Newer
Older
git_repo:
enabled: false
name: /my/repo
url: gitlab.com
version: "HEAD"
token_user: token-here
token_key: key-here
wp_content_dir: "."
# Default settings for OpenID Connect
openid_connect_settings:
enabled: false
# Client ID must correspond to client id setting in OpenID provider
client_id: wordpress
# Show a buton for SSO on login form (alternative is "auto" for SSO autologin)
login_type: button
# User WP gets access to these roles
scope: email profile openid
identity_key: preferred_username
# Turn on to ignore SSL errors with OID providers (DON'T USE IN PRODUCTION!)
no_sslverify: "0"
# Timeout in seconds to wait for OID http requests
http_request_timeout: "5"
# Require users be logged in to see the site.
enforce_privacy: "0"
# Set to "1" to provide an alternative redirect route. Useful if your server
# is causing issues with the default admin-ajax method. You must flush rewrite
# rules after changing this setting. This can be done by saving the Permalinks
# settings page.
alternate_redirect_uri: "0"
# Where in the user claim array to find the user's nickname. Possible standard
# values: preferred_username, name, or sub.
nickname_key: "preferred_username"
# String from which the user's email address is built. Specify "{email}" as
# long as the user claim contains an email claim.
# This value is quoted twice, because otherwise the wp cli call interprets
# this as JSON instead of as a string.
email_format: "'{email}'"
# String from which the user's display name is built.
# Example: "{given_name} {family_name}"
displayname_format: ""
# If "1", the user's identity will be determined by the user name instead of
# the email address.
identify_with_username: "0"
# State valid time in seconds.
state_time_limit: "180"
# If a WordPress account already exists with the same identity as a
# newly-authenticated user over OpenID Connect, login as that user instead of
# generating an error.
link_existing_users: "0"
# After a successful OpenID Connect authentication, this will redirect the
# user back to the page on which they clicked the OpenID Connect login button.
# This will cause the login process to proceed in a traditional WordPress
# fashion. For example, users logging in through the default wp-login.php page
# would end up on the WordPress Dashboard and users logging in through the
# WooCommerce "My Account" page would end up on their account page.
redirect_user_back: "0"
# When enabled, this will automatically redirect the user back to the
# WordPress login page if their access token has expired.
redirect_on_logout: "1"
# Very simple log messages for debugging purposes.
enable_logging: "0"
log_limit: "1000"
# # Arbitrary secret key the server expects from this client.
# client_secret: REPLACE_THIS
# endpoint_login: https://sso.example.com/oauth2/auth
# endpoint_userinfo: https://sso.example.com/oauth2/userinfo
# endpoint_token: https://sso.example.com/oauth2/token
# endpoint_end_session: https://sso.example.com/logout
# If set to true roles are mapped to users when they log in. If this value is
# set to true, role_key has to be set as well.
role_mapping_enabled: false
# Where in the user claim array to find the user's roles. Possible standard
# values: roles or groups
role_key: "roles"
# This disables information about other services to be pushed as environment
# variables. We do this because these environment variables can be read through
# the WordPress admin interface, so they can leak information about other things
# running on the cluster to WordPress administrators
enableServiceLinks: false
wordpress:
config:
db:
prefix: wp_
adm:
usid: admin
pssw: CHANGE-THIS-PASSWORD
email: mail@example.com
site:
multilingual:
enabled: false
plugins: []
# NOTE: Languages are ALL available languages. en_US is always installed but it is shown explicitly
# EXAMPLE: `languages: "[en_US,fi_FI,wo]"` would install US English, Finnish and Wolof
# EXAMPLE: `default_language: fi_FI` would set Finnish for the core language
url: "http://localhost"
title: "Wordpress Helm"
## If including a plugin to alias wp login then set a path for alt and also set the config
# NOTE: The value of alt enabled must be set as true or false
enabled: false
# config: PATH-SETTING-IN-OPTIONS-TABLE
# path: SOME-LOGIN-PATH
# Path used by the liveness and readiness probes to see if the site runs
# Set to true to set WP_DEBUG on in the configuration
debug: false
# Install includes all parent, child, default, active and fallback themes
theme_active: twentynineteen
# Fallback theme from wordpress repo which is fetched + activated if helm reports an error
wp_content:
