From e9493c89923c7aaae002c3656eeefc86ed9cf97e Mon Sep 17 00:00:00 2001 From: Michael Nelson Date: Tue, 22 Feb 2022 19:51:56 +1100 Subject: [PATCH] bitnami/kubeapps Improved handling of packaging options for Kubeapps (#9063) * Improved handling of packaging options for Kubeapps Signed-off-by: Michael Nelson * Run readme generator. Signed-off-by: Michael Nelson * Fix other use of redis.enabled from https://github.com/kubeapps/kubeapps/pull/4309 Signed-off-by: Michael Nelson Signed-off-by: Pavel Sokolov --- bitnami/kubeapps/Chart.yaml | 4 +- bitnami/kubeapps/README.md | 32 +++++++----- bitnami/kubeapps/templates/NOTES.txt | 2 +- bitnami/kubeapps/templates/_helpers.tpl | 49 +++++++++++-------- .../templates/kubeappsapis/deployment.yaml | 7 +-- .../templates/kubeappsapis/rbac_fluxv2.yaml | 2 +- bitnami/kubeapps/values.yaml | 42 ++++++++++------ 7 files changed, 84 insertions(+), 54 deletions(-) diff --git a/bitnami/kubeapps/Chart.yaml b/bitnami/kubeapps/Chart.yaml index 454d1f06431f6e..04c4e37956c10f 100644 --- a/bitnami/kubeapps/Chart.yaml +++ b/bitnami/kubeapps/Chart.yaml @@ -18,7 +18,7 @@ dependencies: - name: redis repository: https://charts.bitnami.com/bitnami version: 15.x.x - condition: redis.enabled + condition: packaging.flux.enabled description: Kubeapps is a web-based UI for launching and managing applications on Kubernetes. It allows users to deploy trusted applications and operators to control users access to the cluster. home: https://kubeapps.com icon: https://raw.githubusercontent.com/kubeapps/kubeapps/main/docs/img/logo.png @@ -33,4 +33,4 @@ maintainers: name: kubeapps sources: - https://github.com/kubeapps/kubeapps -version: 7.8.0 +version: 7.8.1 diff --git a/bitnami/kubeapps/README.md b/bitnami/kubeapps/README.md index 25c8cba29ad19a..077e7093674a98 100644 --- a/bitnami/kubeapps/README.md +++ b/bitnami/kubeapps/README.md @@ -102,13 +102,22 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +### Kubeapps packaging options + +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------- | ------- | +| `packaging.helm.enabled` | Enable the standard Helm packaging. | `true` | +| `packaging.carvel.enabled` | Enable support for the Carvel (kapp-controller) packaging. | `false` | +| `packaging.flux.enabled` | Enable support for Flux (v2) packaging. | `false` | + + ### Frontend parameters | Name | Description | Value | | ------------------------------------------------ | ----------------------------------------------------------------------------------------- | ---------------------- | | `frontend.image.registry` | NGINX image registry | `docker.io` | | `frontend.image.repository` | NGINX image repository | `bitnami/nginx` | -| `frontend.image.tag` | NGINX image tag (immutable tags are recommended) | `1.21.6-debian-10-r13` | +| `frontend.image.tag` | NGINX image tag (immutable tags are recommended) | `1.21.6-debian-10-r21` | | `frontend.image.pullPolicy` | NGINX image pull policy | `IfNotPresent` | | `frontend.image.pullSecrets` | NGINX image pull secrets | `[]` | | `frontend.image.debug` | Enable image debug mode | `false` | @@ -176,7 +185,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | ------------------------------------------------- | -------------------------------------------------------------------------------------------- | ---------------------------- | | `dashboard.image.registry` | Dashboard image registry | `docker.io` | | `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` | -| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.4.2-debian-10-r66` | +| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.4.3-debian-10-r0` | | `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | | `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | | `dashboard.image.debug` | Enable image debug mode | `false` | @@ -242,12 +251,12 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | ----------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------- | | `apprepository.image.registry` | Kubeapps