dashboard/deployment/helmchart/values.yaml
Maarten de Waard 37f0733475
process review
2022-10-05 12:20:16 +02:00

720 lines
26 KiB
YAML

## @section Global parameters
## Global container image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global container image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global container image registry
## @param global.imagePullSecrets Global container registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override dashboard.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override dashboard.fullname template
##
fullnameOverride: ""
## @param commonLabels Labels to be added to all deployed resources
##
commonLabels: {}
## @param commonAnnotations Annotations to be added to all deployed resources
##
commonAnnotations: {}
## @section Stackspin parameters
## @param imagePullSecrets Specify docker-registry secret names as an array
## @param imagePullPolicy Policy on pulling images on container start
##
image:
imagePullSecrets: []
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
## Same policy for all containers is used.
##
pullPolicy: IfNotPresent
## Dashboard configuration parameters
## ref: https://open.greenhost.net/stackspin/dashboard
##
dashboard:
## Dashboard image version
## ref: https://hub.docker.com/r/bitnami/dashboard/tags/
## @param image.registry Stackspin image registry
## @param image.repository Stackspin image repository
## @param image.tag Stackspin image tag
## @param image.pullPolicy Stackspin image pull policy
## @param image.pullSecrets Stackspin image pull secrets
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: open.greenhost.net:4567
repository: stackspin/dashboard/dashboard
tag: 0-2-8
digest: ""
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @section Service parameters
## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
##
service:
## @param service.type Kubernetes Service type
##
type: ClusterIP
## @param service.port Service HTTP port
##
port: 80
## @param service.nodePort Node Ports to expose
##
nodePort: ""
## @param service.loadBalancerIP Use loadBalancerIP to request a specific static IP
##
loadBalancerIP: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.annotations Service annotations
##
annotations: {}
## @param service.loadBalancerSourceRanges Limits which cidr blocks can connect to service's load balancer
## Only valid if service.type: LoadBalancer
##
loadBalancerSourceRanges: []
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.nodePorts.http Kubernetes http node port
## Example:
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
## @param dashboard.extendEslint Whether to read .eslint.json rules
extendEslint: false
## @param dashboard.host Stackspin host to create application URLs (include the port if =/= 80)
##
host: ""
## @param dashboard.command Custom command to override image cmd
##
command: []
## @param dashboard.args Custom args for the custom command
##
args: []
## @param dashboard.containerSecurityContext Container security context specification
## Example:
## capabilities:
## drop:
## - ALL
## readOnlyRootFilesystem: true
## runAsNonRoot: true
## runAsUser: 1000
##
containerSecurityContext: {}
## Stackspin container's resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param dashboard.resources.limits The resources limits for the container
## @param dashboard.resources.requests The requested resources for the container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
requests: {}
## Stackspin extra options for liveness probe
## WARNING: Stackspin installation process may take up some time and
## setting inappropriate values here may lead to pods failure.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param dashboard.livenessProbe.enabled Enable/disable livenessProbe
## @param dashboard.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
## @param dashboard.livenessProbe.periodSeconds How often to perform the probe
## @param dashboard.livenessProbe.timeoutSeconds When the probe times out
## @param dashboard.livenessProbe.failureThreshold Minimum consecutive failures for the probe
## @param dashboard.livenessProbe.successThreshold Minimum consecutive successes for the probe
##
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Stackspin extra options for readiness probe
## WARNING: Stackspin installation process may take up some time and
## setting inappropriate values here may lead to pods failure.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param dashboard.readinessProbe.enabled Enable/disable readinessProbe
## @param dashboard.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
## @param dashboard.readinessProbe.periodSeconds How often to perform the probe
## @param dashboard.readinessProbe.timeoutSeconds When the probe times out
## @param dashboard.readinessProbe.failureThreshold Minimum consecutive failures for the probe
## @param dashboard.readinessProbe.successThreshold Minimum consecutive successes for the probe
##
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param dashboard.customLivenessProbe Custom liveness probe to execute (when the main one is disabled)
##
customLivenessProbe: {}
## @param dashboard.customReadinessProbe Custom readiness probe to execute (when the main one is disabled)
##
customReadinessProbe: {}
## @param dashboard.extraEnvVars An array to add extra env vars
## For example:
## extraEnvVars:
## dashboard:
## - name: DASHBOARD_ELASTICSEARCH_URL
## value: test
##
extraEnvVars: []
## @param dashboard.extraEnvVarsCM Array to add extra configmaps
##
extraEnvVarsCM: []
## @param dashboard.extraEnvVarsSecret Array to add extra environment variables from a secret
##
extraEnvVarsSecret: ""
## @param dashboard.extraVolumeMounts Additional volume mounts (used along with `extraVolumes`)
## Example: Mount CA file
## extraVolumeMounts
## - name: ca-cert
## subPath: ca_cert
## mountPath: /path/to/ca_cert
##
extraVolumeMounts: []
## Dashboard backend configuration parameters
## ref: https://open.greenhost.net/stackspin/dashboard-backend
##
backend:
## Dashboard image version
## ref: https://hub.docker.com/r/bitnami/dashboard/tags/
## @param image.registry Stackspin image registry
## @param image.repository Stackspin image repository
## @param image.tag Stackspin image tag
## @param image.pullSecrets Stackspin image pull secrets
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: open.greenhost.net:4567
repository: stackspin/dashboard-backend/dashboard-backend
tag: 0-3-1
digest: ""
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
oidc:
clientId: dashboard
clientSecret: ReplaceWithSecret
baseUrl: https://sso.stackspin.example.org
authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
tokenUrl: https://sso.stackspin.example.org/oauth2/token
# Where to find the Kratos ADMIN and PUBLIC url
kratos:
publicUrl: https://dashboard.stackspin.example.org/kratos
adminUrl: http://kratos-admin:80
# Where to find the Hydra ADMIN url
hydra:
adminUrl: http://hydra-admin:4445
# Public URL of login panel
loginPanelUrl: https://dashboard.stackspin.example.org/web/
databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin
initialUser:
email: admin@example.com
# password: Set a pasword for the initial user!
## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
##
service:
## @param service.type Kubernetes Service type
##
type: ClusterIP
## @param service.port Service HTTP port
##
port: 80
## @param service.nodePort Node Ports to expose
##
nodePort: ""
## @param service.loadBalancerIP Use loadBalancerIP to request a specific static IP
##
loadBalancerIP: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.annotations Service annotations
##
annotations: {}
## @param service.loadBalancerSourceRanges Limits which cidr blocks can connect to service's load balancer
## Only valid if service.type: LoadBalancer
##
loadBalancerSourceRanges: []
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.nodePorts.http Kubernetes http node port
## Example:
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
## @param backend.reactAppApiUrl URL to the dashboard-backend API
apiUrl: "/api/v1"
## Variables for future use {{{
## @param backend.username Admin user of the application
##
username: user
## @param backend.password password. WARNING: Minimum length of 10 characters
## Defaults to a random 10-character alphanumeric string if not set
##
password: ""
## @param backend.existingSecret Name of an existing secret containing the password (ignores previous password)
## The secret should contain the following key:
## backend-password
##
existingSecret: ""
## @param backend.email Admin user email of the application
##
email: user@example.com
## dashboard SMTP settings
## @param backend.smtp.enabled Enable/disable SMTP
## @param backend.smtp.host SMTP host name
## @param backend.smtp.port SMTP port number
## @param backend.smtp.user SMTP account user name
## @param backend.smtp.password SMTP account password
## @param backend.smtp.protocol SMTP protocol (Allowed values: tls, ssl)
## @param backend.smtp.auth SMTP authentication method
## @param backend.smtp.existingSecret Name of an existing Kubernetes secret. The secret must have the following key configured: `smtp-password`
##
smtp:
enabled: false
host: ""
port: ""
user: ""
password: ""
protocol: ""
auth: ""
existingSecret: ""
## End variables for future use }}}
## @param backend.flaskEnv Overridable flask env for debugging
flaskEnv: production
## @param backend.secretKey Flask secret for generating JWT tokens
# secretKey: OVERRIDE_ME
## @param backend.command Custom command to override image cmd
##
command: []
## @param backend.args Custom args for the custom command
##
args: []
## @param backend.containerSecurityContext Container security context specification
## Example:
## capabilities:
## drop:
## - ALL
## readOnlyRootFilesystem: true
## runAsNonRoot: true
## runAsUser: 1000
##
containerSecurityContext: {}
## Stackspin container's resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param backend.resources.limits The resources limits for the container
## @param backend.resources.requests The requested resources for the container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
requests: {}
## Stackspin extra options for liveness probe
## WARNING: Stackspin installation process may take up some time and
## setting inappropriate values here may lead to pods failure.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param backend.livenessProbe.enabled Enable/disable livenessProbe
## @param backend.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
## @param backend.livenessProbe.periodSeconds How often to perform the probe
## @param backend.livenessProbe.timeoutSeconds When the probe times out
## @param backend.livenessProbe.failureThreshold Minimum consecutive failures for the probe
## @param backend.livenessProbe.successThreshold Minimum consecutive successes for the probe
##
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Stackspin extra options for readiness probe
