mirror of
https://github.com/bitnami/charts.git
synced 2026-02-10 20:27:38 +08:00
5666175ae2
* [bitnami/apache] Detect non-standard images Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> --------- Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
818 lines
33 KiB
YAML
818 lines
33 KiB
YAML
# Copyright Broadcom, Inc. All Rights Reserved.
|
|
# SPDX-License-Identifier: APACHE-2.0
|
|
|
|
## @section Global parameters
|
|
## Global Docker image parameters
|
|
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
|
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
|
|
|
|
## @param global.imageRegistry Global Docker image registry
|
|
## @param global.imagePullSecrets Global Docker registry secret names as an array
|
|
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
|
|
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
|
|
##
|
|
global:
|
|
imageRegistry: ""
|
|
## E.g.
|
|
## imagePullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
imagePullSecrets: []
|
|
defaultStorageClass: ""
|
|
storageClass: ""
|
|
## Compatibility adaptations for Kubernetes platforms
|
|
##
|
|
compatibility:
|
|
## Compatibility adaptations for Openshift
|
|
##
|
|
openshift:
|
|
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
|
|
##
|
|
adaptSecurityContext: auto
|
|
## Security parameters
|
|
##
|
|
security:
|
|
## @param global.security.allowInsecureImages By default, this chart verifies that the original container images that were designed, tested, and validated are used. This option makes the chart skip the verification step and proceed
|
|
##
|
|
allowInsecureImages: false
|
|
|
|
## @section Common parameters
|
|
|
|
## @param kubeVersion Override Kubernetes version
|
|
##
|
|
kubeVersion: ""
|
|
## @param nameOverride String to partially override common.names.fullname
|
|
##
|
|
nameOverride: ""
|
|
## @param fullnameOverride String to fully override common.names.fullname
|
|
##
|
|
fullnameOverride: ""
|
|
## @param commonLabels Labels to add to all deployed objects
|
|
##
|
|
commonLabels: {}
|
|
## @param commonAnnotations Annotations to add to all deployed objects
|
|
##
|
|
commonAnnotations: {}
|
|
## @param extraDeploy Array of extra objects to deploy with the release
|
|
##
|
|
extraDeploy: []
|
|
## @section Apache parameters
|
|
|
|
## Bitnami Apache image
|
|
## ref: https://hub.docker.com/r/bitnami/apache/tags/
|
|
## @param image.registry [default: REGISTRY_NAME] Apache image registry
|
|
## @param image.repository [default: REPOSITORY_NAME/apache] Apache image repository
|
|
## @skip image.tag Apache image tag (immutable tags are recommended)
|
|
## @param image.digest Apache image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param image.pullPolicy Apache image pull policy
|
|
## @param image.pullSecrets Apache image pull secrets
|
|
## @param image.debug Enable image debug mode
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/apache
|
|
tag: 2.4.62-debian-12-r13
|
|
digest: ""
|
|
## Specify a imagePullPolicy
|
|
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Enable debug mode
|
|
##
|
|
debug: false
|
|
## Bitnami Git image version
|
|
## ref: https://hub.docker.com/r/bitnami/git/tags/
|
|
## @param git.registry [default: REGISTRY_NAME] Git image registry
|
|
## @param git.repository [default: REPOSITORY_NAME/git] Git image name
|
|
## @skip git.tag Git image tag (immutable tags are recommended)
|
|
## @param git.digest Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param git.pullPolicy Git image pull policy
|
|
## @param git.pullSecrets Specify docker-registry secret names as an array
|
|
##
|
|
git:
|
|
registry: docker.io
|
|
repository: bitnami/git
|
|
tag: 2.47.1-debian-12-r0
|
|
digest: ""
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## @param replicaCount Number of replicas of the Apache deployment
|
|
##
|
|
replicaCount: 1
|
|
## @param revisionHistoryLimit The number of old history to retain to allow rollback
|
|
##
|
|
revisionHistoryLimit: 10
|
|
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Node affinity preset
|
|
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
|
|
##
|
|
key: ""
|
|
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param affinity Affinity for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param nodeSelector Node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
|
|
##
|
|
nodeSelector: {}
|
|
## @param tolerations Tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## @param extraPodSpec Optionally specify extra PodSpec
|
|
##
|
|
extraPodSpec: {}
|
|
## Get the server static content from a git repository
|
|
## @param cloneHtdocsFromGit.enabled Get the server static content from a git repository
|
|
## @param cloneHtdocsFromGit.repository Repository to clone static content from
|
|
## @param cloneHtdocsFromGit.branch Branch inside the git repository
|
|
## @param cloneHtdocsFromGit.enableAutoRefresh Enables an automatic git pull with a sidecar container
|
|
## @param cloneHtdocsFromGit.interval Interval for sidecar container pull from the repository
|
|
## @param cloneHtdocsFromGit.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if cloneHtdocsFromGit.resources is set (cloneHtdocsFromGit.resources is recommended for production).
|
|
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
|
## @param cloneHtdocsFromGit.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
|
## Example:
|
|
## resources:
|
|
## requests:
|
|
## cpu: 2
|
|
## memory: 512Mi
|
|
## limits:
|
|
## cpu: 3
|
|
## memory: 1024Mi
|
|
## @param cloneHtdocsFromGit.extraVolumeMounts Add extra volume mounts for the GIT containers
|
|
##
|
|
cloneHtdocsFromGit:
|
|
enabled: false
|
|
repository: ""
|
|
branch: ""
|
|
enableAutoRefresh: true
|
|
interval: 60
|
|
resourcesPreset: "nano"
|
|
resources: {}
|
|
## Useful to mount keys to connect through ssh. (normally used with extraVolumes)
|
|
## E.g:
|
|
## extraVolumeMounts:
|
|
## - name: ssh-dir
|
|
## mountPath: /root/.ssh/
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param htdocsConfigMap Name of a config map with the server static content
|
|
##
|
|
htdocsConfigMap: ""
|
|
## @param htdocsPVC Name of a PVC with the server static content
|
|
##
|
|
htdocsPVC: ""
|
|
## @param vhostsConfigMap Name of a config map with the virtual hosts content
|
|
##
|
|
vhostsConfigMap: ""
|
|
## @param httpdConfConfigMap Name of a config map with the httpd.conf file contents
|
|
##
|
|
httpdConfConfigMap: ""
|
|
## @param podLabels Extra labels for Apache pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param podAnnotations Pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param automountServiceAccountToken Mount Service Account token in pod
|
|
##
|
|
automountServiceAccountToken: false
|
|
## @param hostAliases [array] Add deployment host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases:
|
|
## Necessary for apache-exporter to work
|
|
##
|
|
- ip: "127.0.0.1"
|
|
hostnames:
|
|
- "status.localhost"
|
|
## @param priorityClassName Apache Server pods' priorityClassName
|
|
##
|
|
priorityClassName: ""
|
|
## @param schedulerName Name of the k8s scheduler (other than default)
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## Configure Pods Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
|
## @param podSecurityContext.enabled Enabled Apache Server pods' Security Context
|
|
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
|
|
## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface
|
|
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
|
|
## @param podSecurityContext.fsGroup Set Apache Server pod's Security Context fsGroup
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroupChangePolicy: Always
|
|
sysctls: []
|
|
supplementalGroups: []
|
|
fsGroup: 1001
|
|
## Configure Container Security Context
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
|
## @param containerSecurityContext.enabled Enabled Apache Server containers' Security Context
|
|
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
|
|
## @param containerSecurityContext.runAsUser Set Apache Server containers' Security Context runAsUser
|
|
## @param containerSecurityContext.runAsGroup Set Apache Server containers' Security Context runAsGroup
|
|
## @param containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot
|
|
## @param containerSecurityContext.privileged Set primary container's Security Context privileged
|
|
## @param containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation
|
|
## @param containerSecurityContext.readOnlyRootFilesystem Set primary container's Security Context readOnlyRootFilesystem
|
|
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
|
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
seLinuxOptions: {}
|
|
runAsUser: 1001
|
|
runAsGroup: 1001
|
|
runAsNonRoot: true
|
|
privileged: false
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
## @param command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param args Override default container args (useful when using custom images)
|
|
##
|
|
args: []
|
|
## @param lifecycleHooks for the Apache server container(s) to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## Apache pods' resource requests and limits
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
## We usually recommend not to specify default resources and to leave this as a conscious
|
|
## choice for the user. This also increases chances charts run on environments with little
|
|
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
|
|
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
|
##
|
|
resourcesPreset: "nano"
|
|
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
|
## Example:
|
|
## resources:
|
|
## requests:
|
|
## cpu: 2
|
|
## memory: 512Mi
|
|
## limits:
|
|
## cpu: 3
|
|
## memory: 1024Mi
|
|
##
|
|
resources: {}
|
|
## Configure extra options for containers' liveness and readiness probes
|
|
## Configure extra options for Apache server containers' liveness, readiness and startup probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
|
|
## @param startupProbe.enabled Enable startupProbe
|
|
## @param startupProbe.path Path to access on the HTTP server
|
|
## @param startupProbe.port Port for startupProbe
|
|
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
path: "/"
|
|
port: http
|
|
initialDelaySeconds: 180
|
|
periodSeconds: 20
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
## @param livenessProbe.enabled Enable liveness probe
|
|
## @param livenessProbe.port Port for livenessProbe
|
|
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
port: http
|
|
initialDelaySeconds: 180
|
|
periodSeconds: 20
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
## @param readinessProbe.enabled Enable readiness probe
|
|
## @param readinessProbe.path Path to access on the HTTP server
|
|
## @param readinessProbe.port Port for readinessProbe
|
|
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
path: "/"
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
## @param customStartupProbe Custom liveness probe for the Web component
|
|
##
|
|
customStartupProbe: {}
|
|
## @param customLivenessProbe Custom liveness probe for the Web component
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param customReadinessProbe Custom rediness probe for the Web component
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param extraVolumes Array to add extra volumes (evaluated as a template)
|
|
##
|
|
extraVolumes: []
|
|
## @param extraVolumeMounts Array to add extra mounts (normally used with extraVolumes, evaluated as a template)
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param extraEnvVars Array to add extra environment variables
|
|
##
|
|
extraEnvVars: []
|
|
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Apache server nodes
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for Apache server nodes
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## Apache server container port
|
|
## @param containerPorts.http Apache server HTTP container port
|
|
## @param containerPorts.https Apache server HTTPS container port
|
|
##
|
|
containerPorts:
|
|
http: 8080
|
|
https: 8443
|
|
## @param initContainers Add additional init containers to the Apache pods
|
|
## Example:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
initContainers: []
|
|
## @param sidecars Add additional sidecar containers to the Apache pods
|
|
## Example:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param updateStrategy.type Apache Server deployment strategy type.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
|
## e.g:
|
|
## updateStrategy:
|
|
## type: RollingUpdate
|
|
## rollingUpdate:
|
|
## maxSurge: 25%
|
|
## maxUnavailable: 25%
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## @section Other Parameters
|
|
|
|
## Apache Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
## @param pdb.create Enable a Pod Disruption Budget creation
|
|
## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
##
|
|
pdb:
|
|
create: true
|
|
minAvailable: ""
|
|
maxUnavailable: ""
|
|
## Apache Autoscaling parameters
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
## @param autoscaling.enabled Enable Horizontal POD autoscaling for Apache
|
|
## @param autoscaling.minReplicas Minimum number of Apache replicas
|
|
## @param autoscaling.maxReplicas Maximum number of Apache replicas
|
|
## @param autoscaling.targetCPU Target CPU utilization percentage
|
|
## @param autoscaling.targetMemory Target Memory utilization percentage
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 11
|
|
targetCPU: 50
|
|
targetMemory: 50
|
|
## @section Traffic Exposure Parameters
|
|
|
|
## Apache service parameters
|
|
##
|
|
service:
|
|
## @param service.type Apache Service type
|
|
##
|
|
type: LoadBalancer
|
|
## @param service.ports.http Apache service HTTP port
|
|
## @param service.ports.https Apache service HTTPS port
|
|
##
|
|
ports:
|
|
http: 80
|
|
https: 443
|
|
## Node ports to expose
|
|
## @param service.nodePorts.http Node port for HTTP
|
|
## @param service.nodePorts.https Node port for HTTPS
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
https: ""
|
|
## @param service.clusterIP Apache service Cluster IP
|
|
## e.g.:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param service.loadBalancerIP Apache service Load Balancer IP
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param service.loadBalancerSourceRanges Apache service Load Balancer sources
|
|
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param service.annotations Additional custom annotations for Apache service
|
|
## This can be used to set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
annotations: {}
|
|
## @param service.externalTrafficPolicy Apache service external traffic policy
|
|
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
|
|
##
|
|
extraPorts: []
|
|
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
|
|
## If "ClientIP", consecutive client requests will be directed to the same mongos Pod
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
|
|
##
|
|
sessionAffinity: None
|
|
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
|
|
## sessionAffinityConfig:
|
|
## clientIP:
|
|
## timeoutSeconds: 300
|
|
##
|
|
sessionAffinityConfig: {}
|
|
## Network Policies
|
|
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
|
##
|
|
networkPolicy:
|
|
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
|
|
##
|
|
enabled: true
|
|
## @param networkPolicy.allowExternal Don't require server label for connections
|
|
## The Policy model to apply. When set to false, only pods with the correct
|
|
## server label will have network access to the ports server is listening
|
|
## on. When true, server will accept connections from any source
|
|
## (with the correct destination port).
|
|
##
|
|
allowExternal: true
|
|
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
|
|
##
|
|
allowExternalEgress: true
|
|
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
|
|
## e.g:
|
|
## extraIngress:
|
|
## - ports:
|
|
## - port: 1234
|
|
## from:
|
|
## - podSelector:
|
|
## - matchLabels:
|
|
## - role: frontend
|
|
## - podSelector:
|
|
## - matchExpressions:
|
|
## - key: role
|
|
## operator: In
|
|
## values:
|
|
## - frontend
|
|
extraIngress: []
|
|
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
|
|
## e.g:
|
|
## extraEgress:
|
|
## - ports:
|
|
## - port: 1234
|
|
## to:
|
|
## - podSelector:
|
|
## - matchLabels:
|
|
## - role: frontend
|
|
## - podSelector:
|
|
## - matchExpressions:
|
|
## - key: role
|
|
## operator: In
|
|
## values:
|
|
## - frontend
|
|
##
|
|
extraEgress: []
|
|
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
|
|
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
|
|
##
|
|
ingressNSMatchLabels: {}
|
|
ingressNSPodMatchLabels: {}
|
|
## Configure the ingress resource that allows you to access the Apache installation
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
|
|
##
|
|
ingress:
|
|
## @param ingress.enabled Enable ingress record generation for Apache
|
|
##
|
|
enabled: false
|
|
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
|
##
|
|
selfSigned: false
|
|
## @param ingress.pathType Ingress path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## IngressClassName is used to reference the IngressClass that should be used to implement this Ingress.
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param ingress.hostname Default host for the ingress record
|
|
##
|
|
hostname: example.local
|
|
## @param ingress.path Default path for the ingress record
|
|
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
|
|
##
|
|
path: /
|
|
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## e.g:
|
|
## annotations:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
|
|
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
|
|
## You can:
|
|
## - Use the `ingress.secrets` parameter to create this TLS secret
|
|
## - Rely on cert-manager to create it by setting the corresponding annotations
|
|
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
|
|
##
|
|
tls: false
|
|
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
|
|
## e.g:
|
|
## extraHosts:
|
|
## - name: apache.local
|
|
## path: /
|
|
##
|
|
extraHosts: []
|
|
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
|
|
## e.g:
|
|
## extraPaths:
|
|
## - path: /*
|
|
## backend:
|
|
## serviceName: ssl-redirect
|
|
## servicePort: use-annotation
|
|
##
|
|
extraPaths: []
|
|
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## e.g:
|
|
## extraTls:
|
|
## - hosts:
|
|
## - apache.local
|
|
## secretName: apache.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param ingress.secrets Custom TLS certificates as secrets
|
|
## NOTE: 'key' and 'certificate' are expected in PEM format
|
|
## NOTE: 'name' should line up with a 'secretName' set further up
|
|
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
|
|
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## secrets:
|
|
## - name: example.local-tls
|
|
## key: |-
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
## ...
|
|
## -----END RSA PRIVATE KEY-----
|
|
## certificate: |-
|
|
## -----BEGIN CERTIFICATE-----
|
|
## ...
|
|
## -----END CERTIFICATE-----
|
|
##
|
|
secrets: []
|
|
## @param ingress.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: apache.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: apache-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @section Metrics Parameters
|
|
metrics:
|
|
## @param metrics.enabled Start a sidecar prometheus exporter to expose Apache metrics
|
|
##
|
|
enabled: false
|
|
## Bitnami Apache Prometheus Exporter image
|
|
## ref: https://hub.docker.com/r/bitnami/apache-exporter/tags/
|
|
## @param metrics.image.registry [default: REGISTRY_NAME] Apache Exporter image registry
|
|
## @param metrics.image.repository [default: REPOSITORY_NAME/apache-exporter] Apache Exporter image repository
|
|
## @skip metrics.image.tag Apache Exporter image tag (immutable tags are recommended)
|
|
## @param metrics.image.digest Apache Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param metrics.image.pullPolicy Apache Exporter image pull policy
|
|
## @param metrics.image.pullSecrets Apache Exporter image pull secrets
|
|
## @param metrics.image.debug Apache Exporter image debug mode
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/apache-exporter
|
|
tag: 1.0.9-debian-12-r6
|
|
digest: ""
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## Enable debug mode
|
|
##
|
|
debug: false
|
|
## @param metrics.podAnnotations [object] Additional custom annotations for Apache exporter service
|
|
##
|
|
podAnnotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "9117"
|
|
## Apache Prometheus exporter resource requests and limits
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
## We usually recommend not to specify default resources and to leave this as a conscious
|
|
## choice for the user. This also increases chances charts run on environments with little
|
|
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
|
|
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
|
##
|
|
resourcesPreset: "none"
|
|
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
|
## Example:
|
|
## resources:
|
|
## requests:
|
|
## cpu: 2
|
|
## memory: 512Mi
|
|
## limits:
|
|
## cpu: 3
|
|
## memory: 1024Mi
|
|
##
|
|
resources: {}
|
|
## @param metrics.containerPort Apache Prometheus Exporter container port
|
|
##
|
|
containerPort: 9141
|
|
## Prometheus exporter service parameters
|
|
service:
|
|
## @param metrics.service.port Metrics service port
|
|
##
|
|
port: 9117
|
|
## @param metrics.service.annotations [object] Additional custom annotations for Metrics service
|
|
##
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: "{{ .Values.metrics.service.port }}"
|
|
## Prometheus Operator PodMonitor configuration
|
|
##
|
|
serviceMonitor:
|
|
## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator PodMonitor (also requires `metrics.enabled` to be `true`)
|
|
##
|
|
enabled: false
|
|
## @param metrics.serviceMonitor.namespace Namespace for the PodMonitor Resource (defaults to the Release Namespace)
|
|
##
|
|
namespace: ""
|
|
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped.
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
## e.g:
|
|
## interval: 10s
|
|
##
|
|
interval: ""
|
|
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
## e.g:
|
|
## scrapeTimeout: 10s
|
|
##
|
|
scrapeTimeout: ""
|
|
## @param metrics.serviceMonitor.labels Labels that can be used so PodMonitor will be discovered by Prometheus
|
|
##
|
|
labels: {}
|
|
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
|
|
##
|
|
relabelings: []
|
|
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
|
|
##
|
|
metricRelabelings: []
|
|
## Prometheus Operator PrometheusRule configuration
|
|
##
|
|
prometheusRule:
|
|
## @param metrics.prometheusRule.enabled if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`)
|
|
##
|
|
enabled: false
|
|
## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace)
|
|
##
|
|
namespace: ""
|
|
## @param metrics.prometheusRule.labels Labels that can be used so PrometheusRule will be discovered by Prometheus
|
|
##
|
|
labels: {}
|
|
## @param metrics.prometheusRule.rules Prometheus Rule definitions
|
|
## - alert: LowInstance
|
|
## expr: up{service="{{ template "common.names.fullname" . }}"} < 1
|
|
## for: 1m
|
|
## labels:
|
|
## severity: critical
|
|
## annotations:
|
|
## description: Service {{ template "common.names.fullname" . }} Apache is down since 1m.
|
|
## summary: Apache instance is down.
|
|
##
|
|
rules: []
|
|
## Service Account
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
##
|
|
serviceAccount:
|
|
## @param serviceAccount.create Enable creation of ServiceAccount for Apache pod
|
|
##
|
|
create: true
|
|
## @param serviceAccount.name The name of the ServiceAccount to use.
|
|
## If not set and create is true, a name is generated using the common.names.fullname template
|
|
##
|
|
name: ""
|
|
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
|
|
## Can be set to false if pods using this serviceAccount do not need to use K8s API
|
|
##
|
|
automountServiceAccountToken: false
|
|
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
|
|
##
|
|
annotations: {}
|