From 8b5e496b06c1af22ae39f6af367b77db034718d8 Mon Sep 17 00:00:00 2001
From: Leon Welchert <leon.welchert@uni-muenster.de>
Date: Wed, 14 Jun 2023 16:44:42 +0200
Subject: [PATCH 1/4] slight rewording of informative comments added egress
examples
---
webserver/values.yaml | 44 ++++++++++++++++++++++++++++++++-----------
1 file changed, 33 insertions(+), 11 deletions(-)
diff --git a/webserver/values.yaml b/webserver/values.yaml
index cf0f72c..a2102da 100644
--- a/webserver/values.yaml
+++ b/webserver/values.yaml
@@ -3,9 +3,9 @@
# This has nothing to do with the configuration within the container.
ingress:
enabled: true
- # List of hostnames the service is available.
- # This variable is mandatory and is now allowed to be empty.
- # hosts has to be allowed from the cluster admins before they can be used.
+ # List of hostnames under which the service will be available.
+ # This variable is mandatory, but allowed to be empty.
+ # each entry in hosts must be allowed by a cluster admin before it can be used.
hosts: []
# Create a CNAME Entry in the NIC for the Reverse Proxy of the cluster.
@@ -40,8 +40,12 @@ ingress:
# automatically allowed.
# For the firewall cilium is used and the rules below are automatically added
# to the existing CiliumNetworkPolicy.
-# For details, how this rules look, take a look at
-# https://editor.networkpolicy.io/.
+# For details on how these rules work, take a look at
+# https://editor.networkpolicy.io/
+# as well as the official documentation:
+# https://docs.cilium.io/en/stable/security/policy/language/
+# Keep in mind, that IP and DNS based policies will not work with cluster-managed endpoints.
+# Use labels or one of the other policy types in those cases
# See the examples below
firewall:
ingress: []
@@ -52,11 +56,29 @@ firewall:
# - ports:
# - port: "80"
egress: []
+ ### cluster external egress example
# - toFQDNs:
- # - matchPattern: "www.example.com"
+ # - matchPattern: "www.example.org"
# toPorts:
# - ports:
# - port: "443"
+ ### cluster internal egress example
+ # - toEndpoints:
+ # - matchLabels:
+ # io.kubernetes.pod.namespace: "example-namespace"
+ # matchExpressions:
+ # - key: app.kubernetes.io/component
+ # operator: In
+ # values:
+ # - "example-component"
+ # - key: app.kubernetes.io/instance
+ # operator: In
+ # values:
+ # - "example-instance"
+ # toPorts:
+ # - ports:
+ # - port: "3306"
+
# Number of replicas of the server.
# This is ignored, if autoscaling is enabled.
@@ -65,7 +87,7 @@ replicaCount: 2
# Autoscaling configuration.
# If targetCPUUtilizationPercentage or targetMemoryUtilizationPercentage is
# reached, pods are scaled up until maxReplicas.
-# Will not be fall below minReplicas.
+# Will not be allowed to fall below minReplicas.
autoscaling:
enabled: false
minReplicas: 2
@@ -73,14 +95,14 @@ autoscaling:
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: 80
-# Information about the image used in the this deployment
+# Information about the image used in this deployment
image:
repository: php
tag: 7.2-apache
imagePullSecrets: []
# Override variables for name and fullname.
-# If empty, their are created from the release name.
+# If empty, they are created from the release name.
# This is only relevant, if deploying multiple times in the same namespace,
# otherwise the default is fine.
nameOverride: ""
@@ -128,7 +150,7 @@ webserver:
path: /
port: http
- # List of extra environment variables to pass to webserver container.
+ # List of extra environment variables to pass to the webserver container.
extraEnvVars: []
# - name: key
# value: value
@@ -139,7 +161,7 @@ webserver:
# containerPort: 2019
# protocol: TCP
- # List of extra volumes to mount into webserver container.
+ # List of extra volumes to mount into the webserver container.
extraVolumeMounts: []
# Define an update stragety. Rolling updates continuously update all pods while
--
GitLab
From 44c77afd086b2413b292013296ea5cbe198b18ac Mon Sep 17 00:00:00 2001
From: Leon Welchert <leon.welchert@uni-muenster.de>
Date: Tue, 4 Jul 2023 10:06:56 +0200
Subject: [PATCH 2/4] Update values.yaml
---
webserver/values.yaml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/webserver/values.yaml b/webserver/values.yaml
index a2102da..9b0fc81 100644
--- a/webserver/values.yaml
+++ b/webserver/values.yaml
@@ -1,11 +1,10 @@
-
# Configuration of the Reverse Proxy of the cluster.
# This has nothing to do with the configuration within the container.
ingress:
enabled: true
# List of hostnames under which the service will be available.
# This variable is mandatory, but allowed to be empty.
- # each entry in hosts must be allowed by a cluster admin before it can be used.
+ # Each entry in hosts must be allowed by a cluster admin before it can be used.
hosts: []
# Create a CNAME Entry in the NIC for the Reverse Proxy of the cluster.
--
GitLab
From 87539c2fb3d97b09fc974ccafa24216e8ba5d10d Mon Sep 17 00:00:00 2001
From: Sven Haardiek <sven.haardiek@uni-muenster.de>
Date: Tue, 4 Jul 2023 10:08:07 +0200
Subject: [PATCH 3/4] Simplify cilium egress rule
---
webserver/values.yaml | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/webserver/values.yaml b/webserver/values.yaml
index 9b0fc81..00d0fa3 100644
--- a/webserver/values.yaml
+++ b/webserver/values.yaml
@@ -65,15 +65,8 @@ firewall:
# - toEndpoints:
# - matchLabels:
# io.kubernetes.pod.namespace: "example-namespace"
- # matchExpressions:
- # - key: app.kubernetes.io/component
- # operator: In
- # values:
- # - "example-component"
- # - key: app.kubernetes.io/instance
- # operator: In
- # values:
- # - "example-instance"
+ # k8s:app.kubernetes.io/component: "example-component"
+ # k8s:app.kubernetes.io/instance: "example-instance"
# toPorts:
# - ports:
# - port: "3306"
--
GitLab
From 4d4d2776eba3df5427121fb0fbe61957eea254d4 Mon Sep 17 00:00:00 2001
From: Leon Welchert <leon.welchert@uni-muenster.de>
Date: Tue, 4 Jul 2023 10:48:30 +0200
Subject: [PATCH 4/4] update helm chart version
---
webserver/Chart.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/webserver/Chart.yaml b/webserver/Chart.yaml
index a5fe7ee..d1c859e 100644
--- a/webserver/Chart.yaml
+++ b/webserver/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v2
name: webserver
description: A Helm chart to deploy a simple web server on the WWU Kube
type: application
-version: 0.0.10
+version: 0.0.11
--
GitLab