Skip to content

Helm Chart Option for Use Without Proxy#12671

Open
tijder wants to merge 4 commits intoICTU:masterfrom
tijder:12559-helm-chart
Open

Helm Chart Option for Use Without Proxy#12671
tijder wants to merge 4 commits intoICTU:masterfrom
tijder:12559-helm-chart

Conversation

@tijder
Copy link
Collaborator

@tijder tijder commented Feb 17, 2026

In this pull request, I implemented the necessary changes for #12559 and #12560.

  • The www.deployProxy property has been added. When set to false, the proxy is bypassed, allowing direct access to the API and frontend
  • An option has been included to add extra volumes to the api_server.
  • An option to modify the securityContext in the database has been introduced.

@tijder tijder changed the title 12559 Helm Chart Option for Use Without Proxy Helm Chart Option for Use Without Proxy Feb 17, 2026
fniessink added a commit that referenced this pull request Feb 17, 2026
The yaml files in the heml folder are excluded for now, until #12671 is merged.

Closes #12469.
@fniessink fniessink mentioned this pull request Feb 17, 2026
@fniessink fniessink requested a review from wkoot February 18, 2026 09:01
Copy link
Member

@fniessink fniessink left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have asked @wkoot for a review as well, he's way more knowledgeable in Helm charts than I am.

Comment on lines +66 to +68
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be clearer to uncomment these and add comments what needs to be changed before deploying the chart.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see this happening in many more helmet charts. That's why I did it this way.

But I can change it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If uncommented, then it probably needs to be applied in values-ci and readme as well.

@@ -1,4 +1,5 @@
---
{{- if not .Values.www.directlyToService }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I'm a fan of directlyToService, it raises the question: what/who directly to what service? How about deployProxy with a default value of true?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's a good suggestion. I have changed it.

fniessink added a commit that referenced this pull request Feb 18, 2026
The yaml files in the heml folder are excluded for now, until #12671 is merged.

Closes #12469.
fniessink added a commit that referenced this pull request Feb 19, 2026
The yaml files in the heml folder are excluded for now, until #12671 is merged.

Closes #12469.
@tijder tijder requested a review from fniessink February 19, 2026 09:07
optional: true
- name: LDAP_SEARCH_FILTER # override to make sure that double dollar signs are processed like in docker
value: {{ .Values.api_server.env.LDAP_SEARCH_FILTER }}
{{- if .Values.api_server.extraVolumeMounts }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you include the used options in values.yaml or document their usage? I'd be interested to see how it is applied exactly, now they're just empty lists. Also, why not make api_server.extraVolumes a list of dictionaries which contain both volume name and mountpoint instead of two separate lists?

- SETUID
drop:
- ALL
{{- toYaml .Values.database.securityContext | nindent 12 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps surround the option with {{- if .Values.database.securityContext }}, make the whole thing optional (i.e. for local deployment)

{{- end }}
---
{{- if .Values.www.ingress -}}
{{ if .Values.www.ingress.enabled -}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a use case for having ingress disabled, but still wanting to specify www.ingress options?
And is there a reason to the different approach to trimming before/after in the various blocks?

{{- range $key, $value := .Values.www.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- toYaml . | nindent 4 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this include the |quote functionality, otherwise good to document either in values or readme

{{- end }}
rules:
- host: {{ printf "%s" $.Values.www.ingress.hostname }}
{{- if .Values.www.ingress.hostname }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So if there is no hostname provided, then the rules block is empty - correct? Does that work?

Comment on lines +66 to +68
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If uncommented, then it probably needs to be applied in values-ci and readme as well.

repository: "ictu/quality-time_collector"

database:
securityContext:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't the context override possibility also be applied to all other pods?

tls:
{{ toYaml .Values.www.ingress.tls | indent 4 }}
{{- end }}
{{- range .Values.www.ingress.tls }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this one use range instead of {{- with .Values.www.ingress.tls }}?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants