chore(deployment): add default annotations to Helm Chart (#94)

migmartri · web-flow · commit b817df81d00c · 2023-04-25T12:50:16.000+02:00
Signed-off-by: Miguel Martinez Trivino &lt;miguel@chainloop.dev&gt;
diff --git a/deployment/chainloop/Chart.yaml b/deployment/chainloop/Chart.yaml
@@ -3,7 +3,9 @@ name: chainloop
 description: Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process.
 
 type: application
-version: 1.1.1
+# Bump the patch (not minor, not major) version on each change in the Chart Source code
+version: 1.1.2
+# Do not update appVersion, this is handled automatically by the release process
 appVersion: v0.8.99
 
 dependencies:
diff --git a/deployment/chainloop/README.md b/deployment/chainloop/README.md
@@ -12,6 +12,11 @@ This chart bootstraps a [Chainloop](https://github.com/chainloop-dev/chainloop)
 - Helm 3.2.0+
 - PV provisioner support in the underlying infrastructure (If built-in PostgreSQL is enabled)
 
+Compatibility with the following Ingress Controllers have been checked, others might or might not work.
+
+- [Nginx Ingress Controller](https://kubernetes.github.io/ingress-nginx/)
+- [Traefik](https://doc.traefik.io/traefik/providers/kubernetes-ingress/)
+
 ## TL;DR
 
 Deploy Chainloop in [development mode](#development) by running
@@ -387,7 +392,7 @@ sentry:
 | `controlplane.ingressAPI.hostname`         | Default host for the ingress record                                                                                              | `api.cp.dev.local`       |
 | `controlplane.ingressAPI.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)                                                    | `""`                     |
 | `controlplane.ingressAPI.path`             | Default path for the ingress record                                                                                              | `/`                      |
-| `controlplane.ingressAPI.annotations`      | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}`                     |
+| `controlplane.ingressAPI.annotations`      | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. |                          |
 | `controlplane.ingressAPI.tls`              | Enable TLS configuration for the host defined at `controlplane.ingress.hostname` parameter                                       | `false`                  |
 | `controlplane.ingressAPI.selfSigned`       | Create a TLS secret for this ingress record using self-signed certificates generated by Helm                                     | `false`                  |
 | `controlplane.ingressAPI.extraHosts`       | An array with additional hostname(s) to be covered with the ingress record                                                       | `[]`                     |
@@ -432,7 +437,7 @@ sentry:
 | `cas.ingressAPI.hostname`         | Default host for the ingress record                                                                                              | `api.cp.dev.local`       |
 | `cas.ingressAPI.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)                                                    | `""`                     |
 | `cas.ingressAPI.path`             | Default path for the ingress record                                                                                              | `/`                      |
-| `cas.ingressAPI.annotations`      | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}`                     |
+| `cas.ingressAPI.annotations`      | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. |                          |
 | `cas.ingressAPI.tls`              | Enable TLS configuration for the host defined at `controlplane.ingress.hostname` parameter                                       | `false`                  |
 | `cas.ingressAPI.selfSigned`       | Create a TLS secret for this ingress record using self-signed certificates generated by Helm                                     | `false`                  |
 | `cas.ingressAPI.extraHosts`       | An array with additional hostname(s) to be covered with the ingress record                                                       | `[]`                     |
diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml
@@ -292,15 +292,18 @@ controlplane:
     ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
     ##
     path: /
-    ## @param controlplane.ingressAPI.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+    ## @extra controlplane.ingressAPI.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
     ## Use this parameter to set the required annotations for cert-manager, see
     ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
     ## e.g:
     ## annotations:
     ##   kubernetes.io/controlplane.ingress.class: nginx
     ##   cert-manager.io/cluster-issuer: cluster-issuer-name
     ##
-    annotations: {}
+    annotations:
+      ## @skip controlplane.ingressAPI.annotations.nginx.ingress.kubernetes.io/backend-protocol
+      ## Tell Nginx Ingress Controller to expect gRPC traffic
+      nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
     
     ## @param controlplane.ingressAPI.tls Enable TLS configuration for the host defined at `controlplane.ingress.hostname` parameter
     ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.controlplane.ingress.hostname }}`
@@ -466,15 +469,23 @@ cas:
     ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
     ##
     path: /
-    ## @param cas.ingressAPI.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+    ## @extra cas.ingressAPI.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
     ## Use this parameter to set the required annotations for cert-manager, see
     ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
     ## e.g:
     ## annotations:
     ##   kubernetes.io/controlplane.ingress.class: nginx
     ##   cert-manager.io/cluster-issuer: cluster-issuer-name
     ##
-    annotations: {}
+    annotations:
+      # Nginx Ingress settings
+      ## @skip cas.ingressAPI.annotations.nginx.ingress.kubernetes.io/proxy-body-size
+      # Limit file uploads/downloads to 100MB. Alternatively you can disable this limitation by setting it to 0 
+      # Even though we send data in chunks of 1MB, this size refers to all the data sent during the whole streaming session
+      nginx.ingress.kubernetes.io/proxy-body-size: "100m"
+      ## @skip cas.ingressAPI.annotations.nginx.ingress.kubernetes.io/backend-protocol
+      ## Tell Nginx Ingress Controller to expect gRPC traffic
+      nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
     
     ## @param cas.ingressAPI.tls Enable TLS configuration for the host defined at `controlplane.ingress.hostname` parameter
     ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.controlplane.ingress.hostname }}`
