Helm chart for vault-ui #149
Conversation
There was a problem hiding this comment.
Thanks for the PR @ipedrazas, sorry I haven't been able to review until now.
I don't know much about helm, but does it make sense to create a proper helm/ directory for these files?
|
https://github.com/kubernetes/helm |
|
Gotcha, I'm good with this. I'm not sure what standards are. Would it make sense to put it in a |
|
sure |
kubernetes/chart/vault-ui/Chart.yaml
Outdated
| apiVersion: v1 | ||
| description: A Helm chart for Kubernetes | ||
| name: vault-ui | ||
| version: 0.1.0 |
There was a problem hiding this comment.
Can we align the version and description here with the current vault-ui version number and summary?
There was a problem hiding this comment.
Chart version and application version are 2 different things. Chart version indicates which set of resources the chart contains. Application version indicates the version of the runtime.
Happy to change the description, but I strongly advise not to sync app and chart version.
| replicaCount: 1 | ||
| image: | ||
| repository: djenriquez/vault-ui | ||
| tag: latest |
There was a problem hiding this comment.
Should this be latest? We use tagged images for production-ready releases
There was a problem hiding this comment.
latest is a better default that a certain tag. When installing or upgrading the application, Helm provides different ways of setting or overriding these values.
The chart allows you to install the application, which version of the application you want to run it's a parameter that you can inject/override.
For example, you would run latest to test that the app does what you want, but if you want to run it in prod, you will run a certain tag.
|
Good work guys, appreciate it. |
|
@beeyeas On a different note: Kubernetes secrets, up until v1.7.0, are far from secret :) They are written cleartext in etcd. |
|
@msessa , thanks for your reply. Scary to know the fact that kube-secrets stores plain text in etcd. |
* ENTRYPOINT with CUSTOM_CA_CERT env var * Replace HCL parsing library * Helm chart for vault-ui (djenriquez#149) * chart import * README added * added directory for better clarity * fix chart description * Upgrade base image to node:8.1.4-alpine (djenriquez#148) * Upgrade base image to node:8.1.4-alpine * fix invalid github endpoint var name * fix invalid github endpoint var name (djenriquez#155) * Upgrade base image to node:8.1.4-alpine * fix invalid github endpoint var name * Update Github.jsx * Okta Authentication Backend (djenriquez#156) * Add Okta resources * Remove comments * Add check for required org name * allows for server port to be configured via env var PORT (djenriquez#162) * Update PolicyPicker.jsx (djenriquez#169) * Add login button (djenriquez#172) * Add login button * Improve validation * AppRole Authentication Backend (djenriquez#171) * Initial commit for approle auth * Place role name field in new render * Add property fields + fix create/update * Complete base functionality * Update README.md * Fix README, clarify NODE_TLS_REJECT_UNAUTHORIZED * Fix typo (djenriquez#176) * Add ItemList Class (djenriquez#175) * Introduce ItemList obj * Upgrade base node image * Add ItemList to AWS, clean up * Add ItemList to AWSEc2, clean up * Fix deleteobject logic * Fix delete for AWS * Fix delete for awsec2 * Add max items per page option * Fix bug that randomly sets page * Bug fixes + itemlist progress * More bug fixes * Cleanup and rename policypicker to itempicker * Add ItemList to Radius * Add ItemList to UserPass * Refactor Secrets to use ItemList * Fix styling * Remove case insensitivity * Clean up directory separator * Fix delete regression * Cleanup itemUri * Breadcrumb Styles Improvement & "copy path" icon button (djenriquez#180) * improving breadcrumb styles, adding copy path button * improve spacing * fix dash issue w/ breadcrumb * Fix favicon (djenriquez#188) * Update README.md Add gitter badge * Add itemlist to policy management (djenriquez#187) * Update README.md * Update LICENSE * fixing behavior for ALL breaking characters * Upgrade node to 8.5, remove deprecated MAINTAINER (djenriquez#193) * clarifies expected value for VAULT_URL_DEFAULT (djenriquez#194) Adds a notice to the description of the VAULT_URL_DEFAULT parameter explaining that the protocol part of the url is mandatory. This is a workaround for the unclear error message an user gets if it is missing * Correct the dist reference for the electron app (djenriquez#199) * Add KV compatibility (djenriquez#198) * Maintenance: Upgrade packages (djenriquez#200) * Upgrade dependencies * Upgrade base node image * Add stop propogation fix for upgrade bug * Fix paging bug * Upgrade react, react-dom, pagination * Upgrade babel, webpack, extract-text-webpack-plugin; add prop-types in prep for React 16 * Update CHANGELOG * Update version * Squash big but easy bug for userpass (djenriquez#201) * v2.4.0-rc2 * Fix secrets list reset (djenriquez#202) * Fix navigation bug when access is denied (djenriquez#203) * Fix path navigation when access is denied * Cleanup fix * Improve Vault endpoint check (djenriquez#204) * empty catch statements don't resolve, breaking behavior if can't create orphan * Improve styling (djenriquez#207) * Improve real-estate * Fix z-index for content container * Fix scrolling (djenriquez#208) * Improve real-estate * Fix z-index for content container * Fix styling /w @Lucretius help * Fix right border with overflow enabled * Reduce right margin * v2.4.0-rc3 * Upgrade to node alpine-8.8 (djenriquez#218) * Add logic to handle supplied auth token header (djenriquez#220) * Fix policy schema (djenriquez#228) * Add new vault properties * Update policy schema * Remove nodemon from default run (djenriquez#227) * Updated yarn.lock after yarn build * Updated packagaes * Specify electron-builder version * Updated electron to resolve critical vulnerability
Helm chart to deploy
vault-uiinto a kubernetes cluster