rancher/osbuilder
1
0
Fork 0
mirror of https://github.com/kairos-io/osbuilder.git synced 2025-09-19 09:34:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

update osbuilder chart to use custom docker registry

Browse Source
This commit is contained in:
Sebastian Florek
2025-01-23 13:04:03 +01:00
parent b7de6843bb
commit 56c1dc4c2d
17 changed files with 408 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Makefile
View File

@@ -287,3 +287,18 @@ kubesplit: manifests kustomize
rm -rf helm-chart
mkdir helm-chart
$(KUSTOMIZE) build config/default | kubesplit -helm helm-chart
helm:
helm upgrade \
--install \
--create-namespace \
--namespace test-registry \
--set registry.storage.s3.accessKey=${AWS_ACCESSKEY} \
--set registry.storage.s3.secretKey=${AWS_SECRETKEY} \
--set registry.storage.s3.region=${AWS_BUCKET_REGION} \
--set registry.storage.s3.bucket=${AWS_BUCKET_NAME} \
--set registry.storage.s3.endpoint=${AWS_BUCKET_ENDPOINT} \
--set registry.auth.htpasswd.secret.name=registry-default-user-password \
--set registry.ingress.dns=osbuilder.plrl-dev-aws.onplural.sh \
--set builder.replicas=0 \
osbuilder ./charts/osbuilder

3
charts/osartifact/Chart.yaml
View File

@@ -1,5 +1,8 @@
apiVersion: v2
name: osartifact
description: A Helm chart for OSArtifact CRD deployment
maintainers:
- name: Plural
email: support@plural.sh
type: application
version: 0.3.0

9
charts/osbuilder/Chart.lock
View File

@@ -1,3 +1,6 @@
dependencies: []
digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
generated: "2025-01-10T15:08:39.051068115Z"
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.16.3
digest: sha256:1ce80837e63f45e983685469e3af7c684b95ce548feadbb96a0519825a37bc8a
generated: "2025-01-22T12:30:56.241307222+01:00"

17
charts/osbuilder/Chart.yaml
View File

@@ -1,11 +1,16 @@
apiVersion: v2
name: osbuilder
description: A Helm chart for osbuilder
maintainers:
- name: Plural
email: support@plural.sh
home: https://github.com/pluralsh/osbuilder
type: application
appVersion: 0.1.5
version: 0.1.5
dependencies: []
maintainers:
- name: Ettore Di Giacinto
email: mudler@kairos.io
home: https://kairos.io/
type: application
dependencies:
- name: cert-manager
alias: certManager
repository: https://charts.jetstack.io
version: v1.16.3
condition: certManager.enabled

BIN
charts/osbuilder/charts/cert-manager-v1.16.3.tgz Normal file
View File

Binary file not shown.

2
charts/osbuilder/templates/NOTES.txt
View File

@@ -6,7 +6,7 @@ template:
restartPolicy: Never
containers:
- name: upload
image: {{ .Values.image.toolsRepository | default "quay.io/kairos/osbuilder-tools" }}:{{ .Values.image.tag | default .Chart.AppVersion }}
image: {{ .Values.builder.toolsRepository | default "quay.io/kairos/osbuilder-tools" }}:{{ .Values.builder.image.tag | default .Chart.AppVersion }}
command:
- bash
args:

1
charts/osbuilder/templates/_helpers.tpl
View File

@@ -50,7 +50,6 @@ app.kubernetes.io/name: {{ include "helm-chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "helm-chart.serviceAccountName" -}}

47
charts/osbuilder/templates/configmap.yaml
View File

@@ -1,6 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: osartifactbuilder-operator-manager-config
namespace: '{{.Release.Namespace}}'
data:
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind:
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind:
ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n
\ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect:
true\n resourceName: 98ca89ca.kairos.io\n# leaderElectionReleaseOnCancel
@@ -12,43 +16,4 @@ data:
after \n# the manager stops, so would be fine to enable this option. However,
\n# if you are doing or is intended to do any operation such as perform
cleanups \n# after the manager stops then its usage might be unsafe.\n#
\ leaderElectionReleaseOnCancel: true\n"
kind: ConfigMap
metadata:
name: osartifactbuilder-operator-manager-config
namespace: '{{.Release.Namespace}}'
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
data:
nginx.conf: |
server {
listen 80;
server_name localhost;
client_max_body_size 21000M;
#access_log /var/log/nginx/host.access.log main;
location ~ "/upload/([0-9a-zA-Z-.]*)$" {
alias /usr/share/nginx/html/$1;
client_body_temp_path /tmp;
dav_methods PUT DELETE MKCOL COPY MOVE;
create_full_put_path on;
dav_access group:rw all:r;
}
location / {
root /usr/share/nginx/html;
autoindex on;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
\ leaderElectionReleaseOnCancel: true\n"

