diff --git a/charts/hyades/ci/test-initializer-values.yaml b/charts/hyades/ci/test-initializer-values.yaml new file mode 100644 index 0000000..29073c2 --- /dev/null +++ b/charts/hyades/ci/test-initializer-values.yaml @@ -0,0 +1,182 @@ +common: + database: + jdbcUrl: "jdbc:postgresql://postgres.{{ .Release.Namespace }}.svc.cluster.local:5432/dtrack" + username: "dtrack" + password: "dtrack" + kafka: + bootstrapServers: "redpanda.{{ .Release.Namespace }}.svc.cluster.local:9092" + secretKey: + createSecret: true + serviceAccount: + automount: true + +apiServer: + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: "2" + memory: 512Mi + +initializer: + enabled: true + # chart-testing executes `helm install` with `--wait` flag, + # causing post-install hooks to never run. + # See https://github.com/helm/chart-testing/issues/202. + noHelmHook: true + +mirrorService: + resources: &hyadesResources + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 256Mi + +repoMetaAnalyzer: + resources: *hyadesResources + +vulnAnalyzer: + resources: *hyadesResources + +extraObjects: +- apiVersion: apps/v1 + kind: Deployment + metadata: + name: postgres + namespace: "{{ .Release.Namespace }}" + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/name: "{{ printf \"%s-postgres\" (include \"hyades.name\" .) }}" + app.kubernetes.io/component: postgres + template: + metadata: + labels: + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/name: "{{ printf \"%s-postgres\" (include \"hyades.name\" .) }}" + app.kubernetes.io/component: postgres + spec: + containers: + - name: postgres + image: postgres:16-alpine + env: + - name: POSTGRES_DB + value: dtrack + - name: POSTGRES_USER + value: dtrack + - name: POSTGRES_PASSWORD + value: dtrack + ports: + - name: postgres + containerPort: 5432 + protocol: TCP +- apiVersion: v1 + kind: Service + metadata: + name: postgres + namespace: "{{ .Release.Namespace }}" + labels: + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/name: "{{ printf \"%s-postgres\" (include \"hyades.name\" .) }}" + app.kubernetes.io/component: postgres + spec: + type: ClusterIP + selector: + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/name: "{{ printf \"%s-postgres\" (include \"hyades.name\" .) }}" + app.kubernetes.io/component: postgres + ports: + - port: 5432 + targetPort: 5432 +- apiVersion: apps/v1 + kind: Deployment + metadata: + name: redpanda + namespace: "{{ .Release.Namespace }}" + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/name: "{{ printf \"%s-redpanda\" (include \"hyades.name\" .) }}" + app.kubernetes.io/component: redpanda + template: + metadata: + labels: + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/name: "{{ printf \"%s-redpanda\" (include \"hyades.name\" .) }}" + app.kubernetes.io/component: redpanda + spec: + containers: + - name: redpanda + image: docker.redpanda.com/vectorized/redpanda:v24.1.7 + args: + - redpanda + - start + - --smp + - '1' + - --reserve-memory + - 0M + - --memory + - 512M + - --overprovisioned + - --node-id + - '0' + - --kafka-addr + - PLAINTEXT://0.0.0.0:9092 + - --advertise-kafka-addr + - PLAINTEXT://redpanda.{{ .Release.Namespace }}.svc.cluster.local:9092 + ports: + - name: kafka-api + containerPort: 9092 + protocol: TCP + - name: redpanda-admin + containerPort: 9644 + protocol: TCP +- apiVersion: v1 + kind: Service + metadata: + name: redpanda + namespace: "{{ .Release.Namespace }}" + labels: + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/name: "{{ printf \"%s-redpanda\" (include \"hyades.name\" .) }}" + app.kubernetes.io/component: redpanda + spec: + type: ClusterIP + selector: + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/name: "{{ printf \"%s-redpanda\" (include \"hyades.name\" .) }}" + app.kubernetes.io/component: redpanda + ports: + - name: kafka-api + port: 9092 + targetPort: 9092 + - name: redpanda-admin + port: 9644 + targetPort: 9644 +- apiVersion: batch/v1 + kind: Job + metadata: + name: redpanda-init + namespace: "{{ .Release.Namespace }}" + spec: + template: + spec: + containers: + - name: redpanda + image: docker.redpanda.com/vectorized/redpanda:v24.1.7 + command: + - /bin/bash + args: + - -c + - bash <(curl -s https://raw.githubusercontent.com/DependencyTrack/hyades/main/scripts/create-topics.sh) + env: + - name: REDPANDA_BROKERS + value: "redpanda.