+      host: configserver
+      port: 8888
+      prefix: /config
+      scheme: http
+  ```
+* by default, it expects a Kafka running inside the cluster, available under
+  kafka:9092
+  ```yaml
+  application:
+    kafka:
+      host: kafka
+      port: 9092
+  ```
+* configure Keycloak
+  ```yaml
+  application:
+    keycloak:
+      url: https://yourKeycloak
+      realm: yourRealm
+  ```
+* configure secrets (the application expects these values to be set)
+  ```yaml
+  secrets:
+    MONGODB_CONNECTION_STRING: mongoDBConnectionString
+    CLIENT_SECRET: keycloakClientSecret
+  ```
+  Should you want to use, for example, an external secret provider,
+  then you are currently out of luck. The chart does not support that,
+  yet.

helm/timetable/default_values.yaml

@@ -0,0 +1 @@
+../template/_values.yaml

helm/timetable/overwrite_values.yaml

@@ -0,0 +1,57 @@
+image:
+  repository: 2martens/timetable
+
+ingress:
+  annotations:
+    cert-manager.io/cluster-issuer: lets-encrypt
+  tls:
+    - secretName: chart-example-tls
+      hosts:
+        - chart-example.local
+
+application:
+  port: 12100
+  actuatorPort: 12101
+  keycloak:
+    url: https://id.2martens.de
+    realm: 2martens
+  configserver:
+    scheme: http
+    host: configserver
+    port: 8888
+    prefix: /config
+  kafka:
+    host: kafka
+    port: 9092
+
+service:
+  port: 12100
+  actuatorPort: 12101
+
+secrets:
+  # Needs to be overwritten. Will be ignored if vault is enabled.
+  MONGODB_CONNECTION_STRING: ""
+  # Needs to be overwritten. Will be ignored if vault is enabled.
+  CLIENT_SECRET: ""
+
+environment:
+  - name: PORT
+    value: "{{ .Values.application.port }}"
+  - name: ACTUATOR_PORT
+    value: "{{ .Values.application.actuatorPort }}"
+  - name: KEYCLOAK_URL
+    value: "{{ .Values.application.keycloak.url }}"
+  - name: KEYCLOAK_REALM
+    value: "{{ .Values.application.keycloak.realm }}"
+  - name: CONFIGSERVER_SCHEME
+    value: "{{ .Values.application.configserver.scheme }}"
+  - name: CONFIGSERVER_HOST
+    value: "{{ .Values.application.configserver.host }}"
+  - name: CONFIGSERVER_PORT
+    value: "{{ .Values.application.configserver.port }}"
+  - name: CONFIGSERVER_PREFIX
+    value: "{{ .Values.application.configserver.prefix }}"
+  - name: KAFKA_HOST
+    value: "{{ .Values.application.kafka.host }}"
+  - name: KAFKA_PORT
+    value: "{{ .Values.application.kafka.port }}"

helm/timetable/templates

@@ -0,0 +1 @@
+../template/_templates

helm/timetable/values.yaml

@@ -0,0 +1,179 @@
+# Copy these values to your application chart completely and then modify those bits where
+# the default for your application differs. The image.repository is a prime candidate for that.
+
+replicaCount: 1
+# revisionHistoryLimit: can be configured to reduce/increase amount of stored replica sets for rollback
+revisionHistoryLimit: 10
+image:
+  repository: 2martens/timetable
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is latest
+  tag: ""
+# If image is not accessible for Kubernetes without authentication, configure required secrets here
+# will be added verbatim to imagePullSecrets in deployment pod template
+imagePullSecrets: []
+# Overrides the name being used in, for example, annotations
+# by default it is the chart name
+nameOverride: ""
+# Overrides the name being used for the name of Kubernetes resources
+# by default release name if it contains the chart name, otherwise releaseName-chartName
+fullnameOverride: ""
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+# Configure annotations for the pod, will be added verbatim to key annotations in pod metadata
+podAnnotations: {}
+# Configure the security context of the application pod
+podSecurityContext: {}
+# fsGroup: 2000
+
+# Configure security context of the application container
+securityContext: {}
+#   capabilities:
+#     drop:
+#     - ALL
+#   readOnlyRootFilesystem: true
+#   runAsNonRoot: true
+#   runAsUser: 1000
+
+application:
+  port: 12100
+  actuatorPort: 12101
+  namespace: template # update to match the desired namespace
+  profile: prod
+  isSpring: true
+  keycloak:
+    url: https://id.2martens.de
+    realm: 2martens
+  configserver:
+    scheme: http
+    host: configserver
+    port: 8888
+    prefix: /config
+  kafka:
+    host: kafka
+    port: 9092
+prometheus:
+  enabled: true
+  # only enable if you have the Prometheus operator installed, otherwise it will fail due to missing CRDs
+  useCRDs: false
+  # namespace: the namespace of the Prometheus installation
+  # the value is templated
+  namespace:
+  # name of helm release or argo cd application
+  releaseName:
+# Overwrite with application specific environment variables
+# Each item has key and value, where the value is parsed as a template
+environment:
+  - name: PORT
+    value: "{{ .Values.application.port }}"
+  - name: ACTUATOR_PORT
+    value: "{{ .Values.application.actuatorPort }}"
+  - name: KEYCLOAK_URL
+    value: "{{ .Values.application.keycloak.url }}"
+  - name: KEYCLOAK_REALM
+    value: "{{ .Values.application.keycloak.realm }}"
+  - name: CONFIGSERVER_SCHEME
+    value: "{{ .Values.application.configserver.scheme }}"
+  - name: CONFIGSERVER_HOST
+    value: "{{ .Values.application.configserver.host }}"
+  - name: CONFIGSERVER_PORT
+    value: "{{ .Values.application.configserver.port }}"
+  - name: CONFIGSERVER_PREFIX
+    value: "{{ .Values.application.configserver.prefix }}"
+  - name: KAFKA_HOST
+    value: "{{ .Values.application.kafka.host }}"
+  - name: KAFKA_PORT
+    value: "{{ .Values.application.kafka.port }}"
+enableServiceLinks: false
+# Contents of this object will be added to a Kubernetes secret data section and Base64 encoded
+# External secrets are not supported by this template
+secrets:
+  # Needs to be overwritten. Will be ignored if vault is enabled.
+  MONGODB_CONNECTION_STRING: ""
+  # Needs to be overwritten. Will be ignored if vault is enabled.
+  CLIENT_SECRET: ""
+# Configure the service
+service:
+  type: ClusterIP
+  # port is targeting the containerPort http, described by application.port
+  port: 12100
+  # actuatorPort is targeting the containerPort http-actuator, described by application.actuatorPort
+  # only used if application.isSpring=true
+  actuatorPort: 12101
+# Configure the liveness probe
+# Defaults fitting for Spring Boot application that has livenessProbe enabled
+livenessProbe:
+  enabled: true
+  path: /actuator/health/liveness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 120
+# Configure the readiness probe
+# Defaults fitting for Spring Boot application that has readinessProbe enabled
+readinessProbe:
+  enabled: true
+  path: /actuator/health/readiness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  # Allows you to specify the number of seconds the application can take to answer readinessProbe
+  # before failure is assumed by Kubernetes
+  timeoutSeconds: 1
+# Configure ingress if desired (exposing app beyond the boundaries of the cluster)
+ingress:
+  enabled: false
+  className: ""
+  annotations:
+    cert-manager.io/cluster-issuer: lets-encrypt
+  # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - secretName: chart-example-tls
+      hosts:
+        - chart-example.local
+resources: {}
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
+# Configure autoscaling
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+vault:
+  # If enabled, no ordinary secret resource will be created, even if secrets value is populated.
