Files
truecharts/charts/library/common/values.yaml
T
TrueCharts Bot 3f48fdcfff feat(code-server): update image oci.trueforge.org/containerforge/code-server 4.126.0 → 4.127.0 (#49780)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[oci.trueforge.org/containerforge/code-server](https://ghcr.io/trueforge-org/code-server)
([source](https://coder.com)) | minor | `f753ce2` → `467743d` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9jb2RlLXNlcnZlciIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=-->
2026-07-02 16:59:50 +02:00

1409 lines
40 KiB
YAML

# yaml-language-server: $schema=./values.schema.json
# -- Global values
global:
# -- Set additional global labels
labels: {}
# -- Set additional global annotations
annotations: {}
# -- Set a global namespace
# TODO: Currently some objects do not support this
namespace: ""
diagnosticMode:
enabled: false
fallbackDefaults:
# -- Define a storageClassName that will be used for all PVCs
# Can be overruled per PVC
storageClass:
# -- Default probe type
probeType: http
# -- Default Service Protocol
serviceProtocol: tcp
# -- Default Service Type
serviceType: ClusterIP
# -- Default persistence type
persistenceType: pvc
# -- Default Retain PVC
pvcRetain: false
# -- Default PVC Size
pvcSize: 100Gi
# -- Default VCT Size
vctSize: 100Gi
# -- Default PVC Access Modes
accessModes:
- ReadWriteOnce
# -- Default VCT Access Modes
vctAccessModes:
- ReadWriteOnce
# -- Default probe timeouts
probeTimeouts:
liveness:
initialDelaySeconds: 12
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
readiness:
initialDelaySeconds: 10
periodSeconds: 12
timeoutSeconds: 5
failureThreshold: 4
successThreshold: 2
startup:
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
successThreshold: 1
# -- Define a postgresql version for CNPG
# will be used for all CNPG objects
# Can be overruled per CNPG objects
# -- Define a topologyKey for default topologySpreadConstraints
# Will be used when defaultSpread: true
topologyKey: kubernetes.io/hostname
cnpg:
pgVersion: 16
skipEmptyWalArchiveCheck: true
traefik:
commonMiddlewares:
- name: tc-basic-secure-headers
# -- Minimum nodePort value
minNodePort: 9000
# -- Enable to stop most pods and containers including cnpg
# does not include stand-alone pods
stopAll: false
# -- Explicitly set a namespace for this chart only
namespace: ""
image:
repository: ghcr.io/traefik/whoami
pullPolicy: IfNotPresent
tag: v1.11.0@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab
chartContext:
appUrl: ""
podCIDR: ""
svcCIDR: ""
# -- Security Context
securityContext:
# -- Container security context for all containers
# Can be overruled per container
container:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
# When set to false, it will automatically
# add CHOWN, SETUID, SETGID, FOWNER, DAC_OVERRIDE
# capabilities ONLY when container runs as ROOT
disableS6Caps: false
# -- PUID for all containers
# Can be overruled per container
PUID: 568
# -- UMASK for all containers
# Can be overruled per container
UMASK: "0022"
# -- Pod security context for all pods
# Can be overruled per pod
pod:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: []
sysctls: []
# -- Resources
# Can be overruled per container
resources:
limits:
cpu: 1500m
memory: 2400Mi
requests:
cpu: 75m
memory: 200Mi
containerOptions:
NVIDIA_CAPS:
- all
# -- Options for all pods
# Can be overruled per pod
podOptions:
enableServiceLinks: false
hostNetwork: false
hostPID: false
hostIPC: false
# If this key exists, takes precedence over the automated calculation
# hostUsers: false
shareProcessNamespace: false
affinity: {}
dnsPolicy: ClusterFirst
dnsConfig:
options:
- name: ndots
value: "1"
hostAliases: []
nodeSelector:
kubernetes.io/arch: "amd64"
# -- Used to enforce a good spread for Deployments and StatefulSets by default
defaultSpread: true
defaultAffinity: true
topologySpreadConstraints: []
tolerations: []
schedulerName: ""
