From e83ab945ec67b7fa6a8cd100477e6e934d54309d Mon Sep 17 00:00:00 2001 From: Tommy McNeely Date: Wed, 20 Apr 2022 16:49:51 -0600 Subject: [PATCH] docs: update documentation, no functional changes --- README.md | 8 ++++--- charts/vault-gcp-secrets/Chart.yaml | 2 +- charts/vault-gcp-secrets/README.md | 21 ++++++------------- .../vault-gcp-secrets/templates/_helpers.tpl | 18 ---------------- charts/vault-gcp-secrets/values.yaml | 11 +++------- 5 files changed, 15 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index 60a279b..5339c16 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ images from a private GCR repository. NOTE: We are using this code in the production environment. You may use it at your own risk. +See helm chart readme: [charts/vault-gcp-secrets/README.md] + ## Prerequisites * Google Cloud Platform (GCP) Account setup with Vault @@ -15,9 +17,9 @@ NOTE: We are using this code in the production environment. You may use it at yo ## Installation -* helm repo add vault-gcp-secrets https://tjm.github.io/vault-gcp-secrets/ -* helm repo update -* helm install vault-gcp-secrets/vault-gcp-secrets +* `helm repo add vault-gcp-secrets https://tjm.github.io/vault-gcp-secrets/` +* `helm repo update` +* `helm install vault-gcp-secrets vault-gcp-secrets/vault-gcp-secrets` NOTE: You will most likely need to set some values, like authentication method, path, etc. diff --git a/charts/vault-gcp-secrets/Chart.yaml b/charts/vault-gcp-secrets/Chart.yaml index 484c7c1..9659a51 100644 --- a/charts/vault-gcp-secrets/Chart.yaml +++ b/charts/vault-gcp-secrets/Chart.yaml @@ -5,5 +5,5 @@ home: https://github.com/TJM/vault-gcp-secrets # icon: https://raw.githubusercontent.com/TJM/vault-gcp-secrets/master/assets/logo.png maintainers: - name: TJM # Tommy McNeely -version: 0.8.0 +version: 0.8.1 appVersion: 1.10.0 # REMINDER: update README and values.yaml diff --git a/charts/vault-gcp-secrets/README.md b/charts/vault-gcp-secrets/README.md index 62706c2..f9c6333 100644 --- a/charts/vault-gcp-secrets/README.md +++ b/charts/vault-gcp-secrets/README.md @@ -10,8 +10,6 @@ NOTE: We are using this code in the production environment. You may use it at yo | Value | Description | Default | | ----- | ----------- | ------- | -| `replicaCount` | Number of replications which should be created. | `1` | -| `deploymentStrategy` | Deployment strategy which should be used. | `{}` | | `image.repository` | The repository of the Docker image. | `ghcr.io/tjm/vault-gcp-secrets` | | `image.tag` | The tag of the Docker image which should be used. | `v1.10.0` | | `image.pullPolicy` | The pull policy for the Docker image, | `IfNotPresent` | @@ -21,11 +19,10 @@ NOTE: We are using this code in the production environment. You may use it at yo | `fullnameOverride` | Override the name of the app. | `""` | | `environmentVars` | Pass environment variables from a secret to the containers. | `[]` | | `vault.address` | The address where Vault listen on (e.g. `http://vault.example.com`). | `"http://vault:8200"` | -| `vault.authMethod` | The authentication method, which should be used by the operator. Can be `kubernetes` ([Kubernetes auth method](https://www.vaultproject.io/docs/auth/kubernetes.html)), or `approle` ([AppRole auth method](https://www.vaultproject.io/docs/auth/approle)). | `kubernetes` | -| `vault.kubernetesPath` | If the Kubernetes auth method is used, this is the path where the Kubernetes auth method is enabled. | `auth/kubernetes` | +| `vault.authMethod` | The authentication method, which should be used by the operator. Can be `kubernetes` ([Kubernetes auth method](https://www.vaultproject.io/docs/auth/kubernetes.html)), or `approle` ([AppRole auth method](https://www.vaultproject.io/docs/auth/approle)). NOTE: `approle` requires `vault.credentialSecretName` and `kubernetes` requires `vault.kubernetesRole` | `kubernetes` | +| `vault.authMountPath` | Authentication Mount Path in Vault (which defaults to auth/(authMethod)) | `null` | +| `vault.credentialSecretName` | Secret