srx/fab-city-os-core-chart
1
0
Fork 0
mirror of https://gitlab.fabcity.hamburg/software/fab-city-os-core-chart.git synced 2024-09-19 20:08:53 +02:00
Code Packages Projects Releases Activity

sort out secrets and config properties

Browse source
This commit is contained in:
Sebastian Wendel 2022-06-22 17:38:07 +02:00
parent 03e69a8b65
commit 887eef5179
No known key found for this signature in database
GPG key ID: 1422B7DF78144640
1 changed files with 395 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

402
values.yaml
View file

@ -1,20 +1,124 @@
# Default values for fcos-core.
# Default values for fcoscore.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
replicaCount: 1
## Enable diagnostic mode in the statefulset
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the the statefulset
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the the statefulset
##
args:
- infinity
## @param image.registry fcoscore image registry
## @param image.repository fcoscore image repository
## @param image.pullPolicy fcoscore image pull policy
## @param image.pullSecrets fcoscore image pull secrets
## @param image.tag fcoscore image tag
## @param image.debug Enable image debug mode
##
image:
registry: docker.io
repository: dyne/reflow
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Set to true if you would like to see extra information on logs
##
# Overrides the image tag whose default is the chart appVersion.
# tag: ""
tag: ""
# debug: false
debug: true
audit:
pgAuditLog: true
logLinePrefix: ""
# logTimezone: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
## Authentication parameters
##
auth:
## @param auth.username FabCityOS admin user
##
username: root
## @param auth.password FabCityOS admin password. WARNING: Minimum length of 10 characters
## Defaults to a random 10-character alphanumeric string if not set
##
password: ""
## @param auth.existingSecret Name of an existing secret to use for Discourse credentials
## `auth.password` will be ignored and picked up from this secret
## The secret must contain the key `discourse-password`
## The value is evaluated as a template
##
existingSecret: ""
## @param host Hostname to create application URLs (include the port if =/= 80)
##
host: ""
## @param siteName fcoscore site name
##
siteName: 'Fab City Core node for valueflows circular economy networks'
## fcoscore SMTP settings
## @param smtp.enabled Enable/disable SMTP
## @param smtp.backend SMTP Backend type
## @param smtp.host SMTP host name
## @param smtp.port SMTP port number
## @param smtp.user SMTP account user name
## @param smtp.password SMTP account password
## @param smtp.protocol SMTP protocol (Allowed values: tls, ssl)
## @param smtp.auth SMTP authentication method
## @param smtp.existingSecret Name of an existing Kubernetes secret. The secret must have the following key configured: `smtp-password`
##
smtp:
enabled: false
backend: smtp
host: ""
port: ""
user: ""
password: ""
protocol: ""
auth: ""
existingSecret: ""
from: ""
api_key: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
@ -26,9 +130,6 @@ serviceAccount:
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
@ -39,7 +140,7 @@ securityContext: {}
service:
type: ClusterIP
port: 80
port: 4000
ingress:
enabled: false
@ -48,7 +149,7 @@ ingress:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: fcos-core.local
- host: fcoscore.local
paths:
- path: /
pathType: ImplementationSpecific
@ -69,6 +170,23 @@ resources: {}
# cpu: 100m
# memory: 128Mi
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled Odoo pods' Security Context
## @param podSecurityContext.fsGroup Set Odoo pod's Security Context fsGroup
##
podSecurityContext: {}
# fsGroup: 2000
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled Odoo containers' Security Context
## @param containerSecurityContext.runAsUser Set Odoo container's Security Context runAsUser
##
containerSecurityContext:
enabled: false
runAsUser: 1001
autoscaling:
enabled: false
minReplicas: 1
@ -81,3 +199,273 @@ nodeSelector: {}
tolerations: []
affinity: {}
fcoscore:
secretName: fcoscore
## @param fcoscore.command Custom command to override image cmd
##
command: []
## @param fcoscore.args Custom args for the custom command
##
args: []
## @param fcoscore.extraEnvVars Array with extra environment variables to add fcoscore pods
##
extraEnvVars: []
## @param fcoscore.extraEnvVarsCM ConfigMap containing extra environment variables for fcoscore pods
##
extraEnvVarsCM: ""
## @param fcoscore.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for fcoscore pods
##
extraEnvVarsSecret: ""
## config properties
##
org_name: "FabCity"
## config properties
##
mix_env: "prod"
## config properties
##
flavour: "reflow"
## config properties
##
lang: "en_US.UTF-8"
## config properties
##
upload_limit: "30000000"
## config properties
##
timeout: "10000"
## config properties
##
invite_only: true
## config properties
##
invite_key: ""
## config properties
##
replace_os_vars: true
## config properties
##
liveview_enabled: true
## config properties
##
acme_agree: true
## config properties
##
erlang_cookie: "bonfire"
## config properties
##
web_push:
## config properties
##
subject: "mailto:hostmaster@example.com"
## config properties
##
public_key: ""
## config properties
##
geolocate_opencagedata: ""
## config properties
##
meili_master_key: ""
## config properties
##
encryption_salt: ""
## config properties
##
secret_key_base: ""
## config properties
##
signing_salt: ""
## config properties
##
github_token: ""
## config properties
##
disable_db_automigration: false
## config properties
##
seeds_user: ""
## config properties
##
seeds_pw: ""
## config properties
##
web_push_public_key: ""
## config properties
##
web_push_private_key: ""
## Persistence Parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param persistence.enabled Enable persistence using Persistent Volume Claims
##
enabled: true
## @param persistence.storageClass Persistent Volume storage class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
##
storageClass: ""
## @param persistence.accessModes [array] Persistent Volume access modes
##
accessModes:
- ReadWriteOnce
## @param persistence.accessMode Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead)
##
accessMode: ReadWriteOnce
## @param persistence.size Persistent Volume size
##
size: 10Gi
## @param persistence.existingClaim The name of an existing PVC to use for persistence
##
existingClaim: ""
## @param persistence.selector Selector to match an existing Persistent Volume for Discourse data PVC
## If set, the PVC can't have a PV dynamically provisioned for it
## E.g.
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @param persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
networkPolicy:
## @param networkPolicy.enabled Enable network policies
## If ingress.enabled is true, configure networkPolicy.ingress selectors to allow communication
##
enabled: false
## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies
## @param networkPolicy.ingress.namespaceSelector Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace.
## @param networkPolicy.ingress.podSelector Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods.
##
ingress:
enabled: false
## e.g:
## podSelector:
## label: ingress
##
podSelector: {}
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backends (PostgreSQL and Redis) only accessible by Discourse's pods.
## @param networkPolicy.ingressRules.customBackendSelector Backend selector labels. These labels will be used to identify the backend pods.
## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes Discourse only accessible from a particular origin
## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector Namespace selector label that is allowed to access Discourse. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector Pods selector label that is allowed to access Discourse. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.customRules Custom network policy ingress rule
##
ingressRules:
## PostgreSQL and Redis backends only can be accessed from Discourse
##
backendOnlyAccessibleByFrontend: false
customBackendSelector: {}
## Allow only from the indicated:
##
accessOnlyFrom:
enabled: false
## e.g:
## namespaceSelector:
## label: ingress
##
namespaceSelector: {}
## e.g:
## podSelector:
## label: access
##
podSelector: {}
## custom ingress rules
## e.g:
## customRules:
## - from:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: {}
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
## @param networkPolicy.egressRules.customRules Custom network policy rule
##
egressRules:
## Deny connections to external. This is not compatible with an external database.
##
denyConnectionsToExternal: false
## Additional custom egress rules
## e.g:
## customRules:
## - to:
## - namespaceSelector:
## matchLabels:
## label: example
##
customRules: {}
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
## @param postgresql.auth.postgresPassword Password for the "postgres" admin user
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
##
postgresql:
enabled: true
auth:
host: ""
# port: 5432
username: fcoscore
database: bonfire
audit:
logHostname: true
logConnections: true
logDisconnections: true
pgAuditLogCatalog: "on"
clientMinMessages: error
extensions: hstore,pg_trgm,postgis
# primary:
# initdb:
# scripts:
# init.sql: |
# CREATE DATABASE bonfire;
# CREATE EXTENSION IF NOT EXISTS postgis;
# CREATE EXTENSION IF NOT EXISTS hstore;
# GRANT ALL ON bonfire TO fcoscore;
# # CREATE USER usr_fcos_core WITH PASSWORD 'pwd_fcos_core';
## External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
## @param externalDatabase.port Database port number
## @param externalDatabase.user Non-root username for FabCityOS
## @param externalDatabase.password Password for the non-root username for FabCityOS
## @param externalDatabase.database FabCityOS database name
## @param externalDatabase.create Switch to enable user/database creation during the installation stage
## @param externalDatabase.postgresUser PostgreSQL admin user, used during the installation stage
## @param externalDatabase.postgresPassword PostgreSQL admin password, used during the installation stage
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
## @param externalDatabase.existingSecretPostgresPasswordKey Name of an existing secret key containing the database admin user credentials
##
externalDatabase:
host: ""
port: 5432
user: ""
password: ""
database: ""
create: true
postgresUser: postgres
existingSecret: ""
existingSecretPasswordKey: ""
existingSecretPostgresPasswordKey: ""