Newer
Older
## @section Global parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global container image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global container image registry
## @param global.imagePullSecrets Global container registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""

Maarten de Waard
committed
## @param nameOverride String to partially override dashboard.fullname template (will maintain the release name)
##
nameOverride: ""

Maarten de Waard
committed
## @param fullnameOverride String to fully override dashboard.fullname template
##
fullnameOverride: ""
## @param commonLabels Labels to be added to all deployed resources
##
commonLabels: {}
## @param commonAnnotations Annotations to be added to all deployed resources
##
commonAnnotations: {}
## @param imagePullSecrets Specify docker-registry secret names as an array
## @param imagePullPolicy Policy on pulling images on container start
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
## Same policy for all containers is used.
##
pullPolicy: IfNotPresent
## ref: https://hub.docker.com/r/bitnami/dashboard/tags/
## @param image.registry Stackspin image registry
## @param image.repository Stackspin image repository
## @param image.tag Stackspin image tag
## @param image.pullPolicy Stackspin image pull policy
## @param image.pullSecrets Stackspin image pull secrets
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: open.greenhost.net:4567
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
## @section Service parameters
## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
##
service:
## @param service.type Kubernetes Service type
##
type: ClusterIP
## @param service.port Service HTTP port
##
port: 80
## @param service.nodePort Node Ports to expose
##
nodePort: ""
## @param service.loadBalancerIP Use loadBalancerIP to request a specific static IP
##
loadBalancerIP: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.annotations Service annotations
##
annotations: {}
## @param service.loadBalancerSourceRanges Limits which cidr blocks can connect to service's load balancer
## Only valid if service.type: LoadBalancer
##
loadBalancerSourceRanges: []
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.nodePorts.http Kubernetes http node port
## Example:
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""
## @param dashboard.extendEslint Whether to read .eslint.json rules
## @param dashboard.host Stackspin host to create application URLs (include the port if =/= 80)
##
host: ""
## @param dashboard.command Custom command to override image cmd
##
command: []
## @param dashboard.args Custom args for the custom command
##
args: []
## @param dashboard.containerSecurityContext Container security context specification
## Example:
## capabilities:
## drop:
## - ALL
## readOnlyRootFilesystem: true
## runAsNonRoot: true
## runAsUser: 1000
##
containerSecurityContext: {}
## Stackspin container's resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param dashboard.resources.limits The resources limits for the container
## @param dashboard.resources.requests The requested resources for the container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
requests: {}
## Stackspin extra options for liveness probe
## WARNING: Stackspin installation process may take up some time and
## setting inappropriate values here may lead to pods failure.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param dashboard.livenessProbe.enabled Enable/disable livenessProbe
## @param dashboard.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
## @param dashboard.livenessProbe.periodSeconds How often to perform the probe
## @param dashboard.livenessProbe.timeoutSeconds When the probe times out
## @param dashboard.livenessProbe.failureThreshold Minimum consecutive failures for the probe
## @param dashboard.livenessProbe.successThreshold Minimum consecutive successes for the probe
##
livenessProbe:
enabled: true
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Stackspin extra options for readiness probe
## WARNING: Stackspin installation process may take up some time and
## setting inappropriate values here may lead to pods failure.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param dashboard.readinessProbe.enabled Enable/disable readinessProbe
## @param dashboard.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
## @param dashboard.readinessProbe.periodSeconds How often to perform the probe
## @param dashboard.readinessProbe.timeoutSeconds When the probe times out
## @param dashboard.readinessProbe.failureThreshold Minimum consecutive failures for the probe
## @param dashboard.readinessProbe.successThreshold Minimum consecutive successes for the probe
##
readinessProbe:
enabled: true
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param dashboard.customLivenessProbe Custom liveness probe to execute (when the main one is disabled)
##
customLivenessProbe: {}
## @param dashboard.customReadinessProbe Custom readiness probe to execute (when the main one is disabled)
##
customReadinessProbe: {}
## @param dashboard.extraEnvVars An array to add extra env vars
## @param dashboard.extraEnvVarsCM Array to add extra configmaps
## @param dashboard.extraEnvVarsSecret Array to add extra environment variables from a secret
## @param dashboard.extraVolumeMounts Additional volume mounts (used along with `extraVolumes`)
## Example: Mount CA file
## extraVolumeMounts
## - name: ca-cert
## subPath: ca_cert
## mountPath: /path/to/ca_cert
##
extraVolumeMounts: []
## ref: https://open.greenhost.net/stackspin/dashboard-backend

Maarten de Waard
committed
backend:
## ref: https://hub.docker.com/r/bitnami/dashboard/tags/
## @param image.registry Stackspin image registry
## @param image.repository Stackspin image repository
## @param image.tag Stackspin image tag
## @param image.pullSecrets Stackspin image pull secrets
## @param image.debug Specify if debug logs should be enabled
##
image:
registry: open.greenhost.net:4567
repository: stackspin/dashboard-backend/dashboard-backend
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
oidc:
clientId: dashboard
clientSecret: ReplaceWithSecret
baseUrl: https://sso.stackspin.example.org
authorizationBaseUrl: https://sso.stackspin.example.org/oauth2/auth
tokenUrl: https://sso.stackspin.example.org/oauth2/token
publicUrl: https://dashboard.stackspin.example.org/kratos
adminUrl: http://kratos-admin:80
adminUrl: http://hydra-admin:4445
loginPanelUrl: https://dashboard.stackspin.example.org/web/
databaseUrl: mysql+pymysql://stackspin:stackspin@single-sign-on-database-mariadb/stackspin
initialUser:
email: admin@example.com
# password: Set a pasword for the initial user!
## Kubernetes service configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
service:
## @param service.type Kubernetes Service type
##
type: ClusterIP
## @param service.port Service HTTP port
##
port: 80
## @param service.nodePort Node Ports to expose
##
nodePort: ""
## @param service.loadBalancerIP Use loadBalancerIP to request a specific static IP
##
loadBalancerIP: ""
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.annotations Service annotations
##
annotations: {}
## @param service.loadBalancerSourceRanges Limits which cidr blocks can connect to service's load balancer
## Only valid if service.type: LoadBalancer
##
loadBalancerSourceRanges: []
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.nodePorts.http Kubernetes http node port
## Example:
## nodePorts:
## http: <to set explicitly, choose port between 30000-32767>
##
nodePorts:
http: ""

Maarten de Waard
committed
## @param backend.reactAppApiUrl URL to the dashboard-backend API
apiUrl: "/api/v1"
## Variables for future use {{{

Maarten de Waard
committed
## @param backend.username Admin user of the application

Maarten de Waard
committed
## @param backend.password password. WARNING: Minimum length of 10 characters
## Defaults to a random 10-character alphanumeric string if not set
##
password: ""

Maarten de Waard
committed
## @param backend.existingSecret Name of an existing secret containing the password (ignores previous password)
## The secret should contain the following key:

Maarten de Waard
committed
## backend-password

Maarten de Waard
committed
## @param backend.email Admin user email of the application

Maarten de Waard
committed
## @param backend.smtp.enabled Enable/disable SMTP
## @param backend.smtp.host SMTP host name
## @param backend.smtp.port SMTP port number
## @param backend.smtp.user SMTP account user name
## @param backend.smtp.password SMTP account password
## @param backend.smtp.protocol SMTP protocol (Allowed values: tls, ssl)
## @param backend.smtp.auth SMTP authentication method
## @param backend.smtp.existingSecret Name of an existing Kubernetes secret. The secret must have the following key configured: `smtp-password`
##
smtp:
enabled: false
host: ""
port: ""
user: ""
password: ""
protocol: ""
auth: ""
existingSecret: ""

Maarten de Waard
committed
## @param backend.flaskEnv Overridable flask env for debugging
flaskEnv: production
## @param backend.secretKey Flask secret for generating JWT tokens
# secretKey: OVERRIDE_ME
## @param backend.command Custom command to override image cmd

Maarten de Waard
committed
## @param backend.args Custom args for the custom command

Maarten de Waard
committed
## @param backend.containerSecurityContext Container security context specification
## Example:
## capabilities:
## drop:
## - ALL
## readOnlyRootFilesystem: true
## runAsNonRoot: true
## runAsUser: 1000
##
containerSecurityContext: {}
## Stackspin container's resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.

Maarten de Waard
committed
## @param backend.resources.limits The resources limits for the container
## @param backend.resources.requests The requested resources for the container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
requests: {}
## Stackspin extra options for liveness probe
## WARNING: Stackspin installation process may take up some time and
## setting inappropriate values here may lead to pods failure.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

Maarten de Waard
committed
## @param backend.livenessProbe.enabled Enable/disable livenessProbe
## @param backend.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
## @param backend.livenessProbe.periodSeconds How often to perform the probe
## @param backend.livenessProbe.timeoutSeconds When the probe times out
## @param backend.livenessProbe.failureThreshold Minimum consecutive failures for the probe
## @param backend.livenessProbe.successThreshold Minimum consecutive successes for the probe
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## Stackspin extra options for readiness probe
## WARNING: Stackspin installation process may take up some time and
## setting inappropriate values here may lead to pods failure.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

Maarten de Waard
committed
## @param backend.readinessProbe.enabled Enable/disable readinessProbe
## @param backend.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
## @param backend.readinessProbe.periodSeconds How often to perform the probe
## @param backend.readinessProbe.timeoutSeconds When the probe times out
## @param backend.readinessProbe.failureThreshold Minimum consecutive failures for the probe
## @param backend.readinessProbe.successThreshold Minimum consecutive successes for the probe
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1

Maarten de Waard
committed
## @param backend.customLivenessProbe Custom liveness probe to execute (when the main one is disabled)

Maarten de Waard
committed
## @param backend.customReadinessProbe Custom readiness probe to execute (when the main one is disabled)

Maarten de Waard
committed
## @param backend.extraEnvVars An array to add extra env vars
## For example:
## extraEnvVars:

Maarten de Waard
committed
## backend:
## value: test
##
extraEnvVars: []

Maarten de Waard
committed
## @param backend.extraEnvVarsCM Array to add extra configmaps
##
extraEnvVarsCM: []

Maarten de Waard
committed
## @param backend.extraEnvVarsSecret Array to add extra environment variables from a secret
##
extraEnvVarsSecret: ""

Maarten de Waard
committed
## @param backend.extraVolumeMounts Additional volume mounts (used along with `extraVolumes`)
## Example: Mount CA file
## extraVolumeMounts
## - name: ca-cert
## subPath: ca_cert
## mountPath: /path/to/ca_cert
##
extraVolumeMounts: []
## @param replicaCount Number of Stackspin & Sidekiq replicas
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
## (Note that you will need ReadWriteMany PVCs for this to work properly)
##
replicaCount: 1
## @param extraVolumes Array of extra volumes to be added deployment. Requires setting `extraVolumeMounts`
## Example: Add secret volume
## extraVolumes:
## - name: ca-cert
## secret:
## secretName: ca-cert
## items:
## - key: ca-cert
## path: ca_cert
##
extraVolumes: []
## @param sidecars Attach additional sidecar containers to the pod
## Example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param initContainers Additional init containers to add to the pods
##
## e.g.
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
initContainers: []
## @param serviceAccount.create Whether the service account should be created
## @param serviceAccount.annotations Annotations to add to the service account
## @param serviceAccount.name Name to be used for the service account
##
serviceAccount:
create: false
annotations: {}
## If not set and create is true, a name is generated using the fullname template
##
name: ""
## @param podSecurityContext Pod security context specification
## Example:
## fsGroup: 2000
##
##
podSecurityContext: {}
## @param hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
## @param persistence.enabled Whether to enable persistence based on Persistent Volume Claims
##

Maarten de Waard
committed
## @param persistence.storageClass dashboard & sidekiq data Persistent Volume Storage Class
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param persistence.existingClaim Use a existing PVC which must be created manually before bound
##
existingClaim: ""
## @param persistence.accessMode PVC Access Mode (RWO, ROX, RWX)
##
accessMode: ReadWriteOnce
## @param persistence.size Size of the PVC to request
##
size: 10Gi
## @param persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)
## selector:
## matchLabels:
## app: my-app
selector: {}
## @param updateStrategy.type Update strategy type. Only really applicable for deployments with RWO PVs attached
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
## Example:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
updateStrategy:
type: RollingUpdate
## @param podAnnotations Additional pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param podLabels Additional pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAffinityPreset Pod affinity preset. Allowed values: soft, hard
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
##
nodeAffinityPreset:
type: ""
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param nodeSelector Node labels for pod assignment.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @section Volume Permissions parameters (currently disabled because there is
## no persistence in the app)
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup
## values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
##
enabled: false
## Init containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param volumePermissions.resources.limits The resources limits for the init container
## @param volumePermissions.resources.requests The requested resources for the init container
##
resources:
## Example:
## limits:
## cpu: 100m
## memory: 128Mi
limits: {}
## Examples:
## requests:
## cpu: 100m
## memory: 128Mi
requests: {}
## @section Ingress parameters
## Ingress parameters
##
ingress:
## @param ingress.enabled Enable ingress controller resource
##
enabled: false
## @param ingress.certManager Add annotations for cert-manager
##
certManager: false
## @param ingress.hostname Default host for the ingress resource
##

Maarten de Waard
committed
hostname: dashboard.local
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.path Ingress path
##
path: /
## @param ingress.pathType Ingress path type
##
pathType: Prefix
## @param ingress.annotations Ingress annotations done as key:value pairs
## For a full list of possible ingress annotations, please see
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
##
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
##
tls: false
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:

Maarten de Waard
committed
## - dashboard.local
## secretName: dashboard.local-tls
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:

Maarten de Waard
committed
## - name: dashboard.local-tls
## key:
## certificate:
secrets: []