used for approle authentication, must be used for approle authMethod. Must have keys `role_id` and `secret_id`. | `null` | | `vault.kubernetesRole` | The name of the role which is configured for the Kubernetes auth method. | `vault-gcp-secrets` | -| `vault.appRolePath` | If the AppRole auth method is used, this is the path where the AppRole auth method is enabled. | `auth/approle` | -| `vault.reconciliationTime` | The time after which the reconcile function for the CR is rerun. If the value is 0, automatic reconciliation is skipped. | `0` | | `rbac.create` | Create RBAC object, enable Role and Role binding creation. | `true` | | `rbac.createrole` | Finetune RBAC, enable or disable Role creation. NOTE: ignored when `rbac.create` is not `true`. | `true` | | `serviceAccount.create` | Create the service account. | `true` | @@ -34,16 +31,10 @@ NOTE: We are using this code in the production environment. You may use it at yo | `podSecurityContext`: | Security context policies to add to the operator pod. | `{}` | | `securityContext`: | Security context policies to add to the containers. | `{}` | | `podLabels` | Additional labels for the vault-gcp-secrets pod(s). | `{}` | -| `testPodAnnotations` | Annotations for vault-gcp-secrets-test-connection pod. | `{}` | -| `testPodLabels` | Additional labels for the vault-gcp-secrets-test-connection pod. | `{}` | -| `resources` | Set resources for the operator. | `{}` | +| `resources` | Set resources for the operator. (see values.yaml for example) | `{}` | | `volumes` | Provide additional volumns for the container. | `[]` | | `nodeSelector` | Set a node selector. | `{}` | | `tolerations` | Set tolerations. | `[]` | -| `serviceMonitor.enabled` | Enable the creation of a ServiceMonitor for the Prometheus Operator. | `false` | -| `serviceMonitor.labels` | Additional labels which should be set for the ServiceMonitor. | `{}` | -| `serviceMonitor.interval` | Scrape interval. | `10s` | -| `serviceMonitor.scrapeTimeout` | Scrape timeout. | `10s` | -| `serviceMonitor.honorLabels` | Honor labels option. | `true` | -| `serviceMonitor.relabelings` | Additional relabeling config for the ServiceMonitor. | `[]` | | `priorityClassName` | Optionally attach priority class to pod spec. | `null` | +| `replicaCount` | Number of replications which should be created (recommend leaving this as 1). | `1` | +| `deploymentStrategy` | Deployment strategy which should be used. | `{}` | diff --git a/charts/vault-gcp-secrets/templates/_helpers.tpl b/charts/vault-gcp-secrets/templates/_helpers.tpl index 9bf950f..ab25888 100644 --- a/charts/vault-gcp-secrets/templates/_helpers.tpl +++ b/charts/vault-gcp-secrets/templates/_helpers.tpl @@ -61,24 +61,6 @@ Additional pod annotations {{- end }} {{- end -}} -{{/* -Additional test-connection pod annotations -*/}} -{{- define "vault-gcp-secrets.testPodAnnotations" -}} -{{- if .Values.testPodAnnotations }} -{{- toYaml .Values.testPodAnnotations }} -{{- end }} -{{- end }} - -{{/* -Additional test-connection pod labels -*/}} -{{- define "vault-gcp-secrets.testPodLabels" -}} -{{- if .Values.testPodLabels }} -{{- toYaml .Values.testPodLabels }} -{{- end }} -{{- end }} - {{/* Create the name of the service account to use. */}} diff --git a/charts/vault-gcp-secrets/values.yaml b/charts/vault-gcp-secrets/values.yaml index 343138c..6e6fedc 100644 --- a/charts/vault-gcp-secrets/values.yaml +++ b/charts/vault-gcp-secrets/values.yaml @@ -1,8 +1,5 @@ # Values for vault-gcp-secrets -replicaCount: 1 -deploymentStrategy: {} - image: repository: ghcr.io/tjm/vault-gcp-secrets tag: v1.10.0 @@ -92,11 +89,6 @@ podSecurityContext: {} securityContext: {} -# Annotations for the vault-gcp-secrets-test-connection pod -testPodAnnotations: {} - -# Additional labels for the vault-gcp-secrets-test-connection pod -testPodLabels: {} resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -123,3 +115,6 @@ nodeSelector: {} tolerations: [] affinity: {} + +replicaCount: 1 # Don't change this +deploymentStrategy: {}