784a5fcfde
**Description** As discussed we wanted to make setting-up nginx easier for users, primarily themepark and auth/ This provides an integration to do so. ⚒️ Fixes #33988 **⚙️ Type of change** - [x] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code - [ ] 📜 Documentation Changes **🧪 How Has This Been Tested?** <!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration --> **📃 Notes:** <!-- Please enter any other relevant information here --> **✔️ Checklist:** - [ ] ⚖️ My code follows the style guidelines of this project - [ ] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made changes to the documentation - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [ ] ⬆️ I increased versions for any altered app according to semantic versioning - [ ] I made sure the title starts with `feat(chart-name):`, `fix(chart-name):`, `chore(chart-name):`, `docs(chart-name):` or `fix(docs):` **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --------- Signed-off-by: Kjeld Schouten <info@kjeldschouten.nl> Co-authored-by: Stavros Kois <s.kois@outlook.com>
1309 lines
36 KiB
YAML
1309 lines
36 KiB
YAML
# -- Global values
|
|
global:
|
|
# -- Set additional global labels
|
|
labels: {}
|
|
# -- Set additional global annotations
|
|
annotations: {}
|
|
# -- Set a global namespace
|
|
# TODO: Currently some objects do not support this
|
|
namespace: ""
|
|
diagnosticMode:
|
|
enabled: false
|
|
fallbackDefaults:
|
|
# -- Define a storageClassName that will be used for all PVCs
|
|
# Can be overruled per PVC
|
|
storageClass:
|
|
# -- Default probe type
|
|
probeType: http
|
|
# -- Default Service Protocol
|
|
serviceProtocol: tcp
|
|
# -- Default Service Type
|
|
serviceType: ClusterIP
|
|
# -- Default persistence type
|
|
persistenceType: pvc
|
|
# -- Default Retain PVC
|
|
pvcRetain: false
|
|
# -- Default PVC Size
|
|
pvcSize: 100Gi
|
|
# -- Default VCT Size
|
|
vctSize: 100Gi
|
|
# -- Default PVC Access Modes
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
# -- Default VCT Access Modes
|
|
vctAccessModes:
|
|
- ReadWriteOnce
|
|
# -- Default probe timeouts
|
|
probeTimeouts:
|
|
liveness:
|
|
initialDelaySeconds: 12
|
|
periodSeconds: 15
|
|
timeoutSeconds: 5
|
|
failureThreshold: 5
|
|
successThreshold: 1
|
|
readiness:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 12
|
|
timeoutSeconds: 5
|
|
failureThreshold: 4
|
|
successThreshold: 2
|
|
startup:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
timeoutSeconds: 3
|
|
failureThreshold: 60
|
|
successThreshold: 1
|
|
# -- Define a postgresql version for CNPG
|
|
# will be used for all CNPG objects
|
|
# Can be overruled per CNPG objects
|
|
|
|
# -- Define a topologyKey for default topologySpreadConstraints
|
|
# Will be used when defaultSpread: true
|
|
topologyKey: kubernetes.io/hostname
|
|
cnpg:
|
|
pgVersion: 16
|
|
skipEmptyWalArchiveCheck: true
|
|
traefik:
|
|
commonMiddlewares:
|
|
- name: tc-basic-secure-headers
|
|
# -- Minimum nodePort value
|
|
minNodePort: 9000
|
|
# -- Enable to stop most pods and containers including cnpg
|
|
# does not include stand-alone pods
|
|
stopAll: false
|
|
|
|
# -- Explicitly set a namespace for this chart only
|
|
namespace: ""
|
|
|
|
image:
|
|
repository: ghcr.io/traefik/whoami
|
|
pullPolicy: IfNotPresent
|
|
tag: v1.11.0@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab
|
|
|
|
chartContext:
|
|
appUrl: ""
|
|
podCIDR: ""
|
|
svcCIDR: ""
|
|
|
|
# -- Security Context
|
|
securityContext:
|
|
# -- Container security context for all containers
|
|
# Can be overruled per container
|
|
container:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
privileged: false
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
capabilities:
|
|
add: []
|
|
drop:
|
|
- ALL
|
|
# When set to false, it will automatically
|
|
# add CHOWN, SETUID, SETGID, FOWNER, DAC_OVERRIDE
|
|
# capabilities ONLY when container runs as ROOT
|
|
disableS6Caps: false
|
|
# -- PUID for all containers
|
|
# Can be overruled per container
|
|
PUID: 568
|
|
# -- UMASK for all containers
|
|
# Can be overruled per container
|
|
UMASK: "0022"
|
|
# -- Pod security context for all pods
|
|
# Can be overruled per pod
|
|
pod:
|
|
fsGroup: 568
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
supplementalGroups: []
|
|
sysctls: []
|
|
|
|
# -- Resources
|
|
# Can be overruled per container
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1500Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 250Mi
|
|
|
|
containerOptions:
|
|
NVIDIA_CAPS:
|
|
- all
|
|
|
|
# -- Options for all pods
|
|
# Can be overruled per pod
|
|
podOptions:
|
|
enableServiceLinks: false
|
|
hostNetwork: false
|
|
hostPID: false
|
|
hostIPC: false
|
|
# If this key exists, takes precedence over the automated calculation
|
|
# hostUsers: false
|
|
shareProcessNamespace: false
|
|
dnsPolicy: ClusterFirst
|
|
dnsConfig:
|
|
options:
|
|
- name: ndots
|
|
value: "1"
|
|
hostAliases: []
|
|
nodeSelector:
|
|
kubernetes.io/arch: "amd64"
|
|
# -- Used to enforce a good spread for Deployments and StatefulSets by default
|
|
defaultSpread: true
|
|
topologySpreadConstraints: []
|
|
tolerations: []
|
|
schedulerName: ""
|
|
priorityClassName: ""
|
|
runtimeClassName: ""
|
|
automountServiceAccountToken: false
|
|
terminationGracePeriodSeconds: 60
|
|
|
|
# -- (docs/workload/README.md)
|
|
workload:
|
|
main:
|
|
enabled: true
|
|
primary: true
|
|
type: Deployment
|
|
dbWait: true
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
enabled: true
|
|
primary: true
|
|
imageSelector: image
|
|
probes:
|
|
liveness:
|
|
enabled: true
|
|
type: "{{ .Values.service.main.ports.main.protocol }}"
|
|
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
|
|
readiness:
|
|
enabled: true
|
|
type: "{{ .Values.service.main.ports.main.protocol }}"
|
|
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
|
|
startup:
|
|
enabled: true
|
|
type: "{{ .Values.service.main.ports.main.protocol }}"
|
|
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
|
|
|
|
# -- Timezone used everywhere applicable
|
|
TZ: UTC
|
|
|
|
# -- Diagnostic Mode
|
|
diagnosticMode:
|
|
enabled: false
|
|
|
|
# -- (docs/service/README.md)
|
|
service:
|
|
main:
|
|
## Integration stuff
|
|
# integration:
|
|
# metallb:
|
|
# enabled: false
|
|
## Optional to set shared key manually, otherwise set to namespace
|
|
# sharedKey: ""
|
|
#
|
|
# cilium:
|
|
# enabled: false
|
|
## Optional to set shared key manually, otherwise ignored (namespace sharing)
|
|
# sharedKey: ""
|
|
#
|
|
# traefik:
|
|
# enabled: false
|
|
enabled: true
|
|
primary: true
|
|
ports:
|
|
main:
|
|
enabled: true
|
|
primary: true
|
|
protocol: http
|
|
|
|
credentials:
|
|
{}
|
|
# mys3:
|
|
# type: s3
|
|
# url: ""
|
|
# path: ""
|
|
# bucket: ""
|
|
# accessKey: ""
|
|
# secretKey: ""
|
|
# ## Is used in cases where things are encrypted by a backup utility
|
|
# encrKey: ""
|
|
|
|
ingressMiddlewares:
|
|
traefik:
|
|
tc-basic-secure-headers:
|
|
enabled: false
|
|
type: headers
|
|
data:
|
|
accessControlAllowMethods:
|
|
- GET
|
|
- OPTIONS
|
|
- HEAD
|
|
- PUT
|
|
accessControlMaxAge: 100
|
|
stsSeconds: 63072000
|
|
forceSTSHeader: true
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
referrerPolicy: same-origin
|
|
customRequestHeaders:
|
|
X-Forwarded-Proto: "https"
|
|
# basic-auth:
|
|
# enabled: true
|
|
# type: basicAuth
|
|
# data:
|
|
# # middleware specific data ie
|
|
# users:
|
|
# - username: user1
|
|
# password: password1
|
|
# some-other-middleware:
|
|
# enabled: true
|
|
# type: someOtherMiddleware
|
|
# data:
|
|
# # middleware specific data ie
|
|
# someOtherMiddlewareData: someOtherMiddlewareData
|
|
|
|
# -- (docs/persistence/README.md)
|
|
persistence:
|
|
shared:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /shared
|
|
targetSelectAll: true
|
|
varlogs:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /var/logs
|
|
medium: Memory
|
|
targetSelectAll: true
|
|
varrun:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /var/run
|
|
medium: Memory
|
|
targetSelectAll: true
|
|
tmp:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /tmp
|
|
medium: Memory
|
|
targetSelectAll: true
|
|
devshm:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /dev/shm
|
|
medium: Memory
|
|
targetSelectAll: true
|
|
# backupexample:
|
|
# ## the default backup path, is the credential path suffixed by the releasename, volsync and both the pvc and volsync names
|
|
# enabled: true
|
|
# type: pvc
|
|
# mountPath: /backedup
|
|
# targetSelectAll: true
|
|
# volsync:
|
|
# - name: mybackup
|
|
# ## TODO: other options
|
|
# type: restic
|
|
# credentials: mys3
|
|
# dest:
|
|
# enabled: true
|
|
# src:
|
|
# enabled: true
|
|
# iscsi:
|
|
# enabled: true
|
|
# type: iscsi
|
|
# mountPath: /dev/shm
|
|
# iscsi:
|
|
# targetPortal: 10.0.2.15:3260
|
|
# portals: ['10.0.2.16:3260', '10.0.2.17:3260'] #optional
|
|
# iqn: iqn.2001-04.com.example:storage.kube.sys1.xyz
|
|
# lun: 0
|
|
# fsType: ext4 #Optional
|
|
# iscsiInterface: default #Optional
|
|
# initiatorName: iqn.1994-05.com.redhat:node1 #Optional
|
|
# authSession:
|
|
# username: "someusername"
|
|
# password: "somepassword"
|
|
# usernameInitiator: "someusernameInitiator"
|
|
# passwordInitiator: "somepasswordInitiator"
|
|
# authDiscovery:
|
|
# username: "someusername"
|
|
# password: "somepassword"
|
|
# usernameInitiator: "someusernameInitiator"
|
|
# passwordInitiator: "somepasswordInitiator"
|
|
# vct:
|
|
# enabled: true
|
|
# type: vct
|
|
# mountPath: /shared
|
|
# dynamic-pvc:
|
|
# enabled: true
|
|
# type: pvc
|
|
# mountPath: /shared
|
|
# targetSelectAll: true
|
|
# dynamic-pvc-dataSource:
|
|
# enabled: true
|
|
# type: pvc
|
|
# mountPath: /shared
|
|
# targetSelectAll: true
|
|
# dataSource:
|
|
# kind: "PersistentVolumeClaim"
|
|
# name: "existingPVC"
|
|
# existing-claim:
|
|
# enabled: true
|
|
# type: pvc
|
|
# existingClaim: "someclaim"
|
|
# mountPath: /shared
|
|
# targetSelectAll: true
|
|
# existingpv-pvc:
|
|
# enabled: true
|
|
# type: pvc
|
|
# mountPath: /shared
|
|
# targetSelectAll: true
|
|
# volumeName: "somePV"
|
|
# static-nfs-pvc:
|
|
# enabled: true
|
|
# type: pvc
|
|
# mountPath: /shared
|
|
# targetSelectAll: true
|
|
# static:
|
|
# mode: nfs
|
|
# server: "/someserver"
|
|
# share: "someshare"
|
|
# static-smb-pvc:
|
|
# enabled: true
|
|
# type: pvc
|
|
# mountPath: /shared
|
|
# targetSelectAll: true
|
|
# static:
|
|
# mode: smb
|
|
# server: "/someserver"
|
|
# share: "someshare"
|
|
# domain: "somedomain"
|
|
# user: "someuser"
|
|
# password: "somepass"
|
|
# static-custom-pvc:
|
|
# enabled: true
|
|
# type: pvc
|
|
# mountPath: /shared
|
|
# targetSelectAll: true
|
|
# static:
|
|
# mode: custom
|
|
# provisioner: "some.provisioner"
|
|
# driver: "somedriver"
|
|
# # Custom CSI definition here
|
|
# csi: {}
|
|
# example-volumesnapshot:
|
|
# enabled: true
|
|
# type: pvc
|
|
# mountPath: /shared
|
|
# targetSelectAll: true
|
|
# volumeSnapshots:
|
|
# - name: "mysnapshot"
|
|
# volumeSnapshotClassName: "mysnapshotclass" (optional)
|
|
|
|
volumeSnapshotClass: {}
|
|
volumeSnapshots: {}
|
|
# volumeSnapshots:
|
|
# mysnapshot:
|
|
# volumeSnapshotClassName: "mycustomsnapshot" (optional)
|
|
# source:
|
|
# # pick one
|
|
# persistentVolumeClaimName: "mypvcname" (does not get altered)
|
|
# volumeSnapshotContentName: "mysnapshotname"
|
|
|
|
# -- (docs/imagePullSecrets.md)
|
|
imagePullSecret: {}
|
|
|
|
# -- (docs/configmap.md)
|
|
configmap: {}
|
|
|
|
# -- (docs/secret.md)
|
|
secret: {}
|
|
|
|
# -- (docs/serviceAccount.md)
|
|
serviceAccount: {}
|
|
|
|
# -- (docs/rbac.md)
|
|
rbac: {}
|
|
|
|
# NOTES.txt
|
|
notes:
|
|
header: |
|
|
# Thank you for installing {{ .Chart.Name }} by TrueCharts.
|
|
# custom: "{{ toYaml $.Values }}"
|
|
custom: |
|
|
{{- if .Values.chartContext.appUrl }}
|
|
## Connecting externally
|
|
You can use this Chart by opening the following links in your browser:
|
|
- {{ toYaml .Values.chartContext.appUrl }}
|
|
{{- end }}
|
|
|
|
{{ if .Chart.Dependencies }}
|
|
## Dependencies for {{ .Chart.Name }}
|
|
|
|
{{- range .Chart.Dependencies }}
|
|
- Chart: {{ .Repository }}/{{ .Name }}
|
|
Version: {{ .Version }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
|
|
{{- if .Values.chartContext.internalUrls }}
|
|
## Connecting Internally
|
|
|
|
You can reach this chart inside your cluster, using the following service URLS:
|
|
{{- range $url := .Values.chartContext.internalUrls -}}
|
|
- {{ $url }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
## Sources for {{ .Chart.Name }}
|
|
|
|
{{- range .Chart.Sources }}
|
|
- {{ . }}
|
|
{{- end -}}
|
|
|
|
{{- $link := .Chart.Annotations.docs -}}
|
|
{{- if not $link -}}
|
|
{{- $link = .Chart.Home -}}
|
|
{{- end }}
|
|
|
|
See more for **{{ $.Chart.Name }}** at ({{ $link }})
|
|
footer: |
|
|
## Documentation
|
|
Please check out the TrueCharts documentation on:
|
|
https://truecharts.org
|
|
|
|
OpenSource can only exist with your help, please consider supporting TrueCharts:
|
|
https://truecharts.org/sponsor
|
|
warnings: []
|
|
|
|
####
|
|
##
|
|
## TrueCharts Specific Root Objects
|
|
##
|
|
####
|
|
|
|
gluetunImage:
|
|
repository: tccr.io/tccr/gluetun
|
|
tag: v3.40.0@sha256:f5d434869d03fe3c91f832915ecabf7cb65c330732c5ba39ac03feb5e917f552
|
|
pullPolicy: IfNotPresent
|
|
|
|
netshootImage:
|
|
repository: tccr.io/tccr/netshoot
|
|
tag: v0.13.0@sha256:d1e6942d828ce14180e5de6136caa9ba2d89fcd25bfe3d3aaf9851ec73366879
|
|
pullPolicy: IfNotPresent
|
|
|
|
tailscaleImage:
|
|
repository: tccr.io/tccr/tailscale
|
|
tag: v1.82.0@sha256:d1750edcac72b5854177d1747c257d2b404af67ca8cc4815e01555fc3e7b2385
|
|
pullPolicy: IfNotPresent
|
|
|
|
codeserverImage:
|
|
repository: tccr.io/tccr/code-server
|
|
tag: v4.99.3@sha256:9f37dfc2c12bf87ae6540e1b2630cb4ea6957d31df23c9d0d546227aa74021a5
|
|
pullPolicy: IfNotPresent
|
|
|
|
alpineImage:
|
|
repository: tccr.io/tccr/alpine
|
|
tag: v3.21.3
|
|
pullPolicy: IfNotPresent
|
|
|
|
scratchImage:
|
|
repository: tccr.io/tccr/scratch
|
|
tag: latest@sha256:4aef9dbf99ea2a8857ed4ce9d9bf79d330b79044884c7374e392445d122ec746
|
|
pullPolicy: IfNotPresent
|
|
|
|
kubectlImage:
|
|
repository: tccr.io/tccr/kubectl
|
|
tag: latest@sha256:945f44d44720e6ca42969817c903e8643c6e34b9dafd90b338710dd104530588
|
|
pullPolicy: IfNotPresent
|
|
|
|
wgetImage:
|
|
repository: tccr.io/tccr/wget
|
|
tag: v1.0.0@sha256:2c26ff54ed4bed9e4f1a97132119ba22f75710655d08c400bcef15dc08f9e0d1
|
|
pullPolicy: IfNotPresent
|
|
|
|
yqImage:
|
|
pullPolicy: IfNotPresent
|
|
repository: docker.io/mikefarah/yq
|
|
tag: 4.45.1@sha256:2c100efaca06e95ffe452cfe9bfc0048b493f0f3a072d5fe06f828c638d9462b
|
|
|
|
postgresClientImage:
|
|
repository: tccr.io/tccr/db-wait-postgres
|
|
tag: v1.1.0@sha256:c85c459d3ca854d705b4aa8663a77752e62c8d33aa43d6a5e4455523f7eb53bd
|
|
pullPolicy: IfNotPresent
|
|
|
|
mariadbClientImage:
|
|
repository: tccr.io/tccr/db-wait-mariadb
|
|
tag: v1.1.0@sha256:513e3d11ea19317f2d6b146329eaa05f76e24322734d81effb98a5fccea6ed0c
|
|
pullPolicy: IfNotPresent
|
|
|
|
redisClientImage:
|
|
repository: tccr.io/tccr/db-wait-redis
|
|
tag: v1.1.0@sha256:910ade9977376cef26e6ee3b03939d74e295bb980e3c62ec8174bdd0b12af9af
|
|
pullPolicy: IfNotPresent
|
|
|
|
mongodbClientImage:
|
|
repository: tccr.io/tccr/db-wait-mongodb
|
|
tag: v1.2.0@sha256:faee7b78290e6cadab8c27b55884a6bf7805fc32e4ae22cf94452cf87949fb2a
|
|
pullPolicy: IfNotPresent
|
|
|
|
postgres15Image:
|
|
repository: ghcr.io/cloudnative-pg/postgresql
|
|
tag: "15.12"
|
|
pullPolicy: IfNotPresent
|
|
|
|
postgres16Image:
|
|
repository: ghcr.io/cloudnative-pg/postgresql
|
|
tag: "16.8"
|
|
pullPolicy: IfNotPresent
|
|
|
|
postgresPostgis15Image:
|
|
repository: ghcr.io/cloudnative-pg/postgis
|
|
tag: "15-3.4"
|
|
pullPolicy: IfNotPresent
|
|
|
|
postgresPostgis16Image:
|
|
repository: ghcr.io/cloudnative-pg/postgis
|
|
tag: "16-3.4"
|
|
pullPolicy: IfNotPresent
|
|
|
|
postgresVectors15Image:
|
|
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
|
|
tag: "15.7-v0.2.1"
|
|
pullPolicy: IfNotPresent
|
|
|
|
postgresVectors16Image:
|
|
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
|
|
tag: "16.3-v0.2.1"
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- OpenVPN specific configuration
|
|
# @default -- See below
|
|
openvpnImage:
|
|
# -- Specify the openvpn client image
|
|
repository: tccr.io/tccr/openvpn-client
|
|
# -- Specify the openvpn client image tag
|
|
tag: latest@sha256:9bfdf50791d6e51056e31c03f73c9db329b2b72e7746155cfdc63e0c8b49b55a
|
|
# -- Specify the openvpn client image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- WireGuard specific configuration
|
|
# @default -- See below
|
|
wireguardImage:
|
|
# -- Specify the WireGuard image
|
|
repository: tccr.io/tccr/wireguard
|
|
# -- Specify the WireGuard image tag
|
|
tag: v1.0.20210914@sha256:683b8b74d64ebd07f9955147539834c2a4b60fee51d2a36fa76b9aba689601bf
|
|
# -- Specify the WireGuard image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- Configure the ingresses for the chart here.
|
|
# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
|
|
# @default -- See below
|
|
ingress:
|
|
main:
|
|
# -- Enables or disables the ingress
|
|
enabled: false
|
|
# -- Make this the primary ingress (used in probes, notes, etc...).
|
|
# If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
|
|
primary: true
|
|
# -- Ensure this ingress is always enabled.
|
|
required: false
|
|
# expandObjectName: false
|
|
# -- Provide additional labels which may be required.
|
|
labels: {}
|
|
# -- Provide additional annotations which may be required.
|
|
annotations: {}
|
|
# -- Set the ingressClass that is used for this ingress.
|
|
# Requires Kubernetes >=1.19
|
|
ingressClassName: ""
|
|
# Defaults to primary service and primary port
|
|
# targetSelector:
|
|
# # service: port
|
|
# main: main
|
|
## Configure the hosts for the ingress
|
|
hosts: []
|
|
# - # -- Host address. Helm template can be passed.
|
|
# host: chart-example.local
|
|
# ## Configure the paths for the host
|
|
# paths:
|
|
# - # -- Path. Helm template can be passed.
|
|
# path: /
|
|
# # -- Ignored if not kubeVersion >= 1.14-0
|
|
# pathType: Prefix
|
|
# # -- Overrides the service reference for this path, by default the selector is honored
|
|
# overrideService:
|
|
# # -- Overrides the service name reference for this path
|
|
# name:
|
|
# # -- Overrides the service port reference for this path
|
|
# port:
|
|
# -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
|
|
# Gets ignored when clusterIssuer is filled
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# certificateIssuer: ""
|
|
# hosts:
|
|
# - chart-example.local
|
|
integrations:
|
|
certManager:
|
|
enabled: false
|
|
certificateIssuer: ""
|
|
traefik:
|
|
enabled: false
|
|
# Default to websecure
|
|
entrypoints:
|
|
- websecure
|
|
# Ensures tls annotation is set
|
|
forceTLS: true
|
|
middlewares: []
|
|
# - name: my-middleware
|
|
# # Optional, by default will try to
|
|
# # "lookup" the namespace based on the name
|
|
# namespace: ""
|
|
nginx:
|
|
enabled: false
|
|
themepark:
|
|
enabled: false
|
|
css: ""
|
|
ipWhitelist: []
|
|
auth:
|
|
# empty to disable, options: "authentik" or "authelia"
|
|
type: ""
|
|
# Internal Domain name + port to reach the auth provider, excluding http(s)
|
|
internalHost: ""
|
|
# External (ingress) Domain name to reach the auth provider, excluding http(s)
|
|
externalHost: ""
|
|
# Optional: override default response headers
|
|
responseHeaders: []
|
|
homepage:
|
|
enabled: false
|
|
# Default: chart name
|
|
name: ""
|
|
# Default: chart description
|
|
description: ""
|
|
# Default: no group
|
|
group: ""
|
|
# Default: chart icon
|
|
icon: ""
|
|
widget:
|
|
# Default: chartname
|
|
type: ""
|
|
# Default to ingress host 0
|
|
url: ""
|
|
custom:
|
|
# somesetting: some value
|
|
customkv:
|
|
# - key: some key
|
|
# value: some value
|
|
|
|
certificate: {}
|
|
# main:
|
|
# enabled: false
|
|
# certificateIssuer: someissuer
|
|
# hosts:
|
|
# - somehost
|
|
# # Optional
|
|
# certificateSecretTemplate:
|
|
# labels: {}
|
|
# annotations: {}
|
|
|
|
# -- BETA: Configure the gateway routes for the chart here.
|
|
# Additional routes can be added by adding a dictionary key similar to the 'main' route.
|
|
# Please be aware that this is an early beta of this feature, TrueCharts does not guarantee this actually works.
|
|
# Being BETA this can/will change in the future without notice, please do not use unless you want to take that risk
|
|
# [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)
|
|
# @default -- See below
|
|
route:
|
|
main:
|
|
# -- Enables or disables the route
|
|
enabled: false
|
|
# -- Set the route kind
|
|
# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
|
|
kind: HTTPRoute
|
|
# -- Provide additional annotations which may be required.
|
|
annotations: {}
|
|
# -- Provide additional labels which may be required.
|
|
labels: {}
|
|
# -- Configure the resource the route attaches to.
|
|
parentRefs:
|
|
- group: gateway.networking.k8s.io
|
|
kind: Gateway
|
|
name:
|
|
namespace:
|
|
sectionName:
|
|
# -- Host addresses
|
|
hostnames: []
|
|
# -- Configure rules for routing. Defaults to the primary service.
|
|
rules:
|
|
- backendRefs:
|
|
- group: ""
|
|
kind: Service
|
|
name:
|
|
namespace:
|
|
port:
|
|
weight: 1
|
|
## Configure conditions used for matching incoming requests. Only for HTTPRoutes
|
|
matches:
|
|
- path:
|
|
type: PathPrefix
|
|
value: /
|
|
|
|
podDisruptionBudget:
|
|
main:
|
|
enabled: false
|
|
# -- Custom Selector Labels
|
|
# customLabels:
|
|
# customKey: customValue
|
|
# maxUnavailable: 1
|
|
# minAvailable: 1
|
|
targetSelector: main
|
|
|
|
webhook:
|
|
validating:
|
|
enabled: false
|
|
type: validating
|
|
webhooks: []
|
|
mutating:
|
|
enabled: false
|
|
type: mutating
|
|
webhooks: []
|
|
|
|
priorityClass: {}
|
|
# priorityClass:
|
|
# example:
|
|
# provisioner: some.provisioner.io
|
|
# enabled: true
|
|
# value: 1000000
|
|
# preemptionPolicy: PreemptLowerPriority
|
|
# globalDefault: false
|
|
# description: "some description"
|
|
|
|
# # -- create storageClasses on demand
|
|
storageClass: {}
|
|
# storageClass:
|
|
# example:
|
|
# provisioner: some.provisioner.io
|
|
# enabled: true
|
|
# isDefaultClass: false
|
|
# parameters: {}
|
|
# reclaimPolicy: retain
|
|
# allowVolumeExpansion: true
|
|
# volumeBindingMode: Immediate
|
|
# mountOptions: []
|
|
|
|
metrics:
|
|
main:
|
|
enabled: false
|
|
primary: true
|
|
# options: servicemonitor, podmonitor
|
|
type: "servicemonitor"
|
|
# defaults to selectorLabels
|
|
selector: {}
|
|
endpoints:
|
|
- port: main
|
|
interval: 5s
|
|
scrapeTimeout: 5s
|
|
path: /
|
|
honorLabels: false
|
|
prometheusRule:
|
|
enabled: false
|
|
groups: {}
|
|
# somegroup:
|
|
# # list of rules
|
|
# rules: []
|
|
# # list to support adding rules via the SCALE GUI without overwrithing the rules
|
|
# additionalrules: []
|
|
# List to support adding groups using the SCALE GUI
|
|
additionalgroups:
|
|
# - name: "somegroup"
|
|
# # list of rules
|
|
# rules: []
|
|
# # list to support adding rules via the SCALE GUI without overwrithing the rules
|
|
# additionalrules: []
|
|
|
|
# -- The common chart supports several add-ons. These can be configured under this key.
|
|
# @default -- See below
|
|
addons:
|
|
gluetun:
|
|
enabled: false
|
|
targetSelector:
|
|
- main
|
|
secret:
|
|
# vpn-conf:
|
|
# basePath: /gluetun/wireguard
|
|
# data:
|
|
# # Effective path /gluetun/wireguard/wg0.conf
|
|
# wg0.conf: |
|
|
# some conf
|
|
# wg1.conf: |
|
|
# some conf
|
|
# scripts:
|
|
# basePath: /gluetun/scripts
|
|
# defaultMode: "0777"
|
|
# data:
|
|
# # Effective path /gluetun/scripts/up.sh
|
|
# up.sh: |
|
|
# some conf
|
|
container:
|
|
enabled: true
|
|
imageSelector: gluetunImage
|
|
probes:
|
|
liveness:
|
|
enabled: false
|
|
readiness:
|
|
enabled: false
|
|
startup:
|
|
enabled: false
|
|
resources:
|
|
excludeExtra: true
|
|
securityContext:
|
|
runAsUser: 0
|
|
runAsNonRoot: false
|
|
readOnlyRootFilesystem: false
|
|
runAsGroup: 568
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- MKNOD
|
|
env:
|
|
DOT: "off"
|
|
DNS_KEEP_NAMESERVER: "on"
|
|
FIREWALL: "off"
|
|
FIREWALL_OUTBOUND_SUBNETS: ""
|
|
FIREWALL_INPUT_PORTS: ""
|
|
|
|
# -- Tailscale specific configuration
|
|
# @default -- See below
|
|
# See more info for the configuration
|
|
# https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh
|
|
tailscale:
|
|
enabled: false
|
|
targetSelector:
|
|
- main
|
|
# -- you can directly specify the config file here
|
|
config: ""
|
|
container:
|
|
enabled: true
|
|
imageSelector: "tailscaleImage"
|
|
probes:
|
|
liveness:
|
|
enabled: false
|
|
readiness:
|
|
enabled: false
|
|
startup:
|
|
enabled: false
|
|
command:
|
|
- /usr/local/bin/containerboot
|
|
resources:
|
|
excludeExtra: true
|
|
env:
|
|
# Set KUBE_SECRET to empty string to force tailscale
|
|
# to use the filesystem for state tracking.
|
|
# With secret for state tracking you can't always
|
|
# know if the app that uses this sidecard will
|
|
# use a custom ServiceAccount and will lead to falure.
|
|
TS_KUBE_SECRET: ""
|
|
TS_SOCKET: /var/run/tailscale/tailscaled.sock
|
|
TS_STATE_DIR: /var/lib/tailscale/state
|
|
TS_USERSPACE: true
|
|
TS_AUTH_ONCE: true
|
|
TS_ACCEPT_DNS: false
|
|
TS_AUTH_KEY: ""
|
|
TS_TAILSCALED_EXTRA_ARGS: ""
|
|
TS_EXTRA_ARGS: ""
|
|
TS_SOCKS5_SERVER: ""
|
|
TS_DEST_IP: ""
|
|
TS_ROUTES: ""
|
|
TS_OUTBOUND_HTTP_PROXY_LISTEN: ""
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
|
|
# -- Auth key to connect to the VPN Service
|
|
authkey: ""
|
|
# As a sidecar, it should only need to run in userspace
|
|
userspace: true
|
|
auth_once: true
|
|
accept_dns: false
|
|
routes: ""
|
|
dest_ip: ""
|
|
sock5_server: ""
|
|
extra_args: ""
|
|
daemon_extra_args: ""
|
|
outbound_http_proxy_listen: ""
|
|
# -- Annotations for tailscale sidecar
|
|
annotations: {}
|
|
|
|
# -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
|
|
# @default -- See values.yaml
|
|
codeserver:
|
|
enabled: false
|
|
# -- Enable running a code-server container in the pod
|
|
container:
|
|
enabled: true
|
|
probes:
|
|
liveness:
|
|
enabled: true
|
|
port: 12321
|
|
path: "/"
|
|
readiness:
|
|
enabled: true
|
|
port: 12321
|
|
path: "/"
|
|
startup:
|
|
enabled: true
|
|
port: 12321
|
|
path: "/"
|
|
imageSelector: "codeserverImage"
|
|
resources:
|
|
excludeExtra: true
|
|
securityContext:
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
runAsNonRoot: false
|
|
readOnlyRootFilesystem: false
|
|
args:
|
|
- "--port"
|
|
- "12321"
|
|
- "/"
|
|
- --auth
|
|
- none
|
|
# - --user-data-dir
|
|
# - "/config/.vscode"
|
|
# -- Select a workload to add the addon to
|
|
targetSelector:
|
|
- "main"
|
|
|
|
service:
|
|
# -- Enable a service for the code-server add-on.
|
|
enabled: true
|
|
type: ClusterIP
|
|
# Specify the default port information
|
|
ports:
|
|
codeserver:
|
|
enabled: true
|
|
primary: true
|
|
protocol: http
|
|
port: 12321
|
|
targetPort: 12321
|
|
|
|
ingress:
|
|
# -- Enable an ingress for the code-server add-on.
|
|
enabled: false
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
labels: {}
|
|
hosts:
|
|
- host: code.chart-example.local
|
|
paths:
|
|
- path: /
|
|
# Ignored if not kubeVersion >= 1.14-0
|
|
pathType: Prefix
|
|
tls: []
|
|
|
|
netshoot:
|
|
# -- Enable running a netshoot container in the pod
|
|
enabled: false
|
|
container:
|
|
enabled: true
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- sleep infinity
|
|
probes:
|
|
liveness:
|
|
enabled: false
|
|
readiness:
|
|
enabled: false
|
|
startup:
|
|
enabled: false
|
|
imageSelector: "netshootImage"
|
|
resources:
|
|
excludeExtra: true
|
|
securityContext:
|
|
runAsUser: 0
|
|
runAsGroup: 0
|
|
runAsNonRoot: false
|
|
readOnlyRootFilesystem: false
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
|
|
dependencies:
|
|
|
|
##########################################################################
|
|
# This section contains some pre-config for frequently used dependencies #
|
|
##########################################################################
|
|
|
|
cnpg:
|
|
main:
|
|
enabled: false
|
|
primary: true
|
|
# -- Puts the cnpg cluster in hibernation mode
|
|
hibernate: false
|
|
# Additional Labels and annotations for all cnpg objects
|
|
labels: {}
|
|
annotations: {}
|
|
|
|
# Type of the CNPG database. Available types:
|
|
# * `postgres`
|
|
# * `postgis`
|
|
# * `timescaledb`
|
|
# * `vectors`
|
|
type: postgres
|
|
|
|
# Version of Postgresql to use, changes cluster naming scheme
|
|
# * `15`
|
|
# * `16`
|
|
pgVersion: 16
|
|
|
|
# Cluster mode of operation. Available modes:
|
|
# * `standalone` - default mode. Creates new or updates an existing CNPG cluster.
|
|
# * `replica` - Creates a replica cluster from an existing CNPG cluster. # TODO
|
|
# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup.
|
|
mode: standalone
|
|
|
|
# Database details
|
|
database: "app"
|
|
user: "app"
|
|
password: "PLACEHOLDERPASSWORD"
|
|
|
|
# Database cluster configuration
|
|
cluster:
|
|
# Additional Labels and annotations for cnpg cluster
|
|
labels: {}
|
|
annotations: {}
|
|
|
|
# Number of instances
|
|
instances: 2
|
|
|
|
# set to true on single-node clusters to allow PVCs to be kept on instance restart
|
|
singleNode: false
|
|
|
|
## set to configure the skipEmptyWalArchiveCheck annotation
|
|
# skipEmptyWalArchiveCheck: true
|
|
# # -- storage size for the data pvc's
|
|
# # Follows the same spec as .Values.Persistence type=PVC
|
|
# storage:
|
|
# size: "256Gi"
|
|
# # -- storage size for the wal pvc's
|
|
# # Follows the same spec as .Values.Persistence type=PVC
|
|
# walStorage:
|
|
# size: "256Gi"
|
|
# -- Gets scaled to 0 if hibernation is true
|
|
## See .Values.resources for more info
|
|
# resources:
|
|
|
|
# Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
|
|
# successfully updated. It can be switchover (default) or in-place (restart).
|
|
primaryUpdateMethod: switchover
|
|
|
|
# Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
|
|
# successfully updated: it can be automated (unsupervised - default) or manual (supervised)
|
|
# Example of rolling update strategy:
|
|
# - unsupervised: automated update of the primary once all
|
|
# replicas have been upgraded (default)
|
|
# - supervised: requires manual supervision to perform
|
|
# the switchover of the primary
|
|
# -- change to supervised to disable unsupervised updates
|
|
primaryUpdateStrategy: unsupervised
|
|
|
|
# The instances' log level, one of the following values: error, warning, info (default), debug, trace
|
|
logLevel: info
|
|
|
|
# The configuration for the CA and related certificates
|
|
# See: https://cloudnative-pg.io/documentation/current/api_reference/#CertificatesConfiguration
|
|
certificates:
|
|
|
|
# When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password.
|
|
# If the secret is not present, the operator will automatically create one.
|
|
# When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created,
|
|
# and then blank the password of the postgres user by setting it to NULL.
|
|
|
|
# enableSuperuserAccess: true
|
|
|
|
# Configuration of the PostgreSQL server
|
|
# See: https://cloudnative-pg.io/documentation/current/api_reference/#PostgresConfiguration
|
|
postgresql:
|
|
|
|
# BootstrapInitDB is the configuration of the bootstrap process when initdb is used
|
|
# See: https://cloudnative-pg.io/documentation/current/bootstrap/
|
|
# See: https://cloudnative-pg.io/documentation/current/api_reference/#bootstrapinitdb
|
|
initdb: {}
|
|
# postInitSQL:
|
|
# - CREATE EXTENSION IF NOT EXISTS vector;
|
|
# postInitApplicationSQL:
|
|
# - CREATE EXTENSION IF NOT EXISTS someextension;
|
|
# -- set to enable prometheus metrics
|
|
monitoring:
|
|
enablePodMonitor: false
|
|
disableDefaultQueries: false
|
|
customQueries: []
|
|
# - name: "pg_cache_hit_ratio"
|
|
# expandObjectName: true
|
|
# key: "custom-key" (defaults to "custom-queries")
|
|
# query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;"
|
|
# metrics:
|
|
# - datname:
|
|
# usage: "LABEL"
|
|
# description: "Name of the database database"
|
|
# - ratio:
|
|
# usage: GAUGE
|
|
# description: "Cache hit ratio"
|
|
# Recovery settings if the chosen mode is `recovery`.
|
|
recovery:
|
|
##
|
|
# Backup Recovery Method
|
|
# Available recovery methods:
|
|
# * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace.
|
|
# * `object_store` - Recovers a CNPG cluster from a barman object store (PITR supported).
|
|
# * `pg_basebackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to
|
|
# migrate databases to CloudNativePG, even from outside Kubernetes. # TODO
|
|
method: object_store
|
|
## set a revision to append to the serverName to ensure restore and backup dont target the same thing
|
|
# revision: 1
|
|
|
|
# override serverName in recovery obkect
|
|
servername: ""
|
|
|
|
## Point in time recovery target. Specify one of the following:
|
|
pitrTarget:
|
|
# Time in RFC3339 format
|
|
time: ""
|
|
|
|
# Name of the backup to recover from. Required if method is `backup`.
|
|
backupName: ""
|
|
|
|
# Object Store Recovery Method
|
|
clusterName: ""
|
|
|
|
# Overrides the provider specific default path. Defaults to:
|
|
# S3: s3://<bucket><path>
|
|
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path>
|
|
# Google: gs://<bucket><path>
|
|
destinationPath: ""
|
|
|
|
# Database cluster backup configuration
|
|
backups:
|
|
# You need to configure backups manually, so backups are disabled by default.
|
|
enabled: false
|
|
|
|
encryption:
|
|
enabled: false
|
|
## set a revision to append to the serverName to ensure restore and backup dont target the same thing
|
|
# revision: 1
|
|
|
|
# override serverName in recovery obkect
|
|
servername: ""
|
|
|
|
# Overrides the provider specific default path. Defaults to:
|
|
# S3: s3://<bucket><path>
|
|
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path>
|
|
# Google: gs://<bucket><path>
|
|
destinationPath: ""
|
|
|
|
# default: primary, other option prefer-standby
|
|
target: ""
|
|
|
|
# name of credentials in .Values.Credentials
|
|
credentials: ""
|
|
|
|
scheduledBackups:
|
|
- name: daily-backup
|
|
schedule: "0 0 0 * * *"
|
|
backupOwnerReference: self
|
|
immediate: true
|
|
suspend: false
|
|
|
|
retentionPolicy: "30d"
|
|
|
|
# - Manual list of backups
|
|
manualBackups: []
|
|
# - name: today
|
|
# labels: {}
|
|
# annotations: {}
|
|
# - name: beforeUpgrade
|
|
# labels: {}
|
|
# annotations: {}
|
|
|
|
# Database cluster PgBouncer configuration
|
|
pooler:
|
|
enabled: false
|
|
# -- enable to create extra pgbouncer for readonly access
|
|
createRO: false
|
|
poolMode: session
|
|
# -- Gets scaled to 0 if hibernation is true
|
|
instances: 2
|
|
# parameters:
|
|
# max_client_conn: "1000"
|
|
# default_pool_size: "25"
|
|
labels: {}
|
|
annotations: {}
|
|
|
|
# -- contains credentials and urls output by generator
|
|
creds: {}
|
|
|
|
# -- Redis dependency configuration
|
|
# @default -- See below
|
|
redis:
|
|
enabled: false
|
|
includeCommon: false
|
|
password: "PLACEHOLDERPASSWORD"
|
|
# -- can be used to make an easy accessible note which URLS to use to access the DB.
|
|
creds: {}
|
|
secret:
|
|
credentials:
|
|
enabled: false
|
|
|
|
# -- mariadb dependency configuration
|
|
# @default -- See below
|
|
mariadb:
|
|
enabled: false
|
|
includeCommon: false
|
|
password: "PLACEHOLDERPASSWORD"
|
|
rootPassword: "PLACEHOLDERROOTPASSWORD"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
creds: {}
|
|
|
|
# -- mongodb dependency configuration
|
|
# @default -- See below
|
|
mongodb:
|
|
enabled: false
|
|
includeCommon: false
|
|
password: "PLACEHOLDERPASSWORD"
|
|
rootPassword: "PLACEHOLDERROOTPASSWORD"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
creds: {}
|
|
|
|
# -- clickhouse dependency configuration
|
|
# @default -- See below
|
|
clickhouse:
|
|
enabled: false
|
|
includeCommon: false
|
|
password: "PLACEHOLDERPASSWORD"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
creds: {}
|
|
|
|
# -- solr dependency configuration
|
|
# @default -- See below
|
|
solr:
|
|
enabled: false
|
|
includeCommon: false
|
|
password: "PLACEHOLDERPASSWORD"
|
|
solrCores: 1
|
|
solrEnableAuthentication: "no"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
creds: {}
|
|
|
|
# -- List of extra objects to deploy with the release
|
|
extraTpl: []
|