From cba070980f9e586cefc78224e0ac6e852fd91301 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Thu, 14 Nov 2024 15:22:17 -0500 Subject: [PATCH] readme --- charts/cryostat/README.md | 17 +++++++++-------- charts/cryostat/values.schema.json | 15 +++++++++++++++ charts/cryostat/values.yaml | 1 + 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index 25768c1..79ac941 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -169,14 +169,15 @@ helm install cryostat ./charts/cryostat ### OAuth2 Proxy -| Name | Description | Value | -| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `oauth2Proxy.image.repository` | Repository for the OAuth2 Proxy container image | `quay.io/oauth2-proxy/oauth2-proxy` | -| `oauth2Proxy.image.pullPolicy` | Image pull policy for the OAuth2 Proxy container image | `Always` | -| `oauth2Proxy.image.tag` | Tag for the OAuth2 Proxy container image | `latest` | -| `oauth2Proxy.resources.requests.cpu` | CPU resource request for the OAuth2 Proxy container. | `25m` | -| `oauth2Proxy.resources.requests.memory` | Memory resource request for the OAuth2 Proxy container. | `64Mi` | -| `oauth2Proxy.securityContext` | Security Context for the OAuth2 Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1). If the chart is installed in default namespaces (e.g. default), `securityContext.runAsUser` must be set if the proxy image does not specify a numeric non-root user. This is due to OpenShift Security Context Constraints are not applied in default namespaces. See [Understanding and Managing Pod Security Admission](https://docs.openshift.com/container-platform/4.15/authentication/understanding-and-managing-pod-security-admission.html#psa-privileged-namespaces_understanding-and-managing-pod-security-admission). | `{}` | +| Name | Description | Value | +| ------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `oauth2Proxy.image.repository` | Repository for the OAuth2 Proxy container image | `quay.io/oauth2-proxy/oauth2-proxy` | +| `oauth2Proxy.image.pullPolicy` | Image pull policy for the OAuth2 Proxy container image | `Always` | +| `oauth2Proxy.image.tag` | Tag for the OAuth2 Proxy container image | `latest` | +| `oauth2Proxy.service.tls.enableSelfSigned` | Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used. | `true` | +| `oauth2Proxy.resources.requests.cpu` | CPU resource request for the OAuth2 Proxy container. | `25m` | +| `oauth2Proxy.resources.requests.memory` | Memory resource request for the OAuth2 Proxy container. | `64Mi` | +| `oauth2Proxy.securityContext` | Security Context for the OAuth2 Proxy container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1). If the chart is installed in default namespaces (e.g. default), `securityContext.runAsUser` must be set if the proxy image does not specify a numeric non-root user. This is due to OpenShift Security Context Constraints are not applied in default namespaces. See [Understanding and Managing Pod Security Admission](https://docs.openshift.com/container-platform/4.15/authentication/understanding-and-managing-pod-security-admission.html#psa-privileged-namespaces_understanding-and-managing-pod-security-admission). | `{}` | ### OpenShift OAuth Proxy diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json index 0521c88..b36e762 100644 --- a/charts/cryostat/values.schema.json +++ b/charts/cryostat/values.schema.json @@ -739,6 +739,21 @@ } } }, + "service": { + "type": "object", + "properties": { + "tls": { + "type": "object", + "properties": { + "enableSelfSigned": { + "type": "boolean", + "description": "Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used.", + "default": true + } + } + } + } + }, "resources": { "type": "object", "properties": { diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index 56c0d26..bcb3753 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -269,6 +269,7 @@ oauth2Proxy: tag: "latest" service: tls: + ## @param oauth2Proxy.service.tls.enableSelfSigned Whether a self-signed TLS certificate for oauth2-proxy HTTPS is generated and used. enableSelfSigned: true resources: requests: