dvirlabs/my-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
my-apps/charts/common/values.yaml
dvirlabs fc5a2c354b Back to old ver
2025-08-24 00:09:37 +03:00

1366 lines
38 KiB
YAML
Raw Blame History

# -- Global values
global:
# -- Set additional global labels
labels: {}
# -- Set additional global annotations
annotations: {}
# -- Set a global namespace
# TODO: Currently some objects do not support this
namespace: ""
diagnosticMode:
enabled: false
fallbackDefaults:
# -- Define a storageClassName that will be used for all PVCs
# Can be overruled per PVC
storageClass:
# -- Default probe type
probeType: http
# -- Default Service Protocol
serviceProtocol: tcp
# -- Default Service Type
serviceType: ClusterIP
# -- Default persistence type
persistenceType: pvc
# -- Default Retain PVC
pvcRetain: false
# -- Default PVC Size
pvcSize: 100Gi
# -- Default VCT Size
vctSize: 100Gi
# -- Default PVC Access Modes
accessModes:
- ReadWriteOnce
# -- Default VCT Access Modes
vctAccessModes:
- ReadWriteOnce
# -- Default probe timeouts
probeTimeouts:
liveness:
initialDelaySeconds: 12
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
readiness:
initialDelaySeconds: 10
periodSeconds: 12
timeoutSeconds: 5
failureThreshold: 4
successThreshold: 2
startup:
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 60
successThreshold: 1
# -- Define a postgresql version for CNPG
# will be used for all CNPG objects
# Can be overruled per CNPG objects
# -- Define a topologyKey for default topologySpreadConstraints
# Will be used when defaultSpread: true
topologyKey: kubernetes.io/hostname
cnpg:
pgVersion: 16
skipEmptyWalArchiveCheck: true
traefik:
commonMiddlewares:
- name: tc-basic-secure-headers
# -- Minimum nodePort value
minNodePort: 9000
# -- Enable to stop most pods and containers including cnpg
# does not include stand-alone pods
stopAll: false
# -- Explicitly set a namespace for this chart only
namespace: ""
image:
repository: ghcr.io/traefik/whoami
pullPolicy: IfNotPresent
tag: v1.11.0@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab
chartContext:
appUrl: ""
podCIDR: ""
svcCIDR: ""
# -- Security Context
securityContext:
# -- Container security context for all containers
# Can be overruled per container
container:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
# When set to false, it will automatically
# add CHOWN, SETUID, SETGID, FOWNER, DAC_OVERRIDE
# capabilities ONLY when container runs as ROOT
disableS6Caps: false
# -- PUID for all containers
# Can be overruled per container
PUID: 568
# -- UMASK for all containers
# Can be overruled per container
UMASK: "0022"
# -- Pod security context for all pods
# Can be overruled per pod
pod:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: []
sysctls: []
# -- Resources
# Can be overruled per container
resources:
limits:
cpu: 1000m
memory: 1500Mi
requests:
cpu: 100m
memory: 250Mi
containerOptions:
NVIDIA_CAPS:
- all
# -- Options for all pods
# Can be overruled per pod
podOptions:
enableServiceLinks: false
hostNetwork: false
hostPID: false
hostIPC: false
# If this key exists, takes precedence over the automated calculation
# hostUsers: false
shareProcessNamespace: false
affinity: {}
dnsPolicy: ClusterFirst
dnsConfig:
options:
- name: ndots
value: "1"
hostAliases: []
nodeSelector:
kubernetes.io/arch: "amd64"
# -- Used to enforce a good spread for Deployments and StatefulSets by default
defaultSpread: true
defaultAffinity: true
topologySpreadConstraints: []
tolerations: []
schedulerName: ""
priorityClassName: ""
runtimeClassName: ""
automountServiceAccountToken: false
terminationGracePeriodSeconds: 60
# -- (docs/workload/README.md)
workload:
main:
enabled: true
primary: true
type: Deployment
dbWait: true
podSpec:
containers:
main:
enabled: true
primary: true
imageSelector: image
probes:
liveness:
enabled: true
type: "{{ .Values.service.main.ports.main.protocol }}"
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
readiness:
enabled: true
type: "{{ .Values.service.main.ports.main.protocol }}"
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
startup:
enabled: true
type: "{{ .Values.service.main.ports.main.protocol }}"
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
# -- Timezone used everywhere applicable
TZ: UTC
# -- Diagnostic Mode
diagnosticMode:
enabled: false
# -- Vertical pod autoscaler
vpa:
main:
enabled: false
targetSelector: []
# updatePolicy:
# updateMode: auto
resourcePolicy:
containerPolicies:
- containerName: "*"
minAllowed:
cpu: 50m
memory: 50Mi
maxAllowed:
cpu: 8000m
memory: 20Gi
controlledResources: ["cpu", "memory"]
# -- Horizontal pod autoscaler
hpa:
main:
enabled: false
targetSelector: []
# minReplicas: 1
# maxReplicas: 3
# metrics: # Optional, list of metric specs
# - type: Resource # Can be Resource, Pods, Object, External, or ContainerResource
# resource:
# name: cpu
# target:
# type: Utilization # Or Value / AverageValue
# averageUtilization: 50
# - type: Resource
# resource:
# name: memory
# target:
# type: AverageValue
# averageValue: 500Mi
# behavior: # Optional: controls scaling behavior
# scaleUp:
# stabilizationWindowSeconds: 0
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 4
# periodSeconds: 60
# -- (docs/service/README.md)
service:
main:
## Integration stuff
# integration:
# metallb:
# enabled: false
## Optional to set shared key manually, otherwise set to namespace
# sharedKey: ""
#
# cilium:
# enabled: false
## Optional to set shared key manually, otherwise ignored (namespace sharing)
# sharedKey: ""
#
# traefik:
# enabled: false
enabled: true
primary: true
ports:
main:
enabled: true
primary: true
protocol: http
credentials:
{}
# mys3:
# type: s3
# url: ""
# path: ""
# bucket: ""
# accessKey: ""
# secretKey: ""
# ## Is used in cases where things are encrypted by a backup utility
# encrKey: ""
ingressMiddlewares:
traefik:
tc-basic-secure-headers:
enabled: false
type: headers
data:
accessControlAllowMethods:
- GET
- OPTIONS
- HEAD
- PUT
accessControlMaxAge: 100
stsSeconds: 63072000
forceSTSHeader: true
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: same-origin
customRequestHeaders:
X-Forwarded-Proto: "https"
# basic-auth:
# enabled: true
# type: basicAuth
# data:
# # middleware specific data ie
# users:
# - username: user1
# password: password1
# some-other-middleware:
# enabled: true
# type: someOtherMiddleware
# data:
# # middleware specific data ie
# someOtherMiddlewareData: someOtherMiddlewareData
# -- (docs/persistence/README.md)
persistence:
shared:
enabled: true
type: emptyDir
mountPath: /shared
targetSelectAll: true
varlogs:
enabled: true
type: emptyDir
mountPath: /var/logs
medium: Memory
targetSelectAll: true
varrun:
enabled: true
type: emptyDir
mountPath: /var/run
medium: Memory
targetSelectAll: true
tmp:
enabled: true
type: emptyDir
mountPath: /tmp
medium: Memory
targetSelectAll: true
devshm:
enabled: true
type: emptyDir
mountPath: /dev/shm
medium: Memory
targetSelectAll: true
# backupexample:
# ## the default backup path, is the credential path suffixed by the releasename, volsync and both the pvc and volsync names
# enabled: true
# type: pvc
# mountPath: /backedup
# targetSelectAll: true
# volsync:
# - name: mybackup
# ## TODO: other options
# type: restic
# credentials: mys3
# dest:
# enabled: true
# src:
# enabled: true
# iscsi:
# enabled: true
# type: iscsi
# mountPath: /dev/shm
# iscsi:
# targetPortal: 10.0.2.15:3260
# portals: ['10.0.2.16:3260', '10.0.2.17:3260'] #optional
# iqn: iqn.2001-04.com.example:storage.kube.sys1.xyz
# lun: 0
# fsType: ext4 #Optional
# iscsiInterface: default #Optional
# initiatorName: iqn.1994-05.com.redhat:node1 #Optional
# authSession:
# username: "someusername"
# password: "somepassword"
# usernameInitiator: "someusernameInitiator"
# passwordInitiator: "somepasswordInitiator"
# authDiscovery:
# username: "someusername"
# password: "somepassword"
# usernameInitiator: "someusernameInitiator"
# passwordInitiator: "somepasswordInitiator"
# vct:
# enabled: true
# type: vct
# mountPath: /shared
# dynamic-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# dynamic-pvc-dataSource:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# dataSource:
# kind: "PersistentVolumeClaim"
# name: "existingPVC"
# existing-claim:
# enabled: true
# type: pvc
# existingClaim: "someclaim"
# mountPath: /shared
# targetSelectAll: true
# existingpv-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# volumeName: "somePV"
# static-nfs-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# static:
# mode: nfs
# server: "/someserver"
# share: "someshare"
# static-smb-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# static:
# mode: smb
# server: "/someserver"
# share: "someshare"
# domain: "somedomain"
# user: "someuser"
# password: "somepass"
# static-custom-pvc:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# static:
# mode: custom
# provisioner: "some.provisioner"
# driver: "somedriver"
# # Custom CSI definition here
# csi: {}
# example-volumesnapshot:
# enabled: true
# type: pvc
# mountPath: /shared
# targetSelectAll: true
# volumeSnapshots:
# - name: "mysnapshot"
# volumeSnapshotClassName: "mysnapshotclass" (optional)
volumeSnapshotClass: {}
volumeSnapshots: {}
# volumeSnapshots:
# mysnapshot:
# volumeSnapshotClassName: "mycustomsnapshot" (optional)
# source:
# # pick one
# persistentVolumeClaimName: "mypvcname" (does not get altered)
# volumeSnapshotContentName: "mysnapshotname"
# -- (docs/imagePullSecrets.md)
imagePullSecret: {}
# -- (docs/configmap.md)
configmap: {}
# -- (docs/secret.md)
secret: {}
# -- (docs/serviceAccount.md)
serviceAccount: {}
# -- (docs/rbac.md)
rbac: {}
# NOTES.txt
notes:
header: |
# Thank you for installing {{ .Chart.Name }} by TrueCharts.
# custom: "{{ toYaml $.Values }}"
custom: |
{{- if .Values.chartContext.appUrl }}
## Connecting externally
You can use this Chart by opening the following links in your browser:
- {{ toYaml .Values.chartContext.appUrl }}
{{- end }}
{{ if .Chart.Dependencies }}
## Dependencies for {{ .Chart.Name }}
{{- range .Chart.Dependencies }}
- Chart: {{ .Repository }}/{{ .Name }}
Version: {{ .Version }}
{{- end }}
{{- end }}
{{- if .Values.chartContext.internalUrls }}
## Connecting Internally
You can reach this chart inside your cluster, using the following service URLS:
{{- range $url := .Values.chartContext.internalUrls -}}
- {{ $url }}
{{- end }}
{{- end }}
## Sources for {{ .Chart.Name }}
{{- range .Chart.Sources }}
- {{ . }}
{{- end -}}
{{- $link := .Chart.Annotations.docs -}}
{{- if not $link -}}
{{- $link = .Chart.Home -}}
{{- end }}
See more for **{{ $.Chart.Name }}** at ({{ $link }})
footer: |
## Documentation
Please check out the TrueCharts documentation on:
https://truecharts.org
OpenSource can only exist with your help, please consider supporting TrueCharts:
https://truecharts.org/sponsor
warnings: []
####
##
## TrueCharts Specific Root Objects
##
####
gluetunImage:
repository: tccr.io/tccr/gluetun
tag: v3.40.0@sha256:a8189e29155e0f8142be1500ae068a92b189b1b25abbba036321e74d6389bf2b
pullPolicy: IfNotPresent
netshootImage:
repository: tccr.io/tccr/netshoot
tag: v0.14.0@sha256:28ede4317d22391e7d89a15eb78dc2afc3587ece02c76c983dde7239a0e43679
pullPolicy: IfNotPresent
tailscaleImage:
repository: tccr.io/tccr/tailscale
tag: v1.86.2@sha256:7694928c789a246fe2fb58e10dd604f66b18b4ef961409095b689f7762523ed1
pullPolicy: IfNotPresent
codeserverImage:
repository: tccr.io/tccr/code-server
tag: v4.103.1@sha256:b754400a938e74eaaf07fa6fb9b64a24a4e6c5d88c94f914748b202f1fb57ce6
pullPolicy: IfNotPresent
alpineImage:
repository: tccr.io/tccr/alpine
tag: v3.22.1
pullPolicy: IfNotPresent
scratchImage:
repository: tccr.io/tccr/scratch
tag: latest@sha256:4aef9dbf99ea2a8857ed4ce9d9bf79d330b79044884c7374e392445d122ec746
pullPolicy: IfNotPresent
kubectlImage:
repository: tccr.io/tccr/kubectl
tag: latest@sha256:b16dca4e8ec1c9128a8b7712ebd3713f69d3dd24d622799a482e7ce3929a702b
pullPolicy: IfNotPresent
wgetImage:
repository: tccr.io/tccr/wget
tag: v1.0.0@sha256:961566b0149f766abfaa82326aad9c3089e3311eca5d4910ff2d4faf70ddbb10
pullPolicy: IfNotPresent
yqImage:
pullPolicy: IfNotPresent
repository: docker.io/mikefarah/yq
tag: 4.47.1@sha256:b9285dd3b0bea3c34d0c54415dd48d767dabd9644d489bd6e253660847b58419
postgresClientImage:
repository: tccr.io/tccr/db-wait-postgres
tag: v1.1.0@sha256:182687540102534aeb28fce4d124274e81a849a43556214977c378ae2a580b35
pullPolicy: IfNotPresent
mariadbClientImage:
repository: tccr.io/tccr/db-wait-mariadb
tag: v1.1.0@sha256:bd60b6087bacaf5e697243f764065ea5d04da1af703b2009be3752c1aede6d32
pullPolicy: IfNotPresent
redisClientImage:
repository: tccr.io/tccr/db-wait-redis
tag: v1.1.0@sha256:14c792c5d2faf5b5c7f8325e387700d70571bf930d321de81483aa704c198e40
pullPolicy: IfNotPresent
mongodbClientImage:
repository: tccr.io/tccr/db-wait-mongodb
tag: v1.2.0@sha256:fe22e616bd3facd3d2e959cfaae9795a8503c8fb6bb90487a14dfd14cbd3ffe3
pullPolicy: IfNotPresent
postgres15Image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: "15.13"
pullPolicy: IfNotPresent
postgres16Image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: "16.9"
pullPolicy: IfNotPresent
postgresPostgis15Image:
repository: ghcr.io/cloudnative-pg/postgis
tag: "15-3.4"
pullPolicy: IfNotPresent
postgresPostgis16Image:
repository: ghcr.io/cloudnative-pg/postgis
tag: "16-3.4"
pullPolicy: IfNotPresent
postgresVectors15Image:
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
tag: "15.7-v0.2.1"
pullPolicy: IfNotPresent
postgresVectors16Image:
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
tag: "16.3-v0.2.1"
pullPolicy: IfNotPresent
# -- OpenVPN specific configuration
# @default -- See below
openvpnImage:
# -- Specify the openvpn client image
repository: tccr.io/tccr/openvpn-client
# -- Specify the openvpn client image tag
tag: latest@sha256:9bfdf50791d6e51056e31c03f73c9db329b2b72e7746155cfdc63e0c8b49b55a
# -- Specify the openvpn client image pull policy
pullPolicy: IfNotPresent
# -- WireGuard specific configuration
# @default -- See below
wireguardImage:
# -- Specify the WireGuard image
repository: tccr.io/tccr/wireguard
# -- Specify the WireGuard image tag
tag: v1.0.20210914@sha256:683b8b74d64ebd07f9955147539834c2a4b60fee51d2a36fa76b9aba689601bf
# -- Specify the WireGuard image pull policy
pullPolicy: IfNotPresent
# -- Configure the ingresses for the chart here.
# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
# @default -- See below
ingress:
main:
# -- Enables or disables the ingress
enabled: false
# -- Make this the primary ingress (used in probes, notes, etc...).
# If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
primary: true
# -- Ensure this ingress is always enabled.
required: false
# expandObjectName: false
# -- Provide additional labels which may be required.
labels: {}
# -- Provide additional annotations which may be required.
annotations: {}
# -- Set the ingressClass that is used for this ingress.
# Requires Kubernetes >=1.19
ingressClassName: ""
# Defaults to primary service and primary port
# targetSelector:
# # service: port
# main: main
## Configure the hosts for the ingress
hosts: []
# - # -- Host address. Helm template can be passed.
# host: chart-example.local
# ## Configure the paths for the host
# paths:
# - # -- Path. Helm template can be passed.
# path: /
# # -- Ignored if not kubeVersion >= 1.14-0
# pathType: Prefix
# # -- Overrides the service reference for this path, by default the selector is honored
# overrideService:
# # -- Overrides the service name reference for this path
# name:
# # -- Overrides the service port reference for this path
# port:
# -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
# Gets ignored when clusterIssuer is filled
tls: []
# - secretName: chart-example-tls
# certificateIssuer: ""
# hosts:
# - chart-example.local
integrations:
certManager:
enabled: false
certificateIssuer: ""
traefik:
enabled: false
# Default to websecure
entrypoints:
- websecure
# Ensures tls annotation is set
forceTLS: true
middlewares: []
# - name: my-middleware
# # Optional, by default will try to
# # "lookup" the namespace based on the name
# namespace: ""
nginx:
enabled: false
themepark:
enabled: false
css: ""
ipWhitelist: []
auth:
# empty to disable, options: "authentik" or "authelia"
type: ""
# Internal Domain name + port to reach the auth provider, excluding http(s)
internalHost: ""
# External (ingress) Domain name to reach the auth provider, excluding http(s)
externalHost: ""
# Optional: override default response headers
responseHeaders: []
homepage:
enabled: false
# Default: chart name
name: ""
# Default: chart description
description: ""
# Default: no group
group: ""
# Default: chart icon
icon: ""
widget:
# Default: chartname
type: ""
# Default to ingress host 0
url: ""
custom:
# somesetting: some value
customkv:
# - key: some key
# value: some value
certificate: {}
# main:
# enabled: false
# certificateIssuer: someissuer
# hosts:
# - somehost
# # Optional
# certificateSecretTemplate:
# labels: {}
# annotations: {}
# -- BETA: Configure the gateway routes for the chart here.
# Additional routes can be added by adding a dictionary key similar to the 'main' route.
# Please be aware that this is an early beta of this feature, TrueCharts does not guarantee this actually works.
# Being BETA this can/will change in the future without notice, please do not use unless you want to take that risk
# [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)
# @default -- See below
route:
main:
# -- Enables or disables the route
enabled: false
# -- Set the route kind
# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
kind: HTTPRoute
# -- Provide additional annotations which may be required.
annotations: {}
# -- Provide additional labels which may be required.
labels: {}
# -- Configure the resource the route attaches to.
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name:
namespace:
sectionName:
# -- Host addresses
hostnames: []
# -- Configure rules for routing. Defaults to the primary service.
rules:
- backendRefs:
- group: ""
kind: Service
name:
namespace:
port:
weight: 1
## Configure conditions used for matching incoming requests. Only for HTTPRoutes
matches:
- path:
type: PathPrefix
value: /
podDisruptionBudget:
main:
enabled: false
# -- Custom Selector Labels
# customLabels:
# customKey: customValue
# maxUnavailable: 1
# minAvailable: 1
targetSelector: main
webhook:
validating:
enabled: false
type: validating
webhooks: []
mutating:
enabled: false
type: mutating
webhooks: []
priorityClass: {}
# priorityClass:
# example:
# provisioner: some.provisioner.io
# enabled: true
# value: 1000000
# preemptionPolicy: PreemptLowerPriority
# globalDefault: false
# description: "some description"
# # -- create storageClasses on demand
storageClass: {}
# storageClass:
# example:
# provisioner: some.provisioner.io
# enabled: true
# isDefaultClass: false
# parameters: {}
# reclaimPolicy: retain
# allowVolumeExpansion: true
# volumeBindingMode: Immediate
# mountOptions: []
metrics:
main:
enabled: false
primary: true
# options: servicemonitor, podmonitor
type: "servicemonitor"
# defaults to selectorLabels
selector: {}
endpoints:
- port: main
interval: 5s
scrapeTimeout: 5s
path: /
honorLabels: false
prometheusRule:
enabled: false
groups: {}
# somegroup:
# # list of rules
# rules: []
# # list to support adding rules via the SCALE GUI without overwrithing the rules
# additionalrules: []
# List to support adding groups using the SCALE GUI
additionalgroups:
# - name: "somegroup"
# # list of rules
# rules: []
# # list to support adding rules via the SCALE GUI without overwrithing the rules
# additionalrules: []
# -- The common chart supports several add-ons. These can be configured under this key.
# @default -- See below
addons:
gluetun:
enabled: false
targetSelector:
- main
secret:
# vpn-conf:
# basePath: /gluetun/wireguard
# data:
# # Effective path /gluetun/wireguard/wg0.conf
# wg0.conf: |
# some conf
# wg1.conf: |
# some conf
# scripts:
# basePath: /gluetun/scripts
# defaultMode: "0777"
# data:
# # Effective path /gluetun/scripts/up.sh
# up.sh: |
# some conf
container:
enabled: true
imageSelector: gluetunImage
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
resources:
excludeExtra: true
securityContext:
runAsUser: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
runAsGroup: 568
capabilities:
add:
- NET_ADMIN
- NET_RAW
- MKNOD
env:
DOT: "off"
DNS_KEEP_NAMESERVER: "on"
FIREWALL: "off"
FIREWALL_OUTBOUND_SUBNETS: ""
FIREWALL_INPUT_PORTS: ""
# -- Tailscale specific configuration
# @default -- See below
# See more info for the configuration
# https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh
tailscale:
enabled: false
targetSelector:
- main
# -- you can directly specify the config file here
config: ""
container:
enabled: true
imageSelector: "tailscaleImage"
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
command:
- /usr/local/bin/containerboot
resources:
excludeExtra: true
env:
# Set KUBE_SECRET to empty string to force tailscale
# to use the filesystem for state tracking.
# With secret for state tracking you can't always
# know if the app that uses this sidecard will
# use a custom ServiceAccount and will lead to falure.
TS_KUBE_SECRET: ""
TS_SOCKET: /var/run/tailscale/tailscaled.sock
TS_STATE_DIR: /var/lib/tailscale/state
TS_USERSPACE: true
TS_AUTH_ONCE: true
TS_ACCEPT_DNS: false
TS_AUTH_KEY: ""
TS_TAILSCALED_EXTRA_ARGS: ""
TS_EXTRA_ARGS: ""
TS_SOCKS5_SERVER: ""
TS_DEST_IP: ""
TS_ROUTES: ""
TS_OUTBOUND_HTTP_PROXY_LISTEN: ""
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
# -- Auth key to connect to the VPN Service
authkey: ""
# As a sidecar, it should only need to run in userspace
userspace: true
auth_once: true
accept_dns: false
routes: ""
dest_ip: ""
sock5_server: ""
extra_args: ""
daemon_extra_args: ""
outbound_http_proxy_listen: ""
# -- Annotations for tailscale sidecar
annotations: {}
# -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
# @default -- See values.yaml
codeserver:
enabled: false
# -- Enable running a code-server container in the pod
container:
enabled: true
probes:
liveness:
enabled: true
port: 12321
path: "/"
readiness:
enabled: true
port: 12321
path: "/"
startup:
enabled: true
port: 12321
path: "/"
imageSelector: "codeserverImage"
resources:
excludeExtra: true
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
args:
- "--port"
- "12321"
- "/"
- --auth
- none
# - --user-data-dir
# - "/config/.vscode"
# -- Select a workload to add the addon to
targetSelector:
- "main"
service:
# -- Enable a service for the code-server add-on.
enabled: true
type: ClusterIP
# Specify the default port information
ports:
codeserver:
enabled: true
primary: true
protocol: http
port: 12321
targetPort: 12321
ingress:
# -- Enable an ingress for the code-server add-on.
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
labels: {}
hosts:
- host: code.chart-example.local
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
tls: []
netshoot:
# -- Enable running a netshoot container in the pod
enabled: false
container:
enabled: true
command:
- /bin/sh
- -c
- sleep infinity
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
imageSelector: "netshootImage"
resources:
excludeExtra: true
securityContext:
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
readOnlyRootFilesystem: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
dependencies:
##########################################################################
# This section contains some pre-config for frequently used dependencies #
##########################################################################
cnpg:
main:
enabled: false
primary: true
# -- Puts the cnpg cluster in hibernation mode
hibernate: false
# Additional Labels and annotations for all cnpg objects
labels: {}
annotations: {}
# Type of the CNPG database. Available types:
# * `postgres`
# * `postgis`
# * `timescaledb`
# * `vectors`
type: postgres
# Version of Postgresql to use, changes cluster naming scheme
# * `15`
# * `16`
pgVersion: 16
# Cluster mode of operation. Available modes:
# * `standalone` - default mode. Creates new or updates an existing CNPG cluster.
# * `replica` - Creates a replica cluster from an existing CNPG cluster. # TODO
# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup.
mode: standalone
# Database details
database: "app"
user: "app"
password: "PLACEHOLDERPASSWORD"
# Database cluster configuration
cluster:
# Additional Labels and annotations for cnpg cluster
labels: {}
annotations: {}
# Number of instances
instances: 2
# set to true on single-node clusters to allow PVCs to be kept on instance restart
singleNode: false
## set to configure the skipEmptyWalArchiveCheck annotation
# skipEmptyWalArchiveCheck: true
# # -- storage size for the data pvc's
# # Follows the same spec as .Values.Persistence type=PVC
# storage:
# size: "256Gi"
# # -- storage size for the wal pvc's
# # Follows the same spec as .Values.Persistence type=PVC
# walStorage:
# size: "256Gi"
# -- Gets scaled to 0 if hibernation is true
## See .Values.resources for more info
# resources:
# Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
# successfully updated. It can be switchover (default) or in-place (restart).
primaryUpdateMethod: switchover
# Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been
# successfully updated: it can be automated (unsupervised - default) or manual (supervised)
# Example of rolling update strategy:
# - unsupervised: automated update of the primary once all
# replicas have been upgraded (default)
# - supervised: requires manual supervision to perform
# the switchover of the primary
# -- change to supervised to disable unsupervised updates
primaryUpdateStrategy: unsupervised
# The instances' log level, one of the following values: error, warning, info (default), debug, trace
logLevel: info
# The configuration for the CA and related certificates
# See: https://cloudnative-pg.io/documentation/current/api_reference/#CertificatesConfiguration
certificates:
# When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password.
# If the secret is not present, the operator will automatically create one.
# When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created,
# and then blank the password of the postgres user by setting it to NULL.
# enableSuperuserAccess: true
# Configuration of the PostgreSQL server
# See: https://cloudnative-pg.io/documentation/current/api_reference/#PostgresConfiguration
postgresql:
# BootstrapInitDB is the configuration of the bootstrap process when initdb is used
# See: https://cloudnative-pg.io/documentation/current/bootstrap/
# See: https://cloudnative-pg.io/documentation/current/api_reference/#bootstrapinitdb
initdb: {}
# postInitSQL:
# - CREATE EXTENSION IF NOT EXISTS vector;
# postInitApplicationSQL:
# - CREATE EXTENSION IF NOT EXISTS someextension;
# -- set to enable prometheus metrics
monitoring:
enablePodMonitor: false
disableDefaultQueries: false
customQueries: []
# - name: "pg_cache_hit_ratio"
# expandObjectName: true
# key: "custom-key" (defaults to "custom-queries")
# query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;"
# metrics:
# - datname:
# usage: "LABEL"
# description: "Name of the database database"
# - ratio:
# usage: GAUGE
# description: "Cache hit ratio"
# Recovery settings if the chosen mode is `recovery`.
recovery:
##
# Backup Recovery Method
# Available recovery methods:
# * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace.
# * `object_store` - Recovers a CNPG cluster from a barman object store (PITR supported).
# * `pg_basebackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to
# migrate databases to CloudNativePG, even from outside Kubernetes. # TODO
method: object_store
## set a revision to append to the serverName to ensure restore and backup dont target the same thing
# revision: 1
# override serverName in recovery obkect
servername: ""
## Point in time recovery target. Specify one of the following:
pitrTarget:
# Time in RFC3339 format
time: ""
# Name of the backup to recover from. Required if method is `backup`.
backupName: ""
# Object Store Recovery Method
clusterName: ""
# Overrides the provider specific default path. Defaults to:
# S3: s3://<bucket><path>
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path>
# Google: gs://<bucket><path>
destinationPath: ""
# Database cluster backup configuration
backups:
# You need to configure backups manually, so backups are disabled by default.
enabled: false
encryption:
enabled: false
## set a revision to append to the serverName to ensure restore and backup dont target the same thing
# revision: 1
# override serverName in recovery obkect
servername: ""
# Overrides the provider specific default path. Defaults to:
# S3: s3://<bucket><path>
# Azure: https://<storageAccount>.<serviceName>.core.windows.net/<clusterName><path>
# Google: gs://<bucket><path>
destinationPath: ""
# default: primary, other option prefer-standby
target: ""
# name of credentials in .Values.Credentials
credentials: ""
scheduledBackups:
- name: daily-backup
schedule: "0 0 0 * * *"
backupOwnerReference: self
immediate: true
suspend: false
retentionPolicy: "30d"
# - Manual list of backups
manualBackups: []
# - name: today
# labels: {}
# annotations: {}
# - name: beforeUpgrade
# labels: {}
# annotations: {}
# Database cluster PgBouncer configuration
pooler:
enabled: false
# -- enable to create extra pgbouncer for readonly access
createRO: false
poolMode: session
# -- Gets scaled to 0 if hibernation is true
instances: 2
# parameters:
# max_client_conn: "1000"
# default_pool_size: "25"
labels: {}
annotations: {}
# -- contains credentials and urls output by generator
creds: {}
# -- Redis dependency configuration
# @default -- See below
redis:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
# -- can be used to make an easy accessible note which URLS to use to access the DB.
creds: {}
secret:
credentials:
enabled: false
# -- mariadb dependency configuration
# @default -- See below
mariadb:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
rootPassword: "PLACEHOLDERROOTPASSWORD"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
# -- mongodb dependency configuration
# @default -- See below
mongodb:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
rootPassword: "PLACEHOLDERROOTPASSWORD"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
# -- clickhouse dependency configuration
# @default -- See below
clickhouse:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
# -- solr dependency configuration
# @default -- See below
solr:
enabled: false
includeCommon: false
password: "PLACEHOLDERPASSWORD"
solrCores: 1
solrEnableAuthentication: "no"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
# -- List of extra objects to deploy with the release
extraTpl: []
Reference in New Issue View Git Blame Copy Permalink