Accurate Helm Chart

How to use Accurate Helm repository

You need to add this repository to your Helm repositories:

helm repo add accurate https://cybozu-go.github.io/accurate/
helm repo update

Quick start

Installing cert-manager

$ curl -fsL https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml | kubectl apply -f -

Installing CustomResourceDefinitions (optional)

Accurate does not use the official helm method of installing CRD resources. This is because it makes upgrading CRDs impossible with helm CLI alone. The helm team explain the limitations of their approach here.

The Accurate Helm chart default is to install and manage CRDs with Helm and add annotations preventing Helm from uninstalling the CRD when the Helm release is uninstalled.

The recommended approach is to let helm manage CRDs, but if you want to manage CRDs yourself, now is the time.

$  kubectl apply -k https://github.com/cybozu-go/accurate//config/crd-only/

NOTE:

Since the CRDs contain configuration of conversion webhooks, you may have to tweak the webhook settings if installing the chart using non-standard values.

If you decided to manage CRDs outside of Helm, make sure you set the crds.enabled Helm value to false.

Installing the Chart

NOTE:

This installation method requires cert-manager to be installed beforehand.

To install the chart with the release name accurate using a dedicated namespace(recommended):

$ helm install --create-namespace --namespace accurate accurate accurate/accurate

Specify parameters using --set key=value[,key=value] argument to helm install.

Alternatively a YAML file that specifies the values for the parameters can be provided like this:

$ helm install --create-namespace --namespace accurate accurate -f values.yaml accurate/accurate

Values

KeyTypeDefaultDescription
controller.additionalRBAC.ruleslist[]Specify the RBAC rules to be added to the controller. ClusterRole and ClusterRoleBinding are created with the names {{ release name }}-additional-resources. The rules defined here will be used for the ClusterRole rules.
controller.additionalRBAC.clusterRoleslist[]Specify additional ClusterRoles to be granted to the accurate controller. "admin" is recommended to allow the controller to manage common namespace-scoped resources.
controller.config.annotationKeyslist[]Annotations to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func.
controller.config.labelKeyslist[]Labels to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func.
controller.config.watcheslist[{"group":"rbac.authorization.k8s.io","kind":"Role","version":"v1"},{"group":"rbac.authorization.k8s.io","kind":"RoleBinding","version":"v1"},{"kind":"Secret","version":"v1"}]List of GVK for namespace-scoped resources that can be propagated. Any namespace-scoped resource is allowed.
controller.config.propagateAnnotationKeyExcludeslist["*kubernetes.io/*"]Annotations to exclude when propagating resources. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func.
controller.config.propagateLabelKeyExcludeslist["*kubernetes.io/*"]Labels to exclude when propagating resources. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func.
controller.extraArgslist[]Optional additional arguments.
controller.replicasint2Specify the number of replicas of the controller Pod.
controller.resourcesobject{"requests":{"cpu":"100m","memory":"20Mi"}}Specify resources.
controller.terminationGracePeriodSecondsint10Specify terminationGracePeriodSeconds.
webhook.allowCascadingDeletionboolfalseEnable to allow cascading deletion of namespaces. Accurate webhooks will only allow deletion of a namespace with children if this option is enabled.
image.pullPolicystringnilAccurate image pullPolicy.
image.repositorystring"ghcr.io/cybozu-go/accurate"Accurate image repository to use.
image.tagstring{{ .Chart.AppVersion }}Accurate image tag to use.
crds.enabledbooltrueDecides if the CRDs should be installed as part of the Helm installation.
crds.keepbooltrueSetting this to true will prevent Helm from uninstalling the CRD when the Helm release is uninstalled.
installCRDsbooltrueControls if CRDs are automatically installed and managed as part of your Helm release. Deprecated: Use crds.enabled and crds.keep instead.

Generate Manifests

You can use the helm template command to render manifests.

$ helm template --namespace accurate accurate accurate/accurate