## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: ## @section Common parameters ## @param kubeVersion Override Kubernetes version ## kubeVersion: ## @param nameOverride String to partially override common.names.fullname ## nameOverride: ## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: ## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] ## @param enableIPv6 Enable IPv6 configuration ## enableIPv6: false ## @section Traffic Exposure Parameters ## Configure the ingress resource that allows you to access the Kubeapps installation ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param ingress.enabled Enable ingress record generation for Kubeapps ## enabled: false ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: ## @param ingress.hostname Default host for the ingress record ## hostname: kubeapps.local ## @param ingress.path Default path for the ingress record ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers ## path: / ## @param ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## @param ingress.annotations [object] Additional custom annotations for the ingress record ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added ## annotations: nginx.ingress.kubernetes.io/proxy-read-timeout: "600" ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` ## You can: ## - Use the `ingress.secrets` parameter to create this TLS secret ## - Relay on cert-manager to create it by setting `ingress.certManager=true` ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` ## tls: false ## @param ingress.certManager Add the corresponding annotations for cert-manager integration ## certManager: false ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: ## - name: kubeapps.local ## path: / ## extraHosts: [] ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host ## e.g: ## extraPaths: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## e.g: ## extraTls: ## - hosts: ## - kubeapps.local ## secretName: kubeapps.local-tls ## extraTls: [] ## @param ingress.secrets Custom TLS certificates as secrets ## NOTE: 'key' and 'certificate' are expected in PEM format ## NOTE: 'name' should line up with a 'secretName' set further up ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## secrets: ## - name: kubeapps.local-tls ## key: |- ## -----BEGIN RSA PRIVATE KEY----- ## ... ## -----END RSA PRIVATE KEY----- ## certificate: |- ## -----BEGIN CERTIFICATE----- ## ... ## -----END CERTIFICATE----- ## secrets: [] ## @section Frontend parameters ## Frontend parameters ## frontend: ## Bitnami NGINX image ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ ## @param frontend.image.registry NGINX image registry ## @param frontend.image.repository NGINX image repository ## @param frontend.image.tag NGINX image tag (immutable tags are recommended) ## @param frontend.image.pullPolicy NGINX image pull policy ## @param frontend.image.pullSecrets NGINX image pull secrets ## @param frontend.image.debug Enable image debug mode ## image: registry: docker.io repository: bitnami/nginx tag: 1.21.1-debian-10-r4 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param frontend.proxypassAccessTokenAsBearer Use access_token as the Bearer when talking to the k8s api server ## NOTE: Some K8s distributions such as GKE requires it ## proxypassAccessTokenAsBearer: false ## @param frontend.proxypassExtraSetHeader Set an additional proxy header for all requests proxied via NGINX ## Authorization header(s) set in this way will be included with the request from kubeops to the k8s service API URL. ## ref: https://github.com/kubeapps/kubeapps/blob/7e31d0e7241f826aa365856c134cf901d40890e7/pkg/http-handler/http-handler.go#L247 ## e.g: ## proxypassExtraSetHeader: Authorization "Bearer $cookie_sessionid"; ## proxypassExtraSetHeader: ## @param frontend.largeClientHeaderBuffers Set large_client_header_buffers in NGINX config ## NOTE: Can be required when using OIDC or LDAP due to large cookies ## largeClientHeaderBuffers: "4 32k" ## @param frontend.replicaCount Number of frontend replicas to deploy ## replicaCount: 2 ## Frontend containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @param frontend.resources.limits.cpu The CPU limits for the NGINX container ## @param frontend.resources.limits.memory The memory limits for the NGINX container ## @param frontend.resources.requests.cpu The requested CPU for the NGINX container ## @param frontend.resources.requests.memory The requested memory for the NGINX container ## resources: limits: cpu: 250m memory: 128Mi requests: cpu: 25m memory: 32Mi ## @param frontend.extraEnvVars Array with extra environment variables to add to the NGINX container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param frontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the NGINX container ## extraEnvVarsCM: ## @param frontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for the NGINX container ## extraEnvVarsSecret: ## @param frontend.containerPort NGINX HTTP container port ## containerPort: 8080 ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param frontend.podSecurityContext.enabled Enabled frontend pods' Security Context ## @param frontend.podSecurityContext.fsGroup Set frontend pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param frontend.containerSecurityContext.enabled Enabled NGINX containers' Security Context ## @param frontend.containerSecurityContext.runAsUser Set NGINX container's Security Context runAsUser ## @param frontend.containerSecurityContext.runAsNonRoot Set NGINX container's Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## Configure extra options for frontend containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param frontend.livenessProbe.enabled Enable livenessProbe ## @skip frontend.livenessProbe.httpGet ## @param frontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param frontend.