feat(helm): add iron-proxy Helm chart#185
Open
mslipper wants to merge 4 commits into
Open
Conversation
Adds a Helm chart under charts/iron-proxy supporting standalone and managed run modes, all CA strategies (generate/existingSecret/inline/none), configurable listeners, and secret-backend credential injection.
Removes the per-pod CA generation mode, which rotated the CA on every restart and broke client trust. CA must come from an existing Secret (default) or inline PEM. Default install now fails fast telling the user to supply ca.existingSecret.
…d-mode env Replaces the duplicated service.ports block with a single listeners map. Each enabled listener now drives the Service port, the container port, and the proxy's bind address (merged into the config in standalone mode, emitted as IRON_*_LISTEN env vars in managed mode), so they can never drift. Managed mode gains a structured managed block (proxyIP, tlsMode, logLevel, upstreamResolver) that renders the IRON_* env vars the proxy needs when there is no config file, plus auto-derived IRON_TLS_CA_CERT/KEY from the CA mount.
1e5c3ee to
945d68c
Compare
The core listen addresses (dns/http/https/tunnel/metrics) are now supplied via IRON_*_LISTEN env vars in standalone mode too, not merged into the config file, giving a single source of truth across both run modes. Setting listeners.dns.enabled=false emits IRON_DNS_ENABLED=false to disable the DNS server (requires the binary's DNS-toggle support).
945d68c to
20ab6cc
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a Helm chart under
charts/iron-proxyso iron-proxy can be installed withhelm install. It supports both standalone (config rendered into a ConfigMap) and managed (control-plane token) run modes, all four CA strategies (generate/existingSecret/inline/none), per-listener Service ports, and flexible secret-backend credential injection via env/envFrom/inline secrets. Defaults to a zero-config working install (ca.mode: generate); README documents switching to a stable CA for production.Verified with
helm lintandhelm templateacross all modes.