Files
library-charts/library/common/values.yaml
2023-02-20 22:56:20 +02:00

683 lines
18 KiB
YAML

# TODO: Docs
# -- Global values
global:
# -- Set additional global labels
labels: {}
# -- Set additional global annotations
annotations: {}
# -- Adds metalLB annotations to services
addMetalLBAnnotations: false
# -- Adds traefik annotations to services
addTraefikAnnotations: false
# -- Minimum nodePort value
minNodePort: 9000
# TODO: Docs
fallbackDefaults:
# -- Define a storageClassName that will be used for all PVCs
# Can be overruled per PVC
storageClass:
# -- Default probe type
probeType: http
# -- Default Service Protocol
serviceProtocol: tcp
# -- Default Service Type
serviceType: ClusterIP
# -- Default persistence type
persistenceType: pvc
# -- Default Retain PVC
pvcRetain: false
# -- Default PVC Size
pvcSize: 1Gi
# -- Default VCT Size
vctSize: 100Gi
# -- Default PVC/VCT Access Modes
accessModes:
- ReadWriteOnce
# -- Default probe timeouts
probeTimeouts:
liveness:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
readiness:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 2
startup:
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 60
successThreshold: 1
# TODO: Docs (for the imageName) convention
# -- Image values
image:
# -- Image repository
repository: tccr.io/truecharts/whoami
# -- Image tag
tag: v1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772
# -- Image pull policy
pullPolicy: IfNotPresent
# TODO: Docs
# -- Security Context
securityContext:
# -- Container security context for all containers
# Can be overruled per container
container:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
privileged: false
seccompProfile:
type: RuntimeDefault
capabilities:
add: []
drop:
- ALL
# -- Pod security context for all pods
# Can be overruled per pod
pod:
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups: []
sysctls: []
# TODO: Docs
containerOptions:
# -- Resources
# Can be overruled per container
resources:
limits:
cpu: 4000m
memory: 8Gi
requests:
cpu: 10m
memory: 50Mi
# -- PUID for all containers
# Can be overruled per container
PUID: 568
# -- UMASK for all containers
# Can be overruled per container
UMASK: "002"
NVIDIA_CAPS:
- all
# -- Options for all pods # TODO: Docs
# Can be overruled per pod
podOptions:
enableServiceLinks: false
hostNetwork: false
restartPolicy: Always
dnsPolicy: ClusterFirst
dnsConfig:
options:
- name: ndots
value: "2"
hostAliases: []
nodeSelector: {}
tolerations: []
schedulerName: ""
priorityClassName: ""
runtimeClassName: ""
automountServiceAccountToken: false
terminationGracePeriodSeconds: 120
# -- (docs/workload/README.md)
workload:
main:
enabled: true
primary: true
type: Deployment
dbWait: true
podSpec:
containers:
main:
enabled: true
primary: true
imageSelector: image
probes:
liveness:
enabled: true
type: http
port: "{{ .Values.service.main.ports.main.port }}"
readiness:
enabled: true
type: http
port: "{{ .Values.service.main.ports.main.port }}"
startup:
enabled: true
type: http
port: "{{ .Values.service.main.ports.main.port }}"
# TODO:
portal: {}
##### ⬇ Done ⬇ #####
# -- Timezone used everywhere applicable
TZ: UTC
# -- (docs/service/README.md)
service:
main:
enabled: true
primary: true
ports:
main:
enabled: true
primary: true
protocol: http
# -- (docs/persistence/README.md)
persistence:
shared:
enabled: true
type: emptyDir
mountPath: /shared
targetSelectAll: true
varlogs:
enabled: true
type: emptyDir
mountPath: /var/logs
targetSelectAll: true
tmp:
enabled: true
type: emptyDir
mountPath: /tmp
targetSelectAll: true
devshm:
enabled: true
type: emptyDir
mountPath: /dev/shm
targetSelectAll: true
# -- Injected from SCALE middleware
# Only for reference here
ixExternalInterfacesConfiguration: []
# -- Injected from SCALE middleware
# Only for reference here
ixExternalInterfacesConfigurationNames: []
# -- Injected from SCALE middleware
# Only for reference here
ixCertificates: []
# -- Injected from SCALE middleware
# Only for reference here
ixVolumes: []
# -- (docs/imagePullSecrets.md)
imagePullSecret: []
# -- (docs/configmap.md)
configmap: {}
# -- (docs/secret.md)
secret: {}
# -- (docs/serviceAccount.md)
serviceAccount: {}
# -- (docs/rbac.md)
rbac: {}
# -- (docs/volumeClaimTemplates) (StatefulSet only)
volumeClaimTemplates: {}
# -- (docs/scaleExternalInterface.md)
scaleExternalInterface: []
# -- (docs/scaleCertificate.md)
scaleCertificate: {}
# -- (docs/scaleGPU.md)
scaleGPU: []
# NOTES.txt TODO: Docs
notes:
header: |
# Welcome to SCALE
Thank you for installing <{{ .Chart.Name }}>.
# custom: "{{ toYaml $.Values }}"
custom: ""
footer: |
# Documentation
Documentation for this chart can be found at ...
# Bug reports
If you find a bug in this chart, please file an issue at ...
####
##
## TrueCharts Specific Root Objects
##
####
portal:
open:
enabled: false
override:
protocol:
host:
port:
urlSuffix: ""
targetSelector:
ingress: ""
service: ""
port: ""
# -- Used to inject our own operator manifests into SCALE
manifestManager:
enabled: true
staging: false
# TODO: Update repo/tag
gluetunImage:
repository: tccr.io/truecharts/gluetun
tag: some_tag
pullPolicy: IfNotPresent
openvpnImage:
repository: tccr.io/truecharts/openvpn-client
tag: latest@sha256:1f83decdf614cbf48e2429921b6f0efa0e825f447f5c510b65bc90f660227688
pullPolicy: IfNotPresent
wireguardImage:
repository: tccr.io/truecharts/wireguard
tag: v1.0.20210914@sha256:9f56e5660e8df8d4d38521ed73a4cc29fa24bf578007bfbe633e00184e2ebfbc
pullPolicy: IfNotPresent
tailscaleImage:
repository: tailscale/tailscale
# TODO: Switch to stable once a v1.33.x is released
tag: v1.34.1@sha256:69bec9fdea25765e1b9dd129ccaeaf1e160f1132bb390535772fa939f0bf620b
pullPolicy: IfNotPresent
codeserverImage:
repository: tccr.io/truecharts/code-server
tag: 4.9.1@sha256:b339bd8f6da4c73c0259d6951991278aa1595a6be570a207ce635c75aac9893d
pullPolicy: IfNotPresent
alpineImage:
repository: tccr.io/truecharts/alpine
tag: v3.17.0@sha256:f8607e14a5e456c1b8fe50b7f0c9371b4aae543d23080f5e2fe0bdbb06d2413b
pullPolicy: IfNotPresent
scratchImage:
repository: tccr.io/truecharts/scratch
tag: latest@sha256:b4289ea433ec1308f6f2e8bff3f23bcd52b751ccb691284210ed826385ba9317
pullPolicy: IfNotPresent
kubectlImage:
repository: tccr.io/truecharts/kubectl
tag: v1.26.0@sha256:e56d1c8dd3ba85bb8410cc9f5c04f03f814e4b76ffcc7f12730868faba5b9c52
pullPolicy: IfNotPresent
wgetImage:
repository: tccr.io/truecharts/wget
tag: v0.0.1@sha256:46cca8469c987385bc27bc63cb2abf95a564cd18380b30648fea0ce02a97c6aa
pullPolicy: IfNotPresent
postgresClientImage:
repository: tccr.io/truecharts/db-wait-postgres
tag: v0.0.1@sha256:b03a81433b82a24289bd461d7713e20721d8f4479781f337dfb48d5f84ffddc4
pullPolicy: IfNotPresent
mariadbClientImage:
repository: tccr.io/truecharts/db-wait-mariadb
tag: v0.0.1@sha256:b9c82f29daafe72d07b23951bdd5654561cb95e5ca4a493ca1f68688c625e6bb
pullPolicy: IfNotPresent
redisClientImage:
repository: tccr.io/truecharts/db-wait-redis
tag: v0.0.1@sha256:190b199bebf88a6def50cf8efd38651d79595a1e69566062843062a8c34bb0ff
pullPolicy: IfNotPresent
mongodbClientImage:
repository: tccr.io/truecharts/db-wait-mongodb
tag: v0.0.1@sha256:d2d237297cbcde63a038ef8dc1634241c476396d03d370ffa2814177ff56d1e7
pullPolicy: IfNotPresent
# -- Configure the ingresses for the chart here.
# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
# @default -- See below
ingress:
main:
# -- Enables or disables the ingress
enabled: false
# -- Make this the primary ingress (used in probes, notes, etc...).
# If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
primary: true
# -- Override the name suffix that is used for this ingress.
nameOverride:
# -- Autolink the ingress to a service and port, both with the same name as the ingress.
autoLink: false
# -- disable to ignore any default middlwares
enableFixedMiddlewares: true
# -- set the Cert-Manager clusterissuer for this ingress
clusterIssuer: ""
# -- List of middlewares in the traefikmiddlewares k8s namespace to add automatically
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
# Primarily used for TrueNAS SCALE to add additional (seperate) middlewares without exposing them to the end-user
fixedMiddlewares:
- chain-basic
# -- Additional List of middlewares in the traefikmiddlewares k8s namespace to add automatically
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
middlewares: []
annotationsList: []
# - name: somename
# value: somevalue
# -- Provide additional annotations which may be required.
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
labelsList: []
# - name: somename
# value: somevalue
# -- Set labels on the deployment/statefulset/daemonset
# -- Provide additional labels which may be required.
# -- Provide additional labels which may be required.
labels: {}
# -- Set the ingressClass that is used for this ingress.
# Requires Kubernetes >=1.19
ingressClassName: # "nginx"
## Configure the hosts for the ingress
hosts:
- # -- Host address. Helm template can be passed.
host: chart-example.local
## Configure the paths for the host
paths:
- # -- Path. Helm template can be passed.
path: /
# -- Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
service:
# -- Overrides the service name reference for this path
name:
# -- Overrides the service port reference for this path
port:
# -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
# Gets ignored when clusterIssuer is filled
tls: []
# - secretName: chart-example-tls
# # Cannot be combined with scaleCert
# clusterIssuer: ""
# # Cannot be combined with clusterIssuer
# scaleCert: ""
# hosts:
# - chart-example.local
metrics:
main:
enabled: false
primary: true
# options: servicemonitor, podmonitor
type: "servicemonitor"
# defaults to selectorLabels
selector: {}
endpoints:
- port: 3000
interval: 5
scrapeTimeout: 5
path: /
honorLabels: false
prometheusRule:
enabled: false
groups: {}
# somegroup:
# # list of rules
# rules: []
# # list to support adding rules via the SCALE GUI without overwrithing the rules
# additionalrules: []
# List to support adding groups using the SCALE GUI
additionalgroups:
#- name: "somegroup"
# # list of rules
# rules: []
# # list to support adding rules via the SCALE GUI without overwrithing the rules
# additionalrules: []
# -- The common chart supports several add-ons. These can be configured under this key.
# @default -- See below
addons:
# -- The common chart supports adding a VPN add-on. It can be configured under this key.
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn)
# @default -- See values.yaml
vpn:
# -- Specify the VPN type. Valid options are disabled, gluetun or tailscale
type: disabled
# -- Tailscale specific configuration
# @default -- See below
# See more info for the configuration
# https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh
tailscale:
# -- Auth key to connect to the VPN Service
authkey: ""
# As a sidecar, it should only need to run in userspace
userspace: true
auth_once: true
accept_dns: false
routes: ""
dest_ip: ""
sock5_server: ""
extra_args: ""
daemon_extra_args: ""
outbound_http_proxy_listen: ""
# -- Annotations for tailscale sidecar
annotations: {}
# -- All variables specified here will be added to the vpn sidecar container
# See the documentation of the VPN image for all config values
env: {}
# TZ: UTC
# -- All variables specified here will be added to the vpn sidecar container
# See the documentation of the VPN image for all config values
envList: []
# - name: someenv
# value: somevalue
# -- you can directly specify the config file here
config: ""
scripts:
# -- you can directly specify the upscript here
up: ""
# some script
# -- you can directly specify the downscript here
down: ""
# some script
# -- Provide a customized vpn configuration file location to be used by the VPN.
configFile: ""
# -- Provide a customized vpn configuration folder location to be added to the VPN container
# The config file needs to be mounted seperately
# the upscript and downscript need to be named: upscript.sh and downscript.sh respectively
configFolder: ""
# -- Provide an existing secret for vpn config storage
existingSecret: ""
# -- select pods to bind vpn addon to
# Add "codeserver" to also add the codeserver pod to VPN
targetSelector:
- main
# -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#code-server)
# @default -- See values.yaml
codeserver:
# -- Enable running a code-server container in the pod
enabled: false
# -- Set any environment variables for code-server here
env: {}
# -- All variables specified here will be added to the codeserver sidecar container
# See the documentation of the codeserver image for all config values
envList: []
# - name: someenv
# value: somevalue
# -- Set codeserver command line arguments.
# Consider setting --user-data-dir to a persistent location to preserve code-server setting changes
args:
- --auth
- none
# - --user-data-dir
# - "/config/.vscode"
# -- Specify the working dir that will be opened when code-server starts
# If not given, the app will default to the mountpah of the first specified volumeMount
workingDir: "/"
service:
# -- Enable a service for the code-server add-on.
enabled: true
type: ClusterIP
# Specify the default port information
ports:
codeserver:
port: 12321
enabled: true
protocol: http
ingress:
# -- Enable an ingress for the code-server add-on.
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
labels: {}
hosts:
- host: code.chart-example.local
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
tls: []
##
# This section contains some-preconfig for frequently used dependencies
##
# -- Postgresql dependency configuration
# @default -- See below
postgresql:
enabled: false
existingSecret: "dbcreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
url: {}
manifestManager:
enabled: false
cnpg:
main:
enabled: false
primary: true
# -- number of instances for both postgres and pgbouncer
instances: 2
database: "app"
user: "app"
# password:
# superUserPassword:
# -- change to supervised to disable unsupervised updates
# Example of rolling update strategy:
# - unsupervised: automated update of the primary once all
# replicas have been upgraded (default)
# - supervised: requires manual supervision to perform
# the switchover of the primary
primaryUpdateStrategy: unsupervised
# -- enable to create extra pgbouncer for readonly access
acceptRO: false
# -- storage size for the two pvc's per instance
storage:
size: "256Gi"
walsize: "256Gi"
pooler:
instances: 2
# -- set to enable prometheus metrics
monitoring:
enablePodMonitor: true
# -- contains credentials and urls output by generator
creds: {}
# -- Redis dependency configuration
# @default -- See below
redis:
enabled: false
existingSecret: "rediscreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
url: {}
manifestManager:
enabled: false
# -- mariadb dependency configuration
# @default -- See below
mariadb:
enabled: false
existingSecret: "mariadbcreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
url: {}
manifestManager:
enabled: false
# -- mongodb dependency configuration
# @default -- See below
mongodb:
enabled: false
existingSecret: "mongodbcreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
url: {}
manifestManager:
enabled: false
# -- clickhouse dependency configuration
# @default -- See below
clickhouse:
enabled: false
existingSecret: "clickhousecreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
url: {}
manifestManager:
enabled: false
# -- solr dependency configuration
# @default -- See below
solr:
enabled: false
solrCores: 1
solrEnableAuthentication: "no"
existingSecret: "solrcreds"
# -- can be used to make an easy accessable note which URLS to use to access the DB.
url: {}
manifestManager:
enabled: false