From acfe77344e731d9fd0e67ae97ca7ee93cf3fff1c Mon Sep 17 00:00:00 2001 From: Kasper Storgaard <116632810+KastTrifork@users.noreply.github.com> Date: Fri, 21 Jun 2024 13:50:19 +0200 Subject: [PATCH] Updated docs for console (#219) * doc for chart * chart linting * Added docs for oauth2proxy image * make docs with new tmpl --- charts/cheetah-redpanda-console/README.md | 140 ++++++++++++++++- .../cheetah-redpanda-console/README.md.gotmpl | 145 +++++++++++++++++- charts/cheetah-redpanda-console/values.yaml | 11 ++ 3 files changed, 286 insertions(+), 10 deletions(-) diff --git a/charts/cheetah-redpanda-console/README.md b/charts/cheetah-redpanda-console/README.md index c232a267..795da20c 100644 --- a/charts/cheetah-redpanda-console/README.md +++ b/charts/cheetah-redpanda-console/README.md @@ -1,19 +1,49 @@ -# Redpanda Console Helm Chart Specification +// This file contains the specification for the Cheetah Redpanda Console Helm Chart. +// It provides information about the default values and descriptions of settings in the chart.// The "chart.valuesTable" template generates a table of settings and their descriptions. +// It also includes the default values for each setting. +# Cheetah Redpanda Console Helm Chart Specification --- -description: Find the default values and descriptions of settings in the Redpanda Console Helm chart. +description: Find the default values and descriptions of settings in the Cheetah Redpanda Console Helm chart. --- ![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.5.2](https://img.shields.io/badge/AppVersion-v2.5.2-informational?style=flat-square) -Disclaimer - This chart is an extension of the official Redpanda Console Helm Chart. -The original source code can be found at https://github.com/redpanda-data/helm-charts/tree/main/charts/console +Disclaimer - This chart is an extension of the official Cheetah Redpanda Console Helm Chart. +The original source code can be found at https://github.com/redpanda-data/helm-charts/tree/main/charts/console. The extension is used by Cheetah to meet their requirements for the chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/console/values.yaml). Each of the settings is listed and described on this page, along with any default values. For instructions on how to install and use the chart, refer to the [deployment documentation](https://docs.redpanda.com/docs/deploy/deployment-option/self-hosted/kubernetes/kubernetes-deploy/). -For instructions on how to override and customize the chart’s values, see [Configure Redpanda Console](https://docs.redpanda.com/docs/manage/kubernetes/configure-helm-chart/#configure-redpanda-console). +For instructions on how to override and customize the chart’s values, see [Configure Cheetah Redpanda Console](https://docs.redpanda.com/docs/manage/kubernetes/configure-helm-chart/#configure-redpanda-console). + +## Settings sepcific for Cheetah Redpanda Console +This chart uses the following settings that are specific to Cheetah Redpanda Console and must be set thoguh values: + +- values for oauth2Proxy + - image: [Your chosen image of oauth2Proxy] + - issuerUrl: [Your issuer URL] + - OAUTH2_PROXY_COOKIE_SECRET: [Your cookie secret] + - OAUTH2_PROXY_CLIENT_ID: [Your client ID] + - OAUTH2_PROXY_CLIENT_SECRET: [Your client secret] + +- extraEnv + - extraEnv variables to set up kafka + - KAFKA_SASL_OAUTH_CLIENTID: [Your client ID] + - KAFKA_SASL_OAUTH_CLIENTSECRET: [Your client secret] + - KAFKA_SASL_OAUTH_SCOPE: [Your scope] + +- kafka: + - brokers: [Your brokers] + - sasl: + - oauth: + - tokenEndpoint: [Your token endpoint] + - schemaRegistry: + - urls: [Your URLs] + - tls: [Your TLS settings] + +See an example of how the vaules can be set through a release at the bottom of this readme ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) @@ -480,3 +510,103 @@ Grant time to test connectivity to upstream services such as Kafka and Schema Re **Default:** `{}` +# An example of how to set these values and use the helm chart through a release is shown below: + +```yaml +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: cheetah-redpanda-console-example + namespace: cheetah-redpanda-console-example +spec: + chart: + spec: + chart: cheetah-redpanda-console + version: 1.2.0 + sourceRef: + name: cheetah-charts + kind: HelmRepository + namespace: default + interval: 30m + timeout: 10m0s + values: + image: + repository: redpandadata/console + registry: docker.io + tag: v2.5.2 + podLabels: + netic.dk/network-component: redpanda + netic.dk/network-egress: istio + netic.dk/kafka-client: "true" + # netic.dk/schema-registry-egress: "true" + netic.dk/network-rules-egress: redpanda + netic.dk/schema-registry-egress: redpanda + + service: + targetPort: example # This is the port that the service will route to + + console: + config: + kafka: + brokers: + - + sasl: + oauth: + tokenEndpoint: # Could be Keycloak URL + schemaRegistry: + urls: + - + tls: + enabled: true + caFilepath: /tmp/kafka/ca.crt + insecureSkipTlsVerify: false + + oauth2Proxy: + issuerUrl: https://keycloak.cheetah.example/realms/ # Keycloak URL + env: + - name: OAUTH2_PROXY_COOKIE_SECRET + valueFrom: + secretKeyRef: + name: redpanda-oauth2-proxy + key: cookie-secret + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + name: redpanda-oauth2-proxy + key: client-id + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: redpanda-oauth2-proxy + key: OAUTH2_PROXY_CLIENT_SECRET + + extraEnv: + - name: KAFKA_SASL_OAUTH_CLIENTID + valueFrom: + secretKeyRef: + name: redpanda-credentials + key: client-id + - name: KAFKA_SASL_OAUTH_CLIENTSECRET + valueFrom: + secretKeyRef: + name: redpanda-credentials + key: client-secret + - name: KAFKA_SASL_OAUTH_SCOPE + value: kafka + secretMounts: + - name: kafka-ca + secretName: kafka-ca + path: /tmp/kafka/ + + ingress: + enabled: true + hosts: + - host: example.redpanda.cheetah.trifork.dev + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - example.redpanda.cheetah.trifork.dev + secretName: redpanda-cheetah-cert +``` \ No newline at end of file diff --git a/charts/cheetah-redpanda-console/README.md.gotmpl b/charts/cheetah-redpanda-console/README.md.gotmpl index db3ba44e..47655ace 100644 --- a/charts/cheetah-redpanda-console/README.md.gotmpl +++ b/charts/cheetah-redpanda-console/README.md.gotmpl @@ -1,23 +1,55 @@ +// This file contains the specification for the Cheetah Redpanda Console Helm Chart. +// It provides information about the default values and descriptions of settings in the chart. + {{- define "chart.header" -}} -# Redpanda Console Helm Chart Specification +# Cheetah Redpanda Console Helm Chart Specification --- -description: Find the default values and descriptions of settings in the Redpanda Console Helm chart. +description: Find the default values and descriptions of settings in the Cheetah Redpanda Console Helm chart. --- {{- end -}} {{ define "chart.description" -}} -Disclaimer - This chart is an extension of the official Redpanda Console Helm Chart. -The original source code can be found at https://github.com/redpanda-data/helm-charts/tree/main/charts/console +Disclaimer - This chart is an extension of the official Cheetah Redpanda Console Helm Chart. +The original source code can be found at https://github.com/redpanda-data/helm-charts/tree/main/charts/console. The extension is used by Cheetah to meet their requirements for the chart. In particular, this page describes the contents of the chart’s [`values.yaml` file](https://github.com/redpanda-data/helm-charts/blob/main/charts/console/values.yaml). Each of the settings is listed and described on this page, along with any default values. For instructions on how to install and use the chart, refer to the [deployment documentation](https://docs.redpanda.com/docs/deploy/deployment-option/self-hosted/kubernetes/kubernetes-deploy/). -For instructions on how to override and customize the chart’s values, see [Configure Redpanda Console](https://docs.redpanda.com/docs/manage/kubernetes/configure-helm-chart/#configure-redpanda-console). +For instructions on how to override and customize the chart’s values, see [Configure Cheetah Redpanda Console](https://docs.redpanda.com/docs/manage/kubernetes/configure-helm-chart/#configure-redpanda-console). + +## Settings sepcific for Cheetah Redpanda Console +This chart uses the following settings that are specific to Cheetah Redpanda Console and must be set thoguh values: + +- values for oauth2Proxy + - image: [Your chosen image of oauth2Proxy] + - issuerUrl: [Your issuer URL] + - OAUTH2_PROXY_COOKIE_SECRET: [Your cookie secret] + - OAUTH2_PROXY_CLIENT_ID: [Your client ID] + - OAUTH2_PROXY_CLIENT_SECRET: [Your client secret] + +- extraEnv + - extraEnv variables to set up kafka + - KAFKA_SASL_OAUTH_CLIENTID: [Your client ID] + - KAFKA_SASL_OAUTH_CLIENTSECRET: [Your client secret] + - KAFKA_SASL_OAUTH_SCOPE: [Your scope] + +- kafka: + - brokers: [Your brokers] + - sasl: + - oauth: + - tokenEndpoint: [Your token endpoint] + - schemaRegistry: + - urls: [Your URLs] + - tls: [Your TLS settings] + +See an example of how the vaules can be set through a release at the bottom of this readme {{ end -}} +// The "chart.valuesTable" template generates a table of settings and their descriptions. +// It also includes the default values for each setting. {{ define "chart.valuesTable" }} ## Settings @@ -59,3 +91,106 @@ For instructions on how to override and customize the chart’s values, see [Con {{ template "chart.requirementsSection" . }} {{ template "chart.valuesTable" . }} + + + +# An example of how to set these values and use the helm chart through a release is shown below: + +```yaml +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: cheetah-redpanda-console-example + namespace: cheetah-redpanda-console-example +spec: + chart: + spec: + chart: cheetah-redpanda-console + version: 1.2.0 + sourceRef: + name: cheetah-charts + kind: HelmRepository + namespace: default + interval: 30m + timeout: 10m0s + values: + image: + repository: redpandadata/console + registry: docker.io + tag: v2.5.2 + podLabels: + netic.dk/network-component: redpanda + netic.dk/network-egress: istio + netic.dk/kafka-client: "true" + # netic.dk/schema-registry-egress: "true" + netic.dk/network-rules-egress: redpanda + netic.dk/schema-registry-egress: redpanda + + service: + targetPort: example # This is the port that the service will route to + + console: + config: + kafka: + brokers: + - + sasl: + oauth: + tokenEndpoint: # Could be Keycloak URL + schemaRegistry: + urls: + - + tls: + enabled: true + caFilepath: /tmp/kafka/ca.crt + insecureSkipTlsVerify: false + + oauth2Proxy: + issuerUrl: https://keycloak.cheetah.example/realms/ # Keycloak URL + env: + - name: OAUTH2_PROXY_COOKIE_SECRET + valueFrom: + secretKeyRef: + name: redpanda-oauth2-proxy + key: cookie-secret + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + name: redpanda-oauth2-proxy + key: client-id + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: redpanda-oauth2-proxy + key: OAUTH2_PROXY_CLIENT_SECRET + + extraEnv: + - name: KAFKA_SASL_OAUTH_CLIENTID + valueFrom: + secretKeyRef: + name: redpanda-credentials + key: client-id + - name: KAFKA_SASL_OAUTH_CLIENTSECRET + valueFrom: + secretKeyRef: + name: redpanda-credentials + key: client-secret + - name: KAFKA_SASL_OAUTH_SCOPE + value: kafka + secretMounts: + - name: kafka-ca + secretName: kafka-ca + path: /tmp/kafka/ + + ingress: + enabled: true + hosts: + - host: example.redpanda.cheetah.trifork.dev + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - example.redpanda.cheetah.trifork.dev + secretName: redpanda-cheetah-cert +``` \ No newline at end of file diff --git a/charts/cheetah-redpanda-console/values.yaml b/charts/cheetah-redpanda-console/values.yaml index 739a515c..54d64072 100644 --- a/charts/cheetah-redpanda-console/values.yaml +++ b/charts/cheetah-redpanda-console/values.yaml @@ -13,6 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +# This file contains the configuration values for the Cheetah Redpanda Console Helm chart. +# The chart deploys the Cheetah Redpanda Console, a modified version of the original Redpanda Console Helm chart. +# The modifications include adding an auth2proxy to the original Helm chart as a sidecar. + replicaCount: 1 image: @@ -21,6 +25,7 @@ image: pullPolicy: IfNotPresent tag: v2.5.2 +# Labels to be applied to the Cheetah Redpanda Console pods. podLabels: netic.dk/network-component: redpanda netic.dk/network-egress: istio @@ -28,6 +33,7 @@ podLabels: netic.dk/network-rules-egress: redpanda netic.dk/schema-registry-egress: redpanda +# Service configuration for the Cheetah Redpanda Console. service: type: ClusterIP port: 4180 @@ -37,6 +43,7 @@ service: # -- Override the value in `console.config.server.listenPort` if not `nil` annotations: {} +# Ingress configuration for the Cheetah Redpanda Console. ingress: enabled: false className: nginx @@ -54,12 +61,14 @@ ingress: # hosts: # - chart-example.local +# Pod security context for the Cheetah Redpanda Console pods. podSecurityContext: seccompProfile: type: RuntimeDefault runAsUser: 99 fsGroup: 99 +# Security context for the Cheetah Redpanda Console container. securityContext: runAsNonRoot: true capabilities: @@ -68,6 +77,7 @@ securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true +# Configuration for the Cheetah Redpanda Console. console: config: kafka: @@ -83,6 +93,7 @@ console: roles: {} roleBindings: {} +# Configuration for the oauth2proxy sidecar container. oauth2Proxy: image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1 issuerUrl: ""