AppRepository Controller image registry | `docker.io` | | `apprepository.image.repository` | Kubeapps AppRepository Controller image repository | `bitnami/kubeapps-apprepository-controller` | -| `apprepository.image.tag` | Kubeapps AppRepository Controller image tag (immutable tags are recommended) | `2.4.2-scratch-r1` | +| `apprepository.image.tag` | Kubeapps AppRepository Controller image tag (immutable tags are recommended) | `2.4.3-scratch-r1` | | `apprepository.image.pullPolicy` | Kubeapps AppRepository Controller image pull policy | `IfNotPresent` | | `apprepository.image.pullSecrets` | Kubeapps AppRepository Controller image pull secrets | `[]` | | `apprepository.syncImage.registry` | Kubeapps Asset Syncer image registry | `docker.io` | | `apprepository.syncImage.repository` | Kubeapps Asset Syncer image repository | `bitnami/kubeapps-asset-syncer` | -| `apprepository.syncImage.tag` | Kubeapps Asset Syncer image tag (immutable tags are recommended) | `2.4.2-scratch-r1` | +| `apprepository.syncImage.tag` | Kubeapps Asset Syncer image tag (immutable tags are recommended) | `2.4.3-scratch-r1` | | `apprepository.syncImage.pullPolicy` | Kubeapps Asset Syncer image pull policy | `IfNotPresent` | | `apprepository.syncImage.pullSecrets` | Kubeapps Asset Syncer image pull secrets | `[]` | | `apprepository.globalReposNamespaceSuffix` | Suffix for the namespace of global repos. Defaults to empty for backwards compatibility. | `""` | @@ -292,7 +301,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `kubeops.enabled` | Specifies whether this component should be installed. | `true` | | `kubeops.image.registry` | Kubeops image registry | `docker.io` | | `kubeops.image.repository` | Kubeops image repository | `bitnami/kubeapps-kubeops` | -| `kubeops.image.tag` | Kubeops image tag (immutable tags are recommended) | `2.4.2-scratch-r1` | +| `kubeops.image.tag` | Kubeops image tag (immutable tags are recommended) | `2.4.3-scratch-r1` | | `kubeops.image.pullPolicy` | Kubeops image pull policy | `IfNotPresent` | | `kubeops.image.pullSecrets` | Kubeops image pull secrets | `[]` | | `kubeops.namespaceHeaderName` | Additional header name for trusted namespaces | `""` | @@ -352,7 +361,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `assetsvc.enabled` | Specifies whether this deprecated component should be installed. | `false` | | `assetsvc.image.registry` | Kubeapps Assetsvc image registry | `docker.io` | | `assetsvc.image.repository` | Kubeapps Assetsvc image repository | `bitnami/kubeapps-assetsvc` | -| `assetsvc.image.tag` | Kubeapps Assetsvc image tag (immutable tags are recommended) | `2.4.2-scratch-r1` | +| `assetsvc.image.tag` | Kubeapps Assetsvc image tag (immutable tags are recommended) | `2.4.3-scratch-r1` | | `assetsvc.image.pullPolicy` | Kubeapps Assetsvc image pull policy | `IfNotPresent` | | `assetsvc.image.pullSecrets` | Kubeapps Assetsvc image pull secrets | `[]` | | `assetsvc.replicaCount` | Number of Assetsvc replicas to deploy | `1` | @@ -407,7 +416,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `authProxy.enabled` | Specifies whether Kubeapps should configure OAuth login/logout | `false` | | `authProxy.image.registry` | OAuth2 Proxy image registry | `docker.io` | | `authProxy.image.repository` | OAuth2 Proxy image repository | `bitnami/oauth2-proxy` | -| `authProxy.image.tag` | OAuth2 Proxy image tag (immutable tags are recommended) | `7.2.1-debian-10-r49` | +| `authProxy.image.tag` | OAuth2 Proxy image tag (immutable tags are recommended) | `7.2.1-debian-10-r56` | | `authProxy.image.pullPolicy` | OAuth2 Proxy image pull policy | `IfNotPresent` | | `authProxy.image.pullSecrets` | OAuth2 Proxy image pull secrets | `[]` | | `authProxy.external` | Use an external Auth Proxy instead of deploying its own one | `false` | @@ -440,7 +449,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `pinnipedProxy.enabled` | Specifies whether Kubeapps should configure Pinniped Proxy | `false` | | `pinnipedProxy.image.registry` | Pinniped Proxy image registry | `docker.io` | | `pinnipedProxy.image.repository` | Pinniped Proxy image repository | `bitnami/kubeapps-pinniped-proxy` | -| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `2.4.2-debian-10-r69` | +| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `2.4.3-debian-10-r4` | | `pinnipedProxy.image.pullPolicy` | Pinniped Proxy image pull policy | `IfNotPresent` | | `pinnipedProxy.image.pullSecrets` | Pinniped Proxy image pull secrets | `[]` | | `pinnipedProxy.defaultPinnipedNamespace` | Specify the (default) namespace in which pinniped concierge is installed | `pinniped-concierge` | @@ -467,7 +476,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `rbac.create` | Specifies whether RBAC resources should be created | `true` | | `testImage.registry` | NGINX image registry | `docker.io` | | `testImage.repository` | NGINX image repository | `bitnami/nginx` | -| `testImage.tag` | NGINX image tag (immutable tags are recommended) | `1.21.6-debian-10-r13` | +| `testImage.tag` | NGINX image tag (immutable tags are recommended) | `1.21.6-debian-10-r21` | | `testImage.pullPolicy` | NGINX image pull policy | `IfNotPresent` | | `testImage.pullSecrets` | NGINX image pull secrets | `[]` | @@ -492,7 +501,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | Name | Description | Value | | ----------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- | ----------------------- | -| `kubeappsapis.enabledPlugins` | Enabled plugins for the Kubeapps-APIs service | `["helm","resources"]` | +| `kubeappsapis.enabledPlugins` | Manually override which plugins are enabled for the Kubeapps-APIs service | `nil` | | `kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.major` | Number of major versions to display in the summary | `3` | | `kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.minor` | Number of minor versions to display in the summary | `3` | | `kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.patch` | Number of patch versions to display in the summary | `3` | @@ -502,7 +511,7 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | `kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultAllowDowngrades` | Default policy for allowing applications to be downgraded to previous versions | `false` | | `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `docker.io` | | `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `bitnami/kubeapps-apis` | -| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `2.4.2-debian-10-r68` | +| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `2.4.3-debian-10-r7` | | `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` | | `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` | | `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `2` | @@ -558,7 +567,6 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith | Name | Description | Value | | ------------------------------- | ------------------------------------------------------------------ | -------------------------------------------------------- | | `redis.redisPassword` | Password used in Redis™ | `""` | -| `redis.enabled` | Enable the Redis™ deployment when deploying Kubeapps APIs. | `false` | | `redis.master.extraFlags` | Array with additional command line flags for Redis™ master | `["--maxmemory 200mb","--maxmemory-policy allkeys-lru"]` | | `redis.master.disableCommands` | Array with commands to deactivate on Redis&trade | `[]` | | `redis.replica.replicaCount` | Number of Redis™ replicas to deploy | `1` | diff --git a/bitnami/kubeapps/templates/NOTES.txt b/bitnami/kubeapps/templates/NOTES.txt index 3a8ffe7577e05f..583f776a21297a 100644 --- a/bitnami/kubeapps/templates/NOTES.txt +++ b/bitnami/kubeapps/templates/NOTES.txt @@ -71,7 +71,7 @@ To access Kubeapps from outside your K8s cluster, follow the steps below: ########################################################################################################## {{- end }} -{{ if and (.Values.redis.enabled) (not .Values.redis.existingSecret) (empty .Values.redis.redisPassword) -}} +{{ if and (.Values.packaging.flux.enabled) (not .Values.redis.existingSecret) (empty .Values.redis.redisPassword) -}} ########################################################################################################## ### WARNING: You did not provide a value for the redisPassword so one has been generated randomly ### ########################################################################################################## diff --git a/bitnami/kubeapps/templates/_helpers.tpl b/bitnami/kubeapps/templates/_helpers.tpl index 212141f0b6f157..9ef735bf63aa37 100644 --- a/bitnami/kubeapps/templates/_helpers.tpl +++ b/bitnami/kubeapps/templates/_helpers.tpl @@ -192,7 +192,6 @@ Compile all warnings into a single message, and call fail. {{- define "kubeapps.validateValues" -}} {{- $messages := list -}} {{- $messages := append $messages (include "kubeapps.validateValues.ingress.tls" .) -}} -{{- $messages := append $messages (include "kubeapps.validateValues.kubeappsapis.enabledPlugins" .) -}} {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} @@ -217,27 +216,37 @@ kubeapps: ingress.tls {{- end -}} {{- end -}} - {{/* -# Validate values of common mistakes in kubeappsapis.enabledPlugins +# Calculate the kubeappsapis enabledPlugins. */}} -{{- define "kubeapps.validateValues.kubeappsapis.enabledPlugins" -}} - {{- if has "flux" .Values.kubeappsapis.enabledPlugins }} - kubeapps: kubeappsapis.enabledPlugins - You enter "flux", perhaps you meant "fluxv2"? - {{- end -}} - {{- if has "kapp_controller" .Values.kubeappsapis.enabledPlugins }} - kubeapps: kubeappsapis.enabledPlugins - You enter "kapp_controller", perhaps you meant "kapp-controller"? - {{- end -}} - {{- if and (has "fluxv2" .Values.kubeappsapis.enabledPlugins) (not .Values.redis.enabled) }} - kubeapps: kubeappsapis.enabledPlugins - If you enable the "fluxv2" plugin, you must also set redis.enabled=true - {{- end -}} - {{- if and (has "fluxv2" .Values.kubeappsapis.enabledPlugins) (has "helm" .Values.kubeappsapis.enabledPlugins) }} - kubeapps: kubeappsapis.enabledPlugins - Please choose just one of the flux2 and helm plugins, since they both operate on Helm releases. - {{- end -}} +{{- define "kubeapps.kubeappsapis.enabledPlugins" -}} + {{- $enabledPlugins := list }} + {{- if .Values.kubeappsapis.enabledPlugins }} + {{- $enabledPlugins = .Values.kubeappsapis.enabledPlugins }} + {{- else }} + {{- if and .Values.packaging.flux.enabled .Values.packaging.helm.enabled }} + {{- fail "packaging: Please enable only one of the flux and helm plugins, since they both operate on Helm releases." }} + {{- end -}} + {{- range $plugin, $options := .Values.packaging }} + {{- if $options.enabled }} + {{- if eq $plugin "carvel" }} + {{- $enabledPlugins = append $enabledPlugins "kapp-controller" }} + {{- else if eq $plugin "flux" }} + {{- $enabledPlugins = append $enabledPlugins "fluxv2" }} + {{- else if eq $plugin "helm" }} + {{- $enabledPlugins = append $enabledPlugins "helm" }} + {{- else }} + {{ $msg := printf "packaging: Unsupported packaging option: %s" $plugin }} + {{- fail $msg }} + {{- end }} + {{- end }} + {{- end }} + {{- if not $enabledPlugins }} + {{- fail "packaging: Please enable at least one of the packaging plugins." }} + {{- end }} + {{- $enabledPlugins = append $enabledPlugins "resources" }} + {{- end }} + {{- $enabledPlugins | toJson }} {{- end -}} {{/* diff --git a/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml b/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml index 0930add17618cc..8ba8b56e2984ac 100644 --- a/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml +++ b/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml @@ -68,7 +68,8 @@ spec: command: - /kubeapps-apis args: - {{- range .Values.kubeappsapis.enabledPlugins }} + {{- $enabledPlugins := include "kubeapps.kubeappsapis.enabledPlugins" . | fromJsonArray }} + {{- range $enabledPlugins }} - --plugin-dir - /plugins/{{ . }} {{- end }} @@ -90,10 +91,10 @@ spec: {{- end }} env: - name: GOGC - value: "50" # default is 100. 