Skip to content

Commit e058af6

Browse files
mbillowmbillow
committed
feat: add helm schema
1 parent 4c0b478 commit e058af6

1 file changed

Lines changed: 250 additions & 0 deletions

File tree

chart/values.schema.json

Lines changed: 250 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,250 @@
1+
{
2+
"$schema": "https://json-schema.org/draft/2020-12/schema",
3+
"title": "PINT",
4+
"description": "Pouring IPA for Network Trust - CSH WiFi EAP-TLS enrollment and home RadSec management",
5+
"type": "object",
6+
"properties": {
7+
"nameOverride": {
8+
"type": "string",
9+
"description": "Override the chart name used in resource names."
10+
},
11+
"fullnameOverride": {
12+
"type": "string",
13+
"description": "Override the fully qualified resource name."
14+
},
15+
"serviceAccount": {
16+
"type": "object",
17+
"description": "ServiceAccount settings.",
18+
"properties": {
19+
"name": {
20+
"type": "string",
21+
"description": "ServiceAccount name. Defaults to the full chart name."
22+
}
23+
}
24+
},
25+
"envSecret": {
26+
"type": "string",
27+
"description": "Name of the pre-existing Secret containing PINT_CLIENT_SECRET and PINT_IPA_PASSWORD.",
28+
"default": "pint-env"
29+
},
30+
"config": {
31+
"type": "object",
32+
"description": "Non-sensitive PINT application configuration, rendered into a ConfigMap.",
33+
"properties": {
34+
"clientID": {
35+
"type": "string",
36+
"description": "Keycloak OIDC client ID."
37+
},
38+
"serverURL": {
39+
"type": "string",
40+
"description": "Public base URL of this service (e.g. https://pint.csh.rit.edu). Login and callback URLs are derived from this."
41+
},
42+
"ipaHost": {
43+
"type": "string",
44+
"description": "FreeIPA host and port (e.g. ipa.csh.rit.edu:443)."
45+
},
46+
"ipaServiceAccount": {
47+
"type": "string",
48+
"description": "FreeIPA service account DN used to issue certificates."
49+
},
50+
"ipaCAName": {
51+
"type": "string",
52+
"description": "FreeIPA CA name for WiFi client certificates."
53+
},
54+
"ipaRadSecCAName": {
55+
"type": "string",
56+
"description": "FreeIPA CA name for RadSec certificates."
57+
},
58+
"ipaRootCAName": {
59+
"type": "string",
60+
"description": "FreeIPA root CA name.",
61+
"default": "ipa"
62+
},
63+
"ipaCertProfile": {
64+
"type": "string",
65+
"description": "Dogtag certificate profile for WiFi client certs. Leave blank to use the CA default."
66+
},
67+
"ipaRadSecClientCertProfile": {
68+
"type": "string",
69+
"description": "Dogtag certificate profile for RadSec router client certs. Leave blank to use the CA default."
70+
},
71+
"ipaRadSecServerCertProfile": {
72+
"type": "string",
73+
"description": "Dogtag certificate profile for the FreeRADIUS server cert. Leave blank to use the CA default."
74+
},
75+
"ipaSkipTLSVerify": {
76+
"type": "boolean",
77+
"description": "Skip TLS verification when connecting to FreeIPA. For development only.",
78+
"default": false
79+
},
80+
"wifiSSID": {
81+
"type": "string",
82+
"description": "WiFi SSID embedded in generated device profiles."
83+
},
84+
"radiusServer": {
85+
"type": "string",
86+
"description": "RadSec server address shown to users (e.g. radius.csh.rit.edu:2083)."
87+
}
88+
},
89+
"required": ["clientID", "serverURL", "ipaHost", "ipaServiceAccount", "ipaCAName", "ipaRadSecCAName", "wifiSSID", "radiusServer"]
90+
},
91+
"secrets": {
92+
"type": "object",
93+
"description": "Names of the Kubernetes Secrets PINT creates and manages at runtime.",
94+
"properties": {
95+
"radiusClients": {
96+
"type": "string",
97+
"description": "Secret storing the RADIUS client list (clients.json).",
98+
"default": "pint-radius-clients"
99+
},
100+
"radiusConfig": {
101+
"type": "string",
102+
"description": "Secret storing the rendered FreeRADIUS clients.conf.",
103+
"default": "pint-radius-config"
104+
},
105+
"radSecCert": {
106+
"type": "string",
107+
"description": "Secret storing the FreeRADIUS TLS certificate and key.",
108+
"default": "pint-radsec-server"
109+
}
110+
}
111+
},
112+
"pint": {
113+
"type": "object",
114+
"description": "PINT web application settings.",
115+
"properties": {
116+
"enabled": {
117+
"type": "boolean",
118+
"description": "Deploy the PINT pod. Set false to run PINT as a local process instead.",
119+
"default": true
120+
},
121+
"replicaCount": {
122+
"type": "integer",
123+
"minimum": 1,
124+
"description": "Number of PINT replicas.",
125+
"default": 1
126+
},
127+
"image": {
128+
"type": "object",
129+
"properties": {
130+
"repository": {
131+
"type": "string",
132+
"description": "Container image repository.",
133+
"default": "pint"
134+
},
135+
"tag": {
136+
"type": "string",
137+
"description": "Image tag. Defaults to the chart appVersion."
138+
},
139+
"pullPolicy": {
140+
"type": "string",
141+
"enum": ["Always", "IfNotPresent", "Never"],
142+
"default": "IfNotPresent"
143+
}
144+
}
145+
}
146+
}
147+
},
148+
"service": {
149+
"type": "object",
150+
"description": "Kubernetes Service for the PINT web application.",
151+
"properties": {
152+
"type": {
153+
"type": "string",
154+
"enum": ["ClusterIP", "NodePort", "LoadBalancer"],
155+
"default": "ClusterIP"
156+
},
157+
"port": {
158+
"type": "integer",
159+
"default": 80
160+
}
161+
}
162+
},
163+
"freeradius": {
164+
"type": "object",
165+
"description": "FreeRADIUS RadSec server settings.",
166+
"properties": {
167+
"enabled": {
168+
"type": "boolean",
169+
"description": "Deploy the FreeRADIUS pod.",
170+
"default": true
171+
},
172+
"image": {
173+
"type": "object",
174+
"properties": {
175+
"repository": {
176+
"type": "string",
177+
"default": "pint-freeradius"
178+
},
179+
"tag": {
180+
"type": "string",
181+
"description": "Image tag. Defaults to the chart appVersion."
182+
},
183+
"pullPolicy": {
184+
"type": "string",
185+
"enum": ["Always", "IfNotPresent", "Never"],
186+
"default": "IfNotPresent"
187+
}
188+
}
189+
},
190+
"service": {
191+
"type": "object",
192+
"properties": {
193+
"type": {
194+
"type": "string",
195+
"enum": ["ClusterIP", "NodePort", "LoadBalancer"],
196+
"default": "LoadBalancer"
197+
},
198+
"port": {
199+
"type": "integer",
200+
"default": 2083
201+
},
202+
"nodePort": {
203+
"type": ["integer", "null"],
204+
"description": "NodePort number. Only used when service.type is NodePort."
205+
}
206+
}
207+
},
208+
"securityContext": {
209+
"type": "object",
210+
"description": "Pod security context for FreeRADIUS. Override to {} for environments without pod security enforcement."
211+
}
212+
}
213+
},
214+
"openshift": {
215+
"type": "object",
216+
"description": "OpenShift-specific resources.",
217+
"properties": {
218+
"enabled": {
219+
"type": "boolean",
220+
"description": "Create an OpenShift Route for the PINT service.",
221+
"default": false
222+
},
223+
"route": {
224+
"type": "object",
225+
"properties": {
226+
"host": {
227+
"type": "string",
228+
"description": "Route hostname. Leave blank for an auto-assigned hostname."
229+
},
230+
"tls": {
231+
"type": "object",
232+
"properties": {
233+
"termination": {
234+
"type": "string",
235+
"enum": ["edge", "reencrypt", "passthrough"],
236+
"default": "edge"
237+
},
238+
"insecureEdgeTerminationPolicy": {
239+
"type": "string",
240+
"enum": ["Allow", "Redirect", "None"],
241+
"default": "Redirect"
242+
}
243+
}
244+
}
245+
}
246+
}
247+
}
248+
}
249+
}
250+
}

0 commit comments

Comments
 (0)