diff --git a/deployment/chainloop/Chart.yaml b/deployment/chainloop/Chart.yaml index f7ee5cdce..a165eed2b 100644 --- a/deployment/chainloop/Chart.yaml +++ b/deployment/chainloop/Chart.yaml @@ -3,7 +3,7 @@ name: chainloop description: Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process. type: application -version: 1.1.0 +version: 1.1.1 appVersion: v0.8.99 dependencies: diff --git a/deployment/chainloop/README.md b/deployment/chainloop/README.md index 10deb0113..c588e0f87 100644 --- a/deployment/chainloop/README.md +++ b/deployment/chainloop/README.md @@ -157,7 +157,7 @@ helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ | Name | Description | Value | | ------------------------------------------- | -------------------------------------------------------------------- | ----------- | | `secretsBackend.backend` | Secrets backend type ("vault" or "awsSecretManager") | `vault` | -| `secretsBackend.secretPrefix` | Prefix that will be pre-pended to all secrets in the storage backend | `chainloop` | +| `secretsBackend.secretPrefix` | Prefix that will be pre-pended to all secrets in the storage backend | `chainloop` | | `secretsBackend.vault.address` | Vault address | | | `secretsBackend.vault.token` | Vault authentication token | | | `secretsBackend.awsSecretManager.accessKey` | AWS Access KEY ID | | @@ -195,13 +195,12 @@ helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ ### Control Plane Authentication -| Name | Description | Value | -| --------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | -| `controlplane.auth.passphrase` | Passphrase used to sign the Auth Tokens generated by the controlplane. Leave empty for auto-generation | `""` | -| `controlplane.auth.oidc.url` | Full authentication path, it should match the issuer URL of the Identity provider (IDp) | `""` | -| `controlplane.auth.oidc.clientID` | OIDC IDp clientID | `""` | -| `controlplane.auth.oidc.clientSecret` | OIDC IDp clientSecret | `""` | -| `controlplane.auth.redirectURLScheme` | Schema that will be used during authentication | `https` | +| Name | Description | Value | +| ------------------------------------- | ------------------------------------------------------------------------------------------------------ | ----- | +| `controlplane.auth.passphrase` | Passphrase used to sign the Auth Tokens generated by the controlplane. Leave empty for auto-generation | `""` | +| `controlplane.auth.oidc.url` | Full authentication path, it should match the issuer URL of the Identity provider (IDp) | `""` | +| `controlplane.auth.oidc.clientID` | OIDC IDp clientID | `""` | +| `controlplane.auth.oidc.clientSecret` | OIDC IDp clientSecret | `""` | ### Control Plane Networking @@ -245,15 +244,17 @@ helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ ### Controlplane Misc -| Name | Description | Value | -| ------------------------------------------------------------ | ----------------------------- | ------- | -| `controlplane.resources.limits` | Container resource limits | `{}` | -| `controlplane.resources.requests` | Container resource requests | `{}` | -| `controlplane.autoscaling.enabled` | Enable deployment autoscaling | `false` | -| `controlplane.autoscaling.minReplicas` | Minimum number of replicas | `1` | -| `controlplane.autoscaling.maxReplicas` | Maximum number of replicas | `100` | -| `controlplane.autoscaling.targetCPUUtilizationPercentage` | Target CPU percentage | `80` | -| `controlplane.autoscaling.targetMemoryUtilizationPercentage` | Target CPU memory | `80` | +| Name | Description | Value | +| ------------------------------------------------------------ | ---------------------------------- | ------- | +| `controlplane.resources.limits.cpu` | Container resource limits CPU | `250m` | +| `controlplane.resources.limits.memory` | Container resource limits memory | `512Mi` | +| `controlplane.resources.requests.cpu` | Container resource requests CPU | `250m` | +| `controlplane.resources.requests.memory` | Container resource requests memory | `512Mi` | +| `controlplane.autoscaling.enabled` | Enable deployment autoscaling | `false` | +| `controlplane.autoscaling.minReplicas` | Minimum number of replicas | `1` | +| `controlplane.autoscaling.maxReplicas` | Maximum number of replicas | `100` | +| `controlplane.autoscaling.targetCPUUtilizationPercentage` | Target CPU percentage | `80` | +| `controlplane.autoscaling.targetMemoryUtilizationPercentage` | Target CPU memory | `80` | ### Artifact Content Addressable (CAS) API @@ -288,15 +289,17 @@ helm install [RELEASE_NAME] oci://ghcr.io/chainloop-dev/charts/chainloop \ ### CAS Misc -| Name | Description | Value | -| --------------------------------------------------- | ----------------------------- | ------- | -| `cas.resources.limits` | Container resource limits | `{}` | -| `cas.resources.requests` | Container resource requests | `{}` | -| `cas.autoscaling.enabled` | Enable deployment autoscaling | `false` | -| `cas.autoscaling.minReplicas` | Minimum number of replicas | `1` | -| `cas.autoscaling.maxReplicas` | Maximum number of replicas | `100` | -| `cas.autoscaling.targetCPUUtilizationPercentage` | Target CPU percentage | `80` | -| `cas.autoscaling.targetMemoryUtilizationPercentage` | Target CPU memory | `80` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------- | ------- | +| `cas.resources.limits.cpu` | Container resource limits CPU | `250m` | +| `cas.resources.limits.memory` | Container resource limits memory | `512Mi` | +| `cas.resources.requests.cpu` | Container resource requests CPU | `250m` | +| `cas.resources.requests.memory` | Container resource requests memory | `512Mi` | +| `cas.autoscaling.enabled` | Enable deployment autoscaling | `false` | +| `cas.autoscaling.minReplicas` | Minimum number of replicas | `1` | +| `cas.autoscaling.maxReplicas` | Maximum number of replicas | `100` | +| `cas.autoscaling.targetCPUUtilizationPercentage` | Target CPU percentage | `80` | +| `cas.autoscaling.targetMemoryUtilizationPercentage` | Target CPU memory | `80` | ### Dependencies diff --git a/deployment/chainloop/templates/_helpers.tpl b/deployment/chainloop/templates/_helpers.tpl index e7b717ede..542621ee9 100644 --- a/deployment/chainloop/templates/_helpers.tpl +++ b/deployment/chainloop/templates/_helpers.tpl @@ -99,9 +99,9 @@ NOTE: Load balancer service type is not supported {{- $ingress := .Values.controlplane.ingress }} {{- if (and $ingress $ingress.enabled $ingress.hostname) }} -{{- $ingress.hostname }} +{{- printf "%s://%s" (ternary "https" "http" $ingress.tls ) $ingress.hostname }} {{- else if (and (eq $service.type "NodePort") $service.nodePorts (not (empty $service.nodePorts.http))) }} -{{- printf "localhost:%s" $service.nodePorts.http }} +{{- printf "http://localhost:%s" $service.nodePorts.http }} {{- else -}} null {{- end -}} diff --git a/deployment/chainloop/templates/controlplane/config.configmap.yaml b/deployment/chainloop/templates/controlplane/config.configmap.yaml index 01d9a2c90..797ffa3c0 100644 --- a/deployment/chainloop/templates/controlplane/config.configmap.yaml +++ b/deployment/chainloop/templates/controlplane/config.configmap.yaml @@ -18,7 +18,7 @@ data: http: addr: 0.0.0.0:8000 timeout: 1s - external_addr: {{ include "chainloop.controlplane.external_url" . }} + external_url: {{ include "chainloop.controlplane.external_url" . }} http_metrics: addr: 0.0.0.0:5000 grpc: diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml index 27aa4bd03..a6d9f4186 100644 --- a/deployment/chainloop/values.yaml +++ b/deployment/chainloop/values.yaml @@ -139,13 +139,10 @@ controlplane: ## @param controlplane.auth.oidc.url Full authentication path, it should match the issuer URL of the Identity provider (IDp) ## @param controlplane.auth.oidc.clientID OIDC IDp clientID ## @param controlplane.auth.oidc.clientSecret OIDC IDp clientSecret - ## @param controlplane.auth.redirectURLScheme Schema that will be used during authentication oidc: url: "" clientID: "" clientSecret: "" - # TODO: look into automatically inference https://github.com/chainloop-dev/chainloop/issues/61 - redirectURLScheme: "https" ## @section Control Plane Networking service: @@ -379,8 +376,10 @@ controlplane: ## @section Controlplane Misc ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param controlplane.resources.limits Container resource limits - ## @param controlplane.resources.requests Container resource requests + ## @param controlplane.resources.limits.cpu Container resource limits CPU + ## @param controlplane.resources.limits.memory Container resource limits memory + ## @param controlplane.resources.requests.cpu Container resource requests CPU + ## @param controlplane.resources.requests.memory Container resource requests memory resources: # GKE auto-pilot min # https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-resource-requests#min-max-requests @@ -550,8 +549,10 @@ cas: ## @section CAS Misc ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param cas.resources.limits Container resource limits - ## @param cas.resources.requests Container resource requests + ## @param cas.resources.limits.cpu Container resource limits CPU + ## @param cas.resources.limits.memory Container resource limits memory + ## @param cas.resources.requests.cpu Container resource requests CPU + ## @param cas.resources.requests.memory Container resource requests memory resources: # GKE auto-pilot min # https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-resource-requests#min-max-requests