50 means increasing x2 the frequency of GC + value: "50" # default is 100. 50 means increasing x2 the frequency of GC - name: PORT value: {{ .Values.kubeappsapis.containerPort | quote }} - {{- if .Values.redis.enabled }} + {{- if .Values.packaging.flux.enabled }} # REDIS-* vars are required by the plugins for caching functionality # TODO (gfichtenolt) this as required by the kubeapps apis service (which will # longer-term pass something to the plugins so that the plugins won't need to diff --git a/bitnami/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml b/bitnami/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml index 98d19190ee7db6..5774e02d0ec042 100644 --- a/bitnami/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml +++ b/bitnami/kubeapps/templates/kubeappsapis/rbac_fluxv2.yaml @@ -1,4 +1,4 @@ -{{- if has "fluxv2" .Values.kubeappsapis.enabledPlugins }} +{{- if .Values.packaging.flux.enabled }} {{- if .Values.rbac.create -}} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRole diff --git a/bitnami/kubeapps/values.yaml b/bitnami/kubeapps/values.yaml index 1edd654050a24d..05d8afa2b651fb 100644 --- a/bitnami/kubeapps/values.yaml +++ b/bitnami/kubeapps/values.yaml @@ -136,6 +136,26 @@ ingress: ## secrets: [] +## @section Kubeapps packaging options +## Note: the helm and flux plugins are mutually exclusive, you can only +## enable one or the other since they both operate on Helm release objects. +## Enabling carvel or flux does *not* install the required related Carvel or +## Flux controllers on your cluster. Please read the documentation for running +## Kubeapps with Carvel or Flux support. +packaging: + ## Default helm packaging + ## @param packaging.helm.enabled Enable the standard Helm packaging. + helm: + enabled: true + ## Carvel packaging + ## @param packaging.carvel.enabled Enable support for the Carvel (kapp-controller) packaging. + carvel: + enabled: false + ## Flux (v2) packaging + ## @param packaging.flux.enabled Enable support for Flux (v2) packaging. + flux: + enabled: false + ## @section Frontend parameters ## Frontend parameters @@ -1609,16 +1629,14 @@ postgresql: ## @section kubeappsapis parameters kubeappsapis: - ## @param kubeappsapis.enabledPlugins Enabled plugins for the Kubeapps-APIs service - ## e.g: - ## enabledPlugins: - ## - helm - ## - fluxv2 - ## - kapp-controller + ## @param kubeappsapis.enabledPlugins Manually override which plugins are enabled for the Kubeapps-APIs service + ## + ## NOTE: normally this should remain blank, with the top-level `packaging` + ## value automatically determining which plugins should be enabled. Only + ## set this value if you want to manually override the list of plugins + ## enabled for the service. ## enabledPlugins: - - helm - - resources pluginConfig: core: packages: @@ -1848,18 +1866,12 @@ kubeappsapis: ## @section Redis™ chart configuration ## ref: https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml ## +## Redis will be enabled and installed if `packages.flux.enabled` is true. redis: ## @param redis.redisPassword Password used in Redis™ ## ref: https://github.com/bitnami/bitnami-docker-redis/blob/master/README.md#setting-the-server-password-on-first-run ## redisPassword: "" - ## @param redis.enabled Enable the Redis™ deployment when deploying Kubeapps APIs. - ## We currently have the situation that Redis is required for the fluxv2 plugin only. - ## Until such a point that we're releasing with the fluxv2 plugin enabled, or the - ## plugin cache support has been generalised so all plugins use Redis, we'll need - ## to manually enable this in dev while ensuring it is false for releases (as it - ## is a conditional dependency in the Chart.yaml). - enabled: false master: ## @param redis.master.extraFlags Array with additional command line flags for Redis™ master extraFlags: