From 3c1961bc65d860c8d52f3d18b9f5f3112cd49da7 Mon Sep 17 00:00:00 2001 From: Mangirdas Judeikis Date: Mon, 30 Mar 2026 10:10:31 +0300 Subject: [PATCH 1/3] Add configurable backend deployment --- .../charts/backend/templates/deployment.yaml | 22 +++++++++++++++++++ deploy/charts/backend/values.yaml | 19 ++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/deploy/charts/backend/templates/deployment.yaml b/deploy/charts/backend/templates/deployment.yaml index 7d9f9ae7e..64d3977c1 100644 --- a/deploy/charts/backend/templates/deployment.yaml +++ b/deploy/charts/backend/templates/deployment.yaml @@ -36,6 +36,10 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} {{- with .Values.securityContext }} @@ -112,6 +116,24 @@ spec: - --oidc-allowed-users={{ . }} {{- end }} {{- end }} + {{- if .Values.backend.multiclusterRuntimeProvider }} + - --multicluster-runtime-provider={{ .Values.backend.multiclusterRuntimeProvider }} + {{- end }} + {{- if .Values.backend.schemaSource }} + - --schema-source={{ .Values.backend.schemaSource }} + {{- end }} + {{- if .Values.backend.apiexportEndpointSliceName }} + - --apiexport-endpoint-slice-name={{ .Values.backend.apiexportEndpointSliceName }} + {{- end }} + {{- if .Values.backend.frontendDisabled }} + - --frontend-disabled=true + {{- end }} + {{- range .Values.backend.apibindingIgnorePrefixes }} + - --apibinding-ignore-prefixes={{ . }} + {{- end }} + {{- range .Values.backend.extraArgs }} + - {{ . }} + {{- end }} {{- if .Values.backend.loggingLevel }} - -v={{ .Values.backend.loggingLevel }} {{- end }} diff --git a/deploy/charts/backend/values.yaml b/deploy/charts/backend/values.yaml index 7e7ae4f23..ae2ff66fc 100644 --- a/deploy/charts/backend/values.yaml +++ b/deploy/charts/backend/values.yaml @@ -39,6 +39,19 @@ backend: consumerScope: "namespaced" clusterScopeIsolation: "prefix" # Options: none, prefix, namespaced + # Multicluster runtime provider (e.g., "kcp") + multiclusterRuntimeProvider: "" + # Schema source (e.g., "apiresourceschemas") + schemaSource: "" + # APIExport EndpointSlice name to watch + apiexportEndpointSliceName: "" + # Disable the frontend UI + frontendDisabled: false + # Name prefixes of APIBindings to ignore when generating APIServiceExportTemplates + apibindingIgnorePrefixes: [] + # Extra command-line arguments to pass to the backend + extraArgs: [] + # Cookie configuration - these should be base64 encoded keys # Empty values - will generate random keys on each start (not for production!) cookieSigningKey: "" @@ -174,6 +187,12 @@ autoscaling: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 +# Additional init containers +initContainers: [] +# - name: init +# image: ghcr.io/platform-mesh/kube-bind-provider-init:latest +# args: ["--kcp-kubeconfig", "/etc/kube-bind/kubeconfig"] + # Additional volumes on the output Deployment definition. volumes: [] # - name: foo From 1a4612362cc11656af2bbd109ab177c445e77b0f Mon Sep 17 00:00:00 2001 From: Mangirdas Judeikis Date: Mon, 30 Mar 2026 10:21:14 +0300 Subject: [PATCH 2/3] Add helm docs --- Makefile | 23 +++- deploy/charts/backend/README.md | 101 +++++++++++++++ deploy/charts/backend/README.md.gotmpl | 25 ++++ deploy/charts/backend/values.yaml | 164 +++++++++++++++---------- hack/tools.checksums | 1 + 5 files changed, 251 insertions(+), 63 deletions(-) create mode 100644 deploy/charts/backend/README.md create mode 100644 deploy/charts/backend/README.md.gotmpl diff --git a/Makefile b/Makefile index 35562a86d..204950708 100644 --- a/Makefile +++ b/Makefile @@ -35,6 +35,7 @@ DEX_VERSION := v2.43.1 GOLANGCI_LINT_VERSION := 2.1.6 GORELEASER_VERSION := 2.13.0 GOTESTSUM_VERSION := 1.8.1 +HELM_DOCS_VERSION := 1.14.2 HELM_VERSION := 3.18.6 # unreleased kcp version with vw code for schemas KCP_VERSION := 301a8f749e7b99a0c81f43b37aa5b5e5ff0fc0b4 @@ -175,6 +176,14 @@ install-goreleaser: install-helm: @hack/uget.sh https://get.helm.sh/helm-v{VERSION}-{GOOS}-{GOARCH}.tar.gz helm $(HELM_VERSION) +HELM_DOCS = $(UGET_DIRECTORY)/helm-docs-$(HELM_DOCS_VERSION) + +.PHONY: install-helm-docs +install-helm-docs: export OS ?= $(shell uname -s) +install-helm-docs: export ARCH ?