From 36686dcf81726d2f981a8cdc54e1a88c8680e9bd Mon Sep 17 00:00:00 2001 From: Jim Martens Date: Tue, 9 Jan 2024 19:03:31 +0100 Subject: [PATCH] feat: Add timetable helm chart and argo application --- .release-please-manifest.json | 1 + argocd/app-of-apps/test/values.yaml | 8 +- .../templates/thanos-query-deployment.yaml | 3 + argocd/thanos/monitoring/values.yaml | 2 + argocd/timetable/test/Chart.lock | 6 + argocd/timetable/test/Chart.yaml | 8 + argocd/timetable/test/default_values.yaml | 1 + argocd/timetable/test/overwrite_values.yaml | 54 +++++ argocd/timetable/test/templates | 1 + argocd/timetable/test/values.yaml | 195 ++++++++++++++++++ helm/timetable/.helmignore | 27 +++ helm/timetable/CHANGELOG.md | 0 helm/timetable/Chart.lock | 6 + helm/timetable/Chart.yaml | 28 +++ helm/timetable/README.md | 41 ++++ helm/timetable/default_values.yaml | 1 + helm/timetable/overwrite_values.yaml | 57 +++++ helm/timetable/templates | 1 + helm/timetable/values.yaml | 179 ++++++++++++++++ k8s/csr.yaml | 4 +- release-please-config.json | 3 + 21 files changed, 623 insertions(+), 3 deletions(-) create mode 100644 argocd/thanos/monitoring/values.yaml create mode 100644 argocd/timetable/test/Chart.lock create mode 100644 argocd/timetable/test/Chart.yaml create mode 120000 argocd/timetable/test/default_values.yaml create mode 100644 argocd/timetable/test/overwrite_values.yaml create mode 120000 argocd/timetable/test/templates create mode 100644 argocd/timetable/test/values.yaml create mode 100644 helm/timetable/.helmignore create mode 100644 helm/timetable/CHANGELOG.md create mode 100644 helm/timetable/Chart.lock create mode 100644 helm/timetable/Chart.yaml create mode 100644 helm/timetable/README.md create mode 120000 helm/timetable/default_values.yaml create mode 100644 helm/timetable/overwrite_values.yaml create mode 120000 helm/timetable/templates create mode 100644 helm/timetable/values.yaml diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 14fa3d8..c02624e 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -5,6 +5,7 @@ "helm/configserver": "0.1.22", "helm/kafka": "0.1.7", "helm/template": "0.2.4", + "helm/timetable": "0.0.1", "helm/wahlrecht": "0.2.0", "helm/zookeeper": "0.1.5" } diff --git a/argocd/app-of-apps/test/values.yaml b/argocd/app-of-apps/test/values.yaml index 5a951d8..77ea89e 100644 --- a/argocd/app-of-apps/test/values.yaml +++ b/argocd/app-of-apps/test/values.yaml @@ -69,7 +69,13 @@ applications: createNamespace: false repoURL: https://git.2martens.de/2martens/cloud-configuration.git syncWave: 2 - + - name: timetable + project: default + targetRevision: main + namespace: timetable + createNamespace: false + repoURL: https://git.2martens.de/2martens/cloud-configuration.git + syncWave: 5 overall: destinationServer: https://kubernetes.default.svc diff --git a/argocd/thanos/monitoring/templates/thanos-query-deployment.yaml b/argocd/thanos/monitoring/templates/thanos-query-deployment.yaml index 8d97516..bce771a 100644 --- a/argocd/thanos/monitoring/templates/thanos-query-deployment.yaml +++ b/argocd/thanos/monitoring/templates/thanos-query-deployment.yaml @@ -48,6 +48,9 @@ spec: - --query.replica-label=rule_replica - --endpoint=dnssrv+_grpc._tcp.thanos-store.thanos.svc.cluster.local:10901 - --endpoint=dnssrv+_grpc._tcp.thanos-receive-ingestor-default.thanos.svc.cluster.local:10901 + {{- range .Values.clusters }} + - --endpoint=_grpc._tcp.{{ .thanosEndpoint }}:10901 + {{- end }} - --query.auto-downsampling env: - name: HOST_IP_ADDRESS diff --git a/argocd/thanos/monitoring/values.yaml b/argocd/thanos/monitoring/values.yaml new file mode 100644 index 0000000..d629d9f --- /dev/null +++ b/argocd/thanos/monitoring/values.yaml @@ -0,0 +1,2 @@ +clusters: + - thanosEndpoint: 10.0.0.4 \ No newline at end of file diff --git a/argocd/timetable/test/Chart.lock b/argocd/timetable/test/Chart.lock new file mode 100644 index 0000000..df6b620 --- /dev/null +++ b/argocd/timetable/test/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: template + repository: https://repo.2martens.de/charts + version: 0.2.4 +digest: sha256:cb94ee0765d3d746702deb9973670fc7118c39e29093443d738541342b4f04e0 +generated: "2024-01-06T15:35:51.393485+01:00" diff --git