TRG 5.05 - Chart Values
Status | Created | Post-History |
---|---|---|
Update | 29-Feb-2024 | new examples and rules |
Active | 10-Nov-2022 | Initial release |
Why
When external entities need to setup a whole Eclipse Tractus-X setup, they might need to configure multiply helm charts. To reduce errors and make it efficient overall, this guide aligns basic helm values across all products.
Description
Rules and best practices for Helm chart values.yaml
file.
Container images
- Image tag should not be set by default and it should fall back to the
appVersion
property from theChart.yaml
file. In specific cases (e.g.: Chart contains multiple pod templates that use different images and versions) image tag can be set explicitly. pullPolicy
must default to 'IfNotPresent'
A proper section for Container images should look like this:
image:
registry: docker.io
repository: bitnami/postgresql
tag: ""
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
latest
as image tag!This might cause unexpected effects, as the Helm release could change without bumping the chart version! Also due to
security reasons you shall not use latest
tag. If the image tag should be set to a pinned tag (e.g.: latest
) anyway, it should done in an additional (environment specific) values.yaml and in this case the image's pullPolicy is recommended to be set to Always
.
Ingress
- Ingress must be disabled by default
- Hostname must not be set by default
An example section for ingress resources:
ingress:
enabled: false
# className: "nginx"
## Optional annotations when using the nginx ingress class
#annotations:
# nginx.ingress.kubernetes.io/rewrite-target: "/$1"
# nginx.ingress.kubernetes.io/use-regex: "true"
# nginx.ingress.kubernetes.io/enable-cors: "true"
# nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.example.org"
tls: []
# - secretName: ""
# hosts:
# - ""
hosts:
- host: ""
paths:
- path: "/"
pathType: "Prefix"
backend:
service: "app"
port: 8080
Dependencies
An example section for Postgresql dependency configuration:
postgresql:
## PostgreSQL chart configuration
enabled: true
## `nameOverride` should be used when the same chart is added as a dependency
## multiple times to ensure resource names do not conflict with each other
# nameOverride: "app-postgresql"
auth:
## Database name
database: "appdb"
## Database port number
port: 5432
## Secret containing the passwords
existingSecret: "secret-postgres-init"
## Password for the root username 'postgres'. Secret-key 'postgres-password'
password: ""