mirror of
https://gitlab.fabcity.hamburg/software/fab-city-os-core-chart.git
synced 2024-09-20 04:18:52 +02:00
sort out secrets and config properties
This commit is contained in:
parent
03e69a8b65
commit
887eef5179
402
values.yaml
402
values.yaml
|
@ -1,20 +1,124 @@
|
||||||
# Default values for fcos-core.
|
# Default values for fcoscore.
|
||||||
# This is a YAML-formatted file.
|
# This is a YAML-formatted file.
|
||||||
# Declare variables to be passed into your templates.
|
# Declare variables to be passed into your templates.
|
||||||
|
|
||||||
|
## @param global.imageRegistry Global Docker image registry
|
||||||
|
## @param global.imagePullSecrets Global Docker registry secret names as an array
|
||||||
|
## @param global.storageClass Global StorageClass for Persistent Volume(s)
|
||||||
|
##
|
||||||
|
global:
|
||||||
|
imageRegistry: ""
|
||||||
|
## E.g.
|
||||||
|
## imagePullSecrets:
|
||||||
|
## - myRegistryKeySecretName
|
||||||
|
##
|
||||||
|
imagePullSecrets: []
|
||||||
|
storageClass: ""
|
||||||
|
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
|
## Enable diagnostic mode in the statefulset
|
||||||
|
##
|
||||||
|
diagnosticMode:
|
||||||
|
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
|
||||||
|
##
|
||||||
|
enabled: false
|
||||||
|
## @param diagnosticMode.command Command to override all containers in the the statefulset
|
||||||
|
##
|
||||||
|
command:
|
||||||
|
- sleep
|
||||||
|
## @param diagnosticMode.args Args to override all containers in the the statefulset
|
||||||
|
##
|
||||||
|
args:
|
||||||
|
- infinity
|
||||||
|
|
||||||
|
## @param image.registry fcoscore image registry
|
||||||
|
## @param image.repository fcoscore image repository
|
||||||
|
## @param image.pullPolicy fcoscore image pull policy
|
||||||
|
## @param image.pullSecrets fcoscore image pull secrets
|
||||||
|
## @param image.tag fcoscore image tag
|
||||||
|
## @param image.debug Enable image debug mode
|
||||||
|
##
|
||||||
image:
|
image:
|
||||||
registry: docker.io
|
registry: docker.io
|
||||||
repository: dyne/reflow
|
repository: dyne/reflow
|
||||||
|
## Specify a imagePullPolicy
|
||||||
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||||
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||||
|
##
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
## Optionally specify an array of imagePullSecrets.
|
||||||
|
## Secrets must be manually created in the namespace.
|
||||||
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||||
|
## e.g:
|
||||||
|
## pullSecrets:
|
||||||
|
## - myRegistryKeySecretName
|
||||||
|
##
|
||||||
|
pullSecrets: []
|
||||||
|
## Set to true if you would like to see extra information on logs
|
||||||
|
##
|
||||||
# Overrides the image tag whose default is the chart appVersion.
|
# Overrides the image tag whose default is the chart appVersion.
|
||||||
|
# tag: ""
|
||||||
tag: ""
|
tag: ""
|
||||||
|
# debug: false
|
||||||
|
debug: true
|
||||||
|
|
||||||
|
audit:
|
||||||
|
pgAuditLog: true
|
||||||
|
logLinePrefix: ""
|
||||||
|
# logTimezone: ""
|
||||||
|
|
||||||
imagePullSecrets: []
|
|
||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
fullnameOverride: ""
|
fullnameOverride: ""
|
||||||
|
|
||||||
|
## Authentication parameters
|
||||||
|
##
|
||||||
|
auth:
|
||||||
|
## @param auth.username FabCityOS admin user
|
||||||
|
##
|
||||||
|
username: root
|
||||||
|
## @param auth.password FabCityOS admin password. WARNING: Minimum length of 10 characters
|
||||||
|
## Defaults to a random 10-character alphanumeric string if not set
|
||||||
|
##
|
||||||
|
password: ""
|
||||||
|
## @param auth.existingSecret Name of an existing secret to use for Discourse credentials
|
||||||
|
## `auth.password` will be ignored and picked up from this secret
|
||||||
|
## The secret must contain the key `discourse-password`
|
||||||
|
## The value is evaluated as a template
|
||||||
|
##
|
||||||
|
existingSecret: ""
|
||||||
|
|
||||||
|
## @param host Hostname to create application URLs (include the port if =/= 80)
|
||||||
|
##
|
||||||
|
host: ""
|
||||||
|
## @param siteName fcoscore site name
|
||||||
|
##
|
||||||
|
siteName: 'Fab City Core node for valueflows circular economy networks'
|
||||||
|
|
||||||
|
## fcoscore SMTP settings
|
||||||
|
## @param smtp.enabled Enable/disable SMTP
|
||||||
|
## @param smtp.backend SMTP Backend type
|
||||||
|
## @param smtp.host SMTP host name
|
||||||
|
## @param smtp.port SMTP port number
|
||||||
|
## @param smtp.user SMTP account user name
|
||||||
|
## @param smtp.password SMTP account password
|
||||||
|
## @param smtp.protocol SMTP protocol (Allowed values: tls, ssl)
|
||||||
|
## @param smtp.auth SMTP authentication method
|
||||||
|
## @param smtp.existingSecret Name of an existing Kubernetes secret. The secret must have the following key configured: `smtp-password`
|
||||||
|
##
|
||||||
|
smtp:
|
||||||
|
enabled: false
|
||||||
|
backend: smtp
|
||||||
|
host: ""
|
||||||
|
port: ""
|
||||||
|
user: ""
|
||||||
|
password: ""
|
||||||
|
protocol: ""
|
||||||
|
auth: ""
|
||||||
|
existingSecret: ""
|
||||||
|
from: ""
|
||||||
|
api_key: ""
|
||||||
|
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
# Specifies whether a service account should be created
|
# Specifies whether a service account should be created
|
||||||
create: true
|
create: true
|
||||||
|
@ -26,9 +130,6 @@ serviceAccount:
|
||||||
|
|
||||||
podAnnotations: {}
|
podAnnotations: {}
|
||||||
|
|
||||||
podSecurityContext: {}
|
|
||||||
# fsGroup: 2000
|
|
||||||
|
|
||||||
securityContext: {}
|
securityContext: {}
|
||||||
# capabilities:
|
# capabilities:
|
||||||
# drop:
|
# drop:
|
||||||
|
@ -39,7 +140,7 @@ securityContext: {}
|
||||||
|
|
||||||
service:
|
service:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
port: 80
|
port: 4000
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
@ -48,7 +149,7 @@ ingress:
|
||||||
# kubernetes.io/ingress.class: nginx
|
# kubernetes.io/ingress.class: nginx
|
||||||
# kubernetes.io/tls-acme: "true"
|
# kubernetes.io/tls-acme: "true"
|
||||||
hosts:
|
hosts:
|
||||||
- host: fcos-core.local
|
- host: fcoscore.local
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: ImplementationSpecific
|
pathType: ImplementationSpecific
|
||||||
|
@ -69,6 +170,23 @@ resources: {}
|
||||||
# cpu: 100m
|
# cpu: 100m
|
||||||
# memory: 128Mi
|
# memory: 128Mi
|
||||||
|
|
||||||
|
## Configure Pods Security Context
|
||||||
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||||
|
## @param podSecurityContext.enabled Enabled Odoo pods' Security Context
|
||||||
|
## @param podSecurityContext.fsGroup Set Odoo pod's Security Context fsGroup
|
||||||
|
##
|
||||||
|
podSecurityContext: {}
|
||||||
|
# fsGroup: 2000
|
||||||
|
|
||||||
|
## Configure Container Security Context (only main container)
|
||||||
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||||
|
## @param containerSecurityContext.enabled Enabled Odoo containers' Security Context
|
||||||
|
## @param containerSecurityContext.runAsUser Set Odoo container's Security Context runAsUser
|
||||||
|
##
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: false
|
||||||
|
runAsUser: 1001
|
||||||
|
|
||||||
autoscaling:
|
autoscaling:
|
||||||
enabled: false
|
enabled: false
|
||||||
minReplicas: 1
|
minReplicas: 1
|
||||||
|
@ -81,3 +199,273 @@ nodeSelector: {}
|
||||||
tolerations: []
|
tolerations: []
|
||||||
|
|
||||||
affinity: {}
|
affinity: {}
|
||||||
|
|
||||||
|
fcoscore:
|
||||||
|
secretName: fcoscore
|
||||||
|
## @param fcoscore.command Custom command to override image cmd
|
||||||
|
##
|
||||||
|
command: []
|
||||||
|
## @param fcoscore.args Custom args for the custom command
|
||||||
|
##
|
||||||
|
args: []
|
||||||
|
## @param fcoscore.extraEnvVars Array with extra environment variables to add fcoscore pods
|
||||||
|
##
|
||||||
|
extraEnvVars: []
|
||||||
|
## @param fcoscore.extraEnvVarsCM ConfigMap containing extra environment variables for fcoscore pods
|
||||||
|
##
|
||||||
|
extraEnvVarsCM: ""
|
||||||
|
## @param fcoscore.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for fcoscore pods
|
||||||
|
##
|
||||||
|
extraEnvVarsSecret: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
org_name: "FabCity"
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
mix_env: "prod"
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
flavour: "reflow"
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
lang: "en_US.UTF-8"
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
upload_limit: "30000000"
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
timeout: "10000"
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
invite_only: true
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
invite_key: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
replace_os_vars: true
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
liveview_enabled: true
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
acme_agree: true
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
erlang_cookie: "bonfire"
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
web_push:
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
subject: "mailto:hostmaster@example.com"
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
public_key: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
geolocate_opencagedata: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
meili_master_key: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
encryption_salt: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
secret_key_base: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
signing_salt: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
github_token: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
disable_db_automigration: false
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
seeds_user: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
seeds_pw: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
web_push_public_key: ""
|
||||||
|
## config properties
|
||||||
|
##
|
||||||
|
web_push_private_key: ""
|
||||||
|
|
||||||
|
## Persistence Parameters
|
||||||
|
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
|
||||||
|
##
|
||||||
|
persistence:
|
||||||
|
## @param persistence.enabled Enable persistence using Persistent Volume Claims
|
||||||
|
##
|
||||||
|
enabled: true
|
||||||
|
## @param persistence.storageClass Persistent Volume storage class
|
||||||
|
## If defined, storageClassName: <storageClass>
|
||||||
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
||||||
|
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
|
||||||
|
##
|
||||||
|
storageClass: ""
|
||||||
|
## @param persistence.accessModes [array] Persistent Volume access modes
|
||||||
|
##
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
## @param persistence.accessMode Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead)
|
||||||
|
##
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
## @param persistence.size Persistent Volume size
|
||||||
|
##
|
||||||
|
size: 10Gi
|
||||||
|
## @param persistence.existingClaim The name of an existing PVC to use for persistence
|
||||||
|
##
|
||||||
|
existingClaim: ""
|
||||||
|
## @param persistence.selector Selector to match an existing Persistent Volume for Discourse data PVC
|
||||||
|
## If set, the PVC can't have a PV dynamically provisioned for it
|
||||||
|
## E.g.
|
||||||
|
## selector:
|
||||||
|
## matchLabels:
|
||||||
|
## app: my-app
|
||||||
|
##
|
||||||
|
selector: {}
|
||||||
|
## @param persistence.annotations Persistent Volume Claim annotations
|
||||||
|
##
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
|
||||||
|
networkPolicy:
|
||||||
|
## @param networkPolicy.enabled Enable network policies
|
||||||
|
## If ingress.enabled is true, configure networkPolicy.ingress selectors to allow communication
|
||||||
|
##
|
||||||
|
enabled: false
|
||||||
|
## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies
|
||||||
|
## @param networkPolicy.ingress.namespaceSelector Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace.
|
||||||
|
## @param networkPolicy.ingress.podSelector Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods.
|
||||||
|
##
|
||||||
|
ingress:
|
||||||
|
enabled: false
|
||||||
|
## e.g:
|
||||||
|
## podSelector:
|
||||||
|
## label: ingress
|
||||||
|
##
|
||||||
|
podSelector: {}
|
||||||
|
## e.g:
|
||||||
|
## namespaceSelector:
|
||||||
|
## label: ingress
|
||||||
|
##
|
||||||
|
namespaceSelector: {}
|
||||||
|
## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backends (PostgreSQL and Redis) only accessible by Discourse's pods.
|
||||||
|
## @param networkPolicy.ingressRules.customBackendSelector Backend selector labels. These labels will be used to identify the backend pods.
|
||||||
|
## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes Discourse only accessible from a particular origin
|
||||||
|
## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector Namespace selector label that is allowed to access Discourse. This label will be used to identified the allowed namespace(s).
|
||||||
|
## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector Pods selector label that is allowed to access Discourse. This label will be used to identified the allowed pod(s).
|
||||||
|
## @param networkPolicy.ingressRules.customRules Custom network policy ingress rule
|
||||||
|
##
|
||||||
|
ingressRules:
|
||||||
|
## PostgreSQL and Redis backends only can be accessed from Discourse
|
||||||
|
##
|
||||||
|
backendOnlyAccessibleByFrontend: false
|
||||||
|
customBackendSelector: {}
|
||||||
|
## Allow only from the indicated:
|
||||||
|
##
|
||||||
|
accessOnlyFrom:
|
||||||
|
enabled: false
|
||||||
|
## e.g:
|
||||||
|
## namespaceSelector:
|
||||||
|
## label: ingress
|
||||||
|
##
|
||||||
|
namespaceSelector: {}
|
||||||
|
## e.g:
|
||||||
|
## podSelector:
|
||||||
|
## label: access
|
||||||
|
##
|
||||||
|
podSelector: {}
|
||||||
|
## custom ingress rules
|
||||||
|
## e.g:
|
||||||
|
## customRules:
|
||||||
|
## - from:
|
||||||
|
## - namespaceSelector:
|
||||||
|
## matchLabels:
|
||||||
|
## label: example
|
||||||
|
##
|
||||||
|
customRules: {}
|
||||||
|
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
|
||||||
|
## @param networkPolicy.egressRules.customRules Custom network policy rule
|
||||||
|
##
|
||||||
|
egressRules:
|
||||||
|
## Deny connections to external. This is not compatible with an external database.
|
||||||
|
##
|
||||||
|
denyConnectionsToExternal: false
|
||||||
|
## Additional custom egress rules
|
||||||
|
## e.g:
|
||||||
|
## customRules:
|
||||||
|
## - to:
|
||||||
|
## - namespaceSelector:
|
||||||
|
## matchLabels:
|
||||||
|
## label: example
|
||||||
|
##
|
||||||
|
customRules: {}
|
||||||
|
|
||||||
|
## PostgreSQL chart configuration
|
||||||
|
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
|
||||||
|
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
|
||||||
|
## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
|
||||||
|
## @param postgresql.auth.postgresPassword Password for the "postgres" admin user
|
||||||
|
## @param postgresql.auth.username Name for a custom user to create
|
||||||
|
## @param postgresql.auth.password Password for the custom user to create
|
||||||
|
## @param postgresql.auth.database Name for a custom database to create
|
||||||
|
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
|
||||||
|
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
|
||||||
|
##
|
||||||
|
postgresql:
|
||||||
|
enabled: true
|
||||||
|
auth:
|
||||||
|
host: ""
|
||||||
|
# port: 5432
|
||||||
|
username: fcoscore
|
||||||
|
database: bonfire
|
||||||
|
audit:
|
||||||
|
logHostname: true
|
||||||
|
logConnections: true
|
||||||
|
logDisconnections: true
|
||||||
|
pgAuditLogCatalog: "on"
|
||||||
|
clientMinMessages: error
|
||||||
|
extensions: hstore,pg_trgm,postgis
|
||||||
|
# primary:
|
||||||
|
# initdb:
|
||||||
|
# scripts:
|
||||||
|
# init.sql: |
|
||||||
|
# CREATE DATABASE bonfire;
|
||||||
|
# CREATE EXTENSION IF NOT EXISTS postgis;
|
||||||
|
# CREATE EXTENSION IF NOT EXISTS hstore;
|
||||||
|
# GRANT ALL ON bonfire TO fcoscore;
|
||||||
|
# # CREATE USER usr_fcos_core WITH PASSWORD 'pwd_fcos_core';
|
||||||
|
|
||||||
|
## External PostgreSQL configuration
|
||||||
|
## All of these values are only used when postgresql.enabled is set to false
|
||||||
|
## @param externalDatabase.host Database host
|
||||||
|
## @param externalDatabase.port Database port number
|
||||||
|
## @param externalDatabase.user Non-root username for FabCityOS
|
||||||
|
## @param externalDatabase.password Password for the non-root username for FabCityOS
|
||||||
|
## @param externalDatabase.database FabCityOS database name
|
||||||
|
## @param externalDatabase.create Switch to enable user/database creation during the installation stage
|
||||||
|
## @param externalDatabase.postgresUser PostgreSQL admin user, used during the installation stage
|
||||||
|
## @param externalDatabase.postgresPassword PostgreSQL admin password, used during the installation stage
|
||||||
|
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
|
||||||
|
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
|
||||||
|
## @param externalDatabase.existingSecretPostgresPasswordKey Name of an existing secret key containing the database admin user credentials
|
||||||
|
##
|
||||||
|
externalDatabase:
|
||||||
|
host: ""
|
||||||
|
port: 5432
|
||||||
|
user: ""
|
||||||
|
password: ""
|
||||||
|
database: ""
|
||||||
|
create: true
|
||||||
|
postgresUser: postgres
|
||||||
|
existingSecret: ""
|
||||||
|
existingSecretPasswordKey: ""
|
||||||
|
existingSecretPostgresPasswordKey: ""
|
||||||
|
|
Loading…
Reference in a new issue