MAKS-IT/maksit-certs-ui
1
0
Fork 0
mirror of https://github.com/MAKS-IT-COM/maksit-certs-ui.git synced 2026-04-01 07:12:09 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

(feature): improved and more standard helm chart

Browse Source
This commit is contained in:
Maksym Sadovnychyy 2026-03-28 22:27:25 +01:00
parent 05821bdea5
commit 76e0883595
8 changed files with 199 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/helm/templates/NOTES.txt
View File

@ -1,39 +1,37 @@
Thank you for installing **{{ .Chart.Name }}**! Thank you for installing **{{ .Chart.Name }}**.
This chart deploys the MaksIT CertsUI tool for automated Let's Encrypt HTTPS certificate renewal. Release: {{ .Release.Name }} / namespace {{ .Release.Namespace }}
Services use ClusterIP; expose via ingress, gateway, or kubectl port-forward.
------------------------------------------------------------ ------------------------------------------------------------
## Components ## Components
- **Server**: Handles certificate requests and renewal logic. - server: {{ include "certs-ui.fullname" . }}-server:{{ .Values.components.server.service.port }}
- **Client**: Web UI for managing and viewing certificate status. - client: {{ include "certs-ui.fullname" . }}-client:{{ .Values.components.client.service.port }}
- **Reverse Proxy**: Exposes the UI and API endpoints. - reverseproxy: {{ include "certs-ui.fullname" . }}-reverseproxy:{{ .Values.components.reverseproxy.service.port }}
Port-forward API example:
kubectl port-forward svc/{{ include "certs-ui.fullname" . }}-server {{ .Values.components.server.service.port }}:{{ .Values.components.server.service.port }} -n {{ .Release.Namespace }}
------------------------------------------------------------ ------------------------------------------------------------
## Configuration ## Images
- **Secrets**: Image tag: `components.*.image.tag`, then `global.image.tag`, then Chart `appVersion`. Change tag and run `helm upgrade` to roll out.
The server uses a Kubernetes Secret (`appsecrets.json`) for sensitive data.
- **ConfigMap**: `pullPolicy: Always` helps with a moving tag (e.g. latest); pinned tags often use `IfNotPresent`.
The server uses a ConfigMap (`appsettings.json`) for application settings.
- **Persistence**: Pod annotation `rollme` tracks Helm release revision.
PVCs are created for `/acme`, `/cache` and `/data` directories.
------------------------------------------------------------
## Config
Root keys `certsServerConfig`, `certsServerSecrets`, `certsClientRuntime` feed templated `configMapFile` / `secretsFile` content when `tpl: true`.
Use `existingConfigMap` / `existingSecret` to mount resources created outside the chart. With `keep: true`, existing objects are not replaced on upgrade if already present.
------------------------------------------------------------ ------------------------------------------------------------
## Uninstall ## Uninstall
To remove all resources created by this chart: helm uninstall {{ .Release.Name }} -n {{ .Release.Namespace }}
```
helm uninstall {{ .Release.Name }} -n {{ .Release.Name }}
```
------------------------------------------------------------
## Notes
- Certificates are renewed automatically using Let's Encrypt.
- You can customize settings in `values.yaml` before installation.
- For advanced configuration, see the chart documentation and templates.
------------------------------------------------------------

19
src/helm/templates/_helpers.tpl
View File

@ -37,3 +37,22 @@ imagePullSecrets:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- /* image tag: component, global.image.tag, Chart.AppVersion */ -}}
{{- define "certs-ui.component.imageTag" -}}
{{- $root := .root }}
{{- $comp := .comp }}
{{- $g := default dict $root.Values.global.image }}
{{- $comp.image.tag | default $g.tag | default $root.Chart.AppVersion }}
{{- end }}
{{- define "certs-ui.podLabels" -}}
{{- $root := .root }}
{{- $compName := .component }}
{{- $imageTag := .imageTag }}
app.kubernetes.io/name: {{ include "certs-ui.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
app.kubernetes.io/version: {{ $imageTag | quote }}
helm.sh/chart: {{ include "certs-ui.chart" $root }}
app.kubernetes.io/component: {{ $compName }}
{{- end }}

22
src/helm/templates/configmap-appsettings.yaml
View File

@ -1,27 +1,37 @@
{{- $root := . -}} {{- $root := . -}}
{{- range $compName, $comp := .Values.components }} {{- range $compName, $comp := .Values.components }}
{{- if $comp.configMapFile }} {{- if $comp.configMapFile }}
{{- $cf := $comp.configMapFile -}} {{- $cf := $comp.configMapFile }}
{{- $cmName := printf "%s-%s-configmap" (include "certs-ui.fullname" $root) $compName -}} {{- if ne ($cf.existingConfigMap | default "") "" }}
{{- $existing := lookup "v1" "ConfigMap" $root.Release.Namespace $cmName -}} {{- else if not $cf.key }}
{{- else if not (hasKey $cf "content") }}
{{- fail (printf "components.%s.configMapFile.content is required when configMapFile.key is set (or set existingConfigMap)" $compName) }}
{{- else }}
{{- $cmName := printf "%s-%s-configmap" (include "certs-ui.fullname" $root) $compName }}
{{- $existing := lookup "v1" "ConfigMap" $root.Release.Namespace $cmName }}
{{- if and $cf.keep $existing }} {{- if and $cf.keep $existing }}
{{/* keep=true and ConfigMap exists -> render nothing */}}
{{- else }} {{- else }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ $cmName }} name: {{ $cmName }}
namespace: {{ $root.Release.Namespace }}
labels: labels:
{{- include "certs-ui.labels" $root | nindent 4 }} {{- include "certs-ui.labels" $root | nindent 4 }}
app.kubernetes.io/component: {{ $compName }} app.kubernetes.io/component: {{ $compName }}
{{- if $cf.keep }} {{- if $cf.keep }}
annotations: annotations:
"helm.sh/resource-policy": keep helm.sh/resource-policy: keep
{{- end }} {{- end }}
data: data:
{{ $cf.key }}: | {{ $cf.key }}: |
{{ $cf.content | indent 4 }} {{- if default false $cf.tpl }}
{{ tpl ($cf.content | toString) $root | nindent 4 }}
{{- else }}
{{ $cf.content | nindent 4 }}
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

59
src/helm/templates/deployments.yaml
View File

@ -1,17 +1,28 @@
{{- $roll := ((.Values.rollme | default (now | unixEpoch)) | toString) -}}
{{- $root := . -}} {{- $root := . -}}
{{- range $compName, $comp := .Values.components }} {{- range $compName, $comp := .Values.components }}
{{- $imageTag := include "certs-ui.component.imageTag" (dict "root" $root "comp" $comp) }}
{{- $cf := default dict $comp.configMapFile }}
{{- $sf := default dict $comp.secretsFile }}
{{- $cmName := ternary $cf.existingConfigMap (printf "%s-%s-configmap" (include "certs-ui.fullname" $root) $compName) (ne ($cf.existingConfigMap | default "") "") }}
{{- $secretName := ternary $sf.existingSecret (printf "%s-%s-secrets" (include "certs-ui.fullname" $root) $compName) (ne ($sf.existingSecret | default "") "") }}
{{- $hasCm := or (ne ($cf.existingConfigMap | default "") "") (and $cf.key (hasKey $cf "content")) }}
{{- $hasSecret := or (ne ($sf.existingSecret | default "") "") (and $sf.key (hasKey $sf "content")) }}
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "certs-ui.fullname" $root }}-{{ $compName }} name: {{ include "certs-ui.fullname" $root }}-{{ $compName }}
namespace: {{ $root.Release.Namespace }}
labels: labels:
{{- include "certs-ui.labels" $root | nindent 4 }} {{- include "certs-ui.labels" $root | nindent 4 }}
app.kubernetes.io/component: {{ $compName }} app.kubernetes.io/component: {{ $compName }}
spec: spec:
replicas: 1 replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/instance: {{ $root.Release.Name }} app.kubernetes.io/instance: {{ $root.Release.Name }}
@ -20,15 +31,14 @@ spec:
template: template:
metadata: metadata:
labels: labels:
{{- include "certs-ui.labels" $root | nindent 8 }} {{ include "certs-ui.podLabels" (dict "root" $root "component" $compName "imageTag" $imageTag) | indent 8 }}
app.kubernetes.io/component: {{ $compName }}
annotations: annotations:
rollme: "{{$roll}}" rollme: {{ $root.Release.Revision | quote }}
spec: spec:
{{- include "certs-ui.imagePullSecrets" $root | nindent 6 }} {{- include "certs-ui.imagePullSecrets" $root | nindent 6 }}
containers: containers:
- name: {{ $compName }} - name: {{ $compName }}
image: "{{ $comp.image.registry }}/{{ $comp.image.repository }}:{{ $.Chart.AppVersion }}" image: "{{ $comp.image.registry }}/{{ $comp.image.repository }}:{{ $imageTag }}"
imagePullPolicy: {{ default "IfNotPresent" $comp.image.pullPolicy }} imagePullPolicy: {{ default "IfNotPresent" $comp.image.pullPolicy }}
{{ $svc := default dict $comp.service }} {{ $svc := default dict $comp.service }}
{{ $tgt := default 8080 $svc.targetPort }} {{ $tgt := default 8080 $svc.targetPort }}
@ -37,8 +47,6 @@ spec:
containerPort: {{ $tgt }} containerPort: {{ $tgt }}
{{- if $comp.env }} {{- if $comp.env }}
env: env:
- name: ROLLOUT_TOKEN
value: "{{$roll}}"
{{- range $comp.env }} {{- range $comp.env }}
- name: {{ .name }} - name: {{ .name }}
value: {{ .value | quote }} value: {{ .value | quote }}
@ -47,25 +55,26 @@ spec:
{{- $p := default dict $comp.persistence -}} {{- $p := default dict $comp.persistence -}}
{{- $vols := default (list) $p.volumes -}} {{- $vols := default (list) $p.volumes -}}
{{- $hasVols := gt (len $vols) 0 -}} {{- $hasVols := gt (len $vols) 0 -}}
{{- $hasSecret := (hasKey $comp "secretsFile") -}} {{- if or $hasVols $hasSecret $hasCm }}
{{- if or $hasVols $hasSecret $comp.configMapFile }}
volumeMounts: volumeMounts:
{{- range $vol := $vols }} {{- range $vol := $vols }}
- name: {{ $compName }}-{{ $vol.name }} - name: {{ $compName }}-{{ $vol.name }}
mountPath: {{ $vol.mountPath }} mountPath: {{ $vol.mountPath }}
{{- end }} {{- end }}
{{- if $comp.secretsFile }} {{- if $hasSecret }}
- name: {{ $compName }}-secrets - name: {{ $compName }}-secrets
mountPath: {{ $comp.secretsFile.mountPath }} mountPath: {{ $sf.mountPath }}
subPath: {{ base $comp.secretsFile.mountPath }} subPath: {{ base $sf.mountPath }}
readOnly: true
{{- end }} {{- end }}
{{- if $comp.configMapFile }} {{- if $hasCm }}
- name: {{ $compName }}-configmap - name: {{ $compName }}-configmap
mountPath: {{ $comp.configMapFile.mountPath }} mountPath: {{ $cf.mountPath }}
subPath: {{ base $comp.configMapFile.mountPath }} subPath: {{ base $cf.mountPath }}
readOnly: true
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if or $hasVols $hasSecret $comp.configMapFile }} {{- if or $hasVols $hasSecret $hasCm }}
volumes: volumes:
{{- range $vol := $vols }} {{- range $vol := $vols }}
- name: {{ $compName }}-{{ $vol.name }} - name: {{ $compName }}-{{ $vol.name }}
@ -78,21 +87,21 @@ spec:
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if $comp.secretsFile }} {{- if $hasSecret }}
- name: {{ $compName }}-secrets - name: {{ $compName }}-secrets
secret: secret:
secretName: {{ include "certs-ui.fullname" $root }}-{{ $compName }}-secrets secretName: {{ $secretName }}
items: items:
- key: {{ $comp.secretsFile.key }} - key: {{ $sf.key }}
path: {{ base $comp.secretsFile.mountPath }} path: {{ base $sf.mountPath }}
{{- end }} {{- end }}
{{- if $comp.configMapFile }} {{- if $hasCm }}
- name: {{ $compName }}-configmap - name: {{ $compName }}-configmap
configMap: configMap:
name: {{ include "certs-ui.fullname" $root }}-{{ $compName }}-configmap name: {{ $cmName }}
items: items:
- key: {{ $comp.configMapFile.key }} - key: {{ $cf.key }}
path: {{ base $comp.configMapFile.mountPath }} path: {{ base $cf.mountPath }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

1
src/helm/templates/pvc.yaml
View File

@ -9,6 +9,7 @@ apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "certs-ui.fullname" $root }}-{{ $compName }}-{{ $vol.name }} name: {{ include "certs-ui.fullname" $root }}-{{ $compName }}-{{ $vol.name }}
namespace: {{ $root.Release.Namespace }}
labels: labels:
{{- include "certs-ui.labels" $root | nindent 4 }} {{- include "certs-ui.labels" $root | nindent 4 }}
app.kubernetes.io/component: {{ $compName }} app.kubernetes.io/component: {{ $compName }}

