boundary helm documentation#42
Conversation
Reliability Check(s) ResultsTarget Asset:
|
|
|
||
| Before installing the chart, make sure the following are available: | ||
|
|
||
| - A Kubernetes cluster supported by the chart. |
There was a problem hiding this comment.
It might be helpful to clarify which Kubernetes versions are supported by our Helm chart. At the moment, we are running acceptance tests on 1.33.x, 1.34.x, and 1.35.x. Perhaps we can include this in the Version Requirements section.
| Before installing the chart, make sure the following are available: | ||
|
|
||
| - A Kubernetes cluster supported by the chart. | ||
| - Helm 3.x configured with access to the target Kubernetes cluster. |
There was a problem hiding this comment.
This needs to be updated to Helm 4.x. Please refer to the Helm 3 support section for guidance.
|
|
||
| ## Create the controller Secret | ||
|
|
||
| The chart reads sensitive values from an existing Kubernetes Secret referenced by `secretRefs.secretName`. At minimum, create a Secret with the database URL and Boundary Enterprise license. Include bootstrap admin credentials when bootstrap admin creation is enabled. |
There was a problem hiding this comment.
I think it would be helpful to mention that if operators are using a different secret name or key, they should update it in the values file accordingly. These names do not have to match the defaults provided in the Helm chart values file.
|
|
||
| | Key | Default | Description | | ||
| | --- | --- | --- | | ||
| | `controller.service.cluster.type` | `LoadBalancer` | Kubernetes Service type for worker registration and controller cluster traffic. | |
| The Deployment and Jobs also set `SKIP_SETCAP=1`, which prevents the container startup path from attempting Linux capability modification. | ||
|
|
||
| ## ServiceAccount values | ||
|
|
There was a problem hiding this comment.
It would be helpful to mention that creating or annotating the service account is not supported by the Helm chart and needs to be handled on the operator side. The Helm chart expects an existing service account, which can be provided through the values file.
|
|
||
| ## Disable Database Initialization | ||
|
|
||
| If the PostgreSQL database was already initialized by an earlier controller release or by an external workflow, disable the pre-install initialization Job. |
There was a problem hiding this comment.
For this approach, it’s worth mentioning that the Boundary version should match the version specified in the values file to avoid schema mismatches. If there is any version drift, operators should perform the necessary schema migrations before transitioning to the Helm chart.
2 participants
Summary
Describe the purpose of this PR and the approach taken.
Related
Checklist
I have documented a clear reason for, and description of, the change I am making.
Added/updated tests or validation steps (if applicable)
Verified local lint/validation
No breaking changes, or clearly documented
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've documented the impact of any changes to security controls.
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.