Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-24 06:47:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
23fcbaaaa75e6d6eb237cea30071663ebcf08869
charts/bitnami/kubeapps/values.yaml
Fran Mulero 9e6a2b3cd6 [bitnami/kubeapps] Enable PodDisruptionBudgets (#26505) 
* [bitnami/kubeapps] Enable PodDisruptionBudgets

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Disable PDBs temporary

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

---------

Signed-off-by: Fran Mulero <fmulero@vmware.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
2024-06-04 12:01:53 +02:00

2513 lines
114 KiB
YAML
Raw Blame History

# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: auto
## @section Common parameters
## @param kubeVersion Override Kubernetes version
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## @param enableIPv6 Enable IPv6 configuration
##
enableIPv6: false
## Enable diagnostic mode in the deployment
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the deployment
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the deployment
##
args:
- infinity
## @section Traffic Exposure Parameters
## Configure the ingress resource that allows you to access the Kubeapps installation
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param ingress.enabled Enable ingress record generation for Kubeapps
##
enabled: false
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.hostname Default host for the ingress record
##
hostname: kubeapps.local
## @param ingress.path Default path for the ingress record
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
##
path: /
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
##
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations:
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
## You can:
## - Use the `ingress.secrets` parameter to create this TLS secret
## - Rely on cert-manager to create it by setting the corresponding annotations
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## e.g:
## extraHosts:
## - name: kubeapps.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
## e.g:
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## e.g:
## extraTls:
## - hosts:
## - kubeapps.local
## secretName: kubeapps.local-tls
##
extraTls: []
## @param ingress.secrets Custom TLS certificates as secrets
## NOTE: 'key' and 'certificate' are expected in PEM format
## NOTE: 'name' should line up with a 'secretName' set further up
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## e.g:
## secrets:
## - name: kubeapps.local-tls
## key: |-
## -----BEGIN RSA PRIVATE KEY-----
## ...
## -----END RSA PRIVATE KEY-----
## certificate: |-
## -----BEGIN CERTIFICATE-----
## ...
## -----END CERTIFICATE-----
##
secrets: []
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: example.local
## http:
## path: /
## backend:
## service:
## name: example-svc
## port:
## name: http
##
extraRules: []
## @section Kubeapps packaging options
## Note: the helm and flux plugins are mutually exclusive, you can only
## enable one or the other since they both operate on Helm release objects.
## Enabling carvel or flux does *not* install the required related Carvel or
## Flux controllers on your cluster. Please read the documentation for running
## Kubeapps with Carvel or Flux support.
packaging:
## Default helm packaging
## @param packaging.helm.enabled Enable the standard Helm packaging.
helm:
enabled: true
## Carvel packaging
## @param packaging.carvel.enabled Enable support for the Carvel (kapp-controller) packaging.
carvel:
enabled: false
## Flux (v2) packaging
## @param packaging.flux.enabled Enable support for Flux (v2) packaging.
flux:
enabled: false
## @section Frontend parameters
## Frontend parameters
##
frontend:
## Bitnami NGINX image
## ref: https://hub.docker.com/r/bitnami/nginx/tags/
## @param frontend.image.registry [default: REGISTRY_NAME] NGINX image registry
## @param frontend.image.repository [default: REPOSITORY_NAME/nginx] NGINX image repository
## @skip frontend.image.tag NGINX image tag (immutable tags are recommended)
## @param frontend.image.digest NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param frontend.image.pullPolicy NGINX image pull policy
## @param frontend.image.pullSecrets NGINX image pull secrets
## @param frontend.image.debug Enable image debug mode
##
image:
registry: docker.io
repository: bitnami/nginx
tag: 1.26.1-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Enable debug mode
##
debug: false
## @param frontend.proxypassAccessTokenAsBearer Use access_token as the Bearer when talking to the k8s api server
## NOTE: Some K8s distributions such as GKE requires it
##
proxypassAccessTokenAsBearer: false
## @param frontend.proxypassExtraSetHeader Set an additional proxy header for all requests proxied via NGINX
## e.g:
## proxypassExtraSetHeader: Authorization "Bearer $cookie_sessionid";
##
proxypassExtraSetHeader: ""
## @param frontend.largeClientHeaderBuffers Set large_client_header_buffers in NGINX config
## NOTE: Can be required when using OIDC or LDAP due to large cookies
##
largeClientHeaderBuffers: "4 32k"
## @param frontend.replicaCount Number of frontend replicas to deploy
##
replicaCount: 2
## @param frontend.updateStrategy.type Frontend deployment strategy type.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## e.g:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## Frontend containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param frontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if frontend.resources is set (frontend.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param frontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @param frontend.extraEnvVars Array with extra environment variables to add to the NGINX container
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param frontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the NGINX container
##
extraEnvVarsCM: ""
## @param frontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for the NGINX container
##
extraEnvVarsSecret: ""
## @param frontend.containerPorts.http NGINX HTTP container port
##
containerPorts:
http: 8080
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param frontend.podSecurityContext.enabled Enabled frontend pods' Security Context
## @param frontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param frontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param frontend.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param frontend.podSecurityContext.fsGroup Set frontend pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context for NGINX
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param frontend.containerSecurityContext.enabled Enabled containers' Security Context
## @param frontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param frontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param frontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param frontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param frontend.containerSecurityContext.privileged Set container's Security Context privileged
## @param frontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param frontend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param frontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param frontend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for frontend containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param frontend.livenessProbe.enabled Enable livenessProbe
## @param frontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param frontend.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param frontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param frontend.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param frontend.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param frontend.readinessProbe.enabled Enable readinessProbe
## @param frontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param frontend.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param frontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param frontend.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param frontend.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param frontend.startupProbe.enabled Enable startupProbe
## @param frontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param frontend.startupProbe.periodSeconds Period seconds for startupProbe
## @param frontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param frontend.startupProbe.failureThreshold Failure threshold for startupProbe
## @param frontend.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param frontend.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param frontend.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param frontend.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param frontend.lifecycleHooks Custom lifecycle hooks for frontend containers
##
lifecycleHooks: {}
## @param frontend.command Override default container command (useful when using custom images)
##
command: []
## @param frontend.args Override default container args (useful when using custom images)
##
args: []
## @param frontend.podLabels Extra labels for frontend pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param frontend.podAnnotations Annotations for frontend pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param frontend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param frontend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## nodeAffinityPreset Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param frontend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param frontend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param frontend.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param frontend.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: frontend.podAffinityPreset, frontend.podAntiAffinityPreset, and frontend.nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param frontend.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param frontend.tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param frontend.priorityClassName Priority class name for frontend pods
##
priorityClassName: ""
## @param frontend.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param frontend.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param frontend.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param frontend.hostAliases Custom host aliases for frontend pods
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param frontend.extraVolumes Optionally specify extra list of additional volumes for frontend pods
##
extraVolumes: []
## @param frontend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for frontend container(s)
##
extraVolumeMounts: []
## @param frontend.sidecars Add additional sidecar containers to the frontend pod
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param frontend.initContainers Add additional init containers to the frontend pods
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param frontend.pdb.create Enable/disable a Pod Disruption Budget creation
## @param frontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param frontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `frontend.pdb.minAvailable` and `frontend.pdb.maxUnavailable` are empty.
##
pdb:
create: false
minAvailable: ""
maxUnavailable: ""
## Frontend service parameters
##
service:
## @param frontend.service.type Frontend service type
##
type: ClusterIP
## @param frontend.service.ports.http Frontend service HTTP port
##
ports:
http: 80
## @param frontend.service.nodePorts.http Node port for HTTP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
##
nodePorts:
http: ""
## @param frontend.service.clusterIP Frontend service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param frontend.service.loadBalancerIP Frontend service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param frontend.service.loadBalancerSourceRanges Frontend service Load Balancer sources
## ref: https://v1-17.docs.kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param frontend.service.externalTrafficPolicy Frontend service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param frontend.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param frontend.service.annotations Additional custom annotations for frontend service
##
annotations: {}
## @param frontend.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param frontend.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param frontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param frontend.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param frontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param frontend.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param frontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param frontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param frontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param frontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section Dashboard parameters
## Dashboard parameters
##
dashboard:
## @param dashboard.enabled Specifies whether Kubeapps Dashboard should be deployed or not
##
enabled: true
## Bitnami Kubeapps Dashboard image
## ref: https://hub.docker.com/r/bitnami/kubeapps-dashboard/
## @param dashboard.image.registry [default: REGISTRY_NAME] Dashboard image registry
## @param dashboard.image.repository [default: REPOSITORY_NAME/kubeapps-dashboard] Dashboard image repository
## @skip dashboard.image.tag Dashboard image tag (immutable tags are recommended)
## @param dashboard.image.digest Dashboard image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param dashboard.image.pullPolicy Dashboard image pull policy
## @param dashboard.image.pullSecrets Dashboard image pull secrets
## @param dashboard.image.debug Enable image debug mode
##
image:
registry: docker.io
repository: bitnami/kubeapps-dashboard
tag: 2.10.0-debian-12-r5
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Enable debug mode
##
debug: false
## @param dashboard.customStyle Custom CSS injected to the Dashboard to customize Kubeapps look and feel
## e.g:
## customStyle: |-
## .header.header-7 {
## background-color: #991700;
## }
##
customStyle: ""
## @param dashboard.customAppViews Package names to signal a custom app view
## ref: https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/custom-app-view-support.md
## e.g:
## customAppViews:
## - plugin: helm
## name: helm-chart
## repository: bitnami
customAppViews: []
## @param dashboard.customComponents Custom Form components injected into the BasicDeploymentForm
## ref: https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/howto/custom-form-component-support.md
##
customComponents: ""
## @param dashboard.remoteComponentsUrl Remote URL that can be used to load custom components vs loading from the local filesystem
##
remoteComponentsUrl: ""
## @param dashboard.skipAvailablePackageDetails Skip the package details view and go straight to the installation view of the latest version
##
skipAvailablePackageDetails: false
## @param dashboard.customLocale Custom translations injected to the Dashboard to customize the strings used in Kubeapps
## ref: https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/reference/translations/translate-kubeapps.md
## e.g:
## customLocale:
## "Kubeapps": "My Dashboard"
## "login-oidc": "Login with my company SSO"
##
customLocale: ""
## @param dashboard.defaultTheme Default theme used in the Dashboard if the user has not selected any theme yet.
## enum: [ "light", "dark" ]
## e.g:
## defaultTheme: dark
##
defaultTheme: ""
## @param dashboard.replicaCount Number of Dashboard replicas to deploy
##
## @param dashboard.createNamespaceLabels Labels added to newly created namespaces
## e.g:
# createNamespaceLabels:
# "managed-by": "kubeapps"
createNamespaceLabels: {}
replicaCount: 2
## @param dashboard.updateStrategy.type Dashboard deployment strategy type.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## e.g:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## @param dashboard.extraEnvVars Array with extra environment variables to add to the Dashboard container
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param dashboard.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the Dashboard container
##
extraEnvVarsCM: ""
## @param dashboard.extraEnvVarsSecret Name of existing Secret containing extra env vars for the Dashboard container
##
extraEnvVarsSecret: ""
## @param dashboard.containerPorts.http Dashboard HTTP container port
##
containerPorts:
http: 8080
## Dashboard containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param dashboard.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dashboard.resources is set (dashboard.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param dashboard.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context
## @param dashboard.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param dashboard.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param dashboard.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param dashboard.podSecurityContext.fsGroup Set Dashboard pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context for Dashboard
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param dashboard.containerSecurityContext.enabled Enabled containers' Security Context
## @param dashboard.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param dashboard.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param dashboard.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param dashboard.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param dashboard.containerSecurityContext.privileged Set container's Security Context privileged
## @param dashboard.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param dashboard.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param dashboard.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param dashboard.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for Dashboard containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param dashboard.livenessProbe.enabled Enable livenessProbe
## @param dashboard.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param dashboard.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param dashboard.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param dashboard.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param dashboard.livenessProbe.successThreshold Success threshold for livenessProbe
## Dashboard containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param dashboard.readinessProbe.enabled Enable readinessProbe
## @param dashboard.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param dashboard.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param dashboard.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param dashboard.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param dashboard.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param dashboard.startupProbe.enabled Enable startupProbe
## @param dashboard.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param dashboard.startupProbe.periodSeconds Period seconds for startupProbe
## @param dashboard.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param dashboard.startupProbe.failureThreshold Failure threshold for startupProbe
## @param dashboard.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param dashboard.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param dashboard.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param dashboard.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param dashboard.lifecycleHooks Custom lifecycle hooks for Dashboard containers
##
lifecycleHooks: {}
## @param dashboard.command Override default container command (useful when using custom images)
##
command: []
## @param dashboard.args Override default container args (useful when using custom images)
##
args: []
## @param dashboard.podLabels Extra labels for Dashboard pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param dashboard.podAnnotations Annotations for Dashboard pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param dashboard.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param dashboard.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param dashboard.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param dashboard.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param dashboard.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param dashboard.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: dashboard.podAffinityPreset, dashboard.podAntiAffinityPreset, and dashboard.nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param dashboard.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param dashboard.tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param dashboard.priorityClassName Priority class name for Dashboard pods
##
priorityClassName: ""
## @param dashboard.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param dashboard.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param dashboard.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param dashboard.hostAliases Custom host aliases for Dashboard pods
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param dashboard.extraVolumes Optionally specify extra list of additional volumes for Dashboard pods
##
extraVolumes: []
## @param dashboard.extraVolumeMounts Optionally specify extra list of additional volumeMounts for Dashboard container(s)
##
extraVolumeMounts: []
## @param dashboard.sidecars Add additional sidecar containers to the Dashboard pod
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param dashboard.initContainers Add additional init containers to the Dashboard pods
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param dashboard.pdb.create Enable/disable a Pod Disruption Budget creation
## @param dashboard.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param dashboard.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `dashboard.pdb.minAvailable` and `dashboard.pdb.maxUnavailable` are empty.
##
pdb:
create: false
minAvailable: ""
maxUnavailable: ""
## Dashboard service parameters
##
service:
## @param dashboard.service.ports.http Dashboard service HTTP port
##
ports:
http: 8080
## @param dashboard.service.annotations Additional custom annotations for Dashboard service
##
annotations: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param dashboard.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param dashboard.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param dashboard.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param dashboard.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param dashboard.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param dashboard.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param dashboard.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param dashboard.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section AppRepository Controller parameters
## AppRepository Controller parameters
##
apprepository:
## Bitnami Kubeapps AppRepository Controller image
## ref: https://hub.docker.com/r/bitnami/kubeapps-apprepository-controller/tags/
## @param apprepository.image.registry [default: REGISTRY_NAME] Kubeapps AppRepository Controller image registry
## @param apprepository.image.repository [default: REPOSITORY_NAME/kubeapps-apprepository-controller] Kubeapps AppRepository Controller image repository
## @skip apprepository.image.tag Kubeapps AppRepository Controller image tag (immutable tags are recommended)
## @param apprepository.image.digest Kubeapps AppRepository Controller image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param apprepository.image.pullPolicy Kubeapps AppRepository Controller image pull policy
## @param apprepository.image.pullSecrets Kubeapps AppRepository Controller image pull secrets
##
image:
registry: docker.io
repository: bitnami/kubeapps-apprepository-controller
tag: 2.10.0-debian-12-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Bitnami Kubeapps Asset Syncer image
## ref: https://hub.docker.com/r/bitnami/kubeapps-asset-syncer/tags/
## @param apprepository.syncImage.registry [default: REGISTRY_NAME] Kubeapps Asset Syncer image registry
## @param apprepository.syncImage.repository [default: REPOSITORY_NAME/kubeapps-asset-syncer] Kubeapps Asset Syncer image repository
## @skip apprepository.syncImage.tag Kubeapps Asset Syncer image tag (immutable tags are recommended)
## @param apprepository.syncImage.digest Kubeapps Asset Syncer image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param apprepository.syncImage.pullPolicy Kubeapps Asset Syncer image pull policy
## @param apprepository.syncImage.pullSecrets Kubeapps Asset Syncer image pull secrets
##
syncImage:
registry: docker.io
repository: bitnami/kubeapps-asset-syncer
tag: 2.10.0-debian-12-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param apprepository.globalReposNamespaceSuffix Suffix for the namespace of global repos in the Helm plugin. Defaults to empty for backwards compatibility. Ignored if kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace is set.
##
globalReposNamespaceSuffix: ""
## @param apprepository.initialRepos [array] Initial chart repositories to configure
## e.g:
## initialRepos:
## - name: chartmuseum
## url: https://chartmuseum.default:8080
## # Specify nodeSelector and tolerations:
## nodeSelector:
## somelabel: somevalue
## tolerations:
## - key: "cattle.io/os"
## operator: "Equal"
## value: "linux"
## effect: "NoSchedule"
## # Specify an Authorization Header if you are using an authentication method:
## authorizationHeader: "Bearer xrxNC..."
## # Specify the credentials if you are using a basic authentication method:
## basicAuth:
## user:
## password:
## # If you're providing your own certificates, please use this to add the certificates as secrets.
## # It should start with -----BEGIN CERTIFICATE----- or
## # -----BEGIN RSA PRIVATE KEY-----
## caCert:
## # Create this apprepository in a custom namespace
## namespace:
## # In case of an OCI registry, specify the type
## type: oci
## # And specify the list of repositories
## ociRepositories:
## - nginx
## - jenkins
## # Optionally filter out some charts.
## # The jq query format is not exposed in the UI, so care needs to be taken to use the format which the UI expects to parse,
## # which is why variables are used in the example below.
## filterRule:
## jq: .name == $var0 or .name == $var1
## variables:
## $var0: nginx
## $var1: jenkins
##
initialRepos:
- name: bitnami
url: https://charts.bitnami.com/bitnami
## @param apprepository.customAnnotations Custom annotations be added to each AppRepository-generated CronJob, Job and Pod
##
customAnnotations: {}
## @param apprepository.customLabels Custom labels be added to each AppRepository-generated CronJob, Job and Pod
##
customLabels: {}
## Proxy configuration to access chart repositories
##
## @param apprepository.initialReposProxy.enabled Enables the proxy
## @param apprepository.initialReposProxy.httpProxy URL for the http proxy
## @param apprepository.initialReposProxy.httpsProxy URL for the https proxy
## @param apprepository.initialReposProxy.noProxy URL to exclude from using the proxy
##
initialReposProxy:
enabled: false
httpProxy: ""
httpsProxy: ""
noProxy: ""
## @param apprepository.crontab Default schedule for syncing App repositories (defaults to every 10 minutes)
## e.g:
## crontab: "*/10 * * * *"
##
crontab: ""
## @param apprepository.watchAllNamespaces Watch all namespaces to support separate AppRepositories per namespace
## Switch this off only if you require running multiple instances of Kubeapps in different namespaces
## without each instance watching AppRepositories of each other
##
watchAllNamespaces: true
## @param apprepository.extraFlags Additional command line flags for AppRepository Controller
##
extraFlags: []
## @param apprepository.replicaCount Number of AppRepository Controller replicas to deploy
## Running a single controller replica to avoid sync job duplication
##
replicaCount: 1
## @param apprepository.updateStrategy.type AppRepository Controller deployment strategy type.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## e.g:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## AppRepository Controller containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param apprepository.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if apprepository.resources is set (apprepository.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param apprepository.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param apprepository.podSecurityContext.enabled Enabled AppRepository Controller pods' Security Context
## @param apprepository.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param apprepository.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param apprepository.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param apprepository.podSecurityContext.fsGroup Set AppRepository Controller pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context for App Repository jobs
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param apprepository.containerSecurityContext.enabled Enabled containers' Security Context
## @param apprepository.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param apprepository.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param apprepository.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param apprepository.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param apprepository.containerSecurityContext.privileged Set container's Security Context privileged
## @param apprepository.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param apprepository.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param apprepository.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param apprepository.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param apprepository.lifecycleHooks Custom lifecycle hooks for AppRepository Controller containers
##
lifecycleHooks: {}
## @param apprepository.command Override default container command (useful when using custom images)
##
command: []
## @param apprepository.args Override default container args (useful when using custom images)
##
args: []
## @param apprepository.extraEnvVars Array with extra environment variables to add to AppRepository Controller pod(s)
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param apprepository.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for AppRepository Controller pod(s)
##
extraEnvVarsCM: ""
## @param apprepository.extraEnvVarsSecret Name of existing Secret containing extra env vars for AppRepository Controller pod(s)
##
extraEnvVarsSecret: ""
## @param apprepository.extraVolumes Optionally specify extra list of additional volumes for the AppRepository Controller pod(s)
##
extraVolumes: []
## @param apprepository.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the AppRepository Controller container(s)
##
extraVolumeMounts: []
## @param apprepository.podLabels Extra labels for AppRepository Controller pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param apprepository.podAnnotations Annotations for AppRepository Controller pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param apprepository.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param apprepository.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## nodeAffinityPreset Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param apprepository.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param apprepository.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param apprepository.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param apprepository.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: apprepository.podAffinityPreset, apprepository.podAntiAffinityPreset, and apprepository.nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param apprepository.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param apprepository.tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param apprepository.priorityClassName Priority class name for AppRepository Controller pods
##
priorityClassName: ""
## @param apprepository.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param apprepository.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param apprepository.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param apprepository.hostAliases Custom host aliases for AppRepository Controller pods
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param apprepository.sidecars Add additional sidecar containers to the AppRepository Controller pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param apprepository.initContainers Add additional init containers to the AppRepository Controller pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param apprepository.pdb.create Enable/disable a Pod Disruption Budget creation
## @param apprepository.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param apprepository.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `apprepository.pdb.minAvailable` and `apprepository.pdb.maxUnavailable` are empty.
##
pdb:
create: false
minAvailable: ""
maxUnavailable: ""
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param apprepository.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param apprepository.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param apprepository.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param apprepository.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param apprepository.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## AppRepository Controller Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
## @param apprepository.serviceAccount.create Specifies whether a ServiceAccount should be created
## @param apprepository.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
## @param apprepository.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param apprepository.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
annotations: {}
## @section Auth Proxy parameters
## Auth Proxy configuration for OIDC support
## ref: https://github.com/vmware-tanzu/kubeapps/blob/main/site/content/docs/latest/tutorials/using-an-OIDC-provider.md
##
authProxy:
## @param authProxy.enabled Specifies whether Kubeapps should configure OAuth login/logout
##
enabled: false
## Bitnami OAuth2 Proxy image
## ref: https://hub.docker.com/r/bitnami/oauth2-proxy/tags/
## @param authProxy.image.registry [default: REGISTRY_NAME] OAuth2 Proxy image registry
## @param authProxy.image.repository [default: REPOSITORY_NAME/oauth2-proxy] OAuth2 Proxy image repository
## @skip authProxy.image.tag OAuth2 Proxy image tag (immutable tags are recommended)
## @param authProxy.image.digest OAuth2 Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param authProxy.image.pullPolicy OAuth2 Proxy image pull policy
## @param authProxy.image.pullSecrets OAuth2 Proxy image pull secrets
##
image:
registry: docker.io
repository: bitnami/oauth2-proxy
tag: 7.6.0-debian-12-r12
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param authProxy.external Use an external Auth Proxy instead of deploying its own one
##
external: false
## @param authProxy.oauthLoginURI OAuth Login URI to which the Kubeapps frontend redirects for authn
## @param authProxy.oauthLogoutURI OAuth Logout URI to which the Kubeapps frontend redirects for authn
##
oauthLoginURI: /oauth2/start
oauthLogoutURI: /oauth2/sign_out
## @param authProxy.skipKubeappsLoginPage Skip the Kubeapps login page when using OIDC and directly redirect to the IdP
##
skipKubeappsLoginPage: false
## @param authProxy.provider OAuth provider
## @param authProxy.clientID OAuth Client ID
## @param authProxy.clientSecret OAuth Client secret
## NOTE: Mandatory parameters for the internal auth-proxy
##
provider: ""