23
src/helm/templates/secret-appsecrets.yaml
View File

@ -1,28 +1,39 @@
{{- $root := . -}} {{- $root := . -}}
{{- range $compName, $comp := .Values.components }} {{- range $compName, $comp := .Values.components }}
{{- if $comp.secretsFile }} {{- if $comp.secretsFile }}
{{- $sf := $comp.secretsFile -}} {{- $sf := $comp.secretsFile }}
{{- $secretName := printf "%s-%s-secrets" (include "certs-ui.fullname" $root) $compName -}} {{- if ne ($sf.existingSecret | default "") "" }}
{{- $existing := lookup "v1" "Secret" $root.Release.Namespace $secretName -}} {{- else if not $sf.key }}
{{- fail (printf "components.%s.secretsFile.key is required unless secretsFile.existingSecret is set" $compName) }}
{{- else if not (hasKey $sf "content") }}
{{- fail (printf "components.%s.secretsFile.content is required unless secretsFile.existingSecret is set" $compName) }}
{{- else }}
{{- $secretName := printf "%s-%s-secrets" (include "certs-ui.fullname" $root) $compName }}
{{- $existing := lookup "v1" "Secret" $root.Release.Namespace $secretName }}
{{- if and $sf.keep $existing }} {{- if and $sf.keep $existing }}
{{/* keep=true and Secret exists -> render nothing */}}
{{- else }} {{- else }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ $secretName }} name: {{ $secretName }}
namespace: {{ $root.Release.Namespace }}
labels: labels:
{{- include "certs-ui.labels" $root | nindent 4 }} {{- include "certs-ui.labels" $root | nindent 4 }}
app.kubernetes.io/component: {{ $compName }} app.kubernetes.io/component: {{ $compName }}
{{- if $sf.keep }} {{- if $sf.keep }}
annotations: annotations:
"helm.sh/resource-policy": keep helm.sh/resource-policy: keep
{{- end }} {{- end }}
type: Opaque type: Opaque
stringData: stringData:
{{ $sf.key }}: | {{ $sf.key }}: |
{{ $sf.content | indent 4 }} {{- if default false $sf.tpl }}
{{ tpl ($sf.content | toString) $root | nindent 4 }}
{{- else }}
{{ $sf.content | nindent 4 }}
{{- end }}
{{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

63
src/helm/templates/services.yaml
View File

@ -2,72 +2,25 @@
{{- range $compName, $comp := .Values.components }} {{- range $compName, $comp := .Values.components }}
{{- $svc := default dict $comp.service }} {{- $svc := default dict $comp.service }}
{{- if and $svc $svc.enabled }} {{- if and $svc $svc.enabled }}
{{- $stype := default "ClusterIP" $svc.type }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ include "certs-ui.fullname" $root }}-{{ $compName }} name: {{ include "certs-ui.fullname" $root }}-{{ $compName }}
namespace: {{ $root.Release.Namespace }}
labels: labels:
{{- include "certs-ui.labels" $root | nindent 4 }} {{- include "certs-ui.labels" $root | nindent 4 }}
app.kubernetes.io/component: {{ $compName }} app.kubernetes.io/component: {{ $compName }}
{{- if $svc.labels }}
{{ toYaml $svc.labels | nindent 4 }}
{{- end }}
{{- if $svc.annotations }}
annotations:
{{ toYaml $svc.annotations | nindent 4 }}
{{- end }}
spec: spec:
type: {{ $stype }} type: {{ default "ClusterIP" $svc.type }}
{{- if $svc.clusterIP }}
clusterIP: {{ $svc.clusterIP }}
{{- end }}
{{- if $svc.loadBalancerClass }}
loadBalancerClass: {{ $svc.loadBalancerClass }}
{{- end }}
{{- if and (or (eq $stype "LoadBalancer") (eq $stype "NodePort")) ($svc.allocateLoadBalancerNodePorts | default nil) }}
allocateLoadBalancerNodePorts: {{ $svc.allocateLoadBalancerNodePorts }}
{{- end }}
{{- if and (eq $stype "LoadBalancer") $svc.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml $svc.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if and (eq $stype "LoadBalancer") $svc.ipFamilies }}
ipFamilies:
{{ toYaml $svc.ipFamilies | nindent 4 }}
{{- end }}
{{- if and (eq $stype "LoadBalancer") $svc.ipFamilyPolicy }}
ipFamilyPolicy: {{ $svc.ipFamilyPolicy }}
{{- end }}
{{- if and (eq $stype "LoadBalancer") $svc.loadBalancerIP }}
loadBalancerIP: {{ $svc.loadBalancerIP }}
{{- end }}
ports: ports:
- name: http - port: {{ default 80 $svc.port }}
port: {{ default 80 $svc.port }} targetPort: http
targetPort: {{ default 80 $svc.targetPort }} protocol: TCP
{{- if eq $stype "NodePort" }} name: http
{{- if $svc.nodePort }}
nodePort: {{ $svc.nodePort }}
{{- end }}
{{- end }}
selector: selector:
app.kubernetes.io/instance: {{ $root.Release.Name }} app.kubernetes.io/instance: {{ $root.Release.Name }}
app.kubernetes.io/name: {{ include "certs-ui.name" $root }} app.kubernetes.io/name: {{ include "certs-ui.name" $root }}
app.kubernetes.io/component: {{ $compName }} app.kubernetes.io/component: {{ $compName }}
{{- if and (ne $stype "ClusterIP") $svc.externalTrafficPolicy }} {{- end }}
externalTrafficPolicy: {{ $svc.externalTrafficPolicy }} {{- end }}
{{- end }}
{{- if and (eq $stype "LoadBalancer") $svc.healthCheckNodePort }}
healthCheckNodePort: {{ $svc.healthCheckNodePort }}
{{- end }}
{{- if and (typeIs "string" $svc.sessionAffinity) $svc.sessionAffinity }}
sessionAffinity: {{ $svc.sessionAffinity }}
{{- if and (eq $svc.sessionAffinity "ClientIP") (typeIs "map" $svc.sessionAffinityConfig) }}
sessionAffinityConfig:
{{ toYaml $svc.sessionAffinityConfig | nindent 4 }}
{{- end }}
{{- end }}
{{ end }}
{{ end }}

123
src/helm/values.yaml
View File

@ -1,14 +1,51 @@
global: global:
imagePullSecrets: [] # Keep empty imagePullSecrets: []
# imagePullSecrets: image:
# - name: cr-maksit-pull tag: "" # used if component image.tag is empty; else Chart appVersion
nameOverride: ""
fullnameOverride: ""
# Server ConfigMap (appsettings.json); referenced from components.server.configMapFile when tpl: true
certsServerConfig:
allowedHosts: "*"
logging:
default: Information
microsoftAspNetCore: Warning
configuration:
auth:
issuer: ""
audience: ""
expiration: 15
refreshExpiration: 180
agent:
agentHostname: ""
agentPort: 5000
serviceToReload: haproxy
production: "https://acme-v02.api.letsencrypt.org/directory"
staging: "https://acme-staging-v02.api.letsencrypt.org/directory"
acmeFolder: /acme
cacheFolder: /cache
dataFolder: /data
settingsFile: /data/settings.json
# Server Secret (appsecrets.json); referenced from components.server.secretsFile when tpl: true
certsServerSecrets:
authSecret: changeme-generate-a-long-random-string
authPepper: ""
agentKey: ""
# Client ConfigMap (config.js); referenced when tpl: true
certsClientRuntime:
apiUrl: "http://certs-ui.example.com/api"
components: components:
server: server:
image: image:
registry: cr.maks-it.com registry: cr.maks-it.com
repository: certs-ui/server repository: certs-ui/server
pullPolicy: Always tag: ""
pullPolicy: IfNotPresent
env: env:
- name: ASPNETCORE_ENVIRONMENT - name: ASPNETCORE_ENVIRONMENT
value: Production value: Production
@ -46,59 +83,63 @@ components:
secretsFile: secretsFile:
key: appsecrets.json key: appsecrets.json
mountPath: /secrets/appsecrets.json mountPath: /secrets/appsecrets.json
tpl: true
keep: true
existingSecret: ""
content: | content: |
{ {
"Configuration": {
"Auth": { "Auth": {
"Secret": "", "Secret": {{ .Values.certsServerSecrets.authSecret | toJson }},
"Pepper": "" "Pepper": {{ .Values.certsServerSecrets.authPepper | toJson }}
}, },
"Agent": { "Agent": {
"AgentKey": "" "AgentKey": {{ .Values.certsServerSecrets.agentKey | toJson }}
}, }
}
} }
keep: true
configMapFile: configMapFile:
key: appsettings.json key: appsettings.json
mountPath: /configMap/appsettings.json mountPath: /configMap/appsettings.json
tpl: true
keep: true
existingConfigMap: ""
content: | content: |
{ {
"Logging": { "Logging": {
"LogLevel": { "LogLevel": {
"Default": "Information", "Default": {{ .Values.certsServerConfig.logging.default | toJson }},
"Microsoft.AspNetCore": "Warning" "Microsoft.AspNetCore": {{ .Values.certsServerConfig.logging.microsoftAspNetCore | toJson }}
} }
}, },
"AllowedHosts": {{ .Values.certsServerConfig.allowedHosts | toJson }},
"Configuration": { "Configuration": {
"Auth": { "Auth": {
"Issuer": "", "Issuer": {{ .Values.certsServerConfig.configuration.auth.issuer | toJson }},
"Audience": "", "Audience": {{ .Values.certsServerConfig.configuration.auth.audience | toJson }},
"Expiration": 15, // Access token lifetime in minutes (default: 15 minutes) "Expiration": {{ .Values.certsServerConfig.configuration.auth.expiration }},
"RefreshExpiration": 180, // Refresh token lifetime in days (default: 180 days) "RefreshExpiration": {{ .Values.certsServerConfig.configuration.auth.refreshExpiration }}
}, },
"Agent": { "Agent": {
"AgentHostname": "http://websrv0001.corp.maks-it.com", "AgentHostname": {{ .Values.certsServerConfig.configuration.agent.agentHostname | toJson }},
"AgentPort": 5000, "AgentPort": {{ .Values.certsServerConfig.configuration.agent.agentPort }},
"ServiceToReload": "haproxy" "ServiceToReload": {{ .Values.certsServerConfig.configuration.agent.serviceToReload | toJson }}
}, },
"Production": {{ .Values.certsServerConfig.configuration.production | toJson }},
"Production": "https://acme-v02.api.letsencrypt.org/directory", "Staging": {{ .Values.certsServerConfig.configuration.staging | toJson }},
"Staging": "https://acme-staging-v02.api.letsencrypt.org/directory", "CacheFolder": {{ .Values.certsServerConfig.configuration.cacheFolder | toJson }},
"CacheFolder": "/cache", "AcmeFolder": {{ .Values.certsServerConfig.configuration.acmeFolder | toJson }},
"AcmeFolder": "/acme", "DataFolder": {{ .Values.certsServerConfig.configuration.dataFolder | toJson }},
"SettingsFile": {{ .Values.certsServerConfig.configuration.settingsFile | toJson }}
"DataFolder": "/data",
"SettingsFile": "/data/settings.json",
} }
} }
keep: true
client: client:
image: image:
registry: cr.maks-it.com registry: cr.maks-it.com
repository: certs-ui/client repository: certs-ui/client
pullPolicy: Always tag: ""
pullPolicy: IfNotPresent
service: service:
enabled: true enabled: true
type: ClusterIP type: ClusterIP
@ -107,17 +148,20 @@ components:
configMapFile: configMapFile:
key: config.js key: config.js
mountPath: /app/dist/config.js mountPath: /app/dist/config.js
tpl: true
keep: true
existingConfigMap: ""
content: | content: |
window.RUNTIME_CONFIG = { window.RUNTIME_CONFIG = {
API_URL: "http://<your-server-hostname>/api" API_URL: {{ .Values.certsClientRuntime.apiUrl | toJson }}
}; };
keep: true
reverseproxy: reverseproxy:
image: image:
registry: cr.maks-it.com registry: cr.maks-it.com
repository: certs-ui/reverseproxy repository: certs-ui/reverseproxy
pullPolicy: Always tag: ""
pullPolicy: IfNotPresent
env: env:
- name: ASPNETCORE_ENVIRONMENT - name: ASPNETCORE_ENVIRONMENT
value: Production value: Production
@ -128,16 +172,3 @@ components:
type: ClusterIP type: ClusterIP
port: 8080 port: 8080
targetPort: 8080 targetPort: 8080
# type: LoadBalancer
# port: 8080
# targetPort: 8080
# loadBalancerIP: "172.16.0.5"
# annotations:
# lbipam.cilium.io/ips: "172.16.0.5"
# labels:
# export: "bgp"
# externalTrafficPolicy: Local
# sessionAffinity: ClientIP
# sessionAffinityConfig:
# clientIP:
# timeoutSeconds: 10800