= $(shell uname -m) +install-helm-docs: + @hack/uget.sh https://github.com/norwoodj/helm-docs/releases/download/v{VERSION}/helm-docs_{VERSION}_{ENV:OS}_{ENV:ARCH}.tar.gz helm-docs $(HELM_DOCS_VERSION) helm-docs + # e2e tests use this env name to locate the dex binary; make sure it's an absolute path export DEX_BINARY = $(ROOT_DIR)/$(UGET_DIRECTORY)/dex-$(DEX_VERSION) @@ -364,7 +373,7 @@ verify-modules: modules # Verify go modules are up to date done .PHONY: verify -verify: verify-go-versions verify-modules verify-imports verify-codegen verify-boilerplate ## verify formal properties of the code +verify: verify-go-versions verify-modules verify-imports verify-codegen verify-boilerplate verify-helm-docs ## verify formal properties of the code .PHONY: help help: ## Show this help @@ -442,4 +451,16 @@ helm-push-local: ## Push Helm charts to IMAGE_REPO registry helm-test: helm-build-local ## Test Helm chart installation (dry-run) @hack/helm-test.sh +.PHONY: generate-helm-docs +generate-helm-docs: install-helm-docs ## Generate Helm chart documentation + $(HELM_DOCS) --chart-search-root deploy/charts + +.PHONY: verify-helm-docs +verify-helm-docs: generate-helm-docs ## Verify Helm chart documentation is up to date + @if ! git diff --quiet HEAD -- deploy/charts/**/README.md; then \ + git diff -- deploy/charts/**/README.md; \ + echo "Helm chart documentation is out of date, please run 'make generate-helm-docs'"; \ + exit 1; \ + fi + include Makefile.venv diff --git a/deploy/charts/backend/README.md b/deploy/charts/backend/README.md new file mode 100644 index 000000000..e4de8fb86 --- /dev/null +++ b/deploy/charts/backend/README.md @@ -0,0 +1,101 @@ +# backend + +A Helm chart for kube-bind backend deployment + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.6.0](https://img.shields.io/badge/AppVersion-v0.6.0-informational?style=flat-square) + +## Installation + +```bash +helm install kube-bind-backend oci://ghcr.io/kube-bind/charts/backend --version +``` + +## Configuration + +See [values.yaml](values.yaml) for the full list of configurable parameters. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Affinity rules for pod scheduling | +| autoscaling.enabled | bool | `false` | Enable horizontal pod autoscaling | +| autoscaling.maxReplicas | int | `100` | Maximum number of replicas | +| autoscaling.minReplicas | int | `1` | Minimum number of replicas | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage | +| backend.apibindingIgnorePrefixes | list | `[]` | Name prefixes of APIBindings to ignore when generating APIServiceExportTemplates | +| backend.apiexportEndpointSliceName | string | `""` | APIExport EndpointSlice name to watch | +| backend.clusterScopeIsolation | string | `"prefix"` | Cluster-scope isolation mode. Options: none, prefix, namespaced | +| backend.consumerScope | string | `"namespaced"` | Consumer scope. Options: "namespaced" | +| backend.cookieEncryptionKey | string | `""` | Cookie encryption key (base64 encoded). Empty generates random key on each start (not for production!) | +| backend.cookieSigningKey | string | `""` | Cookie signing key (base64 encoded). Empty generates random key on each start (not for production!) | +| backend.externalAddress | string | `""` | External address clients use to reach the backend | +| backend.externalServerName | string | `""` | External server name for TLS SNI | +| backend.extraArgs | list | `[]` | Extra command-line arguments to pass to the backend | +| backend.frontendDisabled | bool | `false` | Disable the frontend UI | +| backend.listenAddress | string | `"0.0.0.0:8080"` | Address the backend listens on | +| backend.loggingLevel | int | `2` | Logging verbosity level | +| backend.multiclusterRuntimeProvider | string | `""` | Multicluster runtime provider (e.g., "kcp") | +| backend.namespacePrefix | string | `"kube-bind-"` | Prefix for namespaces created by kube-bind | +| backend.oidc.allowedGroups | list | `[]` | List of groups allowed to access bindings. With embedded OIDC, system:authenticated is added automatically | +| backend.oidc.allowedUsers | list | `[]` | List of users allowed to access bindings | +| backend.oidc.callbackUrl | string | `""` | OIDC callback URL | +| backend.oidc.clientId | string | `""` | OIDC client ID | +| backend.oidc.clientSecret | string | `""` | OIDC client secret (plaintext, prefer clientSecretName for production) | +| backend.oidc.clientSecretKey | string | `""` | Key within the secret (e.g., "client-secret") | +| backend.oidc.clientSecretName | string | `""` | Name of the Kubernetes secret containing the OIDC client secret | +| backend.oidc.issuerUrl | string | `""` | OIDC issuer URL (leave empty for embedded OIDC server) | +| backend.oidc.type | string | `"embedded"` | OIDC provider type. Options: "embedded" or "external" | +| backend.prettyName | string | `""` | Human-readable name for this backend instance | +| backend.schemaSource | string | `""` | Schema source (e.g., "apiresourceschemas") | +| backend.tls.certSecretName | string | `""` | Name of the Kubernetes secret containing TLS certificate | +| backend.tls.enabled | bool | `false` | Enable TLS for the backend | +| backend.tls.tlsCertFile | string | `"/etc/kube-bind/tls/tls.crt"` | Path to TLS certificate file inside the container | +| backend.tls.tlsKeyFile | string | `"/etc/kube-bind/tls/tls.key"` | Path to TLS key file inside the container | +| certManager.clusterIssuer | string | `""` | Name of the ClusterIssuer to use | +| certManager.enabled | bool | `false` | Enable cert-manager integration for automatic TLS certificates | +| examples.enabled | bool | `false` | Enable example resources to seed on first start | +| fullnameOverride | string | `""` | Override the full release name | +| gatewayApi.enabled | bool | `false` | Enable Gateway API resources | +| gatewayApi.gateway.annotations | object | `{}` | Annotations to add to the Gateway resource | +| gatewayApi.gateway.className | string | `""` | Gateway class name | +| gatewayApi.gateway.httpPort | int | `80` | HTTP listener port | +| gatewayApi.gateway.httpsPort | int | `443` | HTTPS listener port | +| gatewayApi.gateway.tls.certificateRefs | list | `[]` | TLS certificate references for the Gateway | +| gatewayApi.route.annotations | object | `{}` | Annotations to add to the HTTPRoute resource | +| gatewayApi.route.hostnames | list | `[]` | Hostnames for the HTTPRoute | +| gatewayApi.route.path | string | `"/"` | Path match for the HTTPRoute | +| gatewayApi.route.pathType | string | `"PathPrefix"` | Path match type for the HTTPRoute | +| hostAliases | list | `[]` | Host aliases for /etc/hosts injection into pods | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| image.repository | string | `"ghcr.io/kube-bind/backend"` | Image repository | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | +| imagePullSecrets | list | `[]` | Secrets for pulling images from a private repository | +| initContainers | list | `[]` | Additional init containers | +| livenessProbe | object | `{"httpGet":{"path":"/healthz","port":"http"}}` | Liveness probe configuration | +| nameOverride | string | `""` | Override the chart name | +| nodeSelector | object | `{}` | Node selector for pod scheduling | +| podAnnotations | object | `{}` | Annotations to add to the pod | +| podLabels | object | `{}` | Labels to add to the pod | +| podSecurityContext | object | `{}` | Pod security context | +| rbac.create | bool | `true` | Specifies whether RBAC resources should be created | +| readinessProbe | object | `{"httpGet":{"path":"/healthz","port":"http"}}` | Readiness probe configuration | +| replicaCount | int | `1` | Number of replicas for the backend deployment | +| resources | object | `{}` | Resource requests and limits | +| securityContext | object | `{}` | Container security context | +| service.httpsNodePort | string | `""` | NodePort for HTTPS (only used when type is NodePort) | +| service.httpsPort | int | `8443` | HTTPS service port | +| service.nodePort | string | `""` | NodePort for HTTP (only used when type is NodePort) | +| service.port | int | `8080` | HTTP service port | +| service.type | string | `"ClusterIP"` | Service type | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.automount | bool | `true` | Automatically mount the ServiceAccount's API credentials | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| tolerations | list | `[]` | Tolerations for pod scheduling | +| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition | +| volumes | list | `[]` | Additional volumes on the output Deployment definition | + +--- + +*This README is generated by [helm-docs](https://github.com/norwoodj/helm-docs). Do not edit manually.