From f20e5fb972200ac97d84c88bb2454c00ab2bdba4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Valais?= Date: Mon, 30 Sep 2024 14:21:50 +0200 Subject: [PATCH] forgot to run "make generate" --- .../charts/venafi-kubernetes-agent/README.md | 39 +++--- .../values.schema.json | 111 +++++++++++------- make/02_mod.mk | 4 +- 3 files changed, 94 insertions(+), 60 deletions(-) diff --git a/deploy/charts/venafi-kubernetes-agent/README.md b/deploy/charts/venafi-kubernetes-agent/README.md index 78b8c27d..bfb6cc78 100644 --- a/deploy/charts/venafi-kubernetes-agent/README.md +++ b/deploy/charts/venafi-kubernetes-agent/README.md @@ -63,7 +63,6 @@ The timeout before a metrics scrape fails. > ``` Additional labels to add to the PodMonitor. - #### **metrics.podmonitor.annotations** ~ `object` > Default value: > ```yaml @@ -96,9 +95,6 @@ endpointAdditionalProperties: - __meta_kubernetes_pod_node_name targetLabel: instance ``` - - - #### **replicaCount** ~ `number` > Default value: > ```yaml @@ -113,7 +109,6 @@ default replicas, do not scale up > ``` The container image for the Venafi Enhanced Issuer manager. - #### **image.pullPolicy** ~ `string` > Default value: > ```yaml @@ -121,7 +116,6 @@ The container image for the Venafi Enhanced Issuer manager. > ``` Kubernetes imagePullPolicy on Deployment. - #### **image.tag** ~ `string` > Default value: > ```yaml @@ -129,14 +123,14 @@ Kubernetes imagePullPolicy on Deployment. > ``` Overrides the image tag whose default is the chart appVersion. - #### **imagePullSecrets** ~ `array` > Default value: > ```yaml > [] > ``` -Specify image pull credentials if using a private registry example: - name: my-pull-secret +Specify image pull credentials if using a private registry. Example: + - name: my-pull-secret #### **nameOverride** ~ `string` > Default value: > ```yaml @@ -157,22 +151,21 @@ Helm default setting, use this to shorten the full install name. > true > ``` -Specifies whether a service account should be created +Specifies whether a service account should be created. #### **serviceAccount.annotations** ~ `object` > Default value: > ```yaml > {} > ``` -Annotations YAML to add to the service account +Annotations YAML to add to the service account. #### **serviceAccount.name** ~ `string` > Default value: > ```yaml > "" > ``` -The name of the service account to use. -If blank and `serviceAccount.create` is true, a name is generated using the fullname template of the release. +The name of the service account to use. If blank and `serviceAccount.create` is true, a name is generated using the fullname template of the release. #### **podAnnotations** ~ `object` > Default value: > ```yaml @@ -186,7 +179,17 @@ Additional YAML annotations to add the the pod. > {} > ``` -Optional Pod (all containers) `SecurityContext` options, see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod. +Optional Pod (all containers) `SecurityContext` options, see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod. + +Example: + + podSecurityContext + +```yaml +runAsUser: 1000 +runAsGroup: 3000 +fsGroup: 2000 +``` #### **http_proxy** ~ `string` Configures the HTTP_PROXY environment variable where a HTTP proxy is required. @@ -267,7 +270,7 @@ Specify the command to run overriding default binary. > ``` Specify additional arguments to pass to the agent binary. -For example `["--strict", "--oneshot"]` +Example: `["--strict", "--oneshot"]` #### **volumes** ~ `array` > Default value: > ```yaml @@ -372,21 +375,23 @@ Account in the Venafi Control Plane. > 0h1m0s > ``` -Send data back to the platform every minute unless changed +Send data back to the platform every minute unless changed. #### **config.clusterName** ~ `string` > Default value: > ```yaml > "" > ``` -Name for the cluster resource if it needs to be created in Venafi Control Plane +Name for the cluster resource if it needs to be created in Venafi Control +Plane. #### **config.clusterDescription** ~ `string` > Default value: > ```yaml > "" > ``` -Description for the cluster resource if it needs to be created in Venafi Control Plane +Description for the cluster resource if it needs to be created in Venafi +Control Plane. #### **config.ignoredSecretTypes[0]** ~ `string` > Default value: > ```yaml diff --git a/deploy/charts/venafi-kubernetes-agent/values.schema.json b/deploy/charts/venafi-kubernetes-agent/values.schema.json index 0d5162c8..38174f31 100644 --- a/deploy/charts/venafi-kubernetes-agent/values.schema.json +++ b/deploy/charts/venafi-kubernetes-agent/values.schema.json @@ -86,7 +86,7 @@ }, "helm-values.affinity": { "default": {}, - "description": "-- Embed YAML for Node affinity settings, see https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/.", + "description": "Embed YAML for Node affinity settings, see\nhttps://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/.", "type": "object" }, "helm-values.authentication": { @@ -106,12 +106,12 @@ }, "helm-values.authentication.secretKey": { "default": "privatekey.pem", - "description": "-- Key name in the referenced secret", + "description": "Key name in the referenced secret", "type": "string" }, "helm-values.authentication.secretName": { "default": "agent-credentials", - "description": "-- Name of the secret containing the private key", + "description": "Name of the secret containing the private key", "type": "string" }, "helm-values.authentication.venafiConnection": { @@ -131,22 +131,22 @@ }, "helm-values.authentication.venafiConnection.enabled": { "default": false, - "description": "-- When set to true, the Venafi Kubernetes Agent will authenticate to\nVenafi using the configuration in a VenafiConnection resource. Use `venafiConnection.enabled=true` for [secretless authentication](https://docs.venafi.cloud/vaas/k8s-components/t-install-tlspk-agent/). When set to true, the `authentication.secret` values will be ignored and the. Secret with `authentication.secretName` will _not_ be mounted into the\nVenafi Kubernetes Agent Pod.", + "description": "When set to true, the Venafi Kubernetes Agent will authenticate to. Venafi using the configuration in a VenafiConnection resource. Use `venafiConnection.enabled=true` for [secretless authentication](https://docs.venafi.cloud/vaas/k8s-components/t-install-tlspk-agent/). When set to true, the `authentication.secret` values will be ignored and the. Secret with `authentication.secretName` will _not_ be mounted into the\nVenafi Kubernetes Agent Pod.", "type": "boolean" }, "helm-values.authentication.venafiConnection.name": { "default": "venafi-components", - "description": "-- The name of a VenafiConnection resource which contains the configuration\nfor authenticating to Venafi.", + "description": "The name of a VenafiConnection resource which contains the configuration for authenticating to Venafi.", "type": "string" }, "helm-values.authentication.venafiConnection.namespace": { "default": "venafi", - "description": "-- The namespace of a VenafiConnection resource which contains the\nconfiguration for authenticating to Venafi.", + "description": "The namespace of a VenafiConnection resource which contains the configuration for authenticating to Venafi.", "type": "string" }, "helm-values.command": { "default": [], - "description": "-- Specify the command to run overriding default binary.", + "description": "Specify the command to run overriding default binary.", "items": {}, "type": "array" }, @@ -179,17 +179,17 @@ }, "helm-values.config.clientId": { "default": "", - "description": "-- The client-id to be used for authenticating with the Venafi Control\nPlane. Only useful when using a Key Pair Service Account in the Venafi. Control Plane. You can obtain the cliend ID by creating a Key Pair Service\nAccount in the Venafi Control Plane.", + "description": "The client-id to be used for authenticating with the Venafi Control. Plane. Only useful when using a Key Pair Service Account in the Venafi. Control Plane. You can obtain the cliend ID by creating a Key Pair Service\nAccount in the Venafi Control Plane.", "type": "string" }, "helm-values.config.clusterDescription": { "default": "", - "description": "-- Description for the cluster resource if it needs to be created in Venafi Control Plane", + "description": "Description for the cluster resource if it needs to be created in Venafi\nControl Plane.", "type": "string" }, "helm-values.config.clusterName": { "default": "", - "description": "-- Name for the cluster resource if it needs to be created in Venafi Control Plane", + "description": "Name for the cluster resource if it needs to be created in Venafi Control\nPlane.", "type": "string" }, "helm-values.config.configmap": { @@ -242,12 +242,12 @@ }, "helm-values.config.period": { "default": "0h1m0s", - "description": "-- Send data back to the platform every minute unless changed", + "description": "Send data back to the platform every minute unless changed.", "type": "string" }, "helm-values.config.server": { "default": "https://api.venafi.cloud/", - "description": "-- API URL of the Venafi