Skip to main content

TRG 5.05 - Chart Values

StatusCreatedPost-History
Update29-Feb-2024new examples and rules
Active10-Nov-2022Initial release

Why

When external entities need to setup a whole Eclipse Tractus-X setup, they might need to configure multiply helm charts. To reduce errors and make it efficient overall, this guide aligns basic helm values across all products.

Description

Rules and best practices for Helm chart values.yaml file.

Container images

  • Image tag should not be set by default and it should fall back to the appVersion property from the Chart.yaml file. In specific cases (e.g.: Chart contains multiple pod templates that use different images and versions) image tag can be set explicitly.
  • pullPolicy must default to 'IfNotPresent'

A proper section for Container images should look like this:

image:
  registry: docker.io
  repository: bitnami/postgresql
  tag: ""
  digest: ""
  pullPolicy: IfNotPresent
  ## Optionally specify an array of imagePullSecrets.
  ## Secrets must be manually created in the namespace.
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ## Example:
  ## pullSecrets:
  ##   - myRegistryKeySecretName
  ##
  pullSecrets: []
  ## Set to true if you would like to see extra information on logs
  ##
do not use latest as image tag!

This might cause unexpected effects, as the Helm release could change without bumping the chart version! Also due to security reasons you shall not use latest tag. If the image tag should be set to a pinned tag (e.g.: latest) anyway, it should done in an additional (environment specific) values.yaml and in this case the image's pullPolicy is recommended to be set to Always.

Ingress

  • Ingress must be disabled by default
  • Hostname must not be set by default

An example section for ingress resources:

ingress:
  enabled: false
  # className: "nginx"
  ## Optional annotations when using the nginx ingress class
  #annotations:
  #  nginx.ingress.kubernetes.io/rewrite-target: "/$1"
  #  nginx.ingress.kubernetes.io/use-regex: "true"
  #  nginx.ingress.kubernetes.io/enable-cors: "true"
  #  nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.example.org"
  tls:
    - secretName: ""
      hosts:
        - ""
  hosts:
    - host: ""
      paths:
        - path: "/"
          pathType: "Prefix"
          backend:
            service: "app"
            port: 8080

Dependencies

An example section for Postgresql dependency configuration:

postgresql:
  ## PostgreSQL chart configuration
  enabled: true
  ## `nameOverride` should be used when the same chart is added as a dependency
  ## multiple times to ensure resource names do not conflict with each other
  # nameOverride: "app-postgresql"
  auth:
    ## Database name
    database: "appdb"
    ## Database port number
    port: 5432
    ## Secret containing the passwords
    existingSecret: "secret-postgres-init"
    ## Password for the root username 'postgres'. Secret-key 'postgres-password'
    password: ""