+  enabled: false
+  # name of the Vault secrets applications
+  applicationName: ""
+  # id of the organization in Vault secrets
+  organizationId: ""
+  # id of the project in Vault secrets
+  projectId: ""
+  # if not provided, vault-secrets-operator-system will be used
+  operatorNamespace: ""
+# Configure nodeSelector, contents will be added verbatim to key nodeSelector in deployment pod template
+nodeSelector: {}
+# Configure tolerations, contents will be added verbatim to key tolerations in deployment pod template
+tolerations: []
+# Configure affinity, contents will be added verbatim to key affinity in deployment pod template
+affinity: {}
+# podSpec: will be added at the bottom of the pod template in the deployment
+podSpec: {}
+# containerSpec: will be added at the bottom of the container specification in the pod template
+containerSpec: {}

k8s/csr.yaml

@@ -1,12 +1,12 @@
 apiVersion: certificates.k8s.io/v1
 kind: CertificateSigningRequest
 metadata:
-  name: NAME
+  name: 2martens
 spec:
   signerName: kubernetes.io/kube-apiserver-client
   groups:
     - system:authenticated
-  request: BASE64_CSR
+  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1dEQ0NBVUFDQVFBd0V6RVJNQThHQTFVRUF3d0lNbTFoY25SbGJuTXdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGV6dEgzQWlhNmJpMmxzMGtIQW5LUDhOUFpWTDlJVldrdnJGS0N3UmZuClRPSnM5Z0dCWmxzbnl4WEl6Y2xBeUFjbzI2d2pKanNKZkUybVFSYlZ0alNqOERORklNeVZsdVloUDRyQS9yYlMKYmFzbEMrTUR1TGh3VGhFRi82UkpaMENudmdGSkc1bUZkbmx0WjdGSDZGTkdPalZWVktxc2FTL0ZRdjE4S0g4NwpabVNmRHdqS3pla2FZSFZyL3F3ZmFLSmpXSm1jd0JhRkw0VGcwcHJrVzBIWm5QTUZVclFFcXM4WEpnekRGQ2xNCkRwRXM1ZDdXYjd0b2Q0K2E4dE80UWFheXB2ZHdUOUc5YWd5QUYyUnNoMmhRakZCSXFtLzkwV2RRM0tGRmI1ZGQKR1l6YmcycnRJR21xb0x3NGxFYXRQU3lPM2lVTnh3MWNidU9tcHlQTnI1aWxBZ01CQUFHZ0FEQU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBa3FpMllqU2wzaVRiTXVSa2xRQVRBck5xQWFmaXZXSHJCdVlsdEhTeEFlNDB5aDR6Ci9MOExHQisyREZORmpvTWFIY1ZpdHJMTDRKeGlRay9jSEs5ZW1JdjZNWFpGK3lUa0ZQYkVOeWowZFU3VVBObisKcE1zT1ViRkpKdGsybmJ4Q3JSdkE0ZSt4T2ZHVllxKzdhdS94ZTVvbFBDanVZeWM2UnNiQkRxcDRnbFZzSzUydwp3Vit6Z29QYWpmV05oYnphUDlYZ0dSWVM5RzlrcDJwNEVrbU9OOUltTnJvUjBTbkhSWG1PbllsQlJCY0p0RHhmCmladjI3OFlaQ095cEFOZmtlYThCUU12YWNPbDcwRVlOMnFMbTB5alo5VW5LN1ZuL00wcW5pKy9Wc3hYT1dqc3IKNzNNWHlWdGUzQlUycHUyM3pGQ1doVm83SUt0bmZseHFJbnlyQnc9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K
   usages:
     - digital signature
     - key encipherment

release-please-config.json

@@ -52,6 +52,9 @@
     "helm/template": {
       "releaseType": "helm"
     },
+    "helm/timetable": {
+      "releaseType": "helm"
+    },
     "helm/wahlrecht": {
       "releaseType": "helm"
     },