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param frontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param frontend.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param frontend.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true httpGet: path: /healthz port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param frontend.readinessProbe.enabled Enable readinessProbe ## @skip frontend.readinessProbe.httpGet ## @param frontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param frontend.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param frontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param frontend.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param frontend.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true httpGet: path: / port: 8080 initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param frontend.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param frontend.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param frontend.lifecycleHooks Custom lifecycle hooks for frontend containers ## lifecycleHooks: {} ## @param frontend.podLabels Extra labels for frontend pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param frontend.podAnnotations Annotations for frontend pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param frontend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param frontend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## nodeAffinityPreset Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param frontend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param frontend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set ## key: "" ## @param frontend.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param frontend.affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: frontend.podAffinityPreset, frontend.podAntiAffinityPreset, and frontend.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param frontend.nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param frontend.tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param frontend.priorityClassName Priority class name for frontend pods ## priorityClassName: ## @param frontend.hostAliases Custom host aliases for frontend pods ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param frontend.extraVolumes Optionally specify extra list of additional volumes for frontend pods ## extraVolumes: [] ## @param frontend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for frontend container(s) ## extraVolumeMounts: [] ## @param frontend.sidecars Add additional sidecar containers to the frontend pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: {} ## @param frontend.initContainers Add additional init containers to the frontend pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: {} ## Frontend service parameters ## service: ## @param frontend.service.type Frontend service type ## type: ClusterIP ## @param frontend.service.port Frontend service HTTP port ## port: 80 ## @param frontend.service.nodePort Node port for HTTP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport ## nodePort: ## @param frontend.service.clusterIP Frontend service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: ## @param frontend.service.loadBalancerIP Frontend service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: ## @param frontend.service.loadBalancerSourceRanges Frontend service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param frontend.service.externalTrafficPolicy Frontend service external traffic policy ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster ## @param frontend.service.annotations Additional custom annotations for frontend service ## annotations: {} ## @section Dashboard parameters ## Dashboard parameters ## dashboard: ## Bitnami Kubeapps Dashboard image ## ref: https://hub.docker.com/r/bitnami/kubeops/tags/ ## @param dashboard.image.registry Dashboard image registry ## @param dashboard.image.repository Dashboard image repository ## @param dashboard.image.tag Dashboard image tag (immutable tags are recommended) ## @param dashboard.image.pullPolicy Dashboard image pull policy ## @param dashboard.image.pullSecrets Dashboard image pull secrets ## @param dashboard.image.debug Enable image debug mode ## image: registry: docker.io repository: bitnami/kubeapps-dashboard tag: 2.3.3-debian-10-r2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param dashboard.customStyle Custom CSS injected to the Dashboard to customize Kubeapps look and feel ## e.g: ## customStyle: |- ## .header.header-7 { ## background-color: #991700; ## } ## customStyle: "" ## @param dashboard.customComponents Custom Form components injected into the BasicDeploymentForm ## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/developer/custom-form-component-support.md ## customComponents: "" ## @param dashboard.customLocale Custom translations injected to the Dashboard to customize the strings used in Kubeapps ## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/developer/translate-kubeapps.md ## e.g: ## customLocale: ## "Kubeapps": "My Dashboard" ## "login-oidc": "Login with my company SSO" ## customLocale: "" ## @param dashboard.replicaCount Number of Dashboard replicas to deploy ## replicaCount: 2 ## @param dashboard.extraEnvVars Array with extra environment variables to add to the Dashboard container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param dashboard.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the Dashboard container ## extraEnvVarsCM: ## @param dashboard.extraEnvVarsSecret Name of existing Secret containing extra env vars for the Dashboard container ## extraEnvVarsSecret: ## @param dashboard.containerPort Dashboard HTTP container port ## containerPort: 8080 ## Dashboard containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @param dashboard.resources.limits.cpu The CPU limits for the Dashboard container ## @param dashboard.resources.limits.memory The memory limits for the Dashboard container ## @param dashboard.resources.requests.cpu The requested CPU for the Dashboard container ## @param dashboard.resources.requests.memory The requested memory for the Dashboard container ## resources: limits: cpu: 250m memory: 128Mi requests: cpu: 25m memory: 32Mi ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context ## @param dashboard.podSecurityContext.fsGroup Set Dashboard pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param dashboard.containerSecurityContext.enabled Enabled Dashboard containers' Security Context ## @param dashboard.containerSecurityContext.runAsUser Set Dashboard container's Security Context runAsUser ## @param dashboard.containerSecurityContext.runAsNonRoot Set Dashboard container's Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## Configure extra options for Dashboard containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param dashboard.livenessProbe.enabled Enable livenessProbe ## @skip dashboard.livenessProbe.httpGet ## @param dashboard.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param dashboard.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param dashboard.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param dashboard.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param dashboard.livenessProbe.successThreshold Success threshold for livenessProbe ## Dashboard containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true httpGet: path: / port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param dashboard.readinessProbe.enabled Enable readinessProbe ## @skip dashboard.readinessProbe.httpGet ## @param dashboard.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param dashboard.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param dashboard.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param dashboard.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param dashboard.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true httpGet: path: / port: 8080 initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param dashboard.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param dashboard.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param dashboard.lifecycleHooks Custom lifecycle hooks for Dashboard containers ## lifecycleHooks: {} ## @param dashboard.podLabels Extra labels for Dasbhoard pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param dashboard.podAnnotations Annotations for Dasbhoard pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param dashboard.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param dashboard.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param dashboard.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param dashboard.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set ## key: "" ## @param dashboard.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param dashboard.affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: dashboard.podAffinityPreset, dashboard.podAntiAffinityPreset, and dashboard.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param dashboard.nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param dashboard.tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param dashboard.priorityClassName Priority class name for Dashboard pods ## priorityClassName: ## @param dashboard.hostAliases Custom host aliases for Dashboard pods ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param dashboard.extraVolumes Optionally specify extra list of additional volumes for Dasbhoard pods ## extraVolumes: [] ## @param dashboard.extraVolumeMounts Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) ## extraVolumeMounts: [] ## @param dashboard.sidecars Add additional sidecar containers to the Dasbhoard pod ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: {} ## @param dashboard.initContainers Add additional init containers to the Dasbhoard pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: {} ## Dasbhoard service parameters ## service: ## @param dashboard.service.port Dasbhoard service HTTP port ## port: 8080 ## @param dashboard.service.annotations Additional custom annotations for Dasbhoard service ## annotations: {} ## @section AppRepository Controller parameters ## AppRepository Controller parameters ## apprepository: ## Bitnami Kubeapps AppRepository Controller image ## ref: https://hub.docker.com/r/bitnami/kubeapps-apprepository-controller/tags/ ## @param apprepository.image.registry Kubeapps AppRepository Controller image registry ## @param apprepository.image.repository Kubeapps AppRepository Controller image repository ## @param