From 54d5f5aaebbaa5a10d8fc11c9687c91a9c6cf85b Mon Sep 17 00:00:00 2001 From: "Nicholas St. Germain" Date: Sun, 13 Sep 2020 04:21:06 -0500 Subject: [PATCH] fix readme up with templating --- charts/README.templates.md.gotmpl | 70 +++++++++++++++++ charts/traefik-forward-auth/.helmignore | 2 + charts/traefik-forward-auth/README.md | 82 +++++++++++++++++++- charts/traefik-forward-auth/README.md.gotmpl | 26 +++++++ charts/traefik-forward-auth/values.yaml | 52 +++++++++---- 5 files changed, 214 insertions(+), 18 deletions(-) create mode 100644 charts/README.templates.md.gotmpl create mode 100644 charts/traefik-forward-auth/README.md.gotmpl diff --git a/charts/README.templates.md.gotmpl b/charts/README.templates.md.gotmpl new file mode 100644 index 00000000..fab3590c --- /dev/null +++ b/charts/README.templates.md.gotmpl @@ -0,0 +1,70 @@ +{{- define "repository.organization" -}} + k8s-at-home +{{- end -}} + +{{- define "repository.url" -}} + https://github.com/k8s-at-home/charts +{{- end -}} + +{{- define "helm.url" -}} + https://k8s-at-home.com/charts/ +{{- end -}} + +{{- define "helm.path" -}} + {{ template "repository.organization" . }}/{{ template "chart.name" . }} +{{- end -}} + +{{- define "description.multiarch" -}} +The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64) +{{- end -}} + +{{- define "install.tldr" -}} +## TL;DR +```console +$ helm repo add {{ template "repository.organization" . }} {{ template "helm.url" . }} +$ helm install {{ template "helm.path" . }} +``` +{{- end -}} + +{{- define "install" -}} +## Installing the Chart +To install the chart with the release name `{{ template "chart.name" . }}`: +```console +helm install {{ template "chart.name" . }} {{ template "helm.path" . }} +``` +{{- end -}} + +{{- define "uninstall" -}} +## Uninstalling the Chart +To uninstall the `{{ template "chart.name" . }}` deployment: +```console +helm uninstall {{ template "chart.name" . }} +``` +The command removes all the Kubernetes components associated with the chart and deletes the release. +{{- end -}} + +{{- define "configuration.header" -}} +## Configuration +{{- end -}} + +{{- define "configuration.readValues" -}} +Read through the [values.yaml]({{ template "repository.url" . }}/blob/master/charts/{{ template "chart.name" . }}/values.yaml) +file. It has several commented out suggested values. +{{- end -}} + +{{- define "configuration.example.set" -}} +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, +```console +helm install {{ template "chart.name" . }} \ + --set env.TZ="America/New York" \ + {{ template "helm.path" . }} +``` +{{- end -}} + +{{- define "configuration.example.file" -}} +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. +For example, +```console +helm install {{ template "chart.name" . }} {{ template "helm.path" . }} --values values.yaml +``` +{{- end -}} \ No newline at end of file diff --git a/charts/traefik-forward-auth/.helmignore b/charts/traefik-forward-auth/.helmignore index 0e8a0eb3..211e7317 100644 --- a/charts/traefik-forward-auth/.helmignore +++ b/charts/traefik-forward-auth/.helmignore @@ -21,3 +21,5 @@ .idea/ *.tmproj .vscode/ + +README.md.gotmpl \ No newline at end of file diff --git a/charts/traefik-forward-auth/README.md b/charts/traefik-forward-auth/README.md index 086a9671..eb272779 100644 --- a/charts/traefik-forward-auth/README.md +++ b/charts/traefik-forward-auth/README.md @@ -1,4 +1,8 @@ -# traefik-forward-auth | A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer +# traefik-forward-auth + +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square) + +A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64) @@ -40,5 +44,77 @@ helm install traefik-forward-auth \ Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -helm install traefik-forward-auth k8s-at-home/traefik-forward-auth --values values.yaml -``` \ No newline at end of file +helm install traefik-forward-auth k8s-at-home/traefik-forward-auth --values values.yaml +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| authHost | string | `""` | Single host to use when returning from 3rd party auth | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| cookie.csrfName | string | `""` | CSRF Cookie Name (default: _forward_auth_csrf) | +| cookie.domain | string | `""` | Domain(s) to set auth cookie on. (Comma delimited) | +| cookie.insecure | string | `""` | Use insecure cookies | +| cookie.name | string | `""` | Cookie Name (default: _forward_auth) | +| default.action | string | `""` | [auth|allow] Default action (default: auth) | +| default.provider | string | `""` | [google|oidc|generic-oauth] Default provider (default: google) | +| env | list | `[]` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"thomseddon/traefik-forward-auth"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths | list | `[]` | | +| ingress.tls | list | `[]` | | +| lifetime | string | `""` | Lifetime in seconds (default: 43200) | +| logging.format | string | `""` | [text|json|pretty] Log format (default: text) | +| logging.level | string | `""` | [trace|debug|info|warn|error|fatal|panic] Log level (default: warn) | +| logoutRedirect | string | `""` | URL to redirect to following logout | +| middleware.enabled | bool | `false` | Enable to deploy a preconfigured middleware | +| middleware.name | string | `""` | Name for the middleware | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | | +| providers.genericOauth.authUrl | string | `""` | Auth/Login URL | +| providers.genericOauth.clientId | string | `""` | Client ID | +| providers.genericOauth.clientSecret | string | `""` | Client Secret | +| providers.genericOauth.enabled | bool | `false` | Enable the generic OAUTH2 provider | +| providers.genericOauth.resource | string | `""` | Optional resource indicator | +| providers.genericOauth.scope | string | `""` | Scopes (default: profile, email) | +| providers.genericOauth.tokenStyle | string | `""` | How token is presented when querying the User URL | +| providers.genericOauth.tokenUrl | string | `""` | Token URL | +| providers.genericOauth.userUrl | string | `""` | URL used to retrieve user info | +| providers.google.clientId | string | `""` | Client ID | +| providers.google.clientSecret | string | `""` | Client Secret | +| providers.google.enabled | bool | `false` | Enable the google provider | +| providers.google.prompt | string | `""` | Space separated list of OpenID prompt options | +| providers.oidc.clientId | string | `""` | Client ID | +| providers.oidc.clientSecret | string | `""` | Client Secret | +| providers.oidc.enabled | bool | `false` | Enable the generic OIDC provider | +| providers.oidc.issuerUrl | string | `""` | Issuer URL | +| providers.oidc.resource | string | `""` | Optional resource indicator | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| restrictions.domain | string | `""` | Only allow given email domains. (Comma delimited) | +| restrictions.whitelist | string | `""` | Only allow given email addresses. (Comma delimited) | +| secret | string | `""` | Secret used for signing. If empty, one will be generated. If specifying your own in env use "-" | +| securityContext | object | `{}` | | +| service.additionalSpec | object | `{}` | | +| service.annotations | object | `{}` | | +| service.labels | object | `{}` | | +| service.port | int | `4181` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | +| urlPath | string | `""` | Callback URL Path (default: /_oauth) | diff --git a/charts/traefik-forward-auth/README.md.gotmpl b/charts/traefik-forward-auth/README.md.gotmpl new file mode 100644 index 00000000..d1cc7522 --- /dev/null +++ b/charts/traefik-forward-auth/README.md.gotmpl @@ -0,0 +1,26 @@ +{{ template "chart.header" . }} +{{ template "chart.typeBadge" . }}{{ template "chart.versionBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "description.multiarch" . }} + +Chart that +* Adds docker image information leveraging the [official image](https://github.com/thomseddon/traefik-forward-auth) +* Deploys [traefik-forward-auth](https://github.com/thomseddon/traefik-forward-auth) + +{{ template "install.tldr" . }} + +{{ template "install" . }} + +{{ template "uninstall" . }} + +{{ template "configuration.header" . }} + +{{ template "configuration.readValues" . }} + +{{ template "configuration.example.set" .