Comments (6)
dxg0716
commented on June 6, 2024
this is my value.yaml
cat values.yaml
# -- Number of replicas of approver-policy to run.
replicaCount: 1
image:
# -- Target image repository.
repository: quay.io/jetstack/cert-manager-approver-policy
# -- Target image version tag (if empty, Chart AppVersion will be used)
tag: ""
# -- Kubernetes imagePullPolicy on Deployment.
pullPolicy: IfNotPresent
# -- Optional secrets used for pulling the approver-policy container image.
imagePullSecrets: []
app:
# -- Verbosity of approver-policy logging.
logLevel: 1 # 1-5
# -- Extra CLI arguments that will be passed to the approver-policy process.
extraArgs: []
# -- List if signer names that approver-policy will be given permission to
# approve and deny. CertificateRequests referencing these signer names can be
# processed by approver-policy. See:
# https://cert-manager.io/docs/concepts/certificaterequest/#approval
approveSignerNames:
- "issuers.cert-manager.io/*"
- "clusterissuers.cert-manager.io/*"
metrics:
# -- Port for exposing Prometheus metrics on 0.0.0.0 on path '/metrics'.
port: 9402
# -- Service to expose metrics endpoint.
service:
# -- Create a Service resource to expose metrics endpoint.
enabled: true
# -- Service type to expose metrics.
type: ClusterIP
# -- ServiceMonitor resource for this Service.
servicemonitor:
enabled: false
prometheusInstance: default
interval: 10s
scrapeTimeout: 5s
labels: {}
readinessProbe:
# -- Container port to expose approver-policy HTTP readiness probe on
# default network interface.
port: 6060
webhook:
# -- Host that the webhook listens on.
host: 0.0.0.0
# -- Port that the webhook listens on.
port: 10250
# -- Timeout of webhook HTTP request.
timeoutSeconds: 5
# -- Directory to read and store the webhook TLS certificate key pair.
certificateDir: /tmp
# -- Type of Kubernetes Service used by the Webhook
service:
type: ClusterIP
# -- Optional extra volume mounts. Useful for mounting custom root CAs
volumeMounts: []
#- name: my-volume-mount
# mountPath: /etc/approver-policy/secrets
# -- Optional extra volumes.
volumes: []
#- name: my-volume
# secret:
# secretName: my-secret
resources:
# -- Kubernetes pod resource limits for approver-policy.
limits:
cpu: 200m
memory: 256Mi
# -- Kubernetes pod memory resource requests for approver-policy.
requests:
cpu: 100m
memory: 128Mi
this is my deployment.yaml
cat templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cert-manager-approver-policy.name" . }}
labels:
{{ include "cert-manager-approver-policy.labels" . | indent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ include "cert-manager-approver-policy.name" . }}
template:
metadata:
labels:
app: {{ include "cert-manager-approver-policy.name" . }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "cert-manager-approver-policy.name" . }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: devops
operator: In
values:
- "true"
tolerations:
- effect: NoSchedule
key: devops
operator: Equal
value: "true"
containers:
- name: {{ include "cert-manager-approver-policy.name" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- containerPort: {{ .Values.app.webhook.port }}
- containerPort: {{ .Values.app.metrics.port }}
readinessProbe:
httpGet:
port: {{ .Values.app.readinessProbe.port }}
path: "/readyz"
initialDelaySeconds: 3
periodSeconds: 7
command: ["cert-manager-approver-policy"]
args:
- --log-level={{.Values.app.logLevel}}
{{- range .Values.app.extraArgs }}
- {{ . }}
{{- end }}
- --metrics-bind-address=:{{.Values.app.metrics.port}}
- --readiness-probe-bind-address=:{{.Values.app.readinessProbe.port}}
- --webhook-host={{.Values.app.webhook.host}}
- --webhook-port={{.Values.app.webhook.port}}
- --webhook-service-name={{ include "cert-manager-approver-policy.name" . }}
- --webhook-ca-secret-namespace={{.Release.Namespace}}
- --webhook-certificate-dir={{.Values.app.webhook.certificateDir}}
{{- if .Values.volumeMounts }}
volumeMounts:
{{ toYaml .Values.volumeMounts | indent 10 }}
{{- end }}
resources:
{{- toYaml .Values.resources | indent 12 }}
{{- if .Values.volumes }}
volumes:
{{ toYaml .Values.volumes | indent 6 }}
{{- end }}
from approver-policy.
