-
Notifications
You must be signed in to change notification settings - Fork 702
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rename Pinniped Proxy TLS values in chart #5192
Conversation
Signed-off-by: Rafa Castelblanque <rcastelblanq@vmware.com>
✅ Deploy Preview for kubeapps-dev canceled.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
chart/kubeapps/values.yaml
Outdated
## TLS settings for Pinniped Proxy | ||
## @param pinnipedProxy.tls.existingSecret TLS secret with which to proxy requests | ||
## @param pinnipedProxy.tls.caCertificate TLS CA cert config map which clients of pinniped proxy should use with TLS requests | ||
## This config map must contain a ca.crt key with the CA cert content as the value. | ||
## | ||
TLSSecret: "" | ||
## @param pinnipedProxy.CACert Specify the TLS CA cert config map which | ||
## clients of pinniped proxy should use with tls requests. This config map | ||
## must contain a ca.crt key with the CA cert content as the value. | ||
## | ||
CACert: "" | ||
## @param pinnipedProxy.lifecycleHooks for the Pinniped Proxy container(s) to automate configuration before or after startup | ||
tls: | ||
## Optional TLS secret with which to proxy requests | ||
existingSecret: "" | ||
## TLS CA cert config map which clients of pinniped proxy should use with tls requests. | ||
## This config map must contain a ca.crt key with the CA cert content as the value. | ||
caCertificate: "" | ||
## @param pinnipedProxy.lifecycleHooks For the Pinniped Proxy container(s) to automate configuration before or after startup | ||
## |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about this format? This way we avoid repeating the explanation, no?
...
defaultPinnipedAPISuffix: pinniped.dev
## TLS settings for Pinniped Proxy
## ref: https://kubeapps.dev/docs/latest/howto/oidc/using-an-oidc-provider-with-pinniped/#running-the-pinniped-proxy-service-over-tls
tls:
## @param pinnipedProxy.tls.existingSecret TLS secret with which to proxy requests
##
existingSecret: ""
## @param pinnipedProxy.tls.caCertificate TLS CA cert config map which clients of pinniped proxy should use with TLS requests
## This config map must contain a ca.crt key with the CA cert content as the value.
##
caCertificate: ""
## @param pinnipedProxy.lifecycleHooks For the Pinniped Proxy container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, done. I thought of doing this way, but saw the blocks above in the values.yaml
and all params where aggregated in the parent one. Didn't know it could be done in this way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd recall the support for these non-aggregated parms was added after we built the values.yaml, but now that it's supported, we better use it. In fact, I've double-checked it running the readmenator manually because I wasn'ts sure haha
Signed-off-by: Rafa Castelblanque <rcastelblanq@vmware.com>
Signed-off-by: Rafa Castelblanque rcastelblanq@vmware.com
Description of the change
Renames a couple of chart values regarding TLS for Pinniped proxy.
Benefits
Kubeapps chart is in line with TLS parameters used by Bitnami.
Possible drawbacks
N/A
Applicable issues