## WARNING: Stackspin installation process may take up some time and
## setting inappropriate values here may lead to pods failure.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param backend.readinessProbe.enabled Enable/disable readinessProbe
## @param backend.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
## @param backend.readinessProbe.periodSeconds How often to perform the probe
## @param backend.readinessProbe.timeoutSeconds When the probe times out
## @param backend.readinessProbe.failureThreshold Minimum consecutive failures for the probe
## @param backend.readinessProbe.successThreshold Minimum consecutive successes for the probe
##
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param backend.customLivenessProbe Custom liveness probe to execute (when the main one is disabled)
##
customLivenessProbe: {}
## @param backend.customReadinessProbe Custom readiness probe to execute (when the main one is disabled)
##
customReadinessProbe: {}
## @param backend.extraEnvVars An array to add extra env vars
## For example:
## extraEnvVars:
## backend:
## - name: DASHBOARD_ELASTICSEARCH_URL
## value: test
##
extraEnvVars: []
## @param backend.extraEnvVarsCM Array to add extra configmaps
##
extraEnvVarsCM: []
## @param backend.extraEnvVarsSecret Array to add extra environment variables from a secret
##
extraEnvVarsSecret: ""
## @param backend.extraVolumeMounts Additional volume mounts (used along with `extraVolumes`)
## Example: Mount CA file
## extraVolumeMounts
## - name: ca-cert
## subPath: ca_cert
## mountPath: /path/to/ca_cert
##
extraVolumeMounts: []
## @param replicaCount Number of Stackspin & Sidekiq replicas
## (Note that you will need ReadWriteMany PVCs for this to work properly)
##
replicaCount: 1
## @param extraVolumes Array of extra volumes to be added deployment. Requires setting `extraVolumeMounts`
## Example: Add secret volume
## extraVolumes:
## - name: ca-cert
## secret:
## secretName: ca-cert
## items:
## - key: ca-cert
## path: ca_cert
##
extraVolumes: []
## @param sidecars Attach additional sidecar containers to the pod
## Example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param initContainers Additional init containers to add to the pods
##
## e.g.
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
initContainers: []
## @param serviceAccount.create Whether the service account should be created
## @param serviceAccount.annotations Annotations to add to the service account
## @param serviceAccount.name Name to be used for the service account
##
serviceAccount:
create: false
annotations: {}
## If not set and create is true, a name is generated using the fullname template
##
name: ""
## @param podSecurityContext Pod security context specification
## Example:
## fsGroup: 2000
##
##
podSecurityContext: {}
## @param hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param persistence.enabled Whether to enable persistence based on Persistent Volume Claims
##
enabled: false
## @param persistence.storageClass dashboard & sidekiq data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.existingClaim Use a existing PVC which must be created manually before bound
##
existingClaim: ""
## @param persistence.accessMode PVC Access Mode (RWO, ROX, RWX)
##
accessMode: ReadWriteOnce
## @param persistence.size Size of the PVC to request
##
size: 10Gi
## @param persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)
## selector:
## matchLabels:
## app: my-app
selector: {}
## @param updateStrategy.type Update strategy type. Only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
## Example:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
updateStrategy:
type: RollingUpdate
## @param podAnnotations Additional pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels Additional pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAffinityPreset Pod affinity preset. Allowed values: soft, hard
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @section Volume Permissions parameters (currently disabled because there is
## no persistence in the app)
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup
## values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
##
enabled: false
## Init containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resources.limits The resources limits for the init container
## @param volumePermissions.resources.requests The requested resources for the init container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
requests: {}
## @section Ingress parameters
## Ingress parameters
##
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: false
## @param ingress.certManager Add annotations for cert-manager
##
certManager: false
## @param ingress.hostname Default host for the ingress resource
##
hostname: dashboard.local
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.path Ingress path
##
path: /
## @param ingress.pathType Ingress path type
##
pathType: Prefix
## @param ingress.annotations Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - dashboard.local
## secretName: dashboard.local-tls
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: dashboard.local-tls
## key:
## certificate:
secrets: []
# The dashboard-backend needs access to certain Kubernetes APIs to be able to
# install and remove apps
rbac:
## @param backend.rbac.create Specifies whether RBAC resources should be created
create: true
## ServiceAccount configuration for dashboard backend
##
serviceAccount:
## @param backend.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param backend.serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param backend.serviceAccount.automountServiceAccountToken Automount service account token for the dashboard backend service account
##
automountServiceAccountToken: true
## @param backend.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
annotations: {}