From 364b9659719fe46be8080e12c201c81fef62dac1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Thu, 16 Jun 2022 19:55:19 +0200 Subject: [PATCH] feat: improve chart documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- .gitignore | 1 + README.md | 10 ++ charts/capsule/.helmignore | 1 + charts/capsule/README.md | 128 ++++++++++++------ charts/capsule/README.md.gotmpl | 132 +++++++++++++++++++ charts/capsule/templates/servicemonitor.yaml | 24 +++- charts/capsule/values.yaml | 115 ++++++++++++---- scripts/helm-docs.sh | 11 ++ 8 files changed, 352 insertions(+), 70 deletions(-) create mode 100644 charts/capsule/README.md.gotmpl create mode 100644 scripts/helm-docs.sh diff --git a/.gitignore b/.gitignore index 8537fd27..973948ce 100644 --- a/.gitignore +++ b/.gitignore @@ -28,4 +28,5 @@ bin **/*.crt **/*.key .DS_Store +*.tgz diff --git a/README.md b/README.md index 3718be91..4abf45d8 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,16 @@ Please, check the project [documentation](https://capsule.clastix.io) for the co Capsule is Open Source with Apache 2 license and any contribution is welcome. +## Chart Development + +The documentation for each chart is done with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. + +We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible): + +``` +bash scripts/helm-docs.sh +``` + ## Community Join the community, share and learn from it. You can find all the resources to how to contribute code and docs, connect with people in the [community repository](https://github.com/clastix/capsule-community). diff --git a/charts/capsule/.helmignore b/charts/capsule/.helmignore index 0e8a0eb3..ced94a2f 100644 --- a/charts/capsule/.helmignore +++ b/charts/capsule/.helmignore @@ -21,3 +21,4 @@ .idea/ *.tmproj .vscode/ +README.md.gotmpl diff --git a/charts/capsule/README.md b/charts/capsule/README.md index f701cf69..1552880e 100644 --- a/charts/capsule/README.md +++ b/charts/capsule/README.md @@ -58,46 +58,94 @@ If you only need to make minor customizations, you can specify them on the comma Here the values you can override: -Parameter | Description | Default ---- |-----------------------------------------------------------------------------------------------------------------------------------------| --- -`manager.hostNetwork` | Specifies if the container should be started in `hostNetwork` mode. | `false` -`manager.options.logLevel` | Set the log verbosity of the controller with a value from 1 to 10. | `4` -`manager.options.forceTenantPrefix` | Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash | `false` -`manager.options.capsuleUserGroups` | Override the Capsule user groups | `[capsule.clastix.io]` -`manager.options.protectedNamespaceRegex` | If specified, disallows creation of namespaces matching the passed regexp | `null` -`manager.options.generateCertificates` | Specifies whether capsule webhooks certificates should be generated by capsule operator. | `true` -`manager.image.repository` | Set the image repository of the controller. | `clastix/capsule` -`manager.image.tag` | Overrides the image tag whose default is the chart. `appVersion` | `null` -`manager.image.pullPolicy` | Set the image pull policy. | `IfNotPresent` -`manager.livenessProbe` | Configure the liveness probe using Deployment probe spec | `GET :10080/healthz` -`manager.readinessProbe` | Configure the readiness probe using Deployment probe spec | `GET :10080/readyz` -`manager.resources.requests/cpu` | Set the CPU requests assigned to the controller. | `200m` -`manager.resources.requests/memory` | Set the memory requests assigned to the controller. | `128Mi` -`manager.resources.limits/cpu` | Set the CPU limits assigned to the controller. | `200m` -`manager.resources.limits/cpu` | Set the memory limits assigned to the controller. | `128Mi` -`mutatingWebhooksTimeoutSeconds` | Timeout in seconds for mutating webhooks. | `30` -`validatingWebhooksTimeoutSeconds` | Timeout in seconds for validating webhooks. | `30` -`webhooks` | Additional configuration for capsule webhooks. | -`imagePullSecrets` | Configuration for `imagePullSecrets` so that you can use a private images registry. | `[]` -`serviceAccount.create` | Specifies whether a service account should be created. | `true` -`serviceAccount.annotations` | Annotations to add to the service account. | `{}` -`serviceAccount.name` | The name of the service account to use. If not set and `serviceAccount.create=true`, a name is generated using the fullname template | `capsule` -`podAnnotations` | Annotations to add to the Capsule pod. | `{}` -`priorityClassName` | Set the priority class name of the Capsule pod. | `null` -`nodeSelector` | Set the node selector for the Capsule pod. | `{}` -`tolerations` | Set list of tolerations for the Capsule pod. | `[]` -`replicaCount` | Set the replica count for