}} + +{{ template "configuration.example.file" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/traefik-forward-auth/values.yaml b/charts/traefik-forward-auth/values.yaml index 5357ea48..3e4b1d99 100644 --- a/charts/traefik-forward-auth/values.yaml +++ b/charts/traefik-forward-auth/values.yaml @@ -1,4 +1,6 @@ # Default values for traefik-forward-auth. + + replicaCount: 1 image: @@ -11,64 +13,84 @@ nameOverride: "" fullnameOverride: "" logging: - # [trace|debug|info|warn|error|fatal|panic] Log level (default: warn) + # logging.level -- [trace|debug|info|warn|error|fatal|panic] Log level (default: warn) level: "" - # [text|json|pretty] Log format (default: text) + # logging.format -- [text|json|pretty] Log format (default: text) format: "" -# Single host to use when returning from 3rd party auth +# authHost -- Single host to use when returning from 3rd party auth authHost: "" restrictions: - # Only allow given email domains. (Comma delimited) + # restrictions.domain -- Only allow given email domains. (Comma delimited) domain: "" - # Only allow given email addresses. (Comma delimited) + # restrictions.whitelist -- Only allow given email addresses. (Comma delimited) whitelist: "" -# Lifetime in seconds (default: 43200) +# lifetime -- Lifetime in seconds (default: 43200) lifetime: "" cookie: - # Domain(s) to set auth cookie on. (Comma delimited) + # cookie.domain -- Domain(s) to set auth cookie on. (Comma delimited) domain: "" - # Use insecure cookies + # cookie.insecure -- Use insecure cookies insecure: "" - # Cookie Name (default: _forward_auth) + # cookie.name -- Cookie Name (default: _forward_auth) name: "" - # CSRF Cookie Name (default: _forward_auth_csrf) + # cookie.csrfName -- CSRF Cookie Name (default: _forward_auth_csrf) csrfName: "" default: - # [auth|allow] Default action (default: auth) + # default.action -- [auth|allow] Default action (default: auth) action: "" - # [google|oidc|generic-oauth] Default provider (default: google) + # default.provider -- [google|oidc|generic-oauth] Default provider (default: google) provider: "" -# URL to redirect to following logout +# logoutRedirect -- URL to redirect to following logout logoutRedirect: "" -# Callback URL Path (default: /_oauth) +# urlPath -- Callback URL Path (default: /_oauth) urlPath: "" -# Secret used for signing. If empty, one will be generated. If specifying your own in env use "-" +# secret -- Secret used for signing. If empty, one will be generated. If specifying your own in env use "-" secret: "" middleware: + # middleware.enabled -- Enable to deploy a preconfigured middleware enabled: false + # middleware.name -- Name for the middleware name: "" providers: google: + # providers.google.enabled -- Enable the google provider enabled: false + # providers.google.clientId -- Client ID clientId: "" + # providers.google.clientSecret -- Client Secret clientSecret: "" + # providers.google.prompt -- Space separated list of OpenID prompt options prompt: "" oidc: + # providers.oidc.enabled -- Enable the generic OIDC provider enabled: false + # providers.oidc.issuerUrl -- Issuer URL issuerUrl: "" + # providers.oidc.clientId -- Client ID clientId: "" + # providers.oidc.clientSecret -- Client Secret clientSecret: "" + # providers.oidc.resource -- Optional resource indicator resource: "" genericOauth: + # providers.genericOauth.enabled -- Enable the generic OAUTH2 provider enabled: false + # providers.genericOauth.authUrl -- Auth/Login URL authUrl: "" + # providers.genericOauth.tokenUrl -- Token URL tokenUrl: "" + # providers.genericOauth.userUrl -- URL used to retrieve user info userUrl: "" + # providers.genericOauth.clientId -- Client ID clientId: "" + # providers.genericOauth.clientSecret -- Client Secret clientSecret: "" + # providers.genericOauth.scope -- Scopes (default: profile, email) scope: "" + # providers.genericOauth.tokenStyle -- How token is presented when querying the User URL tokenStyle: "" + # providers.genericOauth.resource -- Optional resource indicator resource: "" env: []