Commit 8bdf0732 authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

more cleanup

parent 365e27f9
......@@ -49,13 +49,18 @@ certificates](https://cloud.google.com/kubernetes-engine/docs/how-to/managed-cer
## Configuration
### Kubernetes Configuration
See the file [`values.yaml`](values.yaml) for Kubernetes-level settings
including the Docker image settings.
### Application Configuration
The following two settings are required and should be overridden:
* `APP_NAMESPACE`: this is used to distinguish different instances of this
chart from others. For example, `myapp1-dev`, `myapp2-dev`,
myapp1-uat`. Default: `apache-shib`.
`myapp1-uat`. Default: `apache-shib`.
* `SERVER_NAME`: The fully-qualified endpoint name for this application.
Default: `apache-shib.example.com`.
......@@ -77,7 +82,7 @@ the Pod.
### ManagedCertificate
We create a MangedCertificate resource with the name `APP_NAMESPACE` and
We create a [MangedCertificate][6] resource with the name `APP_NAMESPACE` and
subject `SERVER_NAME`.
### Ingress
......@@ -151,10 +156,10 @@ the path `/Shibboleth.sso/Metadata` which is _not_ SAML-protected.
This Helm chart does *not* setup or provision any Kubernetes secrets: you
must create them independently. The secrets needed are:
* `APP_NAMESPACE-saml-key`: the private key portion of the SAML
* `<APP_NAMESPACE>-saml-key`: the private key portion of the SAML
Service provider public/private key pair.
* `APP_NAMESPACE-saml-crt`: the public key portion of the SAML
* `<APP_NAMESPACE>-saml-crt`: the public key portion of the SAML
Service provider public/private key pair.
......@@ -173,3 +178,5 @@ The SAML entity ID for this Service Provider will be the URL
[4]: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features
[5]: https://helm.sh/docs/chart_template_guide/subcharts_and_globals/
[6]: https://github.com/GoogleCloudPlatform/gke-managed-certs
......@@ -5,10 +5,10 @@ metadata:
annotations:
cloud.google.com/backend-config: '{"ports": {"80":"http-hc-config-shib"}}'
spec:
type: NodePort
type: {{ .Values.service.type }}
selector:
app: {{ .Chart.Name }}
ports:
- protocol: TCP
port: 80
targetPort: 80
port: {{ .Values.service.port }}
targetPort: {{ .Values.service.port }}
......@@ -38,30 +38,12 @@ apache:
# Terraform "google_compute_ssl_policy" resource.
sslpolicy: minimum-tls-12
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
type: NodePort
port: 80
ingress:
enabled: true
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
......@@ -74,9 +56,3 @@ resources: {}
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment