diff --git a/charts/system/kubelet-csr-approver/Chart.yaml b/charts/system/kubelet-csr-approver/Chart.yaml index abc14b3a36f..4aaf1a355ed 100644 --- a/charts/system/kubelet-csr-approver/Chart.yaml +++ b/charts/system/kubelet-csr-approver/Chart.yaml @@ -15,13 +15,6 @@ dependencies: alias: "" tags: [] import-values: [] - - name: kubelet-csr-approver - version: 1.2.2 - repository: https://postfinance.github.io/kubelet-csr-approver - condition: "" - alias: kubelet-csr-approver - tags: [] - import-values: [] deprecated: false description: Automatically approve internal Kubelet Certificate Signing Requests home: https://truecharts.org/charts/system/kubelet-csr-approver @@ -38,7 +31,5 @@ name: kubelet-csr-approver sources: - https://github.com/kubelet-csr-approver/kubelet-csr-approver - https://github.com/truecharts/charts/tree/master/charts/system/kubelet-csr-approver - - https://github.com/truecharts/containers/tree/master/apps/alpine - - https://kubelet-csr-approver.universe.tf type: application -version: 0.0.1 +version: 1.0.0 diff --git a/charts/system/kubelet-csr-approver/templates/common.yaml b/charts/system/kubelet-csr-approver/templates/common.yaml index 995efb03eb0..539b471c1d2 100644 --- a/charts/system/kubelet-csr-approver/templates/common.yaml +++ b/charts/system/kubelet-csr-approver/templates/common.yaml @@ -1,5 +1,6 @@ {{/* Make sure all variables are set properly */}} {{- include "tc.v1.common.loader.init" . }} + {{/* Render the templates */}} {{ include "tc.v1.common.loader.apply" . }} diff --git a/charts/system/kubelet-csr-approver/values.yaml b/charts/system/kubelet-csr-approver/values.yaml index 8ffafd21a48..59dfd24329d 100644 --- a/charts/system/kubelet-csr-approver/values.yaml +++ b/charts/system/kubelet-csr-approver/values.yaml @@ -1,18 +1,99 @@ image: - repository: tccr.io/tccr/alpine + repository: ghcr.io/postfinance/kubelet-csr-approver pullPolicy: IfNotPresent - tag: latest@sha256:ade0065e19edaa4f6903d464ee70605111a48394536deb94f31b661264704558 + tag: 1.2.2@sha256:fdccaa3f2e4f59001b99357565bc5995393c53b21074da769fa53620b5138b85 service: main: - enabled: false + enabled: true ports: main: - enabled: false + enabled: true + port: 8080 workload: main: - enabled: false + enabled: true + replicas: 3 + podSpec: + containers: + main: + args: + - -metrics-bind-address + - ":8080" + - -health-probe-bind-address + - ":8081" + - -level + - "0" + probes: + liveness: + path: "/healthz" + enabled: true + type: http + port: 8081 + readiness: + path: "/healthz" + enabled: true + type: http + port: 8081 + startup: + path: "/healthz" + enabled: true + type: http + port: 8081 + env: + PROVIDER_REGEX: ".*" + BYPASS_DNS_RESOLUTION: true + IGNORE_NON_SYSTEM_NODE: false + ALLOWED_DNS_NAMES: 1 + BYPASS_HOSTNAME_CHECK: false + LEADER_ELECTION: true + + + +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create", "get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests"] + verbs: ["get", "list", "watch"] + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests/approval"] + verbs: ["update"] + - apiGroups: ["certificates.k8s.io"] + resourceNames: ["kubernetes.io/kubelet-serving"] + resources: ["signers"] + verbs: ["approve"] + +serviceAccount: + main: + enabled: true + primary: true + +metrics: + main: + enabled: true + type: "servicemonitor" + endpoints: + - port: main + path: /metrics + prometheusRule: + enabled: false + labels: {} + rules: [] + + +podOptions: + automountServiceAccountToken: true portal: open: