diff --git a/Makefile b/Makefile index 79e7f3f..073d5c3 100644 --- a/Makefile +++ b/Makefile @@ -36,13 +36,13 @@ schema: helm-schema -n -c charts/beam helm-schema -n -c charts/namespace helm-schema -n -c charts/sesamy-gtm + helm-schema -n -c charts/sesamy-umami helm-schema -n -c charts/gateway-crds helm-schema -n -c charts/contentserver helm-schema -n -c charts/squadron-keel-server helm-schema -n -c charts/squadron-keel-cronjob helm-schema -n -c charts/squadron-nextjs-server helm schema-gen charts/csp-reporter/values.yaml > charts/csp-reporter/values.schema.json - helm schema-gen charts/sesamy-umami/values.yaml > charts/sesamy-umami/values.schema.json #@set -e; for dir in ./charts/* ; do \ # helm-schema -n -c $${dir} ;\ #done diff --git a/charts/contentserver/Chart.yaml b/charts/contentserver/Chart.yaml index 32aba17..e0c2467 100644 --- a/charts/contentserver/Chart.yaml +++ b/charts/contentserver/Chart.yaml @@ -17,5 +17,5 @@ annotations: - name: Image Source url: https://github.com/foomo/contentserver -version: 0.1.1 +version: 0.2.0 appVersion: 1.11.2 diff --git a/charts/contentserver/README.md b/charts/contentserver/README.md index 7221e42..0dc4ce4 100644 --- a/charts/contentserver/README.md +++ b/charts/contentserver/README.md @@ -1,6 +1,6 @@ # contentserver -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.11.2](https://img.shields.io/badge/AppVersion-1.11.2-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.11.2](https://img.shields.io/badge/AppVersion-1.11.2-informational?style=flat-square) Helm chart for the foomo Content Server. @@ -138,6 +138,14 @@ Helm chart for the foomo Content Server. | revisionHistoryLimit | int | `10` | Number of revisions to keep | | updateStrategy | string | `"RollingUpdate"` | Deployment update strategy | +### Routing + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| routing.enabled | bool | `false` | Indicates wether routing is enabled or not | +| routing.parentRefs | list | `[]` | Parent references | +| routing.paths | list | `[]` | Path matches | + ### Scheduling | Key | Type | Default | Description | diff --git a/charts/contentserver/templates/httproute.yaml b/charts/contentserver/templates/httproute.yaml new file mode 100644 index 0000000..5af8686 --- /dev/null +++ b/charts/contentserver/templates/httproute.yaml @@ -0,0 +1,22 @@ +{{- if .Values.routing.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "contentserver.fullname" . }} + labels: {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + {{- with .Values.routing.parentRefs }} + parentRefs: {{ toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range .Values.routing.paths }} + - matches: + - path: + type: {{ default .pathType "PathPrefix" }} + value: {{ .path }} + backendRefs: + - name: {{ include "contentserver.fullname" $ }} + port: {{ .port }} + {{- end }} +{{- end }} diff --git a/charts/contentserver/values.schema.json b/charts/contentserver/values.schema.json index 3b2d323..36eed83 100644 --- a/charts/contentserver/values.schema.json +++ b/charts/contentserver/values.schema.json @@ -790,6 +790,44 @@ "title": "revisionHistoryLimit", "type": "integer" }, + "routing": { + "additionalProperties": false, + "description": "Routing settings", + "properties": { + "enabled": { + "default": false, + "description": "Indicates wether routing is enabled or not", + "required": [], + "title": "enabled", + "type": "boolean" + }, + "parentRefs": { + "description": "Parent references", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "parentRefs", + "type": "array" + }, + "paths": { + "description": "Path matches", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "paths", + "type": "array" + } + }, + "required": [], + "title": "routing", + "type": "object" + }, "scheduling": { "additionalProperties": false, "description": "Scheduling settings", diff --git a/charts/contentserver/values.yaml b/charts/contentserver/values.yaml index a3e22cd..4bf69d6 100644 --- a/charts/contentserver/values.yaml +++ b/charts/contentserver/values.yaml @@ -447,6 +447,36 @@ ingress: # hosts: # - chart-example.local +# @schema +# type: object +# @schema +# Routing settings +routing: + # @schema + # type: boolean + # @schema + # -- Indicates wether routing is enabled or not + # @section -- Routing + enabled: false + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Path matches + # @section -- Routing + paths: [] + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Parent references + # @section -- Routing + parentRefs: [] + # @schema # type: object # @schema diff --git a/charts/sesamy-gtm/Chart.yaml b/charts/sesamy-gtm/Chart.yaml index 1ecdaef..b17e28d 100644 --- a/charts/sesamy-gtm/Chart.yaml +++ b/charts/sesamy-gtm/Chart.yaml @@ -15,5 +15,5 @@ annotations: url: https://github.com/foomo/helm-charts/tree/main/charts/sesamy-gtm - name: GTM Changelog url: https://developers.google.com/tag-platform/tag-manager/server-side/release-notes -version: 0.1.3 +version: 0.2.0 appVersion: 2.4.0 diff --git a/charts/sesamy-gtm/README.md b/charts/sesamy-gtm/README.md index d47d17d..5d5bde0 100644 --- a/charts/sesamy-gtm/README.md +++ b/charts/sesamy-gtm/README.md @@ -1,6 +1,6 @@ # sesamy-gtm -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square) Helm chart for the Sesamy GTM tagging & preview service. @@ -93,8 +93,8 @@ Helm chart for the Sesamy GTM tagging & preview service. | ingress.annotations | object | `{}` | Annotations | | ingress.className | string | `""` | Ingress class name | | ingress.enabled | bool | `false` | Enable ingress | -| ingress.hosts | list | `["example.com"]` | Hosts to listen to | -| ingress.paths | object | `{"preview":[{"path":"/gtm","pathType":"Prefix","port":8080}],"tagging":[{"path":"/gtm.js","pathType":"Exact","port":8080},{"path":"/gtag/js","pathType":"Prefix","port":8080},{"path":"/g/collect","pathType":"Prefix","port":8080}]}` | Path settings | +| ingress.hosts | list | `[]` | Hosts to listen to | +| ingress.paths | object | `{"preview":[{"path":"/gtm","pathType":"Prefix","port":8080}],"tagging":[{"path":"/gtm.js","pathType":"Exact","port":8080},{"path":"/_set_cookie","pathType":"Exact","port":8080},{"path":"/gtag/js","pathType":"Prefix","port":8080},{"path":"/g/collect","pathType":"Prefix","port":8080}]}` | Path settings | | ingress.tls | list | `[]` | Tls setttings | ### Network Policy @@ -163,6 +163,14 @@ Helm chart for the Sesamy GTM tagging & preview service. | revisionHistoryLimit | int | `10` | Number of revisions to keep | | updateStrategy | string | `"RollingUpdate"` | Deployment update strategy | +### Routing + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| routing.enabled | bool | `false` | Indicates wether routing is enabled or not | +| routing.parentRefs | list | `[]` | Parent references | +| routing.paths | object | `{"preview":[{"path":"/gtm","pathType":"PathPrefix","port":8080}],"tagging":[{"path":"/gtm.js","pathType":"Exact","port":8080},{"path":"/_set_cookie","pathType":"Exact","port":8080},{"path":"/gtag/js","pathType":"PathPrefix","port":8080},{"path":"/g/collect","pathType":"PathPrefix","port":8080}]}` | Path matches | + ### Scheduling | Key | Type | Default | Description | @@ -192,6 +200,7 @@ Helm chart for the Sesamy GTM tagging & preview service. | serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels | | serviceMonitor.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion | | serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping | +| serviceMonitor.scrapeTimeout | string | `""` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) | | serviceMonitor.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric | ### Tagging @@ -222,9 +231,3 @@ Helm chart for the Sesamy GTM tagging & preview service. | tagging.service.type | string | `"ClusterIP"` | Type of the service | | tagging.startupProbe | object | `{"httpGet":{"path":"/healthz","port":"http"}}` | Liveness probe settings for pods | -### Other Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| serviceMonitor.scrapeTimeout | string | `""` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) | - diff --git a/charts/sesamy-gtm/templates/httproute.yaml b/charts/sesamy-gtm/templates/httproute.yaml new file mode 100644 index 0000000..23f1183 --- /dev/null +++ b/charts/sesamy-gtm/templates/httproute.yaml @@ -0,0 +1,25 @@ +{{- if .Values.routing.enabled }} +{{- $fullName := include "sesamy.gtm.fullname" . -}} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ $fullName }} + labels: {{- include "sesamy.gtm.labels" . | nindent 4 }} + namespace: {{ include "sesamy.gtm.namespace" . }} +spec: + {{- with .Values.routing.parentRefs }} + parentRefs: {{ toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range $svcName, $paths := $.Values.routing.paths }} + {{- range $paths }} + - matches: + - path: + type: {{ default .pathType "PathPrefix" }} + value: {{ .path }} + backendRefs: + - name: {{ include "sesamy.gtm.fullname" $ }}-{{ $svcName }} + port: {{ .port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/sesamy-gtm/templates/ingress.yaml b/charts/sesamy-gtm/templates/ingress.yaml index a69c19e..6d2460d 100644 --- a/charts/sesamy-gtm/templates/ingress.yaml +++ b/charts/sesamy-gtm/templates/ingress.yaml @@ -4,11 +4,9 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} - labels: - {{- include "sesamy.gtm.labels" . | nindent 4 }} + labels: {{- include "sesamy.gtm.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} + annotations: {{- toYaml . | nindent 4 }} {{- end }} namespace: {{ include "sesamy.gtm.namespace" . }} spec: diff --git a/charts/sesamy-gtm/values.schema.json b/charts/sesamy-gtm/values.schema.json index 44a5c6f..cb34bb2 100644 --- a/charts/sesamy-gtm/values.schema.json +++ b/charts/sesamy-gtm/values.schema.json @@ -554,6 +554,35 @@ ], "type": "object" }, + { + "additionalProperties": false, + "properties": { + "path": { + "default": "/_set_cookie", + "required": [], + "title": "path", + "type": "string" + }, + "pathType": { + "default": "Exact", + "required": [], + "title": "pathType", + "type": "string" + }, + "port": { + "default": 8080, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [ + "path", + "pathType", + "port" + ], + "type": "object" + }, { "additionalProperties": false, "properties": { @@ -1165,6 +1194,210 @@ "title": "revisionHistoryLimit", "type": "integer" }, + "routing": { + "additionalProperties": false, + "description": "Routing settings", + "properties": { + "enabled": { + "default": false, + "description": "Indicates wether routing is enabled or not", + "required": [], + "title": "enabled", + "type": "boolean" + }, + "parentRefs": { + "description": "Parent references", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "parentRefs", + "type": "array" + }, + "paths": { + "additionalProperties": true, + "description": "Path matches", + "properties": { + "preview": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "path": { + "default": "/gtm", + "required": [], + "title": "path", + "type": "string" + }, + "pathType": { + "default": "PathPrefix", + "required": [], + "title": "pathType", + "type": "string" + }, + "port": { + "default": 8080, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [ + "path", + "pathType", + "port" + ], + "type": "object" + } + ], + "required": [] + }, + "required": [], + "title": "preview", + "type": "array" + }, + "tagging": { + "items": { + "anyOf": [ + { + "additionalProperties": false, + "properties": { + "path": { + "default": "/gtm.js", + "required": [], + "title": "path", + "type": "string" + }, + "pathType": { + "default": "Exact", + "required": [], + "title": "pathType", + "type": "string" + }, + "port": { + "default": 8080, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [ + "path", + "pathType", + "port" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "path": { + "default": "/_set_cookie", + "required": [], + "title": "path", + "type": "string" + }, + "pathType": { + "default": "Exact", + "required": [], + "title": "pathType", + "type": "string" + }, + "port": { + "default": 8080, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [ + "path", + "pathType", + "port" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "path": { + "default": "/gtag/js", + "required": [], + "title": "path", + "type": "string" + }, + "pathType": { + "default": "PathPrefix", + "required": [], + "title": "pathType", + "type": "string" + }, + "port": { + "default": 8080, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [ + "path", + "pathType", + "port" + ], + "type": "object" + }, + { + "additionalProperties": false, + "properties": { + "path": { + "default": "/g/collect", + "required": [], + "title": "path", + "type": "string" + }, + "pathType": { + "default": "PathPrefix", + "required": [], + "title": "pathType", + "type": "string" + }, + "port": { + "default": 8080, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [ + "path", + "pathType", + "port" + ], + "type": "object" + } + ], + "required": [] + }, + "required": [], + "title": "tagging", + "type": "array" + } + }, + "required": [ + "preview", + "tagging" + ], + "title": "paths", + "type": "object" + } + }, + "required": [], + "title": "routing", + "type": "object" + }, "scheduling": { "additionalProperties": false, "description": "Scheduling settings", diff --git a/charts/sesamy-gtm/values.yaml b/charts/sesamy-gtm/values.yaml index a48f372..0b7559b 100644 --- a/charts/sesamy-gtm/values.yaml +++ b/charts/sesamy-gtm/values.yaml @@ -857,6 +857,9 @@ ingress: - path: /gtm.js pathType: Exact port: 8080 + - path: /_set_cookie + pathType: Exact + port: 8080 - path: /gtag/js pathType: Prefix port: 8080 @@ -876,8 +879,7 @@ ingress: # @schema # -- Hosts to listen to # @section -- Ingress - hosts: - - example.com + hosts: [] # @schema # type: array # items: @@ -888,6 +890,57 @@ ingress: # @section -- Ingress tls: [] +# @schema +# type: object +# @schema +# Routing settings +routing: + # @schema + # type: boolean + # @schema + # -- Indicates wether routing is enabled or not + # @section -- Routing + enabled: false + # @schema + # type: object + # additionalProperties: true + # @schema + # -- Path matches + # @section -- Routing + paths: + preview: + - path: /gtm + pathType: PathPrefix + port: 8080 + tagging: + - path: /gtm.js + pathType: Exact + port: 8080 + - path: /_set_cookie + pathType: Exact + port: 8080 + - path: /gtag/js + pathType: PathPrefix + port: 8080 + # Comment if `collect.enabled=true` + - path: /g/collect + pathType: PathPrefix + port: 8080 + # Uncomment if `collect.enabled=true` + # collect: + # - path: /g/collect + # pathType: Prefix + # port: 8080 + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Parent references + # @section -- Routing + parentRefs: [] + # ServiceAccount configuration serviceAccount: # @schema @@ -952,6 +1005,7 @@ serviceMonitor: # type: string # @schema # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) + # @section -- Service Monitor scrapeTimeout: '' # @schema # type: array diff --git a/charts/sesamy-umami/Chart.yaml b/charts/sesamy-umami/Chart.yaml index 8f38fde..b6dd4da 100644 --- a/charts/sesamy-umami/Chart.yaml +++ b/charts/sesamy-umami/Chart.yaml @@ -12,8 +12,8 @@ sources: annotations: "artifacthub.io/links": | - name: Chart Source - url: https://github.com/foomo/helm-charts + url: https://github.com/foomo/helm-charts/tree/main/charts/sesamy-umami - name: Umami Source url: https://github.com/umami-software/umami -version: 0.0.2 -appVersion: 2.11.3 +version: 0.1.0 +appVersion: 2.15.1 diff --git a/charts/sesamy-umami/README.md b/charts/sesamy-umami/README.md index 767b294..57870f5 100644 --- a/charts/sesamy-umami/README.md +++ b/charts/sesamy-umami/README.md @@ -1,6 +1,6 @@ # sesamy-umami -![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.11.3](https://img.shields.io/badge/AppVersion-2.11.3-informational?style=flat-square) +![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.15.1](https://img.shields.io/badge/AppVersion-2.15.1-informational?style=flat-square) Helm chart for the Sesamy Umami integration. @@ -8,61 +8,82 @@ Helm chart for the Sesamy Umami integration. ## Values +### Overrides + | Key | Type | Default | Description | |-----|------|---------|-------------| | fullnameOverride | string | `""` | Overrides the chart's computed fullname | -| ingress.annotations | object | `{}` | | +| nameOverride | string | `""` | Overrides the chart's name | +| namespaceOverride | string | `""` | The name of the Namespace to deploy | + +### Ingress + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| ingress.annotations | object | `{}` | Annotations | | ingress.className | string | `""` | Ingress class name | | ingress.enabled | bool | `false` | Enable ingress | -| ingress.hosts[0] | string | `"example.com"` | | -| ingress.paths.umami[0].path | string | `"/"` | | -| ingress.paths.umami[0].pathType | string | `"Prefix"` | | -| ingress.paths.umami[0].port | int | `8000` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | Overrides the chart's name | -| namespaceOverride | string | `""` | The name of the Namespace to deploy If not set, `.Release.Namespace` is used | -| networkPolicy.discovery.namespaceSelector | object | `{}` | Specifies the namespace the discovery Pods are running in | -| networkPolicy.discovery.podSelector | object | `{}` | Specifies the Pods labels used for discovery. As this is cross-namespace communication, you also need the namespaceSelector. | -| networkPolicy.discovery.port | string | `nil` | Specify the port used for discovery | +| ingress.hosts | list | `[]` | Ingress hosts | +| ingress.paths | object | `{"umami":[{"path":"/","pathType":"Prefix","port":8000}]}` | Path settings | +| ingress.tls | list | `[]` | Ingress tls | + +### Network Policy + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| networkPolicy.egress.additionalRules | list | `[]` | Additional egress rules | +| networkPolicy.egress.allowExternal | bool | `true` | Allow ingress through labels | +| networkPolicy.egress.enabled | bool | `true` | Specifies whether egress should be enabled | | networkPolicy.enabled | bool | `false` | Specifies whether Network Policies should be created | -| networkPolicy.externalStorage.cidrs | list | `[]` | Specifies specific network CIDRs you want to limit access to | -| networkPolicy.externalStorage.ports | list | `[]` | Specify the port used for external storage, e.g. AWS S3 | -| networkPolicy.ingress.namespaceSelector | object | `{}` | Specifies the namespaces which are allowed to access the http port | -| networkPolicy.ingress.podSelector | object | `{}` | Specifies the Pods which are allowed to access the http port. As this is cross-namespace communication, you also need the namespaceSelector. | -| networkPolicy.metrics.cidrs | list | `[]` | Specifies specific network CIDRs which are allowed to access the metrics port. In case you use namespaceSelector, you also have to specify your kubelet networks here. The metrics ports are also used for probes. | -| networkPolicy.metrics.namespaceSelector | object | `{}` | Specifies the namespaces which are allowed to access the metrics port | -| networkPolicy.metrics.podSelector | object | `{}` | Specifies the Pods which are allowed to access the metrics port. As this is cross-namespace communication, you also need the namespaceSelector. | -| proxy.config | string | see values.yaml | Nginx SSL Reverse Proxy config. The value is templated using `tpl`. | -| proxy.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | -| proxy.image.repository | string | `"nginx"` | The image repository | -| proxy.image.tag | string | `"1.25-alpine"` | The image tag | +| networkPolicy.ingress.additionalRules | list | `[]` | Additional ingress rules | +| networkPolicy.ingress.allowExternal | bool | `true` | Allow ingress through labels | +| networkPolicy.ingress.enabled | bool | `true` | Specifies whether ingress should be enabled | +| networkPolicy.rules | list | `[]` | List of rules to apply via labels | + +### Proxy + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| proxy.config | string | `"server {\n listen 443 ssl;\n\n ssl_certificate /etc/nginx/ssl/tls.crt;\n ssl_certificate_key /etc/nginx/ssl/tls.key;\n ssl_session_cache shared:SSL:10m;\n ssl_session_timeout 1h;\n ssl_buffer_size 8k;\n\n location / {\n proxy_pass http://0.0.0.0:{{ .Values.umami.service.port }};\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Host $server_name;\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection 'upgrade';\n proxy_cache_bypass $http_upgrade;\n }\n}\n"` | Nginx SSL Reverse Proxy config. | +| proxy.image.pullPolicy | string | `"IfNotPresent"` | Image tag | +| proxy.image.repository | string | `"nginx"` | Image repository | +| proxy.image.tag | string | `"1.25-alpine"` | Image tag | | proxy.resources | object | `{}` | Resource request & limits. | | proxy.tls.crt | string | `""` | Base64 encoded TLS cert | | proxy.tls.key | string | `""` | Base64 encoded TLS key | -| rbac.enabled | bool | `false` | Create PodSecurityPolicy. | -| revisionHistoryLimit | int | `10` | Number of revisions to retain to allow rollback | + +### General + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| revisionHistoryLimit | int | `10` | Number of revisions to keep | + +### Routing + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| routing.enabled | bool | `false` | Indicates wether routing is enabled or not | +| routing.parentRefs | list | `[]` | Parent references | +| routing.paths | list | `[]` | Path matches | + +### Service Account + +| Key | Type | Default | Description | +|-----|------|---------|-------------| | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | -| serviceMonitor.annotations | object | `{}` | ServiceMonitor annotations | -| serviceMonitor.enabled | bool | `false` | If enabled, ServiceMonitor resources for Prometheus Operator are created | -| serviceMonitor.interval | string | `nil` | ServiceMonitor scrape interval | -| serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels | -| serviceMonitor.matchExpressions | list | `[]` | Optional expressions to match on | -| serviceMonitor.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint | -| serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor resources | -| serviceMonitor.namespaceSelector | object | `{}` | Namespace selector for ServiceMonitor resources | -| serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig | -| serviceMonitor.scheme | string | `"http"` | ServiceMonitor will use http by default, but you can pick https as well | -| serviceMonitor.scrapeTimeout | string | `nil` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) | -| serviceMonitor.targetLabels | list | `[]` | | -| serviceMonitor.tlsConfig | string | `nil` | ServiceMonitor will use these tlsConfig settings to make the health check requests | +| serviceAccount.name | string | `""` | The name of the service account to use. | + +### Umami + +| Key | Type | Default | Description | +|-----|------|---------|-------------| | umami.affinity | object | `{}` | Affinity settings for pods. | | umami.autoscaling.behavior.enabled | bool | `false` | Enable autoscaling behaviours | | umami.autoscaling.behavior.scaleDown | object | `{}` | Scale down policies, must conform to HPAScalingRules | | umami.autoscaling.behavior.scaleUp | object | `{}` | Scale up policies, must conform to HPAScalingRules | -| umami.autoscaling.customMetrics | list | `[]` | Custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) | +| umami.autoscaling.customMetrics | list | `[]` | Custom metrics using the HPA/v2 schema | | umami.autoscaling.enabled | bool | `false` | Enable autoscaling | | umami.autoscaling.maxReplicas | int | `100` | Maximum autoscaling replicas | | umami.autoscaling.minReplicas | int | `1` | Minimum autoscaling replicas | @@ -105,7 +126,7 @@ Helm chart for the Sesamy Umami integration. | umami.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | umami.image.registry | string | `"ghcr.io"` | The image registry | | umami.image.repository | string | `"umami-software/umami"` | The image repository | -| umami.image.tag | string | `"postgresql-v2.11.3"` | The image tag | +| umami.image.tag | string | `"postgresql-v2.15.1"` | The image tag | | umami.imagePullSecrets | list | `[]` | Image pull secrets | | umami.livenessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | Liveness probe settings for pods. | | umami.maxUnavailable | string | `nil` | Pod Disruption Budget maxUnavailable | @@ -116,7 +137,7 @@ Helm chart for the Sesamy Umami integration. | umami.readinessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | Readiness probe settings for pods. | | umami.replicaCount | int | `1` | Number of replicas | | umami.resources | object | `{}` | Resource request & limits. | -| umami.securityContext | object | `{}` | | +| umami.securityContext | object | `{}` | Security context | | umami.service.annotations | object | `{}` | Annotations for the service | | umami.service.labels | object | `{}` | Labels for service | | umami.service.port | int | `8000` | Port of the service | @@ -124,3 +145,9 @@ Helm chart for the Sesamy Umami integration. | umami.startupProbe | object | `{}` | Startup probe settings for pods. | | umami.tolerations | list | `[]` | Tolerations settings for pods. | +### Other Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| rbac.enabled | bool | `false` | Create PodSecurityPolicy. | + diff --git a/charts/sesamy-umami/templates/httproute.yaml b/charts/sesamy-umami/templates/httproute.yaml new file mode 100644 index 0000000..33a4ca2 --- /dev/null +++ b/charts/sesamy-umami/templates/httproute.yaml @@ -0,0 +1,22 @@ +{{- if .Values.routing.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "sesamy.umami.fullname" . }} + labels: {{- include "sesamy.umami.labels" . | nindent 4 }} + namespace: {{ include "sesamy.umami.namespace" . }} +spec: + {{- with .Values.routing.parentRefs }} + parentRefs: {{ toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range .Values.routing.paths }} + - matches: + - path: + type: {{ default .pathType "PathPrefix" }} + value: {{ .path }} + backendRefs: + - name: {{ include "sesamy.umami.fullname" $ }} + port: {{ .port }} + {{- end }} +{{- end }} diff --git a/charts/sesamy-umami/templates/networkpolicy.yaml b/charts/sesamy-umami/templates/networkpolicy.yaml index 0d2050f..45a3301 100644 --- a/charts/sesamy-umami/templates/networkpolicy.yaml +++ b/charts/sesamy-umami/templates/networkpolicy.yaml @@ -1,171 +1,43 @@ {{- if .Values.networkPolicy.enabled }} ---- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: {{ include "sesamy.umami.name" . }}-namespace-only - labels: - {{- include "sesamy.umami.labels" . | nindent 4 }} + name: {{ include "sesamy.umami.fullname" . }} + labels: {{- include "sesamy.umami.labels" . | nindent 4 }} namespace: {{ include "sesamy.umami.namespace" . }} spec: policyTypes: + {{- if .Values.networkPolicy.ingress.enabled }} - Ingress + {{- end }} + {{- if .Values.networkPolicy.egress.enabled }} - Egress - podSelector: {} - egress: - - to: - - podSelector: {} - ingress: - - from: - - podSelector: {} - ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "sesamy.umami.name" . }}-egress-dns - labels: - {{- include "sesamy.umami.labels" . | nindent 4 }} - namespace: {{ include "sesamy.umami.namespace" . }} -spec: - policyTypes: - - Egress - podSelector: - matchLabels: - {{- include "sesamy.umami.selectorLabels" . | nindent 6 }} - egress: - - ports: - - port: 53 - protocol: UDP - to: - - namespaceSelector: {} - ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "sesamy.umami.name" . }}-ingress - labels: - {{- include "sesamy.umami.labels" . | nindent 4 }} - namespace: {{ include "sesamy.umami.namespace" . }} -spec: - policyTypes: - - Ingress - podSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - gtm-preview - - gtm-tagging - matchLabels: - {{- include "sesamy.umami.selectorLabels" . | nindent 6 }} - ingress: - - ports: - - port: http - protocol: TCP - {{- if .Values.networkPolicy.ingress.namespaceSelector }} - from: - - namespaceSelector: - {{- toYaml .Values.networkPolicy.ingress.namespaceSelector | nindent 12 }} - {{- if .Values.networkPolicy.ingress.podSelector }} - podSelector: - {{- toYaml .Values.networkPolicy.ingress.podSelector | nindent 12 }} - {{- end }} - {{- end }} - ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "sesamy.umami.name" . }}-ingress-metrics - labels: - {{- include "sesamy.umami.labels" . | nindent 4 }} - namespace: {{ include "sesamy.umami.namespace" . }} -spec: - policyTypes: - - Ingress + {{- end }} podSelector: - matchLabels: - {{- include "sesamy.umami.selectorLabels" . | nindent 6 }} + matchLabels: {{- include "sesamy.umami.selectorLabels" . | nindent 6 }} + {{- if .Values.networkPolicy.ingress.enabled }} ingress: - - ports: - - port: http-metrics - protocol: TCP - {{- if .Values.networkPolicy.metrics.cidrs }} - from: - {{- range $cidr := .Values.networkPolicy.metrics.cidrs }} - - ipBlock: - cidr: {{ $cidr }} - {{- end }} - {{- if .Values.networkPolicy.metrics.namespaceSelector }} - - namespaceSelector: - {{- toYaml .Values.networkPolicy.metrics.namespaceSelector | nindent 12 }} - {{- if .Values.networkPolicy.metrics.podSelector }} - podSelector: - {{- toYaml .Values.networkPolicy.metrics.podSelector | nindent 12 }} - {{- end }} - {{- end }} + {{- if .Values.networkPolicy.ingress.allowExternal }} + - from: + - podSelector: + matchLabels: + networking/allow-{{- include "sesamy.umami.fullname" . }}-access: "true" + {{- end }} + {{ with .Values.networkPolicy.ingress.additionalRules }} + {{ toYaml . | nindent 4 }} {{- end }} - -{{- if .Values.networkPolicy.externalStorage.ports }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "sesamy.umami.name" . }}-egress-external-storage - labels: - {{- include "sesamy.umami.labels" . | nindent 4 }} - namespace: {{ include "sesamy.umami.namespace" . }} -spec: - policyTypes: - - Egress - podSelector: - matchLabels: - {{- include "sesamy.umami.selectorLabels" . | nindent 6 }} - egress: - - ports: - {{- range $port := .Values.networkPolicy.externalStorage.ports }} - - port: {{ $port }} - protocol: TCP - {{- end }} - {{- if .Values.networkPolicy.externalStorage.cidrs }} - to: - {{- range $cidr := .Values.networkPolicy.externalStorage.cidrs }} - - ipBlock: - cidr: {{ $cidr }} - {{- end }} {{- end }} -{{- end }} - -{{- end }} - -{{- if .Values.networkPolicy.discovery.port }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "sesamy.umami.name" . }}-egress-discovery - labels: - {{- include "sesamy.umami.labels" . | nindent 4 }} - namespace: {{ include "sesamy.umami.namespace" . }} -spec: - policyTypes: - - Egress - podSelector: - matchLabels: - {{- include "sesamy.umami.selectorLabels" . | nindent 6 }} + {{- if .Values.networkPolicy.egress.enabled }} egress: - - ports: - - port: {{ .Values.networkPolicy.discovery.port }} - protocol: TCP - {{- if .Values.networkPolicy.discovery.namespaceSelector }} - to: - - namespaceSelector: - {{- toYaml .Values.networkPolicy.discovery.namespaceSelector | nindent 12 }} - {{- if .Values.networkPolicy.discovery.podSelector }} - podSelector: - {{- toYaml .Values.networkPolicy.discovery.podSelector | nindent 12 }} - {{- end }} + {{ if .Values.networkPolicy.egress.allowExternal }} + - to: + - podSelector: + matchLabels: + networking/allow-{{- include "sesamy.umami.fullname" . }}-access: "true" + {{- end }} + {{ with .Values.networkPolicy.egress.additionalRules }} + {{ toYaml . | nindent 4 }} + {{- end }} {{- end }} {{- end }} + diff --git a/charts/sesamy-umami/values.schema.json b/charts/sesamy-umami/values.schema.json index b4780d6..a9e185b 100644 --- a/charts/sesamy-umami/values.schema.json +++ b/charts/sesamy-umami/values.schema.json @@ -1,492 +1,1049 @@ { - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "fullnameOverride": { - "type": "string" + "$schema": "http://json-schema.org/draft-07/schema#", + "additionalProperties": false, + "properties": { + "fullnameOverride": { + "default": "", + "description": "Overrides the chart's computed fullname", + "required": [], + "title": "fullnameOverride", + "type": "string" + }, + "global": { + "description": "Global values are values that can be accessed from any chart or subchart by exactly the same name.", + "required": [], + "title": "global", + "type": "object" + }, + "ingress": { + "additionalProperties": false, + "description": "Ingress configuration", + "properties": { + "annotations": { + "additionalProperties": true, + "description": "Annotations", + "required": [], + "title": "annotations", + "type": "object" }, - "ingress": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "className": { - "type": "string" - }, - "enabled": { - "type": "boolean" - }, - "hosts": { - "type": "array", - "items": { - "type": "string" - } - }, - "paths": { - "type": "object", + "className": { + "default": "", + "description": "Ingress class name", + "required": [], + "title": "className", + "type": "string" + }, + "enabled": { + "default": false, + "description": "Enable ingress", + "required": [], + "title": "enabled", + "type": "boolean" + }, + "hosts": { + "description": "Ingress hosts", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "hosts", + "type": "array" + }, + "paths": { + "additionalProperties": true, + "description": "Path settings", + "properties": { + "umami": { + "items": { + "anyOf": [ + { + "additionalProperties": false, "properties": { - "umami": { - "type": "array", - "items": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "pathType": { - "type": "string" - }, - "port": { - "type": "integer" - } - } - } - } - } - }, - "tls": { - "type": "array" - } + "path": { + "default": "/", + "required": [], + "title": "path", + "type": "string" + }, + "pathType": { + "default": "Prefix", + "required": [], + "title": "pathType", + "type": "string" + }, + "port": { + "default": 8000, + "required": [], + "title": "port", + "type": "integer" + } + }, + "required": [ + "path", + "pathType", + "port" + ], + "type": "object" + } + ], + "required": [] + }, + "required": [], + "title": "umami", + "type": "array" } + }, + "required": [ + "umami" + ], + "title": "paths", + "type": "object" }, - "nameOverride": { - "type": "string" + "tls": { + "description": "Ingress