## The directory to mount the files placed in wp-content. You shouldn't have to
## change this.
mount_path: /var/www/wp-content-mount
wp_upload:
## The directory to mount the files placed in wp-content/uploads. You shouldn't
## have to change this.
mount_path: /var/www/wp-uploads-mount
## Contents of the .htaccess file that is mounted in the `wpUploadMnt` directory
htaccess: |
## Disable access to all file types except the following
Require all denied
<Files ~ ".(xml|css|js|jpe?g|png|gif)$">
Require all granted
## Default permissions given files and directories by Wordpress
## Here they are set as strong and writeable: 750 and 640
permissions:
directory_mode: 0750
files_mode: 0640
## Detailed list of mu values and plugins with versions
## mu_plugins_dir 'mu-plugins' maps to wp-content/mu-plugins
## mu_plugins are installed as hidden and cannot be updated from the UI
# NOTE: A value for mu_plugins_enabled must be set. Use either true or false
mu_plugins_enabled: false
mu_plugins_dir: mu-plugins
# See values-local.yaml.example for an example value
mu_plugins: {}
## Enable externally triggered cron with a cron plugin
Maarten de Waard
committed
# NOTE: mu_cron is disabled by default. Set `mu_cron.enabled` to `true` and
# set a random `mu_cron.secret` in your values-local to enable mu_cron.
# NOTE: mu_plugins needs to be enabled to enable mu_cron!
mu_cron:
enabled: false
Maarten de Waard
committed
secret: REPLACE_WITH_RANDOM_SECRET
repo: https://github.com/Automattic/wp-cron-control.git
version: cecdec276f086aafb6765ea77ce8d2ce0948e01c
# Optional annotations to add to the cronjob object
cronjob:
Maarten de Waard
committed
repository: bitnami/kubectl
# Every 3 minutes
schedule: "*/3 * * * *"
# We use the internal DNS, so there is no TLS certificate
curlInsecure: true
# resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
annotations: {}
failedJobsHistoryLimit: 3
successfulJobsHistoryLimit: 1
# Maximum number of times a failing Job is retried.
backoffLimit: 1
# Path to the cronjob PHP file (gets appended to the wordpress URL)
# You can override this key for the cronjobs. If you don't change the
# ingress, the cronjob URL will be blocked from outside, so this variable
# should not be very important to you.
static_key: cronkey
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
persistence:
## Enable the use of a persistent volume
enabled: true
size: 1Gi
accessMode: ReadWriteOnce
# storageClass:
# existingClaim:
service:
type: ClusterIP
port: 8080
## Dictionary with variables that are inserted into the wordpress-init default
## task. Feel free to override these if necessary
ansibleVars:
wordpress_homedir: /var/www/html
wp_user: www-data
wp_group: www-data
config_user: nobody
config_group: nogroup
dbcharset: utf8mb4
dbcollate: utf8mb4_unicode_ci
cli_args: "--path={{ wordpress_homedir }}"
mode_0750: u+rwx-s,g+rx-ws,o-rwx
mode_0640: u+rw-sx,g+r-wxs,o-rwx
mode_0440: u+r-wxs,u+r-wxs,o-rwx
mode_0600: u+rw-xs,g-rwxs,o-rwx
# Config Directory
config_dir: /var/www
## Plugins
wordpress_default_plugins: "[classic-editor]"
image:
repository: open.greenhost.net:4567/openappstack/wordpress-helm/wordpress
repository: open.greenhost.net:4567/openappstack/wordpress-helm/wordpress-cli-ansible
pullPolicy: Always
ingress:
enabled: false
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 50M
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
# kubernetes.io/tls-acme: "true"
path: /
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
database:
db:
user: wordpress
password: CHANGE-THIS-PASSWORD
name: wordpress_db
replication:
enabled: true
master:
persistence:
size: 4Gi
config: |-
[mysqld]
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
tmpdir=/opt/bitnami/mariadb/tmp
max_allowed_packet=16M
bind-address=0.0.0.0
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
log-error=/opt/bitnami/mariadb/logs/mysqld.log
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
[client]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
default-character-set=utf8mb4
[manager]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
slave:
persistence:
size: 4Gi
config: |-
[mysqld]
skip-name-resolve
explicit_defaults_for_timestamp
basedir=/opt/bitnami/mariadb
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
tmpdir=/opt/bitnami/mariadb/tmp
max_allowed_packet=16M
bind-address=0.0.0.0
pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
log-error=/opt/bitnami/mariadb/logs/mysqld.log
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
[client]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
default-character-set=utf8mb4
[manager]
port=3306
socket=/opt/bitnami/mariadb/tmp/mysql.sock
redis:
# Set redis.enabled to true to have a Redis container next to your WP. The WP will be
# configured to connect to this Redis and `Redis Object Cache` plugin will be
# installed as a conventional plugin.
master:
persistence:
# Set persistence to true you want redis to have persistence
enabled: false
# disableCommand is set as null to enable FLUSHALL and FLUSHDB and allow cache purge and flush
disableCommands: []
cluster:
# Set redis.cluster.enabled as true to have a master and a slave redis. Not necessary for caching
enabled: false
backup:
enabled: false
Maarten de Waard
committed
wpSalts: {}
# Some of the variables configured above are put into a variable here, that's
# completely stored as a b64encoded secret in Kubernetes. If you're not a
# developer, never change this variable, only change the variables it points to.
ansibleSecrets: |
BACKUP_NAME: {{ .Release.Name }}
BACKUP_TARGET: {{ .Values.backup.target }}
DB_HOST: {{ .Release.Name }}-database
DB_NAME: {{ .Values.database.db.name }}
DB_PASS: {{ .Values.database.db.password }}
DB_PREFIX: {{ .Values.wordpress.config.db.prefix}}
DB_USER: {{ .Values.database.db.user }}
LANGUAGES: {{ .Values.wordpress.site.languages }}
DEFAULT_LANG: {{ .Values.wordpress.site.default_language }}
WP_CONTENT_MOUNT: {{ .Values.wordpress.wp_content.mount_path }}
WP_CONTENT_REPO_CONTENT_DIR: {{ .Values.git_repo.wp_content_dir }}
WP_CONTENT_REPO_ENABLED: {{ .Values.git_repo.enabled }}
WP_CONTENT_REPO_URL: https://{{ .Values.git_repo.token_user }}:{{ .Values.git_repo.token_key }}@{{ .Values.git_repo.url }}{{ .Values.git_repo.name }}
WP_OPENID_CONNECT_ROLE_MAPPING_ENABLED: {{ .Values.openid_connect_settings.role_mapping_enabled }}
WP_CONTENT_REPO_VERSION: {{ .Values.git_repo.version }}
WP_DEBUG: {{ .Values.wordpress.site.debug }}
WP_EMAIL: {{ .Values.wordpress.config.adm.email }}
WP_PASS: {{ .Values.wordpress.config.adm.pssw }}
WP_REDIS_ENABLED: {{ .Values.redis.enabled }}
WP_REDIS_HOST: {{ .Release.Name }}-redis-master
WP_REDIS_PASSWORD: {{ .Values.redis.password | default ( randAlphaNum 15 ) }}
WP_THEME_ACTIVE: {{ .Values.wordpress.theme_active }}
WP_THEME_FALLBACK: {{ .Values.wordpress.theme_fallback }}
WP_TITLE: {{ .Values.wordpress.site.title }}
WP_UPLOAD_DIR: {{ .Values.wordpress.wp_upload.mount_path }}
WP_URL: {{ .Values.wordpress.site.url }}
WP_USER: {{ .Values.wordpress.config.adm.usid }}
WP_VERSION: {{ .Values.wordpress.site.version }}
WP_ALT_ENABLED: {{ .Values.wordpress.site.alt.enabled }}
WP_ALT_CONFIG: {{ .Values.wordpress.site.alt.config }}
WP_ALT_PATH: {{ .Values.wordpress.site.alt.path }}
WP_MU_PLUGINS_ENABLED: {{ .Values.wordpress.mu_plugins_enabled }}
WP_MU_PLUGINS_DIR: {{ .Values.wordpress.mu_plugins_dir }}
WP_MU_PLUGINS: {{ .Values.wordpress.mu_plugins | toJson }}
WP_MU_CRON_ENABLED: {{ .Values.wordpress.mu_cron.enabled }}
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
WP_MU_CRON_SETTINGS: {{ .Values.wordpress.mu_cron | toJson }}
WP_MULTILINGUAL_ENABLED: {{ .Values.wordpress.site.multilingual.enabled }}
WP_MULTILINGUAL_PLUGINS: {{ .Values.wordpress.site.multilingual.plugins }}
WP_MULTILINGUAL_CONFIG: {{ quote .Values.wordpress.site.multilingual.config }}
WP_OPENID_CONNECT_ENABLED: {{ .Values.openid_connect_settings.enabled }}
WP_OPENID_CONNECT_SETTINGS:
alternate_redirect_uri: {{ .Values.openid_connect_settings.alternate_redirect_uri }}
client_id: {{ .Values.openid_connect_settings.client_id }}
client_secret: {{ .Values.openid_connect_settings.client_secret }}
displayname_format: {{ .Values.openid_connect_settings.displayname_format }}
email_format: {{ .Values.openid_connect_settings.email_format }}
enable_logging: {{ .Values.openid_connect_settings.enable_logging }}
endpoint_end_session: {{ .Values.openid_connect_settings.endpoint_end_session }}
endpoint_login: {{ .Values.openid_connect_settings.endpoint_login }}
endpoint_token: {{ .Values.openid_connect_settings.endpoint_token }}
endpoint_userinfo: {{ .Values.openid_connect_settings.endpoint_userinfo }}
enforce_privacy: {{ .Values.openid_connect_settings.enforce_privacy }}
http_request_timeout: {{ .Values.openid_connect_settings.http_request_timeout }}
identify_with_username: {{ .Values.openid_connect_settings.identify_with_username }}
identity_key: {{ .Values.openid_connect_settings.identity_key }}
link_existing_users: {{ .Values.openid_connect_settings.link_existing_users }}
login_type: {{ .Values.openid_connect_settings.login_type }}
log_limit: {{ .Values.openid_connect_settings.log_limit }}
nickname_key: {{ .Values.openid_connect_settings.nickname_key }}
no_sslverify: {{ .Values.openid_connect_settings.no_sslverify }}
redirect_on_logout: {{ .Values.openid_connect_settings.redirect_on_logout }}
redirect_user_back: {{ .Values.openid_connect_settings.redirect_user_back }}
scope: {{ .Values.openid_connect_settings.scope }}
state_time_limit: {{ .Values.openid_connect_settings.state_time_limit }}
role_key: {{ .Values.openid_connect_settings.role_key }}
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
WP_SALTS:
AUTH_KEY: {{ .Values.wpSalts.AUTH_KEY | default ( randAlphaNum 32) }}
AUTH_SALT: {{ .Values.wpSalts.AUTH_SALT | default ( randAlphaNum 32) }}
LOGGED_IN_KEY: {{ .Values.wpSalts.LOGGED_IN_KEY | default ( randAlphaNum 32) }}
LOGGED_IN_SALT: {{ .Values.wpSalts.LOGGED_IN_SALT | default ( randAlphaNum 32) }}
NONCE_KEY: {{ .Values.wpSalts.NONCE_KEY | default ( randAlphaNum 32) }}
NONCE_SALT: {{ .Values.wpSalts.NONCE_SALT | default ( randAlphaNum 32) }}
SECURE_AUTH_KEY: {{ .Values.wpSalts.SECURE_AUTH_KEY | default ( randAlphaNum 32) }}
SECURE_AUTH_SALT: {{ .Values.wpSalts.SECURE_AUTH_SALT | default ( randAlphaNum 32) }}
WP_CACHE_KEY_SALT: {{ .Values.wpSalts.WP_CACHE_KEY_SALT | default ( randAlphaNum 32) }}
## Liveness and readiness probe values
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 60
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1