Capsule pod. | `1` -`affinity` | Set affinity rules for the Capsule pod. | `{}` -`podSecurityPolicy.enabled` | Specify if a Pod Security Policy must be created. | `false` -`serviceMonitor.enabled` | Specifies if a service monitor must be created. | `false` -`serviceMonitor.labels` | Additional labels which will be added to service monitor. | `{}` -`serviceMonitor.annotations` | Additional annotations which will be added to service monitor. | `{}` -`serviceMonitor.matchLabels` | Additional matchLabels which will be added to service monitor. | `{}` -`serviceMonitor.serviceAccount.name` | Specifies service account name for metrics scrape. | `capsule` -`serviceMonitor.serviceAccount.namespace` | Specifies service account namespace for metrics scrape. | `capsule-system` -`customLabels` | Additional labels which will be added to all resources created by Capsule helm chart . | `{}` -`customAnnotations` | Additional annotations which will be added to all resources created by Capsule helm chart . | `{}` -`certManager.generateCertificates` | Specifies whether capsule webhooks certificates should be generated using cert-manager. | `false` +### General Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Set affinity rules for the Capsule pod | +| certManager.generateCertificates | bool | `false` | Specifies whether capsule webhooks certificates should be generated using cert-manager | +| customAnnotations | object | `{}` | Additional annotations which will be added to all resources created by Capsule helm chart | +| customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart | +| jobs.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy of the helm chart job | +| jobs.image.repository | string | `"quay.io/clastix/kubectl"` | Set the image repository of the helm chart job | +| jobs.image.tag | string | `""` | Set the image tag of the helm chart job | +| mutatingWebhooksTimeoutSeconds | int | `30` | Timeout in seconds for mutating webhooks | +| nodeSelector | object | `{}` | Set the node selector for the Capsule pod | +| podAnnotations | object | `{}` | Annotations to add to the capsule pod. | +| podSecurityPolicy.enabled | bool | `false` | Specify if a Pod Security Policy must be created | +| priorityClassName | string | `""` | Set the priority class name of the Capsule pod | +| replicaCount | int | `1` | Set the replica count for capsule pod | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | +| serviceAccount.name | string | `"capsule"` | The name of the service account to use. If not set and `serviceAccount.create=true`, a name is generated using the fullname template | +| tolerations | list | `[]` | Set list of tolerations for the Capsule pod | +| validatingWebhooksTimeoutSeconds | int | `30` | Timeout in seconds for validating webhooks | + +### Manager Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| manager.hostNetwork | bool | `false` | Specifies if the container should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working | +| manager.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. | +| manager.image.repository | string | `"clastix/capsule"` | Set the image repository of the capsule. | +| manager.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| manager.imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry. | +| manager.livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec | +| manager.options.capsuleUserGroups | list | `["capsule.clastix.io"]` | Override the Capsule user groups | +| manager.options.forceTenantPrefix | bool | `false` | Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash | +| manager.options.generateCertificates | bool | `true` | Specifies whether capsule webhooks certificates should be generated by capsule operator | +| manager.options.logLevel | string | `"4"` | Set the log verbosity of the capsule with a value from 1 to 10 | +| manager.options.protectedNamespaceRegex | string | `""` | If specified, disallows creation of namespaces matching the passed regexp | +| manager.readinessProbe | object | `{"httpGet":{"path":"/readyz","port":10080}}` | Configure the readiness probe using Deployment probe spec | +| manager.resources.limits.cpu | string | `"200m"` | | +| manager.resources.limits.memory | string | `"128Mi"` | | +| manager.resources.requests.cpu | string | `"200m"` | | +| manager.resources.requests.memory | string | `"128Mi"` | | + +### ServiceMonitor Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| serviceMonitor.annotations | object | `{}` | Assign additional Annotations | +| serviceMonitor.enabled | bool | `false` | Enable ServiceMonitor | +| serviceMonitor.endpoint.interval | string | `"15s"` | Set the scrape interval for the endpoint of the serviceMonitor | +| serviceMonitor.endpoint.metricRelabelings | list | `[]` | Set metricRelabelings for the endpoint of the serviceMonitor | +| serviceMonitor.endpoint.relabelings | list | `[]` | Set relabelings for the endpoint of the serviceMonitor | +| serviceMonitor.endpoint.scrapeTimeout | string | `""` | Set the scrape timeout for the endpoint of the serviceMonitor | +| serviceMonitor.labels | object | `{}` | Assign additional labels according to Prometheus' serviceMonitorSelector matching labels | +| serviceMonitor.matchLabels | object | `{}` | Change matching labels | +| serviceMonitor.namespace | string | `""` | Install the ServiceMonitor into a different Namespace, as the monitoring stack one (default: the release one) | +| serviceMonitor.serviceAccount.name | string | `"capsule"` | ServiceAccount for Metrics RBAC | +| serviceMonitor.serviceAccount.namespace | string | `"capsule-system"` | ServiceAccount Namespace for Metrics RBAC | +| serviceMonitor.targetLabels | list | `[]` | Set targetLabels for the serviceMonitor | + +### Webhook Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| webhooks.cordoning.failurePolicy | string | `"Fail"` | | +| webhooks.cordoning.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` | | +| webhooks.cordoning.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` | | +| webhooks.ingresses.failurePolicy | string | `"Fail"` | | +| webhooks.ingresses.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` | | +| webhooks.ingresses.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` | | +| webhooks.namespaceOwnerReference.failurePolicy | string | `"Fail"` | | +| webhooks.namespaces.failurePolicy | string | `"Fail"` | | +| webhooks.networkpolicies.failurePolicy | string | `"Fail"` | | +| webhooks.networkpolicies.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` | | +| webhooks.networkpolicies.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` | | +| webhooks.nodes.failurePolicy | string | `"Fail"` | | +| webhooks.persistentvolumeclaims.failurePolicy | string | `"Fail"` | | +| webhooks.persistentvolumeclaims.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` | | +| webhooks.persistentvolumeclaims.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` | | +| webhooks.pods.failurePolicy | string | `"Fail"` | | +| webhooks.pods.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` | | +| webhooks.pods.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` | | +| webhooks.services.failurePolicy | string | `"Fail"` | | +| webhooks.services.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` | | +| webhooks.services.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` | | +| webhooks.tenants.failurePolicy | string | `"Fail"` | | + ## Created resources This Helm Chart creates the following Kubernetes resources in the release namespace: diff --git a/charts/capsule/README.md.gotmpl b/charts/capsule/README.md.gotmpl new file mode 100644 index 00000000..0f6ff3e1 --- /dev/null +++ b/charts/capsule/README.md.gotmpl @@ -0,0 +1,132 @@ +# Deploying the Capsule Operator + +Use the Capsule Operator for easily implementing, managing, and maintaining multitenancy and access control in Kubernetes. + +## Requirements + +* [Helm 3](https://github.com/helm/helm/releases) is required when installing the Capsule Operator chart. Follow Helm’s official [steps](https://helm.sh/docs/intro/install/) for installing helm on your particular operating system. + +* A Kubernetes cluster 1.16+ with following [Admission Controllers](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/) enabled: + + * PodNodeSelector + * LimitRanger + * ResourceQuota + * MutatingAdmissionWebhook + * ValidatingAdmissionWebhook + +* A [`kubeconfig`](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) file accessing the Kubernetes cluster with cluster admin permissions. + +## Quick Start + +The Capsule Operator Chart can be used to instantly deploy the Capsule Operator on your Kubernetes cluster. + +1. Add this repository: + + $ helm repo add clastix https://clastix.github.io/charts + +2. Install the Chart: + + $ helm install capsule clastix/capsule -n capsule-system --create-namespace + +3. Show the status: + + $ helm status capsule -n capsule-system + +4. Upgrade the Chart + + $ helm upgrade capsule clastix/capsule -n capsule-system + +5. Uninstall the Chart + + $ helm uninstall capsule -n capsule-system + +## Customize the installation + +There are two methods for specifying overrides of values during chart installation: `--values` and `--set`. + +The `--values` option is the preferred method because it allows you to keep your overrides in a YAML file, rather than specifying them all on the command line. Create a copy of the YAML file `values.yaml` and add your overrides to it. + +Specify your overrides file when you install the chart: + + $ helm install capsule capsule-helm-chart --values myvalues.yaml -n capsule-system + +The values in your overrides file `myvalues.yaml` will override their counterparts in the chart’s values.yaml file. Any values in `values.yaml` that weren’t overridden will keep their defaults. + +If you only need to make minor customizations, you can specify them on the command line by using the `--set` option. For example: + + $ helm install capsule capsule-helm-chart --set manager.options.forceTenantPrefix=false -n capsule-system + +Here the values you can override: + + +### General Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if not (or (hasPrefix "manager" .Key) (hasPrefix "serviceMonitor" .Key) (hasPrefix "webhook" .Key) (hasPrefix "capsule-proxy" .Key) ) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Manager Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "manager" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### ServiceMonitor Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "serviceMonitor" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +### Webhook Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "webhook" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Created resources + +This Helm Chart creates the following Kubernetes resources in the release namespace: + +* Capsule Namespace +* Capsule Operator Deployment +* Capsule Service +* CA Secret +* Certificate Secret +* Tenant Custom Resource Definition +* CapsuleConfiguration Custom Resource Definition +* MutatingWebHookConfiguration +* ValidatingWebHookConfiguration +* RBAC Cluster Roles +* Metrics Service + +And optionally, depending on the values set: + +* Capsule ServiceAccount +* Capsule Service Monitor +* PodSecurityPolicy +* RBAC ClusterRole and RoleBinding for pod security policy +* RBAC Role and Rolebinding for metrics scrape + +## Notes on installing Custom Resource Definitions with Helm3 + +Capsule, as many other add-ons, defines its own set of Custom Resource Definitions (CRDs). Helm3 removed the old CRDs installation method for a more simple methodology. In the Helm Chart, there is now a special directory called `crds` to hold the CRDs. These CRDs are not templated, but will be installed by default when running a `helm install` for the chart. If the CRDs already exist (for example, you already executed `helm install`), it will be skipped with a warning. When you wish to skip the CRDs installation, and do not see the warning, you can pass the `--skip-crds` flag to the `helm install` command. + +## More + +See Capsule [tutorial](https://github.com/clastix/capsule/blob/master/docs/content/general/tutorial.md) for more information about how to use Capsule. diff --git a/charts/capsule/templates/servicemonitor.yaml b/charts/capsule/templates/servicemonitor.yaml index 9f67e17d..2bf6f03c 100644 --- a/charts/capsule/templates/servicemonitor.yaml +++ b/charts/capsule/templates/servicemonitor.yaml @@ -15,17 +15,33 @@ metadata: {{- end }} spec: endpoints: - - interval: 15s + {{- with .Values.serviceMonitor.endpoint }} + - interval: {{ .interval }} port: metrics path: /metrics + {{- with .scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .metricRelabelings }} + metricRelabelings: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .relabelings }} + relabelings: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} jobLabel: app.kubernetes.io/name + {{- with .Values.serviceMonitor.targetLabels }} + targetLabels: {{- toYaml . | nindent 4 }} + {{- end }} selector: matchLabels: - {{- include "capsule.labels" . | nindent 6 }} - {{- with .Values.serviceMonitor.matchLabels }} - {{- toYaml . | nindent 6 }} + {{- if .Values.serviceMonitor.matchLabels }} + {{- toYaml .Values.serviceMonitor.matchLabels | nindent 6 }} + {{- else }} + {{- include "capsule.labels" . | nindent 6 }} {{- end }} namespaceSelector: matchNames: - {{ .Release.Namespace }} {{- end }} + diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml index 8339c035..e0d1098d 100644 --- a/charts/capsule/values.yaml +++ b/charts/capsule/values.yaml @@ -2,30 +2,47 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# Manager Options manager: + image: + # -- Set the image repository of the capsule. repository: clastix/capsule + # -- Set the image pull policy. pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion. tag: '' - # Specifies if the container should be started in hostNetwork mode. + # -- Configuration for `imagePullSecrets` so that you can use a private images registry. + imagePullSecrets: [] + + # -- Specifies if the container should be started in hostNetwork mode. # # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom # CNI (such as calico), because control-plane managed by AWS cannot communicate # with pods' IP CIDR and admission webhooks are not working hostNetwork: false - # Additional Capsule options + # Additional Capsule Controller Options options: + # -- Set the log verbosity of the capsule with a value from 1 