mirror of
https://gitlab.fabcity.hamburg/software/fab-city-os-core-chart.git
synced 2024-09-19 20:08:53 +02:00
444 lines
15 KiB
YAML
444 lines
15 KiB
YAML
---
|
|
# Default values for fcoscore.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
## @param global.imageRegistry Global Docker image registry
|
|
## @param global.imagePullSecrets Global Docker registry secret names as an array
|
|
## @param global.storageClass Global StorageClass for Persistent Volume(s)
|
|
##
|
|
global:
|
|
imageRegistry: ""
|
|
## E.g.
|
|
## imagePullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
imagePullSecrets: []
|
|
storageClass: ""
|
|
|
|
replicaCount: 1
|
|
|
|
## Enable diagnostic mode in the statefulset
|
|
##
|
|
diagnosticMode:
|
|
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
|
|
##
|
|
enabled: false
|
|
## @param diagnosticMode.command Command to override all containers in the the statefulset
|
|
##
|
|
command:
|
|
- sleep
|
|
## @param diagnosticMode.args Args to override all containers in the the statefulset
|
|
##
|
|
args:
|
|
- infinity
|
|
|
|
audit:
|
|
pgAuditLog: true
|
|
logLinePrefix: ""
|
|
# logTimezone: ""
|
|
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
## Authentication parameters
|
|
##
|
|
auth:
|
|
## @param auth.password FabCityOS admin password. WARNING: Minimum length of 10 characters
|
|
## Defaults to a random 10-character alphanumeric string if not set
|
|
##
|
|
password: ""
|
|
## @param auth.existingSecret Name of an existing secret to use for Discourse credentials
|
|
## `auth.password` will be ignored and picked up from this secret
|
|
## The secret must contain the key `discourse-password`
|
|
## The value is evaluated as a template
|
|
##
|
|
existingSecret: ""
|
|
invitationKey: ""
|
|
|
|
## @param host Hostname to create application URLs (include the port if =/= 80)
|
|
##
|
|
host: ""
|
|
## @param siteName fcoscore site name
|
|
##
|
|
siteName: "Fab City Core node for valueflows circular economy networks"
|
|
|
|
## fcoscore SMTP settings
|
|
## @param smtp.enabled Enable/disable SMTP
|
|
## @param smtp.backend SMTP Backend type
|
|
## @param smtp.host SMTP host name
|
|
## @param smtp.port SMTP port number
|
|
## @param smtp.user SMTP account user name
|
|
## @param smtp.password SMTP account password
|
|
## @param smtp.protocol SMTP protocol (Allowed values: tls, ssl)
|
|
## @param smtp.auth SMTP authentication method
|
|
## @param smtp.existingSecret Name of an existing Kubernetes secret. The secret must have the following key configured: `smtp-password`
|
|
##
|
|
smtp:
|
|
enabled: false
|
|
backend: smtp
|
|
host: ""
|
|
port: ""
|
|
user: ""
|
|
password: ""
|
|
protocol: ""
|
|
auth: ""
|
|
existingSecret: ""
|
|
from: ""
|
|
api_key: ""
|
|
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
podAnnotations: {}
|
|
|
|
securityContext:
|
|
{}
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# readOnlyRootFilesystem: true
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: ""
|
|
annotations:
|
|
{}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: fcoscore.local
|
|
paths:
|
|
- path: /
|
|
pathType: ImplementationSpecific
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - chart-example.local
|
|
|
|
resources:
|
|
{}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Configure Pods Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
|
## @param podSecurityContext.enabled Enabled Odoo pods' Security Context
|
|
## @param podSecurityContext.fsGroup Set Odoo pod's Security Context fsGroup
|
|
##
|
|
podSecurityContext:
|
|
{}
|
|
# fsGroup: 2000
|
|
|
|
## Configure Container Security Context (only main container)
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param containerSecurityContext.enabled Enabled Odoo containers' Security Context
|
|
## @param containerSecurityContext.runAsUser Set Odoo container's Security Context runAsUser
|
|
##
|
|
containerSecurityContext:
|
|
enabled: false
|
|
runAsUser: 1001
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 100
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
## @param image.registry fcoscore image registry
|
|
## @param image.repository fcoscore image repository
|
|
## @param image.pullPolicy fcoscore image pull policy
|
|
## @param image.pullSecrets fcoscore image pull secrets
|
|
## @param image.tag fcoscore image tag
|
|
## @param image.debug Enable image debug mode
|
|
##
|
|
zenflow:
|
|
registry: docker.io
|
|
repository: fabcityhamburg/zenflows
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Set to true if you would like to see extra information on logs
|
|
##
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
# tag: ""
|
|
tag: ""
|
|
secretName: ""
|
|
existingSecret: ""
|
|
debug: false
|
|
service:
|
|
type: ClusterIP
|
|
port: 8000
|
|
room:
|
|
salt: ""
|
|
|
|
zvmlet:
|
|
registry: docker.io
|
|
repository: fabcityhamburg/zvmlet
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Set to true if you would like to see extra information on logs
|
|
##
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
tag: ""
|
|
debug: false
|
|
service:
|
|
type: ClusterIP
|
|
port: 3000
|
|
|
|
frontend:
|
|
registry: docker.io
|
|
repository: fabcityhamburg/interfacer-gui
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Set to true if you would like to see extra information on logs
|
|
##
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
tag: ""
|
|
debug: false
|
|
service:
|
|
type: ClusterIP
|
|
port: 8080
|
|
|
|
gateway:
|
|
registry: docker.io
|
|
repository: fabcityhamburg/interfacer-gateway
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Set to true if you would like to see extra information on logs
|
|
##
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
tag: ""
|
|
debug: false
|
|
service:
|
|
type: ClusterIP
|
|
port: 4040
|
|
url: ""
|
|
|
|
## Persistence Parameters
|
|
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
|
|
##
|
|
persistence:
|
|
## @param persistence.enabled Enable persistence using Persistent Volume Claims
|
|
##
|
|
enabled: true
|
|
## @param persistence.storageClass Persistent Volume storage class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner
|
|
##
|
|
storageClass: ""
|
|
## @param persistence.accessModes [array] Persistent Volume access modes
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## @param persistence.accessMode Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead)
|
|
##
|
|
accessMode: ReadWriteOnce
|
|
## @param persistence.size Persistent Volume size
|
|
##
|
|
size: 10Gi
|
|
## @param persistence.existingClaim The name of an existing PVC to use for persistence
|
|
##
|
|
existingClaim: ""
|
|
## @param persistence.selector Selector to match an existing Persistent Volume for Discourse data PVC
|
|
## If set, the PVC can't have a PV dynamically provisioned for it
|
|
## E.g.
|
|
## selector:
|
|
## matchLabels:
|
|
## app: my-app
|
|
##
|
|
selector: {}
|
|
## @param persistence.annotations Persistent Volume Claim annotations
|
|
##
|
|
annotations: {}
|
|
|
|
networkPolicy:
|
|
## @param networkPolicy.enabled Enable network policies
|
|
## If ingress.enabled is true, configure networkPolicy.ingress selectors to allow communication
|
|
##
|
|
enabled: false
|
|
## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies
|
|
## @param networkPolicy.ingress.namespaceSelector Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace.
|
|
## @param networkPolicy.ingress.podSelector Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods.
|
|
##
|
|
ingress:
|
|
enabled: false
|
|
## e.g:
|
|
## podSelector:
|
|
## label: ingress
|
|
##
|
|
podSelector: {}
|
|
## e.g:
|
|
## namespaceSelector:
|
|
## label: ingress
|
|
##
|
|
namespaceSelector: {}
|
|
## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backends (PostgreSQL and Redis) only accessible by Discourse's pods.
|
|
## @param networkPolicy.ingressRules.customBackendSelector Backend selector labels. These labels will be used to identify the backend pods.
|
|
## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes Discourse only accessible from a particular origin
|
|
## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector Namespace selector label that is allowed to access Discourse. This label will be used to identified the allowed namespace(s).
|
|
## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector Pods selector label that is allowed to access Discourse. This label will be used to identified the allowed pod(s).
|
|
## @param networkPolicy.ingressRules.customRules Custom network policy ingress rule
|
|
##
|
|
ingressRules:
|
|
## PostgreSQL and Redis backends only can be accessed from Discourse
|
|
##
|
|
backendOnlyAccessibleByFrontend: false
|
|
customBackendSelector: {}
|
|
## Allow only from the indicated:
|
|
##
|
|
accessOnlyFrom:
|
|
enabled: false
|
|
## e.g:
|
|
## namespaceSelector:
|
|
## label: ingress
|
|
##
|
|
namespaceSelector: {}
|
|
## e.g:
|
|
## podSelector:
|
|
## label: access
|
|
##
|
|
podSelector: {}
|
|
## custom ingress rules
|
|
## e.g:
|
|
## customRules:
|
|
## - from:
|
|
## - namespaceSelector:
|
|
## matchLabels:
|
|
## label: example
|
|
##
|
|
customRules: {}
|
|
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
|
|
## @param networkPolicy.egressRules.customRules Custom network policy rule
|
|
##
|
|
egressRules:
|
|
## Deny connections to external. This is not compatible with an external database.
|
|
##
|
|
denyConnectionsToExternal: false
|
|
## Additional custom egress rules
|
|
## e.g:
|
|
## customRules:
|
|
## - to:
|
|
## - namespaceSelector:
|
|
## matchLabels:
|
|
## label: example
|
|
##
|
|
customRules: {}
|
|
|
|
## PostgreSQL chart configuration
|
|
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
|
|
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
|
|
## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
|
|
## @param postgresql.auth.postgresPassword Password for the "postgres" admin user
|
|
## @param postgresql.auth.username Name for a custom user to create
|
|
## @param postgresql.auth.password Password for the custom user to create
|
|
## @param postgresql.auth.database Name for a custom database to create
|
|
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
|
|
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
|
|
##
|
|
postgresql:
|
|
enabled: true
|
|
auth:
|
|
username: zenflow
|
|
database: fcoscore_zenflow
|
|
audit:
|
|
logHostname: true
|
|
logConnections: true
|
|
logDisconnections: true
|
|
pgAuditLogCatalog: "on"
|
|
clientMinMessages: error
|
|
extensions: hstore,pg_trgm,postgis
|
|
|
|
## External PostgreSQL configuration
|
|
## All of these values are only used when postgresql.enabled is set to false
|
|
## @param externalDatabase.host Database host
|
|
## @param externalDatabase.port Database port number
|
|
## @param externalDatabase.user Non-root username for FabCityOS
|
|
## @param externalDatabase.password Password for the non-root username for FabCityOS
|
|
## @param externalDatabase.database FabCityOS database name
|
|
## @param externalDatabase.create Switch to enable user/database creation during the installation stage
|
|
## @param externalDatabase.postgresUser PostgreSQL admin user, used during the installation stage
|
|
## @param externalDatabase.postgresPassword PostgreSQL admin password, used during the installation stage
|
|
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
|
|
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
|
|
## @param externalDatabase.existingSecretPostgresPasswordKey Name of an existing secret key containing the database admin user credentials
|
|
##
|
|
externalDatabase:
|
|
host: ""
|
|
port: 5432
|
|
user: ""
|
|
password: ""
|
|
database: ""
|
|
create: true
|
|
postgresUser: postgres
|
|
existingSecret: ""
|
|
existingSecretPasswordKey: ""
|
|
existingSecretPostgresPasswordKey: ""
|