apprepository.image.tag Kubeapps AppRepository Controller image tag (immutable tags are recommended) ## @param apprepository.image.pullPolicy Kubeapps AppRepository Controller image pull policy ## @param apprepository.image.pullSecrets Kubeapps AppRepository Controller image pull secrets ## image: registry: docker.io repository: bitnami/kubeapps-apprepository-controller tag: 2.3.3-scratch-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Bitnami Kubeapps Asset Syncer image ## ref: https://hub.docker.com/r/bitnami/kubeapps-asset-syncer/tags/ ## @param apprepository.syncImage.registry Kubeapps Asset Syncer image registry ## @param apprepository.syncImage.repository Kubeapps Asset Syncer image repository ## @param apprepository.syncImage.tag Kubeapps Asset Syncer image tag (immutable tags are recommended) ## @param apprepository.syncImage.pullPolicy Kubeapps Asset Syncer image pull policy ## @param apprepository.syncImage.pullSecrets Kubeapps Asset Syncer image pull secrets ## syncImage: registry: docker.io repository: bitnami/kubeapps-asset-syncer tag: 2.3.3-scratch-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param apprepository.initialRepos [array] Initial chart repositories to configure ## e.g: ## initialRepos: ## - name: chartmuseum ## url: https://chartmuseum.default:8080 ## nodeSelector: ## somelabel: somevalue ## # Specify an Authorization Header if you are using an authentication method. ## authorizationHeader: "Bearer xrxNC..." ## # If you're providing your own certificates, please use this to add the certificates as secrets. ## # It should start with -----BEGIN CERTIFICATE----- or ## # -----BEGIN RSA PRIVATE KEY----- ## caCert: ## # Create this apprepository in a custom namespace ## namespace: ## # In case of an OCI registry, specify the type ## type: oci ## # And specify the list of repositories ## ociRepositories: ## - nginx ## - jenkins ## initialRepos: - name: bitnami url: https://charts.bitnami.com/bitnami ## @param apprepository.initialReposProxy [object] Proxy configuration to access chart repositories ## initialReposProxy: enabled: false httpProxy: httpsProxy: noProxy: ## @param apprepository.crontab Schedule for syncing App repositories (default to 10 minutes) ## e.g: ## crontab: "*/10 * * * *" ## crontab: ## @param apprepository.watchAllNamespaces Watch all namespaces to support separate AppRepositories per namespace ## Switch this off only if you require running multiple instances of Kubeapps in different namespaces ## without each instance watching AppRepositories of each other ## watchAllNamespaces: true ## @param apprepository.replicaCount Number of AppRepository Controller replicas to deploy ## Running a single controller replica to avoid sync job duplication ## replicaCount: 1 ## AppRepository Controller containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @param apprepository.resources.limits.cpu The CPU limits for the AppRepository Controller container ## @param apprepository.resources.limits.memory The memory limits for the AppRepository Controller container ## @param apprepository.resources.requests.cpu The requested CPU for the AppRepository Controller container ## @param apprepository.resources.requests.memory The requested memory for the AppRepository Controller container ## resources: limits: cpu: 250m memory: 128Mi requests: cpu: 25m memory: 32Mi ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param apprepository.podSecurityContext.enabled Enabled AppRepository Controller pods' Security Context ## @param apprepository.podSecurityContext.fsGroup Set AppRepository Controller pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param apprepository.containerSecurityContext.enabled Enabled AppRepository Controller containers' Security Context ## @param apprepository.containerSecurityContext.runAsUser Set AppRepository Controller container's Security Context runAsUser ## @param apprepository.containerSecurityContext.runAsNonRoot Set AppRepository Controller container's Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param apprepository.lifecycleHooks Custom lifecycle hooks for AppRepository Controller containers ## lifecycleHooks: {} ## @param apprepository.podLabels Extra labels for AppRepository Controller pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param apprepository.podAnnotations Annotations for AppRepository Controller pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param apprepository.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param apprepository.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## nodeAffinityPreset Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param apprepository.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param apprepository.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set ## key: "" ## @param apprepository.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param apprepository.affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: apprepository.podAffinityPreset, apprepository.podAntiAffinityPreset, and apprepository.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param apprepository.nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param apprepository.tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param apprepository.priorityClassName Priority class name for AppRepository Controller pods ## priorityClassName: ## @param apprepository.hostAliases Custom host aliases for AppRepository Controller pods ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @section Kubeops parameters ## Kubeops parameters ## kubeops: ## Bitnami Kubeops image ## ref: https://hub.docker.com/r/bitnami/kubeops/tags/ ## @param kubeops.image.registry Kubeops image registry ## @param kubeops.image.repository Kubeops image repository ## @param kubeops.image.tag Kubeops image tag (immutable tags are recommended) ## @param kubeops.image.pullPolicy Kubeops image pull policy ## @param kubeops.image.pullSecrets Kubeops image pull secrets ## image: registry: docker.io repository: bitnami/kubeapps-kubeops tag: 2.3.3-scratch-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param kubeops.namespaceHeaderName Additional header name for trusted namespaces ## e.g: ## namespaceHeaderName: X-Consumer-Groups ## namespaceHeaderName: ## @param kubeops.namespaceHeaderPattern Additional header pattern for trusted namespaces ## e.g: ## namespaceHeaderPattern: namespace:^([\w-]+):\w+$ ## namespaceHeaderPattern: ## @param kubeops.qps Kubeops QPS (queries per second) rate ## qps: ## @param kubeops.burst Kubeops burst rate ## burst: ## @param kubeops.replicaCount Number of Kubeops replicas to deploy ## replicaCount: 2 ## @param kubeops.terminationGracePeriodSeconds The grace time period for sig term ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution ## terminationGracePeriodSeconds: 300 ## @param kubeops.extraEnvVars Array with extra environment variables to add to the Kubeops container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param kubeops.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the Kubeops container ## extraEnvVarsCM: ## @param kubeops.extraEnvVarsSecret Name of existing Secret containing extra env vars for the Kubeops container ## extraEnvVarsSecret: ## @param kubeops.containerPort Kubeops HTTP container port ## containerPort: 8080 ## Kubeops containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @param kubeops.resources.limits.cpu The CPU limits for the Kubeops container ## @param kubeops.resources.limits.memory The memory limits for the Kubeops container ## @param kubeops.resources.requests.cpu The requested CPU for the Kubeops container ## @param kubeops.resources.requests.memory The requested memory for the Kubeops container ## resources: limits: cpu: 250m memory: 256Mi requests: cpu: 25m memory: 32Mi ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param kubeops.podSecurityContext.enabled Enabled Kubeops pods' Security Context ## @param kubeops.podSecurityContext.fsGroup Set Kubeops pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param kubeops.containerSecurityContext.enabled Enabled Kubeops containers' Security Context ## @param kubeops.containerSecurityContext.runAsUser Set Kubeops container's Security Context runAsUser ## @param kubeops.containerSecurityContext.runAsNonRoot Set Kubeops container's Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## Configure extra options for Kubeops containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param kubeops.livenessProbe.enabled Enable livenessProbe ## @skip kubeops.livenessProbe.httpGet ## @param kubeops.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param kubeops.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param kubeops.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param kubeops.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param kubeops.livenessProbe.successThreshold Success threshold for livenessProbe ## Kubeops containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true httpGet: path: /live port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param kubeops.readinessProbe.enabled Enable readinessProbe ## @skip kubeops.readinessProbe.httpGet ## @param kubeops.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param kubeops.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param kubeops.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param kubeops.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param kubeops.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true httpGet: path: /ready port: 8080 initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param kubeops.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param kubeops.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param kubeops.lifecycleHooks Custom lifecycle hooks for Kubeops containers ## lifecycleHooks: {} ## @param kubeops.podLabels Extra labels for Kubeops pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param kubeops.podAnnotations Annotations for Kubeops pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param kubeops.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param kubeops.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## nodeAffinityPreset Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param kubeops.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param kubeops.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set ## key: "" ## @param kubeops.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param kubeops.affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: kubeops.podAffinityPreset, kubeops.podAntiAffinityPreset, and kubeops.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param kubeops.nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param kubeops.tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param kubeops.priorityClassName Priority class name for Kubeops pods ## priorityClassName: ## @param kubeops.hostAliases Custom host aliases for Kubeops pods ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## Kubeops service parameters ## service: ## @param kubeops.service.port Kubeops service HTTP port ## port: 8080 ## @param kubeops.service.annotations Additional custom annotations for Kubeops service ## annotations: {} ## @section Assetsvc parameters ## Assetsvc parameters ## assetsvc: ## Bitnami Kubeapps Assetsvc image ## ref: https://hub.docker.com/r/bitnami/kubeapps-assetsvc/tags/ ## @param assetsvc.image.registry Kubeapps Assetsvc image registry ## @param assetsvc.image.repository Kubeapps Assetsvc image repository ## @param assetsvc.image.tag Kubeapps Assetsvc image tag (immutable tags are recommended) ## @param assetsvc.image.pullPolicy Kubeapps Assetsvc image pull policy ## @param assetsvc.image.pullSecrets Kubeapps Assetsvc image pull secrets ## image: registry: docker.io repository: bitnami/kubeapps-assetsvc tag: 2.3.3-scratch-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param assetsvc.replicaCount Number of Assetsvc replicas to deploy ## replicaCount: 2 ## @param assetsvc.extraEnvVars Array with extra environment variables to add to the Assetsvc container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param assetsvc.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the Assetsvc container ## extraEnvVarsCM: ## @param assetsvc.extraEnvVarsSecret Name of existing Secret containing extra env vars for the Assetsvc container ## extraEnvVarsSecret: ## @param assetsvc.containerPort Assetsvc HTTP container port ## containerPort: 8080 ## Assetsvc containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @param assetsvc.resources.limits.cpu The CPU limits for the Assetsvc container ## @param assetsvc.resources.limits.memory The memory limits for the Assetsvc container ## @param assetsvc.resources.requests.cpu The requested CPU for the Assetsvc container ## @param assetsvc.resources.requests.memory The requested memory for the Assetsvc container ## resources: limits: cpu: 250m memory: 128Mi requests: cpu: 25m memory: 32Mi ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param assetsvc.podSecurityContext.enabled Enabled Assetsvc pods' Security Context ## @param assetsvc.podSecurityContext.fsGroup Set Assetsvc pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Container Security Context (only main container) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param assetsvc.containerSecurityContext.enabled Enabled Assetsvc containers' Security Context ## @param assetsvc.containerSecurityContext.runAsUser Set Assetsvc container's Security Context runAsUser ## @param assetsvc.containerSecurityContext.runAsNonRoot Set Assetsvc container's Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## Configure extra options for Assetsvc containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param assetsvc.livenessProbe.enabled Enable livenessProbe ## @skip assetsvc.livenessProbe.httpGet ## @param assetsvc.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param assetsvc.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param assetsvc.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param assetsvc.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param assetsvc.livenessProbe.successThreshold Success threshold for livenessProbe ## Assetsvc containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true httpGet: path: /live port: 8080 initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param assetsvc.readinessProbe.enabled Enable readinessProbe ## @skip assetsvc.readinessProbe.httpGet ## @param assetsvc.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param assetsvc.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param assetsvc.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param assetsvc.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param assetsvc.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true httpGet: path: /ready port: 8080 initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param assetsvc.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param assetsvc.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param assetsvc.lifecycleHooks Custom lifecycle hooks for Assetsvc containers ## lifecycleHooks: {} ## @param assetsvc.podLabels Extra labels for Assetsvc pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param assetsvc.podAnnotations Annotations for Assetsvc pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param assetsvc.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param assetsvc.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## nodeAffinityPreset Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param assetsvc.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param assetsvc.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set ## key: "" ## @param assetsvc.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param assetsvc.affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: assetsvc.podAffinityPreset, assetsvc.podAntiAffinityPreset, and assetsvc.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param assetsvc.nodeSelector Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param assetsvc.tolerations Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param assetsvc.priorityClassName Priority class name for Assetsvc pods ## priorityClassName: ## @param assetsvc.hostAliases Custom host aliases for Assetsvc pods ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## Assetsvc service parameters ## service: ## @param assetsvc.service.port Assetsvc service HTTP port ## port: 8080 ## @param assetsvc.service.annotations Additional custom annotations for Assetsvc service ## annotations: {} ## @section Auth Proxy parameters ## Auth Proxy configuration for OIDC support ## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/user/using-an-OIDC-provider.md ## authProxy: ## @param authProxy.enabled Specifies whether Kubeapps should configure OAuth login/logout ## enabled: false ## Bitnami OAuth2 Proxy image ## ref: https://hub.docker.com/r/bitnami/oauth2-proxy/tags/ ## @param authProxy.image.registry OAuth2 Proxy image registry ## @param authProxy.image.repository OAuth2 Proxy image repository ## @param authProxy.image.tag OAuth2 Proxy image tag (immutable tags are recommended) ## @param authProxy.image.pullPolicy OAuth2 Proxy image pull policy ## @param authProxy.image.pullSecrets OAuth2 Proxy image pull secrets ## image: registry: docker.io repository: bitnami/oauth2-proxy tag: 7.1.3-debian-10-r63 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param authProxy.external Use an external Auth Proxy instead of deploying its own one ## external: false ## @param authProxy.oauthLoginURI OAuth Login URI to which the Kubeapps frontend redirects for authn ## @param authProxy.oauthLogoutURI OAuth Logout URI to which the Kubeapps frontend redirects for authn ## oauthLoginURI: /oauth2/start oauthLogoutURI: /oauth2/sign_out ## @param authProxy.skipKubeappsLoginPage Skip the Kubeapps login page when using OIDC and directly redirect to the IdP ## skipKubeappsLoginPage: false ## @param authProxy.provider OAuth provider ## @param authProxy.clientID OAuth Client ID ## @param authProxy.clientSecret OAuth Client secret ## NOTE: Mandatory parameters for the internal auth-proxy ## provider: "" clientID: "" clientSecret: "" ## @param authProxy.cookieSecret Secret used by oauth2-proxy to encrypt any credentials ## NOTE: It must be a particular number of bytes. It's recommended using the following ## script to generate a cookieSecret: ## python -c 'import os,base64; print base64.urlsafe_b64encode(os.urandom(16))' ## ref: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#generating-a-cookie-secret ## cookieSecret: "" ## @param authProxy.cookieRefresh Duration after which to refresh the cookie ## cookieRefresh: 2m ## @param authProxy.scope OAuth scope specification ## scope: "openid email groups" ## @param authProxy.emailDomain Allowed email domains ## Use "example.com" to restrict logins to emails from example.com ## emailDomain: "*" ## @param authProxy.additionalFlags Additional flags for oauth2-proxy ## ref: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview ## e.g: ## additionalFlags: ## - --ssl-insecure-skip-verify ## - --cookie-secure=false ## - --oidc-issuer-url=https://accounts.google.com # Only needed if provider is oidc ## additionalFlags: [] ## @param authProxy.containerPort Auth Proxy HTTP container port ## containerPort: 3000 ## Configure Container Security Context for Auth Proxy ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param authProxy.containerSecurityContext.enabled Enabled Auth Proxy containers' Security Context ## @param authProxy.containerSecurityContext.runAsUser Set Auth Proxy container's Security Context runAsUser ## @param authProxy.containerSecurityContext.runAsNonRoot Set Auth Proxy container's Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## OAuth2 Proxy containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @param authProxy.resources.limits.cpu The CPU limits for the OAuth2 Proxy container ## @param authProxy.resources.limits.memory The memory limits for the OAuth2 Proxy container ## @param authProxy.resources.requests.cpu The requested CPU for the OAuth2 Proxy container ## @param authProxy.resources.requests.memory The requested memory for the OAuth2 Proxy container ## resources: limits: cpu: 250m memory: 128Mi requests: cpu: 25m memory: 32Mi ## @section Pinniped Proxy parameters ## Pinniped Proxy configuration for converting user OIDC tokens to k8s client authorization certs ## NOTE: This component is alpha functionality in Kubeapps until we complete testing and documentation. ## pinnipedProxy: ## @param pinnipedProxy.enabled Specifies whether Kubeapps should configure Pinniped Proxy ## enabled: false ## Bitnami Pinniped Proxy image ## ref: https://hub.docker.com/r/bitnami/kubeapps-pinniped-proxy/tags/ ## @param pinnipedProxy.image.registry Pinniped Proxy image registry ## @param pinnipedProxy.image.repository Pinniped Proxy image repository ## @param pinnipedProxy.image.tag Pinniped Proxy image tag (immutable tags are recommended) ## @param pinnipedProxy.image.pullPolicy Pinniped Proxy image pull policy ## @param pinnipedProxy.image.pullSecrets Pinniped Proxy image pull secrets ## image: registry: docker.io repository: bitnami/kubeapps-pinniped-proxy tag: 2.3.3-debian-10-r2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param pinnipedProxy.defaultPinnipedNamespace Specify the (default) namespace in which pinniped concierge is installed ## defaultPinnipedNamespace: pinniped-concierge ## @param pinnipedProxy.defaultAuthenticatorType Specify the (default) authenticator type ## defaultAuthenticatorType: JWTAuthenticator ## @param pinnipedProxy.defaultAuthenticatorName Specify the (default) authenticator name ## defaultAuthenticatorName: jwt-authenticator ## @param pinnipedProxy.defaultPinnipedAPISuffix Specify the (default) API suffix ## defaultPinnipedAPISuffix: pinniped.dev ## @param pinnipedProxy.containerPort Kubeops HTTP container port ## containerPort: 3333 ## Configure Container Security Context for Pinniped Proxy ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param pinnipedProxy.containerSecurityContext.enabled Enabled Pinniped Proxy containers' Security Context ## @param pinnipedProxy.containerSecurityContext.runAsUser Set Pinniped Proxy container's Security Context runAsUser ## @param pinnipedProxy.containerSecurityContext.runAsNonRoot Set Pinniped Proxy container's Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## Pinniped Proxy containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @param pinnipedProxy.resources.limits.cpu The CPU limits for the Pinniped Proxy container ## @param pinnipedProxy.resources.limits.memory The memory limits for the Pinniped Proxy container ## @param pinnipedProxy.resources.requests.cpu The requested CPU for the Pinniped Proxy container ## @param pinnipedProxy.resources.requests.memory The requested memory for the Pinniped Proxy container ## resources: limits: cpu: 250m memory: 128Mi requests: cpu: 25m memory: 32Mi ## @section Other Parameters ## @param allowNamespaceDiscovery Allow users to discover available namespaces (only the ones they have access) ## NOTE: When set to true, Kubeapps creates a ClusterRole to be able to list namespaces. ## allowNamespaceDiscovery: true ## @param clusters [array] List of clusters that Kubeapps can target for deployments ## When populated with a single cluster (as it is by default), Kubeapps will not allow users to ## change the target cluster. When populated with multiple clusters, Kubeapps will present the clusters to ## the user as potential targets for install or browsing. ## - Note that you can define a single cluster without an apiServiceURL and the chart will assume this is ## the name you are assigning to the cluster on which Kubeapps is itself installed. Specifying more than ## one cluster without an apiServiceURL will cause the chart display an error. ## - The base64-encoded certificateAuthorityData can be obtained from the additional cluster's kube config ## file, for example, to get the ca data for the 0th cluster in your config (adjust the index 0 as necessary): ## kubectl --kubeconfig ~/.kube/kind-config-kubeapps-additional config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' ## - serviceToken is an optional token configured to allow LIST namespaces and package manifests (operators) only on the additional cluster ## so that the UI can present a list of (only) those namespaces to which the user has access and the available operators. ## - isKubeappsCluster is an optional parameter that allows defining the cluster in which Kubeapps is installed; ## this param is useful when every cluster is using an apiServiceURL (e.g., when using the Pinniped Impersonation Proxy) ## as the chart cannot infer the cluster on which Kubeapps is installed in that case. ## e.g.: ## clusters: ## - name: default ## domain: cluster.local ## - name: second-cluster ## domain: cluster.local ## apiServiceURL: https://second-cluster:6443 ## certificateAuthorityData: LS0tLS1CRUdJ... ## serviceToken: ... ## isKubeappsCluster: true ## clusters: - name: default domain: cluster.local ## @param featureFlags [object] Feature flags (used to switch on development features) ## featureFlags: invalidateCache: true ## RBAC configuration ## rbac: ## @param rbac.create Specifies whether RBAC resources should be created ## create: true ## Image used for the tests ## Bitnami NGINX image ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ ## @param testImage.registry NGINX image registry ## @param testImage.repository NGINX image repository ## @param testImage.tag NGINX image tag (immutable tags are recommended) ## @param testImage.pullPolicy NGINX image pull policy ## @param testImage.pullSecrets NGINX image pull secrets ## testImage: registry: docker.io repository: bitnami/nginx tag: 1.21.1-debian-10-r4 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @section Database Parameters ## PostgreSQL chart configuration ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml ## postgresql: ## @param postgresql.enabled Deploy a PostgreSQL server to satisfy the applications database requirements ## enabled: true ## @param postgresql.replication.enabled Enable replication for high availability ## replication: enabled: true ## @param postgresql.postgresqlDatabase Database name for Kubeapps to be created on the first run ## postgresqlDatabase: assets ## @param postgresql.postgresqlPassword Password for 'postgres' user ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run ## postgresqlPassword: "" ## PostgreSQL Persistence parameters ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## @param postgresql.persistence.enabled Enable persistence on PostgreSQL using PVC(s) ## @param postgresql.persistence.size Persistent Volume size ## persistence: enabled: false size: 8Gi ## @param postgresql.securityContext.enabled Enabled PostgreSQL replicas pods' Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: enabled: false ## PostreSQL containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @param postgresql.resources.limits The resources limits for the PostreSQL container ## @param postgresql.resources.requests.cpu The requested CPU for the PostreSQL container ## @param postgresql.resources.requests.memory The requested memory for the PostreSQL container ## resources: limits: {} requests: memory: 256Mi cpu: 250m