{{ .Release.Namespace }}.svc.cluster.local:9092" + restartPolicy: OnFailure diff --git a/charts/hyades/ci/test-values.yaml b/charts/hyades/ci/test-values.yaml index 491c675..1473067 100644 --- a/charts/hyades/ci/test-values.yaml +++ b/charts/hyades/ci/test-values.yaml @@ -11,38 +11,26 @@ common: apiServer: resources: requests: - cpu: 500m + cpu: 100m memory: 512Mi limits: - cpu: 500m + cpu: "2" memory: 512Mi mirrorService: - resources: + resources: &hyadesResources requests: - cpu: 500m + cpu: 100m memory: 256Mi limits: cpu: 500m memory: 256Mi repoMetaAnalyzer: - resources: - requests: - cpu: 500m - memory: 256Mi - limits: - cpu: 500m - memory: 256Mi + resources: *hyadesResources vulnAnalyzer: - resources: - requests: - cpu: 500m - memory: 256Mi - limits: - cpu: 500m - memory: 256Mi + resources: *hyadesResources extraObjects: - apiVersion: apps/v1 diff --git a/charts/hyades/ci/test-vulnanalyzer-statefulset-values.yaml b/charts/hyades/ci/test-vulnanalyzer-statefulset-values.yaml index 2a6e40d..efa881d 100644 --- a/charts/hyades/ci/test-vulnanalyzer-statefulset-values.yaml +++ b/charts/hyades/ci/test-vulnanalyzer-statefulset-values.yaml @@ -11,39 +11,27 @@ common: apiServer: resources: requests: - cpu: 500m + cpu: 100m memory: 512Mi limits: - cpu: 500m + cpu: "2" memory: 512Mi mirrorService: - resources: + resources: &hyadesResources requests: - cpu: 500m + cpu: 100m memory: 256Mi limits: cpu: 500m memory: 256Mi repoMetaAnalyzer: - resources: - requests: - cpu: 500m - memory: 256Mi - limits: - cpu: 500m - memory: 256Mi + resources: *hyadesResources vulnAnalyzer: useStatefulSet: true - resources: - requests: - cpu: 500m - memory: 256Mi - limits: - cpu: 500m - memory: 256Mi + resources: *hyadesResources persistentVolume: enabled: true extraEnv: diff --git a/charts/hyades/templates/_helpers.tpl b/charts/hyades/templates/_helpers.tpl index e881631..f368328 100644 --- a/charts/hyades/templates/_helpers.tpl +++ b/charts/hyades/templates/_helpers.tpl @@ -91,6 +91,92 @@ API server image {{- end -}} +{{/* +Initializer labels +*/}} +{{- define "hyades.initializerLabels" -}} +{{ include "hyades.commonLabels" . }} +{{ include "hyades.initializerSelectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + +{{/* +Initializer selector labels +*/}} +{{- define "hyades.initializerSelectorLabels" -}} +{{ include "hyades.commonSelectorLabels" . }} +app.kubernetes.io/name: {{ printf "%s-initializer" (include "hyades.name" .) }} +app.kubernetes.io/component: initializer +{{- end -}} + +{{/* +Initializer name +*/}} +{{- define "hyades.initializerName" -}} +{{- printf "%s-initializer" (include "hyades.name" .) -}} +{{- end -}} + +{{/* +Initializer fully qualified name +*/}} +{{- define "hyades.initializerFullname" -}} +{{- printf "%s-initializer" (include "hyades.fullname" .) -}} +{{- end -}} + +{{/* +Initializer image +*/}} +{{- define "hyades.initializerImage" -}} +{{- if eq (substr 0 7 .Values.initializer.image.tag) "sha256:" -}} +{{- printf "%s/%s@%s" (.Values.initializer.image.registry | default .Values.common.image.registry) .Values.initializer.image.repository .Values.initializer.image.tag -}} +{{- else -}} +{{- printf "%s/%s:%s" (.Values.initializer.image.registry | default .Values.common.image.registry) .Values.initializer.image.repository (.Values.initializer.image.tag | default .Chart.AppVersion) -}} +{{- end -}} +{{- end -}} + + +{{/* +Initializer waiter name +*/}} +{{- define "hyades.initializerWaiterName" -}} +{{- printf "%s-waiter" (include "hyades.initializerName" .) -}} +{{- end -}} + +{{/* +Initializer waiter fully qualified name +*/}} +{{- define "hyades.initializerWaiterFullname" -}} +{{- printf "%s-waiter" (include "hyades.initializerFullname" .) -}} +{{- end -}} + +{{/* +Initializer waiter image +*/}} +{{- define "hyades.initializerWaiterImage" -}} +{{- if eq (substr 0 7 .Values.initializer.waiter.image.tag) "sha256:" -}} +{{- printf "%s/%s@%s" (.Values.initializer.waiter.image.registry | default .Values.common.image.registry) .Values.initializer.waiter.image.repository .Values.initializer.waiter.image.tag -}} +{{- else -}} +{{- printf "%s/%s:%s" (.Values.initializer.waiter.image.registry | default .Values.common.image.registry) .Values.initializer.waiter.image.repository (.Values.initializer.waiter.image.tag | default .Chart.AppVersion) -}} +{{- end -}} +{{- end -}} + +{{/* +Initializer waiter container +*/}} +{{- define "hyades.initializerWaiterContainer" -}} +name: {{ include "hyades.initializerWaiterName" . }} +image: {{ include "hyades.initializerWaiterImage" . }} +imagePullPolicy: {{ .Values.initializer.waiter.image.pullPolicy }} +args: +- wait +- --for +- condition=complete +- --timeout +- "5m" +- job/{{ include "hyades.initializerFullname" . }} +{{- end -}} + + {{/* Frontend labels */}} diff --git a/charts/hyades/templates/api-server/deployment.yaml b/charts/hyades/templates/api-server/deployment.yaml index 9c05dd6..bd49575 100644 --- a/charts/hyades/templates/api-server/deployment.yaml +++ b/charts/hyades/templates/api-server/deployment.yaml @@ -24,6 +24,9 @@ spec: imagePullSecrets: {{- toYaml . | nindent 6 }} {{- end }} initContainers: + {{- if .Values.initializer.enabled }} + - {{ include "hyades.initializerWaiterContainer" . | nindent 8 }} + {{- end }} {{- with .Values.apiServer.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -48,10 +51,6 @@ spec: - name: ALPINE_SECRET_KEY_PATH value: "/var/run/secrets/secret.key" {{- end }} - - name: ALPINE_DATABASE_MODE - value: "external" - - name: ALPINE_DATABASE_DRIVER - value: "org.postgresql.Driver" {{- with .Values.common.database.jdbcUrl }} - name: ALPINE_DATABASE_URL value: {{ tpl . $ | quote }} @@ -64,6 +63,10 @@ spec: - name: ALPINE_DATABASE_PASSWORD value: {{ . | quote }} {{- end }} + {{- if .Values.initializer.enabled }} + - name: INIT_TASKS_ENABLED + value: "false" + {{- end }} - name: KAFKA_BOOTSTRAP_SERVERS value: {{ tpl .Values.common.kafka.bootstrapServers $ | quote }} {{- with .Values.common.kafka.topicPrefix }} diff --git a/charts/hyades/templates/initializer/job.yaml b/charts/hyades/templates/initializer/job.yaml new file mode 100644 index 0000000..dc53c02 --- /dev/null +++ b/charts/hyades/templates/initializer/job.yaml @@ -0,0 +1,81 @@ +{{- if .Values.initializer.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "hyades.initializerFullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "hyades.initializerLabels" . | nindent 4 }} + {{- if not .Values.initializer.noHelmHook }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-delete-policy": "before-hook-creation" + {{- end }} +spec: + template: + metadata: + labels: {{- include "hyades.initializerSelectorLabels" . | nindent 8 }} + {{- with .Values.initializer.annotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: Never + serviceAccountName: {{ include "hyades.serviceAccountName" . }} + containers: + - name: {{ include "hyades.initializerName" . }} + image: {{ include "hyades.initializerImage" . }} + imagePullPolicy: {{ .Values.initializer.image.pullPolicy }} + securityContext: {{ toYaml .Values.initializer.securityContext | nindent 10 }} + {{- with .Values.initializer.command }} + command: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initializer.args }} + args: {{ toYaml . | nindent 8 }} + {{- end }} + resources: {{- toYaml .Values.initializer.resources | nindent 10 }} + env: + # Clear the defaults for garbage collector and heap size that we set in the API server's Dockerfile. + # Let the JVM deal with configuring itself appropriately for the available resources. + - name: JAVA_OPTIONS + value: "" + - name: INIT_TASKS_ENABLED + value: "true" + - name: INIT_AND_EXIT + value: "true" + - name: ALPINE_DATABASE_POOL_ENABLED + value: "false" + {{- with .Values.common.database.jdbcUrl }} + - name: ALPINE_DATABASE_URL + value: {{ tpl . $ | quote }} + {{- end}} + {{- with .Values.common.database.username }} + - name: ALPINE_DATABASE_USERNAME + value: {{ . | quote }} + {{- end }} + {{- with .Values.common.database.password }} + - name: ALPINE_DATABASE_PASSWORD + value: {{ . | quote }} + {{- end }} + {{- with .Values.initializer.extraEnv }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initializer.extraEnvFrom }} + envFrom: {{ toYaml . | nindent 8 }} + {{- end }} + volumeMounts: + - name: tmp + subPath: data + mountPath: /data + - name: tmp + subPath: tmp + mountPath: /tmp + {{- with .Values.initializer.