Feat/add chart #287
Merged
Feat/add chart #287
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* kube2iam chart * set hostNetwork at the spec level * fixes from code review h/t @mgoodness * cleanup/style * linter, host needs to be a dictionary * move kube2iam to stable
…card support (#387)
* .Values.host.interface shouldn't be quoted
In some network configurations we have to handle traffic to the metadata api
from multiple interfaces - typically the node side of a veth pair, where the
other side lives inside a Pod's network namespace. We could use the wildcard
functionality in iptables to do this, but setting `host.interface: veth+` in
this chart doesn't work.
This is because the parameter is quoted in the DaemonSet template and kube2iam
ends up sending the parameter it receives on the command-line directly to
`execvp("iptables", ...)`, which means that the parameter stays quoted all the
way into the actual iptables rule. So you end up with a rule that looks like
this:
```shell
iptables -t nat -S PREROUTING | grep 169.254.169.254
-A PREROUTING -d 169.254.169.254/32 -i "veth+" -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:8181
```
this rule only matches an interface named exactly veth+ since the wildcard
character apparently isn't expanded when the interface name is quoted. If we
remove the quoting we can support iptables wildcards and I don't see why it
shouldn't work for exact matching the interface name still.
* Bump version
* Missing chart in helm install statement Usage: (v2.1.3) helm install [CHART] [flags] * Include chart in install statement * Fix set flag to use strings as required * Trim to single line set option * Managed to stomp the package during rebase * Consistency of install package
* Added .helmignore * Updated common labels per proposed best practices * Split image repository and tag * Don't quote host interface argument (fix) * Added verbose option * Docs * YAML formatting * Removed default function in favor of values.yaml
* Pedantic commenting * No default resources * Semver-compliant
* [stable/kube2iam] Rolling updates Also bump to latest image version * Allow further update strategies
* add rbac support * solve and edge-case when turning off rbac
Use consistent whitespace in template placeholders
* fix: update default image version to latest * Bump chart version
* Allow user-managed RBAC * Add namespaces to ClusterRole
* Set UpdateStrategy using .Capabilities * Bump chart version
Added a secret resource to allow setting AWS access keys and region
* Add liveness check so kube takes care of kube2iam in the event of any issues * Configure --app-port to remain consistent with Helm chart value of .host.port * Bump minor version * Remove option to disable liveness probe
* patch3 patch3 * patch-2 tables patch-2 tables
…… (#4535) * kube2iam update to 0.10.0; fixes 5th generation instance types and cross namespace permissions * kube2iam adding home to Chart.yaml
* Fix for version comparison from strings to semver See #3002 for more detail * Updating maintainers to github ids * Fixing " error due to wrong " character * Include pre-releases in the semver ranges This is important when testing against alpha and beta builds of Kubernetes along with environments that use pre-releases to denote things other than pre-releases (e.g., gke denotes the environment with a pre-releases)
* Update README.md * Incrementing the chart version
* Support extra container environment variables. * [stable/kube2iam] Ensure extra container environment variable values are quoted.
* [kube2iam] Add node flag to limit relevant pods * Update Chart.yaml
* added missing get verb Signed-off-by: Amir Kibbar <amir.kibbar@gmail.com> * bumped version Signed-off-by: Amir Kibbar <amir.kibbar@gmail.com>
Signed-off-by: Taehyun Kim <kgyoo8232@gmail.com>
Changes: - Adds ServiceMonitor & Service resources for use with Prometheus Operator. - Allows configuring the metrics port option of kube2iam and will configure the new named port on the DaemonSet when applicable. - Adds docs for all new config params Bonus: - Adds missing docs for `host.port` config param Signed-off-by: Will Frew <will.frew1@gmail.com>
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
does not change metrics port and requires second custom port Signed-off-by: George Kaz <egeorgekaz@gmail.com>
… (#15626) * Upgrade Kube2iam, Add prometheus service annotations Signed-off-by: Fabio Todaro <fbregist@gmail.com> * Update README Signed-off-by: Fabio Todaro <fbregist@gmail.com>
See https://helm.sh/docs/chart_best_practices/#standard-labels Since the DaemonSet's selector is immutable, this is breaking change and will require a deletion and recreation, hence the major version bump. Signed-off-by: Peter Rifel <pgrifel@gmail.com>
* [stable/kube2iam] Update version in documentation Change version from 0.10.4 to 0.10.7 Signed-off-by: Nicolas Vanheuverzwijn <nicolas.vanheu@gmail.com> * Bump chart version from 2.0.0 to 2.0.1 Signed-off-by: Nicolas Vanheuverzwijn <nicolas.vanheu@gmail.com>
Signed-off-by: Dennis Webb <dennis@bluesentryit.com>
Signed-off-by: Benjamin Farley <benalfarley@gmail.com>
…bility (#18784) * [stable/kube2iam] Update the kube2iam apiVersion for k8s 1.16 compatibility Signed-off-by: Mike Tougeron <tougeron@adobe.com> * [stable/kube2iam] fix the selector Signed-off-by: Mike Tougeron <tougeron@adobe.com>
…redentials (#21265) * Allow setting a custom secret name to use for AWS credentials in the event that the secret is populated from outside of helm for security purposes Signed-off-by: Mike Tougeron <tougeron@adobe.com> * [stable/kube2iam] call the variable existingSecret Signed-off-by: Mike Tougeron <tougeron@adobe.com> * Bump minor version for new feature Signed-off-by: Reinhard Nägele <unguiculus@gmail.com> Co-authored-by: Reinhard Nägele <unguiculus@gmail.com>
Signed-off-by: Yannick Kint <yannick.kint@gmail.com>
kube2iam v0.10.9 supports 1.17.3 due to client-go version upgrades Signed-off-by: Marius Voila <myself@mariusv.com>
Signed-off-by: Alex Williams <alex.williams@skyscanner.net>
…2717) * allow to customise livenessProbe parameters Signed-off-by: Luigi Tagliamonte <luigi.tagliamonte@doordash.com> * bump chart version Signed-off-by: Luigi Tagliamonte <luigi.tagliamonte@doordash.com> * document variables in the README Signed-off-by: Luigi Tagliamonte <luigi.tagliamonte@doordash.com>
Signed-off-by: Scott Rigby <scott@r6by.com>
Signed-off-by: Marius Voila <myself@mariusv.com>
Signed-off-by: Marius Voila <myself@mariusv.com>
|
Thanks a lot @mariusv !!! |
zhimsel
reviewed
Nov 13, 2020
There was a problem hiding this comment.
In order for the chart to be properly hosted, a Github Pages site needs to be created for this directory and some Github Actions need to be set up to package the chart. Please see the original comment in the issue for more info.
| To install the chart with the release name `my-release`: | ||
|
|
||
| ```console | ||
| $ helm repo add kube2iam https://buildkite.github.io/charts/ |
There was a problem hiding this comment.
Pretty sure this URL is not correct. That repo is for Buildkite, not this chart. Was Github Pages set up for this repo? Once it is, I believe this URL should be https://<pages_name>.github.io/charts (or something along those lines).
| ```console | ||
| $ helm repo add kube2iam https://buildkite.github.io/charts/ | ||
| $ helm repo update | ||
| $ helm install stable/kube2iam --name my-release |
There was a problem hiding this comment.
This should not be stable...
helm install kube2iam/kube2iam --name my-release
|
|
||
| ```console | ||
| $ helm repo add kube2iam https://buildkite.github.io/charts/ | ||
| $ helm repo update |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #277