❇️ helm support for env var config options

README.md

@@ -34,6 +34,12 @@ trigger them ad-hoc, or create a new one-off job based on existing CronJob defin
 Kronic aims to be a simple admin UI / dashboard / manager to view, suspend, trigger, edit, and delete CronJobs in a Kubernetes cluster.
 
 
+## Configuration
+
+Kronic can limit itself to a list of namespaces. Specify as a comma separated list in the `KRONIC_ALLOW_NAMESPACES` environment variable.
+The helm chart exposes this option.
+
+
 ## Deploying to K8S
 
 A helm chart is available at [./chart/kronic](./chart/kronic/). 
@@ -90,16 +96,16 @@ Kronic is a small Flask app built with:
 
 ## Todo
 
+- [x] CI/CD pipeline and versioning
+- [x] Helm chart
+- [x] Allow/Deny lists for namespaces
 - [ ] Built-in auth options
 - [ ] NetworkPolicy in helm chart
-- [ ] Allow/Deny lists for namespaces
 - [ ] Timeline / Cron schedule interpreter or display
 - [ ] YAML/Spec Validation on Edit page
 - [ ] Async refreshing of job/pods
 - [ ] Error handling for js apiClient
 - [ ] Better logging from Flask app and Kron module
 - [ ] More unit tests
 - [ ] Integration tests against ephemeral k3s cluster
-- [x] CI/CD pipeline and versioning
-- [x] Helm chart
 - [ ] Improve localdev stack with automated k3d cluster provisioning

chart/kronic/README.md

@@ -44,6 +44,7 @@ kubectl -n kronic port-forward deployment/kronic 8000:8000
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Provide scheduling affinity selectors |
+| env.KRONIC_ALLOW_NAMESPACES | string | `""` | Comma separated list of namespaces to allow access to, eg: "staging,qa,example" |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/mshade/kronic"` |  |
 | image.tag | string | `""` |  |
@@ -59,7 +60,7 @@ kubectl -n kronic port-forward deployment/kronic 8000:8000
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podSecurityContext | object | `{}` |  |
-| rbac.enabled | bool | `true` | Create ClusterRole and ClusterRoleBindings for default cronjob/job/pod permissions |
+| rbac.enabled | bool | `true` | Create ClusterRole and ClusterRoleBindings for default cluster-wide cronjob/job/pod permissions |
 | replicaCount | int | `1` | Number of replicas in deployment - min 2 for HA |
 | resources.limits.cpu | int | `1` |  |
 | resources.limits.memory | string | `"1024Mi"` |  |
@@ -73,4 +74,4 @@ kubectl -n kronic port-forward deployment/kronic 8000:8000
 | tolerations | list | `[]` |  |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

chart/kronic/templates/deployment.yaml

@@ -31,6 +31,11 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            {{- range $name, $item := .Values.env }}
+            - name: {{ $name }}
+              value: {{ $item | quote }}
+            {{- end }}
           ports:
             - name: http
               containerPort: 8000

chart/kronic/values.yaml

@@ -9,11 +9,15 @@ image:
   # Overrides the image tag whose default is the chart appVersion.
   tag: ""
 
+env:
+  # -- Comma separated list of namespaces to allow access to, eg: "staging,qa,example"
+  KRONIC_ALLOW_NAMESPACES: ""
+
 # Specify whether to create ClusterRole and ClusterRoleBinding
 # for kronic. If disabled, you will need to handle permissions
 # manually.
 rbac:
-  # -- Create ClusterRole and ClusterRoleBindings for default cronjob/job/pod permissions
+  # -- Create ClusterRole and ClusterRoleBindings for default cluster-wide cronjob/job/pod permissions
   enabled: true
 
 serviceAccount: