diff --git a/charts/zora-saas/templates/deployment.yaml b/charts/zora-saas/templates/deployment.yaml index 0762d88..ed816f5 100644 --- a/charts/zora-saas/templates/deployment.yaml +++ b/charts/zora-saas/templates/deployment.yaml @@ -63,22 +63,6 @@ spec: port: http resources: {{- toYaml .Values.resources | nindent 12 }} - {{- if .Values.proxy.enabled }} - - name: saas-proxy - image: "{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - args: - - "--secure-listen-address=0.0.0.0:{{ .Values.proxy.port }}" - - "--upstream=http://127.0.0.1:3003" - - "--logtostderr={{ .Values.proxy.log.toStderr }}" - - "--v={{ .Values.proxy.log.level }}" - ports: - - containerPort: {{ .Values.proxy.port }} - name: https - securityContext: - allowPrivilegeEscalation: false - runAsUser: 65532 - {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/zora-saas/templates/rbacproxy/client.yaml b/charts/zora-saas/templates/rbacproxy/client.yaml deleted file mode 100644 index 822bbc3..0000000 --- a/charts/zora-saas/templates/rbacproxy/client.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: saas-proxy-client - labels: - {{- include "zora-saas.labels" . | nindent 4 }} -rules: - - nonResourceURLs: - {{- range $e := .Values.proxy.endpoints }} - - "{{ $e }}" - {{- end }} - verbs: - {{- range $v := .Values.proxy.verbs }} - - "{{ $v }}" - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: saas-proxy-client - labels: - {{- include "zora-saas.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: saas-proxy-client -subjects: - - kind: ServiceAccount - name: saas-proxy-client - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/zora-saas/templates/rbacproxy/server.yaml b/charts/zora-saas/templates/rbacproxy/server.yaml deleted file mode 100644 index 2ce4f21..0000000 --- a/charts/zora-saas/templates/rbacproxy/server.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: saas-proxy - labels: - {{- include "zora-saas.labels" . | nindent 4 }} -rules: - - apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: saas-proxy - labels: - {{- include "zora-saas.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: saas-proxy -subjects: - - kind: ServiceAccount - name: {{ include "zora-saas.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/zora-saas/templates/service.yaml b/charts/zora-saas/templates/service.yaml index 9fa7e01..3ce3566 100644 --- a/charts/zora-saas/templates/service.yaml +++ b/charts/zora-saas/templates/service.yaml @@ -13,21 +13,3 @@ spec: name: http selector: {{- include "zora-saas.selectorLabels" . | nindent 4 }} ---- -{{- if .Values.proxy.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: saas-proxy - labels: - {{- include "zora-saas.labels" . | nindent 4 }} -spec: - type: {{ .Values.proxy.type }} - ports: - - name: https - protocol: TCP - port: {{ .Values.proxy.port }} - targetPort: https - selector: - {{- include "zora-saas.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/charts/zora-saas/templates/serviceaccount.yaml b/charts/zora-saas/templates/serviceaccount.yaml index 7d6bccc..ef19fcc 100644 --- a/charts/zora-saas/templates/serviceaccount.yaml +++ b/charts/zora-saas/templates/serviceaccount.yaml @@ -10,12 +10,3 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} ---- -{{- if .Values.proxy.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: saas-proxy-client - labels: - {{- include "zora-saas.labels" . | nindent 4 }} -{{- end }} diff --git a/charts/zora-saas/templates/ui/deployment.yaml b/charts/zora-saas/templates/ui/deployment.yaml index 0d4b8dc..31370ef 100644 --- a/charts/zora-saas/templates/ui/deployment.yaml +++ b/charts/zora-saas/templates/ui/deployment.yaml @@ -25,9 +25,6 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.proxy.enabled }} - serviceAccountName: saas-proxy-client - {{- end }} securityContext: {{- toYaml .Values.ui.podSecurityContext | nindent 8 }} containers: @@ -42,13 +39,7 @@ spec: name: {{ .Values.ui.secretName }} env: - name: SAAS_URL - {{- if .Values.proxy.enabled }} - value: "https://saas-proxy.{{ .Release.Namespace }}.svc:{{ .Values.proxy.port }}/zora" - - name: SAAS_PROXY_TOKEN_PATH - value: "/var/run/secrets/kubernetes.io/serviceaccount/token" - {{- else }} value: 'http://{{ include "zora-saas.fullname" . }}:{{ .Values.service.port }}/zora' - {{- end }} ports: - name: http containerPort: 4200 diff --git a/charts/zora-saas/values-dev.yaml b/charts/zora-saas/values-dev.yaml index 7e96699..4d05e05 100644 --- a/charts/zora-saas/values-dev.yaml +++ b/charts/zora-saas/values-dev.yaml @@ -21,8 +21,6 @@ log: level: debug readTimeout: "30s" writeTimeout: "60s" -proxy: - enabled: false grafanaDashboard: enabled: false blockNewUsers: false diff --git a/charts/zora-saas/values-hml.yaml b/charts/zora-saas/values-hml.yaml index 3262e6d..64a9d09 100644 --- a/charts/zora-saas/values-hml.yaml +++ b/charts/zora-saas/values-hml.yaml @@ -19,6 +19,4 @@ imagePullSecrets: - name: zora-saas-registry-cred log: level: info -proxy: - enabled: false blockNewUsers: false diff --git a/charts/zora-saas/values-prod.yaml b/charts/zora-saas/values-prod.yaml index 7f58b98..420546c 100644 --- a/charts/zora-saas/values-prod.yaml +++ b/charts/zora-saas/values-prod.yaml @@ -38,8 +38,6 @@ log: level: debug readTimeout: "30s" writeTimeout: "60s" -proxy: - enabled: false monitor: enabled: true autoscaling: diff --git a/charts/zora-saas/values.yaml b/charts/zora-saas/values.yaml index d715f20..194c64e 100644 --- a/charts/zora-saas/values.yaml +++ b/charts/zora-saas/values.yaml @@ -42,28 +42,6 @@ service: type: ClusterIP port: 80 -proxy: - enabled: true - image: - repository: quay.io/brancz/kube-rbac-proxy - pullPolicy: IfNotPresent - tag: v0.13.1 - type: ClusterIP - port: 8443 - log: - level: 10 - toStderr: true - endpoints: - - "/zora/api/v1/me" - - "/zora/api/v1/users" - - "/zora/api/v1/helmreleases" - - "/zora/api/v1/clusters" - - "/zora/api/v1/namespaces/*" - - "/zora/api/v1/issues" - - "/zora/api/v1/workspaces" - - "/zora/api/v1/workspaces/*" - verbs: ["get", "update"] - ingress: enabled: false className: ""