-
Notifications
You must be signed in to change notification settings - Fork 575
/
values.yaml
293 lines (269 loc) · 12.3 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
# coder -- Primary configuration for `coder server`.
coder:
# coder.env -- The environment variables to set for Coder. These can be used
# to configure all aspects of `coder server`. Please see `coder server --help`
# for information about what environment variables can be set.
# Note: The following environment variables are set by default and cannot be
# overridden:
# - CODER_HTTP_ADDRESS: set to 0.0.0.0:8080 and cannot be changed.
# - CODER_TLS_ADDRESS: set to 0.0.0.0:8443 if tls.secretName is not empty.
# - CODER_TLS_ENABLE: set if tls.secretName is not empty.
# - CODER_TLS_CERT_FILE: set if tls.secretName is not empty.
# - CODER_TLS_KEY_FILE: set if tls.secretName is not empty.
# - CODER_PROMETHEUS_ADDRESS: set to 0.0.0.0:6060 and cannot be changed.
# Prometheus must still be enabled by setting CODER_PROMETHEUS_ENABLE.
# - KUBE_POD_IP
# - CODER_DERP_SERVER_RELAY_URL
#
# We will additionally set CODER_ACCESS_URL if unset to the cluster service
# URL.
env: []
# - name: "CODER_ACCESS_URL"
# value: "https://coder.example.com"
# coder.image -- The image to use for Coder.
image:
# coder.image.repo -- The repository of the image.
repo: "ghcr.io/coder/coder"
# coder.image.tag -- The tag of the image, defaults to {{.Chart.AppVersion}}
# if not set. If you're using the chart directly from git, the default
# app version will not work and you'll need to set this value. The helm
# chart helpfully fails quickly in this case.
tag: ""
# coder.image.pullPolicy -- The pull policy to use for the image. See:
# https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
pullPolicy: IfNotPresent
# coder.image.pullSecrets -- The secrets used for pulling the Coder image from
# a private registry.
pullSecrets: []
# - name: "pull-secret"
# coder.initContainers -- Init containers for the deployment. See:
# https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
initContainers:
[]
# - name: init-container
# image: busybox:1.28
# command: ['sh', '-c', "sleep 2"]
# coder.annotations -- The Deployment annotations. See:
# https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations: {}
# coder.labels -- The Deployment labels. See:
# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels: {}
# coder.podAnnotations -- The Coder pod annotations. See:
# https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# coder.podLabels -- The Coder pod labels. See:
# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# coder.serviceAccount -- Configuration for the automatically created service
# account. Creation of the service account cannot be disabled.
serviceAccount:
# coder.serviceAccount.workspacePerms -- Whether or not to grant the coder
# service account permissions to manage workspaces. This includes
# permission to manage pods and persistent volume claims in the deployment
# namespace.
#
# It is recommended to keep this on if you are using Kubernetes templates
# within Coder.
workspacePerms: true
# coder.serviceAccount.enableDeployments -- Provides the service account permission
# to manage Kubernetes deployments.
enableDeployments: true
# coder.serviceAccount.annotations -- The Coder service account annotations.
annotations: {}
# coder.serviceAccount.name -- The service account name
name: coder
# coder.securityContext -- Fields related to the container's security
# context (as opposed to the pod). Some fields are also present in the pod
# security context, in which case these values will take precedence.
securityContext:
# coder.securityContext.runAsNonRoot -- Requires that the coder container
# runs as an unprivileged user. If setting runAsUser to 0 (root), this
# will need to be set to false.
runAsNonRoot: true
# coder.securityContext.runAsUser -- Sets the user id of the container.
# For security reasons, we recommend using a non-root user.
runAsUser: 1000
# coder.securityContext.runAsGroup -- Sets the group id of the container.
# For security reasons, we recommend using a non-root group.
runAsGroup: 1000
# coder.securityContext.readOnlyRootFilesystem -- Mounts the container's
# root filesystem as read-only.
readOnlyRootFilesystem: null
# coder.securityContext.seccompProfile -- Sets the seccomp profile for
# the coder container.
seccompProfile:
type: RuntimeDefault
# coder.securityContext.allowPrivilegeEscalation -- Controls whether
# the container can gain additional privileges, such as escalating to
# root. It is recommended to leave this setting disabled in production.
allowPrivilegeEscalation: false
# coder.volumes -- A list of extra volumes to add to the Coder pod.
volumes: []
# - name: "my-volume"
# emptyDir: {}
# coder.volumeMounts -- A list of extra volume mounts to add to the Coder pod.
volumeMounts: []
# - name: "my-volume"
# mountPath: "/mnt/my-volume"
# coder.tls -- The TLS configuration for Coder.
tls:
# coder.tls.secretNames -- A list of TLS server certificate secrets to mount
# into the Coder pod. The secrets should exist in the same namespace as the
# Helm deployment and should be of type "kubernetes.io/tls". The secrets
# will be automatically mounted into the pod if specified, and the correct
# "CODER_TLS_*" environment variables will be set for you.
secretNames: []