194
charts/osbuilder/templates/deployment.yaml
View File

@@ -1,133 +1,69 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: '{{ include "helm-chart.fullname" . }}'
namespace: '{{.Release.Namespace}}'
labels:
{{- include "helm-chart.labels" . | nindent 8 }}
name: '{{ include "helm-chart.fullname" . }}'
namespace: '{{.Release.Namespace}}'
labels:
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicas | default 1}}
selector:
matchLabels:
{{- include "helm-chart.selectorLabels" . | nindent 10 }}
template:
metadata:
annotations:
{{- range keys .Values.podAnnotations }}
{{ . | quote }}: {{ get $.Values.podAnnotations . | quote}}
{{- end }}
labels:
{{- include "helm-chart.selectorLabels" . | nindent 14}}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 14 }}
{{- end }}
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
- args:
- --pvc-storage-size={{ .Values.pvcStorageSize }}
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
- '--tool-image={{ .Values.toolsImage.repository | default "quay.io/kairos/auroraboot" }}:{{ .Values.toolsImage.tag | default "latest" }}'
command:
- /manager
image: '{{ .Values.image.repository | default "ghcr.io/pluralsh/osbuilder" }}:{{ .Values.image.tag | default .Chart.AppVersion }}'
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
{{- if and .Values.resources .Values.resources.controller }}
resources:
{{ toYaml .Values.resources.controller | indent 20 }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}'
terminationGracePeriodSeconds: 10
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 14 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 14 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 14 }}
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: osbuilder-nginx
name: 'osbuilder-nginx'
namespace: '{{.Release.Namespace}}'
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: osbuilder-nginx
template:
metadata:
labels:
app.kubernetes.io/name: osbuilder-nginx
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
volumeMounts:
- mountPath: /usr/share/nginx/html
name: nginx-public
- mountPath: /etc/nginx/conf.d
name: config
readOnly: true
serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}'
terminationGracePeriodSeconds: 10
securityContext:
fsGroup: 101
volumes:
- name: nginx-public
persistentVolumeClaim:
claimName: osartifactbuilder-operator-nginx-public
- name: config
configMap:
name: nginx-config
items:
- key: nginx.conf
path: default.conf
replicas: {{ .Values.builder.replicas }}
selector:
matchLabels:
{{- include "helm-chart.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- range keys .Values.builder.podAnnotations }}
{{ . | quote }}: {{ get $.Values.builder.podAnnotations . | quote}}
{{- end }}
labels:
{{- include "helm-chart.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.builder.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 14 }}
{{- end }}
containers:
- name: manager
image: '{{ .Values.builder.image.repository | default "ghcr.io/pluralsh/osbuilder" }}:{{ .Values.builder.image.tag | default .Chart.AppVersion }}'
command: [ '/manager' ]
args:
- --pvc-storage-size={{ .Values.builder.pvcStorageSize }}
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
- '--tool-image={{ .Values.builder.toolsImage.repository | default "quay.io/kairos/auroraboot" }}:{{ .Values.builder.toolsImage.tag | default "latest" }}'
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
{{- if and .Values.builder.resources .Values.builder.resources.controller }}
resources:
{{- toYaml .Values.builder.resources.controller | nindent 12 }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}'
terminationGracePeriodSeconds: 10
{{- with .Values.builder.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 14 }}
{{- end }}
{{- with .Values.builder.affinity }}
affinity:
{{- toYaml . | nindent 14 }}
{{- end }}
{{- with .Values.builder.tolerations }}
tolerations:
{{- toYaml . | nindent 14 }}
{{- end }}

12
charts/osbuilder/templates/nginx-pvc.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: osartifactbuilder-operator-nginx-public
namespace: '{{.Release.Namespace}}'
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: '{{ .Values.nginx.pvcSize }}'

34
charts/osbuilder/templates/registry/certificate.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if not .Values.registry.ingress.enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ include "helm-chart.fullname" . }}-registry-selfsigned-issuer
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "helm-chart.fullname" . }}-registry-tls
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
secretName: {{ include "helm-chart.fullname" . }}-registry-tls
isCA: false
usages:
- server auth
- client auth
dnsNames:
- "{{ include "helm-chart.fullname" . }}-registry.{{.Release.Namespace}}.svc.cluster.local"
- "{{ include "helm-chart.fullname" . }}-registry"
issuerRef:
name: {{ include "helm-chart.fullname" . }}-registry-selfsigned-issuer
{{- end }}

