/
values.yaml
268 lines (268 loc) · 8.37 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
## Default values for Epinio Helm Chart.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.
# Fall back email address to receive notifications from the `letsencrypt-production` issuer.
#
# __SUPERCEDED__ by `global.tlsIssuerMail`.
#
# Kept for backward compatibility, here and in the templates.
email: "epinio@suse.com"
image:
epinio:
registry: ghcr.io/
repository: epinio/epinio-server
tag: ""
epinio-ui:
registry: ghcr.io/
repository: epinio/epinio-ui
tag: v1.11.0-0.0.2
bash:
registry: ghcr.io/
repository: epinio/epinio-unpacker
tag: ""
awscli:
repository: amazon/aws-cli
tag: 2.13.26
skopeo:
registry: quay.io/
repository: skopeo/stable
tag: v1.13.2
kubectl:
repository: rancher/kubectl
tag: v1.22.6
builder:
repository: paketobuildpacks/builder-jammy-full
tag: 0.3.290
# The user/group combination to use when running
# the builder image (and in supporting scripts).
userid: 1001
groupid: 1000
appChart:
default: https://github.com/epinio/helm-charts/releases/download/epinio-application-0.1.26/epinio-application-0.1.26.tgz
server:
# increase this value to increase all timeouts by the same factor
timeoutMultiplier: 1
# Increase this value to instruct the API server to produce more debug output
traceLevel: 0
# The ingressClassName is used to select the ingress controller for apps.
# If empty ingress.ingressClassName (see below) is used
ingressClassName: ""
# Disable tracking of the Epinio and Kubernetes cluster version
disableTracking: false
# Name of the Service Account used by the staging job
stagingServiceAccountName: ""
# Resources to allocate to the staging job. Default: unbounded cpu/memory, and 1Gi disk
stagingResourceRequests:
cpu: ""
memory: ""
disk: "1Gi"
ingress:
# The ingressClassName is used to select the ingress controller for the server. If empty no class will be added to the ingresses.
ingressClassName: ""
# Annotations to add to the API ingress
# e.g.: --set 'ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect=false'
annotations: {}
# nginxSSLRedirect to controll https->http redirects
nginxSSLRedirect: "true"
service:
# -- Annotations to be added to the Epinio service.
annotations: {}
# The strategy used to deploy the Epinio server.
# If you are using a RWO storage the following will avoid a Multi-Attach error during an `helm upgrade`.
# See https://github.com/epinio/epinio/issues/2253.
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
certManagerNamespace: cert-manager
# Set enabled to false to disable cert manager.
# With the auto-creation of secrets from Cert request gone the secrets have to specified manually.
# See below. Leaving out the `dex` falls back to `epinio`. No other connections between them.
# Further note:
# - s3 applies to either minio, or s3gw, whichever is active.
# In case of using an external s3 store it does not apply at all.
# - dex applies only when enabled
certManager:
enabled: true
registry:
cert: ""
key: ""
ca: ""
epinio:
cert: ""
key: ""
ca: ""
dex:
cert: ""
key: ""
ca: ""
s3:
cert: ""
key: ""
ca: ""
# Connection details for the S3 storage
s3:
endpoint: s3.amazonaws.com
bucket: "epinio"
region: ""
accessKeyID: ""
secretAccessKey: ""
useSSL: true
# Set it to an existing secret if S3 is using a self signed cert
certificateSecret: ""
api:
# Default users
# plain password used for the 'admin' user
adminPassword: ""
# plain password used for the 'epinio' user
epinioPassword: ""
users:
- username: admin
password: password
# or you can provide an already bcrypt hashed password
# passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS"
roles:
- admin
- username: epinio
# the Bcrypt hash for the `password` password
passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS"
roles:
- user
- admin:workspace
workspaces:
- workspace
# Dex subchart values -- None for now, and sub chart disabled
dex:
# hardcode this, to avoid problems with release name
fullnameOverride: "dex"
configSecret:
create: false
name: "dex-config"
ui:
# secret should be supplied by dex automatically, this is just a fall back
secret: ""
# Defaults to https://epinio.{{ .Values.global.domain }}/auth/verify/
redirectURI: ""
service:
# -- Annotations to be added to the Epinio service.
annotations: {}
# Extra environment variables passed to the epinio-server pod.
# extraEnv:
# - name: MY_ENV_VAR
# value: "1.0"
# Minio subchart values
minio:
enabled: true
# hardcode this, to avoid problems with release name
fullnameOverride: minio
existingSecret: minio-creds
tls:
enabled: true
certSecret: minio-tls
publicCrt: tls.crt
privateKey: tls.key
persistence:
size: 2Gi
drivesPerNode: 4
replicas: 1
resources:
requests:
memory: 1Gi
makeUserJob:
podAnnotations:
linkerd.io/inject: disabled
epinioUI:
enabled: true
# UI theme, either 'light' or 'dark'
theme: light
imagePullPolicy: IfNotPresent
# API URL of epinio instance, for proxied connections, defaults to http://epinio-server.%s.svc.cluster.local"
apiURL: ""
wssURL: ""
dexURL: ""
uiURL: ""
# Skip checking for valid SSL cert when making requests to `EPINIO_API_URL`
apiSkipSSL: "true"
logLevel: info
# Domain that will serve the UI and be the origin of browser requests, used by CORS process
allowedOrigins: ""
ingress:
enabled: false
# The ingressClassName is used to select the ingress controller. If empty no class will be added to the ingresses.
ingressClassName: ""
service:
# -- Annotations to be added to the service.
annotations: {}
kubed:
enabled: true
fullnameOverride: kubed
enableAnalytics: false
operator:
registry: rancher
repository: mirrored-appscode-kubed
tag: v0.13.2
# s3gw subchart values
s3gw:
enabled: false
ingress:
enabled: false
ui:
enabled: false
serviceName: s3gw
useExistingSecret: true
defaultUserCredentialsSecret: s3gw-creds
storageSize: 2Gi
storageClass:
create: false
name: ""
containerregistry:
enabled: true
image:
registry:
repository: registry
tag: 2.8.1
nginx:
repository: nginx
tag: 1.25.2-alpine
imagePullPolicy: IfNotPresent
# The ingressClassName is used to select the ingress controller. If
# empty no class will be added to the ingresses.
ingressClassName: ""
# The certificateSecret is used to load the certificate of the registry in the staging job.
# The certificate has to be in PEM format within in a 'tls.crt' key (it can be an Opaque secret).
# It also has to be trusted by the kubelet, and it needs to be added in the cluster as well.
certificateSecret: ""
serviceCatalog:
# Enable service catalog service for development
enableDevServices: true
global:
dex:
enabled: true
# The domain that will be used to access the epinio API server and the registry
domain: ""
# Connection details for the container registry.
# Skip if containerregistry.enabled is true
registryURL: ""
registryUsername: "admin"
registryPassword: "changeme"
# Used in registry path when pushing -> "external.tld/apps/APPNAME"
registryNamespace: "apps"
# The name of the cluster issuer to use.
# Epinio provides four options: 'epinio-ca', 'selfsigned-issuer', 'letsencrypt-staging' and 'letsencrypt-production'.
tlsIssuer: "epinio-ca"
# The name of your ClusterIssuer (it will override the tlsIssuer)
customTlsIssuer: ""
# Email address to receive the certificate notification emails send by the `letsencrypt-production` issuer.
tlsIssuerEmail: ""
# The URL of the container registry from where to pull container images for the various
# created Pods. Don't confuse this registry with the "Epinio registry" which is the one
# where Epinio stores the application images.
cattle:
systemDefaultRegistry: ""
rancher:
# Epinio's UI extension needs to reach both epinio and dex services.
# Configuration for those services to enable this requires the uri of the Rancher instance.
# The uri comes from global.cattle.url (provided by rancher), or if that's missing this value (rancher.url)
# This supersedes server.accessControlAllowOrigin
url: ""