priorityClassName: ""
runtimeClassName: ""
automountServiceAccountToken: false
terminationGracePeriodSeconds: 60
# -- (docs/workload/README.md)
workload:
main:
enabled: true
primary: true
type: Deployment
dbWait: true
podSpec:
containers:
main:
enabled: true
primary: true
imageSelector: image
probes:
liveness:
enabled: true
type: "{{ .Values.service.main.ports.main.protocol }}"
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
readiness:
enabled: true
type: "{{ .Values.service.main.ports.main.protocol }}"
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
startup:
enabled: true
type: "{{ .Values.service.main.ports.main.protocol }}"
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
# -- Timezone used everywhere applicable
TZ: UTC
# -- Diagnostic Mode
diagnosticMode:
enabled: false
# -- Vertical pod autoscaler
vpa:
main:
enabled: false
targetSelector: []
# updatePolicy:
# updateMode: auto
resourcePolicy:
containerPolicies:
- containerName: "*"
minAllowed:
cpu: 50m
memory: 50Mi
maxAllowed:
cpu: 8000m
memory: 20Gi
controlledResources: ["cpu", "memory"]
# -- Horizontal pod autoscaler
hpa:
main:
enabled: false
targetSelector: []
# minReplicas: 1
# maxReplicas: 3
# metrics: # Optional, list of metric specs
# - type: Resource # Can be Resource, Pods, Object, External, or ContainerResource
# resource:
# name: cpu
# target:
# type: Utilization # Or Value / AverageValue
# averageUtilization: 50
# - type: Resource
# resource:
# name: memory
# target:
# type: AverageValue
# averageValue: 500Mi
# behavior: # Optional: controls scaling behavior
# scaleUp:
# stabilizationWindowSeconds: 0
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 4
# periodSeconds: 60
# -- (docs/service/README.md)
service:
main:
## Integration stuff
# integration:
# metallb:
# enabled: false
## Optional to set shared key manually, otherwise set to namespace
# sharedKey: ""
#
# cilium:
# enabled: false
## Optional to set shared key manually, otherwise ignored (namespace sharing)
# sharedKey: ""
#
# traefik:
# enabled: false
## Optional - ensures `serversscheme: https` annotation is set
# forceTLS: false
## Optional to make Traefik skip TLS verification when taling to an HTTPS
## backend service
# insecureSkipVerify: false
## Optional to specify the hostname to use when talking to a backend service
# serverName: ""
## Optional - K8s secrets containing CA certs to use when performing TLS
## verification when taling to a backend service
# rootCAs:
# - secretRef: # OR configMapRef
# name: root-ca-secret
# expandObjectName: true
enabled: true
primary: true
ports:
main:
enabled: true
primary: true
protocol: http
credentials:
{}
# mys3:
# type: s3
# url: ""
# ## Provide a custom certificate authority in cases where the URL endpoint
# ## uses a self-signed certificate
# customCA: ""
# customCASecretRef:
# name: my-secret
# key: ca.crt
# # expandObjectName: false # default true
# path: ""
# bucket: ""
# accessKey: ""
# secretKey: ""
# ## Is used in cases where things are encrypted by a backup utility
# encrKey: ""
# ## Is used in cases where the region cannot be determined from the URL. If
# ## a backup/restore is failing, try setting the region manually using this field
# region: ""
ingressMiddlewares:
traefik:
tc-basic-secure-headers:
enabled: false
type: headers
data:
accessControlAllowMethods:
- GET
- OPTIONS
- HEAD
- PUT
accessControlMaxAge: 100
stsSeconds: 63072000
forceSTSHeader: true
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: same-origin
customRequestHeaders:
X-Forwarded-Proto: "https"
# basic-auth:
# enabled: true
# type: basicAuth
# data:
# # middleware specific data ie
# users:
# - username: user1
# password: password1
# some-other-middleware:
# enabled: true
# type: someOtherMiddleware
# data:
# # middleware specific data ie
# someOtherMiddlewareData: someOtherMiddlewareData
# -- (docs/persistence/README.md)
persistence:
shared:
enabled: true
type: emptyDir
mountPath: /shared
targetSelectAll: true
varlogs:
enabled: true
type: emptyDir
mountPath: /var/logs
medium: Memory
targetSelectAll: true
varrun:
enabled: true
type: emptyDir
mountPath: /var/run
medium: Memory
targetSelectAll: true
tmp:
enabled: true
type: emptyDir
mountPath: /tmp
medium: Memory
targetSelectAll: true
devshm:
enabled: true
type: emptyDir
mountPath: /dev/shm
medium: Memory
targetSelectAll: true
# backupexample:
# ## the default backup path, is the credential path suffixed by the releasename, volsync and both the pvc and volsync names
# enabled: true
# type: pvc
# mountPath: /backedup
# targetSelectAll: true
# volsync:
# - name: mybackup
# ## TODO: other options
# type: restic
# credentials: mys3
# dest:
# enabled: true
# src:
# enabled: true
# iscsi:
# enabled: true
# type: iscsi
# mountPath: /dev/shm
# iscsi:
# targetPortal: 10.0.2.15:3260
# portals: ['10.0.2.16:3260', '10.0.2.17:3260'] #optional
# iqn: iqn.2001-04.com.example:storage.kube.sys1.xyz
# lun: 0
# fsType: ext4 #Optional
# iscsiInterface: default #Optional
# initiatorName: iqn.1994-05.com.redhat:node1 #Optional
# authSession:
# username: "someusername"
# password: "somepassword"
# usernameInitiator: "someusernameInitiator"
# passwordInitiator: "somepasswordInitiator"
# authDiscovery:
# username: "someusername"
# password: "somepassword"
# usernameInitiator: "someusernameInitiator"
# passwordInitiator: "somepasswordInitiator"
# vct:
# enabled: true
# type: vct
# mountPath: /shared
# dynamic-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# dynamic-pvc-dataSource:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# dataSource:
# kind: "PersistentVolumeClaim"
# name: "existingPVC"
# existing-claim:
# enabled: true
# type: pvc
# existingClaim: "someclaim"
# mountPath: /shared
# targetSelectAll: true
# existingpv-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# volumeName: "somePV"
# static-nfs-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# static:
# mode: nfs
# server: "/someserver"
# share: "someshare"
# static-smb-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# static:
# mode: smb
# server: "/someserver"
# share: "someshare"
# domain: "somedomain"
# user: "someuser"
# password: "somepass"
# static-custom-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# static:
# mode: custom
# provisioner: "some.provisioner"
# driver: "somedriver"
# # Custom CSI definition here
# csi: {}
# example-volumesnapshot:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# volumeSnapshots:
# - name: "mysnapshot"
# volumeSnapshotClassName: "mysnapshotclass" (optional)
volumeSnapshotClass: {}
volumeSnapshots: {}
# volumeSnapshots:
# mysnapshot:
# volumeSnapshotClassName: "mycustomsnapshot" (optional)
# source:
# # pick one
# persistentVolumeClaimName: "mypvcname" (does not get altered)
# volumeSnapshotContentName: "mysnapshotname"
# -- (docs/imagePullSecrets.md)
imagePullSecret: {}
# -- (docs/configmap.md)
configmap: {}
# -- (docs/secret.md)
secret: {}
# -- (docs/serviceAccount.md)
serviceAccount: {}
# -- (docs/rbac.md)
rbac: {}
# NOTES.txt
notes:
header: |
# Thank you for installing {{ .Chart.Name }} by TrueCharts.
# custom: "{{ toYaml $.Values }}"
custom: |
{{- if .Values.chartContext.appUrl }}
## Connecting externally
You can use this Chart by opening the following links in your browser:
- {{ toYaml .Values.chartContext.appUrl }}
{{- end }}
{{ if .Chart.Dependencies }}
## Dependencies for {{ .Chart.Name }}
{{- range .Chart.Dependencies }}
- Chart: {{ .Repository }}/{{ .Name }}
Version: {{ .Version }}
{{- end }}
{{- end }}
{{- if .Values.chartContext.internalUrls }}
## Connecting Internally
You can reach this chart inside your cluster, using the following service URLS:
{{- range $url := .Values.chartContext.internalUrls -}}
- {{ $url }}
{{- end }}
{{- end }}
## Sources for {{ .Chart.Name }}
{{- range .Chart.Sources }}
- {{ . }}
{{- end -}}
{{- $link := .Chart.Annotations.docs -}}
{{- if not $link -}}
{{- $link = .Chart.Home -}}
{{- end }}
See more for **{{ $.Chart.Name }}** at ({{ $link }})
footer: |
## Documentation
Please check out the TrueCharts documentation on:
https://truecharts.org
OpenSource can only exist with your help, please consider supporting TrueCharts:
https://trueforge.org/sponsor
warnings: []
####
##
## TrueCharts Specific Root Objects
##
####
gluetunImage:
repository: oci.trueforge.org/tccr/gluetun
tag: v3.40.0@sha256:a8189e29155e0f8142be1500ae068a92b189b1b25abbba036321e74d6389bf2b
pullPolicy: IfNotPresent
netshootImage:
repository: oci.trueforge.org/tccr/netshoot
tag: v0.14.0@sha256:28ede4317d22391e7d89a15eb78dc2afc3587ece02c76c983dde7239a0e43679
pullPolicy: IfNotPresent
tailscaleImage:
repository: oci.trueforge.org/tccr/tailscale
tag: v1.88.3@sha256:878612592f133bc0728e978558b10a1c457371ac5949985d0584664c8e92c2f9
pullPolicy: IfNotPresent
codeserverImage:
repository: oci.trueforge.org/containerforge/code-server
tag: "4.127.0@sha256:467743d341fab46cba9f434eea01997c0d91e98ca5fc2e69b7e5fb9d27f2c464"
pullPolicy: IfNotPresent
alpineImage:
repository: oci.trueforge.org/tccr/alpine
tag: v3.22.1@sha256:6dc807ae4f2867cb2d00d061f8f579f1966420ad792c179ac68072ab235109f8
pullPolicy: IfNotPresent
ubuntuImage:
repository: oci.trueforge.org/containerforge/ubuntu
tag: "26.4@sha256:e566b6c11ab30372ddb0ee460a2f65699fd50ad2eb148ddac0d7800074159f19"
pullPolicy: IfNotPresent
scratchImage:
repository: oci.trueforge.org/containerforge/scratch
tag: "1.0.0@sha256:84182a2371dd7584ad752326b7150b4e928c640b7f70a249a3994b40f1db11fd"
pullPolicy: IfNotPresent
kubectlImage:
repository: oci.trueforge.org/containerforge/kubectl
tag: "1.31.1@sha256:3865b1b5a4e9d3efa89fba13aa85c94dc10b43aaea47a9b3f2a1d5ff525d30d0"
pullPolicy: IfNotPresent
wgetImage:
repository: oci.trueforge.org/containerforge/ubuntu
tag: "26.4@sha256:e566b6c11ab30372ddb0ee460a2f65699fd50ad2eb148ddac0d7800074159f19"
pullPolicy: IfNotPresent
yqImage:
pullPolicy: IfNotPresent
repository: oci.trueforge.org/containerforge/go-yq
tag: "4.53.3@sha256:955988f1a3b303990631778fa9ded2ee6da7f6e413d9908c1e218a587652b55c"
postgresClientImage:
repository: oci.trueforge.org/containerforge/postgresql-client
tag: "9.6.24@sha256:3f2db888d65f642aad283346798bb4eeff542220ee6467e30929ba5aefbfdaff"
pullPolicy: IfNotPresent
mariadbClientImage:
repository: oci.trueforge.org/containerforge/mariadb-client
tag: "12.3.2@sha256:62dc576092c715edf357d1514cfd4b0ac6b55392cd7491e9e6283172e484527a"
pullPolicy: IfNotPresent
redisClientImage:
repository: oci.trueforge.org/containerforge/valkey-tools
tag: "1.1.0@sha256:cfe7519adca683ed90e0e8daa974608aa78b982b73891106e796feb4531c6bef"
pullPolicy: IfNotPresent
valkeyClientImage:
repository: oci.trueforge.org/containerforge/valkey-tools
tag: "1.1.0@sha256:cfe7519adca683ed90e0e8daa974608aa78b982b73891106e796feb4531c6bef"
pullPolicy: IfNotPresent
mongodbClientImage:
repository: oci.trueforge.org/containerforge/mongosh
tag: "2.9.2@sha256:3131ff30afad75743491edaeb7d2ecd6467a55408f996b7653f51f9b8c15e268"
pullPolicy: IfNotPresent
postgres15Image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: "15.18@sha256:04598d2058f446fcbc3416838740e515e7d39c311d0bca57778b50c302db1ae5"
pullPolicy: IfNotPresent
postgres16Image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: "16.14@sha256:9f917c9f05732db5c40f6bc72be4e7d34705f205c75761f0d0d63e1f77e932ab"
pullPolicy: IfNotPresent
postgresPostgis15Image:
repository: ghcr.io/cloudnative-pg/postgis
tag: "15-3.4@sha256:4596b193991cd2463a07d40e3d3d62c59f046a7dece8f163ad1aba15925a38e4"
pullPolicy: IfNotPresent
postgresPostgis16Image:
repository: ghcr.io/cloudnative-pg/postgis
tag: "16-3.4@sha256:bb5a8590a8c934767482e34e1d103253f412aec703b77bbc52ad9044bf6e56f9"
pullPolicy: IfNotPresent
postgresVectors15Image:
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
tag: "15.7-v0.2.1@sha256:dbdeddf0d635f76df41f745407816c87c7468df35e3b7b0665ca4e0500ff3048"
pullPolicy: IfNotPresent
postgresVectors16Image:
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
tag: "16.3-v0.2.1@sha256:f1a19d4fc4073b0671a72ad34ef012aa20d21b3ddf5b4b0c9077d54450db679a"
pullPolicy: IfNotPresent
postgresVectorchord15Image:
repository: ghcr.io/tensorchord/cloudnative-vectorchord
tag: "15.14-0.5.3@sha256:1978732dc1e7e9ef94b9e806a094fcb123afab1e50a7e878e2d29de8b849cf47"
pullPolicy: IfNotPresent
postgresVectorchord16Image:
repository: ghcr.io/tensorchord/cloudnative-vectorchord
tag: "16.10-0.5.3@sha256:a0776b514bb23858d8aa59b08587223f8b449bba1b278ffbcf85e097d6504eb0"
pullPolicy: IfNotPresent
# -- OpenVPN specific configuration
# @default -- See below
openvpnImage:
# -- Specify the openvpn client image
repository: oci.trueforge.org/tccr/openvpn-client
# -- Specify the openvpn client image tag
tag: latest@sha256:9bfdf50791d6e51056e31c03f73c9db329b2b72e7746155cfdc63e0c8b49b55a
# -- Specify the openvpn client image pull policy
pullPolicy: IfNotPresent
# -- WireGuard specific configuration
# @default -- See below
wireguardImage:
# -- Specify the WireGuard image
repository: oci.trueforge.org/tccr/wireguard
# -- Specify the WireGuard image tag
tag: v1.0.20210914@sha256:683b8b74d64ebd07f9955147539834c2a4b60fee51d2a36fa76b9aba689601bf
# -- Specify the WireGuard image pull policy
pullPolicy: IfNotPresent
# -- Configure the ingresses for the chart here.
# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
# @default -- See below
ingress:
main:
# -- Enables or disables the ingress
enabled: false
# -- Make this the primary ingress (used in probes, notes, etc...).
# If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
primary: true
# -- Ensure this ingress is always enabled.
required: false
# expandObjectName: false
# -- Provide additional labels which may be required.
labels: {}
# -- Provide additional annotations which may be required.
annotations: {}
# -- Set the ingressClass that is used for this ingress.
# Requires Kubernetes >=1.19
ingressClassName: ""
# Defaults to primary service and primary port
# targetSelector:
# # service: port
# main: main
## Configure the hosts for the ingress
hosts: []
# - # -- Host address. Helm template can be passed.
# host: chart-example.local
# ## Configure the paths for the host
# paths:
# - # -- Path. Helm template can be passed.
# path: /
# # -- Ignored if not kubeVersion >= 1.14-0
# pathType: Prefix
# # -- Overrides the service reference for this path, by default the selector is honored
# overrideService:
# # -- Overrides the service name reference for this path
# name:
# # -- Overrides the service port reference for this path
# port:
# -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
# Gets ignored when clusterIssuer is filled
tls: []
# - secretName: chart-example-tls
# certificateIssuer: ""
# hosts:
# - chart-example.local
integrations:
certManager:
enabled: false
certificateIssuer: ""
traefik:
enabled: false
# Default to websecure
entrypoints:
- websecure
# Ensures tls annotation is set
forceTLS: true
middlewares: []
# - name: my-middleware
# # Optional, by default will try to
# # "lookup" the namespace based on the name
# namespace: ""
nginx:
enabled: false
themepark:
enabled: false
css: ""
ipWhitelist: []
auth:
# empty to disable, options: "authentik" or "authelia"
type: ""
# Internal Domain name + port to reach the auth provider, excluding http(s)
internalHost: ""
# External (ingress) Domain name to reach the auth provider, excluding http(s)
externalHost: ""
# Optional: override default response headers
responseHeaders: []
homepage:
enabled: false
# Default: chart name
name: ""
# Default: chart description
description: ""
# Default: no group
group: ""
# Default: chart icon
icon: ""
widget:
# Default: chartname
type: ""
# Default to ingress host 0
url: ""
custom:
# somesetting: some value
customkv:
# - key: some key
# value: some value
certificate: {}
# main:
# enabled: false
# certificateIssuer: someissuer
# hosts:
# - somehost
# # Optional
# certificateSecretTemplate:
# labels: {}
# annotations: {}
# -- BETA: Configure the gateway routes for the chart here.
# Additional routes can be added by adding a dictionary key similar to the 'main' route.
# Please be aware that this is an early beta of this feature, TrueCharts does not guarantee this actually works.
# Being BETA this can/will change in the future without notice, please do not use unless you want to take that risk
# [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)
# @default -- See below
route:
main:
# -- Enables or disables the route
enabled: false
# -- Set the route kind
# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
kind: HTTPRoute
# -- Provide additional annotations which may be required.
annotations: {}
# -- Provide additional labels which may be required.
labels: {}
# -- Configure the resource the route attaches to.
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name:
namespace:
sectionName:
# -- Host addresses
hostnames: []
# -- Configure rules for routing. Defaults to the primary service.
rules:
- backendRefs:
- group: ""
kind: Service
name:
namespace:
port:
weight: 1
## Configure conditions used for matching incoming requests. Only for HTTPRoutes
matches:
- path:
type: PathPrefix
value: /
podDisruptionBudget:
main:
enabled: false
# -- Custom Selector Labels
# customLabels:
# customKey: customValue
# maxUnavailable: 1
# minAvailable: 1
targetSelector: main
webhook:
validating:
enabled: false
type: validating
webhooks: []
mutating:
enabled: false
type: mutating
webhooks: []
priorityClass: {}
# priorityClass:
# example:
# provisioner: some.provisioner.io
# enabled: true
# value: 1000000
# preemptionPolicy: PreemptLowerPriority
# globalDefault: false
# description: "some description"
# # -- create storageClasses on demand
storageClass: {}
# storageClass:
# example:
# provisioner: some.provisioner.io
# enabled: true
# isDefaultClass: false
# parameters: {}
# reclaimPolicy: retain
# allowVolumeExpansion: true
# volumeBindingMode: Immediate
# mountOptions: []
metrics:
main:
enabled: false
primary: true
# options: servicemonitor, podmonitor
type: "servicemonitor"
# defaults to selectorLabels
selector: {}
endpoints:
- port: main
interval: 5s
scrapeTimeout: 5s
path: /
honorLabels: false
prometheusRule:
enabled: false
groups: {}
# somegroup:
# # list of rules
# rules: []
# # list to support adding rules via the SCALE GUI without overwrithing the rules
# additionalrules: []
# List to support adding groups using the SCALE GUI
additionalgroups:
# - name: "somegroup"
# # list of rules
# rules: []
# # list to support adding rules via the SCALE GUI without overwrithing the rules
# additionalrules: []
# -- The common chart supports several add-ons. These can be configured under this key.
# @default -- See below
addons:
gluetun:
enabled: false
targetSelector:
- main
secret:
# vpn-conf:
# basePath: /gluetun/wireguard
# data:
# # Effective path /gluetun/wireguard/wg0.conf
# wg0.conf: |
# some conf
# wg1.conf: |
# some conf
# scripts:
# basePath: /gluetun/scripts
# defaultMode: "0777"
# data:
# # Effective path /gluetun/scripts/up.sh
# up.sh: |
# some conf
container:
enabled: true
imageSelector: gluetunImage
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
resources:
excludeExtra: true
securityContext:
runAsUser: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
runAsGroup: 568
capabilities:
add:
- NET_ADMIN
- NET_RAW
- MKNOD
env:
DOT: "off"
DNS_KEEP_NAMESERVER: "on"
FIREWALL: "off"
FIREWALL_OUTBOUND_SUBNETS: ""
FIREWALL_INPUT_PORTS: ""
# -- Tailscale specific configuration
# @default -- See below
# See more info for the configuration
# https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh
tailscale:
enabled: false
targetSelector:
- main
# -- you can directly specify the config file here
config: ""
container:
enabled: true
imageSelector: "tailscaleImage"
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
command:
- /usr/local/bin/containerboot
resources:
excludeExtra: true
env:
# Set KUBE_SECRET to empty string to force tailscale
# to use the filesystem for state tracking.
# With secret for state tracking you can't always
# know if the app that uses this sidecard will
# use a custom ServiceAccount and will lead to falure.
TS_KUBE_SECRET: ""
TS_SOCKET: /var/run/tailscale/tailscaled.sock
TS_STATE_DIR: /var/lib/tailscale/state
TS_USERSPACE: true
TS_AUTH_ONCE: true
TS_ACCEPT_DNS: false
TS_AUTH_KEY: ""
TS_TAILSCALED_EXTRA_ARGS: ""
TS_EXTRA_ARGS: ""
TS_SOCKS5_SERVER: ""
TS_DEST_IP: ""
TS_ROUTES: ""
TS_OUTBOUND_HTTP_PROXY_LISTEN: ""
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
# -- Auth key to connect to the VPN Service
authkey: ""
# As a sidecar, it should only need to run in userspace
userspace: true
auth_once: true
accept_dns: false
routes: ""
dest_ip: ""
sock5_server: ""
extra_args: ""
daemon_extra_args: ""
outbound_http_proxy_listen: ""
# -- Annotations for tailscale sidecar
annotations: {}
# -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
# @default -- See values.yaml
codeserver:
enabled: false
# -- Enable running a code-server container in the pod
container:
enabled: true
env:
PORT: 12321
DEFAULT_WORKSPACE: /
probes:
liveness:
enabled: true
port: 12321
path: "/"
readiness:
enabled: true
port: 12321
path: "/"
startup:
enabled: true
port: 12321
path: "/"
imageSelector: "codeserverImage"
resources:
excludeExtra: true
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
# - --user-data-dir
# - "/config/.vscode"
# -- Select a workload to add the addon to
targetSelector:
- "main"
service:
# -- Enable a service for the code-server add-on.
enabled: true
type: ClusterIP
# Specify the default port information
ports:
codeserver:
enabled: true
primary: true
protocol: http
port: 12321
targetPort: 12321
ingress:
# -- Enable an ingress for the code-server add-on.
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
labels: {}
hosts:
- host: code.chart-example.local
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
tls: []
netshoot:
# -- Enable running a netshoot container in the pod
enabled: false
container:
enabled: true
command:
- /bin/sh
- -c
- sleep infinity
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
imageSelector: "netshootImage"
resources:
excludeExtra: true
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
dependencies:
##########################################################################
# This section contains some pre-config for frequently used dependencies #
##########################################################################
cnpg:
main:
enabled: false
primary: true
# -- Puts the cnpg cluster in hibernation mode
hibernate: false
# Additional Labels and annotations for all cnpg objects
labels: {}
annotations: {}
# Type of the CNPG database. Available types:
# * `postgres`
# * `postgis`
# * `timescaledb`
# * `vectors`
# * `vectorchord`
type: postgres
# Version of Postgresql to use, changes cluster naming scheme
# * `15`
# * `16`
pgVersion: 16
# Cluster mode of operation. Available modes:
# * `standalone` - default mode. Creates new or updates an existing CNPG cluster.
# * `replica` - Creates a replica cluster from an existing CNPG cluster. # TODO
# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup.
mode: standalone
# Database details
database: "app"
user: "app"
password: "PLACEHOLDERPASSWORD"
# Database cluster configuration
cluster:
# Additional Labels and annotations for cnpg cluster
labels: {}
annotations: {}
# Additional environment variables to set on all pods created in the cluster
env: {}
envFrom: {}
# Number of instances
instances: 2
# set to true on single-node clusters to allow PVCs to be kept on instance restart
singleNode: false
## set to configure the skipEmptyWalArchiveCheck annotation
# skipEmptyWalArchiveCheck: true
# # -- storage size for the data pvc's
# # Follows the same spec as .Values.Persistence type=PVC
# storage:
# size: "256Gi"
# # -- storage size for the wal pvc's
# # Follows the same spec as .Values.Persistence type=PVC
# walStorage:
# size: "256Gi"
# -- Gets scaled to 0 if hibernation is true
## See .Values.resources for more info
# resources:
# Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
# successfully updated. It can be switchover (default) or in-place (restart).
primaryUpdateMethod: switchover
# Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
# successfully updated: it can be automated (unsupervised - default) or manual (supervised)
# Example of rolling update strategy:
# - unsupervised: automated update of the primary once all
# replicas have been upgraded (default)
# - supervised: requires manual supervision to perform
# the switchover of the primary
# -- change to supervised to disable unsupervised updates
primaryUpdateStrategy: unsupervised
# The instances' log level, one of the following values: error, warning, info (default), debug, trace
logLevel: info
# The configuration for the CA and related certificates
# See: https://cloudnative-pg.io/documentation/current/api_reference/#CertificatesConfiguration
certificates:
# When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password.
# If the secret is not present, the operator will automatically create one.
# When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created,
# and then blank the password of the postgres user by setting it to NULL.
# enableSuperuserAccess: true
# Configuration of the PostgreSQL server
# See: https://cloudnative-pg.io/documentation/current/api_reference/#PostgresConfiguration
postgresql:
# BootstrapInitDB is the configuration of the bootstrap process when initdb is used
# See: https://cloudnative-pg.io/documentation/current/bootstrap/
# See: https://cloudnative-pg.io/documentation/current/api_reference/#bootstrapinitdb
initdb: {}
# postInitSQL:
# - CREATE EXTENSION IF NOT EXISTS vector;
# postInitApplicationSQL:
# - CREATE EXTENSION IF NOT EXISTS someextension;
# -- set to enable prometheus metrics
monitoring:
enablePodMonitor: false
disableDefaultQueries: false
customQueries: []
# - name: "pg_cache_hit_ratio"
# expandObjectName: true
# key: "custom-key" (defaults to "custom-queries")
# query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;"
# metrics:
# - datname:
# usage: "LABEL"
# description: "Name of the database database"
# - ratio:
# usage: GAUGE
# description: "Cache hit ratio"
# Recovery settings if the chosen mode is `recovery`.
recovery:
##
# Backup Recovery Method
# Available recovery methods:
# * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace.
# * `object_store` - Recovers a CNPG cluster from a barman object store (PITR supported).
# * `pg_basebackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to
# migrate databases to CloudNativePG, even from outside Kubernetes. # TODO
method: object_store
## set a revision to append to the serverName to ensure restore and backup dont target the same thing
# revision: 1
# override serverName in recovery obkect
servername: ""
## Point in time recovery target. Specify one of the following:
pitrTarget:
# Time in RFC3339 format
time: ""
# Name of the backup to recover from. Required if method is `backup`.
backupName: ""
# Object Store Recovery Method
clusterName: ""
# Overrides the provider specific default path. Defaults to:
# S3: s3://<bucket><path>
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path>
# Google: gs://<bucket><path>
destinationPath: ""
# Database cluster backup configuration
backups:
# You need to configure backups manually, so backups are disabled by default.
enabled: false
encryption:
enabled: false
## set a revision to append to the serverName to ensure restore and backup dont target the same thing
# revision: 1
# override serverName in recovery obkect
servername: ""
# Overrides the provider specific default path. Defaults to:
# S3: s3://<bucket><path>
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path>
# Google: gs://<bucket><path>
destinationPath: ""
# default: primary, other option prefer-standby
target: ""
# name of credentials in .Values.Credentials
credentials: ""
scheduledBackups:
- name: daily-backup
schedule: "0 0 0 * * *"
backupOwnerReference: self
immediate: true
suspend: false
retentionPolicy: "30d"
# - Manual list of backups
manualBackups: []
# - name: today
# labels: {}
# annotations: {}
# - name: beforeUpgrade
# labels: {}
# annotations: {}
# Database cluster PgBouncer configuration
pooler:
enabled: false
# -- enable to create extra pgbouncer for readonly access
createRO: false
poolMode: session
# -- Gets scaled to 0 if hibernation is true
instances: 2
# parameters:
# max_client_conn: "1000"
# default_pool_size: "25"
labels: {}
annotations: {}
# -- contains credentials and urls output by generator
creds: {}
# -- Redis dependency configuration
# @default -- See below
redis:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
# -- can be used to make an easy accessible note which URLS to use to access the DB.
creds: {}
secret:
credentials:
enabled: false
# -- mariadb dependency configuration
# @default -- See below
mariadb:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
rootPassword: "PLACEHOLDERROOTPASSWORD"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
# -- mongodb dependency configuration
# @default -- See below
mongodb:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
rootPassword: "PLACEHOLDERROOTPASSWORD"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
# -- clickhouse dependency configuration
# @default -- See below
clickhouse:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
# -- solr dependency configuration
# @default -- See below
solr:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
solrCores: 1
solrEnableAuthentication: "no"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
# -- List of extra objects to deploy with the release
extraTpl: []