to 10 logLevel: '4' + # -- Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash forceTenantPrefix: false + # -- Override the Capsule user groups capsuleUserGroups: ["capsule.clastix.io"] + # -- If specified, disallows creation of namespaces matching the passed regexp protectedNamespaceRegex: "" + # -- Specifies whether capsule webhooks certificates should be generated by capsule operator generateCertificates: true + + # -- Configure the liveness probe using Deployment probe spec livenessProbe: httpGet: path: /healthz port: 10080 + + # -- Configure the readiness probe using Deployment probe spec readinessProbe: httpGet: path: /readyz @@ -38,49 +55,63 @@ manager: requests: cpu: 200m memory: 128Mi -jobs: - image: - repository: quay.io/clastix/kubectl - pullPolicy: IfNotPresent - tag: "" -imagePullSecrets: [] -serviceAccount: - create: true - annotations: {} - name: "capsule" + +# -- Annotations to add to the capsule pod. podAnnotations: {} +# The following annotations guarantee scheduling for critical add-on pods +# podAnnotations: +# scheduler.alpha.kubernetes.io/critical-pod: '' + +# -- Set the priority class name of the Capsule pod priorityClassName: '' #system-cluster-critical + +# -- Set the node selector for the Capsule pod nodeSelector: {} # node-role.kubernetes.io/master: "" + +# -- Set list of tolerations for the Capsule pod tolerations: [] #- key: CriticalAddonsOnly # operator: Exists #- effect: NoSchedule # key: node-role.kubernetes.io/master + +# -- Set the replica count for capsule pod replicaCount: 1 + +# -- Set affinity rules for the Capsule pod affinity: {} + podSecurityPolicy: + # -- Specify if a Pod Security Policy must be created enabled: false -certManager: - generateCertificates: false +jobs: + image: + # -- Set the image repository of the helm chart job + repository: quay.io/clastix/kubectl + # -- Set the image pull policy of the helm chart job + pullPolicy: IfNotPresent + # -- Set the image tag of the helm chart job + tag: "" -serviceMonitor: - enabled: false - # Install the ServiceMonitor into a different Namespace, as the monitoring stack one (default: the release one) - namespace: '' - # Assign additional labels according to Prometheus' serviceMonitorSelector matching labels - labels: {} +# ServiceAccount +serviceAccount: + # -- Specifies whether a service account should be created. + create: true + # -- Annotations to add to the service account. annotations: {} - matchLabels: {} - serviceAccount: - name: capsule - namespace: capsule-system + # -- The name of the service account to use. If not set and `serviceAccount.create=true`, a name is generated using the fullname template + name: "capsule" -# Additional labels +certManager: + # -- Specifies whether capsule webhooks certificates should be generated using cert-manager + generateCertificates: false + +# -- Additional labels which will be added to all resources created by Capsule helm chart customLabels: {} -# Additional annotations +# -- Additional annotations which will be added to all resources created by Capsule helm chart customAnnotations: {} # Webhooks configurations @@ -129,5 +160,37 @@ webhooks: operator: Exists nodes: failurePolicy: Fail + +# -- Timeout in seconds for mutating webhooks mutatingWebhooksTimeoutSeconds: 30 +# -- Timeout in seconds for validating webhooks validatingWebhooksTimeoutSeconds: 30 + +# ServiceMonitor +serviceMonitor: + # -- Enable ServiceMonitor + enabled: false + # -- Install the ServiceMonitor into a different Namespace, as the monitoring stack one (default: the release one) + namespace: '' + # -- Assign additional labels according to Prometheus' serviceMonitorSelector matching labels + labels: {} + # -- Assign additional Annotations + annotations: {} + # -- Change matching labels + matchLabels: {} + # -- Set targetLabels for the serviceMonitor + targetLabels: [] + serviceAccount: + # -- ServiceAccount for Metrics RBAC + name: capsule + # -- ServiceAccount Namespace for Metrics RBAC + namespace: capsule-system + endpoint: + # -- Set the scrape interval for the endpoint of the serviceMonitor + interval: "15s" + # -- Set the scrape timeout for the endpoint of the serviceMonitor + scrapeTimeout: "" + # -- Set metricRelabelings for the endpoint of the serviceMonitor + metricRelabelings: [] + # -- Set relabelings for the endpoint of the serviceMonitor + relabelings: [] \ No newline at end of file diff --git a/scripts/helm-docs.sh b/scripts/helm-docs.sh new file mode 100644 index 00000000..a9ee92d1 --- /dev/null +++ b/scripts/helm-docs.sh @@ -0,0 +1,11 @@ +#!/bin/bash +## Reference: https://github.com/norwoodj/helm-docs +set -eux +CHART_DIR="$(cd "$(dirname "$0")/.." && pwd)" +echo "$CHART_DIR" + +echo "Running Helm-Docs" +docker run \ + -v "$CHART_DIR:/helm-docs" \ + -u $(id -u) \ + jnorwood/helm-docs:latest \ No newline at end of file