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initializer.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} +{{- end }} \ No newline at end of file diff --git a/charts/hyades/templates/initializer/role.yaml b/charts/hyades/templates/initializer/role.yaml new file mode 100644 index 0000000..453b559 --- /dev/null +++ b/charts/hyades/templates/initializer/role.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.initializer.enabled .Values.initializer.waiter.createRole }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "hyades.initializerWaiterFullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "hyades.commonLabels" . | nindent 4 }} +rules: +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch +{{- end }} \ No newline at end of file diff --git a/charts/hyades/templates/initializer/rolebinding.yaml b/charts/hyades/templates/initializer/rolebinding.yaml new file mode 100644 index 0000000..88b9505 --- /dev/null +++ b/charts/hyades/templates/initializer/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.initializer.enabled .Values.initializer.waiter.createRole }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "hyades.initializerWaiterFullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "hyades.commonLabels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "hyades.initializerWaiterFullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "hyades.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/hyades/templates/mirror-service/deployment.yaml b/charts/hyades/templates/mirror-service/deployment.yaml index 6a65dd3..ab2d735 100644 --- a/charts/hyades/templates/mirror-service/deployment.yaml +++ b/charts/hyades/templates/mirror-service/deployment.yaml @@ -24,6 +24,9 @@ spec: imagePullSecrets: {{- toYaml . | nindent 6 }} {{- end }} initContainers: + {{- if .Values.initializer.enabled }} + - {{ include "hyades.initializerWaiterContainer" . | nindent 8 }} + {{- end }} {{- with .Values.mirrorService.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/hyades/templates/notification-publisher/deployment.yaml b/charts/hyades/templates/notification-publisher/deployment.yaml index 995df48..644ffb1 100644 --- a/charts/hyades/templates/notification-publisher/deployment.yaml +++ b/charts/hyades/templates/notification-publisher/deployment.yaml @@ -24,6 +24,9 @@ spec: imagePullSecrets: {{- toYaml . | nindent 6 }} {{- end }} initContainers: + {{- if .Values.initializer.enabled }} + - {{ include "hyades.initializerWaiterContainer" . | nindent 8 }} + {{- end }} {{- with .Values.notificationPublisher.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/hyades/templates/repo-meta-analyzer/deployment.yaml b/charts/hyades/templates/repo-meta-analyzer/deployment.yaml index 550853b..9901f33 100644 --- a/charts/hyades/templates/repo-meta-analyzer/deployment.yaml +++ b/charts/hyades/templates/repo-meta-analyzer/deployment.yaml @@ -24,6 +24,9 @@ spec: imagePullSecrets: {{- toYaml . | nindent 6 }} {{- end }} initContainers: + {{- if .Values.initializer.enabled }} + - {{ include "hyades.initializerWaiterContainer" . | nindent 8 }} + {{- end }} {{- with .Values.repoMetaAnalyzer.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/hyades/templates/vuln-analyzer/deployment.yaml b/charts/hyades/templates/vuln-analyzer/deployment.yaml index 7be9a0c..63d21d4 100644 --- a/charts/hyades/templates/vuln-analyzer/deployment.yaml +++ b/charts/hyades/templates/vuln-analyzer/deployment.yaml @@ -24,6 +24,9 @@ spec: imagePullSecrets: {{- toYaml . | nindent 6 }} {{- end }} initContainers: + {{- if .Values.initializer.enabled }} + - {{ include "hyades.initializerWaiterContainer" . | nindent 8 }} + {{- end }} {{- with .Values.notificationPublisher.