clientID: ""
clientSecret: ""
## @param authProxy.cookieSecret Secret used by oauth2-proxy to encrypt any credentials
## NOTE: It must be a particular number of bytes. It's recommended using the following
## script to generate a cookieSecret:
## python -c 'import os,base64; print base64.urlsafe_b64encode(os.urandom(16))'
## ref: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#generating-a-cookie-secret
##
cookieSecret: ""
## @param authProxy.existingOauth2Secret Name of an existing secret containing the OAuth client secrets, it should contain the keys clientID, clientSecret, and cookieSecret
## If set, the values `authProxy.provider`, `authProxy.clientID`, `authProxy.clientSecret` will be ignored
##
existingOauth2Secret: ""
## @param authProxy.cookieRefresh Duration after which to refresh the cookie
##
cookieRefresh: 2m
## @param authProxy.scope OAuth scope specification
##
scope: "openid email groups"
## @param authProxy.emailDomain Allowed email domains
## Use "example.com" to restrict logins to emails from example.com
##
emailDomain: "*"
## @param authProxy.extraFlags Additional command line flags for oauth2-proxy
## ref: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview
## e.g:
## extraFlags:
## - --ssl-insecure-skip-verify
## - --cookie-secure=false
## - --oidc-issuer-url=https://accounts.google.com # Only needed if provider is oidc
##
extraFlags: []
## @param authProxy.lifecycleHooks for the Auth Proxy container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param authProxy.command Override default container command (useful when using custom images)
##
command: []
## @param authProxy.args Override default container args (useful when using custom images)
##
args: []
## @param authProxy.extraEnvVars Array with extra environment variables to add to the Auth Proxy container
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param authProxy.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Auth Proxy containers(s)
##
extraEnvVarsCM: ""
## @param authProxy.extraEnvVarsSecret Name of existing Secret containing extra env vars for Auth Proxy containers(s)
##
extraEnvVarsSecret: ""
## @param authProxy.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Auth Proxy container(s)
##
extraVolumeMounts: []
## @param authProxy.containerPorts.proxy Auth Proxy HTTP container port
##
containerPorts:
proxy: 3000
## Configure Container Security Context for Auth Proxy
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param authProxy.containerSecurityContext.enabled Enabled containers' Security Context
## @param authProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param authProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param authProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param authProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param authProxy.containerSecurityContext.privileged Set container's Security Context privileged
## @param authProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param authProxy.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param authProxy.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param authProxy.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## OAuth2 Proxy containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param authProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if authProxy.resources is set (authProxy.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param authProxy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @section Pinniped Proxy parameters
## Pinniped Proxy configuration for converting user OIDC tokens to k8s client authorization certs
##
pinnipedProxy:
## @param pinnipedProxy.enabled Specifies whether Kubeapps should configure Pinniped Proxy
##
enabled: false
## Bitnami Pinniped Proxy image
## ref: https://hub.docker.com/r/bitnami/kubeapps-pinniped-proxy/tags/
## @param pinnipedProxy.image.registry [default: REGISTRY_NAME] Pinniped Proxy image registry
## @param pinnipedProxy.image.repository [default: REPOSITORY_NAME/kubeapps-pinniped-proxy] Pinniped Proxy image repository
## @skip pinnipedProxy.image.tag Pinniped Proxy image tag (immutable tags are recommended)
## @param pinnipedProxy.image.digest Pinniped Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param pinnipedProxy.image.pullPolicy Pinniped Proxy image pull policy
## @param pinnipedProxy.image.pullSecrets Pinniped Proxy image pull secrets
##
image:
registry: docker.io
repository: bitnami/kubeapps-pinniped-proxy
tag: 2.10.0-debian-12-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param pinnipedProxy.defaultPinnipedNamespace Namespace in which pinniped concierge is installed
##
defaultPinnipedNamespace: pinniped-concierge
## @param pinnipedProxy.defaultAuthenticatorType Authenticator type
##
defaultAuthenticatorType: JWTAuthenticator
## @param pinnipedProxy.defaultAuthenticatorName Authenticator name
##
defaultAuthenticatorName: jwt-authenticator
## @param pinnipedProxy.defaultPinnipedAPISuffix API suffix
##
defaultPinnipedAPISuffix: pinniped.dev
## TLS settings for Pinniped Proxy
## ref: https://kubeapps.dev/docs/latest/howto/oidc/using-an-oidc-provider-with-pinniped/#running-the-pinniped-proxy-service-over-tls
##
tls:
## @param pinnipedProxy.tls.existingSecret TLS secret with which to proxy requests
##
existingSecret: ""
## @param pinnipedProxy.tls.caCertificate TLS CA cert config map which clients of pinniped proxy should use with TLS requests
## This config map must contain a ca.crt key with the CA cert content as the value.
##
caCertificate: ""
## @param pinnipedProxy.lifecycleHooks For the Pinniped Proxy container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param pinnipedProxy.command Override default container command (useful when using custom images)
##
command: []
## @param pinnipedProxy.args Override default container args (useful when using custom images)
##
args: []
## @param pinnipedProxy.extraEnvVars Array with extra environment variables to add to Pinniped Proxy container(s)
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param pinnipedProxy.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Pinniped Proxy container(s)
##
extraEnvVarsCM: ""
## @param pinnipedProxy.extraEnvVarsSecret Name of existing Secret containing extra env vars for Pinniped Proxy container(s)
##
extraEnvVarsSecret: ""
## @param pinnipedProxy.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Pinniped Proxy container(s)
##
extraVolumeMounts: []
## @param pinnipedProxy.containerPorts.pinnipedProxy Pinniped Proxy container port
##
containerPorts:
pinnipedProxy: 3333
## Configure Container Security Context for Pinniped Proxy
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param pinnipedProxy.containerSecurityContext.enabled Enabled containers' Security Context
## @param pinnipedProxy.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param pinnipedProxy.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param pinnipedProxy.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param pinnipedProxy.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param pinnipedProxy.containerSecurityContext.privileged Set container's Security Context privileged
## @param pinnipedProxy.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param pinnipedProxy.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param pinnipedProxy.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param pinnipedProxy.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Pinniped Proxy containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param pinnipedProxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if pinnipedProxy.resources is set (pinnipedProxy.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param pinnipedProxy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Pinniped Proxy service parameters
##
service:
## @param pinnipedProxy.service.ports.pinnipedProxy Pinniped Proxy service port
##
ports:
pinnipedProxy: 3333
## @param pinnipedProxy.service.annotations Additional custom annotations for Pinniped Proxy service
##
annotations: {}
## @section Other Parameters
## @param clusters [array] List of clusters that Kubeapps can target for deployments
## When populated with a single cluster (as it is by default), Kubeapps will not allow users to
## change the target cluster. When populated with multiple clusters, Kubeapps will present the clusters to
## the user as potential targets for install or browsing.
## - Note that you can define a single cluster without an apiServiceURL and the chart will assume this is
## the name you are assigning to the cluster on which Kubeapps is itself installed. Specifying more than
## one cluster without an apiServiceURL will cause the chart display an error.
## - The base64-encoded certificateAuthorityData can be obtained from the additional cluster's kube config
## file, for example, to get the ca data for the 0th cluster in your config (adjust the index 0 as necessary):
## kubectl --kubeconfig ~/.kube/kind-config-kubeapps-additional config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'
## - serviceToken is an optional token configured to allow LIST namespaces and package manifests (operators) only on the additional cluster
## so that the UI can present a list of (only) those namespaces to which the user has access and the available operators.
## - isKubeappsCluster is an optional parameter that allows defining the cluster in which Kubeapps is installed;
## this param is useful when every cluster is using an apiServiceURL (e.g., when using the Pinniped Impersonation Proxy)
## as the chart cannot infer the cluster on which Kubeapps is installed in that case.
## - pinnipedConfig is an optional parameter that contains configuration options specific to a cluster running the pinniped concierge service.
## e.g.:
## clusters:
## - name: default
## domain: cluster.local
## - name: second-cluster
## domain: cluster.local
## apiServiceURL: https://second-cluster:6443
## certificateAuthorityData: LS0tLS1CRUdJ...
## serviceToken: ...
## isKubeappsCluster: true
## pinnipedConfig:
## enabled: true
##
clusters:
- name: default
domain: cluster.local
## RBAC configuration
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: true
## @section Feature flags
##
## Opt-in features intended for development and advanced use cases.
## They might be removed in future releases without prior notice.
featureFlags:
## For a full list of possible ingress annotations, please see
apiOnly:
## @param featureFlags.apiOnly.enabled Enable ingress for API operations only. Access to "/" will not be possible, so Dashboard will be unusable.
##
enabled: false
grpc:
## @param featureFlags.apiOnly.grpc.annotations [object] Specific annotations for the GRPC ingress in API-only mode
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
##
annotations:
nginx.ingress.kubernetes.io/backend-protocol: GRPC
## @param featureFlags.operators Enable support for Operators in Kubeapps
##
operators: false
schemaEditor:
## @param featureFlags.schemaEditor.enabled Enable a visual editor for customizing the package schemas
##
enabled: false
## @section Database Parameters
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
## @param postgresql.enabled Deploy a PostgreSQL server to satisfy the applications database requirements
## @param postgresql.auth.username Username for PostgreSQL server
## @param postgresql.auth.postgresPassword Password for 'postgres' user
## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#setting-the-root-password-on-first-run
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
##
postgresql:
enabled: true
auth:
username: "postgres"
postgresPassword: ""
database: assets
existingSecret: ""
## PostgreSQL Primary persistence configuration
## @param postgresql.primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC
primary:
persistence:
enabled: false
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
##
architecture: standalone
## @param postgresql.securityContext.enabled Enabled PostgreSQL replicas pods' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: false
## PostgreSQL containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param postgresql.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.resources is set (postgresql.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param postgresql.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
##
resources: {}
## @section kubeappsapis parameters
kubeappsapis:
## @param kubeappsapis.enabledPlugins Manually override which plugins are enabled for the Kubeapps-APIs service
##
## NOTE: normally this should remain blank, with the top-level `packaging`
## value automatically determining which plugins should be enabled. Only
## set this value if you want to manually override the list of plugins
## enabled for the service.
##
enabledPlugins: []
pluginConfig:
core:
packages:
v1alpha1:
versionsInSummary:
## @param kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.major Number of major versions to display in the summary
major: 3
## @param kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.minor Number of minor versions to display in the summary
minor: 3
## @param kubeappsapis.pluginConfig.core.packages.v1alpha1.versionsInSummary.patch Number of patch versions to display in the summary
patch: 3
## @param kubeappsapis.pluginConfig.core.packages.v1alpha1.timeoutSeconds Value to wait for Kubernetes commands to complete
timeoutSeconds: 300
helm:
packages:
v1alpha1:
## @param kubeappsapis.pluginConfig.helm.packages.v1alpha1.globalPackagingNamespace Custom global packaging namespace. Using this value will override the current "kubeapps release namespace + suffix" pattern and will create a new namespace if not exists.
globalPackagingNamespace: ""
kappController:
packages:
v1alpha1:
## @param kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultUpgradePolicy Default upgrade policy generating version constraints
## enum: [ "major", "minor", "patch", "none" ]
defaultUpgradePolicy: none
## @param kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultPrereleasesVersionSelection [array,nullable] Default policy for allowing prereleases containing one of the identifiers
## ref: https://carvel.dev/kapp-controller/docs/latest/package-consumer-concepts/#prereleases
## e.g:
# defaultPrereleasesVersionSelection:
# - rc
defaultPrereleasesVersionSelection: null
## @param kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultAllowDowngrades Default policy for allowing applications to be downgraded to previous versions
## ref: https://carvel.dev/kapp-controller/docs/latest/package-consumer-concepts/#downgrading
defaultAllowDowngrades: false
## @param kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace Default global packaging namespace
## ref: https://carvel.dev/kapp-controller/docs/latest/package-consumer-concepts/#namespacing
globalPackagingNamespace: kapp-controller-packaging-global
flux:
packages:
v1alpha1:
## @param kubeappsapis.pluginConfig.flux.packages.v1alpha1.defaultUpgradePolicy Default upgrade policy generating version constraints
## enum: [ "major", "minor", "patch", "none" ]
defaultUpgradePolicy: none
## @param kubeappsapis.pluginConfig.flux.packages.v1alpha1.noCrossNamespaceRefs Enable this flag to disallow cross-namespace references, useful when running Flux on multi-tenant clusters
noCrossNamespaceRefs: false
resources:
packages:
v1alpha1:
## Trusted namespaces parameters
##
trustedNamespaces:
## @param kubeappsapis.pluginConfig.resources.packages.v1alpha1.trustedNamespaces.headerName Optional header name for trusted namespaces
## e.g:
## headerName: X-Consumer-Groups
##
headerName: ""
## @param kubeappsapis.pluginConfig.resources.packages.v1alpha1.trustedNamespaces.headerPattern Optional header pattern for trusted namespaces
## e.g:
## headerPattern: namespace:^([\w-]+):\w+$
##
headerPattern: ""
## Bitnami Kubeapps-APIs image
## ref: https://hub.docker.com/r/bitnami/kubeapps-apis/tags/
## @param kubeappsapis.image.registry [default: REGISTRY_NAME] Kubeapps-APIs image registry
## @param kubeappsapis.image.repository [default: REPOSITORY_NAME/kubeapps-apis] Kubeapps-APIs image repository
## @skip kubeappsapis.image.tag Kubeapps-APIs image tag (immutable tags are recommended)
## @param kubeappsapis.image.digest Kubeapps-APIs image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param kubeappsapis.image.pullPolicy Kubeapps-APIs image pull policy
## @param kubeappsapis.image.pullSecrets Kubeapps-APIs image pull secrets
##
image:
registry: docker.io
repository: bitnami/kubeapps-apis
tag: 2.10.0-debian-12-r5
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param kubeappsapis.replicaCount Number of frontend replicas to deploy
##
replicaCount: 2
## @param kubeappsapis.updateStrategy.type KubeappsAPIs deployment strategy type.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## e.g:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## @param kubeappsapis.extraFlags Additional command line flags for KubeappsAPIs
##
extraFlags: []
## @param kubeappsapis.qps KubeappsAPIs Kubernetes API client QPS limit
##
qps: "50.0"
## @param kubeappsapis.burst KubeappsAPIs Kubernetes API client Burst limit
##
burst: "100"
## @param kubeappsapis.terminationGracePeriodSeconds The grace time period for sig term
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution
##
terminationGracePeriodSeconds: 300
## @param kubeappsapis.extraEnvVars Array with extra environment variables to add to the KubeappsAPIs container
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param kubeappsapis.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container
##
extraEnvVarsCM: ""
## @param kubeappsapis.extraEnvVarsSecret Name of existing Secret containing extra env vars for the KubeappsAPIs container
##
extraEnvVarsSecret: ""
## @param kubeappsapis.containerPorts.http KubeappsAPIs HTTP container port
##
containerPorts:
http: 50051
## KubeappsAPIs containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param kubeappsapis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if kubeappsapis.resources is set (kubeappsapis.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param kubeappsapis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context
## @param kubeappsapis.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param kubeappsapis.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param kubeappsapis.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param kubeappsapis.podSecurityContext.fsGroup Set KubeappsAPIs pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context for Kubeapps APIs
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param kubeappsapis.containerSecurityContext.enabled Enabled containers' Security Context
## @param kubeappsapis.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param kubeappsapis.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param kubeappsapis.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param kubeappsapis.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param kubeappsapis.containerSecurityContext.privileged Set container's Security Context privileged
## @param kubeappsapis.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param kubeappsapis.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param kubeappsapis.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param kubeappsapis.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for KubeappsAPIs containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param kubeappsapis.livenessProbe.enabled Enable livenessProbe
## @param kubeappsapis.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param kubeappsapis.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param kubeappsapis.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param kubeappsapis.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param kubeappsapis.livenessProbe.successThreshold Success threshold for livenessProbe
## KubeappsAPIs containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param kubeappsapis.readinessProbe.enabled Enable readinessProbe
## @param kubeappsapis.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param kubeappsapis.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param kubeappsapis.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param kubeappsapis.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param kubeappsapis.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param kubeappsapis.startupProbe.enabled Enable startupProbe
## @param kubeappsapis.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param kubeappsapis.startupProbe.periodSeconds Period seconds for startupProbe
## @param kubeappsapis.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param kubeappsapis.startupProbe.failureThreshold Failure threshold for startupProbe
## @param kubeappsapis.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param kubeappsapis.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param kubeappsapis.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param kubeappsapis.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param kubeappsapis.lifecycleHooks Custom lifecycle hooks for KubeappsAPIs containers
##
lifecycleHooks: {}
## @param kubeappsapis.command Override default container command (useful when using custom images)
##
command: []
## @param kubeappsapis.args Override default container args (useful when using custom images)
##
args: []
## @param kubeappsapis.extraVolumes Optionally specify extra list of additional volumes for the KubeappsAPIs pod(s)
##
extraVolumes: []
## @param kubeappsapis.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the KubeappsAPIs container(s)
##
extraVolumeMounts: []
## @param kubeappsapis.podLabels Extra labels for KubeappsAPIs pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param kubeappsapis.podAnnotations Annotations for KubeappsAPIs pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param kubeappsapis.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param kubeappsapis.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## nodeAffinityPreset Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param kubeappsapis.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param kubeappsapis.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set
##
key: ""
## @param kubeappsapis.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param kubeappsapis.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: kubeappsapis.podAffinityPreset, kubeappsapis.podAntiAffinityPreset, and kubeappsapis.nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param kubeappsapis.nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param kubeappsapis.tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param kubeappsapis.priorityClassName Priority class name for KubeappsAPIs pods
##
priorityClassName: ""
## @param kubeappsapis.schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param kubeappsapis.topologySpreadConstraints Topology Spread Constraints for pod assignment
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## The value is evaluated as a template
##
topologySpreadConstraints: []
## @param kubeappsapis.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param kubeappsapis.hostAliases Custom host aliases for KubeappsAPIs pods
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param kubeappsapis.sidecars Add additional sidecar containers to the KubeappsAPIs pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param kubeappsapis.initContainers Add additional init containers to the KubeappsAPIs pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param kubeappsapis.pdb.create Enable/disable a Pod Disruption Budget creation
## @param kubeappsapis.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param kubeappsapis.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `kubeappsapis.pdb.minAvailable` and `kubeappsapis.pdb.maxUnavailable` are empty.
##
pdb:
create: false
minAvailable: ""
maxUnavailable: ""
## kubeappsapis service parameters
##
service:
## @param kubeappsapis.service.ports.http KubeappsAPIs service HTTP port
##
ports:
http: 8080
## @param kubeappsapis.service.annotations Additional custom annotations for KubeappsAPIs service
##
annotations: {}
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param kubeappsapis.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param kubeappsapis.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param kubeappsapis.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param kubeappsapis.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param kubeappsapis.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param kubeappsapis.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param kubeappsapis.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param kubeappsapis.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## kubeappsapis Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
## @param kubeappsapis.serviceAccount.create Specifies whether a ServiceAccount should be created
## @param kubeappsapis.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
## @param kubeappsapis.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
## @param kubeappsapis.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
serviceAccount:
create: true
name: ""
automountServiceAccountToken: false
annotations: {}
## @section OCI Catalog chart configuration
ociCatalog:
## @param ociCatalog.enabled Enable the OCI catalog gRPC service for cataloging
## OCI repositories
enabled: false
## Bitnami Kubeapps OCI Catalog image
## ref: https://hub.docker.com/r/bitnami/kubeapps-ocicatalog/
## @param ociCatalog.image.registry [default: REGISTRY_NAME] OCI Catalog image registry
## @param ociCatalog.image.repository [default: REPOSITORY_NAME/kubeapps-oci-catalog] OCI Catalog image repository
## @skip ociCatalog.image.tag OCI Catalog image tag (immutable tags are recommended)
## @param ociCatalog.image.digest OCI Catalog image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param ociCatalog.image.pullPolicy OCI Catalog image pull policy
## @param ociCatalog.image.pullSecrets OCI Catalog image pull secrets
## @param ociCatalog.image.debug Enable image debug mode
##
image:
registry: docker.io
repository: bitnami/kubeapps-oci-catalog
tag: 2.10.0-debian-12-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Enable debug mode
##
debug: false
## @param ociCatalog.extraFlags Additional command line flags for OCI Catalog
##
extraFlags: []
## @param ociCatalog.extraEnvVars Array with extra environment variables to add to the oci-catalog container
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param ociCatalog.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the OCI Catalog container
##
extraEnvVarsCM: ""
## @param ociCatalog.extraEnvVarsSecret Name of existing Secret containing extra env vars for the OCI Catalog container
##
extraEnvVarsSecret: ""
## @param ociCatalog.containerPorts.grpc OCI Catalog gRPC container port
##
containerPorts:
grpc: 50061
## OCI Catalog containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
## @param ociCatalog.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ociCatalog.resources is set (ociCatalog.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "micro"
## @param ociCatalog.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param ociCatalog.containerSecurityContext.enabled Enabled containers' Security Context
## @param ociCatalog.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param ociCatalog.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param ociCatalog.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param ociCatalog.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
## @param ociCatalog.containerSecurityContext.privileged Set container's Security Context privileged
## @param ociCatalog.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param ociCatalog.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
## @param ociCatalog.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param ociCatalog.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## Configure extra options for OCI Catalog containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param ociCatalog.livenessProbe.enabled Enable livenessProbe
## @param ociCatalog.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param ociCatalog.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param ociCatalog.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param ociCatalog.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param ociCatalog.livenessProbe.successThreshold Success threshold for livenessProbe
## OCI Catalog containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param ociCatalog.readinessProbe.enabled Enable readinessProbe
## @param ociCatalog.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param ociCatalog.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param ociCatalog.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param ociCatalog.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param ociCatalog.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param ociCatalog.startupProbe.enabled Enable startupProbe
## @param ociCatalog.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param ociCatalog.startupProbe.periodSeconds Period seconds for startupProbe
## @param ociCatalog.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param ociCatalog.startupProbe.failureThreshold Failure threshold for startupProbe
## @param ociCatalog.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param ociCatalog.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param ociCatalog.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param ociCatalog.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## @param ociCatalog.lifecycleHooks Custom lifecycle hooks for OCI Catalog containers
##
lifecycleHooks: {}
## @param ociCatalog.command Override default container command (useful when using custom images)
##
command: []
## @param ociCatalog.args Override default container args (useful when using custom images)
##
args: []
## @param ociCatalog.extraVolumes Optionally specify extra list of additional volumes for the OCI Catalog pod(s)
##
extraVolumes: []
## @param ociCatalog.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the OCI Catalog container(s)
##
extraVolumeMounts: []
## @section Redis&reg; chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml
##
## Redis(R) will be enabled and installed if `packages.flux.enabled` is true.
redis:
## @param redis.auth.enabled Enable password authentication
## @param redis.auth.password Redis&reg; password
## @param redis.auth.existingSecret The name of an existing secret with Redis&reg; credentials
##
auth:
enabled: true
password: ""
existingSecret: ""
## @param redis.architecture Redis(R) architecture (`standalone` or `replication`)
##
architecture: standalone
master:
## @param redis.master.extraFlags Array with additional command line flags for Redis&reg; master
##
extraFlags:
## The maxmemory configuration directive is used in order to configure Redis(R) to use a specified
## amount of memory for the data set. Setting maxmemory to zero results into no memory limits
## see https://redis.io/topics/lru-cache for more details
##
- "--maxmemory 200mb"
## The exact behavior Redis(R) follows when the maxmemory limit is reached is configured using the
## maxmemory-policy configuration directive
## allkeys-lru: evict keys by trying to remove the less recently used (LRU) keys first, in order
## to make space for the new data added
##
- "--maxmemory-policy allkeys-lru"
## ref https://stackoverflow.com/questions/22815364/flushall-and-flushdb-commands-on-redis-return-unk-command
## Redis official Helm chart by default disables FLUSHDB and FLUSHALL commands
##
## @param redis.master.disableCommands Array with commands to deactivate on Redis&reg;
disableCommands: []
## Redis(R) Master persistence configuration
#
persistence:
## @param redis.master.persistence.enabled Enable Redis&reg; master data persistence using PVC
##
enabled: false
## Redis&reg; master resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param redis.master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param redis.master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
replica:
## @param redis.replica.replicaCount Number of Redis&reg; replicas to deploy
##
replicaCount: 1
## @param redis.replica.extraFlags Array with additional command line flags for Redis&reg; replicas
##
extraFlags:
## The maxmemory configuration directive is used in order to configure Redis(R) to use a specified
## amount of memory for the data set. Setting maxmemory to zero results into no memory limits
##
- "--maxmemory 200mb"
## The exact behavior Redis(R) follows when the maxmemory limit is reached is configured using the
## maxmemory-policy configuration directive
## allkeys-lru: evict keys by trying to remove the less recently used (LRU) keys first, in order
## to make space for the new data added
##
- "--maxmemory-policy allkeys-lru"
## ref https://stackoverflow.com/questions/22815364/flushall-and-flushdb-commands-on-redis-return-unk-command
## Redis(R) official Helm chart by default disables FLUSHDB and FLUSHALL commands
## @param redis.replica.disableCommands Array with commands to deactivate on Redis&reg;
##
disableCommands: []
## Redis(R) Replica persistence configuration
##
persistence:
## @param redis.replica.persistence.enabled Enable Redis&reg; replica data persistence using PVC
##
enabled: false
Reference in New Issue View Git Blame Copy Permalink