* diff --git a/deploy/charts/backend/README.md.gotmpl b/deploy/charts/backend/README.md.gotmpl new file mode 100644 index 000000000..e2c913c30 --- /dev/null +++ b/deploy/charts/backend/README.md.gotmpl @@ -0,0 +1,25 @@ +{{ template "chart.header" . }} + +{{ template "chart.description" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +## Installation + +```bash +helm install kube-bind-backend oci://ghcr.io/kube-bind/charts/backend --version +``` + +## Configuration + +See [values.yaml](values.yaml) for the full list of configurable parameters. + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +{{ template "chart.maintainersSection" . }} + +--- + +*This README is generated by [helm-docs](https://github.com/norwoodj/helm-docs). Do not edit manually.* diff --git a/deploy/charts/backend/values.yaml b/deploy/charts/backend/values.yaml index ae2ff66fc..9680b4564 100644 --- a/deploy/charts/backend/values.yaml +++ b/deploy/charts/backend/values.yaml @@ -2,142 +2,172 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ +# -- Number of replicas for the backend deployment replicaCount: 1 # Backend configuration backend: + # -- Address the backend listens on listenAddress: "0.0.0.0:8080" + # -- External address clients use to reach the backend externalAddress: "" + # -- External server name for TLS SNI externalServerName: "" + # -- Logging verbosity level loggingLevel: 2 + # TLS configuration tls: + # -- Enable TLS for the backend enabled: false + # -- Name of the Kubernetes secret containing TLS certificate certSecretName: "" + # -- Path to TLS certificate file inside the container tlsCertFile: "/etc/kube-bind/tls/tls.crt" + # -- Path to TLS key file inside the container tlsKeyFile: "/etc/kube-bind/tls/tls.key" - # OIDC configuration. Empty values - will run embedded OIDC server. + # OIDC configuration. Empty values will run the embedded OIDC server. oidc: + # -- OIDC issuer URL (leave empty for embedded OIDC server) issuerUrl: "" + # -- OIDC client ID clientId: "" + # -- OIDC client secret (plaintext, prefer clientSecretName for production) clientSecret: "" - # Alternative: reference a secret for client secret (more secure than plaintext) - # If clientSecretName is set, the secret will be mounted as OIDC_CLIENT_SECRET env var - clientSecretName: "" # Name of the Kubernetes secret containing the client secret - clientSecretKey: "" # Key within the secret (e.g., "client-secret") + # -- Name of the Kubernetes secret containing the OIDC client secret + clientSecretName: "" + # -- Key within the secret (e.g., "client-secret") + clientSecretKey: "" + # -- OIDC callback URL callbackUrl: "" - type: "embedded" # Options: "embedded" or "external" - # List of groups allowed to access bindings inside the cluster - # If using embedded OIDC provider, system:authenticated will be added automatically + # -- OIDC provider type. Options: "embedded" or "external" + type: "embedded" + # -- List of groups allowed to access bindings. With embedded OIDC, system:authenticated is added automatically allowedGroups: [] - # List of users allowed to access bindings inside the cluster + # -- List of users allowed to access bindings allowedUsers: [] - - # General backend configuration + + # -- Human-readable name for this backend instance prettyName: "" + # -- Prefix for namespaces created by kube-bind namespacePrefix: "kube-bind-" + # -- Consumer scope. Options: "namespaced" consumerScope: "namespaced" - clusterScopeIsolation: "prefix" # Options: none, prefix, namespaced + # -- Cluster-scope isolation mode. Options: none, prefix, namespaced + clusterScopeIsolation: "prefix" - # Multicluster runtime provider (e.g., "kcp") + # -- Multicluster runtime provider (e.g., "kcp") multiclusterRuntimeProvider: "" - # Schema source (e.g., "apiresourceschemas") + # -- Schema source (e.g., "apiresourceschemas") schemaSource: "" - # APIExport EndpointSlice name to watch + # -- APIExport EndpointSlice name to watch apiexportEndpointSliceName: "" - # Disable the frontend UI + # -- Disable the frontend UI frontendDisabled: false - # Name prefixes of APIBindings to ignore when generating APIServiceExportTemplates + # -- Name prefixes of APIBindings to ignore when generating APIServiceExportTemplates apibindingIgnorePrefixes: [] - # Extra command-line arguments to pass to the backend + # -- Extra command-line arguments to pass to the backend extraArgs: [] - # Cookie configuration - these should be base64 encoded keys - # Empty values - will generate random keys on each start (not for production!) + # -- Cookie signing key (base64 encoded). Empty generates random key on each start (not for production!) cookieSigningKey: "" + # -- Cookie encryption key (base64 encoded). Empty generates random key on each start (not for production!) cookieEncryptionKey: "" # Cert-manager configuration certManager: + # -- Enable cert-manager integration for automatic TLS certificates enabled: false + # -- Name of the ClusterIssuer to use clusterIssuer: "" # Gateway API configuration gatewayApi: + # -- Enable Gateway API resources enabled: false gateway: + # -- Gateway class name className: "" + # -- HTTP listener port httpPort: 80 + # -- HTTPS listener port httpsPort: 443 + # -- Annotations to add to the Gateway resource annotations: {} tls: + # -- TLS certificate references for the Gateway + # @default -- `[]` certificateRefs: [] # Example: # - name: tls-cert # namespace: default route: + # -- Hostnames for the HTTPRoute + # @default -- `[]` hostnames: [] # Example: # - "example.com" # - "api.example.com" + # -- Path match for the HTTPRoute path: "/" + # -- Path match type for the HTTPRoute pathType: "PathPrefix" + # -- Annotations to add to the HTTPRoute resource annotations: {} examples: - # Example resources to seed on first start + # -- Enable example resources to seed on first start enabled: false -# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ +# Container image configuration image: - repository: ghcr.io/kube-bind/backend - # This sets the pull policy for images. - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + # -- Image repository + repository: ghcr.io/kube-bind/backend + # -- Image pull policy + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion + tag: "" + +# -- Secrets for pulling images from a private repository imagePullSecrets: [] -# This is to override the chart name. +# -- Override the chart name nameOverride: "" +# -- Override the full release name fullnameOverride: "" -# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ +# Service account configuration serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Automatically mount a ServiceAccount's API credentials? + # -- Automatically mount the ServiceAccount's API credentials automount: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + # -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template name: "" # RBAC configuration rbac: - # Specifies whether RBAC resources should be created + # -- Specifies whether RBAC resources should be created create: true -# This is for setting Kubernetes Annotations to a Pod. -# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +# -- Annotations to add to the pod podAnnotations: {} -# This is for setting Kubernetes Labels to a Pod. -# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +# -- Labels to add to the pod podLabels: {} +# -- Pod security context podSecurityContext: {} # fsGroup: 2000 -# Host aliases for /etc/hosts injection into pods -# Example: -# hostAliases: -# - ip: "127.0.0.1" -# hostnames: -# - "example.local" -# - "test.local" +# -- Host aliases for /etc/hosts injection into pods +# @default -- `[]` hostAliases: [] +# Example: +# - ip: "127.0.0.1" +# hostnames: +# - "example.local" +# -- Container security context securityContext: {} # capabilities: # drop: @@ -146,22 +176,21 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 -# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ +# Service configuration service: - # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + # -- Service type type: ClusterIP - # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports + # -- HTTP service port port: 8080 + # -- HTTPS service port httpsPort: 8443 - # NodePort configuration (only used when type is NodePort) + # -- NodePort for HTTP (only used when type is NodePort) nodePort: "" + # -- NodePort for HTTPS (only used when type is NodePort) httpsNodePort: "" +# -- Resource requests and limits resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi @@ -169,45 +198,56 @@ resources: {} # cpu: 100m # memory: 128Mi -# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +# -- Liveness probe configuration livenessProbe: httpGet: path: /healthz port: http +# -- Readiness probe configuration readinessProbe: httpGet: path: /healthz port: http -# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ +# Autoscaling configuration autoscaling: + # -- Enable horizontal pod autoscaling enabled: false + # -- Minimum number of replicas minReplicas: 1 + # -- Maximum number of replicas maxReplicas: 100 + # -- Target CPU utilization percentage targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -# Additional init containers +# -- Additional init containers +# @default -- `[]` initContainers: [] # - name: init # image: ghcr.io/platform-mesh/kube-bind-provider-init:latest # args: ["--kcp-kubeconfig", "/etc/kube-bind/kubeconfig"] -# Additional volumes on the output Deployment definition. +# -- Additional volumes on the output Deployment definition +# @default -- `[]` volumes: [] # - name: foo # secret: # secretName: mysecret # optional: false -# Additional volumeMounts on the output Deployment definition. +# -- Additional volumeMounts on the output Deployment definition +# @default -- `[]` volumeMounts: [] # - name: foo # mountPath: "/etc/foo" # readOnly: true +# -- Node selector for pod scheduling nodeSelector: {} +# -- Tolerations for pod scheduling tolerations: [] +# -- Affinity rules for pod scheduling affinity: {} diff --git a/hack/tools.checksums b/hack/tools.checksums index e393ceca8..59fbd1cf3 100644 --- a/hack/tools.checksums +++ b/hack/tools.checksums @@ -4,6 +4,7 @@ golangci-lint|GOARCH=arm64;GOOS=linux|c51ff5b21be688b043baea44de7dd855cf07b855c1 goreleaser|ARCH=x86_64;OS=Linux|8de4a7d97d9b2b62e8186bcd28f7a203ba55ecfaaa4329e14264d3235095faed gotestsum|GOARCH=amd64;GOOS=linux|ee25248e6f5073cad0b7a712c97ed473adb7420f7eefad534177de0113a8a505 gotestsum|GOARCH=arm64;GOOS=linux|7a5e7f8cb5e2126be563b7c7182cc4522fbc65408a99df82d156d30e997b8705 +helm-docs|ARCH=arm64;OS=Darwin|911f2763de0201b4870b3468247ef794d9401aa8d4aa285089bbee040d4ae9c4 helm|GOARCH=amd64;GOOS=linux|c153fd9c1173f39aefe8e9aa9f00fd3daf6b40c8ea01e94a0d2f2c1787fc60e0 kcp|GOARCH=amd64;GOOS=linux|367525b4334e30f598054a62c8f10f04c21afa480c1700d0a9dbb8c905c931a5 kcp|GOARCH=arm64;GOOS=darwin|463dd70f665baac198f2c6b979bd9dc5e4349636711509dd83fd96b05d1d0bb5 From cb58b14e49139a100a13d1a6dd87c403d50a33b8 Mon Sep 17 00:00:00 2001 From: Mangirdas Judeikis Date: Mon, 30 Mar 2026 10:21:33 +0300 Subject: [PATCH 3/3] bump helm version Signed-off-by: Mangirdas Judeikis On-behalf-of: SAP --- deploy/charts/backend/Chart.yaml | 2 +- deploy/charts/backend/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/charts/backend/Chart.yaml b/deploy/charts/backend/Chart.yaml index 80657f8fa..b10e2e0dd 100644 --- a/deploy/charts/backend/Chart.yaml +++ b/deploy/charts/backend/Chart.yaml @@ -21,4 +21,4 @@ version: 0.1.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v0.6.0" +appVersion: "v0.7.1" diff --git a/deploy/charts/backend/README.md b/deploy/charts/backend/README.md index e4de8fb86..8f613f444 100644 --- a/deploy/charts/backend/README.md +++ b/deploy/charts/backend/README.md @@ -2,7 +2,7 @@ A Helm chart for kube-bind backend deployment -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.6.0](https://img.shields.io/badge/AppVersion-v0.6.0-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.7.1](https://img.shields.io/badge/AppVersion-v0.7.1-informational?style=flat-square) ## Installation