# -- Global values global: # -- Set additional global labels labels: {} # -- Set additional global annotations annotations: {} # -- Set a global namespace # TODO: Currently some objects do not support this namespace: "" fallbackDefaults: # -- Define a storageClassName that will be used for all PVCs # Can be overruled per PVC storageClass: # -- Default probe type probeType: http # -- Default Service Protocol serviceProtocol: tcp # -- Default Service Type serviceType: ClusterIP # -- Default persistence type persistenceType: pvc # -- Default Retain PVC pvcRetain: false # -- Default PVC Size pvcSize: 100Gi # -- Default VCT Size vctSize: 100Gi # -- Default PVC Access Modes accessModes: - ReadWriteOnce # -- Default VCT Access Modes vctAccessModes: - ReadWriteOnce # -- Default probe timeouts probeTimeouts: liveness: initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 5 successThreshold: 1 readiness: initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 5 successThreshold: 2 startup: initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 2 failureThreshold: 60 successThreshold: 1 # -- Define a postgresql version for CNPG # will be used for all CNPG objects # Can be overruled per CNPG objects pgVersion: 16 metallb: # -- Adds metalLB annotations to services addServiceAnnotations: true traefik: # -- Adds traefik annotations to services (when needed) addServiceAnnotations: true # Enables or disables the fixed middlewares on all ingresses # Can be overruled per ingress enableFixedMiddlewares: true # Applies middleware to all ingresses # Can be overruled per ingress fixedMiddlewares: - name: chain-basic # Optional, by default will try to # "lookup" the namespace based on the name namespace: "" # The middlewares to apply if allowCors toggle is enabled allowCorsMiddlewares: - name: tc-opencors-chain # Optional, by default will try to # "lookup" the namespace based on the name namespace: "" # -- Minimum nodePort value minNodePort: 9000 # -- Enable to stop most pods and containers including cnpg # does not include stand-alone pods stopAll: false # -- Explicitly set a namespace for this chart only namespace: "" image: repository: traefik/whoami pullPolicy: IfNotPresent tag: v1.10.1@sha256:6bebf84c091b5da4d4228bf8905436e33ca371afc6f3bd52b1682b40d76b23de chartContext: APPURL: "" podCIDR: "" svcCIDR: "" # -- Security Context securityContext: # -- Container security context for all containers # Can be overruled per container container: runAsUser: 568 runAsGroup: 568 readOnlyRootFilesystem: true allowPrivilegeEscalation: false privileged: false seccompProfile: type: RuntimeDefault capabilities: add: [] drop: - ALL # When set to false, it will automatically # add CHOWN, SETUID, SETGID, FOWNER, DAC_OVERRIDE # capabilities ONLY when container runs as ROOT disableS6Caps: false # -- PUID for all containers # Can be overruled per container PUID: 568 # -- UMASK for all containers # Can be overruled per container UMASK: "0022" # -- Pod security context for all pods # Can be overruled per pod pod: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [] sysctls: [] # -- Resources # Can be overruled per container resources: limits: cpu: 4000m memory: 8Gi requests: cpu: 10m memory: 50Mi containerOptions: NVIDIA_CAPS: - all # -- Options for all pods # Can be overruled per pod podOptions: enableServiceLinks: false hostNetwork: false hostPID: false hostIPC: false hostUsers: false shareProcessNamespace: false restartPolicy: Always dnsPolicy: ClusterFirst dnsConfig: options: - name: ndots value: "1" hostAliases: [] nodeSelector: kubernetes.io/arch: "amd64" # -- Used to enforce a good spread for Deployments and StatefulSets by default defaultSpread: true topologySpreadConstraints: [] tolerations: [] schedulerName: "" priorityClassName: "" runtimeClassName: "" automountServiceAccountToken: false terminationGracePeriodSeconds: 60 # -- (docs/workload/README.md) workload: main: enabled: true primary: true type: Deployment dbWait: true podSpec: containers: main: enabled: true primary: true imageSelector: image probes: liveness: enabled: true type: "{{ .Values.service.main.ports.main.protocol }}" port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}" readiness: enabled: true type: "{{ .Values.service.main.ports.main.protocol }}" port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}" startup: enabled: true type: "tcp" port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}" # -- Timezone used everywhere applicable TZ: UTC # -- (docs/service/README.md) service: main: enabled: true primary: true ports: main: enabled: true primary: true protocol: http serviceList: [] # -- (docs/persistence/README.md) persistence: shared: enabled: true type: emptyDir mountPath: /shared targetSelectAll: true varlogs: enabled: true type: emptyDir mountPath: /var/logs medium: Memory targetSelectAll: true varrun: enabled: true type: emptyDir mountPath: /var/run medium: Memory targetSelectAll: true tmp: enabled: true type: emptyDir mountPath: /tmp medium: Memory targetSelectAll: true devshm: enabled: true type: emptyDir mountPath: /dev/shm medium: Memory targetSelectAll: true # iscsi: # enabled: true # type: iscsi # mountPath: /dev/shm # iscsi: # targetPortal: 10.0.2.15:3260 # portals: ['10.0.2.16:3260', '10.0.2.17:3260'] #optional # iqn: iqn.2001-04.com.example:storage.kube.sys1.xyz # lun: 0 # fsType: ext4 #Optional # iscsiInterface: default #Optional # initiatorName: iqn.1994-05.com.redhat:node1 #Optional # authSession: # username: "someusername" # password: "somepassword" # usernameInitiator: "someusernameInitiator" # passwordInitiator: "somepasswordInitiator" # authDiscovery: # username: "someusername" # password: "somepassword" # usernameInitiator: "someusernameInitiator" # passwordInitiator: "somepasswordInitiator" # vct: # enabled: true # type: vct # mountPath: /shared # dynamic-pvc: # enabled: true # type: pvc # mountPath: /shared # targetSelectAll: true # dynamic-pvc-dataSource: # enabled: true # type: pvc # mountPath: /shared # targetSelectAll: true # dataSource: # kind: "PersistentVolumeClaim" # name: "existingPVC" # existing-claim: # enabled: true # type: pvc # existingClaim: "someclaim" # mountPath: /shared # targetSelectAll: true # existingpv-pvc: # enabled: true # type: pvc # mountPath: /shared # targetSelectAll: true # volumeName: "somePV" # static-nfs-pvc: # enabled: true # type: pvc # mountPath: /shared # targetSelectAll: true # static: # mode: nfs # server: "/someserver" # share: "someshare" # static-smb-pvc: # enabled: true # type: pvc # mountPath: /shared # targetSelectAll: true # static: # mode: smb # server: "/someserver" # share: "someshare" # domain: "somedomain" # user: "someuser" # password: "somepass" # static-custom-pvc: # enabled: true # type: pvc # mountPath: /shared # targetSelectAll: true # static: # mode: custom # provisioner: "some.provisioner" # driver: "somedriver" # # Custom CSI definition here # csi: {} # example-volumesnapshot: # enabled: true # type: pvc # mountPath: /shared # targetSelectAll: true # volumeSnapshots: # - name: "mysnapshot" # volumeSnapshotClassName: "mysnapshotclass" (optional) persistenceList: [] deviceList: [] volumeSnapshotClass: {} volumeSnapshotClassList: {} volumeSnapshots: {} volumeSnapshotsList: {} # volumeSnapshots: # mysnapshot: # volumeSnapshotClassName: "mycustomsnapshot" (optional) # source: # # pick one # persistentVolumeClaimName: "mypvcname" (does not get altered) # volumeSnapshotContentName: "mysnapshotname" # -- Injected from SCALE middleware # Only for reference here ixExternalInterfacesConfiguration: [] # -- Injected from SCALE middleware # Only for reference here ixExternalInterfacesConfigurationNames: [] # -- (docs/imagePullSecrets.md) imagePullSecret: {} # -- (docs/imagePullSecrets.md) imagePullSecretList: [] # -- (docs/configmap.md) configmap: {} # -- (docs/secret.md) secret: {} # -- (docs/serviceAccount.md) serviceAccount: {} # -- (docs/rbac.md) rbac: {} # -- (docs/scaleExternalInterface.md) scaleExternalInterface: [] # NOTES.txt notes: header: | # Thank you for installing {{ .Chart.Name }} by TrueCharts. # custom: "{{ toYaml $.Values }}" custom: | {{- if .Values.iXPortals }} ## Connecting externally You can use this Chart by opening one of the following links in your browser: {{- range .Values.iXPortals }} - {{ toYaml . }} {{- end -}} {{- end }} ## Sources for {{ .Chart.Name }} {{- range .Chart.Sources }} - {{ . }} {{- end -}} {{- $link := .Chart.Annotations.docs -}} {{- if not $link -}} {{- $link = .Chart.Home -}} {{- end }} See more for **{{ $.Chart.Name }}** at ({{ $link }}) footer: | ## Documentation Please check out the TrueCharts documentation on: https://truecharts.org OpenSource can only exist with your help, please consider supporting TrueCharts: https://truecharts.org/sponsor warnings: [] # -- iXsystems prototype values.yaml based portals iXPortals: [] #### ## ## TrueCharts Specific Root Objects ## #### # -- Defines the portals for which config needs to be generated portal: open: enabled: false override: protocol: host: port: path: "" targetSelector: ingress: "" service: "" port: "" # -- Set by "open" portal, used for some applications internally. APPURL: "" gluetunImage: repository: tccr.io/tccr/gluetun tag: v3.37.0@sha256:7e179e4ec360cd71aee7674553efd380da0a7049a00b2794a4d8062c458250a6 pullPolicy: IfNotPresent netshootImage: repository: tccr.io/tccr/netshoot tag: v0.12.0@sha256:5eaa1962bc601b104c8b66ecc5ab11f986f72110caa7faeacb4a47d10526bf21 pullPolicy: IfNotPresent tailscaleImage: repository: tccr.io/tccr/tailscale tag: v1.61.11@sha256:11ee2938069285c50759a012c345c7ac3ca5663a56d0ca1ff23a083ab6d0bd4c pullPolicy: IfNotPresent codeserverImage: repository: tccr.io/tccr/code-server tag: v4.22.0@sha256:7a8f85e31c4d3f75b1bac55d4c4389a8fc5d3ec3dc59e7f44cf03782776e51c1 pullPolicy: IfNotPresent alpineImage: repository: tccr.io/tccr/alpine tag: v3.19.1@sha256:ade0065e19edaa4f6903d464ee70605111a48394536deb94f31b661264704558 pullPolicy: IfNotPresent scratchImage: repository: tccr.io/tccr/scratch tag: latest@sha256:782bbb4ff892784202be7b5e4e94f8434f2598779ba0c61a727929cbe5ce405a pullPolicy: IfNotPresent kubectlImage: repository: tccr.io/tccr/kubectl tag: latest@sha256:a27b86c5b4f194865fa2e994029d3b8ae1fca186c587b4cf19ad0a3bf9086eb8 pullPolicy: IfNotPresent wgetImage: repository: tccr.io/tccr/wget tag: v1.0.0@sha256:2c26ff54ed4bed9e4f1a97132119ba22f75710655d08c400bcef15dc08f9e0d1 pullPolicy: IfNotPresent yqImage: pullPolicy: IfNotPresent repository: mikefarah/yq tag: 4.42.1@sha256:eed5d07d2f6a6bd882be5519e98ca2cd3dc3819005820d80b83ae6f3d774e639 postgresClientImage: repository: tccr.io/tccr/db-wait-postgres tag: v1.1.0@sha256:4e4e5b9f37a5d0c8d90d744de23d1857079095fbb55d2944ec91d83241f60376 pullPolicy: IfNotPresent mariadbClientImage: repository: tccr.io/tccr/db-wait-mariadb tag: v1.1.0@sha256:62858b8191b662716d84840f8d9b3c86654f175686159c5267a1c860d75f398d pullPolicy: IfNotPresent redisClientImage: repository: tccr.io/tccr/db-wait-redis tag: v1.1.0@sha256:e9412891c9b6c96f11143cd88f5d19df352bf7b5570f1825f67b5e1a2ddec176 pullPolicy: IfNotPresent mongodbClientImage: repository: tccr.io/tccr/db-wait-mongodb tag: v1.1.0@sha256:9268e23927c4abd9bd031ef62a8a36c58e15361cf3f617906029fa4b6f25c71c pullPolicy: IfNotPresent postgres15Image: repository: ghcr.io/cloudnative-pg/postgresql tag: "15.6" pullPolicy: IfNotPresent postgres16Image: repository: ghcr.io/cloudnative-pg/postgresql tag: "16.2" pullPolicy: IfNotPresent postgresPostgis15Image: repository: ghcr.io/cloudnative-pg/postgis tag: "15-3.4" pullPolicy: IfNotPresent postgresPostgis16Image: repository: ghcr.io/cloudnative-pg/postgis tag: "16-3.4" pullPolicy: IfNotPresent postgresVectors15Image: repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs tag: "15.6-v0.2.1" pullPolicy: IfNotPresent postgresVectors16Image: repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs tag: "16.2-v0.2.1" pullPolicy: IfNotPresent # -- OpenVPN specific configuration # @default -- See below openvpnImage: # -- Specify the openvpn client image repository: tccr.io/tccr/openvpn-client # -- Specify the openvpn client image tag tag: latest@sha256:2816991021542042f34ca2448b8a8bde93e8e75ae52f53922b1ab70491788ee5 # -- Specify the openvpn client image pull policy pullPolicy: IfNotPresent # -- WireGuard specific configuration # @default -- See below wireguardImage: # -- Specify the WireGuard image repository: tccr.io/tccr/wireguard # -- Specify the WireGuard image tag tag: v1.0.20210914@sha256:683b8b74d64ebd07f9955147539834c2a4b60fee51d2a36fa76b9aba689601bf # -- Specify the WireGuard image pull policy pullPolicy: IfNotPresent # -- Configure the ingresses for the chart here. # Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. # @default -- See below ingress: main: # -- Enables or disables the ingress enabled: false # -- Make this the primary ingress (used in probes, notes, etc...). # If there is more than 1 ingress, make sure that only 1 ingress is marked as primary. primary: true # -- Ensure this ingress is always enabled. required: false # expandObjectName: false # -- Provide additional labels which may be required. labels: {} # -- Provide additional annotations which may be required. annotations: {} # -- Set the ingressClass that is used for this ingress. # Requires Kubernetes >=1.19 ingressClassName: "" # Defaults to primary service and primary port # targetSelector: # # service: port # main: main ## Configure the hosts for the ingress hosts: [] # - # -- Host address. Helm template can be passed. # host: chart-example.local # ## Configure the paths for the host # paths: # - # -- Path. Helm template can be passed. # path: / # # -- Ignored if not kubeVersion >= 1.14-0 # pathType: Prefix # # -- Overrides the service reference for this path, by default the selector is honored # overrideService: # # -- Overrides the service name reference for this path # name: # # -- Overrides the service port reference for this path # port: # -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template. # Gets ignored when clusterIssuer is filled tls: [] # - secretName: chart-example-tls # certificateIssuer: "" # hosts: # - chart-example.local integrations: certManager: enabled: false certificateIssuer: "" traefik: enabled: true # Default to websecure entrypoints: - websecure enableFixedMiddlewares: true # Ensures tls annotation is set forceTLS: true # Drops both global and local fixedMiddlewares when enabled allowCors: false # fixedMiddlewares: # - name: chain-basic # # Optional, by default will try to # # "lookup" the namespace based on the name # namespace: "" middlewares: [] # - name: my-middleware # # Optional, by default will try to # # "lookup" the namespace based on the name # namespace: "" homepage: enabled: false # Default: chart name name: "" # Default: chart description description: "" # Default: no group group: "" # Default: chart icon icon: "" widget: # Default: chartname type: "" # Default to ingress host 0 url: "" custom: # somesetting: some value customkv: # - key: some key # value: some value certificate: {} # main: # enabled: false # certificateIssuer: someissuer # hosts: # - somehost # # Optional # certificateSecretTemplate: # labels: {} # annotations: {} # -- BETA: Configure the gateway routes for the chart here. # Additional routes can be added by adding a dictionary key similar to the 'main' route. # Please be aware that this is an early beta of this feature, TrueCharts does not guarantee this actually works. # Being BETA this can/will change in the future without notice, please do not use unless you want to take that risk # [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2) # @default -- See below route: main: # -- Enables or disables the route enabled: false # -- Set the route kind # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute kind: HTTPRoute # -- Provide additional annotations which may be required. annotations: {} # -- Provide additional labels which may be required. labels: {} # -- Configure the resource the route attaches to. parentRefs: - # Group of the referent resource. group: gateway.networking.k8s.io # Kind of the referent resource. kind: Gateway # Name of the referent resource name: # Namespace of the referent resource namespace: # Name of the section within the target resource. sectionName: # -- Host addresses hostnames: [] # -- Configure rules for routing. Defaults to the primary service. rules: - # -- Configure backends where matching requests should be sent. backendRefs: - group: "" kind: Service name: namespace: port: weight: 1 ## Configure conditions used for matching incoming requests. Only for HTTPRoutes matches: - path: type: PathPrefix value: / podDisruptionBudget: main: enabled: false # -- Custom Selector Labels # customLabels: # customKey: customValue targetSelector: main minAvailable: 1 maxUnavailable: 1 webhook: validating: enabled: false type: validating webhooks: [] mutating: enabled: false type: mutating webhooks: [] priorityClass: {} # priorityClass: # example: # provisioner: some.provisioner.io # enabled: true # value: 1000000 # preemptionPolicy: PreemptLowerPriority # globalDefault: false # description: "some description" # # -- create storageClasses on demand storageClass: {} # storageClass: # example: # provisioner: some.provisioner.io # enabled: true # parameters: {} # reclaimPolicy: retain # allowVolumeExpansion: true # volumeBindingMode: Immediate # mountOptions: [] # # Parameters for the BackupStorageLocation(s). Configure multiple by adding other element(s) to the backupStorageLocation slice. # # See https://velero.io/docs/v1.6/api-types/backupstoragelocation/ backupStorageLocationList: [] # - name: name # # name is the name of the backup storage location where backups should be stored. If a name is not provided, # # a backup storage location will be created with the name "default". Optional. backupStorageLocation: {} # backupStorageLocation: # name: # # provider is the name for the backup storage location provider. # provider: # objectStorage: # # bucket is the name of the bucket to store backups in. Required. # bucket: # # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. # caCert: # # prefix is the directory under which all Velero data should be stored within the bucket. Optional. # prefix: # # validationFrequency defines how frequently Velero should validate the object storage. Optional. # validationFrequency: # # accessMode determines if velero can write to this backup storage location. Optional. # # default to ReadWrite, ReadOnly is used during migrations and restores. # accessMode: ReadWrite # credential: # # AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3) # aws: # id: fdgsdfghsdfgh # key: dfgdfhsdfgh # # name of the secret used by this backupStorageLocation. # name: # # name of key that contains the secret data to be used. # key: # # Additional provider-specific configuration. See link above # # for details of required/optional fields for your provider. # config: {} # # region: # # s3ForcePathStyle: # # s3Url: # # kmsKeyId: # # resourceGroup: # # The ID of the subscription containing the storage account, if different from the cluster’s subscription. (Azure only) # # subscriptionId: # # storageAccount: # # publicUrl: # # Name of the GCP service account to use for this backup storage location. Specify the # # service account here if you want to use workload identity instead of providing the key file.(GCP only) # # serviceAccount: # # Option to skip certificate validation or not if insecureSkipTLSVerify is set to be true, the client side should set the # # flag. For Velero client Command like velero backup describe, velero backup logs needs to add the flag --insecure-skip-tls-verify # # insecureSkipTLSVerify: # # # Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice. # # See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/ volumeSnapshotLocationList: [] # # name is the |name of the volume snapshot location where snapshots are being taken. Required. # - name: name # ... volumeSnapshotLocation: {} # volumeSnapshotLocation: # name: # enabled: false # # provider is the name for the volume snapshot provider. # provider: # credential: # # AWS/s3 credentials to be put into secret (mandatory if provider == aws/s3) # aws: # id: fdgsdfghsdfgh # key: dfgdfhsdfgh # # name of the secret used by this volumeSnapshotLocation. (Optional/Advanced) # name: # # name of key that contains the secret data to be used. (Optional/Advanced) # key: # # Additional provider-specific configuration. See link above # # for details of required/optional fields for your provider. # config: {} # # region: # # apiTimeout: # # resourceGroup: # # The ID of the subscription where volume snapshots should be stored, if different from the cluster’s subscription. If specified, also requires `configuration.volumeSnapshotLocation.config.resourceGroup`to be set. (Azure only) # # subscriptionId: # # incremental: # # snapshotLocation: # # project: # Backup schedules to create. schedules: {} # Also available in list format: schedulesList: [] # Eg: # schedules: # mybackup: # disabled: false # labels: # myenv: foo # annotations: # myenv: foo # schedule: "0 0 * * *" # useOwnerReferencesInBackup: false # ## Included namespace, is set by default to the chart itself, unless explicitly specified # template: # ttl: "240h" # storageLocation: default # # -- create volumeSnapshotClass on demand # volumeSnapshotClass: # example: # enabled: true # driver: some.driver.io # deletionPolicy: Retain # isDefault: false # parameters: {} metrics: main: enabled: false primary: true # options: servicemonitor, podmonitor type: "servicemonitor" # defaults to selectorLabels selector: {} endpoints: - port: main interval: 5s scrapeTimeout: 5s path: / honorLabels: false prometheusRule: enabled: false groups: {} # somegroup: # # list of rules # rules: [] # # list to support adding rules via the SCALE GUI without overwrithing the rules # additionalrules: [] # List to support adding groups using the SCALE GUI additionalgroups: #- name: "somegroup" # # list of rules # rules: [] # # list to support adding rules via the SCALE GUI without overwrithing the rules # additionalrules: [] crd: verify: enabled: true # -- Contains specific settings for helm charts containing or using operators operator: # -- Adds a configmap to the operator to register this chart as an operator register: false # -- Verified wether required operators for this chart are actually installed and registered verify: enabled: true # -- Makes non-found operators hard-failing failOnError: true # -- a list of extra operators to check for additionalOperators: [] ## -- used as a datastore when a metallb operator is found. # metallb: {} ## -- used as a datastore when a traefik operator is found. # traefik: {} ## -- used as a datastore when a prometheus operator is found. # prometheus: {} ## -- used as a datastore when a cloudnative-pg operator is found. # cloudnative-pg: {} ## -- used as a datastore when a cert-manager operator is found. # cert-manager: {} # -- The common chart supports several add-ons. These can be configured under this key. # @default -- See below addons: # -- The common chart supports adding a VPN add-on. It can be configured under this key. # @default -- See values.yaml vpn: # -- Specify the VPN type. Valid options are disabled, gluetun, openvpn, wireguard or tailscale # OpenVPN and Wireguard are considered deprecated type: disabled # -- Tailscale specific configuration # @default -- See below # See more info for the configuration # https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh tailscale: # -- Auth key to connect to the VPN Service authkey: "" # As a sidecar, it should only need to run in userspace userspace: true auth_once: true accept_dns: false routes: "" dest_ip: "" sock5_server: "" extra_args: "" daemon_extra_args: "" outbound_http_proxy_listen: "" # -- Annotations for tailscale sidecar annotations: {} # -- OpenVPN specific configuration # @default -- See below openvpn: # -- Credentials to connect to the VPN Service (used with -a) # Only using password is enough username: "" password: "" # -- All variables specified here will be added to the vpn sidecar container # See the documentation of the VPN image for all config values env: {} # TZ: UTC # -- All variables specified here will be added to the vpn sidecar container # See the documentation of the VPN image for all config values envList: [] # - name: someenv # value: somevalue # -- you can directly specify the config file here config: "" scripts: # -- you can directly specify the upscript here up: "" # some script # -- you can directly specify the downscript here down: "" # some script # -- Provide a customized vpn configuration file location to be used by the VPN. configFile: "" # -- Provide a customized vpn configuration folder location to be added to the VPN container # The config file needs to be mounted seperately # the upscript and downscript need to be named: upscript.sh and downscript.sh respectively configFolder: "" # -- Provide an existing secret for vpn config storage existingSecret: "" # -- select pods to bind vpn addon to # Add "codeserver" to also add the codeserver pod to VPN targetSelector: - main ## Only for Wireguard and OpenVPN killSwitch: true excludedNetworks_IPv4: [] excludedNetworks_IPv6: [] # -- The common library supports adding a code-server add-on to access files. It can be configured under this key. # @default -- See values.yaml codeserver: # -- Enable running a code-server container in the pod enabled: false # -- Set any environment variables for code-server here env: {} # -- All variables specified here will be added to the codeserver sidecar container # See the documentation of the codeserver image for all config values envList: [] # - name: someenv # value: somevalue # -- Set codeserver command line arguments. # Consider setting --user-data-dir to a persistent location to preserve code-server setting changes args: - --auth - none # - --user-data-dir # - "/config/.vscode" # -- Select a container to add the addon to targetSelector: # -- Specify the working dir that will be opened when code-server starts # If not given, the app will default to the mountpah of the first specified volumeMount workingDir: "/" service: # -- Enable a service for the code-server add-on. enabled: true type: ClusterIP # Specify the default port information ports: codeserver: enabled: true primary: true protocol: http port: 12321 ingress: # -- Enable an ingress for the code-server add-on. enabled: false annotations: {} # kubernetes.io/ingress.class: nginx labels: {} hosts: - host: code.chart-example.local paths: - path: / # Ignored if not kubeVersion >= 1.14-0 pathType: Prefix tls: [] netshoot: # -- Enable running a netshoot container in the pod enabled: false # -- Set any environment variables for netshoot here env: {} ########################################################################## # This section contains some pre-config for frequently used dependencies # ########################################################################## cnpg: main: enabled: false primary: true # -- Puts the cnpg cluster in hibernation mode hibernate: false # Additional Labels and annotations for all cnpg objects labels: {} annotations: {} # Type of the CNPG database. Available types: # * `postgres` # * `postgis` # * `timescaledb` # * `vectors` type: postgres # Version of Postgresql to use, changes cluster naming scheme # * `15` # * `16` pgVrsion: 16 # Cluster mode of operation. Available modes: # * `standalone` - default mode. Creates new or updates an existing CNPG cluster. # * `replica` - Creates a replica cluster from an existing CNPG cluster. # TODO # * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup. mode: standalone # Database details database: "app" user: "app" password: "" # Database cluster configuration cluster: # Additional Labels and annotations for cnpg cluster labels: {} annotations: {} # Number of instances instances: 2 # set to true on single-node clusters to allow PVCs to be kept on instance restart singleNode: false # # -- storage size for the data pvc's # # Follows the same spec as .Values.Persistence type=PVC # storage: # size: "256Gi" # # -- storage size for the wal pvc's # # Follows the same spec as .Values.Persistence type=PVC # walStorage: # size: "256Gi" # -- Gets scaled to 0 if hibernation is true ## See .Values.resources for more info # resources: # Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been # successfully updated. It can be switchover (default) or in-place (restart). primaryUpdateMethod: switchover # Strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been # successfully updated: it can be automated (unsupervised - default) or manual (supervised) # Example of rolling update strategy: # - unsupervised: automated update of the primary once all # replicas have been upgraded (default) # - supervised: requires manual supervision to perform # the switchover of the primary # -- change to supervised to disable unsupervised updates primaryUpdateStrategy: unsupervised # The instances' log level, one of the following values: error, warning, info (default), debug, trace logLevel: info # The configuration for the CA and related certificates # See: https://cloudnative-pg.io/documentation/current/api_reference/#CertificatesConfiguration certificates: # When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. # If the secret is not present, the operator will automatically create one. # When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, # and then blank the password of the postgres user by setting it to NULL. # enableSuperuserAccess: true # Configuration of the PostgreSQL server # See: https://cloudnative-pg.io/documentation/current/api_reference/#PostgresConfiguration postgresql: # BootstrapInitDB is the configuration of the bootstrap process when initdb is used # See: https://cloudnative-pg.io/documentation/current/bootstrap/ # See: https://cloudnative-pg.io/documentation/current/api_reference/#bootstrapinitdb initdb: {} # postInitSQL: # - CREATE EXTENSION IF NOT EXISTS vector; # postInitApplicationSQL: # - CREATE EXTENSION IF NOT EXISTS someextension; # -- set to enable prometheus metrics monitoring: enablePodMonitor: true disableDefaultQueries: false customQueries: [] # - name: "pg_cache_hit_ratio" # expandObjectName: true # key: "custom-key" (defaults to "custom-queries") # query: "SELECT current_database() as datname, sum(heap_blks_hit) / (sum(heap_blks_hit) + sum(heap_blks_read)) as ratio FROM pg_statio_user_tables;" # metrics: # - datname: # usage: "LABEL" # description: "Name of the database database" # - ratio: # usage: GAUGE # description: "Cache hit ratio" # Recovery settings if the chosen mode is `recovery`. recovery: ## # Backup Recovery Method # Available recovery methods: # * `backup` - Recovers a CNPG cluster from a CNPG backup (PITR supported) Needs to be on the same cluster in the same namespace. # * `object_store` - Recovers a CNPG cluster from a barman object store (PITR supported). # * `pg_basebackup` - Recovers a CNPG cluster viaa streaming replication protocol. Useful if you want to # migrate databases to CloudNativePG, even from outside Kubernetes. # TODO method: object_store ## set a revision to append to the serverName to ensure restore and backup dont target the same thing # revision: 1 # override serverName in recovery obkect servername: "" ## Point in time recovery target. Specify one of the following: pitrTarget: time: "" # Time in RFC3339 format # Name of the backup to recover from. Required if method is `backup`. backupName: "" # Object Store Recovery Method clusterName: "" # Overrides the provider specific default endpoint. Defaults to: # S3: https://s3..amazonaws.com" endpointURL: "" # Leave empty if using the default S3 endpoint # Overrides the provider specific default path. Defaults to: # S3: s3:// # Azure: https://..core.windows.net/ # Google: gs:// destinationPath: "" provider: s3 # One of s3, azure, google s3: region: "" bucket: "" path: "/" accessKey: "" secretKey: "" azure: path: "/" connectionString: "" storageAccount: "" storageKey: "" storageSasToken: "" containerName: "" serviceName: blob inheritFromAzureAD: false google: path: "/" bucket: "" gkeEnvironment: false applicationCredentials: "" # Database cluster backup configuration backups: enabled: false # You need to configure backups manually, so backups are disabled by default. # Overrides the provider specific default endpoint. Defaults to: # S3: https://s3..amazonaws.com" endpointURL: "" # Leave empty if using the default S3 endpoint ## set a revision to append to the serverName to ensure restore and backup dont target the same thing # revision: 1 # override serverName in recovery obkect servername: "" # Overrides the provider specific default path. Defaults to: # S3: s3:// # Azure: https://..core.windows.net/ # Google: gs:// destinationPath: "" # default: primary, other option prefer-standby target: "" provider: s3 s3: region: "" bucket: "" path: "/" accessKey: "" secretKey: "" azure: path: "/" connectionString: "" storageAccount: "" storageKey: "" storageSasToken: "" containerName: "" serviceName: blob inheritFromAzureAD: false google: path: "/" bucket: "" gkeEnvironment: false applicationCredentials: "" scheduledBackups: - name: daily-backup # Daily at midnight schedule: "0 0 0 * * *" # Daily at midnight backupOwnerReference: self immediate: true suspend: false retentionPolicy: "30d" # - Manual list of backups manualBackups: [] # - name: today # labels: {} # annotations: {} # - name: beforeUpgrade # labels: {} # annotations: {} # Database cluster PgBouncer configuration pooler: enabled: false # -- enable to create extra pgbouncer for readonly access createRO: false poolMode: session # -- Gets scaled to 0 if hibernation is true instances: 2 # parameters: # max_client_conn: "1000" # default_pool_size: "25" labels: {} annotations: {} # -- contains credentials and urls output by generator creds: {} # -- Redis dependency configuration # @default -- See below redis: enabled: false # -- can be used to make an easy accessible note which URLS to use to access the DB. creds: {} secret: credentials: enabled: false # -- mariadb dependency configuration # @default -- See below mariadb: enabled: false existingSecret: "mariadbcreds" # -- can be used to make an easy accessable note which URLS to use to access the DB. creds: {} # -- mongodb dependency configuration # @default -- See below mongodb: enabled: false existingSecret: "mongodbcreds" # -- can be used to make an easy accessable note which URLS to use to access the DB. creds: {} # -- clickhouse dependency configuration # @default -- See below clickhouse: enabled: false existingSecret: "clickhousecreds" # -- can be used to make an easy accessable note which URLS to use to access the DB. creds: {} # -- solr dependency configuration # @default -- See below solr: enabled: false solrCores: 1 solrEnableAuthentication: "no" existingSecret: "solrcreds" # -- can be used to make an easy accessable note which URLS to use to access the DB. creds: {} # -- List of extra objects to deploy with the release extraTpl: []