a/argocd/timetable/test/Chart.yaml b/argocd/timetable/test/Chart.yaml new file mode 100644 index 0000000..2c5810f --- /dev/null +++ b/argocd/timetable/test/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +name: timetable +version: 0.1.0 +type: application +dependencies: + - name: template + version: 0.2.4 + repository: https://repo.2martens.de/charts \ No newline at end of file diff --git a/argocd/timetable/test/default_values.yaml b/argocd/timetable/test/default_values.yaml new file mode 120000 index 0000000..8ebc0e2 --- /dev/null +++ b/argocd/timetable/test/default_values.yaml @@ -0,0 +1 @@ +../../../helm/timetable/values.yaml \ No newline at end of file diff --git a/argocd/timetable/test/overwrite_values.yaml b/argocd/timetable/test/overwrite_values.yaml new file mode 100644 index 0000000..c65c48e --- /dev/null +++ b/argocd/timetable/test/overwrite_values.yaml @@ -0,0 +1,54 @@ +image: + tag: "0.1.0" +revisionHistoryLimit: 3 +ingress: + enabled: true + className: public + hosts: + - host: api.2martens.de + paths: + - path: /v1/formations/ + pathType: Prefix + - path: /v1/routes/ + pathType: Prefix + - path: /v1/timetables/ + pathType: Prefix + - path: /v1/users/ + pathType: Prefix + - path: /doc/v1/timetable/ + pathType: Prefix + - path: /api-docs/v1/timetable/ + pathType: Prefix + tls: + - secretName: timetable-tls + hosts: + - api.2martens.de +resources: + requests: + cpu: 200m + memory: 512Mi + limits: + cpu: 1000m + memory: 512Mi +application: + configserver: + scheme: http + host: configserver.spring-support + port: 8888 + prefix: /config + kafka: + host: kafka.kafka + port: 9092 + +vault: + enabled: true + applicationName: timetable + +readinessProbe: + initialDelaySeconds: 70 + +livenessProbe: + initialDelaySeconds: 70 + +prometheus: + useCRDs: true \ No newline at end of file diff --git a/argocd/timetable/test/templates b/argocd/timetable/test/templates new file mode 120000 index 0000000..f432587 --- /dev/null +++ b/argocd/timetable/test/templates @@ -0,0 +1 @@ +../../../helm/timetable/templates \ No newline at end of file diff --git a/argocd/timetable/test/values.yaml b/argocd/timetable/test/values.yaml new file mode 100644 index 0000000..02d4e03 --- /dev/null +++ b/argocd/timetable/test/values.yaml @@ -0,0 +1,195 @@ +# Copy these values to your application chart completely and then modify those bits where +# the default for your application differs. The image.repository is a prime candidate for that. + +replicaCount: 1 +# revisionHistoryLimit: can be configured to reduce/increase amount of stored replica sets for rollback +revisionHistoryLimit: 3 +image: + repository: 2martens/timetable + pullPolicy: IfNotPresent + # Overrides the image tag whose default is latest + tag: "0.1.0" +# If image is not accessible for Kubernetes without authentication, configure required secrets here +# will be added verbatim to imagePullSecrets in deployment pod template +imagePullSecrets: [] +# Overrides the name being used in, for example, annotations +# by default it is the chart name +nameOverride: "" +# Overrides the name being used for the name of Kubernetes resources +# by default release name if it contains the chart name, otherwise releaseName-chartName +fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" +# Configure annotations for the pod, will be added verbatim to key annotations in pod metadata +podAnnotations: {} +# Configure the security context of the application pod +podSecurityContext: {} +# fsGroup: 2000 + +# Configure security context of the application container +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +application: + port: 12100 + actuatorPort: 12101 + namespace: template # update to match the desired namespace + profile: prod + isSpring: true + keycloak: + url: https://id.2martens.de + realm: 2martens + configserver: + scheme: http + host: configserver.spring-support + port: 8888 + prefix: /config + kafka: + host: kafka.kafka + port: 9092 +prometheus: + enabled: true + # only enable if you have the Prometheus operator installed, otherwise it will fail due to missing CRDs + useCRDs: true + # namespace: the namespace of the Prometheus installation + # the value is templated + namespace: + # name of