[stable/concourse] Include documentation for Concourse-specific values in README

[cirocosta]

As noted by @xulsitatirev and few others when submitting PRs, stable/concourse right now misses description and default values for all of the concourse-specific variables that can be set.

While it's possible for someone to go through values.yaml and see which values can be set, it's inconsistent with the expectations set by all of the others charts, which document the values there in the README.md file.

The Concourse team already automated the checking of parameters to be sure that we have all possible concourse web and concourse worker parameters included in the chart (see https://github.com/concourse/concourse/blob/7588664d249ff60446304a5c0cb0000687fe1aa3/ci/pipelines/concourse.yml#L319-L339), so I'd say we could do something similar for this too.

[cirocosta]

I wrote a little tool to parse the values from values.yaml and the table at README.md (https://github.com/cirocosta/charts-values-check), and comparing all of the values we have in the README.md against those that are uncommented in values.yaml:

diff --git a/tmp/readme b/tmp/values
index 678294c..3ecbd7b 100644
--- a/tmp/readme
+++ b/tmp/values
@@ -1,87 +1,13 @@
-concourse.web.auth.cf.enabled
-concourse.web.auth.github.enabled
-concourse.web.auth.gitlab.enabled
-concourse.web.auth.ldap.enabled
-concourse.web.auth.mainTeam.cf.org
-concourse.web.auth.mainTeam.cf.space
-concourse.web.auth.mainTeam.cf.spaceGuid
-concourse.web.auth.mainTeam.cf.user
-concourse.web.auth.mainTeam.github.org
-concourse.web.auth.mainTeam.github.team
-concourse.web.auth.mainTeam.github.user
-concourse.web.auth.mainTeam.gitlab.group
-concourse.web.auth.mainTeam.gitlab.user
-concourse.web.auth.mainTeam.ldap.group
-concourse.web.auth.mainTeam.ldap.user
-concourse.web.auth.mainTeam.localUser
-concourse.web.auth.mainTeam.oauth.group
-concourse.web.auth.mainTeam.oauth.user
-concourse.web.auth.mainTeam.oidc.group
-concourse.web.auth.mainTeam.oidc.user
-concourse.web.auth.oauth.enabled
-concourse.web.auth.oidc.enabled
-concourse.web.awsSecretsManager.enabled
-concourse.web.awsSsm.enabled
-concourse.web.bindPort
-concourse.web.datadog.agentHost
-concourse.web.datadog.agentHostUseHostIP
-concourse.web.datadog.agentPort
-concourse.web.datadog.enabled
-concourse.web.encryption.enabled
-concourse.web.gc.interval
-concourse.web.gc.oneOffGracePeriod
-concourse.web.gc.overrideDefaults
-concourse.web.influxdb.database
-concourse.web.influxdb.enabled
-concourse.web.influxdb.insecureSkipVerify
-concourse.web.influxdb.url
-concourse.web.kubernetes.createTeamNamespaces
-concourse.web.kubernetes.enabled
-concourse.web.kubernetes.keepNamespaces
-concourse.web.kubernetes.teams
-concourse.web.localAuth.enabled
-concourse.web.metrics.attribute
-concourse.web.metrics.hostName
-concourse.web.newrelic.enabled
-concourse.web.postgres.connectTimeout
-concourse.web.postgres.database
-concourse.web.postgres.host
-concourse.web.postgres.port
-concourse.web.postgres.sslmode
-concourse.web.prometheus.bindIp
-concourse.web.prometheus.bindPort
-concourse.web.prometheus.enabled
-concourse.web.riemann.enabled
-concourse.web.riemann.port
-concourse.web.staticWorker.baggageclaimUrl
-concourse.web.staticWorker.enabled
-concourse.web.staticWorker.gardenUrl
-concourse.web.staticWorker.resource
-concourse.web.syslog.drainInterval
-concourse.web.syslog.enabled
-concourse.web.syslog.useCaCert
-concourse.web.tls.enabled
-concourse.web.tsa.bindPort
-concourse.web.vault.enabled
-concourse.web.vault.pathPrefix
-concourse.web.vault.retryInitial
-concourse.web.vault.retryMax
-concourse.worker.baggageclaim.driver
-concourse.worker.garden.bindPort
-concourse.worker.tsa.host
-concourse.worker.workDir
-fullnameOverride
 image
 imagePullPolicy
+imagePullSecrets
 imageTag
