mirror of
https://github.com/truecharts/library-charts.git
synced 2026-07-05 18:16:20 -03:00
683 lines
18 KiB
YAML
683 lines
18 KiB
YAML
# TODO: Docs
|
|
# -- Global values
|
|
global:
|
|
# -- Set additional global labels
|
|
labels: {}
|
|
# -- Set additional global annotations
|
|
annotations: {}
|
|
# -- Adds metalLB annotations to services
|
|
addMetalLBAnnotations: false
|
|
# -- Adds traefik annotations to services
|
|
addTraefikAnnotations: false
|
|
# -- Minimum nodePort value
|
|
minNodePort: 9000
|
|
|
|
# TODO: Docs
|
|
fallbackDefaults:
|
|
# -- Define a storageClassName that will be used for all PVCs
|
|
# Can be overruled per PVC
|
|
storageClass:
|
|
# -- Default probe type
|
|
probeType: http
|
|
# -- Default Service Protocol
|
|
serviceProtocol: tcp
|
|
# -- Default Service Type
|
|
serviceType: ClusterIP
|
|
# -- Default persistence type
|
|
persistenceType: pvc
|
|
# -- Default Retain PVC
|
|
pvcRetain: false
|
|
# -- Default PVC Size
|
|
pvcSize: 1Gi
|
|
# -- Default VCT Size
|
|
vctSize: 100Gi
|
|
# -- Default PVC/VCT Access Modes
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
# -- Default probe timeouts
|
|
probeTimeouts:
|
|
liveness:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 5
|
|
successThreshold: 1
|
|
readiness:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 5
|
|
successThreshold: 2
|
|
startup:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
timeoutSeconds: 2
|
|
failureThreshold: 60
|
|
successThreshold: 1
|
|
|
|
# TODO: Docs (for the imageName) convention
|
|
# -- Image values
|
|
image:
|
|
# -- Image repository
|
|
repository: tccr.io/truecharts/whoami
|
|
# -- Image tag
|
|
tag: v1.8.7@sha256:8c61f0ca92fd806fcb4ed1465cb793c05443f37951554b105b0f2dc686a95772
|
|
# -- Image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# TODO: Docs
|
|
# -- Security Context
|
|
securityContext:
|
|
# -- Container security context for all containers
|
|
# Can be overruled per container
|
|
container:
|
|
runAsNonRoot: true
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
privileged: false
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
capabilities:
|
|
add: []
|
|
drop:
|
|
- ALL
|
|
# -- Pod security context for all pods
|
|
# Can be overruled per pod
|
|
pod:
|
|
fsGroup: 568
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
supplementalGroups: []
|
|
sysctls: []
|
|
|
|
# TODO: Docs
|
|
containerOptions:
|
|
# -- Resources
|
|
# Can be overruled per container
|
|
resources:
|
|
limits:
|
|
cpu: 4000m
|
|
memory: 8Gi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 50Mi
|
|
# -- PUID for all containers
|
|
# Can be overruled per container
|
|
PUID: 568
|
|
# -- UMASK for all containers
|
|
# Can be overruled per container
|
|
UMASK: "002"
|
|
NVIDIA_CAPS:
|
|
- all
|
|
|
|
# -- Options for all pods # TODO: Docs
|
|
# Can be overruled per pod
|
|
podOptions:
|
|
enableServiceLinks: false
|
|
hostNetwork: false
|
|
restartPolicy: Always
|
|
dnsPolicy: ClusterFirst
|
|
dnsConfig:
|
|
options:
|
|
- name: ndots
|
|
value: "2"
|
|
hostAliases: []
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
schedulerName: ""
|
|
priorityClassName: ""
|
|
runtimeClassName: ""
|
|
automountServiceAccountToken: false
|
|
terminationGracePeriodSeconds: 120
|
|
|
|
# -- (docs/workload/README.md)
|
|
workload:
|
|
main:
|
|
enabled: true
|
|
primary: true
|
|
type: Deployment
|
|
dbWait: true
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
enabled: true
|
|
primary: true
|
|
imageSelector: image
|
|
probes:
|
|
liveness:
|
|
enabled: true
|
|
type: http
|
|
port: "{{ .Values.service.main.ports.main.port }}"
|
|
readiness:
|
|
enabled: true
|
|
type: http
|
|
port: "{{ .Values.service.main.ports.main.port }}"
|
|
startup:
|
|
enabled: true
|
|
type: http
|
|
port: "{{ .Values.service.main.ports.main.port }}"
|
|
|
|
# TODO:
|
|
portal: {}
|
|
|
|
##### ⬇ Done ⬇ #####
|
|
|
|
# -- Timezone used everywhere applicable
|
|
TZ: UTC
|
|
|
|
# -- (docs/service/README.md)
|
|
service:
|
|
main:
|
|
enabled: true
|
|
primary: true
|
|
ports:
|
|
main:
|
|
enabled: true
|
|
primary: true
|
|
protocol: http
|
|
|
|
# -- (docs/persistence/README.md)
|
|
persistence:
|
|
shared:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /shared
|
|
targetSelectAll: true
|
|
varlogs:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /var/logs
|
|
targetSelectAll: true
|
|
tmp:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /tmp
|
|
targetSelectAll: true
|
|
devshm:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /dev/shm
|
|
targetSelectAll: true
|
|
|
|
|
|
|
|
# -- Injected from SCALE middleware
|
|
# Only for reference here
|
|
ixExternalInterfacesConfiguration: []
|
|
# -- Injected from SCALE middleware
|
|
# Only for reference here
|
|
ixExternalInterfacesConfigurationNames: []
|
|
# -- Injected from SCALE middleware
|
|
# Only for reference here
|
|
ixCertificates: []
|
|
# -- Injected from SCALE middleware
|
|
# Only for reference here
|
|
ixVolumes: []
|
|
|
|
# -- (docs/imagePullSecrets.md)
|
|
imagePullSecret: []
|
|
|
|
# -- (docs/configmap.md)
|
|
configmap: {}
|
|
|
|
# -- (docs/secret.md)
|
|
secret: {}
|
|
|
|
# -- (docs/serviceAccount.md)
|
|
serviceAccount: {}
|
|
|
|
# -- (docs/rbac.md)
|
|
rbac: {}
|
|
|
|
# -- (docs/volumeClaimTemplates) (StatefulSet only)
|
|
volumeClaimTemplates: {}
|
|
|
|
# -- (docs/scaleExternalInterface.md)
|
|
scaleExternalInterface: []
|
|
|
|
# -- (docs/scaleCertificate.md)
|
|
scaleCertificate: {}
|
|
|
|
# -- (docs/scaleGPU.md)
|
|
scaleGPU: []
|
|
|
|
# NOTES.txt TODO: Docs
|
|
notes:
|
|
header: |
|
|
# Welcome to SCALE
|
|
Thank you for installing <{{ .Chart.Name }}>.
|
|
# custom: "{{ toYaml $.Values }}"
|
|
custom: ""
|
|
footer: |
|
|
# Documentation
|
|
Documentation for this chart can be found at ...
|
|
# Bug reports
|
|
If you find a bug in this chart, please file an issue at ...
|
|
|
|
|
|
|
|
####
|
|
##
|
|
## TrueCharts Specific Root Objects
|
|
##
|
|
####
|
|
|
|
portal:
|
|
open:
|
|
enabled: false
|
|
override:
|
|
protocol:
|
|
host:
|
|
port:
|
|
urlSuffix: ""
|
|
targetSelector:
|
|
ingress: ""
|
|
service: ""
|
|
port: ""
|
|
|
|
# -- Used to inject our own operator manifests into SCALE
|
|
manifestManager:
|
|
enabled: true
|
|
staging: false
|
|
|
|
# TODO: Update repo/tag
|
|
gluetunImage:
|
|
repository: tccr.io/truecharts/gluetun
|
|
tag: some_tag
|
|
pullPolicy: IfNotPresent
|
|
|
|
openvpnImage:
|
|
repository: tccr.io/truecharts/openvpn-client
|
|
tag: latest@sha256:1f83decdf614cbf48e2429921b6f0efa0e825f447f5c510b65bc90f660227688
|
|
pullPolicy: IfNotPresent
|
|
|
|
wireguardImage:
|
|
repository: tccr.io/truecharts/wireguard
|
|
tag: v1.0.20210914@sha256:9f56e5660e8df8d4d38521ed73a4cc29fa24bf578007bfbe633e00184e2ebfbc
|
|
pullPolicy: IfNotPresent
|
|
|
|
tailscaleImage:
|
|
repository: tailscale/tailscale
|
|
# TODO: Switch to stable once a v1.33.x is released
|
|
tag: v1.34.1@sha256:69bec9fdea25765e1b9dd129ccaeaf1e160f1132bb390535772fa939f0bf620b
|
|
pullPolicy: IfNotPresent
|
|
|
|
codeserverImage:
|
|
repository: tccr.io/truecharts/code-server
|
|
tag: 4.9.1@sha256:b339bd8f6da4c73c0259d6951991278aa1595a6be570a207ce635c75aac9893d
|
|
pullPolicy: IfNotPresent
|
|
|
|
alpineImage:
|
|
repository: tccr.io/truecharts/alpine
|
|
tag: v3.17.0@sha256:f8607e14a5e456c1b8fe50b7f0c9371b4aae543d23080f5e2fe0bdbb06d2413b
|
|
pullPolicy: IfNotPresent
|
|
|
|
scratchImage:
|
|
repository: tccr.io/truecharts/scratch
|
|
tag: latest@sha256:b4289ea433ec1308f6f2e8bff3f23bcd52b751ccb691284210ed826385ba9317
|
|
pullPolicy: IfNotPresent
|
|
|
|
kubectlImage:
|
|
repository: tccr.io/truecharts/kubectl
|
|
tag: v1.26.0@sha256:e56d1c8dd3ba85bb8410cc9f5c04f03f814e4b76ffcc7f12730868faba5b9c52
|
|
pullPolicy: IfNotPresent
|
|
|
|
wgetImage:
|
|
repository: tccr.io/truecharts/wget
|
|
tag: v0.0.1@sha256:46cca8469c987385bc27bc63cb2abf95a564cd18380b30648fea0ce02a97c6aa
|
|
pullPolicy: IfNotPresent
|
|
|
|
postgresClientImage:
|
|
repository: tccr.io/truecharts/db-wait-postgres
|
|
tag: v0.0.1@sha256:b03a81433b82a24289bd461d7713e20721d8f4479781f337dfb48d5f84ffddc4
|
|
pullPolicy: IfNotPresent
|
|
|
|
mariadbClientImage:
|
|
repository: tccr.io/truecharts/db-wait-mariadb
|
|
tag: v0.0.1@sha256:b9c82f29daafe72d07b23951bdd5654561cb95e5ca4a493ca1f68688c625e6bb
|
|
pullPolicy: IfNotPresent
|
|
|
|
redisClientImage:
|
|
repository: tccr.io/truecharts/db-wait-redis
|
|
tag: v0.0.1@sha256:190b199bebf88a6def50cf8efd38651d79595a1e69566062843062a8c34bb0ff
|
|
pullPolicy: IfNotPresent
|
|
|
|
mongodbClientImage:
|
|
repository: tccr.io/truecharts/db-wait-mongodb
|
|
tag: v0.0.1@sha256:d2d237297cbcde63a038ef8dc1634241c476396d03d370ffa2814177ff56d1e7
|
|
pullPolicy: IfNotPresent
|
|
|
|
|
|
# -- Configure the ingresses for the chart here.
|
|
# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
|
|
# @default -- See below
|
|
ingress:
|
|
main:
|
|
# -- Enables or disables the ingress
|
|
enabled: false
|
|
|
|
# -- Make this the primary ingress (used in probes, notes, etc...).
|
|
# If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
|
|
primary: true
|
|
|
|
# -- Override the name suffix that is used for this ingress.
|
|
nameOverride:
|
|
|
|
# -- Autolink the ingress to a service and port, both with the same name as the ingress.
|
|
autoLink: false
|
|
|
|
# -- disable to ignore any default middlwares
|
|
enableFixedMiddlewares: true
|
|
|
|
# -- set the Cert-Manager clusterissuer for this ingress
|
|
clusterIssuer: ""
|
|
|
|
# -- List of middlewares in the traefikmiddlewares k8s namespace to add automatically
|
|
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
|
|
# Primarily used for TrueNAS SCALE to add additional (seperate) middlewares without exposing them to the end-user
|
|
fixedMiddlewares:
|
|
- chain-basic
|
|
|
|
# -- Additional List of middlewares in the traefikmiddlewares k8s namespace to add automatically
|
|
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
|
|
middlewares: []
|
|
annotationsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Provide additional annotations which may be required.
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
|
|
labelsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Set labels on the deployment/statefulset/daemonset
|
|
# -- Provide additional labels which may be required.
|
|
# -- Provide additional labels which may be required.
|
|
labels: {}
|
|
|
|
# -- Set the ingressClass that is used for this ingress.
|
|
# Requires Kubernetes >=1.19
|
|
ingressClassName: # "nginx"
|
|
|
|
## Configure the hosts for the ingress
|
|
hosts:
|
|
- # -- Host address. Helm template can be passed.
|
|
host: chart-example.local
|
|
## Configure the paths for the host
|
|
paths:
|
|
- # -- Path. Helm template can be passed.
|
|
path: /
|
|
# -- Ignored if not kubeVersion >= 1.14-0
|
|
pathType: Prefix
|
|
service:
|
|
# -- Overrides the service name reference for this path
|
|
name:
|
|
# -- Overrides the service port reference for this path
|
|
port:
|
|
|
|
# -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
|
|
# Gets ignored when clusterIssuer is filled
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# # Cannot be combined with scaleCert
|
|
# clusterIssuer: ""
|
|
# # Cannot be combined with clusterIssuer
|
|
# scaleCert: ""
|
|
# hosts:
|
|
# - chart-example.local
|
|
|
|
metrics:
|
|
main:
|
|
enabled: false
|
|
primary: true
|
|
# options: servicemonitor, podmonitor
|
|
type: "servicemonitor"
|
|
# defaults to selectorLabels
|
|
selector: {}
|
|
endpoints:
|
|
- port: 3000
|
|
interval: 5
|
|
scrapeTimeout: 5
|
|
path: /
|
|
honorLabels: false
|
|
prometheusRule:
|
|
enabled: false
|
|
groups: {}
|
|
# somegroup:
|
|
# # list of rules
|
|
# rules: []
|
|
# # list to support adding rules via the SCALE GUI without overwrithing the rules
|
|
# additionalrules: []
|
|
# List to support adding groups using the SCALE GUI
|
|
additionalgroups:
|
|
#- name: "somegroup"
|
|
# # list of rules
|
|
# rules: []
|
|
# # list to support adding rules via the SCALE GUI without overwrithing the rules
|
|
# additionalrules: []
|
|
|
|
# -- The common chart supports several add-ons. These can be configured under this key.
|
|
# @default -- See below
|
|
addons:
|
|
# -- The common chart supports adding a VPN add-on. It can be configured under this key.
|
|
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn)
|
|
# @default -- See values.yaml
|
|
vpn:
|
|
# -- Specify the VPN type. Valid options are disabled, gluetun or tailscale
|
|
type: disabled
|
|
|
|
# -- Tailscale specific configuration
|
|
# @default -- See below
|
|
# See more info for the configuration
|
|
# https://github.com/tailscale/tailscale/blob/main/docs/k8s/run.sh
|
|
tailscale:
|
|
# -- Auth key to connect to the VPN Service
|
|
authkey: ""
|
|
# As a sidecar, it should only need to run in userspace
|
|
userspace: true
|
|
auth_once: true
|
|
accept_dns: false
|
|
routes: ""
|
|
dest_ip: ""
|
|
sock5_server: ""
|
|
extra_args: ""
|
|
daemon_extra_args: ""
|
|
outbound_http_proxy_listen: ""
|
|
# -- Annotations for tailscale sidecar
|
|
annotations: {}
|
|
|
|
# -- All variables specified here will be added to the vpn sidecar container
|
|
# See the documentation of the VPN image for all config values
|
|
env: {}
|
|
# TZ: UTC
|
|
|
|
# -- All variables specified here will be added to the vpn sidecar container
|
|
# See the documentation of the VPN image for all config values
|
|
envList: []
|
|
# - name: someenv
|
|
# value: somevalue
|
|
|
|
|
|
# -- you can directly specify the config file here
|
|
config: ""
|
|
|
|
scripts:
|
|
# -- you can directly specify the upscript here
|
|
up: ""
|
|
# some script
|
|
|
|
# -- you can directly specify the downscript here
|
|
down: ""
|
|
# some script
|
|
|
|
# -- Provide a customized vpn configuration file location to be used by the VPN.
|
|
configFile: ""
|
|
|
|
# -- Provide a customized vpn configuration folder location to be added to the VPN container
|
|
# The config file needs to be mounted seperately
|
|
# the upscript and downscript need to be named: upscript.sh and downscript.sh respectively
|
|
configFolder: ""
|
|
|
|
# -- Provide an existing secret for vpn config storage
|
|
existingSecret: ""
|
|
|
|
# -- select pods to bind vpn addon to
|
|
# Add "codeserver" to also add the codeserver pod to VPN
|
|
targetSelector:
|
|
- main
|
|
|
|
|
|
# -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
|
|
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#code-server)
|
|
# @default -- See values.yaml
|
|
codeserver:
|
|
# -- Enable running a code-server container in the pod
|
|
enabled: false
|
|
|
|
# -- Set any environment variables for code-server here
|
|
env: {}
|
|
|
|
# -- All variables specified here will be added to the codeserver sidecar container
|
|
# See the documentation of the codeserver image for all config values
|
|
envList: []
|
|
# - name: someenv
|
|
# value: somevalue
|
|
# -- Set codeserver command line arguments.
|
|
# Consider setting --user-data-dir to a persistent location to preserve code-server setting changes
|
|
args:
|
|
- --auth
|
|
- none
|
|
# - --user-data-dir
|
|
# - "/config/.vscode"
|
|
|
|
# -- Specify the working dir that will be opened when code-server starts
|
|
# If not given, the app will default to the mountpah of the first specified volumeMount
|
|
workingDir: "/"
|
|
|
|
service:
|
|
# -- Enable a service for the code-server add-on.
|
|
enabled: true
|
|
type: ClusterIP
|
|
# Specify the default port information
|
|
ports:
|
|
codeserver:
|
|
port: 12321
|
|
enabled: true
|
|
protocol: http
|
|
|
|
|
|
ingress:
|
|
# -- Enable an ingress for the code-server add-on.
|
|
enabled: false
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
labels: {}
|
|
hosts:
|
|
- host: code.chart-example.local
|
|
paths:
|
|
- path: /
|
|
# Ignored if not kubeVersion >= 1.14-0
|
|
pathType: Prefix
|
|
tls: []
|
|
|
|
|
|
##
|
|
# This section contains some-preconfig for frequently used dependencies
|
|
##
|
|
|
|
# -- Postgresql dependency configuration
|
|
# @default -- See below
|
|
postgresql:
|
|
enabled: false
|
|
existingSecret: "dbcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifestManager:
|
|
enabled: false
|
|
|
|
cnpg:
|
|
main:
|
|
enabled: false
|
|
primary: true
|
|
# -- number of instances for both postgres and pgbouncer
|
|
instances: 2
|
|
database: "app"
|
|
user: "app"
|
|
# password:
|
|
# superUserPassword:
|
|
# -- change to supervised to disable unsupervised updates
|
|
# Example of rolling update strategy:
|
|
# - unsupervised: automated update of the primary once all
|
|
# replicas have been upgraded (default)
|
|
# - supervised: requires manual supervision to perform
|
|
# the switchover of the primary
|
|
primaryUpdateStrategy: unsupervised
|
|
# -- enable to create extra pgbouncer for readonly access
|
|
acceptRO: false
|
|
# -- storage size for the two pvc's per instance
|
|
storage:
|
|
size: "256Gi"
|
|
walsize: "256Gi"
|
|
pooler:
|
|
instances: 2
|
|
# -- set to enable prometheus metrics
|
|
monitoring:
|
|
enablePodMonitor: true
|
|
# -- contains credentials and urls output by generator
|
|
creds: {}
|
|
|
|
# -- Redis dependency configuration
|
|
# @default -- See below
|
|
redis:
|
|
enabled: false
|
|
existingSecret: "rediscreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifestManager:
|
|
enabled: false
|
|
|
|
# -- mariadb dependency configuration
|
|
# @default -- See below
|
|
mariadb:
|
|
enabled: false
|
|
existingSecret: "mariadbcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifestManager:
|
|
enabled: false
|
|
|
|
# -- mongodb dependency configuration
|
|
# @default -- See below
|
|
mongodb:
|
|
enabled: false
|
|
existingSecret: "mongodbcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifestManager:
|
|
enabled: false
|
|
|
|
# -- clickhouse dependency configuration
|
|
# @default -- See below
|
|
clickhouse:
|
|
enabled: false
|
|
existingSecret: "clickhousecreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifestManager:
|
|
enabled: false
|
|
|
|
# -- solr dependency configuration
|
|
# @default -- See below
|
|
solr:
|
|
enabled: false
|
|
solrCores: 1
|
|
solrEnableAuthentication: "no"
|
|
existingSecret: "solrcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
manifestManager:
|
|
enabled: false
|