Coder Social home page Coder Social logo

helm-sidecar's Introduction

Cyral sidecar Helm chart

Use this Helm chart to deploy a sidecar to your Kubernetes environment.

Refer to the quickstart guide for more information on how to use this chart or upgrade your sidecar.

Prerequisites

  • Kubernetes 1.23+
  • Helm 3.8.0+

Usage

Installing the Chart

helm install cyral-sidecar oci://public.ecr.aws/cyral/helm/sidecar

Uninstalling the Chart

To uninstall/delete the cyral-sidecar deployment:

helm delete cyral-sidecar

The command removes all the Kubernetes components associated with the chart and deletes the release.

Advanced

Instructions for advanced deployment configurations are available for the following topics:

Parameters

Required Cyral configuration

Name Description Value
cyral.sidecarId Sidecar identifier ""
cyral.controlPlane Address of the control plane - .cyral.com ""
cyral.credentials.clientId The client ID assigned to the sidecar. Optional - required only if existingSecret is not provided. ""
cyral.credentials.clientSecret The client secret assigned to the sidecar. Optional - required only if existingSecret is not provided. ""
image.tag Cyral Sidecar image tag (this is the sidecar version) ""

Certificates configuration

Name Description Value
cyral.sidecar.certificates.ca.existingSecret Name of an existing Kubernetes secret containing a private key and a certificate for the internal CA. ""
cyral.sidecar.certificates.tls.existingSecret Name of an existing Kubernetes secret containing a private key and a certificate to terminate TLS connections. ""

Cyral deployment properties configuration

Name Description Value
cyral.deploymentProperties.cloud Cloud provider where the Cyral Sidecar is hosted. ""
cyral.deploymentProperties.deploymentType Deployment type choosen to deploy the Cyral Sidecar. Defaults to helm-kubernetes. helm-kubernetes
cyral.deploymentProperties.endpoint Fully qualified domain name that will be used to access the Cyral Sidecar. ""

Snowflake configuration

Name Description Value
cyral.sidecar.snowflake.idpCertificate The certificate used to verify SAML assertions from the IdP being used with Snowflake. Enter this value as a one-line string with literal new line characters (\n) specifying the line breaks. ""
cyral.sidecar.snowflake.sidecarIdpCertificate The public certificate used to verify signatures for SAML Assertions generated by the sidecar. Required if using SSO with Snowflake. ""
cyral.sidecar.snowflake.sidecarIdpPrivateKey The private key used to sign SAML Assertions generated by the sidecar. Required if using SSO with Snowflake. ""
cyral.sidecar.snowflake.SSOLoginURL The IdP SSO URL for the IdP being used with Snowflake. ""

Other Cyral configuration

Name Description Value
cyral.credentials.existingSecret Name of an existing Kubernetes secret containing client ID and client secret. The secret must contain the clientId and clientSecret keys. ""
cyral.sidecar.dnsName Fully qualified domain name that will be used to access the Cyral Sidecar ""

Common configuration

Name Description Value
commonAnnotations Common annotations to add to all Cyral Sidecar resources (sub-charts are not considered). Evaluated as a template {}
commonLabels Common labels to add to all Cyral Sidecar resources (sub-charts are not considered). Evaluated as a template {}
clusterDomain Kubernetes cluster domain cluster.local
fullnameOverride String to fully override common.names.fullname template with a string ""
kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ""
nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) ""

Deployment configuration

Name Description Value
affinity Affinity for pod assignment {}
extraEnvVars Extra environment variables to be set on Cyral Sidecar containers []
extraEnvVarsCM ConfigMap with extra environment variables ""
extraEnvVarsSecret Secret with extra environment variables ""
extraVolumes Array of extra volumes to be added to the Cyral Sidecar deployment (evaluated as template). Requires setting extraVolumeMounts []
nodeAffinityPreset.key Node label key to match Ignored if affinity is set. ""
nodeAffinityPreset.type Node affinity preset type. Ignored if affinity is set. Allowed values: soft or hard ""
nodeAffinityPreset.values Node label values to match. Ignored if affinity is set. []
nodeSelector Node labels for pod assignment. Evaluated as a template. {}
podAffinityPreset Pod affinity preset. Ignored if affinity is set. Allowed values: soft or hard ""
podAntiAffinityPreset Pod anti-affinity preset. Ignored if affinity is set. Allowed values: soft or hard hard
replicaCount Number of Cyral Sidecar replicas to deploy 1
resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) {}
tolerations Tolerations for pod assignment. Evaluated as a template. []

Image configuration

Name Description Value
image.debug Enable image debug mode false
image.digest Cyral Sidecar image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ""
image.pullPolicy Cyral Sidecar image pull policy IfNotPresent
image.pullSecrets Cyral Sidecar image pull secrets []
image.registry Cyral Sidecar image registry public.ecr.aws/cyral
image.repository Cyral Sidecar image repository cyral-sidecar

Ports configuration

Name Description Value
containerPorts Map of all ports inside Cyral Sidecar container {}
extraContainerPorts Array of additional container ports for the Cyral Sidecar container []

RBAC configuration

Name Description Value
rbac.create Create Role and RoleBinding true
rbac.rules Custom RBAC rules to set []

Security context configuration

Name Description Value
containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation false
containerSecurityContext.enabled Enabled containers' Security Context true
containerSecurityContext.privileged Set container's Security Context privileged false
containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile RuntimeDefault
containerSecurityContext.seLinuxOptions Set SELinux options in container nil
containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem false
containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot true
containerSecurityContext.runAsUser Set containers' Security Context runAsUser 65534
podSecurityContext.enabled Enabled Cyral Sidecar pods' Security Context true
podSecurityContext.fsGroup Set Cyral Sidecar pod's Security Context fsGroup 1001
podSecurityContext.fsGroupChangePolicy Set filesystem group change policy Always
podSecurityContext.supplementalGroups Set filesystem extra groups []
podSecurityContext.sysctls Set kernel settings using the sysctl interface []

Service account configuration

Name Description Value
serviceAccount.annotations Annotations for service account. Evaluated as a template. {}
serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod true
serviceAccount.create Enable creation of ServiceAccount for Cyral Sidecar pod true
serviceAccount.name The name of the ServiceAccount to use. ""

Service configuration

Name Description Value
service.annotations Service annotations {}
service.clusterIP Cyral Sidecar service Cluster IP ""
service.externalTrafficPolicy Enable client source IP preservation Cluster
service.loadBalancerClass service Load Balancer class if service type is LoadBalancer (optional, cloud specific) ""
service.loadBalancerIP LoadBalancer service IP address ""
service.loadBalancerSourceRanges Cyral Sidecar service Load Balancer sources []
service.nodePorts Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. {}
service.ports Map of Cyral Sidecar service ports {}
service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" None
service.sessionAffinityConfig Additional settings for the sessionAffinity {}
service.targetPort Target port reference value for the Loadbalancer service types can be specified explicitly. {}
service.type Service type LoadBalancer

helm-sidecar's People

Contributors

antoniomrfranco avatar gabfelp avatar ccampo133 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.