diff --git a/README.md b/README.md index f5d485e..bee4f31 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # Gremlin Helm Charts -This repository hosts the official **Gremlin Helm Charts** to deploy **Gremlin** products to [Kubernetes](https://kubernetes.io/) +This repository hosts the official **Gremlin Helm Charts** to deploy **Gremlin** products +to [Kubernetes](https://kubernetes.io/) ## Install Helm @@ -10,8 +11,13 @@ Get the latest [Helm release](https://github.com/kubernetes/helm#install). Add this Chart repo to Helm, and install: -```console +```shell helm repo add gremlin https://helm.gremlin.com/ +```` + +### Gremlin + +```shell helm install gremlin gremlin/gremlin \ --namespace gremlin \ --set gremlin.secret.managed=true \ @@ -21,7 +27,34 @@ helm install gremlin gremlin/gremlin \ --set gremlin.secret.teamSecret=YOUR-TEAM-SECRET ``` -For more detailed instructions, see the chart's documentation [here](https://github.com/gremlin/helm/blob/master/gremlin/README.md). +For more detailed instructions, see the chart's +documentation [here](https://github.com/gremlin/helm/blob/master/gremlin/README.md). + +### Gremlin Integration + +#### Secret Auth + +```shell +helm install gremlin-integrations gremlin/gremlin-integrations \ + --namespace gremlin \ + --set gremlin.secret.managed=true \ + --set gremlin.secret.type=secret \ + --set gremlin.secret.teamID=YOUR-TEAM-ID \ + --set gremlin.secret.teamSecret=YOUR-TEAM-SECRET +``` + +#### Certificate Auth + +```shell +helm install gremlin-integrations gremlin/gremlin-integrations \ + --namespace gremlin \ + --set gremlin.secret.teamID=YOUR-TEAM-ID \ + --set-file gremlin.secret.certificate=PATH_TO_CERTIFICATE \ + --set-file gremlin.secret.key=PATH_TO_PRIVATE_KEY +``` + +For more detailed instructions, see the chart's +documentation [here](https://github.com/gremlin/helm/blob/master/gremlin-integrations/README.md). ## Reporting Issues diff --git a/gremlin-integrations/.helmignore b/gremlin-integrations/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/gremlin-integrations/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/gremlin-integrations/Chart.yaml b/gremlin-integrations/Chart.yaml new file mode 100644 index 0000000..3f60b1f --- /dev/null +++ b/gremlin-integrations/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: gremlin-integrations +description: The Gremlin Inc integration agent application + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.2" +home: https://www.gremlin.com +maintainers: + - name: Gremlin Development + email: dev@gremlin.com diff --git a/gremlin-integrations/README.md b/gremlin-integrations/README.md new file mode 100644 index 0000000..75c2a17 --- /dev/null +++ b/gremlin-integrations/README.md @@ -0,0 +1,194 @@ +# Gremlin Integrations Client Helm Chart + +## Prerequisites + +* Kubernetes with apps/v1 available + +## Configuration + +This chart will install the gremlin integrations client on the specified namespace. + +The following table lists common configurable parameters of the chart and their default values. See +values.yaml for all available options. + +| Parameter | Description | Default | +|----------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------| +| `image.pullPolicy` | Container pull policy | `Always` | +| `image.pullSecret` | Pull secret for a private registry | `""` (When empty, no authentication is used) | +| `image.repository` | Container image to use | `gremlin/gremlin-integrations` | +| `image.tag` | Container image tag to deploy | `latest` | +| `nodeSelector` | Map of node labels for pod assignment for the `gremlin-integrations` container | `{}` | +| `tolerations` | List of node taints to tolerate for the `gremlin-integrations` container | `[]` | +| `affinity` | Map of node/pod affinities for the `gremlin-integrations` container | `{}` | +| `gremlin.serviceAccount.create` | Specifies whether Gremlin's kubernetes service account should be created by this helm chart | `true` | +| `gremlin.serviceUrl` | Specifies the Control Plane endpoint URL | `https://api.gremlin.com/v1` | +| `gremlin.allowList` | Whitelist URLs in order to allow access only to specific set of endpoints | `""` | +| `gremlin.secret.managed` | Specifies whether Gremlin should manage its secrets with Helm | `false` | +| `gremlin.secret.type` | The type of certificate to use, can be either `certificate` or `secret` | `certificate` | +| `gremlin.secret.name` | The name of certificate to use, like in the case of pointing to an eternally managed secret | `gremlin-team-cert` | +| `gremlin.secret.teamID` | Gremlin Team ID to authenticate with | `""` | +| `gremlin.secret.certificate` | Contents of the certificate. Required if using managed secrets of `type=certificate` | `""` | +| `gremlin.secret.key` | Contents of the private key. Required if using managed secrets of `type=certificate` | `""` | +| `gremlin.secret.teamSecret` | Gremlin's team secret. Required if using managed secrets of `type=secret` | `""` | +| `gremlin.resources` | Set resource requests and limits | `{}` +| `gremlin.proxy.url` | Specifies the http proxy the agent should use to communicate with api.gremlin.com. | `""` (ignored) | | +| `ssl.certFile` | Add a certificate file to Gremlin's set of certificate authorities. This argument expects a file containing the certificate(s) you wish to add. When set, this chart creates secret (`integrations-ssl-cert-file`) with the file contents. This value is ignored when blank or absent. | `""` (ignored) | +| `ssl.certDir` | sets the SSL_CERT_DIR environment variable on the both agents. Unlike ssl.certFile, this value accepts only a path to an existing directory on the Kubernetes nodes. This value is ignored when blank or absent. | `""` (ignored) | + +Specify each parameter using the `--set[-file] key=value[,key=value]` argument to `helm install`. + +**Example Usage** + +```shell +$ helm install gremlin-integrations gremlin/gremlin-integrations \ + --set gremlin.secret.managed=true \ + --set gremlin.secret.type=certificate \ + --set gremlin.secret.teamID=$GREMLIN_TEAM_ID \ + --set-file gremlin.secret.certificate=/path/to/gremlin.cert \ + --set-file gremlin.secret.key=/path/to/gremlin.key \ + --set 'tolerations[0].effect=NoSchedule' \ + --set 'tolerations[0].key=node-role.kubernetes.io/master' \ + --set 'tolerations[0].operator=Exists' +``` + +_note_: Depending on your shell you may need different quoting around `tolerations[0]` + +## Installation + +All Gremlin Integrations installations require authentication with our Gremlin control plane. There +are two types of authentication available to Gremlin and Helm: `certificate`, and `secret`. You can +find out more about these authentication +types [here](https://www.gremlin.com/docs/infrastructure-layer/authentication/). + +For this Helm chart, you'll need to download your team certificate or team secret from the Gremlin +app. + +**Certificate** + +1. go to [Company Settings](https://app.gremlin.com/settings/teams), and select your team, and + then `Configuration` +2. Click on the button labeled `Download` next to `Certificates` (If you don't see a button + labelled `Download`, click on `Create New` to generate a new certificate) +3. When you unzip the downloaded file, you will see two files named `TEAM_NAME-client.priv_key.pem` + and `TEAM_NAME-client.pub_cert.pem`. Rename these to `gremlin.key` and `gremlin.cert` + respectively. These will be refered to as `/path/to/gremlin.cert` and `/path/to/gremlin.key` in + later instructions. + +**Secret** + +1. go to [Company Settings](https://app.gremlin.com/settings/teams), and select your team, and + then `Configuration` +2. Click on the button labeled `New` next to `Secret Key` (If you don't see a button labeled `New`, + it's already been created. Talk to your administrator who should have the key or click + the `Reset` button to create a new one) +3. You should see a value named `GREMLIN_TEAM_SECRET`, this will be refered to + as `$GREMLIN_TEAM_SECRET` in later instructions + +### With Managed Secrets + +Some find it preferable to have this chart manage Gremlin's secret values instead of administrating +them outside of Helm. + +#### For certificate auth + +```shell +helm install gremlin-integrations gremlin/gremlin-integrations \ + --namespace gremlin \ + --set gremlin.secret.teamID=$GREMLIN_TEAM_ID \ + --set-file gremlin.secret.certificate=/path/to/gremlin.cert \ + --set-file gremlin.secret.key=/path/to/gremlin.key +``` + +#### For secret auth + +```shell +helm install gremlin-integrations gremlin/gremlin-integrations \ + --namespace gremlin \ + --set gremlin.secret.managed=true \ + --set gremlin.secret.type=secret \ + --set gremlin.secret.teamID=$GREMLIN_TEAM_ID \ + --set gremlin.secret.teamSecret=$GREMLIN_TEAM_SECRET +``` + +### Without Managed Secrets + +If you do not want this Chart to manage the kubernetes secrets for Gremlin, point this chart to your +external secret with `gremlin.secret.name` and `gremlin.secret.type` + +##### For secret auth + +Create the external secret + +```shell +kubectl create secret generic gremlin-team-secret \ + --namespace gremlin \ + --from-literal=GREMLIN_TEAM_ID=$GREMLIN_TEAM_ID \ + --from-literal=GREMLIN_TEAM_SECRET=$GREMLIN_TEAM_SECRET \ +``` + +Install the Helm chart + +```shell +helm install gremlin-integrations gremlin/gremlin-integrations \ + --namespace gremlin \ + --set gremlin.secret.name=gremlin-team-secret \ + --set gremlin.secret.type=secret # Default is gremlin.secret.type=certificate +``` + +#### For certificate auth + +Create the external secret + +```shell +kubectl create secret generic gremlin-team-cert \ + --namespace gremlin \ + --from-literal=GREMLIN_TEAM_ID=$GREMLIN_TEAM_ID \ + --from-file=gremlin.cert=/path/to/gremlin.cert \ + --from-file=gremlin.key=/path/to/gremlin.key +``` + +```shell +helm install gremlin-integrations gremlin/gremlin-integrations \ + --namespace gremlin \ + --set gremlin.secret.name=gremlin-team-cert +``` + +### With an HTTP_PROXY + +Gremlin can be configured to communicate with api.gremlin.com through an http_proxy. You can set +this proxy with `gremlin.proxy.url`. + +```shell +helm install gremlin-integrations gremlin/gremlin-integrations \ + --namespace gremlin \ + --set gremlin.secret.managed=true \ + --set gremlin.secret.teamID=$GREMLIN_TEAM_ID \ + --set-file gremlin.secret.certificate=/path/to/gremlin.cert \ + --set-file gremlin.secret.key=/path/to/gremlin.key \ + --set gremlin.proxy.url=http://proxy.net:3128 +``` + +#### HTTPS_PROXY with custom certificate authority + +```shell +helm install gremlin-integrations gremlin/gremlin \ + --namespace gremlin \ + --set gremlin.secret.managed=true \ + --set gremlin.secret.teamID=$GREMLIN_TEAM_ID \ + --set-file gremlin.secret.certificate=/path/to/gremlin.cert \ + --set-file gremlin.secret.key=/path/to/gremlin.key \ + --set gremlin.proxy.url=https://proxy.net:3128 \ + --set-file ssl.certFile=$HOME/Workspace/proxy/ca.pem +``` + +## Uninstallation + +```shell +helm delete gremlin-integrations +``` + +To delete the deployment and its history: + +```shell +helm delete --purge gremlin-integrations +``` \ No newline at end of file diff --git a/gremlin-integrations/templates/_helpers.tpl b/gremlin-integrations/templates/_helpers.tpl new file mode 100644 index 0000000..8768961 --- /dev/null +++ b/gremlin-integrations/templates/_helpers.tpl @@ -0,0 +1,117 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gremlin-integrations.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gremlin-integrations.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gremlin-integrations.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gremlin-integrations.labels" -}} +helm.sh/chart: {{ include "gremlin-integrations.chart" . }} +{{ include "gremlin-integrations.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gremlin-integrations.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gremlin-integrations.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gremlin-integrations.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "gremlin-integrations.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Because we've evolved the recommended way to pass the secret name over time, we hide the following order of operations behind this computed value: +In later versions of this chart, we will remove the use of `.Values.gremlin.client.secretName` and the fallback value of `gremlin-team-cert` +*/}} +{{- define "gremlin.secretName" -}} +{{- if .Values.gremlin.secret.managed -}} +{{- default .Values.gremlin.client.secretName .Values.gremlin.secret.name | default "gremlin-integrations-secret" -}} +{{- else -}} +{{- default .Values.gremlin.client.secretName .Values.gremlin.secret.name | default "gremlin-integrations-team-cert" -}} +{{- end -}} +{{- end -}} + +{{- define "gremlinServiceUrl" -}} +{{- if .Values.gremlin.serviceUrl -}} +{{- .Values.gremlin.serviceUrl -}} +{{- else -}} +{{- "https://api.gremlin.com/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a computed value for the intended Gremlin secret type which can either be `certificate` or `secret` +*/}} +{{- define "gremlin.secretType" -}} +{{- if .Values.gremlin.secret.type -}} +{{- .Values.gremlin.secret.type -}} +{{- else -}} +{{- if .Values.gremlin.client.certCreateSecret -}} +{{- "certificate" -}} +{{- else if .Values.gremlin.secret.managed -}} +{{- if .Values.gremlin.secret.teamSecret -}} +{{- "secret" -}} +{{- else -}} +{{- "certificate" -}} +{{- end -}} +{{- else -}} +{{- "certificate" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "gremlin.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gremlin.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} \ No newline at end of file diff --git a/gremlin-integrations/templates/deployment.yaml b/gremlin-integrations/templates/deployment.yaml new file mode 100644 index 0000000..9bbdb9f --- /dev/null +++ b/gremlin-integrations/templates/deployment.yaml @@ -0,0 +1,111 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "gremlin-integrations.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "gremlin-integrations.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "gremlin-integrations.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gremlin-integrations.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gremlin-integrations.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: GREMLIN_TEAM_ID + {{- /* If we aren't managing this secret and a teamID was supplied, assume teamID is not in the external secret */}} + {{- if (and (not .Values.gremlin.secret.managed) (default .Values.gremlin.teamID .Values.gremlin.secret.teamID)) }} + value: {{ default .Values.gremlin.teamID .Values.gremlin.secret.teamID | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ include "gremlin.secretName" . }} + key: GREMLIN_TEAM_ID + {{- end }} + - name: GREMLIN_SERVICE_URL + value: {{ include "gremlinServiceUrl" .}} + {{- if (eq (include "gremlin.secretType" .) "secret") }} + - name: GREMLIN_TEAM_SECRET + valueFrom: + secretKeyRef: + name: {{ include "gremlin.secretName" . }} + key: GREMLIN_TEAM_SECRET + {{- else }} + - name: GREMLIN_TEAM_CERTIFICATE_OR_FILE + value: file:///var/lib/gremlin/cert/gremlin.cert + - name: GREMLIN_TEAM_PRIVATE_KEY_OR_FILE + value: file:///var/lib/gremlin/cert/gremlin.key + {{- end }} + {{- if .Values.gremlin.allowList }} + - name: GREMLIN_INTEGRATION_AGENT_ALLOW_LIST + value: {{ .Values.gremlin.allowList }} + {{- end }} + {{- if .Values.gremlin.proxy.url }} + - name: https_proxy + value: {{ .Values.gremlin.proxy.url }} + - name: no_proxy + value: $(KUBERNETES_SERVICE_HOST):$(KUBERNETES_SERVICE_PORT) + {{- end }} + {{- if .Values.ssl.certFile }} + - name: SSL_CERT_FILE + value: /etc/gremlin/ssl/certfile.pem + {{- end }} + {{- if .Values.ssl.certDir }} + - name: SSL_CERT_DIR + value: {{ .Values.ssl.certDir }} + {{- end }} + volumeMounts: + {{- if (eq (include "gremlin.secretType" .) "certificate") }} + - name: gremlin-cert + mountPath: /var/lib/gremlin/cert + readOnly: true + {{- end }} + {{- if .Values.ssl.certFile }} + - name: integrations-ssl-cert-file + mountPath: /etc/gremlin/ssl + readOnly: true + {{- end }} + volumes: + {{- if (eq (include "gremlin.secretType" .) "certificate") }} + - name: gremlin-cert + secret: + secretName: {{ include "gremlin.secretName" . }} + {{- end }} + {{- if .Values.ssl.certFile }} + - name: integrations-ssl-cert-file + secret: + secretName: integrations-ssl-cert-file + {{ end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/gremlin-integrations/templates/secret-ssl-cert-file.yaml b/gremlin-integrations/templates/secret-ssl-cert-file.yaml new file mode 100644 index 0000000..88faa19 --- /dev/null +++ b/gremlin-integrations/templates/secret-ssl-cert-file.yaml @@ -0,0 +1,17 @@ +{{- if .Values.ssl.certFile }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: integrations-ssl-cert-file + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gremlin.name" . }} + helm.sh/chart: {{ include "gremlin.