-nameOverride
 persistence.enabled
 persistence.worker.accessMode
 persistence.worker.size
+persistence.worker.storageClass
 postgresql.enabled
-postgresql.persistence.accessMode
 postgresql.persistence.enabled
-postgresql.persistence.size
 postgresql.postgresDatabase
 postgresql.postgresPassword
 postgresql.postgresUser
@@ -89,41 +15,89 @@ rbac.apiVersion
 rbac.create
 rbac.webServiceAccountName
 rbac.workerServiceAccountName
+secrets.awsSsmAccessKey
+secrets.awsSsmSecretKey
+secrets.awsSsmSessionToken
+secrets.cfCaCert
+secrets.cfClientId
+secrets.cfClientSecret
 secrets.create
+secrets.encryptionKey
+secrets.githubCaCert
+secrets.githubClientId
+secrets.githubClientSecret
+secrets.gitlabClientId
+secrets.gitlabClientSecret
 secrets.hostKey
 secrets.hostKeyPub
+secrets.influxdbPassword
 secrets.localUsers
+secrets.oauthCaCert
+secrets.oauthClientId
+secrets.oauthClientSecret
+secrets.oidcCaCert
+secrets.oidcClientId
+secrets.oidcClientSecret
+secrets.oldEncryptionKey
+secrets.postgresqlCaCert
+secrets.postgresqlClientCert
+secrets.postgresqlClientKey
+secrets.postgresqlPassword
+secrets.postgresqlUser
 secrets.sessionSigningKey
+secrets.syslogCaCert
+secrets.vaultAuthParam
+secrets.vaultCaCert
+secrets.vaultClientCert
+secrets.vaultClientKey
+secrets.vaultClientToken
+secrets.webTlsCert
+secrets.webTlsKey
 secrets.workerKey
 secrets.workerKeyPub
+web.additionalAffinities
+web.additionalVolumeMounts
+web.additionalVolumes
+web.annotations
 web.authSecretsPath
+web.env
+web.ingress.annotations
 web.ingress.enabled
-web.keySecretsPath
-web.livenessProbe.failureThreshold
-web.livenessProbe.httpGet.path
-web.livenessProbe.httpGet.port
-web.livenessProbe.initialDelaySeconds
-web.livenessProbe.periodSeconds
-web.livenessProbe.timeoutSeconds
-web.postgresqlSecretsPath
-web.readinessProbe.httpGet.path
-web.readinessProbe.httpGet.port
+web.ingress.hosts
+web.ingress.tls
+web.keysSecretsPath
+web.livenessProbe
+web.nameOverride
+web.nodeSelector
+web.postgresqlSecrtsPath
+web.readinessProbe
 web.replicas
-web.resources.requests.cpu
-web.resources.requests.memory
+web.resources
+web.service.annotations
+web.service.atcNodePort
+web.service.atcTlsNodePort
+web.service.labels
+web.service.loadBalancerIP
+web.service.loadBalancerSourceRanges
+web.service.tsaNodePort
 web.service.type
 web.syslogSecretsPath
-web.tlsSecretsPath
 web.tolerations
 web.vaultSecretsPath
+worker.additionalAffinities
+worker.additionalVolumeMounts
+worker.additionalVolumes
+worker.annotations
+worker.emptyDirSize
+worker.env
 worker.fatalErrors
 worker.hardAntiAffinity
-worker.keySecretsPath
+worker.keysSecretsPath
 worker.minAvailable
+worker.nameOverride
 worker.podManagementPolicy
 worker.replicas
-worker.resources.requests.cpu
-worker.resources.requests.memory
+worker.resources
 worker.terminationGracePeriodSeconds
 worker.tolerations
 worker.updateStrategy

The "problem" with it (the tool) is that it only considers uncommented values. So far, we've been having most of the values that are specific to Concourse commented so that Concourse would use its own defaults (as set in the binary), reducing the number of env vars we end up setting.

[ghost]

@cirocosta Good tool. We are going to take into it.
Can you assign me to this task? I will be happy to contribute.

[cirocosta]

Hey @xulsitatirev , sure!

I just finished #11296 which should be very helpful for getting this particular issue done and ensuring that we can keep track of those variables and enforce the documentation on every PR.

Would you mind reviewing that one too?

Thx!

[ghost]

@cirocosta Yup! Will do tomorrow.

[ghost]

Eh; my tomorrow is sometimes 4 days later. I am really sorry. Reviewed.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

[stale]

This issue is being automatically closed due to inactivity.