mirror of
https://github.com/truecharts/library-charts.git
synced 2026-07-06 11:21:22 -03:00
1137 lines
32 KiB
YAML
1137 lines
32 KiB
YAML
# This file only includes the default values that are applied.
|
|
# All values can be overridden per chart, in their values.yaml
|
|
# For Examples and Explanation view the "Values.yaml Explained" markdown file
|
|
|
|
# Defines image info
|
|
image:
|
|
repository: repo
|
|
tag: tag
|
|
pullPolicy: IfNotPresent
|
|
|
|
openvpnImage:
|
|
repository: tccr.io/truecharts/openvpn-client
|
|
tag: latest@sha256:1f83decdf614cbf48e2429921b6f0efa0e825f447f5c510b65bc90f660227688
|
|
pullPolicy: IfNotPresent
|
|
|
|
wireguardImage:
|
|
repository: tccr.io/truecharts/wireguard
|
|
tag: v1.0.20210914@sha256:9f56e5660e8df8d4d38521ed73a4cc29fa24bf578007bfbe633e00184e2ebfbc
|
|
pullPolicy: IfNotPresent
|
|
|
|
tailscaleImage:
|
|
repository: tailscale/tailscale
|
|
# TODO: Switch to stable once a v1.33.x is released
|
|
tag: v1.34.1@sha256:69bec9fdea25765e1b9dd129ccaeaf1e160f1132bb390535772fa939f0bf620b
|
|
pullPolicy: IfNotPresent
|
|
|
|
codeserverImage:
|
|
repository: tccr.io/truecharts/code-server
|
|
tag: 4.9.1@sha256:b339bd8f6da4c73c0259d6951991278aa1595a6be570a207ce635c75aac9893d
|
|
pullPolicy: IfNotPresent
|
|
|
|
alpineImage:
|
|
repository: tccr.io/truecharts/alpine
|
|
tag: v3.17.0@sha256:f8607e14a5e456c1b8fe50b7f0c9371b4aae543d23080f5e2fe0bdbb06d2413b
|
|
pullPolicy: IfNotPresent
|
|
|
|
scratchImage:
|
|
repository: tccr.io/truecharts/scratch
|
|
tag: latest@sha256:b4289ea433ec1308f6f2e8bff3f23bcd52b751ccb691284210ed826385ba9317
|
|
pullPolicy: IfNotPresent
|
|
|
|
kubectlImage:
|
|
repository: tccr.io/truecharts/kubectl
|
|
tag: v1.26.0@sha256:e56d1c8dd3ba85bb8410cc9f5c04f03f814e4b76ffcc7f12730868faba5b9c52
|
|
pullPolicy: IfNotPresent
|
|
|
|
wgetImage:
|
|
repository: tccr.io/truecharts/wget
|
|
tag: v0.0.1
|
|
pullPolicy: IfNotPresent
|
|
|
|
postgresClientImage:
|
|
repository: tccr.io/truecharts/db-wait-postgres
|
|
tag: v0.0.1
|
|
pullPolicy: IfNotPresent
|
|
|
|
mariadbClientImage:
|
|
repository: tccr.io/truecharts/db-wait-mariadb
|
|
tag: v0.0.1
|
|
pullPolicy: IfNotPresent
|
|
|
|
redisClientImage:
|
|
repository: tccr.io/truecharts/db-wait-redis
|
|
tag: v0.0.1
|
|
pullPolicy: IfNotPresent
|
|
|
|
mongodbClientImage:
|
|
repository: tccr.io/truecharts/db-wait-mongodb
|
|
tag: v0.0.1
|
|
pullPolicy: IfNotPresent
|
|
|
|
# Defines the image that will be used
|
|
imageSelector: ""
|
|
|
|
# Defines the imagePullSecrets
|
|
imagePullCredentials: []
|
|
|
|
# Defines environment variables
|
|
env: {}
|
|
|
|
# SCALE / GUI Focused
|
|
envList: []
|
|
|
|
# Defines the environment variables from a secret or configmap
|
|
envFrom: []
|
|
|
|
# Defines the timezone for the container
|
|
TZ: UTC
|
|
|
|
# Default Security values for main container
|
|
security:
|
|
PUID: 568
|
|
UMASK: "002"
|
|
|
|
# Nvidia Caps will be assigned via environment variable
|
|
# If empty, global defaults will be used
|
|
nvidiaCaps: []
|
|
|
|
stdin: false
|
|
|
|
tty: false
|
|
|
|
# Overrides the default entrypoint
|
|
command: []
|
|
|
|
# Overrides the default args
|
|
args: []
|
|
|
|
# Appends to args
|
|
extraArgs: []
|
|
|
|
# Adds hosts to /etc/hosts
|
|
hostAliases: []
|
|
|
|
# Binds to host network
|
|
hostNetwork: false
|
|
|
|
notes: |
|
|
This Chart/App does not have any additional Notes
|
|
|
|
# Creates a service account
|
|
serviceAccount:
|
|
main:
|
|
enabled: false
|
|
primary: true
|
|
automountServiceAccountToken: true
|
|
|
|
# Creates Role and RoleBinding
|
|
# (or ClusterRole and ClusterRoleBinding if clusterWide is true)
|
|
rbac:
|
|
main:
|
|
enabled: false
|
|
primary: true
|
|
clusterWide: false
|
|
|
|
# Creates a configmap
|
|
configmap: {}
|
|
|
|
# Creates a secret
|
|
secret: {}
|
|
|
|
# Defines lifecycle hooks
|
|
lifecycle: {}
|
|
|
|
# Used for SCALE / GUI Focused
|
|
scaleGPU: {}
|
|
|
|
# Adds annotations to the pod
|
|
podAnnotations: {}
|
|
|
|
# Adds annotations to the service
|
|
addAnnotations:
|
|
traefik: true
|
|
metallb: true
|
|
|
|
# Used for SCALE
|
|
scaleCerts: {}
|
|
|
|
# Used for SCALE / GUI Focused
|
|
scaleCertsList: []
|
|
|
|
# Used to generate custom cert-manager certificates
|
|
certificates: {}
|
|
|
|
# Defines the probes
|
|
probes:
|
|
liveness:
|
|
enabled: true
|
|
readiness:
|
|
enabled: true
|
|
startup:
|
|
enabled: true
|
|
|
|
portalGenerator:
|
|
main:
|
|
enabled: true
|
|
# linkedService: ""
|
|
# linkedPort: ""
|
|
# linkedIngress: ""
|
|
# protocol: ""
|
|
# host: ""
|
|
# port: 80
|
|
# path: ""
|
|
|
|
# Used for SCALE / GUI Focused
|
|
externalInterfaces: []
|
|
|
|
# Injected from middleware
|
|
ixExternalInterfacesConfiguration: []
|
|
# Injected from middleware
|
|
ixExternalInterfacesConfigurationNames: []
|
|
|
|
# - Everything bellow needs documentation
|
|
hostname: ""
|
|
|
|
# Injected from middleware
|
|
ixCertificates: []
|
|
# Injected from middleware
|
|
ixVolumes: []
|
|
|
|
global:
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
annotations: {}
|
|
labels: {}
|
|
defaults:
|
|
# If not defined on per pod or in ixChartContext, assume this.
|
|
# Empty means NO runtimeClassName
|
|
runtimeClassName: ""
|
|
# If not defined on the the cert item, assume this
|
|
useRevokedCerts: false
|
|
# If not defined on the the cert item, assume this
|
|
useExpiredCerts: false
|
|
# If not defined on the pod, assume this
|
|
dnsPolicy: ClusterFirst
|
|
# If no restart Policy is defined, assume this
|
|
restartPolicy: Always
|
|
# If no restart Policy for job is defined, assume this
|
|
jobRestartPolicy: Never
|
|
# If no port Protocol is defined, assume this
|
|
portProtocol: TCP
|
|
# Define the minimum NodePort
|
|
minimumNodePort: 9000
|
|
# If no service Type is defined, assume this
|
|
serviceType: ClusterIP
|
|
# If no PVC Size is defined, assume this
|
|
PVCSize: 1Gi
|
|
# If no VCT Size is defined, assume this
|
|
VCTSize: 999Gi
|
|
# If no PVC type is defined, assume this
|
|
persistenceType: pvc
|
|
# If no validateHostPath key exists in the persistence item, assume this
|
|
validateHostPath: false
|
|
# If no PVC accessMode is defined, assume this
|
|
accessMode: ReadWriteOnce
|
|
# If no PVC retain key is defined, assume this
|
|
# Note, that this adds an annotation for helm whether to delete
|
|
# the resource on uninstall, manually deleting the namespace it will delete
|
|
# the resource no matter what this is set.
|
|
PVCRetain: false
|
|
# Define a storageClassName that will be used for all PVCs by default
|
|
# Leave empty to rely on the node's default storageClass
|
|
storageClass:
|
|
# When SCALE-ZFS is set for storageClass, return this name
|
|
scaleZFSStorageClass: '{{ printf "ix-storage-class-%v" .Release.Name}}'
|
|
# Default security context used for all
|
|
# init/install/upgrade/additional
|
|
# and main containers if not specified
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
privileged: false
|
|
capabilities:
|
|
add: []
|
|
drop:
|
|
- ALL
|
|
# Default podSecurityContext, used if
|
|
# no other is specified
|
|
podSecurityContext:
|
|
fsGroup: 568
|
|
supplementalGroups: []
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
# Default Security values, if no others
|
|
# are specified
|
|
security:
|
|
PUID: 568
|
|
UMASK: "002"
|
|
# Whether to inject fixedEnvs on containers
|
|
# Can be overruled per container
|
|
injectFixedEnvs: true
|
|
# Default nvidia Caps will be assigned via
|
|
# environment variable (requires injectFixedEnvs)
|
|
nvidiaCaps:
|
|
- all
|
|
# Default Resources values, if no others
|
|
# are specified, use those
|
|
resources:
|
|
limits:
|
|
cpu: 4000m
|
|
memory: 8Gi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 50Mi
|
|
# If no probe Type is defined, assume this
|
|
probeType: auto
|
|
# If no probe Path is defined, assume this
|
|
probePath: /
|
|
# Default probe timeouts, if no others
|
|
# are specified, use those
|
|
probes:
|
|
liveness:
|
|
spec:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 5
|
|
readiness:
|
|
spec:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 5
|
|
startup:
|
|
spec:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
timeoutSeconds: 2
|
|
failureThreshold: 60
|
|
# Default job/cronjob values
|
|
job:
|
|
cron:
|
|
concurrencyPolicy: Forbid
|
|
failedJobsHistoryLimit: 1
|
|
successfulJobsHistoryLimit: 3
|
|
backoffLimit: 6
|
|
completionMode: NonIndexed
|
|
|
|
|
|
# - Bellow values are needed (in addition to the default global)
|
|
# as those are being referenced on other values in values.yaml sometimes
|
|
|
|
# Default podSecurityContext for main pod
|
|
podSecurityContext:
|
|
fsGroup: 568
|
|
supplementalGroups: []
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
|
|
# Default securityContext for main container
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
privileged: false
|
|
capabilities:
|
|
add: []
|
|
drop:
|
|
- ALL
|
|
# Default resources for main container
|
|
resources:
|
|
limits:
|
|
cpu: 4000m
|
|
memory: 8Gi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 50Mi
|
|
|
|
# -- Used to inject our own operator manifests into SCALE
|
|
manifests:
|
|
enabled: true
|
|
staging: false
|
|
|
|
nameOverride: ""
|
|
|
|
fullnameOverride: ""
|
|
|
|
podLabels: {}
|
|
|
|
enableServiceLinks: false
|
|
|
|
schedulerName: ""
|
|
|
|
priorityClassName: ""
|
|
|
|
dnsPolicy: ""
|
|
|
|
dnsConfig: {}
|
|
|
|
nodeSelector: {}
|
|
|
|
runtimeClassName: ""
|
|
|
|
tolerations: []
|
|
|
|
termination:
|
|
messagePath: ""
|
|
messagePolicy: ""
|
|
gracePeriodSeconds: 10
|
|
|
|
controller:
|
|
# -- Enable the controller.
|
|
enabled: true
|
|
# -- Set the controller type.
|
|
# Valid options are: deployment | daemonset | statefulset
|
|
type: Deployment
|
|
# -- Set labels on the deployment/statefulset/daemonset. Helm templates can be used.
|
|
labels: {}
|
|
# -- Set annotations on the deployment/statefulset/daemonset. Helm templates can be used.
|
|
annotations: {}
|
|
# -- Revision history limit
|
|
revisionHistoryLimit: 3
|
|
# -- Number of desired pods
|
|
replicas: 1
|
|
# -- Set the controller upgrade strategy
|
|
# For Deployments, valid values are Recreate (default) and RollingUpdate.
|
|
# For StatefulSets, valid values are OnDelete and RollingUpdate (default).
|
|
# DaemonSets ignore this.
|
|
strategy: ""
|
|
# -- Set rollingUpdate strategies
|
|
rollingUpdate:
|
|
# -- Set deployment RollingUpdate max unavailable
|
|
unavailable:
|
|
# -- Set deployment RollingUpdate max surge
|
|
surge:
|
|
# -- Set statefulset RollingUpdate partition
|
|
partition:
|
|
|
|
additionalContainers: {}
|
|
|
|
systemContainers:
|
|
auto-permissions:
|
|
enabled: '{{ if or ( eq ( include "tc.v1.common.lib.util.autoperms.detect" $ ) "true" ) ( and ( .Values.addons.vpn.configFile.enabled ) ( ne .Values.addons.vpn.type "disabled" ) ( ne .Values.addons.vpn.type "tailscale" ) ) }}true{{ else }}false{{ end }}'
|
|
imageSelector: alpineImage
|
|
securityContext:
|
|
runAsUser: 0
|
|
runAsNonRoot: false
|
|
resources:
|
|
inherit: true
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
/bin/sh <<'EOF'
|
|
echo "Automatically correcting permissions..."
|
|
{{- $hostPathMounts := dict -}}
|
|
{{- range $name, $mount := .Values.persistence -}}
|
|
{{- if and $mount.enabled $mount.setPermissions -}}
|
|
{{- $name = default ( $name| toString ) $mount.name -}}
|
|
{{- $_ := set $hostPathMounts $name $mount -}}
|
|
{{- end -}}
|
|
{{- end }}
|
|
{{- if and ( .Values.addons.vpn.configFile.enabled ) ( ne .Values.addons.vpn.type "disabled" ) ( ne .Values.addons.vpn.type "tailscale" ) }}
|
|
echo "Automatically correcting permissions for vpn config file..."
|
|
/usr/sbin/nfs4xdr_winacl -a chown -O 568 -G 568 -c /vpn/vpn.conf -p /vpn/vpn.conf || echo "Failed setting permissions..."
|
|
{{- end }}
|
|
{{- range $_, $hpm := $hostPathMounts }}
|
|
echo "Automatically correcting permissions for {{ $hpm.mountPath }}..."
|
|
/usr/sbin/nfs4xdr_winacl -a chown -G {{ $.Values.podSecurityContext.fsGroup | default $.Values.global.defaults.podSecurityContext.fsGroup }} -r -c {{ tpl $hpm.mountPath $ | squote }} -p {{ tpl $hpm.mountPath $ | squote }} || echo "Failed setting permissions..."
|
|
{{- end }}
|
|
EOF
|
|
volumeMounts:
|
|
- inherit: "setPermissions"
|
|
redis-wait:
|
|
enabled: false
|
|
#enabled: '{{ $result := false }}{{ range .Values.cnpg }}{{ if .enabled }}{{ $result = true }}{{ end }}{{ end }}{{ $result }}'
|
|
imageSelector: redisClientImage
|
|
securityContext:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
resources:
|
|
inherit: true
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
/bin/bash <<'EOF'
|
|
{{ range $name, $redis := .Values.redis }}
|
|
{{ if $redis.enabled }}
|
|
echo "Executing DB waits..."
|
|
{{ $redisName := include "ix.v1.common.names.fullname" $ }}
|
|
{{ $nameOverride := $redis.nameOverride }}
|
|
|
|
{{ if and (not $redis.nameOverride ) (ne $name (include "tc.v1.common.lib.util.redis.primary" $)) }}
|
|
{{ $_ := set $redis.nameOverride $name }}
|
|
{{ end }}
|
|
|
|
{{ if $redis.nameOverride }}
|
|
{{ $redisName = printf "%v-%v" $redisName $nameOverride }}
|
|
{{ end }}
|
|
|
|
|
|
{{ if $redis.auth }}export REDISCLI_AUTH="{{ }}";{{ end }}
|
|
export LIVE=false;
|
|
until "$LIVE";
|
|
do
|
|
response=$(
|
|
timeout -s 3 2 \
|
|
redis-cli \
|
|
-h "{{ }}" \
|
|
-p "{{ }}" \
|
|
ping
|
|
)
|
|
if [ "$response" == "PONG" ] || [ "$response" == "LOADING Redis is loading the dataset in memory" ]; then
|
|
LIVE=true
|
|
echo "$response"
|
|
echo "Redis Responded, ending initcontainer and starting main container(s)..."
|
|
else
|
|
echo "$response"
|
|
echo "Redis not responding... Sleeping for 10 sec..."
|
|
sleep 10
|
|
fi;
|
|
done
|
|
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
|
|
|
|
|
|
EOF
|
|
mariadb-wait:
|
|
enabled: "{{ if .Values.mariadb.enabled }}true{{ else }}false{{end}}"
|
|
imageSelector: mariadbClientImage
|
|
securityContext:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
resources:
|
|
inherit: true
|
|
env:
|
|
MARIADB_HOST:
|
|
secretKeyRef:
|
|
name: mariadbcreds
|
|
key: plainhost
|
|
MARIADB_ROOT_PASSWORD:
|
|
secretKeyRef:
|
|
name: mariadbcreds
|
|
key: mariadb-root-password
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
/bin/bash <<'EOF'
|
|
echo "Executing DB waits..."
|
|
until
|
|
mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" ping \
|
|
&& mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" status;
|
|
do sleep 2;
|
|
done
|
|
EOF
|
|
mongodb-wait:
|
|
enabled: "{{ if .Values.mongodb.enabled }}true{{ else }}false{{end}}"
|
|
imageSelector: mongodbClientImage
|
|
securityContext:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
resources:
|
|
inherit: true
|
|
env:
|
|
MONGODB_HOST:
|
|
secretKeyRef:
|
|
name: mongodbcreds
|
|
key: plainhost
|
|
MONGODB_DATABASE:
|
|
value: "{{ .Values.mongodb.mongodbDatabase }}"
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
/bin/bash <<'EOF'
|
|
echo "Executing DB waits..."
|
|
until
|
|
HOME=/config && echo "db.runCommand(\"ping\")" | mongosh --host ${MONGODB_HOST} --port 27017 ${MONGODB_DATABASE} --quiet;
|
|
do sleep 2;
|
|
done
|
|
EOF
|
|
|
|
clickhouse-wait:
|
|
enabled: "{{ if .Values.clickhouse.enabled }}true{{ else }}false{{end}}"
|
|
imageSelector: alpineImage
|
|
securityContext:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
resources:
|
|
inherit: true
|
|
env:
|
|
CLICKHOUSE_PING:
|
|
secretKeyRef:
|
|
name: clickhousecreds
|
|
key: ping
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
/bin/bash <<'EOF'
|
|
echo "Executing DB waits..."
|
|
until wget --quiet --tries=1 --spider "${CLICKHOUSE_PING}"; do
|
|
echo "ClickHouse - no response. Sleeping 2 seconds..."
|
|
sleep 2
|
|
done
|
|
echo "ClickHouse - accepting connections"
|
|
EOF
|
|
solr-wait:
|
|
enabled: "{{ if .Values.solr.enabled }}true{{ else }}false{{end}}"
|
|
imageSelector: wgetImage
|
|
securityContext:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
resources:
|
|
inherit: true
|
|
env:
|
|
SOLR_HOST:
|
|
secretKeyRef:
|
|
name: solrcreds
|
|
key: plainhost
|
|
SOLR_CORES:
|
|
value: "{{ .Values.solr.solrCores }}"
|
|
SOLR_ENABLE_AUTHENTICATION:
|
|
value: "{{ .Values.solr.solrEnableAuthentication }}"
|
|
SOLR_ADMIN_USERNAME:
|
|
value: "{{ .Values.solr.solrUsername }}"
|
|
SOLR_ADMIN_PASSWORD:
|
|
secretKeyRef:
|
|
name: solrcreds
|
|
key: solr-password
|
|
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
/bin/bash <<'EOF'
|
|
echo "Executing DB waits..."
|
|
if [ "$SOLR_ENABLE_AUTHENTICATION" == "yes" ]; then
|
|
until curl --fail --user "${SOLR_ADMIN_USERNAME}":"${SOLR_ADMIN_PASSWORD}" "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do
|
|
echo "Solr is not responding... Sleeping 2 seconds..."
|
|
sleep 2
|
|
done
|
|
else
|
|
until curl --fail "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do
|
|
echo "Solr is not responding... Sleeping 2 seconds..."
|
|
sleep 2
|
|
done
|
|
fi;
|
|
EOF
|
|
postgresql-wait:
|
|
enabled: "{{ if .Values.postgresql.enabled }}true{{ else }}false{{end}}"
|
|
imageSelector: postgresClientImage
|
|
securityContext:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
resources:
|
|
inherit: true
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
/bin/sh <<'EOF'
|
|
echo "Executing DB waits..."
|
|
{{- $pghost := printf "%v-%v" .Release.Name "postgresql" }}
|
|
until
|
|
pg_isready -U {{ .Values.postgresql.postgresqlUsername }} -h {{ $pghost }}
|
|
do sleep 2
|
|
done
|
|
EOF
|
|
|
|
cnpg-wait:
|
|
enabled: '{{ $result := false }}{{ range .Values.cnpg }}{{ if .enabled }}{{ $result = true }}{{ end }}{{ end }}{{ $result }}'
|
|
imageSelector: postgresClientImage
|
|
securityContext:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
resources:
|
|
inherit: true
|
|
command:
|
|
- "/bin/sh"
|
|
- "-c"
|
|
- |
|
|
/bin/sh <<'EOF'
|
|
{{ range $name, $cnpg := .Values.cnpg }}
|
|
{{ if $cnpg.enabled }}
|
|
echo "Executing DB waits..."
|
|
{{ $cnpgName := include "ix.v1.common.names.fullname" $ }}
|
|
{{ $nameOverride := $cnpg.nameOverride }}
|
|
|
|
{{ if and (not $cnpg.nameOverride ) (ne $name (include "tc.v1.common.lib.util.cnpg.primary" $)) }}
|
|
{{ $_ := set $cnpg.nameOverride $name }}
|
|
{{ end }}
|
|
|
|
{{ if $cnpg.nameOverride }}
|
|
{{ $cnpgName = printf "%v-%v" $cnpgName $nameOverride }}
|
|
{{ end }}
|
|
|
|
until
|
|
pg_isready -U {{ .user }} -h cnpg-{{ $cnpgName }}-rw
|
|
do sleep 2
|
|
done
|
|
until
|
|
pg_isready -U {{ .user }} -h cnpg-pooler-{{ $cnpgName }}-rw
|
|
do sleep 2
|
|
done
|
|
{{ if $cnpg.acceptRO }}
|
|
until
|
|
pg_isready -U {{ .user }} -h cnpg-{{ $cnpgName }}-ro
|
|
do sleep 2
|
|
done
|
|
until
|
|
pg_isready -U {{ .user }} -h cnpg-pooler-{{ $cnpgName }}-ro
|
|
do sleep 2
|
|
done
|
|
{{ end }}
|
|
|
|
{{ end }}
|
|
{{ end }}
|
|
EOF
|
|
|
|
initContainers: {}
|
|
|
|
# -- Configure the services for the chart here.
|
|
# Additional services can be added by adding a dictionary key similar to the 'main' service.
|
|
# @default -- See below
|
|
service:
|
|
main:
|
|
# -- Enables or disables the service
|
|
enabled: true
|
|
# enabled: false
|
|
# -- Configure the Service port information here.
|
|
# Additional ports can be added by adding a dictionary key similar to the 'main' port.
|
|
# @default -- See below
|
|
primary: true
|
|
ports:
|
|
main:
|
|
# -- Enables or disables the port
|
|
enabled: true
|
|
# enabled: false
|
|
# -- Make this the primary port (used in probes, notes, etc...)
|
|
# If there is more than 1 service, make sure that only 1 port is marked as primary.
|
|
primary: true
|
|
# -- The port number (Default port is required if enabled: true)
|
|
port:
|
|
# -- Port protocol.
|
|
# Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`.
|
|
# HTTPS and HTTPS spawn a TCP service and get used for internal URL and name generation
|
|
protocol: HTTP
|
|
# -- Specify a service targetPort if you wish to differ the service port from the application port.
|
|
# If `targetPort` is specified, this port number is used in the container definition instead of
|
|
# the `port` value. Therefore named ports are not supported for this field.
|
|
targetPort:
|
|
# -- Specify the nodePort value NodePort service types.
|
|
# [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport)
|
|
nodePort:
|
|
|
|
|
|
persistence:
|
|
# -- Create an emptyDir volume dedicated to be shared between all containers
|
|
# [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir)
|
|
shared:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /shared
|
|
|
|
# -- Create an emptyDir volume to share between all containers
|
|
# [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir)
|
|
varlogs:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /var/logs
|
|
|
|
# -- Create an emptyDir volume (shared between all containers) for temporary storage
|
|
# [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir)
|
|
tmp:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /tmp
|
|
|
|
# -- Create an emptyDir volume to for /dev/shm
|
|
# [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir)
|
|
# @default -- See below
|
|
shm:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /dev/shm
|
|
medium: Memory
|
|
|
|
# -- Used in conjunction with `controller.type: StatefulSet` to create individual disks for each instance.
|
|
volumeClaimTemplates: {}
|
|
# data:
|
|
# mountPath: /data
|
|
# accessMode: "ReadWriteOnce"
|
|
# size: 1Gi
|
|
|
|
|
|
# -- Configure the ingresses for the chart here.
|
|
# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
|
|
# @default -- See below
|
|
ingress:
|
|
main:
|
|
# -- Enables or disables the ingress
|
|
enabled: false
|
|
|
|
# -- Make this the primary ingress (used in probes, notes, etc...).
|
|
# If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
|
|
primary: true
|
|
|
|
# -- Override the name suffix that is used for this ingress.
|
|
nameOverride:
|
|
|
|
# -- Autolink the ingress to a service and port, both with the same name as the ingress.
|
|
autoLink: false
|
|
|
|
# -- disable to ignore any default middlwares
|
|
enableFixedMiddlewares: true
|
|
|
|
# -- set the Cert-Manager clusterissuer for this ingress
|
|
clusterIssuer: ""
|
|
|
|
# -- List of middlewares in the traefikmiddlewares k8s namespace to add automatically
|
|
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
|
|
# Primarily used for TrueNAS SCALE to add additional (seperate) middlewares without exposing them to the end-user
|
|
fixedMiddlewares:
|
|
- chain-basic
|
|
|
|
# -- Additional List of middlewares in the traefikmiddlewares k8s namespace to add automatically
|
|
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
|
|
middlewares: []
|
|
annotationsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Provide additional annotations which may be required.
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
|
|
labelsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Set labels on the deployment/statefulset/daemonset
|
|
# -- Provide additional labels which may be required.
|
|
# -- Provide additional labels which may be required.
|
|
labels: {}
|
|
|
|
# -- Set the ingressClass that is used for this ingress.
|
|
# Requires Kubernetes >=1.19
|
|
ingressClassName: # "nginx"
|
|
|
|
## Configure the hosts for the ingress
|
|
hosts:
|
|
- # -- Host address. Helm template can be passed.
|
|
host: chart-example.local
|
|
## Configure the paths for the host
|
|
paths:
|
|
- # -- Path. Helm template can be passed.
|
|
path: /
|
|
# -- Ignored if not kubeVersion >= 1.14-0
|
|
pathType: Prefix
|
|
service:
|
|
# -- Overrides the service name reference for this path
|
|
name:
|
|
# -- Overrides the service port reference for this path
|
|
port:
|
|
|
|
# -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
|
|
# Gets ignored when clusterIssuer is filled
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# # Cannot be combined with scaleCert
|
|
# clusterIssuer: ""
|
|
# # Cannot be combined with clusterIssuer
|
|
# scaleCert: ""
|
|
# hosts:
|
|
# - chart-example.local
|
|
|
|
metrics:
|
|
main:
|
|
enabled: false
|
|
primary: true
|
|
# options: servicemonitor, podmonitor
|
|
type: "servicemonitor"
|
|
# defaults to selectorLabels
|
|
selector: {}
|
|
endpoints:
|
|
- port: 3000
|
|
interval: 5
|
|
scrapeTimeout: 5
|
|
path: /
|
|
honorLabels: false
|
|
prometheusRule:
|
|
enabled: false
|
|
groups: {}
|
|
# somegroup:
|
|
# # list of rules
|
|
# rules: []
|
|
# # list to support adding rules via the SCALE GUI without overwrithing the rules
|
|
# additionalrules: []
|
|
# List to support adding groups using the SCALE GUI
|
|
additionalgroups:
|
|
#- name: "somegroup"
|
|
# # list of rules
|
|
# rules: []
|
|
# # list to support adding rules via the SCALE GUI without overwrithing the rules
|
|
# additionalrules: []
|
|
|
|
# -- The common chart supports several add-ons. These can be configured under this key.
|
|
# @default -- See below
|
|
addons:
|
|
# -- The common chart supports adding a VPN add-on. It can be configured under this key.
|
|
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn)
|
|
# @default -- See values.yaml
|
|
vpn:
|
|
# -- Specify the VPN type. Valid options are disabled, openvpn, wireguard or tailscale
|
|
type: disabled
|
|
|
|
# -- OpenVPN specific configuration
|
|
# @default -- See below
|
|
openvpn:
|
|
# -- Credentials to connect to the VPN Service (used with -a)
|
|
# Only using password is enough
|
|
username: ""
|
|
password: ""
|
|
|
|
# -- Tailscale specific configuration
|
|
# @default -- See below
|
|
# See more info for the configuration
|
|
# https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh
|
|
tailscale:
|
|
# -- Auth key to connect to the VPN Service
|
|
authkey: ""
|
|
# As a sidecar, it should only need to run in userspace
|
|
userspace: true
|
|
auth_once: true
|
|
accept_dns: false
|
|
routes: ""
|
|
dest_ip: ""
|
|
sock5_server: ""
|
|
extra_args: ""
|
|
daemon_extra_args: ""
|
|
outbound_http_proxy_listen: ""
|
|
# -- Annotations for tailscale sidecar
|
|
annotations: {}
|
|
|
|
killSwitch: true
|
|
excludedNetworks_IPv4: []
|
|
excludedNetworks_IPv6: []
|
|
|
|
# -- Set the VPN container specific securityContext
|
|
# @default -- See values.yaml
|
|
securityContext: {}
|
|
|
|
# -- All variables specified here will be added to the vpn sidecar container
|
|
# See the documentation of the VPN image for all config values
|
|
env: {}
|
|
# TZ: UTC
|
|
|
|
# -- All variables specified here will be added to the vpn sidecar container
|
|
# See the documentation of the VPN image for all config values
|
|
envList: []
|
|
# - name: someenv
|
|
# value: somevalue
|
|
|
|
# -- Provide a customized vpn configuration file to be used by the VPN.
|
|
configFile:
|
|
enabled: true
|
|
type: hostPath
|
|
# -- Which path on the host should be mounted.
|
|
hostPath: /vpn/vpn.conf
|
|
noMount: true
|
|
# -- Specifying a hostPathType adds a check before trying to mount the path.
|
|
# See Kubernetes documentation for options.
|
|
hostPathType: "File"
|
|
|
|
# -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
|
|
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#code-server)
|
|
# @default -- See values.yaml
|
|
codeserver:
|
|
# -- Enable running a code-server container in the pod
|
|
enabled: false
|
|
|
|
# -- Set any environment variables for code-server here
|
|
env: {}
|
|
# TZ: UTC
|
|
|
|
# -- All variables specified here will be added to the codeserver sidecar container
|
|
# See the documentation of the codeserver image for all config values
|
|
envList: []
|
|
# - name: someenv
|
|
# value: somevalue
|
|
# -- Set codeserver command line arguments.
|
|
# Consider setting --user-data-dir to a persistent location to preserve code-server setting changes
|
|
args:
|
|
- --auth
|
|
- none
|
|
# - --user-data-dir
|
|
# - "/config/.vscode"
|
|
|
|
# -- Specify the working dir that will be opened when code-server starts
|
|
# If not given, the app will default to the mountpah of the first specified volumeMount
|
|
workingDir: "/"
|
|
|
|
# -- Optionally allow access a Git repository by passing in a private SSH key
|
|
# @default -- See below
|
|
git:
|
|
# -- Raw SSH private key
|
|
deployKey: ""
|
|
# -- Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence.
|
|
deployKeyBase64: ""
|
|
# -- Existing secret containing SSH private key
|
|
# The chart expects it to be present under the `id_rsa` key.
|
|
deployKeySecret: ""
|
|
|
|
service:
|
|
# -- Enable a service for the code-server add-on.
|
|
enabled: true
|
|
type: ClusterIP
|
|
# Specify the default port information
|
|
ports:
|
|
codeserver:
|
|
port: 12321
|
|
enabled: true
|
|
protocol: TCP
|
|
targetPort: 12321
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort: 36107
|
|
|
|
ingress:
|
|
# -- Enable an ingress for the code-server add-on.
|
|
enabled: false
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
labels: {}
|
|
hosts:
|
|
- host: code.chart-example.local
|
|
paths:
|
|
- path: /
|
|
# Ignored if not kubeVersion >= 1.14-0
|
|
pathType: Prefix
|
|
tls: []
|
|
|
|
|
|
##
|
|
# This section contains some-preconfig for frequently used dependencies
|
|
##
|
|
|
|
# -- Postgresql dependency configuration
|
|
# @default -- See below
|
|
postgresql:
|
|
enabled: false
|
|
existingSecret: "dbcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifests:
|
|
enabled: false
|
|
|
|
cnpg:
|
|
main:
|
|
enabled: false
|
|
primary: true
|
|
# -- number of instances for both postgres and pgbouncer
|
|
instances: 2
|
|
database: "app"
|
|
user: "app"
|
|
# password:
|
|
# superUserPassword:
|
|
# -- change to supervised to disable unsupervised updates
|
|
# Example of rolling update strategy:
|
|
# - unsupervised: automated update of the primary once all
|
|
# replicas have been upgraded (default)
|
|
# - supervised: requires manual supervision to perform
|
|
# the switchover of the primary
|
|
primaryUpdateStrategy: unsupervised
|
|
# -- enable to create extra pgbouncer for readonly access
|
|
acceptRO: false
|
|
# -- storage size for the two pvc's per instance
|
|
storage:
|
|
size: "256Gi"
|
|
walsize: "256Gi"
|
|
pooler:
|
|
instances: 2
|
|
# -- set to enable prometheus metrics
|
|
monitoring:
|
|
enablePodMonitor: true
|
|
# -- contains credentials and urls output by generator
|
|
creds: {}
|
|
|
|
# -- Redis dependency configuration
|
|
# @default -- See below
|
|
redis:
|
|
main:
|
|
enabled: false
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
redis:
|
|
replicas: 2
|
|
sentinel:
|
|
replicas: 3
|
|
auth:
|
|
enabled: false
|
|
|
|
# -- mariadb dependency configuration
|
|
# @default -- See below
|
|
mariadb:
|
|
enabled: false
|
|
existingSecret: "mariadbcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifests:
|
|
enabled: false
|
|
|
|
# -- mongodb dependency configuration
|
|
# @default -- See below
|
|
mongodb:
|
|
enabled: false
|
|
existingSecret: "mongodbcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifests:
|
|
enabled: false
|
|
|
|
# -- clickhouse dependency configuration
|
|
# @default -- See below
|
|
clickhouse:
|
|
enabled: false
|
|
existingSecret: "clickhousecreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifests:
|
|
enabled: false
|
|
|
|
# -- solr dependency configuration
|
|
# @default -- See below
|
|
solr:
|
|
enabled: false
|
|
solrCores: 1
|
|
solrEnableAuthentication: "no"
|
|
existingSecret: "solrcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifests:
|
|
enabled: false
|