- Infrastructure Charts
- cluster-components
cluster-components
Deploys resources required for the cluster chart addons on the tenant cluster.
Deploys configurations for addons included in the cluster chart.
Configures ExternalDNS and Cert Manager in tenant clusters.
This chart must be installed in the tenant cluster.
Prerequisites
For the ExternalDNS integration to work you need a service account with read and edit permissions for the zones you want to use.
Note that as of writing, the DNS and API server are still internal projects not yet available publicly.
Install
To install the chart:
helm install my-release oci://ghcr.io/sneakybugs/cluster-components --version 3.0.0 --values values.yaml
Assuming you have a values.yaml with your values overrides:
Upgrade
To upgrade the chart:
helm upgrade my-release oci://ghcr.io/sneakybugs/cluster-components --version 3.0.0 --values values.yaml
Assuming you have a values.yaml with your values overrides:
Uninstall
To uninstall the chart:
helm uninstall my-release
Configuration
| Parameter | Description | Default |
|---|---|---|
nameOverride | Override chart name. | "" |
fullnameOverride | Override full release name. | "" |
externalSecrets.clusterSecretStoreName | Name of configured ClusterSecretStore. | ”management” |
externalSecrets.remoteNamespace | Namespace in the remote cluster to fetch secrets from. | ”secrets-example” |
externalSecrets.url | URL of the remote cluster Kubernetes API. | ”https://10.1.0.10:6443” |
externalSecrets.serviceAccountTokenSecret.name | Name of ServiceAccount token secret. | ”management-serviceaccount-token” |
externalSecrets.serviceAccountTokenSecret.namespace | Namespace of ServiceAccount token secret. | ”kube-system” |
externalDNSWebhook.namespace | Namespace to create and deploy ExternalDNS configurations in. | ”external-dns” |
externalDNSWebhook.apiEndpoint | DNS API server endpoint. | ”http://dns.infra.sneakybugs.com/v1” |
externalDNSWebhook.zones | List of zones managed by ExternalDNS | [“example.com.”] |
externalDNSWebhook.externalSecret.remoteKey | Secret name in externalSecrets.remoteNamespace namespace in the management cluster. | ”external-dns” |
externalDNSWebhook.externalSecret.idProperty | Key of DNS API service account ID in the remote secret. | ”id” |
externalDNSWebhook.externalSecret.secretProperty | Key of DNS API service account secret in the remote secret. | ”secret” |
certManager.namespace | Namespace to deploy Cert Manager resources in. | ”cert-manager” |
certManager.stagingEnvironment | Use Let’s Encrypt staging server when true. | false |
certManager.clusterIssuerName | Name of the created ClusterIssuer. | ”letsencrypt” |
certManager.cloudflareEmail | Cloudflare email for ACME DNS challenge. | ”redacted” |
certManager.cloudflareZones | List of DNS zones for ACME DNS challenge (without trailing dot). | [“example.com”] |
certManager.externalSecret.remoteKey | Secret name in externalSecrets.remoteNamespace namespace in the management cluster. | ”cert-manager” |
certManager.externalSecret.cloudflareTokenProperty | Key of Cloudflare token in the remote secret. | ”cloudflareToken” |