helm release or argo cd application + releaseName: +# Overwrite with application specific environment variables +# Each item has key and value, where the value is parsed as a template +environment: + - name: PORT + value: "{{ .Values.application.port }}" + - name: ACTUATOR_PORT + value: "{{ .Values.application.actuatorPort }}" + - name: KEYCLOAK_URL + value: "{{ .Values.application.keycloak.url }}" + - name: KEYCLOAK_REALM + value: "{{ .Values.application.keycloak.realm }}" + - name: CONFIGSERVER_SCHEME + value: "{{ .Values.application.configserver.scheme }}" + - name: CONFIGSERVER_HOST + value: "{{ .Values.application.configserver.host }}" + - name: CONFIGSERVER_PORT + value: "{{ .Values.application.configserver.port }}" + - name: CONFIGSERVER_PREFIX + value: "{{ .Values.application.configserver.prefix }}" + - name: KAFKA_HOST + value: "{{ .Values.application.kafka.host }}" + - name: KAFKA_PORT + value: "{{ .Values.application.kafka.port }}" +enableServiceLinks: false +# Contents of this object will be added to a Kubernetes secret data section and Base64 encoded +# External secrets are not supported by this template +secrets: + # Needs to be overwritten. Will be ignored if vault is enabled. + MONGODB_CONNECTION_STRING: "" + # Needs to be overwritten. Will be ignored if vault is enabled. + CLIENT_SECRET: "" +# Configure the service +service: + type: ClusterIP + # port is targeting the containerPort http, described by application.port + port: 12100 + # actuatorPort is targeting the containerPort http-actuator, described by application.actuatorPort + # only used if application.isSpring=true + actuatorPort: 12101 +# Configure the liveness probe +# Defaults fitting for Spring Boot application that has livenessProbe enabled +livenessProbe: + enabled: true + path: /actuator/health/liveness + port: http-actuator + initialDelaySeconds: 70 + periodSeconds: 120 +# Configure the readiness probe +# Defaults fitting for Spring Boot application that has readinessProbe enabled +readinessProbe: + enabled: true + path: /actuator/health/readiness + port: http-actuator + initialDelaySeconds: 70 + periodSeconds: 10 + # Allows you to specify the number of seconds the application can take to answer readinessProbe + # before failure is assumed by Kubernetes + timeoutSeconds: 1 +# Configure ingress if desired (exposing app beyond the boundaries of the cluster) +ingress: + enabled: true + className: "public" + annotations: + cert-manager.io/cluster-issuer: lets-encrypt + # kubernetes.io/tls-acme: "true" + hosts: + - host: api.2martens.de + paths: + - path: /v1/formations/ + pathType: Prefix + - path: /v1/routes/ + pathType: Prefix + - path: /v1/timetables/ + pathType: Prefix + - path: /v1/users/ + pathType: Prefix + - path: /doc/v1/timetable/ + pathType: Prefix + - path: /api-docs/v1/timetable/ + pathType: Prefix + tls: + - secretName: timetable-tls + hosts: + - api.2martens.de +resources: + requests: + cpu: 200m + memory: 512Mi + limits: + cpu: 1000m + memory: 512Mi +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +# Configure autoscaling +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 +vault: + # If enabled, no ordinary secret resource will be created, even if secrets value is populated. + enabled: true + # name of the Vault secrets applications + applicationName: "timetable" + # id of the organization in Vault secrets + organizationId: "" + # id of the project in Vault secrets + projectId: "" + # if not provided, vault-secrets-operator-system will be used + operatorNamespace: "" +# Configure nodeSelector, contents will be added verbatim to key nodeSelector in deployment pod template +nodeSelector: {} +# Configure tolerations, contents will be added verbatim to key tolerations in deployment pod template +tolerations: [] +# Configure affinity, contents will be added verbatim to key affinity in deployment pod template +affinity: {} +# podSpec: will be added at the bottom of the pod template in the deployment +podSpec: {} +# containerSpec: will be added at the bottom of the container specification in the pod template +containerSpec: {} diff --git a/helm/timetable/.helmignore b/helm/timetable/.helmignore new file mode 100644 index 0000000..8bd27ef --- /dev/null +++ b/helm/timetable/.helmignore @@ -0,0 +1,27 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# environment values +environments/ +default_values.yaml +overwrite_values.yaml diff --git a/helm/timetable/CHANGELOG.md b/helm/timetable/CHANGELOG.md new file mode 100644 index 0000000..e69de29 diff --git a/helm/timetable/Chart.lock b/helm/timetable/Chart.lock new file mode 100644 index 0000000..fa7298e --- /dev/null +++ b/helm/timetable/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: template + repository: file://../template + version: 0.2.4 +digest: sha256:c7b42f6956258c0f59f4e7513f925fef4162e251bb3fd05f3e94351be9cdade1 +generated: "2024-01-06T15:29:31.868909+01:00" diff --git a/helm/timetable/Chart.yaml b/helm/timetable/Chart.yaml new file mode 100644 index 0000000..33c4628 --- /dev/null +++ b/helm/timetable/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: timetable +description: Installs the Timetable backend into the Kubernetes cluster +type: application +version: 0.1.0 +maintainers: + - name: Jim Martens + url: https://2martens.de +sources: + - https://git.2martens.de/2martens/wahlrecht +dependencies: + - name: template + version: 0.2.4 + repository: file://../template +annotations: + artifacthub.io/images: | + - name: 2martens/timetable:latest + image: 2martens/timetable:latest + platforms: + - linux/amd64 + - linux/arm64 + artifacthub.io/changes: | + - kind: added + description: Added timetable chart + artifacthub.io/signKey: | + fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8 + url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc + artifacthub.io/prerelease: true diff --git a/helm/timetable/README.md b/helm/timetable/README.md new file mode 100644 index 0000000..21e27e3 --- /dev/null +++ b/helm/timetable/README.md @@ -0,0 +1,41 @@ +# Wahlrecht API + +This chart installs the Wahlrecht API +into the Kubernetes cluster. + +## Configuration + +* by default, it expects a Spring Boot config server running inside the cluster, available under + http://configserver:8888/config + ```yaml + application: + configserver: + host: configserver + port: 8888 + prefix: /config + scheme: http + ``` +* by default, it expects a Kafka running inside the cluster, available under + kafka:9092 + ```yaml + application: + kafka: + host: kafka + port: 9092 + ``` +* configure Keycloak + ```yaml + application: + keycloak: + url: https://yourKeycloak + realm: yourRealm + ``` +* configure secrets (the application expects these values to be set) + ```yaml + secrets: + MONGODB_CONNECTION_STRING: mongoDBConnectionString + CLIENT_SECRET: keycloakClientSecret + ``` + Should you want to use, for example, an external secret provider, + then you are currently out of luck. The chart does not support that, + yet. \ No newline at end of file diff --git a/helm/timetable/default_values.yaml b/helm/timetable/default_values.yaml new file mode 120000 index 0000000..00d0a7d --- /dev/null +++ b/helm/timetable/default_values.yaml @@ -0,0 +1 @@ +../template/_values.yaml \ No newline at end of file diff --git a/helm/timetable/overwrite_values.yaml b/helm/timetable/overwrite_values.yaml new file mode 100644 index 0000000..e6748ba --- /dev/null +++ b/helm/timetable/overwrite_values.yaml @@ -0,0 +1,57 @@ +image: + repository: 2martens/timetable + +ingress: + annotations: + cert-manager.io/cluster-issuer: lets-encrypt + tls: + - secretName: chart-example-tls + hosts: + - chart-example.local + +application: + port: 12100 + actuatorPort: 12101 + keycloak: + url: https://id.2martens.de + realm: 2martens + configserver: + scheme: http + host: configserver + port: 8888 + prefix: /config + kafka: + host: kafka + port: 9092 + +service: + port: 12100 + actuatorPort: 12101 + +secrets: + # Needs to be overwritten. Will be ignored if vault is enabled. + MONGODB_CONNECTION_STRING: "" + # Needs to be overwritten. Will be ignored if vault is enabled. + CLIENT_SECRET: "" + +environment: + - name: PORT + value: "{{ .Values.application.port }}" + - name: ACTUATOR_PORT + value: "{{ .Values.application.actuatorPort }}" + - name: KEYCLOAK_URL + value: "{{ .Values.application.keycloak.url }}" + - name: KEYCLOAK_REALM + value: "{{ .Values.application.keycloak.realm }}" + - name: CONFIGSERVER_SCHEME + value: "{{ .Values.application.configserver.scheme }}" + - name: CONFIGSERVER_HOST + value: "{{ .Values.application.configserver.host }}" + - name: CONFIGSERVER_PORT + value: "{{ .Values.application.configserver.port }}" + - name: CONFIGSERVER_PREFIX + value: "{{ .Values.application.configserver.prefix }}" + - name: KAFKA_HOST + value: "{{ .Values.application.kafka.host }}" + - name: KAFKA_PORT + value: "{{ .Values.application.kafka.port }}" diff --git a/helm/timetable/templates b/helm/timetable/templates new file mode 120000 index 0000000..baefb49 --- /dev/null +++ b/helm/timetable/templates @@ -0,0 +1 @@ +../template/_templates \ No newline at end of file diff --git a/helm/timetable/values.yaml b/helm/timetable/values.yaml new file mode 100644 index 0000000..eef46a7 --- /dev/null +++ b/helm/timetable/values.yaml @@ -0,0 +1,179 @@ +# Copy these values to your application chart completely and then modify those bits where +# the default for your application differs. The image.repository is a prime candidate for that. + +replicaCount: 1 +# revisionHistoryLimit: can be configured to reduce/increase amount of stored replica sets for rollback +revisionHistoryLimit: 10 +image: + repository: 2martens/timetable + pullPolicy: IfNotPresent + # Overrides the image tag whose default is latest + tag: "" +# If image is not accessible for Kubernetes without authentication, configure required secrets here +# will be added verbatim to imagePullSecrets in deployment pod template +imagePullSecrets: [] +# Overrides the name being used in, for example, annotations +# by default it is the chart name +nameOverride: "" +# Overrides the name being used for the name of Kubernetes resources +# by default release name if it contains the chart name, otherwise releaseName-chartName +fullnameOverride: "" +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" +# Configure annotations for the pod, will be added verbatim to key annotations in pod metadata +podAnnotations: {} +# Configure the security context of the application pod +podSecurityContext: {} +# fsGroup: 2000 + +# Configure security context of the application container +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +application: + port: 12100 + actuatorPort: 12101 + namespace: template # update to match the desired namespace + profile: prod + isSpring: true + keycloak: + url: https://id.2martens.de + realm: 2martens + configserver: + scheme: http + host: configserver + port: 8888 + prefix: /config + kafka: + host: kafka + port: 9092 +prometheus: + enabled: true + # only enable if you have the Prometheus operator installed, otherwise it will fail due to missing CRDs + useCRDs: false + # namespace: the namespace of the Prometheus installation + # the value is templated + namespace: + # name of helm release or argo cd application + releaseName: +# Overwrite with application specific environment variables +# Each item has key and value, where the value is parsed as a template +environment: + - name: PORT + value: "{{ .Values.application.port }}" + - name: ACTUATOR_PORT + value: "{{ .Values.application.actuatorPort }}" + - name: KEYCLOAK_URL + value: "{{ .Values.application.keycloak.url }}" + - name: KEYCLOAK_REALM + value: "{{ .Values.application.keycloak.realm }}" + - name: CONFIGSERVER_SCHEME + value: "{{ .Values.application.configserver.scheme }}" + - name: CONFIGSERVER_HOST + value: "{{ .Values.application.configserver.host }}" + - name: CONFIGSERVER_PORT + value: "{{ .Values.application.configserver.port }}" + - name: CONFIGSERVER_PREFIX + value: "{{ .Values.application.configserver.prefix }}" + - name: KAFKA_HOST + value: "{{ .Values.application.kafka.host }}" + - name: KAFKA_PORT + value: "{{ .Values.application.kafka.port }}" +enableServiceLinks: false +# Contents of this object will be added to a Kubernetes secret data section and Base64 encoded +# External secrets are not supported by this template +secrets: + # Needs to be overwritten. Will be ignored if vault is enabled. + MONGODB_CONNECTION_STRING: "" + # Needs to be overwritten. Will be ignored if vault is enabled. + CLIENT_SECRET: "" +# Configure the service +service: + type: ClusterIP + # port is targeting the containerPort http, described by application.port + port: 12100 + # actuatorPort is targeting the containerPort http-actuator, described by application.actuatorPort + # only used if application.isSpring=true + actuatorPort: 12101 +# Configure the liveness probe +# Defaults fitting for Spring Boot application that has livenessProbe enabled +livenessProbe: + enabled: true + path: /actuator/health/liveness + port: http-actuator + initialDelaySeconds: 30 + periodSeconds: 120 +# Configure the readiness probe +# Defaults fitting for Spring Boot application that has readinessProbe enabled +readinessProbe: + enabled: true + path: /actuator/health/readiness + port: http-actuator + initialDelaySeconds: 30 + periodSeconds: 10 + # Allows you to specify the number of seconds the application can take to answer readinessProbe + # before failure is assumed by Kubernetes + timeoutSeconds: 1 +# Configure ingress if desired (exposing app beyond the boundaries of the cluster) +ingress: + enabled: false + className: "" + annotations: + cert-manager.io/cluster-issuer: lets-encrypt + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: chart-example-tls + hosts: + - chart-example.local +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +# Configure autoscaling +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 +vault: + # If enabled, no ordinary secret resource will be created, even if secrets value is populated. + enabled: false + # name of the Vault secrets applications + applicationName: "" + # id of the organization in Vault secrets + organizationId: "" + # id of the project in Vault secrets + projectId: "" + # if not provided, vault-secrets-operator-system will be used + operatorNamespace: "" +# Configure nodeSelector, contents will be added verbatim to key nodeSelector in deployment pod template +nodeSelector: {} +# Configure tolerations, contents will be added verbatim to key tolerations in deployment pod template +tolerations: [] +# Configure affinity, contents will be added verbatim to key affinity in deployment pod template +affinity: {} +# podSpec: will be added at the bottom of the pod template in the deployment +podSpec: {} +# containerSpec: will be added at the bottom of the container specification in the pod template +containerSpec: {} diff --git a/k8s/csr.yaml b/k8s/csr.yaml index f992cdc..9b53e3a 100644 --- a/k8s/csr.yaml +++ b/k8s/csr.yaml @@ -1,12 +1,12 @@ apiVersion: certificates.k8s.io/v1 kind: CertificateSigningRequest metadata: - name: NAME + name: 2martens spec: signerName: kubernetes.io/kube-apiserver-client groups: - system:authenticated - request: BASE64_CSR + request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1dEQ0NBVUFDQVFBd0V6RVJNQThHQTFVRUF3d0lNbTFoY25SbGJuTXdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGV6dEgzQWlhNmJpMmxzMGtIQW5LUDhOUFpWTDlJVldrdnJGS0N3UmZuClRPSnM5Z0dCWmxzbnl4WEl6Y2xBeUFjbzI2d2pKanNKZkUybVFSYlZ0alNqOERORklNeVZsdVloUDRyQS9yYlMKYmFzbEMrTUR1TGh3VGhFRi82UkpaMENudmdGSkc1bUZkbmx0WjdGSDZGTkdPalZWVktxc2FTL0ZRdjE4S0g4NwpabVNmRHdqS3pla2FZSFZyL3F3ZmFLSmpXSm1jd0JhRkw0VGcwcHJrVzBIWm5QTUZVclFFcXM4WEpnekRGQ2xNCkRwRXM1ZDdXYjd0b2Q0K2E4dE80UWFheXB2ZHdUOUc5YWd5QUYyUnNoMmhRakZCSXFtLzkwV2RRM0tGRmI1ZGQKR1l6YmcycnRJR21xb0x3NGxFYXRQU3lPM2lVTnh3MWNidU9tcHlQTnI1aWxBZ01CQUFHZ0FEQU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBa3FpMllqU2wzaVRiTXVSa2xRQVRBck5xQWFmaXZXSHJCdVlsdEhTeEFlNDB5aDR6Ci9MOExHQisyREZORmpvTWFIY1ZpdHJMTDRKeGlRay9jSEs5ZW1JdjZNWFpGK3lUa0ZQYkVOeWowZFU3VVBObisKcE1zT1ViRkpKdGsybmJ4Q3JSdkE0ZSt4T2ZHVllxKzdhdS94ZTVvbFBDanVZeWM2UnNiQkRxcDRnbFZzSzUydwp3Vit6Z29QYWpmV05oYnphUDlYZ0dSWVM5RzlrcDJwNEVrbU9OOUltTnJvUjBTbkhSWG1PbllsQlJCY0p0RHhmCmladjI3OFlaQ095cEFOZmtlYThCUU12YWNPbDcwRVlOMnFMbTB5alo5VW5LN1ZuL00wcW5pKy9Wc3hYT1dqc3IKNzNNWHlWdGUzQlUycHUyM3pGQ1doVm83SUt0bmZseHFJbnlyQnc9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K usages: - digital signature - key encipherment diff --git a/release-please-config.json b/release-please-config.json index b18b2b5..bd324aa 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -52,6 +52,9 @@ "helm/template": { "releaseType": "helm" }, + "helm/timetable": { + "releaseType": "helm" + }, "helm/wahlrecht": { "releaseType": "helm" },