tls", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "tls", + "type": "array" + } + }, + "required": [], + "title": "ingress", + "type": "object" + }, + "nameOverride": { + "default": "", + "description": "Overrides the chart's name", + "required": [], + "title": "nameOverride", + "type": "string" + }, + "namespaceOverride": { + "default": "", + "description": "The name of the Namespace to deploy", + "required": [], + "title": "namespaceOverride", + "type": "string" + }, + "networkPolicy": { + "additionalProperties": false, + "description": "Network Policy settings", + "properties": { + "egress": { + "additionalProperties": false, + "description": "Egress settings", + "properties": { + "additionalRules": { + "description": "Additional egress rules", + "items": { + "required": [], + "type": "string" + }, + "required": [], + "title": "additionalRules", + "type": "array" + }, + "allowExternal": { + "default": true, + "description": "Allow ingress through labels", + "required": [], + "title": "allowExternal", + "type": "boolean" + }, + "enabled": { + "default": true, + "description": "Specifies whether egress should be enabled", + "required": [], + "title": "enabled", + "type": "boolean" + } + }, + "required": [], + "title": "egress", + "type": "object" + }, + "enabled": { + "default": false, + "description": "Specifies whether Network Policies should be created", + "required": [], + "title": "enabled", + "type": "boolean" }, - "namespaceOverride": { + "ingress": { + "additionalProperties": false, + "description": "rules:\n - allow-nginx-ingress\n - allow-internet-egress\n - allow-my-service-access\nIngress settings", + "properties": { + "additionalRules": { + "description": "Additional ingress rules", + "items": { + "additionalProperties": true, + "required": [], + "type": "string" + }, + "required": [], + "title": "additionalRules", + "type": "array" + }, + "allowExternal": { + "default": true, + "description": "Allow ingress through labels", + "required": [], + "title": "allowExternal", + "type": "boolean" + }, + "enabled": { + "default": true, + "description": "Specifies whether ingress should be enabled", + "required": [], + "title": "enabled", + "type": "boolean" + } + }, + "required": [], + "title": "ingress", + "type": "object" + }, + "rules": { + "description": "List of rules to apply via labels", + "items": { + "required": [], "type": "string" + }, + "required": [], + "title": "rules", + "type": "array" + } + }, + "required": [], + "title": "networkPolicy", + "type": "object" + }, + "proxy": { + "additionalProperties": false, + "description": "TLS Reverse Proxy settings\nAll urls have to be valid https urls, so proxy https traffic to your containers.\nCreate a self-signed certificate by running\n$ openssl req -x509 -newkey rsa:2048 -keyout tls.key -out tls.crt -nodes -subj '/CN=sesamy'", + "properties": { + "config": { + "default": "server {\n listen 443 ssl;\n\n ssl_certificate /etc/nginx/ssl/tls.crt;\n ssl_certificate_key /etc/nginx/ssl/tls.key;\n ssl_session_cache shared:SSL:10m;\n ssl_session_timeout 1h;\n ssl_buffer_size 8k;\n\n location / {\n proxy_pass http://0.0.0.0:{{ .Values.umami.service.port }};\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Host $server_name;\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection 'upgrade';\n proxy_cache_bypass $http_upgrade;\n }\n}\n", + "description": "Nginx SSL Reverse Proxy config.", + "required": [], + "title": "config", + "type": "string" }, - "networkPolicy": { - "type": "object", - "properties": { - "discovery": { - "type": "object", - "properties": { - "namespaceSelector": { - "type": "object" - }, - "podSelector": { - "type": "object" - }, - "port": { - "type": "null" - } - } - }, + "image": { + "additionalProperties": false, + "description": "Docker image", + "properties": { + "pullPolicy": { + "default": "IfNotPresent", + "description": "Image tag", + "enum": [ + "IfNotPresent", + "Always" + ], + "required": [], + "title": "pullPolicy" + }, + "repository": { + "default": "nginx", + "description": "Image repository", + "required": [], + "title": "repository", + "type": "string" + }, + "tag": { + "default": "1.25-alpine", + "description": "Image tag", + "required": [], + "title": "tag", + "type": "string" + } + }, + "required": [], + "title": "image", + "type": "object" + }, + "resources": { + "additionalProperties": false, + "description": "Resource request \u0026 limits.", + "required": [], + "title": "resources", + "type": "object" + }, + "tls": { + "additionalProperties": false, + "description": "TLS settings", + "properties": { + "crt": { + "default": "", + "description": "Base64 encoded TLS cert", + "required": [], + "title": "crt", + "type": "string" + }, + "key": { + "default": "", + "description": "Base64 encoded TLS key", + "required": [], + "title": "key", + "type": "string" + } + }, + "required": [], + "title": "tls", + "type": "object" + } + }, + "required": [], + "title": "proxy", + "type": "object" + }, + "rbac": { + "additionalProperties": false, + "description": "RBAC configuration", + "properties": { + "enabled": { + "default": false, + "description": "Create PodSecurityPolicy.", + "required": [], + "title": "enabled", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "rbac", + "type": "object" + }, + "revisionHistoryLimit": { + "default": 10, + "description": "Number of revisions to keep", + "required": [], + "title": "revisionHistoryLimit", + "type": "integer" + }, + "routing": { + "additionalProperties": false, + "description": "Routing settings", + "properties": { + "enabled": { + "default": false, + "description": "Indicates wether routing is enabled or not", + "required": [], + "title": "enabled", + "type": "boolean" + }, + "parentRefs": { + "description": "Parent references", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "parentRefs", + "type": "array" + }, + "paths": { + "description": "Path matches", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "paths", + "type": "array" + } + }, + "required": [], + "title": "routing", + "type": "object" + }, + "serviceAccount": { + "additionalProperties": false, + "description": "Service account settings", + "properties": { + "annotations": { + "additionalProperties": true, + "description": "Annotations to add to the service account", + "required": [], + "title": "annotations", + "type": "object" + }, + "automount": { + "default": true, + "description": "Automatically mount a ServiceAccount's API credentials?", + "required": [], + "title": "automount", + "type": "boolean" + }, + "create": { + "default": true, + "description": "Specifies whether a service account should be created", + "required": [], + "title": "create", + "type": "boolean" + }, + "name": { + "default": "", + "description": "The name of the service account to use.", + "required": [], + "title": "name", + "type": "string" + } + }, + "required": [], + "title": "serviceAccount", + "type": "object" + }, + "umami": { + "additionalProperties": false, + "description": "Umami settings", + "properties": { + "affinity": { + "additionalProperties": true, + "description": "Affinity settings for pods.", + "required": [], + "title": "affinity", + "type": "object" + }, + "autoscaling": { + "additionalProperties": false, + "description": "Autoscaling settings", + "properties": { + "behavior": { + "additionalProperties": false, + "description": "Behavior settings", + "properties": { "enabled": { - "type": "boolean" - }, - "externalStorage": { - "type": "object", - "properties": { - "cidrs": { - "type": "array" - }, - "ports": { - "type": "array" - } - } + "default": false, + "description": "Enable autoscaling behaviours", + "required": [], + "title": "enabled", + "type": "boolean" }, - "ingress": { - "type": "object", - "properties": { - "namespaceSelector": { - "type": "object" - }, - "podSelector": { - "type": "object" - } - } + "scaleDown": { + "additionalProperties": true, + "description": "Scale down policies, must conform to HPAScalingRules", + "required": [], + "title": "scaleDown", + "type": "object" }, - "metrics": { - "type": "object", - "properties": { - "cidrs": { - "type": "array" - }, - "namespaceSelector": { - "type": "object" - }, - "podSelector": { - "type": "object" - } - } + "scaleUp": { + "additionalProperties": true, + "description": "Scale up policies, must conform to HPAScalingRules", + "required": [], + "title": "scaleUp", + "type": "object" } + }, + "required": [], + "title": "behavior", + "type": "object" + }, + "customMetrics": { + "description": "Custom metrics using the HPA/v2 schema", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "customMetrics", + "type": "array" + }, + "enabled": { + "default": false, + "description": "Enable autoscaling", + "required": [], + "title": "enabled", + "type": "boolean" + }, + "maxReplicas": { + "default": 100, + "description": "Maximum autoscaling replicas", + "required": [], + "title": "maxReplicas", + "type": "integer" + }, + "minReplicas": { + "default": 1, + "description": "Minimum autoscaling replicas", + "required": [], + "title": "minReplicas", + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "default": 80, + "description": "Target CPU utilisation percentage", + "required": [], + "title": "targetCPUUtilizationPercentage", + "type": [ + "integer", + "null" + ] + }, + "targetMemoryUtilizationPercentage": { + "default": "null", + "description": "Target memory utilisation percentage", + "required": [], + "title": "targetMemoryUtilizationPercentage", + "type": [ + "integer", + "null" + ] } + }, + "required": [], + "title": "autoscaling", + "type": "object" }, - "proxy": { - "type": "object", - "properties": { - "config": { - "type": "string" + "config": { + "additionalProperties": false, + "description": "Umami configurations", + "properties": { + "appSecret": { + "additionalProperties": false, + "description": "App secret configurations", + "properties": { + "existingSecret": { + "default": "", + "description": "Name of an existing secret containing the app secret under the key app-secret.", + "required": [], + "title": "existingSecret", + "type": "string" }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } + "existingSecretKey": { + "default": "", + "description": "Key in the existing secret containing the value (default: app-secret)", + "required": [], + "title": "existingSecretKey", + "type": "string" + }, + "secret": { + "default": "", + "description": "A random string used to generate unique values.", + "required": [], + "title": "secret", + "type": "string" + } + }, + "required": [], + "title": "appSecret", + "type": "object" + }, + "clientIpHeader": { + "default": "", + "description": "HTTP header to check for the client's IP address. This is useful when you're behind a proxy that uses non-standard headers.", + "required": [], + "title": "clientIpHeader", + "type": "string" + }, + "cloudMode": { + "default": "1", + "description": "Disables users, teams, and websites settings page.", + "required": [], + "title": "cloudMode", + "type": "string" + }, + "collectApiEndpoint": { + "default": "", + "description": "Allows you to send metrics to a location different than the default `/api/send`. This is to help you avoid some ad-blockers.", + "required": [], + "title": "collectApiEndpoint", + "type": "string" + }, + "corsMaxAge": { + "default": "86400", + "description": "How many seconds a CORS preflight should last. Default is 24 hours.", + "required": [], + "title": "corsMaxAge", + "type": "string" + }, + "database": { + "additionalProperties": false, + "description": "Database configurations", + "properties": { + "auth": { + "additionalProperties": false, + "description": "Auth settings", + "properties": { + "database": { + "default": "", + "description": "Database name", + "required": [], + "title": "database", + "type": "string" + }, + "hostname": { + "default": "", + "description": "Database hostname", + "required": [], + "title": "hostname", + "type": "string" + }, + "password": { + "default": "", + "description": "Database password", + "required": [], + "title": "password", + "type": "string" + }, + "username": { + "default": "", + "description": "Database username", + "required": [], + "title": "username", + "type": "string" } + }, + "required": [], + "title": "auth", + "type": "object" }, - "resources": { - "type": "object" + "existingSecret": { + "default": "", + "description": "Use an existing secret containing the database uri.", + "required": [], + "title": "existingSecret", + "type": "string" }, - "tls": { - "type": "object", - "properties": { - "crt": { - "type": "string" - }, - "key": { - "type": "string" - } - } + "existingSecretKey": { + "default": "", + "description": "Key in the existing secret containing value (default: database-url)", + "required": [], + "title": "existingSecretKey", + "type": "string" + }, + "uri": { + "default": "", + "description": "Full connection string", + "required": [], + "title": "uri", + "type": "string" } + }, + "required": [], + "title": "database", + "type": "object" + }, + "disableBotCheck": { + "default": "1", + "description": "By default bots are excluded from statistics. This disables checking for bots.", + "required": [], + "title": "disableBotCheck", + "type": "string" + }, + "disableLogin": { + "default": "1", + "description": "Disables the login page for the application", + "required": [], + "title": "disableLogin", + "type": "string" + }, + "disableTelemetry": { + "default": "1", + "description": "Umami collects completely anonymous telemetry data in order help improve the application. You can choose to disable this if you don't want to participate.", + "required": [], + "title": "disableTelemetry", + "type": "string" + }, + "disableUpdates": { + "default": "1", + "description": "Disables the check for new versions of Umami", + "required": [], + "title": "disableUpdates", + "type": "string" + }, + "enableTestConsole": { + "default": "1", + "description": "Enables the internal test page, {host}/console. Admin access is required. Users can manually fire pageviews and events to their websites.", + "required": [], + "title": "enableTestConsole", + "type": "string" + }, + "forceSSL": { + "default": "1", + "description": "This will redirect all requests from http to https in the Umami application. Note, this does not apply to the tracking script.", + "required": [], + "title": "forceSSL", + "type": "string" + }, + "hostname": { + "default": "0.0.0.0", + "description": "hostname under which Umami will be reached", + "required": [], + "title": "hostname", + "type": "string" + }, + "ignoreHostname": { + "default": "", + "description": "This will do a DNS lookup on a hostname and the resulting IP address will be ignored. This can be a comma delimited list of hostnames.", + "required": [], + "title": "ignoreHostname", + "type": "string" + }, + "ignoredIpAddresses": { + "default": "", + "description": "You can provide a comma-delimited list of IP address to exclude from data collection.", + "required": [], + "title": "ignoredIpAddresses", + "type": "string" + }, + "logQuery": { + "default": "1", + "description": "If you are running in development mode, this will log database queries to the console for debugging.", + "required": [], + "title": "logQuery", + "type": "string" + }, + "removeDisableLoginEnv": { + "default": true, + "description": "setting this to true removes the environment variable DISABLE_LOGIN defined in `umami.disableLogin` from the deployment as this caused errors in some setups", + "required": [], + "title": "removeDisableLoginEnv", + "type": "boolean" + }, + "removeTrailingSlash": { + "default": "1", + "description": "Removes the trailing slash from all incoming urls.", + "required": [], + "title": "removeTrailingSlash", + "type": "string" + }, + "trackerScriptName": { + "default": "umami", + "description": "Allows you to assign a custom name to the tracker script different from the default umami. This is to help you avoid some ad-blockers.", + "required": [], + "title": "trackerScriptName", + "type": "string" } + }, + "required": [], + "title": "config", + "type": "object" }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } + "dnsConfig": { + "additionalProperties": true, + "description": "DNSConfig settings for pods.", + "required": [], + "title": "dnsConfig", + "type": "object" + }, + "extraEnv": { + "description": "Environment variables to add", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "extraEnv", + "type": "array" + }, + "extraEnvFrom": { + "description": "Environment variables from secrets or configmaps to add", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "extraEnvFrom", + "type": "array" + }, + "extraPorts": { + "description": "Port definitions to add", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "extraPorts", + "type": "array" + }, + "extraVolumeMounts": { + "description": "Volume mounts to add", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "extraVolumeMounts", + "type": "array" + }, + "extraVolumes": { + "description": "Volumes to add", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "extraVolumes", + "type": "array" + }, + "hostAliases": { + "description": "Host aliases to add", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "hostAliases", + "type": "array" + }, + "image": { + "additionalProperties": false, + "description": "Your custom collect image", + "properties": { + "pullPolicy": { + "default": "IfNotPresent", + "description": "The image pull policy", + "enum": [ + "IfNotPresent", + "Always" + ], + "required": [], + "title": "pullPolicy" + }, + "registry": { + "default": "ghcr.io", + "description": "The image registry", + "required": [], + "title": "registry", + "type": "string" + }, + "repository": { + "default": "umami-software/umami", + "description": "The image repository", + "required": [], + "title": "repository", + "type": "string" + }, + "tag": { + "default": "postgresql-v2.15.1", + "description": "The image tag", + "required": [], + "title": "tag", + "type": "string" } + }, + "required": [], + "title": "image", + "type": "object" }, - "revisionHistoryLimit": { - "type": "integer" + "imagePullSecrets": { + "description": "Image pull secrets", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "imagePullSecrets", + "type": "array" }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "automount": { - "type": "boolean" + "livenessProbe": { + "additionalProperties": true, + "description": "Liveness probe settings for pods.", + "properties": { + "httpGet": { + "additionalProperties": false, + "properties": { + "path": { + "default": "/", + "required": [], + "title": "path", + "type": "string" }, - "create": { - "type": "boolean" - }, - "name": { - "type": "string" + "port": { + "default": "http", + "required": [], + "title": "port", + "type": "string" } + }, + "required": [ + "path", + "port" + ], + "title": "httpGet", + "type": "object" } + }, + "required": [ + "httpGet" + ], + "title": "livenessProbe", + "type": "object" }, - "serviceMonitor": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "interval": { - "type": "null" - }, - "labels": { - "type": "object" - }, - "matchExpressions": { - "type": "array" - }, - "metricRelabelings": { - "type": "array" - }, - "namespace": { - "type": "null" - }, - "namespaceSelector": { - "type": "object" - }, - "relabelings": { - "type": "array" - }, - "scheme": { - "type": "string" - }, - "scrapeTimeout": { - "type": "null" - }, - "targetLabels": { - "type": "array" + "maxUnavailable": { + "default": "null", + "description": "Pod Disruption Budget maxUnavailable", + "required": [], + "title": "maxUnavailable", + "type": [ + "integer", + "null" + ] + }, + "nodeSelector": { + "additionalProperties": true, + "description": "Tolerations settings for pods.", + "required": [], + "title": "nodeSelector", + "type": "object" + }, + "podAnnotations": { + "additionalProperties": true, + "description": "Annotations for pods", + "required": [], + "title": "podAnnotations", + "type": "object" + }, + "podLabels": { + "additionalProperties": true, + "description": "Labels for pods", + "required": [], + "title": "podLabels", + "type": "object" + }, + "podSecurityContext": { + "additionalProperties": true, + "description": "The SecurityContext for pods", + "required": [], + "title": "podSecurityContext", + "type": "object" + }, + "readinessProbe": { + "additionalProperties": true, + "description": "Readiness probe settings for pods.", + "properties": { + "httpGet": { + "additionalProperties": false, + "properties": { + "path": { + "default": "/", + "required": [], + "title": "path", + "type": "string" }, - "tlsConfig": { - "type": "null" + "port": { + "default": "http", + "required": [], + "title": "port", + "type": "string" } + }, + "required": [ + "path", + "port" + ], + "title": "httpGet", + "type": "object" } + }, + "required": [ + "httpGet" + ], + "title": "readinessProbe", + "type": "object" }, - "umami": { - "type": "object", - "properties": { - "affinity": { - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "behavior": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "scaleDown": { - "type": "object" - }, - "scaleUp": { - "type": "object" - } - } - }, - "customMetrics": { - "type": "array" - }, - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - }, - "targetMemoryUtilizationPercentage": { - "type": "null" - } - } - }, - "config": { - "type": "object", - "properties": { - "appSecret": { - "type": "object", - "properties": { - "existingSecret": { - "type": "string" - }, - "existingSecretKey": { - "type": "string" - }, - "secret": { - "type": "string" - } - } - }, - "clientIpHeader": { - "type": "string" - }, - "cloudMode": { - "type": "string" - }, - "collectApiEndpoint": { - "type": "string" - }, - "corsMaxAge": { - "type": "string" - }, - "database": { - "type": "object", - "properties": { - "auth": { - "type": "object", - "properties": { - "database": { - "type": "string" - }, - "hostname": { - "type": "string" - }, - "password": { - "type": "string" - }, - "username": { - "type": "string" - } - } - }, - "existingSecret": { - "type": "string" - }, - "existingSecretKey": { - "type": "string" - }, - "uri": { - "type": "string" - } - } - }, - "disableBotCheck": { - "type": "string" - }, - "disableLogin": { - "type": "string" - }, - "disableTelemetry": { - "type": "string" - }, - "disableUpdates": { - "type": "string" - }, - "enableTestConsole": { - "type": "string" - }, - "forceSSL": { - "type": "string" - }, - "hostname": { - "type": "string" - }, - "ignoreHostname": { - "type": "string" - }, - "ignoredIpAddresses": { - "type": "string" - }, - "logQuery": { - "type": "string" - }, - "removeDisableLoginEnv": { - "type": "boolean" - }, - "removeTrailingSlash": { - "type": "string" - }, - "trackerScriptName": { - "type": "string" - } - } - }, - "dnsConfig": { - "type": "object" - }, - "extraEnv": { - "type": "array" - }, - "extraEnvFrom": { - "type": "array" - }, - "extraPorts": { - "type": "array" - }, - "extraVolumeMounts": { - "type": "array" - }, - "extraVolumes": { - "type": "array" - }, - "hostAliases": { - "type": "array" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "type": "string" - }, - "registry": { - "type": "string" - }, - "repository": { - "type": "string" - }, - "tag": { - "type": "string" - } - } - }, - "imagePullSecrets": { - "type": "array" - }, - "livenessProbe": { - "type": "object", - "properties": { - "httpGet": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "port": { - "type": "string" - } - } - } - } - }, - "maxUnavailable": { - "type": "null" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object" - }, - "podLabels": { - "type": "object" - }, - "podSecurityContext": { - "type": "object" - }, - "readinessProbe": { - "type": "object", - "properties": { - "httpGet": { - "type": "object", - "properties": { - "path": { - "type": "string" - }, - "port": { - "type": "string" - } - } - } - } - }, - "replicaCount": { - "type": "integer" - }, - "resources": { - "type": "object" - }, - "securityContext": { - "type": "object" - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "labels": { - "type": "object" - }, - "port": { - "type": "integer" - }, - "type": { - "type": "string" - } - } - }, - "startupProbe": { - "type": "object" - }, - "tolerations": { - "type": "array" - } + "replicaCount": { + "default": 1, + "description": "Number of replicas", + "required": [], + "title": "replicaCount", + "type": "integer" + }, + "resources": { + "additionalProperties": true, + "description": "Resource request \u0026 limits.", + "required": [], + "title": "resources", + "type": "object" + }, + "securityContext": { + "additionalProperties": true, + "description": "Security context", + "required": [], + "title": "securityContext", + "type": "object" + }, + "service": { + "additionalProperties": false, + "description": "Service settings", + "properties": { + "annotations": { + "additionalProperties": true, + "description": "Annotations for the service", + "required": [], + "title": "annotations", + "type": "object" + }, + "labels": { + "additionalProperties": true, + "description": "Labels for service", + "required": [], + "title": "labels", + "type": "object" + }, + "port": { + "default": 8000, + "description": "Port of the service", + "required": [], + "title": "port", + "type": "integer" + }, + "type": { + "default": "ClusterIP", + "description": "Type of the service", + "required": [], + "title": "type", + "type": "string" } + }, + "required": [], + "title": "service", + "type": "object" + }, + "startupProbe": { + "additionalProperties": true, + "description": "Startup probe settings for pods.", + "required": [], + "title": "startupProbe", + "type": "object" + }, + "tolerations": { + "description": "Tolerations settings for pods.", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "tolerations", + "type": "array" } + }, + "required": [], + "title": "umami", + "type": "object" } -} + }, + "required": [ + "rbac" + ], + "type": "object" +} \ No newline at end of file diff --git a/charts/sesamy-umami/values.yaml b/charts/sesamy-umami/values.yaml index 3d84db4..bd62804 100644 --- a/charts/sesamy-umami/values.yaml +++ b/charts/sesamy-umami/values.yaml @@ -1,38 +1,90 @@ +# yaml-language-server: $schema=values.schema.json + +# @schema +# type: string +# @schema # -- Overrides the chart's name -nameOverride: "" +# @section -- Overrides +nameOverride: '' +# @schema +# type: string +# @schema # -- Overrides the chart's computed fullname -fullnameOverride: "" +# @section -- Overrides +fullnameOverride: '' +# @schema +# type: string +# @schema # -- The name of the Namespace to deploy -# If not set, `.Release.Namespace` is used +# @section -- Overrides namespaceOverride: '' -# -- Number of revisions to retain to allow rollback +# @schema +# type: integer +# @schema +# -- Number of revisions to keep +# @section -- General revisionHistoryLimit: 10 -# TLS Reverse Proxy configurations +# @schema +# type: object +# @schema +# TLS Reverse Proxy settings # All urls have to be valid https urls, so proxy https traffic to your containers. # Create a self-signed certificate by running # $ openssl req -x509 -newkey rsa:2048 -keyout tls.key -out tls.crt -nodes -subj '/CN=sesamy' proxy: - # TLS configuration + # @schema + # type: object + # @schema + # TLS settings tls: + # @schema + # type: string + # @schema # -- Base64 encoded TLS key + # @section -- Proxy key: "" + # @schema + # type: string + # @schema # -- Base64 encoded TLS cert + # @section -- Proxy crt: "" + # @schema + # type: object + # @schema # Docker image image: - # -- The image repository - repository: 'nginx' - # -- The image pull policy + # @schema + # enum: [IfNotPresent, Always] + # @schema + # -- Image tag + # @section -- Proxy pullPolicy: IfNotPresent - # -- The image tag + # @schema + # type: string + # @schema + # -- Image repository + # @section -- Proxy + repository: 'nginx' + # @schema + # type: string + # @schema + # -- Image tag + # @section -- Proxy tag: '1.25-alpine' + # @schema + # type: object + # @schema # -- Resource request & limits. + # @section -- Proxy resources: {} + # @schema + # type: string + # @schema # -- Nginx SSL Reverse Proxy config. - # The value is templated using `tpl`. - # @default -- see values.yaml + # @section -- Proxy config: | server { listen 443 ssl; @@ -55,289 +107,681 @@ proxy: } } -# Umami +# @schema +# type: object +# @schema +# Umami settings umami: + # @schema + # type: object + # @schema # Umami configurations config: + # @schema + # type: string + # @schema # -- Disables users, teams, and websites settings page. + # @section -- Umami cloudMode: '1' + # @schema + # type: string + # @schema # -- HTTP header to check for the client's IP address. This is useful when you're behind a proxy that uses non-standard headers. + # @section -- Umami clientIpHeader: '' + # @schema + # type: string + # @schema # -- Allows you to send metrics to a location different than the default `/api/send`. This is to help you avoid some ad-blockers. + # @section -- Umami collectApiEndpoint: '' + # @schema + # type: string + # @schema # -- How many seconds a CORS preflight should last. Default is 24 hours. + # @section -- Umami corsMaxAge: '86400' + # @schema + # type: string + # @schema # -- By default bots are excluded from statistics. This disables checking for bots. + # @section -- Umami disableBotCheck: '1' + # @schema + # type: string + # @schema # -- Disables the login page for the application + # @section -- Umami disableLogin: '1' + # @schema + # type: boolean + # @schema # -- setting this to true removes the environment variable DISABLE_LOGIN defined in `umami.disableLogin` from the deployment as this caused errors in some setups + # @section -- Umami removeDisableLoginEnv: true + # @schema + # type: string + # @schema # -- Umami collects completely anonymous telemetry data in order help improve the application. You can choose to disable this if you don't want to participate. + # @section -- Umami disableTelemetry: "1" + # @schema + # type: string + # @schema # -- Disables the check for new versions of Umami + # @section -- Umami disableUpdates: "1" + # @schema + # type: string + # @schema # -- Enables the internal test page, {host}/console. Admin access is required. Users can manually fire pageviews and events to their websites. + # @section -- Umami enableTestConsole: "1" + # @schema + # type: string + # @schema # -- This will redirect all requests from http to https in the Umami application. Note, this does not apply to the tracking script. + # @section -- Umami forceSSL: "1" + # @schema + # type: string + # @schema # -- hostname under which Umami will be reached + # @section -- Umami hostname: "0.0.0.0" + # @schema + # type: string + # @schema # -- This will do a DNS lookup on a hostname and the resulting IP address will be ignored. This can be a comma delimited list of hostnames. + # @section -- Umami ignoreHostname: "" + # @schema + # type: string + # @schema # -- You can provide a comma-delimited list of IP address to exclude from data collection. + # @section -- Umami ignoredIpAddresses: "" + # @schema + # type: string + # @schema # -- If you are running in development mode, this will log database queries to the console for debugging. + # @section -- Umami logQuery: "1" + # @schema + # type: string + # @schema # -- Removes the trailing slash from all incoming urls. + # @section -- Umami removeTrailingSlash: "1" + # @schema + # type: string + # @schema # -- Allows you to assign a custom name to the tracker script different from the default umami. This is to help you avoid some ad-blockers. + # @section -- Umami trackerScriptName: "umami" + # @schema + # type: object + # @schema # App secret configurations appSecret: + # @schema + # type: string + # @schema # -- A random string used to generate unique values. + # @section -- Umami secret: "" + # @schema + # type: string + # @schema # -- Name of an existing secret containing the app secret under the key app-secret. + # @section -- Umami existingSecret: "" + # @schema + # type: string + # @schema # -- Key in the existing secret containing the value (default: app-secret) + # @section -- Umami existingSecretKey: "" + # @schema + # type: object + # @schema # Database configurations database: + # @schema + # type: string + # @schema # -- Full connection string + # @section -- Umami uri: "" + # @schema + # type: object + # @schema + # Auth settings auth: + # @schema + # type: string + # @schema # -- Database name + # @section -- Umami database: "" + # @schema + # type: string + # @schema # -- Database username + # @section -- Umami username: "" + # @schema + # type: string + # @schema # -- Database password + # @section -- Umami password: "" + # @schema + # type: string + # @schema # -- Database hostname + # @section -- Umami hostname: "" + # @schema + # type: string + # @schema # -- Use an existing secret containing the database uri. + # @section -- Umami existingSecret: "" + # @schema + # type: string + # @schema # -- Key in the existing secret containing value (default: database-url) + # @section -- Umami existingSecretKey: "" + # @schema + # type: object + # @schema # Your custom collect image image: + # @schema + # type: string + # @schema # -- The image registry + # @section -- Umami registry: ghcr.io + # @schema + # type: string + # @schema # -- The image repository + # @section -- Umami repository: umami-software/umami + # @schema + # enum: [IfNotPresent, Always] + # @schema # -- The image pull policy + # @section -- Umami pullPolicy: IfNotPresent + # @schema + # type: string + # @schema # -- The image tag - tag: postgresql-v2.11.3 + # @section -- Umami + tag: postgresql-v2.15.1 + # @schema + # type: integer + # @schema # -- Number of replicas + # @section -- Umami replicaCount: 1 + # @schema + # type: [integer, null] + # @schema # -- Pod Disruption Budget maxUnavailable + # @section -- Umami maxUnavailable: null + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema # -- Host aliases to add + # @section -- Umami hostAliases: [] - # - ip: 1.2.3.4 - # hostnames: - # - domain.tld + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema # -- Image pull secrets + # @section -- Umami imagePullSecrets: [] + # @schema + # type: object + # additionalProperties: true + # @schema # -- Annotations for pods + # @section -- Umami podAnnotations: {} + # @schema + # type: object + # additionalProperties: true + # @schema # -- Labels for pods + # @section -- Umami podLabels: {} + # @schema + # type: object + # additionalProperties: true + # @schema # -- The SecurityContext for pods + # @section -- Umami podSecurityContext: {} - # fsGroup: 2000 + # @schema + # type: object + # additionalProperties: true + # @schema + # -- Security context + # @section -- Umami securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 + # @schema + # type: object + # @schema + # Service settings service: + # @schema + # type: integer + # @schema # -- Port of the service + # @section -- Umami port: 8000 + # @schema + # type: string + # @schema # -- Type of the service + # @section -- Umami type: ClusterIP + # @schema + # type: object + # additionalProperties: true + # @schema # -- Annotations for the service + # @section -- Umami annotations: {} + # @schema + # type: object + # additionalProperties: true + # @schema # -- Labels for service + # @section -- Umami labels: {} + # @schema + # type: object + # additionalProperties: true + # @schema # -- Resource request & limits. + # @section -- Umami resources: {} - # requests: - # cpu: 100m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi + # @schema + # type: object + # additionalProperties: true + # @schema # -- Startup probe settings for pods. + # @section -- Umami startupProbe: {} - # httpGet: - # path: /healthz - # port: http + # @schema + # type: object + # additionalProperties: true + # @schema # -- Readiness probe settings for pods. + # @section -- Umami readinessProbe: httpGet: path: / port: http + # @schema + # type: object + # additionalProperties: true + # @schema # -- Liveness probe settings for pods. + # @section -- Umami livenessProbe: httpGet: path: / port: http + # @schema + # type: object + # @schema + # Autoscaling settings autoscaling: + # @schema + # type: boolean + # @schema # -- Enable autoscaling + # @section -- Umami enabled: false + # @schema + # type: integer + # @schema # -- Minimum autoscaling replicas + # @section -- Umami minReplicas: 1 + # @schema + # type: integer + # @schema # -- Maximum autoscaling replicas + # @section -- Umami maxReplicas: 100 + # @schema + # type: [integer, null] + # @schema # -- Target CPU utilisation percentage + # @section -- Umami targetCPUUtilizationPercentage: 80 + # @schema + # type: [integer, null] + # @schema # -- Target memory utilisation percentage + # @section -- Umami targetMemoryUtilizationPercentage: null - # -- Custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Custom metrics using the HPA/v2 schema + # @section -- Umami customMetrics: [] - # - type: Pods - # pods: - # metric: - # name: loki_lines_total - # target: - # type: AverageValue - # averageValue: 10k + # @schema + # type: object + # @schema + # Behavior settings behavior: + # @schema + # type: boolean + # @schema # -- Enable autoscaling behaviours + # @section -- Umami enabled: false + # @schema + # type: object + # additionalProperties: true + # @schema # -- Scale down policies, must conform to HPAScalingRules + # @section -- Umami scaleDown: {} + # @schema + # type: object + # additionalProperties: true + # @schema # -- Scale up policies, must conform to HPAScalingRules + # @section -- Umami scaleUp: {} + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema # -- Environment variables to add + # @section -- Umami extraEnv: [] + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema # -- Port definitions to add + # @section -- Umami extraPorts: [] + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema # -- Environment variables from secrets or configmaps to add + # @section -- Umami extraEnvFrom: [] + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema # -- Volume mounts to add + # @section -- Umami extraVolumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema # -- Volumes to add + # @section -- Umami extraVolumes: [] - # - name: foo - # secret: - # secretName: mysecret - # optional: false + # @schema + # type: object + # additionalProperties: true + # @schema # -- Tolerations settings for pods. + # @section -- Umami nodeSelector: {} + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema # -- Tolerations settings for pods. + # @section -- Umami tolerations: [] + # @schema + # type: object + # additionalProperties: true + # @schema # -- Affinity settings for pods. + # @section -- Umami affinity: {} + # @schema + # type: object + # additionalProperties: true + # @schema # -- DNSConfig settings for pods. + # @section -- Umami dnsConfig: {} +# @schema +# type: object +# @schema # Ingress configuration ingress: + # @schema + # type: boolean + # @schema # -- Enable ingress + # @section -- Ingress enabled: false + # @schema + # type: string + # @schema # -- Ingress class name + # @section -- Ingress className: "" + # @schema + # type: object + # additionalProperties: true + # @schema + # -- Annotations + # @section -- Ingress annotations: {} + # @schema + # type: object + # additionalProperties: true + # @schema + # -- Path settings + # @section -- Ingress paths: umami: - path: / pathType: Prefix port: 8000 - hosts: - - example.com + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Ingress hosts + # @section -- Ingress + hosts: [] + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Ingress tls + # @section -- Ingress tls: [] - # - secretName: example-com-tls - # hosts: - # - example.com -# ServiceAccount configuration +# @schema +# type: object +# @schema +# Routing settings +routing: + # @schema + # type: boolean + # @schema + # -- Indicates wether routing is enabled or not + # @section -- Routing + enabled: false + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Path matches + # @section -- Routing + paths: [] + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Parent references + # @section -- Routing + parentRefs: [] + +# @schema +# type: object +# @schema +# Service account settings serviceAccount: + # @schema + # type: string + # @schema + # -- The name of the service account to use. + # @section -- Service Account + name: "" + # @schema + # type: boolean + # @schema # -- Specifies whether a service account should be created + # @section -- Service Account create: true + # @schema + # type: boolean + # @schema # -- Automatically mount a ServiceAccount's API credentials? + # @section -- Service Account automount: true + # @schema + # type: object + # additionalProperties: true + # @schema # -- Annotations to add to the service account - annotations: {} - # -- The name of the service account to use. - # -- If not set and create is true, a name is generated using the fullname template - name: "" - -# ServiceMonitor configuration -serviceMonitor: - # -- If enabled, ServiceMonitor resources for Prometheus Operator are created - enabled: false - # -- Alternative namespace for ServiceMonitor resources - namespace: null - # -- Namespace selector for ServiceMonitor resources - namespaceSelector: {} - # -- Optional expressions to match on - matchExpressions: [] - # - key: prometheus.io/service-monitor - # operator: NotIn - # values: - # - "false" - # -- ServiceMonitor annotations - annotations: {} - # -- Additional ServiceMonitor labels - labels: {} - # -- ServiceMonitor scrape interval - interval: null - # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) - scrapeTimeout: null - # -- ServiceMonitor relabel configs to apply to samples before scraping - # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - relabelings: [] - # -- ServiceMonitor metric relabel configs to apply to samples before ingestion - # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint - metricRelabelings: [] - ##ServiceMonitor will add labels from the service to the Prometheus metric - # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec - targetLabels: [] - # -- ServiceMonitor will use http by default, but you can pick https as well - scheme: http - # -- ServiceMonitor will use these tlsConfig settings to make the health check requests - tlsConfig: null + # @section -- Service Account + annotations: { } -# NetworkPolicy configuration +# @schema +# type: object +# @schema +# Network Policy settings networkPolicy: + # @schema + # type: boolean + # @schema # -- Specifies whether Network Policies should be created + # @section -- Network Policy enabled: false - metrics: - # -- Specifies the Pods which are allowed to access the metrics port. - # As this is cross-namespace communication, you also need the namespaceSelector. - podSelector: {} - # -- Specifies the namespaces which are allowed to access the metrics port - namespaceSelector: {} - # -- Specifies specific network CIDRs which are allowed to access the metrics port. - # In case you use namespaceSelector, you also have to specify your kubelet networks here. - # The metrics ports are also used for probes. - cidrs: [] + # @schema + # type: array + # items: + # type: string + # @schema + # -- List of rules to apply via labels + # @section -- Network Policy + rules: [] + # rules: + # - allow-nginx-ingress + # - allow-internet-egress + # - allow-my-service-access + # @schema + # type: object + # @schema + # Ingress settings + # @section -- Network Policy ingress: - # -- Specifies the Pods which are allowed to access the http port. - # As this is cross-namespace communication, you also need the namespaceSelector. - podSelector: {} - # -- Specifies the namespaces which are allowed to access the http port - namespaceSelector: {} - externalStorage: - # -- Specify the port used for external storage, e.g. AWS S3 - ports: [] - # -- Specifies specific network CIDRs you want to limit access to - cidrs: [] - discovery: - # -- Specify the port used for discovery - port: null - # -- Specifies the Pods labels used for discovery. - # As this is cross-namespace communication, you also need the namespaceSelector. - podSelector: {} - # -- Specifies the namespace the discovery Pods are running in - namespaceSelector: {} + # @schema + # type: boolean + # @schema + # -- Specifies whether ingress should be enabled + # @section -- Network Policy + enabled: true + # @schema + # type: boolean + # @schema + # -- Allow ingress through labels + # @section -- Network Policy + allowExternal: true + # @schema + # type: array + # items: + # type: string + # additionalProperties: true + # @schema + # -- Additional ingress rules + # @section -- Network Policy + additionalRules: [] + # @schema + # type: object + # @schema + # Egress settings + # @section -- Network Policy + egress: + # @schema + # type: boolean + # @schema + # -- Specifies whether egress should be enabled + # @section -- Network Policy + enabled: true + # @schema + # type: boolean + # @schema + # -- Allow ingress through labels + # @section -- Network Policy + allowExternal: true + # @schema + # type: array + # items: + # type: string + # @schema + # -- Additional egress rules + # @section -- Network Policy + additionalRules: [] # RBAC configuration rbac: diff --git a/charts/squadron-keel-cronjob/README.md b/charts/squadron-keel-cronjob/README.md index 5973148..ec09fe2 100644 --- a/charts/squadron-keel-cronjob/README.md +++ b/charts/squadron-keel-cronjob/README.md @@ -62,6 +62,7 @@ Squadron Keel CronJob Chart | global.foomo.squadron.fleet | string | `""` | Will be automatically injected (optional) | | global.foomo.squadron.name | string | `""` | Will be automatically injected | | global.foomo.squadron.unit | string | `""` | Will be automatically injected | +| global.foomo.withDeprecatedSelectorLabels | bool | `false` | Enable for backward compatibility | ### Graceful Shutdown @@ -159,9 +160,3 @@ Squadron Keel CronJob Chart | serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. | - -### Other Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| global.foomo.withDeprecatedSelectorLabels | bool | `false` | | diff --git a/charts/squadron-keel-cronjob/values.yaml b/charts/squadron-keel-cronjob/values.yaml index 999296c..52e9b88 100644 --- a/charts/squadron-keel-cronjob/values.yaml +++ b/charts/squadron-keel-cronjob/values.yaml @@ -13,7 +13,7 @@ global: # @schema # type: boolean # @schema - # Enable for backward compatibility + # -- Enable for backward compatibility # @section -- Global withDeprecatedSelectorLabels: false # @schema diff --git a/charts/squadron-keel-server/Chart.yaml b/charts/squadron-keel-server/Chart.yaml index a4a0ab9..3e05a7d 100644 --- a/charts/squadron-keel-server/Chart.yaml +++ b/charts/squadron-keel-server/Chart.yaml @@ -15,5 +15,5 @@ annotations: - name: Chart Source url: https://github.com/foomo/helm-charts/tree/main/charts/squadron-keel-server -version: 0.2.2 -appVersion: 0.2.2 +version: 0.3.0 +appVersion: 0.3.0 diff --git a/charts/squadron-keel-server/README.md b/charts/squadron-keel-server/README.md index ab03bc7..683f312 100644 --- a/charts/squadron-keel-server/README.md +++ b/charts/squadron-keel-server/README.md @@ -1,6 +1,6 @@ # squadron-keel-server -![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.2](https://img.shields.io/badge/AppVersion-0.2.2-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.0](https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square) Squadron Keel Server Chart @@ -63,6 +63,7 @@ Squadron Keel Server Chart | global.foomo.squadron.fleet | string | `""` | Will be automatically injected (optional) | | global.foomo.squadron.name | string | `""` | Will be automatically injected | | global.foomo.squadron.unit | string | `""` | Will be automatically injected | +| global.foomo.withDeprecatedSelectorLabels | bool | `false` | Enable for backward compatibility | ### Graceful settings @@ -146,6 +147,14 @@ Squadron Keel Server Chart |-----|------|---------|-------------| | rbac.enabled | bool | `false` | Indicates wether scheduling is enabled or not | +### Routing + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| routing.enabled | bool | `false` | Indicates wether routing is enabled or not | +| routing.parentRefs | list | `[]` | Parent references | +| routing.paths | list | `[]` | Path matches | + ### Scheduling | Key | Type | Default | Description | @@ -213,9 +222,3 @@ Squadron Keel Server Chart | serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping. | | serviceMonitor.scrapeTimeout | string | `""` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) | | serviceMonitor.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric | - -### Other Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| global.foomo.withDeprecatedSelectorLabels | bool | `false` | | diff --git a/charts/squadron-keel-server/templates/httproute.yaml b/charts/squadron-keel-server/templates/httproute.yaml new file mode 100644 index 0000000..969b262 --- /dev/null +++ b/charts/squadron-keel-server/templates/httproute.yaml @@ -0,0 +1,22 @@ +{{- if .Values.routing.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "keel.server.fullname" . }} + labels: {{- include "keel.server.labels" . | nindent 4 }} + namespace: {{ include "keel.server.namespace" . }} +spec: + {{- with .Values.routing.parentRefs }} + parentRefs: {{ toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range .Values.routing.paths }} + - matches: + - path: + type: {{ default .pathType "PathPrefix" }} + value: {{ .path }} + backendRefs: + - name: {{ include "keel.server.fullname" $ }} + port: {{ .port }} + {{- end }} +{{- end }} diff --git a/charts/squadron-keel-server/values.schema.json b/charts/squadron-keel-server/values.schema.json index 5b0882d..b0d6eee 100644 --- a/charts/squadron-keel-server/values.schema.json +++ b/charts/squadron-keel-server/values.schema.json @@ -700,6 +700,44 @@ "title": "revisionHistoryLimit", "type": "integer" }, + "routing": { + "additionalProperties": false, + "description": "Routing settings", + "properties": { + "enabled": { + "default": false, + "description": "Indicates wether routing is enabled or not", + "required": [], + "title": "enabled", + "type": "boolean" + }, + "parentRefs": { + "description": "Parent references", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "parentRefs", + "type": "array" + }, + "paths": { + "description": "Path matches", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "paths", + "type": "array" + } + }, + "required": [], + "title": "routing", + "type": "object" + }, "scheduling": { "additionalProperties": false, "description": "Scheduling settings", diff --git a/charts/squadron-keel-server/values.yaml b/charts/squadron-keel-server/values.yaml index d3399d2..a296275 100644 --- a/charts/squadron-keel-server/values.yaml +++ b/charts/squadron-keel-server/values.yaml @@ -13,7 +13,7 @@ global: # @schema # type: boolean # @schema - # Enable for backward compatibility + # -- Enable for backward compatibility # @section -- Global withDeprecatedSelectorLabels: false # @schema @@ -354,6 +354,36 @@ ingress: # hosts: # - chart-example.local +# @schema +# type: object +# @schema +# Routing settings +routing: + # @schema + # type: boolean + # @schema + # -- Indicates wether routing is enabled or not + # @section -- Routing + enabled: false + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Path matches + # @section -- Routing + paths: [] + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Parent references + # @section -- Routing + parentRefs: [] + # @schema # type: object # @schema diff --git a/charts/squadron-nextjs-server/Chart.yaml b/charts/squadron-nextjs-server/Chart.yaml index 80a2e9a..c4d1c6f 100644 --- a/charts/squadron-nextjs-server/Chart.yaml +++ b/charts/squadron-nextjs-server/Chart.yaml @@ -14,5 +14,5 @@ annotations: - name: Chart Source url: https://github.com/foomo/helm-charts/tree/main/charts/squadron-nextjs-server -version: 0.1.12 -appVersion: 0.1.12 +version: 0.2.0 +appVersion: 0.2.0 diff --git a/charts/squadron-nextjs-server/README.md b/charts/squadron-nextjs-server/README.md index 3365d20..97a6bb0 100644 --- a/charts/squadron-nextjs-server/README.md +++ b/charts/squadron-nextjs-server/README.md @@ -1,6 +1,6 @@ # squadron-nextjs-server -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.12](https://img.shields.io/badge/AppVersion-0.1.12-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0](https://img.shields.io/badge/AppVersion-0.2.0-informational?style=flat-square) Squadron NextJS Server Chart @@ -62,6 +62,7 @@ Squadron NextJS Server Chart | global.foomo.squadron.fleet | string | `""` | Will be automatically injected (optional) | | global.foomo.squadron.name | string | `""` | Will be automatically injected | | global.foomo.squadron.unit | string | `""` | Will be automatically injected | +| global.foomo.withDeprecatedSelectorLabels | bool | `false` | Enable for backward compatibility | ### Graceful Shutdown @@ -145,6 +146,14 @@ Squadron NextJS Server Chart |-----|------|---------|-------------| | rbac.enabled | bool | `false` | Indicates wether scheduling is enabled or not | +### Routing + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| routing.enabled | bool | `false` | Indicates wether routing is enabled or not | +| routing.parentRefs | list | `[]` | Parent references | +| routing.paths | list | `[]` | Path matches | + ### Scheduling | Key | Type | Default | Description | @@ -212,9 +221,3 @@ Squadron NextJS Server Chart | serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping. | | serviceMonitor.scrapeTimeout | string | `""` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) | | serviceMonitor.targetLabels | list | `[]` | ServiceMonitor will add labels from the service to the Prometheus metric | - -### Other Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| global.foomo.withDeprecatedSelectorLabels | bool | `false` | | diff --git a/charts/squadron-nextjs-server/templates/httproute.yaml b/charts/squadron-nextjs-server/templates/httproute.yaml new file mode 100644 index 0000000..e682abb --- /dev/null +++ b/charts/squadron-nextjs-server/templates/httproute.yaml @@ -0,0 +1,22 @@ +{{- if .Values.routing.enabled }} +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: {{ include "nextjs.server.fullname" . }} + labels: {{- include "nextjs.server.labels" . | nindent 4 }} + namespace: {{ include "nextjs.server.namespace" . }} +spec: + {{- with .Values.routing.parentRefs }} + parentRefs: {{ toYaml . | nindent 4 }} + {{- end }} + rules: + {{- range .Values.routing.paths }} + - matches: + - path: + type: {{ default .pathType "PathPrefix" }} + value: {{ .path }} + backendRefs: + - name: {{ include "nextjs.server.fullname" $ }} + port: {{ .port }} + {{- end }} +{{- end }} diff --git a/charts/squadron-nextjs-server/values.schema.json b/charts/squadron-nextjs-server/values.schema.json index 8114618..1487554 100644 --- a/charts/squadron-nextjs-server/values.schema.json +++ b/charts/squadron-nextjs-server/values.schema.json @@ -693,6 +693,44 @@ "title": "revisionHistoryLimit", "type": "integer" }, + "routing": { + "additionalProperties": false, + "description": "Routing settings", + "properties": { + "enabled": { + "default": false, + "description": "Indicates wether routing is enabled or not", + "required": [], + "title": "enabled", + "type": "boolean" + }, + "parentRefs": { + "description": "Parent references", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "parentRefs", + "type": "array" + }, + "paths": { + "description": "Path matches", + "items": { + "additionalProperties": true, + "required": [], + "type": "object" + }, + "required": [], + "title": "paths", + "type": "array" + } + }, + "required": [], + "title": "routing", + "type": "object" + }, "scheduling": { "additionalProperties": false, "description": "Scheduling settings", diff --git a/charts/squadron-nextjs-server/values.yaml b/charts/squadron-nextjs-server/values.yaml index c5841d8..c0e1eeb 100644 --- a/charts/squadron-nextjs-server/values.yaml +++ b/charts/squadron-nextjs-server/values.yaml @@ -13,7 +13,7 @@ global: # @schema # type: boolean # @schema - # Enable for backward compatibility + # -- Enable for backward compatibility # @section -- Global withDeprecatedSelectorLabels: false # @schema @@ -345,6 +345,36 @@ ingress: # hosts: # - chart-example.local +# @schema +# type: object +# @schema +# Routing settings +routing: + # @schema + # type: boolean + # @schema + # -- Indicates wether routing is enabled or not + # @section -- Routing + enabled: false + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Path matches + # @section -- Routing + paths: [] + # @schema + # type: array + # items: + # type: object + # additionalProperties: true + # @schema + # -- Parent references + # @section -- Routing + parentRefs: [] + # @schema # type: object # @schema