update docs for okta addon

Signed-off-by: Sarah Funkhouser <11655165+sfunkhouser@users.noreply.github.com>
equinixmetal-helm · Oct 6, 2023 · 8cad095 · 8cad095
1 parent 65cb9cb
commit 8cad095
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/charts/governor/README.md b/charts/governor/README.md
@@ -71,15 +71,24 @@ helm install governor-api equinixmetal/governor-api
 | k8s-otel-collector | object | `{"include_otel_attributes":false}` | settings for the otel collector sub-chart ref https://github.com/equinixmetal-helm/k8s-otel-collector |
 | oktaAddon | object | `{"api":{"clientId":"gov-slack-addon-governor","url":"https://api.governor.example.com"},"debug":false,"dryrun":false,"enabled":true,"eventlog":{"interval":"30s","lookback":"8h"},"hydra":{"url":"https://hydra.example.com/oauth2/token"},"image":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/metal-toolbox/gov-okta-addon","tag":"12-4375aa79"},"labels":{"app.kubernetes.io/instance":"gov-okta-addon","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"gov-okta-addon"},"matchLabels":{"app.kubernetes.io/instance":"gov-okta-addon","app.kubernetes.io/name":"gov-okta-addon"},"monitoring":{"enabled":true},"nats":{"credsPath":"/nats","secrets":{"enabled":false,"governorClientSecret":null,"natsCreds":null,"oktaToken":null},"subjectPrefix":"governor.events","url":"tls://nats.governor.example.com:4222,"},"okta":{"nocache":true},"port":8000,"pretty":false,"reconciler":{"interval":"3600s","locking":true},"replicaCount":1,"resources":{"limits":{"cpu":"100m","memory":"500Mi"},"requests":{"cpu":"100m","memory":"500Mi"}},"skipDelete":false}` | okta-addon settings |
 | oktaAddon.api | object | `{"clientId":"gov-slack-addon-governor","url":"https://api.governor.example.com"}` | governor-api settings to retrieve required information by the slack addon |
+| oktaAddon.debug | bool | `false` | set to true to turn on debug logging |
+| oktaAddon.dryrun | bool | `false` | dryrun on the reconcile loop |
 | oktaAddon.enabled | bool | `true` | set to false to disable this addon completely |
 | oktaAddon.hydra | object | `{"url":"https://hydra.example.com/oauth2/token"}` | hydra settings for communication with the governor-api |
 | oktaAddon.labels | object | `{"app.kubernetes.io/instance":"gov-okta-addon","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"gov-okta-addon"}` | set of labels for the application  |
 | oktaAddon.matchLabels | object | `{"app.kubernetes.io/instance":"gov-okta-addon","app.kubernetes.io/name":"gov-okta-addon"}` | set of match labels for the application  |
 | oktaAddon.monitoring | object | `{"enabled":true}` | enables the prometheus rules if set to true |
 | oktaAddon.nats | object | `{"credsPath":"/nats","secrets":{"enabled":false,"governorClientSecret":null,"natsCreds":null,"oktaToken":null},"subjectPrefix":"governor.events","url":"tls://nats.governor.example.com:4222,"}` | nats setup for the slack addon |
 | oktaAddon.nats.secrets.enabled | bool | `false` | enable helm secrets, set to `true` if you want to set the value directly in the chart (not recommended) |
-| oktaAddon.nats.secrets.natsCreds | string | `nil` | client credentials secrets |
+| oktaAddon.nats.secrets.governorClientSecret | string | `nil` | governor client secrets for the governor api |
+| oktaAddon.nats.secrets.natsCreds | string | `nil` | nats client credentials secrets |
+| oktaAddon.nats.secrets.oktaToken | string | `nil` | token to talk to the okta api |
 | oktaAddon.okta.nocache | bool | `true` | This toggle exists because we've seen issue with the sdk caching responses from okta |
+| oktaAddon.port | int | `8000` | port used for the gov-okta-addon service |
+| oktaAddon.pretty | bool | `false` | set to true for human readable logging |
+| oktaAddon.replicaCount | int | `1` | replicas of the gov-okta-addon |
+| oktaAddon.resources | object | `{"limits":{"cpu":"100m","memory":"500Mi"},"requests":{"cpu":"100m","memory":"500Mi"}}` | resource settings for the gov-okta-addon |
+| oktaAddon.skipDelete | bool | `false` | skipDelete, when true, will not delete anything in okta during reconcile loop |
 | slackAddon | object | `{"api":{"audience":"https://api.governor.example.com","clientId":"gov-slack-addon-governor","url":"https://api.governor.example.com"},"autoscaling":{"enabled":false},"debug":false,"dryrun":false,"enabled":true,"hydra":{"url":"https://hydra.example.com/oauth2/token"},"image":{"pullPolicy":"IfNotPresent","repository":"ghcr.io/metal-toolbox/governor-slack-addon","tag":"46-c41b0158"},"labels":{"app.kubernetes.io/instance":"gov-slack-addon","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"gov-slack-addon"},"matchLabels":{"app.kubernetes.io/instance":"gov-slack-addon","app.kubernetes.io/name":"gov-slack-addon"},"nats":{"credsPath":"/nats","subjectPrefix":"governor.events","url":"tls://nats.governor.example.com:4222,"},"nodeSelector":null,"ports":[{"containerPort":8000,"name":"http"}],"pretty":false,"reconciler":{"interval":"1h","locking":true},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"250m","memory":"500Mi"}},"securityContext":{"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000},"service":{"port":80},"tolerations":null}` | slack-addon settings |
 | slackAddon.api | object | `{"audience":"https://api.governor.example.com","clientId":"gov-slack-addon-governor","url":"https://api.governor.example.com"}` | governor-api settings to retrieve required information by the slack addon |
 | slackAddon.debug | bool | `false` | set to true to turn on debug logging |

diff --git a/charts/governor/values.yaml b/charts/governor/values.yaml
@@ -126,20 +126,27 @@ oktaAddon:
     app.kubernetes.io/instance: gov-okta-addon
     app.kubernetes.io/name: gov-okta-addon
 
+  # -- set to true to turn on debug logging
   debug: false
-  dryrun: false
+  # -- set to true for human readable logging
   pretty: false
+  # -- dryrun on the reconcile loop
+  dryrun: false
 
+  # -- skipDelete, when true, will not delete anything in okta during reconcile loop
   skipDelete: false
 
+  # -- port used for the gov-okta-addon service
   port: 8000
 
-  replicaCount: 1
-
   # -- enables the prometheus rules if set to true
   monitoring:
     enabled: true
 
+  # -- replicas of the gov-okta-addon
+  replicaCount: 1
+
+  # -- resource settings for the gov-okta-addon
   resources:
     limits:
       cpu: 100m
@@ -157,9 +164,11 @@ oktaAddon:
     secrets:
       # -- enable helm secrets, set to `true` if you want to set the value directly in the chart (not recommended)
       enabled: false
-      # -- client credentials secrets
+      # -- nats client credentials secrets
       natsCreds: 
+      # -- governor client secrets for the governor api
       governorClientSecret: 
+      # -- token to talk to the okta api
       oktaToken:
 
   # -- hydra settings for communication with the governor-api