dxg0716
commented on June 6, 2024
this is error
Error: YAML parse error on cert-manager-approver-policy/templates/deployment.yaml: error converting YAML to JSON: yaml: line 48: mapping values are not allowed in this context
helm.go:84: [debug] error converting YAML to JSON: yaml: line 48: mapping values are not allowed in this context
YAML parse error on cert-manager-approver-policy/templates/deployment.yaml
helm.sh/helm/v3/pkg/releaseutil.(*manifestFile).sort
helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:146
helm.sh/helm/v3/pkg/releaseutil.SortManifests
helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:106
helm.sh/helm/v3/pkg/action.(*Configuration).renderResources
helm.sh/helm/v3/pkg/action/action.go:165
helm.sh/helm/v3/pkg/action.(*Install).RunWithContext
helm.sh/helm/v3/pkg/action/install.go:259
main.runInstall
helm.sh/helm/v3/cmd/helm/install.go:278
main.newTemplateCmd.func2
helm.sh/helm/v3/cmd/helm/template.go:82
github.com/spf13/cobra.(*Command).execute
github.com/spf13/[email protected]/command.go:872
github.com/spf13/cobra.(*Command).ExecuteC
github.com/spf13/[email protected]/command.go:990
github.com/spf13/cobra.(*Command).Execute
github.com/spf13/[email protected]/command.go:918
main.main
helm.sh/helm/v3/cmd/helm/helm.go:83
runtime.main
runtime/proc.go:250
runtime.goexit
runtime/asm_amd64.s:1571
helm render deployment.yaml
# Source: cert-manager-approver-policy/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: cert-manager-approver-policy
labels:
app.kubernetes.io/name: cert-manager-approver-policy
helm.sh/chart: cert-manager-approver-policy-v0.5.0
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "v0.5.0"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app: cert-manager-approver-policy
template:
metadata:
labels:
app: cert-manager-approver-policy
spec:
serviceAccountName: cert-manager-approver-policy
containers:
- name: cert-manager-approver-policy
image: "quay.io/jetstack/cert-manager-approver-policy:v0.5.0"
imagePullPolicy: IfNotPresent
ports:
- containerPort: 10250
- containerPort: 9402
readinessProbe:
httpGet:
port: 6060
path: "/readyz"
initialDelaySeconds: 3
periodSeconds: 7
command: ["cert-manager-approver-policy"]
args:
- --log-level=1
- --metrics-bind-address=:9402
- --readiness-probe-bind-address=:6060
- --webhook-host=0.0.0.0
- --webhook-port=10250
- --webhook-service-name=cert-manager-approver-policy
- --webhook-ca-secret-namespace=cert-manager
- --webhook-certificate-dir=/tmp
resources: limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
i see resource error format,but i don't know how to change,can help me?thanks very much!!!
from approver-policy.
dxg0716
commented on June 6, 2024
@JoshVanL can you help me?thanks
from approver-policy.
rickymulder
commented on June 6, 2024
@dxg0716
This looks like an issue that was resolved with PR #168
What version of the chart are you using? I know 0.5.0 worked for me.
from approver-policy.
bradfordwagner
commented on June 6, 2024
@dxg0716 The fix #168 went out with 0.6.0. However, the chart hasn't been released yet.
from approver-policy.
inteon
commented on June 6, 2024
the chart should have been released already, please reopen if there is still an issue
from approver-policy.
Related Issues (20)
- Unable to expose webhook on hostnetwork
- Regex to disallow wildcard certificates HOT 2
- CertificateRequest approved but stuck with empty status HOT 1
- Webhook Custom CA
- Allow Custom Labels to be added to Resources
- group 'cert-manager.io' does not work HOT 4
- Add Custom Annotations
- Improve CRD fields for specifying key requirements
- Setting .Values.nameOverride makes the pod not have rights to update secret cert-manager-approver-policy-tls HOT 1
- Helm chart rendering error: converting YAML to JSON: yaml: line 61: did not find expected key
- Simplify configuration by creating RBAC by default
- [CertificateRequestPolicy] `selector.issuerRef` incorrect example list instead of map
- Should initialize controller-runtime logging
- Include binary artifacts your releases.
- Add Helm option to create RBAC allowing approval for all issuers HOT 1
- Feature: Take control of approval for the whole cluster HOT 2
- Attempt to update status.conditions denied by cert-manager webhook HOT 16
- failed to create subjectaccessreview HOT 11
- Typo in error message: connection patch should say CertificateRequest.Status patch HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from approver-policy.