Skip to content

Commit

Permalink
readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewazores
andrewazores committed Nov 14, 2024
1 parent 8193384 commit cba0709
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 8 deletions.
17 changes: 9 additions & 8 deletions charts/cryostat/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,14 +169,15 @@ helm install cryostat ./charts/cryostat

### OAuth2 Proxy

| Name | Description | Value |
| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `oauth2Proxy.image.repository` | Repository for the OAuth2 Proxy container image | `quay.io/oauth2-proxy/oauth2-proxy` |
| `oauth2Proxy.image.pullPolicy` | Image pull policy for the OAuth2 Proxy container image | `Always` |
| `oauth2Proxy.image.tag` | Tag for the OAuth2 Proxy container image | `latest` |
| `oauth2Proxy.resources.requests.cpu` | CPU resource request for the OAuth2 Proxy container. | `25m` |
| `oauth2Proxy.resources.requests.memory` | Memory resource request for the OAuth2 Proxy container. | `64Mi` |
| `oauth2Proxy.securityContext` | Security Context for the OAuth2 Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1). If the chart is installed in default namespaces (e.g. default), `securityContext.runAsUser` must be set if the proxy image does not specify a numeric non-root user. This is due to OpenShift Security Context Constraints are not applied in default namespaces. See [Understanding and Managing Pod Security Admission](https://docs.openshift.com/container-platform/4.15/authentication/understanding-and-managing-pod-security-admission.html#psa-privileged-namespaces_understanding-and-managing-pod-security-admission). | `{}` |
| Name | Description | Value |
| ------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `oauth2Proxy.image.repository` | Repository for the OAuth2 Proxy container image | `quay.io/oauth2-proxy/oauth2-proxy` |
| `oauth2Proxy.image.pullPolicy` | Image pull policy for the OAuth2 Proxy container image | `Always` |
| `oauth2Proxy.image.tag` | Tag for the OAuth2 Proxy container image | `latest` |
| `oauth2Proxy.service.tls.enableSelfSigned` | Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used. | `true` |
| `oauth2Proxy.resources.requests.cpu` | CPU resource request for the OAuth2 Proxy container. | `25m` |
| `oauth2Proxy.resources.requests.memory` | Memory resource request for the OAuth2 Proxy container. | `64Mi` |
| `oauth2Proxy.securityContext` | Security Context for the OAuth2 Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1). If the chart is installed in default namespaces (e.g. default), `securityContext.runAsUser` must be set if the proxy image does not specify a numeric non-root user. This is due to OpenShift Security Context Constraints are not applied in default namespaces. See [Understanding and Managing Pod Security Admission](https://docs.openshift.com/container-platform/4.15/authentication/understanding-and-managing-pod-security-admission.html#psa-privileged-namespaces_understanding-and-managing-pod-security-admission). | `{}` |

### OpenShift OAuth Proxy

Expand Down
15 changes: 15 additions & 0 deletions charts/cryostat/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -739,6 +739,21 @@
}
}
},
"service": {
"type": "object",
"properties": {
"tls": {
"type": "object",
"properties": {
"enableSelfSigned": {
"type": "boolean",
"description": "Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used.",
"default": true
}
}
}
}
},
"resources": {
"type": "object",
"properties": {
Expand Down
1 change: 1 addition & 0 deletions charts/cryostat/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,7 @@ oauth2Proxy:
tag: "latest"
service:
tls:
## @param oauth2Proxy.service.tls.enableSelfSigned Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used.
enableSelfSigned: true
resources:
requests:
Expand Down

0 comments on commit cba0709

Please sign in to comment.