Files
library-charts/library/common/values.yaml
Stavros Kois af161957f9 fix(addons): Addons -> add net_raw capability, codeserver -> mark svc primary when no other exists (#386)
**Description**
<!--
Please include a summary of the change and which issue is fixed. Please
also include relevant motivation and context. List any dependencies that
are required for this change.
-->
⚒️ Fixes https://github.com/truecharts/charts/issues/7932
⚒️ Fixes https://github.com/truecharts/charts/issues/7949
⚒️ Fixes https://github.com/truecharts/charts/issues/7973

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [x] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [ ] ⚖️ My code follows the style guidelines of this project
- [ ] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning

** App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._
2023-04-14 12:45:16 +02:00

790 lines
22 KiB
YAML

# -- Global values
global:
# -- Set additional global labels
labels: {}
# -- Set additional global annotations
annotations: {}
# -- Adds metalLB annotations to services
addMetalLBAnnotations: true
# -- Adds traefik annotations to services
addTraefikAnnotations: true
# -- Minimum nodePort value
minNodePort: 9000
fallbackDefaults:
# -- Define a storageClassName that will be used for all PVCs
# Can be overruled per PVC
storageClass:
# -- Default probe type
probeType: http
# -- Default Service Protocol
serviceProtocol: tcp
# -- Default Service Type
serviceType: ClusterIP
# -- Default persistence type
persistenceType: pvc
# -- Default Retain PVC
pvcRetain: false
# -- Default PVC Size
pvcSize: 1Gi
# -- Default VCT Size
vctSize: 100Gi
# -- Default PVC/VCT Access Modes
accessModes:
- ReadWriteOnce
# -- Default probe timeouts
probeTimeouts:
liveness:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
readiness:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 2
startup:
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 60
successThreshold: 1
# -- Image values
image:
# -- Image repository
repository: tccr.io/truecharts/whoami
# -- Image tag
tag: 1.9.0@sha256:ff8dfff3c266af64aa7a6653c0b7f2c51fd6c0608335997af1d334aac3e19798
# -- Image pull policy
pullPolicy: IfNotPresent
chartContext:
APPURL: ""
podCIDR: ""
svcCIDR: ""
# -- Security Context
securityContext:
# -- Container security context for all containers
# Can be overruled per container
container:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
# When set to false, it will automatically
# add CHOWN, SETUID, SETGID, FOWNER, DAC_OVERRIDE
# capabilities ONLY when container runs as ROOT
disableS6Caps: false
# -- PUID for all containers
# Can be overruled per container
PUID: 568
# -- UMASK for all containers
# Can be overruled per container
UMASK: "0022"
# -- Pod security context for all pods
# Can be overruled per pod
pod:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: []
sysctls: []
# -- Resources
# Can be overruled per container
resources:
limits:
cpu: 4000m
memory: 8Gi
requests:
cpu: 10m
memory: 50Mi
containerOptions:
NVIDIA_CAPS:
- all
# -- Options for all pods
# Can be overruled per pod
podOptions:
enableServiceLinks: false
hostNetwork: false
restartPolicy: Always
dnsPolicy: ClusterFirst
dnsConfig:
options:
- name: ndots
value: "2"
hostAliases: []
nodeSelector: {}
tolerations: []
schedulerName: ""
priorityClassName: ""
runtimeClassName: ""
automountServiceAccountToken: false
terminationGracePeriodSeconds: 120
# -- (docs/workload/README.md)
workload:
main:
enabled: true
primary: true
type: Deployment
dbWait: true
podSpec:
containers:
main:
enabled: true
primary: true
imageSelector: image
probes:
liveness:
enabled: true
type: "{{ .Values.service.main.ports.main.protocol }}"
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
readiness:
enabled: true
type: "{{ .Values.service.main.ports.main.protocol }}"
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
startup:
enabled: true
type: "{{ .Values.service.main.ports.main.protocol }}"
port: "{{ $.Values.service.main.ports.main.targetPort | default .Values.service.main.ports.main.port }}"
# -- Timezone used everywhere applicable
TZ: UTC
# -- (docs/service/README.md)
service:
main:
enabled: true
primary: true
ports:
main:
enabled: true
primary: true
protocol: http
serviceList: []
# -- (docs/persistence/README.md)
persistence:
shared:
enabled: true
type: emptyDir
mountPath: /shared
targetSelectAll: true
varlogs:
enabled: true
type: emptyDir
mountPath: /var/logs
targetSelectAll: true
varrun:
enabled: true
type: emptyDir
mountPath: /var/run
mediume: Memory
targetSelectAll: true
tmp:
enabled: true
type: emptyDir
mountPath: /tmp
targetSelectAll: true
devshm:
enabled: true
type: emptyDir
mountPath: /dev/shm
targetSelectAll: true
persistenceList: []
deviceList: []
# -- Injected from SCALE middleware
# Only for reference here
ixExternalInterfacesConfiguration: []
# -- Injected from SCALE middleware
# Only for reference here
ixExternalInterfacesConfigurationNames: []
# -- Injected from SCALE middleware
# Only for reference here
ixCertificates: []
# -- Injected from SCALE middleware
# Only for reference here
ixVolumes: []
# -- (docs/imagePullSecrets.md)
imagePullSecret: []
# -- (docs/configmap.md)
configmap: {}
# -- (docs/secret.md)
secret: {}
# -- (docs/serviceAccount.md)
serviceAccount: {}
# -- (docs/rbac.md)
rbac: {}
# -- (docs/volumeClaimTemplates) (StatefulSet only)
volumeClaimTemplates: {}
# -- (docs/scaleExternalInterface.md)
scaleExternalInterface: []
# -- (docs/scaleCertificate.md)
scaleCertificate: {}
# -- (docs/scaleGPU.md)
scaleGPU: []
# NOTES.txt
notes:
header: |
# Welcome to using <{{ .Chart.Name }}>.
Thank you for installing thank you for choosing TrueCharts
# custom: "{{ toYaml $.Values }}"
custom: |
## Using <{{ .Chart.Name }}>
{{- if .Values.iXPortals -}}
## Connecting externally
You can use this Chart by opening one of the following links in your browser:
{{- range .Values.iXPortals -}}
- {{ . }}
{{- end -}}
{{- end -}}
footer: |
## Documentation
Please check out the TrueCharts documentation on:
https://truecharts.com
OpenSource can only exist with your help, please consider supporting TrueCharts:
https://truecharts.org/sponsor
# -- iXsystems prototype values.yaml based portals
iXPortals: []
####
##
## TrueCharts Specific Root Objects
##
####
# -- Defines the portals for which config needs to be generated
portal:
open:
enabled: false
override:
protocol:
host:
port:
path: ""
targetSelector:
ingress: ""
service: ""
port: ""
# -- Set by "open" portal, used for some applications internally.
APPURL: ""
# -- Used to inject our own operator manifests into SCALE
manifestManager:
enabled: true
staging: false
gluetunImage:
repository: tccr.io/truecharts/gluetun
tag: v3.33.0@sha256:bb28fa01c89797cfc45fd8d565d0b55054ded2da01a38299db5529d5cc96c284
pullPolicy: IfNotPresent
netshootImage:
repository: tccr.io/truecharts/netshoot
tag: v0.9.0@sha256:cb04e9350c925087e6fd9030f1686cd3310b17e55d5559a0efeb541ec485d917
pullPolicy: IfNotPresent
tailscaleImage:
repository: tccr.io/truecharts/tailscale
tag: 1.38.2@sha256:69f39271f34db3acee5f037dc2b4435d44c617693da92e3f3412dd42240d603a
pullPolicy: IfNotPresent
codeserverImage:
repository: tccr.io/truecharts/code-server
tag: 4.11.0@sha256:3c711432999c42e06cc45d49a8f7908f53bb33246e988360c13aef9ab6680662
pullPolicy: IfNotPresent
alpineImage:
repository: tccr.io/truecharts/alpine
tag: 3.17.2@sha256:2bd8913d46815053416e28f572a5ffb2c5e6cd8bafcc521497497583a21033b4
pullPolicy: IfNotPresent
scratchImage:
repository: tccr.io/truecharts/scratch
tag: latest@sha256:180d25cc7a4f380758cd1e72864793c280f3e1728d800984c3287a709803e172
pullPolicy: IfNotPresent
kubectlImage:
repository: tccr.io/truecharts/kubectl
tag: v1.26.0@sha256:6bef58bf5b7850021884cf6ea2f32333cbfcd99be79d1fff0d6e5ced1ac044b4
pullPolicy: IfNotPresent
wgetImage:
repository: tccr.io/truecharts/wget
tag: 1.0.0@sha256:05fc885a527c349338c4f882db985a82af576221ab1493145f055c71d05784d7
pullPolicy: IfNotPresent
postgresClientImage:
repository: tccr.io/truecharts/db-wait-postgres
tag: 1.1.0@sha256:a163c7836d7bb436a428f5d55bbba0eb73bcdb9bc202047e2523bbb539c113e6
pullPolicy: IfNotPresent
mariadbClientImage:
repository: tccr.io/truecharts/db-wait-mariadb
tag: 1.1.0@sha256:492a9659511d3288ba9b6536fb17d1cb037fb3876f402dffa5dbcb040acbb85a
pullPolicy: IfNotPresent
redisClientImage:
repository: tccr.io/truecharts/db-wait-redis
tag: 1.1.0@sha256:8affa086d097b948f62b0433d70f4219a22ec29843ebd5479391869341bdb638
pullPolicy: IfNotPresent
mongodbClientImage:
repository: tccr.io/truecharts/db-wait-mongodb
tag: 1.1.0@sha256:502f70a653a905ad23576e208d0e5241e9cc8aeed63bb923e6da8563bdc3c1e7
pullPolicy: IfNotPresent
# -- OpenVPN specific configuration
# @default -- See below
openvpnImage:
# -- Specify the openvpn client image
repository: tccr.io/truecharts/openvpn-client
# -- Specify the openvpn client image tag
tag: latest@sha256:1f83decdf614cbf48e2429921b6f0efa0e825f447f5c510b65bc90f660227688
# -- Specify the openvpn client image pull policy
pullPolicy: IfNotPresent
# -- WireGuard specific configuration
# @default -- See below
wireguardImage:
# -- Specify the WireGuard image
repository: tccr.io/truecharts/wireguard
# -- Specify the WireGuard image tag
tag: v1.0.20210914@sha256:9f56e5660e8df8d4d38521ed73a4cc29fa24bf578007bfbe633e00184e2ebfbc
# -- Specify the WireGuard image pull policy
pullPolicy: IfNotPresent
# -- Configure the ingresses for the chart here.
# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
# @default -- See below
ingress:
main:
# -- Enables or disables the ingress
enabled: false
# -- Make this the primary ingress (used in probes, notes, etc...).
# If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
primary: true
# -- Ensure this ingress is always enabled.
required: false
# -- Override the name suffix that is used for this ingress.
nameOverride:
# -- Autolink the ingress to a service and port, both with the same name as the ingress.
autoLink: false
# -- disable to ignore any default middlwares
enableFixedMiddlewares: true
# -- set the Cert-Manager clusterissuer for this ingress
clusterIssuer: ""
# -- List of middlewares in the traefikmiddlewares k8s namespace to add automatically
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
# Primarily used for TrueNAS SCALE to add additional (seperate) middlewares without exposing them to the end-user
fixedMiddlewares:
- chain-basic
# -- Additional List of middlewares in the traefikmiddlewares k8s namespace to add automatically
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
middlewares: []
annotationsList: []
# - name: somename
# value: somevalue
# -- Provide additional annotations which may be required.
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labelsList: []
# - name: somename
# value: somevalue
# -- Set labels on the deployment/statefulset/daemonset
# -- Provide additional labels which may be required.
# -- Provide additional labels which may be required.
labels: {}
# -- Set the ingressClass that is used for this ingress.
# Requires Kubernetes >=1.19
ingressClassName: # "nginx"
## Configure the hosts for the ingress
hosts:
- # -- Host address. Helm template can be passed.
host: chart-example.local
## Configure the paths for the host
paths:
- # -- Path. Helm template can be passed.
path: /
# -- Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
service:
# -- Overrides the service name reference for this path
name:
# -- Overrides the service port reference for this path
port:
# -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
# Gets ignored when clusterIssuer is filled
tls: []
# - secretName: chart-example-tls
# # Cannot be combined with scaleCert
# clusterIssuer: ""
# # Cannot be combined with clusterIssuer
# scaleCert: ""
# hosts:
# - chart-example.local
# -- BETA: Configure the gateway routes for the chart here.
# Additional routes can be added by adding a dictionary key similar to the 'main' route.
# Please be aware that this is an early beta of this feature, TrueCharts does not guarantee this actually works.
# Being BETA this can/will change in the future without notice, please do not use unless you want to take that risk
# [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)
# @default -- See below
route:
main:
# -- Enables or disables the route
enabled: false
# -- Set the route kind
# Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute
kind: HTTPRoute
# -- Provide additional annotations which may be required.
annotations: {}
# -- Provide additional labels which may be required.
labels: {}
# -- Configure the resource the route attaches to.
parentRefs:
- # Group of the referent resource.
group: gateway.networking.k8s.io
# Kind of the referent resource.
kind: Gateway
# Name of the referent resource
name:
# Namespace of the referent resource
namespace:
# Name of the section within the target resource.
sectionName:
# -- Host addresses
hostnames: []
# -- Configure rules for routing. Defaults to the primary service.
rules:
- # -- Configure backends where matching requests should be sent.
backendRefs:
- group: ""
kind: Service
name:
namespace:
port:
weight: 1
## Configure conditions used for matching incoming requests. Only for HTTPRoutes
matches:
- path:
type: PathPrefix
value: /
metrics:
main:
enabled: false
primary: true
# options: servicemonitor, podmonitor
type: "servicemonitor"
# defaults to selectorLabels
selector: {}
endpoints:
- port: main
interval: 5s
scrapeTimeout: 5s
path: /
honorLabels: false
prometheusRule:
enabled: false
groups: {}
# somegroup:
# # list of rules
# rules: []
# # list to support adding rules via the SCALE GUI without overwrithing the rules
# additionalrules: []
# List to support adding groups using the SCALE GUI
additionalgroups:
#- name: "somegroup"
# # list of rules
# rules: []
# # list to support adding rules via the SCALE GUI without overwrithing the rules
# additionalrules: []
# -- The common chart supports several add-ons. These can be configured under this key.
# @default -- See below
addons:
# -- The common chart supports adding a VPN add-on. It can be configured under this key.
# @default -- See values.yaml
vpn:
# -- Specify the VPN type. Valid options are disabled, gluetun, openvpn, wireguard or tailscale
# OpenVPN and Wireguard are considered deprecated
type: disabled
# -- Tailscale specific configuration
# @default -- See below
# See more info for the configuration
# https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh
tailscale:
# -- Auth key to connect to the VPN Service
authkey: ""
# As a sidecar, it should only need to run in userspace
userspace: true
auth_once: true
accept_dns: false
routes: ""
dest_ip: ""
sock5_server: ""
extra_args: ""
daemon_extra_args: ""
outbound_http_proxy_listen: ""
# -- Annotations for tailscale sidecar
annotations: {}
# -- OpenVPN specific configuration
# @default -- See below
openvpn:
# -- Credentials to connect to the VPN Service (used with -a)
# Only using password is enough
username: ""
password: ""
# -- All variables specified here will be added to the vpn sidecar container
# See the documentation of the VPN image for all config values
env: {}
# TZ: UTC
# -- All variables specified here will be added to the vpn sidecar container
# See the documentation of the VPN image for all config values
envList: []
# - name: someenv
# value: somevalue
# -- you can directly specify the config file here
config: ""
scripts:
# -- you can directly specify the upscript here
up: ""
# some script
# -- you can directly specify the downscript here
down: ""
# some script
# -- Provide a customized vpn configuration file location to be used by the VPN.
configFile: ""
# -- Provide a customized vpn configuration folder location to be added to the VPN container
# The config file needs to be mounted seperately
# the upscript and downscript need to be named: upscript.sh and downscript.sh respectively
configFolder: ""
# -- Provide an existing secret for vpn config storage
existingSecret: ""
# -- select pods to bind vpn addon to
# Add "codeserver" to also add the codeserver pod to VPN
targetSelector:
- main
## Only for Wireguard and OpenVPN
killSwitch: true
excludedNetworks_IPv4: []
excludedNetworks_IPv6: []
# -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
# @default -- See values.yaml
codeserver:
# -- Enable running a code-server container in the pod
enabled: false
# -- Set any environment variables for code-server here
env: {}
# -- All variables specified here will be added to the codeserver sidecar container
# See the documentation of the codeserver image for all config values
envList: []
# - name: someenv
# value: somevalue
# -- Set codeserver command line arguments.
# Consider setting --user-data-dir to a persistent location to preserve code-server setting changes
args:
- --auth
- none
# - --user-data-dir
# - "/config/.vscode"
# -- Specify the working dir that will be opened when code-server starts
# If not given, the app will default to the mountpah of the first specified volumeMount
workingDir: "/"
service:
# -- Enable a service for the code-server add-on.
enabled: true
type: ClusterIP
# Specify the default port information
ports:
codeserver:
enabled: true
primary: true
protocol: http
port: 12321
ingress:
# -- Enable an ingress for the code-server add-on.
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
labels: {}
hosts:
- host: code.chart-example.local
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
tls: []
# -- Select a container to add the addon to
targetSelector: ""
netshoot:
# -- Enable running a netshoot container in the pod
enabled: false
# -- Set any environment variables for netshoot here
env: {}
##
# This section contains some-preconfig for frequently used dependencies
##
cnpg:
main:
enabled: false
primary: true
# -- number of instances for both postgres and pgbouncer
instances: 2
database: "app"
user: "app"
# password:
# superUserPassword:
# -- change to supervised to disable unsupervised updates
# Example of rolling update strategy:
# - unsupervised: automated update of the primary once all
# replicas have been upgraded (default)
# - supervised: requires manual supervision to perform
# the switchover of the primary
primaryUpdateStrategy: unsupervised
# -- enable to create extra pgbouncer for readonly access
acceptRO: false
# -- storage size for the two pvc's per instance
storage:
size: "256Gi"
walsize: "256Gi"
pooler:
instances: 2
# -- set to enable prometheus metrics
monitoring:
enablePodMonitor: true
# -- contains credentials and urls output by generator
creds: {}
# -- contains postgresql settings
# ref: https://cloudnative-pg.io/documentation/1.19/postgresql_conf/#the-postgresql-section
postgresql: {}
# -- Redis dependency configuration
# @default -- See below
redis:
enabled: false
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
manifestManager:
enabled: false
secret:
credentials:
enabled: false
# -- mariadb dependency configuration
# @default -- See below
mariadb:
enabled: false
existingSecret: "mariadbcreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
manifestManager:
enabled: false
# -- mongodb dependency configuration
# @default -- See below
mongodb:
enabled: false
existingSecret: "mongodbcreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
manifestManager:
enabled: false
# -- clickhouse dependency configuration
# @default -- See below
clickhouse:
enabled: false
existingSecret: "clickhousecreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
manifestManager:
enabled: false
# -- solr dependency configuration
# @default -- See below
solr:
enabled: false
solrCores: 1
solrEnableAuthentication: "no"
existingSecret: "solrcreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
creds: {}
manifestManager:
enabled: false