v0.1.0
This release contains breaking changes for the
flame/flame-nodehelm chart
Node
In an effort to ensure long-term support, we have added the ability to use the kubernetes Gateway API in addition to the Ingress API since the latter has been deprecated. This resulted in having to make a breaking change to the values.yaml file to support both APIs. This means that values files from prior versions are not compatible with this new helm chart. Users will have to update their values.yaml file in order to upgrade to v0.1.0.
Breaking Changes
Removed global Values
The global section at the top of the flame-node helm chart values.yaml file. This was previously used to simplify distributing the provided hostname to the chart and its sub-charts, but is no longer necessary so it was removed. Likewise, the ingress sections for both this helm chart and the sub-charts were removed.
-global:
- node:
- ingress:
- enabled: false
- hostname:
+expose:
+ type: none
+ hostname: ""
+ tls:
+ secretName: ""
+ ingress:
+ className: ""
+ annotations: {}
+ pathType: ImplementationSpecific
+ gateway:
+ gatewayClassName: nginxIn order to allow network routing, users must use the new expose section and for the type, choose one of the following:
- "ingress" (Kubernetes Ingress API)
- "gateway" (Kubernetes Gateway API)
- "none" (no external routing)
Regardless if one chooses "ingress" or "gateway", the hostname and tls fields will be applied to the selected API.
Robot to Client
Hub keys were updated and the values.yaml was updated accordingly:
hub:
auth:
- robotUser: <Robot ID>
- robotSecret: <Robot Secret>
+ clientId: <Client ID>
+ clientSecret: <Client Secret>Improving Security
Default credentials
Several default credentials were removed including keycloak and minio. Users must now specify these credentials when deploying by either providing a username/password directly in the values.yaml file or by using an existing secret. The keycloak user flameuser is no longer included by default unless explicitly enabled.
keycloakx:
+ defaultUserEnabled: false
+ auth:
+ adminUsername: ""
+ adminPassword: ""
+ existingSecret: ""
+dataStore:
enabled: true
minio:
+ rootUser: ""
+ rootPassword: ""
+ existingSecret: ""Node VictoriaLogs UI
VictoriaLogs is now the primary application for storing and serving logs from all node related components and services. It is enabled by default, but access to it's included UI is disabled as it is not currently secured behind user authentication. If ingress for the VictoriaLogs UI is enabled, it can be found at https://<node hostname>/logs/select/vmui
+victorialogs:
+ enabled: true
+ ingress:
+ enabled: falseflame-node-data-store to dataStore
To simplify referencing this subchart in the helper functions, it was given an alias of dataStore which should now be used instead
- flame-node-data-store:
+ dataStore:
enabled: trueMigration Guide
Adapting previous versions to the current one is very straightforward, the following table shows how values map from values.yaml files from previous versions (i.e. <0.1.0) to the current stable version (0.1.0):
| Previous Value | Current Value | Comment |
|---|---|---|
.global.node.ingress.enabled == "true".ingress.enabled == "true" | .expose.type == "ingress" | This can also be set to "gateway" if you are using the new Gateway API |
.global.node.ingress.enabled == "false".ingress.enabled == "false" | .expose.type == "none" | |
.global.node.ingress.hostname == "https://your-domain".ingress.hostname == "https://your-domain" | .expose.hostname == "https://your-domain" | |
.ingress.annotations | .expose.ingress.annotations | |
.ingress.className | .expose.ingress.className | |
.ingress.pathType | .expose.ingress.pathType | |
.ingress.tlsSecretName | .expose.tls.secretName | |
.hub.auth.robotUser | .hub.auth.clientID | |
.hub.auth.robotSecret | .hub.auth.clientSecret | |
.flame-node-data-store | .dataStore | |
.keycloakx.defaultUserEnabled | Enable if you want the flameuser test user created in your bundled keycloak instance | |
.keycloakx.auth | Enter your admin credentials in these fields | |
.dataStore.minio | If the dataStore is enabled, enter your admin credentials here | |
.victorialogs.ingress.enabled | Set to true if you want to access the VictoriaLogs UI | |
.proxy.existingSecret | Can now set proxy information using an existing secret |