Control Plane API. For EU tenants, set this value to\nhttps://api.venafi.eu/. If you are using the VenafiConnection authentication method, you must set the API URL using the field `spec.vcp.url` on the\nVenafiConnection resource instead.", + "description": "API URL of the Venafi Control Plane API. For EU tenants, set this value to https://api.venafi.eu/. If you are using the VenafiConnection authentication method, you must set the API URL using the field `spec.vcp.url` on the\nVenafiConnection resource instead.", "type": "string" }, "helm-values.crds": { @@ -256,6 +256,9 @@ "forceRemoveValidationAnnotations": { "$ref": "#/$defs/helm-values.crds.forceRemoveValidationAnnotations" }, + "keep": { + "$ref": "#/$defs/helm-values.crds.keep" + }, "venafiConnection": { "$ref": "#/$defs/helm-values.crds.venafiConnection" } @@ -264,7 +267,12 @@ }, "helm-values.crds.forceRemoveValidationAnnotations": { "default": false, - "description": "-- The 'x-kubernetes-validations' annotation is not supported in Kubernetes 1.22 and below.\nThis annotation is used by CEL, which is a feature introduced in Kubernetes 1.25 that improves how validation is performed. This option allows to force the 'x-kubernetes-validations' annotation to be excluded, even on Kubernetes 1.25+ clusters.", + "description": "The 'x-kubernetes-validations' annotation is not supported in Kubernetes 1.22 and below. This annotation is used by CEL, which is a feature introduced in Kubernetes 1.25 that improves how validation is performed. This option allows to force the 'x-kubernetes-validations' annotation to be excluded, even on Kubernetes 1.25+ clusters.", + "type": "boolean" + }, + "helm-values.crds.keep": { + "default": false, + "description": "This option makes it so that the \"helm.sh/resource-policy\": keep annotation is added to the CRD. This will prevent Helm from uninstalling the CRD when the Helm release is uninstalled.", "type": "boolean" }, "helm-values.crds.venafiConnection": { @@ -278,18 +286,18 @@ }, "helm-values.crds.venafiConnection.include": { "default": false, - "description": "-- When set to false, the rendered output does not contain the\nVenafiConnection CRDs and RBAC. This is useful for when the. Venafi Connection resources are already installed separately.", + "description": "When set to false, the rendered output does not contain the. VenafiConnection CRDs and RBAC. This is useful for when the. Venafi Connection resources are already installed separately.", "type": "boolean" }, "helm-values.extraArgs": { "default": [], - "description": "-- Specify additional arguments to pass to the agent binary.\nFor example `[\"--strict\", \"--oneshot\"]`", + "description": "Specify additional arguments to pass to the agent binary.\nExample: `[\"--strict\", \"--oneshot\"]`", "items": {}, "type": "array" }, "helm-values.fullnameOverride": { "default": "", - "description": "-- Helm default setting, use this to shorten the full install name.", + "description": "Helm default setting, use this to shorten the full install name.", "type": "string" }, "helm-values.global": { @@ -311,23 +319,31 @@ }, "repository": { "$ref": "#/$defs/helm-values.image.repository" + }, + "tag": { + "$ref": "#/$defs/helm-values.image.tag" } }, "type": "object" }, "helm-values.image.pullPolicy": { "default": "IfNotPresent", - "description": "-- Defaults to only pull if not already present", + "description": "Kubernetes imagePullPolicy on Deployment.", "type": "string" }, "helm-values.image.repository": { "default": "registry.venafi.cloud/venafi-agent/venafi-agent", - "description": "-- Default to Open Source image repository", + "description": "The container image for the Venafi Enhanced Issuer manager.", + "type": "string" + }, + "helm-values.image.tag": { + "default": "v0.0.0", + "description": "Overrides the image tag whose default is the chart appVersion.", "type": "string" }, "helm-values.imagePullSecrets": { "default": [], - "description": "-- Specify image pull credentials if using a private registry\nexample: - name: my-pull-secret", + "description": "Specify image pull credentials if using a private registry. Example:\n - name: my-pull-secret", "items": {}, "type": "array" }, @@ -345,7 +361,7 @@ }, "helm-values.metrics.enabled": { "default": true, - "description": "-- Enable the metrics server.\nIf false, the metrics server will be disabled and the other metrics fields below will be ignored.", + "description": "Enable the metrics server.