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + version: v1 +type: kubernetes.io/Opaque +data: + certfile.pem: {{ default .Values.ssl.certFile | toString | b64enc }} +{{- end }} diff --git a/gremlin-integrations/templates/secret.yaml b/gremlin-integrations/templates/secret.yaml new file mode 100644 index 0000000..8f992c2 --- /dev/null +++ b/gremlin-integrations/templates/secret.yaml @@ -0,0 +1,26 @@ +{{- if (default .Values.gremlin.client.certCreateSecret .Values.gremlin.secret.managed) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gremlin.secretName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gremlin.name" . }} + helm.sh/chart: {{ include "gremlin.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + version: v1 +type: kubernetes.io/Opaque +stringData: + GREMLIN_TEAM_ID: {{ default .Values.gremlin.teamID .Values.gremlin.secret.teamID | required "required: .Values.gremlin.secret.teamID" | toString }} +{{- if (eq (include "gremlin.secretType" .) "secret") }} + GREMLIN_TEAM_SECRET: {{ .Values.gremlin.secret.teamSecret | required "required: .Values.gremlin.secret.teamSecret" | toString }} +{{- else if (eq (include "gremlin.secretType" .) "certificate") }} + GREMLIN_TEAM_CERTIFICATE_OR_FILE: file:///var/lib/gremlin/cert/gremlin.cert + GREMLIN_TEAM_PRIVATE_KEY_OR_FILE: file:///var/lib/gremlin/cert/gremlin.key +data: + gremlin.cert: {{ default .Values.gremlin.client.certContent .Values.gremlin.secret.certificate | required "required: .Values.gremlin.secret.certificate" | toString | b64enc }} + gremlin.key: {{ default .Values.gremlin.client.keyContent .Values.gremlin.secret.key | required "required: .Values.gremlin.secret.key" | toString | b64enc }} +{{- end }} +{{- end }} diff --git a/gremlin-integrations/templates/serviceaccount.yaml b/gremlin-integrations/templates/serviceaccount.yaml new file mode 100644 index 0000000..7dfa95c --- /dev/null +++ b/gremlin-integrations/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gremlin-integrations.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "gremlin-integrations.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/gremlin-integrations/values.yaml b/gremlin-integrations/values.yaml new file mode 100644 index 0000000..2630e44 --- /dev/null +++ b/gremlin-integrations/values.yaml @@ -0,0 +1,78 @@ +# Default values for gremlin-integrations. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: gremlin/gremlin-integrations + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: latest + +imagePullSecrets: [ ] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: { } + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "gremlin-integrations" + +podAnnotations: { } + +podSecurityContext: { } +# fsGroup: 2000 + +securityContext: { } + +resources: { } +nodeSelector: { } + +tolerations: [ ] + +affinity: { } + +ssl: + # ssl.certFile - + # Add a certificate file to Gremlin's set of certificate authorities. This argument expects a file containing the + # certificate(s) you wish to add. When set, this chart creates secret (`ssl-cert-file`) with the contents and passes + # it to both agents. This value is ignored when blank or absent. + certFile: + # ssl.certDir - + # sets the SSL_CERT_DIR environment variable on the both agents. Unlike ssl.certFile, this value accepts only a + # path to an existing directory on the Kubernetes nodes. This value is ignored when blank or absent. + certDir: + +gremlin: + secret: + # Gremlin supports both `certificate` and `secret` types + # To manage secrets with helm, set `managed=true` and fill in either the certificate auth or secret auth sections + type: certificate + managed: false + # team identifier (e.g. 11111111-1111-1111-1111-111111111111) + teamID: + + ## Certificate auth requires: `certificate` and `key` + # team certificate (e.g. -----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----) + certificate: + # team private key (e.g. -----BEGIN EC PRIVATE KEY-----...-----END EC PRIVATE KEY-----) + key: + + ## Secret auth requires: `teamSecret` + # team secret (e.g. 00000000-0000-0000-0000-000000000000) + teamSecret: + allowList: "" + proxy: + # gremlin.proxy.url - + # Specifies the http proxy that the Gremlin Agent and Gremlin Kubernetes agent should use to communicate with + # api.gremlin.com. This value is ignored when blank or absent. + url: + client: + certCreateSecret: + +