# coder.replicaCount -- The number of Kubernetes deployment replicas. This
# should only be increased if High Availability is enabled.
#
# This is an Enterprise feature. Contact sales@coder.com.
replicaCount: 1
# coder.workspaceProxy -- Whether or not this deployment of Coder is a Coder
# Workspace Proxy. Workspace Proxies reduce the latency between the user and
# their workspace for web connections (workspace apps and web terminal) and
# proxied connections from the CLI. Workspace Proxies are optional and only
# recommended for geographically sparse teams.
#
# Make sure you set CODER_PRIMARY_ACCESS_URL and CODER_PROXY_SESSION_TOKEN in
# the environment below. You can get a proxy token using the CLI:
# coder wsproxy create \
# --name "proxy-name" \
# --display-name "Proxy Name" \
# --icon "/emojis/xyz.png"
#
# This is an Enterprise feature. Contact sales@coder.com
# Docs: https://coder.com/docs/v2/latest/admin/workspace-proxies
workspaceProxy: false
# coder.lifecycle -- container lifecycle handlers for the Coder container, allowing
# for lifecycle events such as postStart and preStop events
# See: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
lifecycle:
{}
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo postStart"]
# preStop:
# exec:
# command: ["/bin/sh","-c","echo preStart"]
# coder.resources -- The resources to request for Coder. These are optional
# and are not set by default.
resources:
{}
# limits:
# cpu: 2000m
# memory: 4096Mi
# requests:
# cpu: 2000m
# memory: 4096Mi
# coder.certs -- CA bundles to mount inside the Coder pod.
certs:
# coder.certs.secrets -- A list of CA bundle secrets to mount into the Coder
# pod. The secrets should exist in the same namespace as the Helm
# deployment.
#
# The given key in each secret is mounted at
# `/etc/ssl/certs/{secret_name}.crt`.
secrets:
[]
# - name: "my-ca-bundle"
# key: "ca-bundle.crt"
# coder.affinity -- Allows specifying an affinity rule for the `coder` deployment.
# The default rule prefers to schedule coder pods on different
# nodes, which is only applicable if coder.replicaCount is greater than 1.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- "coder"
topologyKey: kubernetes.io/hostname
weight: 1
# coder.tolerations -- Tolerations for tainted nodes.
# See: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations:
{}
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
# coder.nodeSelector -- Node labels for constraining coder pods to nodes.
# See: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
nodeSelector: {}
# kubernetes.io/os: linux
# coder.service -- The Service object to expose for Coder.
service:
# coder.service.enable -- Whether to create the Service object.
enable: true
# coder.service.type -- The type of service to expose. See:
# https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: LoadBalancer
# coder.service.sessionAffinity -- Must be set to ClientIP or None
# AWS ELB does not support session stickiness based on ClientIP, so you must set this to None.
# The error message you might see: "Unsupported load balancer affinity: ClientIP"
# https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity
sessionAffinity: ClientIP
# coder.service.externalTrafficPolicy -- The external traffic policy to use.
# You may need to change this to "Local" to preserve the source IP address
# in some situations.
# https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: Cluster
# coder.service.loadBalancerIP -- The IP address of the LoadBalancer. If not
# specified, a new IP will be generated each time the load balancer is
# recreated. It is recommended to manually create a static IP address in
# your cloud and specify it here in production to avoid accidental IP
# address changes.
loadBalancerIP: ""
# coder.service.annotations -- The service annotations. See:
# https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
annotations: {}
# coder.ingress -- The Ingress object to expose for Coder.
ingress:
# coder.ingress.enable -- Whether to create the Ingress object. If using an
# Ingress, we recommend not specifying coder.tls.secretNames as the Ingress
# will handle TLS termination.
enable: false
# coder.ingress.className -- The name of the Ingress class to use.
className: ""
# coder.ingress.host -- The hostname to match on.
# Be sure to also set CODER_ACCESS_URL within coder.env[]
host: ""
# coder.ingress.wildcardHost -- The wildcard hostname to match on. Should be
# in the form "*.example.com" or "*-suffix.example.com". If you are using a
# suffix after the wildcard, the suffix will be stripped from the created
# ingress to ensure that it is a legal ingress host. Optional if not using
# applications over subdomains.
# Be sure to also set CODER_WILDCARD_ACCESS_URL within coder.env[]
wildcardHost: ""
# coder.ingress.annotations -- The ingress annotations.
annotations: {}
# coder.ingress.tls -- The TLS configuration to use for the Ingress.
tls:
# coder.ingress.tls.enable -- Whether to enable TLS on the Ingress.
enable: false
# coder.ingress.tls.secretName -- The name of the TLS secret to use.
secretName: ""
# coder.ingress.tls.wildcardSecretName -- The name of the TLS secret to
# use for the wildcard host.
wildcardSecretName: ""
# coder.command -- The command to use when running the Coder container. Used
# for customizing the location of the `coder` binary in your image.
command:
- /opt/coder
# coder.commandArgs -- Set arguments for the entrypoint command of the Coder pod.
commandArgs: []
# extraTemplates -- Array of extra objects to deploy with the release. Strings
# are evaluated as a template and can use template expansions and functions. All
# other objects are used as yaml.
extraTemplates:
#- |
# apiVersion: v1
# kind: ConfigMap
# metadata:
# name: my-configmap
# data:
# key: {{ .Values.myCustomValue | quote }}