82
charts/osbuilder/templates/registry/deployment.yaml Normal file
View File

@@ -0,0 +1,82 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "helm-chart.fullname" . }}-registry
namespace: {{.Release.Namespace}}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.registry.replicas }}
selector:
matchLabels:
app.kubernetes.io/component: registry
{{- include "helm-chart.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
{{- range keys .Values.registry.podAnnotations }}
{{ . | quote }}: {{ get $.Values.registry.podAnnotations . | quote }}
{{- end }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.selectorLabels" . | nindent 8 }}
spec:
containers:
- name: registry
image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}
env:
- name: REGISTRY_STORAGE
value: {{ .Values.registry.storage.driver }}
{{- if eq .Values.registry.storage.driver "s3" }}
- name: REGISTRY_STORAGE_S3_BUCKET
value: {{ .Values.registry.storage.s3.bucket }}
- name: REGISTRY_STORAGE_S3_ACCESSKEY
value: {{ .Values.registry.storage.s3.accessKey }}
- name: REGISTRY_STORAGE_S3_SECRETKEY
value: {{ .Values.registry.storage.s3.secretKey }}
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: {{ .Values.registry.storage.s3.endpoint }}
- name: REGISTRY_STORAGE_S3_REGION
value: {{ .Values.registry.storage.s3.region }}
- name: REGISTRY_STORAGE_S3_SECURE
value: 'true'
{{- end }}
{{- if .Values.registry.debug }}
- name: REGISTRY_LOG_LEVEL
value: debug
{{- end }}
{{- if and (eq .Values.registry.auth.realm "basic-realm") (or .Values.registry.auth.htpasswd.existingSecret.name .Values.registry.auth.htpasswd.secret.name) }}
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: {{ .Values.registry.auth.realm }}
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: /etc/htpasswd/htpasswd
{{- end }}
{{- range $envKey, $envValue := .Values.registry.extraEnvVars }}
- name: {{ $envKey }}
value: {{ $envValue }}
{{- end }}
ports:
- name: registry
containerPort: 5000
protocol: TCP
{{- if .Values.registry.debug }}
- name: debug
containerPort: 5001
protocol: TCP
{{- end }}
volumeMounts:
- name: tls-volume
mountPath: /etc/tls
readOnly: true
{{- if and (eq .Values.registry.auth.realm "basic-realm") (or .Values.registry.auth.htpasswd.existingSecret.name .Values.registry.auth.htpasswd.secret.name) }}
- name: htpasswd-volume
mountPath: /etc/htpasswd
readOnly: true
{{- end }}
volumes:
{{- if and (eq .Values.registry.auth.realm "basic-realm") (or .Values.registry.auth.htpasswd.existingSecret.name .Values.registry.auth.htpasswd.secret.name) }}
- name: htpasswd-volume
secret:
secretName: {{ .Values.registry.auth.htpasswd.existingSecret.name | default (printf "%s-%s" (include "helm-chart.fullname" .) "htpasswd") }}
{{- end }}

34
charts/osbuilder/templates/registry/ingress.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if .Values.registry.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "helm-chart.fullname" . }}-registry
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
{{- with .Values.registry.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.registry.ingress.ingressClass }}
{{ if .Values.registry.ingress.tls.enabled }}
tls:
- hosts:
- {{ .Values.registry.ingress.dns | quote }}
secretName: {{ include "helm-chart.fullname" . }}-registry-tls
{{ end }}
rules:
- host: {{ .Values.registry.ingress.dns | quote }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "helm-chart.fullname" . }}-registry
port:
name: registry
{{- end }}

30
charts/osbuilder/templates/registry/secret.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if and (eq .Values.registry.auth.realm "basic-realm") (not .Values.registry.auth.htpasswd.existingSecret.name) }}
{{- if not .Values.registry.auth.htpasswd.secret.name }}
{{- fail "A valid .Values.registry.auth.htpasswd.secret.name required when auth realm set to 'basic-realm'" }}
{{- end }}
{{ $passwordSecret := lookup "v1" "Secret" .Release.Namespace .Values.registry.auth.htpasswd.secret.name }}
{{- if not $passwordSecret.data }}
{{- fail "Could not find secret provided via .Values.registry.auth.htpasswd.secret.name" }}
{{- end }}
{{ $password := index $passwordSecret.data .Values.registry.auth.htpasswd.secret.key | b64dec }}
{{- if not $password }}
{{- fail "Could not find password key value in the provided secret" }}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "helm-chart.fullname" . }}-htpasswd
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
stringData:
htpasswd: {{ htpasswd .Values.registry.auth.htpasswd.username $password }}
{{- end }}

21
charts/osbuilder/templates/registry/service.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "helm-chart.fullname" . }}-registry
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/component: registry
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
selector:
app.kubernetes.io/component: registry
{{- include "helm-chart.selectorLabels" . | nindent 4 }}
ports:
- name: registry
port: 5000
protocol: TCP
targetPort: registry
- name: debug
port: 5001
protocol: TCP
targetPort: debug

29
charts/osbuilder/templates/service.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: '{{ include "helm-chart.fullname" . }}-metrics-service'
namespace: '{{.Release.Namespace}}'
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
{{- include "helm-chart.selectorLabels" . | nindent 6 }}
---
apiVersion: v1
kind: Service
metadata:
name: osartifactbuilder-operator-osbuilder-nginx
namespace: '{{.Release.Namespace}}'
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app.kubernetes.io/name: osbuilder-nginx
type: NodePort

140
charts/osbuilder/values.yaml
View File

@@ -6,51 +6,111 @@ nameOverride: ""
# fullnameOverride completely replaces the generated release name
fullnameOverride: ""
# Secrets to pull container images from private registries
imagePullSecrets: []
builder:
# Secrets to pull container images from private registries
imagePullSecrets: []
image:
# osbuilder image to be used. Leave empty to use the default
repository: ghcr.io/pluralsh/osbuilder
# tag of the osbuilder image. Leave empty to use chart's AppVersion
tag: ~
image:
# controller image to be used. Leave empty to use
repository: ghcr.io/pluralsh/osbuilder
# tag of the controller image. Leave empty to use chart's AppVersion
tag:
replicas: 1
replicas: 1
# The PVC storage size for the build process
pvcStorageSize: "30Gi"
# The PVC storage size for the build process
pvcStorageSize: "20Gi"
toolsImage:
repository: "quay.io/kairos/auroraboot"
tag: "latest"
toolsImage:
repository: "quay.io/kairos/auroraboot"
tag: "latest"
podAnnotations: {}
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
nodeSelector: {}
tolerations: []
affinity: {}
## Resource limits & requests
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
resources:
controller:
limits:
cpu: 500m
memory: 50Mi
requests:
cpu: 250m
memory: 50Mi
tls:
# source options:
# - "cert-manager-self-signed": Scaffold cert-manager integration, and create
# a self-signed certificate with a cert-manager self-signed Issuer. Depends
# on cert-manager. (default)
# - "cert-manager": Scafffold cert-manager integration. User configures their
# own Issuer. Depends on cert-manager. Set tls.certManagerIssuerName to the
# desired Issuer.
source: cert-manager-self-signed
# "cert-manager"-only options:
certManagerIssuerName: ""
registry:
# Secrets to pull container images from private registries
imagePullSecrets: []
image:
# docker container registry image to be used. Leave empty to use the default
repository: registry
# tag of the docker container registry image. Leave empty to use chart's AppVersion
tag: 2
nginx:
pvcSize: 30Gi
# Number of replicas for the registry
replicas: 1
## Resource limits & requests
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
resources:
controller:
limits:
cpu: 500m
memory: 50Mi
requests:
cpu: 250m
memory: 50Mi
# Whether registry should be set to debug level and expose debug server on port 5001
debug: false
storage:
# Currently only s3 is supported
driver: s3
s3:
accessKey: ~
secretKey: ~
region: ~
bucket: ~
endpoint: ~
auth:
# Currently only 'basic-realm' with htpasswd file is supported. Use "~" to disable auth.
realm: basic-realm
htpasswd:
# When existingSecret is provided it will ignore the rest of htpasswd configuration
# and not generate the secret. It should provide a valid htpasswd file under the "htpasswd" secret key.
existingSecret:
name: ~
# Default username embedded in autogenerated htpasswd secret.
username: plural
# Secret that stores a password that should be encrypted and stored in autogenerated htpasswd file.
secret:
name: ~
key: password
ingress:
enabled: true
ingressClass: nginx
dns: ~
tls:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
nginx.ingress.kubernetes.io/proxy-read-timeout: '3600'
nginx.ingress.kubernetes.io/proxy-send-timeout: '3600'
# Defines extra env vars that should be passed to the registry containers.
# Can be used to customize the configuration
#
# Example format (<ENV_VAR_NAME>: <ENV_VAR_VALUE>):
#
# extraEnvVars:
# REGISTRY_HTTP_ADDR: ':5000'
# REGISTRY_HTTP_DEBUG_ADDR: ':5000'
# WEIRD_TEXT_WITH_SPECIAL_CHARTS: '":-g*_Asd123gj$$"'
extraEnvVars: {}
podAnnotations: {}
nodeSelector: {}
tolerations: []
affinity: {}
# It is required to create certificates.
certManager:
enabled: false