\nIf false, the metrics server will be disabled and the other metrics fields below will be ignored.", "type": "boolean" }, "helm-values.metrics.podmonitor": { @@ -383,51 +399,51 @@ }, "helm-values.metrics.podmonitor.annotations": { "default": {}, - "description": "-- Additional annotations to add to the PodMonitor.", + "description": "Additional annotations to add to the PodMonitor.", "type": "object" }, "helm-values.metrics.podmonitor.enabled": { "default": false, - "description": "-- Create a PodMonitor to add the metrics to Prometheus, if you are using Prometheus Operator.\nSee https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitor", + "description": "Create a PodMonitor to add the metrics to Prometheus, if you are using Prometheus Operator. See https://prometheus-operator.dev/docs/operator/api/#monitoring.coreos.com/v1.PodMonitor", "type": "boolean" }, "helm-values.metrics.podmonitor.endpointAdditionalProperties": { "default": {}, - "description": "-- EndpointAdditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc.\n\nFor example:\nendpointAdditionalProperties:\n relabelings:\n - action: replace\n sourceLabels:\n - __meta_kubernetes_pod_node_name\n targetLabel: instance", + "description": "EndpointAdditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc.\n\nFor example:\nendpointAdditionalProperties:\n relabelings:\n - action: replace\n sourceLabels:\n - __meta_kubernetes_pod_node_name\n targetLabel: instance", "type": "object" }, "helm-values.metrics.podmonitor.honorLabels": { "default": false, - "description": "-- Keep labels from scraped data, overriding server-side labels.", + "description": "Keep labels from scraped data, overriding server-side labels.", "type": "boolean" }, "helm-values.metrics.podmonitor.interval": { "default": "60s", - "description": "-- The interval to scrape metrics.", + "description": "The interval to scrape metrics.", "type": "string" }, "helm-values.metrics.podmonitor.labels": { "default": {}, - "description": "-- Additional labels to add to the PodMonitor.", + "description": "Additional labels to add to the PodMonitor.", "type": "object" }, "helm-values.metrics.podmonitor.namespace": { - "description": "-- The namespace that the pod monitor should live in.\nDefaults to the venafi-kubernetes-agent namespace.", + "description": "The namespace that the pod monitor should live in. Defaults to the venafi-kubernetes-agent namespace.", "type": "string" }, "helm-values.metrics.podmonitor.prometheusInstance": { "default": "default", - "description": "-- Specifies the `prometheus` label on the created PodMonitor.\nThis is used when different Prometheus instances have label selectors matching different PodMonitors.", + "description": "Specifies the `prometheus` label on the created PodMonitor. This is used when different Prometheus instances have label selectors matching different PodMonitors.", "type": "string" }, "helm-values.metrics.podmonitor.scrapeTimeout": { "default": "30s", - "description": "-- The timeout before a metrics scrape fails.", + "description": "The timeout before a metrics scrape fails.", "type": "string" }, "helm-values.nameOverride": { "default": "", - "description": "-- Helm default setting to override release name, usually leave blank.", + "description": "Helm default setting to override release name, usually leave blank.", "type": "string" }, "helm-values.no_proxy": { @@ -436,12 +452,12 @@ }, "helm-values.nodeSelector": { "default": {}, - "description": "-- Embed YAML for nodeSelector settings, see https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/", + "description": "Embed YAML for nodeSelector settings, see\nhttps://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/", "type": "object" }, "helm-values.podAnnotations": { "default": {}, - "description": "-- Additional YAML annotations to add the the pod.", + "description": "Additional YAML annotations to add the the pod.", "type": "object" }, "helm-values.podDisruptionBudget": { @@ -449,23 +465,36 @@ "properties": { "enabled": { "$ref": "#/$defs/helm-values.podDisruptionBudget.enabled" + }, + "maxUnavailable": { + "$ref": "#/$defs/helm-values.podDisruptionBudget.maxUnavailable" + }, + "minAvailable": { + "$ref": "#/$defs/helm-values.podDisruptionBudget.minAvailable" } }, "type": "object" }, "helm-values.podDisruptionBudget.enabled": { "default": false, - "description": "-- Enable or disable the PodDisruptionBudget resource, which helps prevent downtime\nduring voluntary disruptions such as during a Node upgrade.", "type": "boolean" }, + "helm-values.podDisruptionBudget.maxUnavailable": { + "default": 1, + "type": "number" + }, + "helm-values.podDisruptionBudget.minAvailable": { + "default": 1, + "type": "number" + }, "helm-values.podSecurityContext": { "default": {}, - "description": "-- Optional Pod (all containers) `SecurityContext` options, see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod.", + "description": "Optional Pod (all containers) `SecurityContext` options, see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod.\n\nExample:\n\n podSecurityContext\nrunAsUser: 1000\nrunAsGroup: 3000\nfsGroup: 2000", "type": "object" }, "helm-values.replicaCount": { "default": 1, - "description": "-- default replicas, do not scale up", + "description": "default replicas, do not scale up", "type": "number" }, "helm-values.resources": { @@ -572,34 +601,34 @@ }, "helm-values.serviceAccount.annotations": { "default": {}, - "description": "-- Annotations YAML to add to the service account", + "description": "Annotations YAML to add to the service account.", "type": "object" }, "helm-values.serviceAccount.create": { "default": true, - "description": "-- Specifies whether a service account should be created", + "description": "Specifies whether a service account should be created.", "type": "boolean" }, "helm-values.serviceAccount.name": { "default": "", - "description": "-- The name of the service account to use.\nIf blank and `serviceAccount.create` is true, a name is generated using the fullname template of the release.", + "description": "The name of the service account to use. If blank and `serviceAccount.create` is true, a name is generated using the fullname template of the release.", "type": "string" }, "helm-values.tolerations": { "default": [], - "description": "-- Embed YAML for toleration settings, see https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "description": "Embed YAML for toleration settings, see\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", "items": {}, "type": "array" }, "helm-values.volumeMounts": { "default": [], - "description": "-- Additional volume mounts to add to the Venafi Kubernetes Agent container.\nThis is useful for mounting a custom CA bundle. Any PEM certificate mounted under /etc/ssl/certs will be loaded by the Venafi Kubernetes Agent. For\nexample:\n\nvolumeMounts:\n - name: cabundle\n mountPath: /etc/ssl/certs/cabundle\n subPath: cabundle\n readOnly: true", + "description": "Additional volume mounts to add to the Venafi Kubernetes Agent container. This is useful for mounting a custom CA bundle. Any PEM certificate mounted under /etc/ssl/certs will be loaded by the Venafi Kubernetes Agent. For\nexample:\n\nvolumeMounts:\n - name: cabundle\n mountPath: /etc/ssl/certs/cabundle\n subPath: cabundle\n readOnly: true", "items": {}, "type": "array" }, "helm-values.volumes": { "default": [], - "description": "-- Additional volumes to add to the Venafi Kubernetes Agent container. This is\nuseful for mounting a custom CA bundle. For example:\nvolumes:\n - name: cabundle\n configMap:\n name: cabundle\n optional: false\n defaultMode: 0644\nIn order to create the ConfigMap, you can use the following command:\n\n kubectl create configmap cabundle \\\n --from-file=cabundle=./your/custom/ca/bundle.pem", + "description": "Additional volumes to add to the Venafi Kubernetes Agent container. This is useful for mounting a custom CA bundle. For example:\nvolumes:\n - name: cabundle\n configMap:\n name: cabundle\n optional: false\n defaultMode: 0644\nIn order to create the ConfigMap, you can use the following command:\n\n kubectl create configmap cabundle \\\n --from-file=cabundle=./your/custom/ca/bundle.pem", "items": {}, "type": "array" } diff --git a/make/02_mod.mk b/make/02_mod.mk index a60012dc..408cc5a6 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -22,8 +22,8 @@ release: $(helm_chart_archive) # # We aren't using "generate-crds" because "generate-crds" only work for projects # from which controller-gen can be used to generate the plain CRDs (plain CRDs = -# the non-templated CRDs). In this project, we generate the plain CRDs using -# `run ./make/connection_crd` instead. +# the non-templated CRDs). In this project, we generate the plain CRDs using `go +# run ./make/connection_crd` instead. generate-crds-venconn: $(addprefix $(helm_chart_source_dir)/templates/,venafi-connection-crd.yaml venafi-connection-crd.without-validations.yaml) $(helm_chart_source_dir)/crd_bases/jetstack.io_venaficonnections.yaml: go.mod | $(NEEDS_GO)