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/hyades/templates/vuln-analyzer/statefulset.yaml b/charts/hyades/templates/vuln-analyzer/statefulset.yaml index fb1a6a2..f3b554f 100644 --- a/charts/hyades/templates/vuln-analyzer/statefulset.yaml +++ b/charts/hyades/templates/vuln-analyzer/statefulset.yaml @@ -25,6 +25,9 @@ spec: imagePullSecrets: {{- toYaml . | nindent 6 }} {{- end }} initContainers: + {{- if .Values.initializer.enabled }} + - {{ include "hyades.initializerWaiterContainer" . | nindent 8 }} + {{- end }} {{- with .Values.notificationPublisher.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/hyades/values.schema.json b/charts/hyades/values.schema.json index 7302ce0..95a930b 100644 --- a/charts/hyades/values.schema.json +++ b/charts/hyades/values.schema.json @@ -111,6 +111,9 @@ "resources": { "$ref": "#/$defs/resources" }, + "securityContext": { + "type": "object" + }, "extraEnv": { "$ref": "#/$defs/objectArray" }, @@ -146,6 +149,61 @@ } } }, + "initializer": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "annotations": { + "type": "object" + }, + "image": { + "$ref": "#/$defs/image" + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "resources": { + "$ref": "#/$defs/resources" + }, + "securityContext": { + "type": "object" + }, + "extraEnv": { + "$ref": "#/$defs/objectArray" + }, + "extraEnvFrom": { + "$ref": "#/$defs/objectArray" + }, + "tolerations": { + "$ref": "#/$defs/objectArray" + }, + "nodeSelector": { + "type": "object" + }, + "waiter": { + "type": "object", + "properties": { + "image": { + "$ref": "#/$defs/image" + }, + "createRole": { + "type": "boolean" + } + } + } + } + }, "frontend": { "type": "object", "properties": { @@ -176,6 +234,9 @@ "resources": { "$ref": "#/$defs/resources" }, + "securityContext": { + "type": "object" + }, "extraEnv": { "$ref": "#/$defs/objectArray" }, @@ -243,6 +304,9 @@ "resources": { "$ref": "#/$defs/resources" }, + "securityContext": { + "type": "object" + }, "extraEnv": { "$ref": "#/$defs/objectArray" }, @@ -302,6 +366,9 @@ "resources": { "$ref": "#/$defs/resources" }, + "securityContext": { + "type": "object" + }, "extraEnv": { "$ref": "#/$defs/objectArray" }, @@ -361,6 +428,9 @@ "resources": { "$ref": "#/$defs/resources" }, + "securityContext": { + "type": "object" + }, "extraEnv": { "$ref": "#/$defs/objectArray" }, @@ -423,6 +493,9 @@ "resources": { "$ref": "#/$defs/resources" }, + "securityContext": { + "type": "object" + }, "persistentVolume":{ "type": "object", "properties": { diff --git a/charts/hyades/values.yaml b/charts/hyades/values.yaml index 7bc5558..b22c8e6 100644 --- a/charts/hyades/values.yaml +++ b/charts/hyades/values.yaml @@ -30,7 +30,7 @@ apiServer: enabled: true replicaCount: 1 annotations: {} - image: + image: &apiServerImage # -- Override common.image.registry for the API server. registry: "" repository: dependencytrack/hyades-apiserver @@ -114,6 +114,45 @@ apiServer: tolerations: [] nodeSelector: {} +initializer: + # -- Whether to enable the initializer Job. + # When enabled, an init container will be added to all + # deployments that require database access. + # The init container will wait for the initializer Job to complete. + # Requires the service account token to be mounted. + enabled: false + # -- Whether to NOT deploy the initializer Job as `post-install` and `post-upgrade` + # Helm hook. Deploying as Helm hook can create deadlock situations when `helm install` + # and `helm upgrade` are executed with `--wait` flag. See . + # Note that without hooks, `helm upgrade` may fail due to Job fields being immutable. + noHelmHook: false + annotations: {} + image: *apiServerImage + command: [] + args: [] + resources: + requests: + cpu: 150m + memory: 256Mi + limits: + cpu: 500m + memory: 256Mi + # -- Security context of the Container. + securityContext: *hyadesSecurityContext + extraEnv: [] + extraEnvFrom: [] + tolerations: [] + nodeSelector: {} + waiter: + image: + registry: "docker.io" + repository: bitnami/kubectl + tag: latest + pullPolicy: Always + # -- Whether to create a Role with permissions to + # wait for Job completion, and bind it to the ServiceAccount. + createRole: true + frontend: # -- Whether the frontend shall be deployed. enabled: true