jetstack-secure
jetstack-secure copied to clipboard
Published
20 hours ago •
jetstack
jetstack
feat(httpproxy): Update chart to support httproxy
Updates the venafi-kubernetes-agent helm chart to include the HTTPS_PROXY, HTTP_PROXY, NO_PROXY env vars.
with HTTPS_PROXY value
# Source: venafi-kubernetes-agent/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: venafi-kubernetes-agent-release-name
namespace: default
labels:
helm.sh/chart: venafi-kubernetes-agent-0.1.47
app.kubernetes.io/name: venafi-kubernetes-agent
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "v0.1.47"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: venafi-kubernetes-agent
app.kubernetes.io/instance: release-name
template:
metadata:
labels:
app.kubernetes.io/name: venafi-kubernetes-agent
app.kubernetes.io/instance: release-name
spec:
serviceAccountName: venafi-kubernetes-agent-release-name
securityContext:
{}
containers:
- name: venafi-kubernetes-agent
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
image: "registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.47"
imagePullPolicy: IfNotPresent
env:
- name: HTTPS_PROXY
value: https://proxy:8080
args:
- "agent"
- "-c"
- "/etc/venafi/agent/config/config.yaml"
- "--client-id"
- ""
- "-p"
- "0h1m0s"
- --venafi-cloud
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 200m
memory: 200Mi
volumeMounts:
- name: config
mountPath: "/etc/venafi/agent/config"
readOnly: true
- name: credentials
mountPath: "/etc/venafi/agent/key"
readOnly: true
volumes:
- name: config
configMap:
name: agent-config
optional: false
- name: credentials
secret:
secretName: agent-credentials
optional: false
with HTTP_PROXY value
# Source: venafi-kubernetes-agent/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: venafi-kubernetes-agent-release-name
namespace: default
labels:
helm.sh/chart: venafi-kubernetes-agent-0.1.47
app.kubernetes.io/name: venafi-kubernetes-agent
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "v0.1.47"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: venafi-kubernetes-agent
app.kubernetes.io/instance: release-name
template:
metadata:
labels:
app.kubernetes.io/name: venafi-kubernetes-agent
app.kubernetes.io/instance: release-name
spec:
serviceAccountName: venafi-kubernetes-agent-release-name
securityContext:
{}
containers:
- name: venafi-kubernetes-agent
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
image: "registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.47"
imagePullPolicy: IfNotPresent
env:
- name: HTTP_PROXY
value: http://proxy:8080
args:
- "agent"
- "-c"
- "/etc/venafi/agent/config/config.yaml"
- "--client-id"
- ""
- "-p"
- "0h1m0s"
- --venafi-cloud
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 200m
memory: 200Mi
volumeMounts:
- name: config
mountPath: "/etc/venafi/agent/config"
readOnly: true
- name: credentials
mountPath: "/etc/venafi/agent/key"
readOnly: true
volumes:
- name: config
configMap:
name: agent-config
optional: false
- name: credentials
secret:
secretName: agent-credentials
optional: false
with NO_PROXY values
# Source: venafi-kubernetes-agent/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: venafi-kubernetes-agent-release-name
namespace: default
labels:
helm.sh/chart: venafi-kubernetes-agent-0.1.47
app.kubernetes.io/name: venafi-kubernetes-agent
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "v0.1.47"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: venafi-kubernetes-agent
app.kubernetes.io/instance: release-name
template:
metadata:
labels:
app.kubernetes.io/name: venafi-kubernetes-agent
app.kubernetes.io/instance: release-name
spec:
serviceAccountName: venafi-kubernetes-agent-release-name
securityContext:
{}
containers:
- name: venafi-kubernetes-agent
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
image: "registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.47"
imagePullPolicy: IfNotPresent
env:
- name: NO_PROXY
value: 127.0.0.1,localhost
args:
- "agent"
- "-c"
- "/etc/venafi/agent/config/config.yaml"
- "--client-id"
- ""
- "-p"
- "0h1m0s"
- --venafi-cloud
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 200m
memory: 200Mi
volumeMounts:
- name: config
mountPath: "/etc/venafi/agent/config"
readOnly: true
- name: credentials
mountPath: "/etc/venafi/agent/key"
readOnly: true
volumes:
- name: config
configMap:
name: agent-config
optional: false
- name: credentials
secret:
secretName: agent-credentials
optional: false
