--- # Default values for fcoscore. # This is a YAML-formatted file. # Declare variables to be passed into your templates. ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" replicaCount: 1 ## Enable diagnostic mode in the statefulset ## diagnosticMode: ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## enabled: false ## @param diagnosticMode.command Command to override all containers in the the statefulset ## command: - sleep ## @param diagnosticMode.args Args to override all containers in the the statefulset ## args: - infinity audit: pgAuditLog: true logLinePrefix: "" # logTimezone: "" nameOverride: "" fullnameOverride: "" ## Authentication parameters ## auth: ## @param auth.password FabCityOS admin password. WARNING: Minimum length of 10 characters ## Defaults to a random 10-character alphanumeric string if not set ## password: "" ## @param auth.existingSecret Name of an existing secret to use for Discourse credentials ## `auth.password` will be ignored and picked up from this secret ## The secret must contain the key `discourse-password` ## The value is evaluated as a template ## existingSecret: "" invitationKey: "" ## @param host Hostname to create application URLs (include the port if =/= 80) ## host: "" ## @param siteName fcoscore site name ## siteName: "Fab City Core node for valueflows circular economy networks" ## fcoscore SMTP settings ## @param smtp.enabled Enable/disable SMTP ## @param smtp.backend SMTP Backend type ## @param smtp.host SMTP host name ## @param smtp.port SMTP port number ## @param smtp.user SMTP account user name ## @param smtp.password SMTP account password ## @param smtp.protocol SMTP protocol (Allowed values: tls, ssl) ## @param smtp.auth SMTP authentication method ## @param smtp.existingSecret Name of an existing Kubernetes secret. The secret must have the following key configured: `smtp-password` ## smtp: enabled: false backend: smtp host: "" port: "" user: "" password: "" protocol: "" auth: "" existingSecret: "" from: "" api_key: "" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: fcoscore.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled Odoo pods' Security Context ## @param podSecurityContext.fsGroup Set Odoo pod's Security Context fsGroup ## podSecurityContext: {} # fsGroup: 2000 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enabled Odoo containers' Security Context ## @param containerSecurityContext.runAsUser Set Odoo container's Security Context runAsUser ## containerSecurityContext: enabled: false runAsUser: 1001 autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} ## @param image.registry fcoscore image registry ## @param image.repository fcoscore image repository ## @param image.pullPolicy fcoscore image pull policy ## @param image.pullSecrets fcoscore image pull secrets ## @param image.tag fcoscore image tag ## @param image.debug Enable image debug mode ## zenflow: registry: ghcr.io repository: interfacerproject/zenflows ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## # Overrides the image tag whose default is the chart appVersion. # tag: "" tag: master secretName: "" existingSecret: "" debug: false service: type: ClusterIP port: 8000 room: salt: "" zvmlet: registry: ghcr.io repository: interfacerproject/zenflows-crypto ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## # Overrides the image tag whose default is the chart appVersion. tag: latest debug: false service: type: ClusterIP port: 3000 frontend: registry: ghcr.io repository: interfacerproject/interfacer-gui ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## # Overrides the image tag whose default is the chart appVersion. tag: main debug: false service: type: ClusterIP port: 8080 gateway: registry: ghcr.io repository: interfacerproject/interfacer-gateway ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## # Overrides the image tag whose default is the chart appVersion. tag: main debug: false service: type: ClusterIP port: 3000 url: "" inbox: registry: ghcr.io repository: interfacerproject/zenflows-inbox-tarantool ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## # Overrides the image tag whose default is the chart appVersion. tag: main debug: false service: type: ClusterIP port: 8080 url: "" tarantool: registry: ghcr.io repository: interfacerproject/zenflows-inbox-tarantool-db ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## # Overrides the image tag whose default is the chart appVersion. tag: main debug: false service: type: ClusterIP port: 3500 url: "" ## Persistence Parameters ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: ## @param persistence.enabled Enable persistence using Persistent Volume Claims ## enabled: true ## @param persistence.storageClass Persistent Volume storage class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner ## storageClass: "" ## @param persistence.accessModes [array] Persistent Volume access modes ## accessModes: - ReadWriteOnce ## @param persistence.accessMode Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) ## accessMode: ReadWriteOnce ## @param persistence.size Persistent Volume size ## size: 10Gi ## @param persistence.existingClaim The name of an existing PVC to use for persistence ## existingClaim: "" ## @param persistence.selector Selector to match an existing Persistent Volume for Discourse data PVC ## If set, the PVC can't have a PV dynamically provisioned for it ## E.g. ## selector: ## matchLabels: ## app: my-app ## selector: {} ## @param persistence.annotations Persistent Volume Claim annotations ## annotations: {} networkPolicy: ## @param networkPolicy.enabled Enable network policies ## If ingress.enabled is true, configure networkPolicy.ingress selectors to allow communication ## enabled: false ## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies ## @param networkPolicy.ingress.namespaceSelector Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. ## @param networkPolicy.ingress.podSelector Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. ## ingress: enabled: false ## e.g: ## podSelector: ## label: ingress ## podSelector: {} ## e.g: ## namespaceSelector: ## label: ingress ## namespaceSelector: {} ## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backends (PostgreSQL and Redis) only accessible by Discourse's pods. ## @param networkPolicy.ingressRules.customBackendSelector Backend selector labels. These labels will be used to identify the backend pods. ## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes Discourse only accessible from a particular origin ## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector Namespace selector label that is allowed to access Discourse. This label will be used to identified the allowed namespace(s). ## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector Pods selector label that is allowed to access Discourse. This label will be used to identified the allowed pod(s). ## @param networkPolicy.ingressRules.customRules Custom network policy ingress rule ## ingressRules: ## PostgreSQL and Redis backends only can be accessed from Discourse ## backendOnlyAccessibleByFrontend: false customBackendSelector: {} ## Allow only from the indicated: ## accessOnlyFrom: enabled: false ## e.g: ## namespaceSelector: ## label: ingress ## namespaceSelector: {} ## e.g: ## podSelector: ## label: access ## podSelector: {} ## custom ingress rules ## e.g: ## customRules: ## - from: ## - namespaceSelector: ## matchLabels: ## label: example ## customRules: {} ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). ## @param networkPolicy.egressRules.customRules Custom network policy rule ## egressRules: ## Deny connections to external. This is not compatible with an external database. ## denyConnectionsToExternal: false ## Additional custom egress rules ## e.g: ## customRules: ## - to: ## - namespaceSelector: ## matchLabels: ## label: example ## customRules: {} ## PostgreSQL chart configuration ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml ## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart ## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user ## @param postgresql.auth.postgresPassword Password for the "postgres" admin user ## @param postgresql.auth.username Name for a custom user to create ## @param postgresql.auth.password Password for the custom user to create ## @param postgresql.auth.database Name for a custom database to create ## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials ## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`) ## postgresql: enabled: true auth: username: zenflow database: fcoscore_zenflow audit: logHostname: true logConnections: true logDisconnections: true pgAuditLogCatalog: "on" clientMinMessages: error extensions: hstore,pg_trgm,postgis ## External PostgreSQL configuration ## All of these values are only used when postgresql.enabled is set to false ## @param externalDatabase.host Database host ## @param externalDatabase.port Database port number ## @param externalDatabase.user Non-root username for FabCityOS ## @param externalDatabase.password Password for the non-root username for FabCityOS ## @param externalDatabase.database FabCityOS database name ## @param externalDatabase.create Switch to enable user/database creation during the installation stage ## @param externalDatabase.postgresUser PostgreSQL admin user, used during the installation stage ## @param externalDatabase.postgresPassword PostgreSQL admin password, used during the installation stage ## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials ## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials ## @param externalDatabase.existingSecretPostgresPasswordKey Name of an existing secret key containing the database admin user credentials ## externalDatabase: host: "" port: 5432 user: "" password: "" database: "" create: true postgresUser: postgres existingSecret: "" existingSecretPasswordKey: "" existingSecretPostgresPasswordKey: ""