Skip to content
Snippets Groups Projects
Select Git revision
  • extend_pattern_correlation_id
  • cimpl-policy
  • trusted-cimpl-policy protected
  • master default protected
  • release/0.28 protected
  • trusted-gc_fix_null_header_http_send protected
  • trusted-GONRG-11243-Fix-Python-Version protected
  • test-cimpl-policy
  • trusted-fix_xuserid_optional_for_GC protected
  • trusted-GONRG-10453-Create_pipeline_Cimpl_policy protected
  • incountry
  • gc-oidc-test
  • trusted-gc-oidc-test protected
  • trusted-aws-fix-build protected
  • trusted-vl/python3.12 protected
  • trusted-vl/fastapi-swagger-mdw protected
  • doc_update
  • trusted-doc_update protected
  • trusted-okosse protected
  • trusted-GONRG-10847-Fix-GC-Dockerfile protected
  • v0.28.2 protected
  • v0.28.1 protected
  • v0.28.0 protected
  • v0.27.6-gc.1 protected
  • v0.27.6 protected
  • v0.27.5 protected
  • v0.27.4 protected
  • v0.27.3 protected
  • v0.27.2 protected
  • v0.27.1 protected
  • v0.27.0 protected
  • v0.26.0 protected
  • v0.25.2 protected
  • v0.25.1 protected
  • v0.25.0 protected
  • v0.24.0 protected
  • v0.23.3 protected
  • v0.23.2 protected
  • v0.23.1 protected
  • v0.21.1 protected
40 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
To learn more about this project, read the wiki.
README.md 4.97 KiB

GC Policy service

Introduction

This chart deploys policy service on a Kubernetes cluster using Helm package manager.

Prerequisites

The code was tested on Kubernetes cluster (v1.23.12) with Istio (1.15)

It is possible to use other versions, but it hasn't been tested

Operation system

The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.

Packages

Packages are only needed for installation from a local computer.

  • HELM (version: v3.7.1 or higher) helm
  • Kubectl (version: v1.23.12 or higher) kubectl

Installation

First you need to set variables in values.yaml file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.

Global variables

Name Description Type Default Required
global.domain your domain for the external endpoint, ex example.com string - yes
global.onPremEnabled whether on-prem is enabled boolean false yes

Common variables

Name Description Type Default Required
data.logLevel logging level string INFO yes
data.image policy image name string - yes
data.requestsCpu amount of requests CPU string 10m yes
data.requestsMemory amount of requests memory string 200Mi yes
data.limitsCpu CPU limit string 1 yes
data.limitsMemory memory limit string 1G yes
data.serviceAccountName name of your service account string - yes
data.imagePullPolicy when to pull image string IfNotPresent yes
data.bucketName bucket name string - yes
data.scopes scope of OPA string "https://www.googleapis.com/auth/devstorage.read_only" yes
data.entitlementsHost Entitlements host string "http://entitlements" yes
data.entitlementsBasePath Entitlements path string "/api/entitlements/v2/groups" yes
data.useBundles use bundle or not string "yes" yes
data.legalHost Legal host string "http://legal" yes

On-prem variables

Name Description Type Default Required
data.minioHost minio host string http://minio:9000 yes
conf.minioSecretName secret name for the app string "policy-minio-secret" yes

Config variables

Name Description Type Default Required
conf.appName name of the app string policy yes
conf.configmap configmap to be used string policy-config yes
conf.bootstrapSecretName secret name for the bootstrap string "minio-bootstrap-secret" yes
data.dataPartitionId data partition id string - yes
data.dataPartitionIdList list of secondary data partition ids in case of multipartition string - no
conf.minDelaySeconds min delay for bundle download num 6 yes
conf.maxDelaySeconds max delay for bundle download num 12 yes

Bootstrap variables

Name Description Type Default Required
data.bootstrapImage image for bootstrap deployment string - yes
data.bootstrapServiceAccountName service account for bootstrap deployment string - yes

OPA variables

Name Description Type Default Required
opa.conf.configmap configmap to be used string opa-config yes
opa.conf.envConfig configmap with env vars string opa-env-config yes
opa.conf.appName name of the app string opa yes
opa.data.serviceAccountName name of your service account string opa-k8s yes
opa.data.image image name string - yes

ISTIO variables

Name Description Type Default Required
istio.proxyCPU CPU request for Envoy sidecars string 10m yes
istio.proxyCPULimit CPU limit for Envoy sidecars string 500m yes
istio.proxyMemory memory request for Envoy sidecars string 100Mi yes
istio.proxyMemoryLimit memory limit for Envoy sidecars string 512Mi yes
istio.bootstrapProxyCPU CPU request for Envoy sidecars string 10m yes
istio.bootstrapProxyCPULimit CPU limit for Envoy sidecars string 100m yes

Install the helm chart

Run this command from within this directory:

helm install gc-policy-deploy .

Uninstalling the Chart

To uninstall the helm deployment:

helm uninstall gc-policy-deploy

Move-to-Top