helm/sealos/charts/desktop/values.yaml

global:
  cloud:
    domain: cloud.local
    port: ""
    mongodbURI: ""
  ingress:
    enabled: true
    tls: true
    selfSigned: true
  wildcardCert:
    name: "wildcard-tls"
    enabled: true


commonLabels: { }
commonAnnotations: { }

desktop:
  ## @param desktop.domain set domain for desktop, default is empty, use cloud domain as desktop.domain
  domain: ""
  ## @param desktop.callbackUrl set callback url for desktop, default is "<http schema>://<desktop domain>/callback" if unset
  callbackUrl: ""
  ## @param desktop.jwtSecret set jwt secret for desktop
  existingJwtSecret: ""
  ## @param desktop.passwordSalt set password salt for desktop
  existingPasswordSalt: ""
  ## @param desktop.passwordEnabled set password enabled for desktop
  passwordEnabled: true
  ## @param desktop.githubEnabled set github enabled for desktop
  githubEnabled: false
  ## @param desktop.wechatEnabled set wechat enabled for desktop
  wechatEnabled: false
  ## @param desktop.smsEnabled set sms enabled for desktop
  smsEnabled: false
  ## @param desktop.mongodbURI set mongodb uri for desktop (mongodb://user:password@host:port/dbname)
  mongodbURI: ""
  ## @param desktop.githubClientId set github client id for desktop
  githubClientId: ""
  ## @param desktop.githubClientSecret set github client secret for desktop
  githubClientSecret: ""
  ## @param desktop.wechatClientId set wechat client id for desktop
  wechatClientId: ""
  ## @param desktop.wechatClientSecret set wechat client secret for desktop
  wechatClientSecret: ""
  ## @param desktop.aliSmsEndpoint set ali sms endpoint for desktop
  aliSmsEndpoint: ""
  ## @param desktop.aliSmsAccessKeyId set ali sms access key id for desktop
  aliSmsAccessKeyId: ""
  aliSmsAccessKeySecret: ""
  aliSmsSignName: ""
  aliSmsTemplateCode: ""

  ## sealos desktop image
  ## ref: https://github.com/labring/sealos/pkgs/container/sealos-desktop-frontend/
  ## @param desktop.image.registry desktop image registry
  ## @param desktop.image.repository desktop image repository
  ## @param desktop.image.tag desktop image tag (immutable tags are recommended)
  ## @param desktop.image.digest desktop image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
  ## @param desktop.image.pullPolicy desktop image pull policy
  ## @param desktop.image.pullSecrets desktop image pull secrets
  ## @param desktop.image.debug Enable desktop image debug mode
  ##
  image:
    registry: ghcr.io
    repository: labring/sealos-desktop-frontend
    tag: latest
    digest: ""
    pullPolicy: IfNotPresent
    pullSecrets: [ ]
    debug: false
  replicaCount: 1
  containerPorts:
    http: 3000
  ## Configure extra options for desktop containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
  ## @param desktop.livenessProbe.enabled Enable livenessProbe on desktop containers
  ## @param desktop.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
  ## @param desktop.livenessProbe.periodSeconds Period seconds for livenessProbe
  ## @param desktop.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
  ## @param desktop.livenessProbe.failureThreshold Failure threshold for livenessProbe
  ## @param desktop.livenessProbe.successThreshold Success threshold for livenessProbe
  ##
  livenessProbe:
    enabled: false
    initialDelaySeconds: foo
    periodSeconds: bar
    timeoutSeconds: foo
    failureThreshold: bar
    successThreshold: foo
  ## @param desktop.readinessProbe.enabled Enable readinessProbe on desktop containers
  ## @param desktop.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
  ## @param desktop.readinessProbe.periodSeconds Period seconds for readinessProbe
  ## @param desktop.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
  ## @param desktop.readinessProbe.failureThreshold Failure threshold for readinessProbe
  ## @param desktop.readinessProbe.successThreshold Success threshold for readinessProbe
  ##
  readinessProbe:
    enabled: false
    initialDelaySeconds: foo
    periodSeconds: bar
    timeoutSeconds: foo
    failureThreshold: bar
    successThreshold: foo
  ## @param desktop.startupProbe.enabled Enable startupProbe on desktop containers
  ## @param desktop.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
  ## @param desktop.startupProbe.periodSeconds Period seconds for startupProbe
  ## @param desktop.startupProbe.timeoutSeconds Timeout seconds for startupProbe
  ## @param desktop.startupProbe.failureThreshold Failure threshold for startupProbe
  ## @param desktop.startupProbe.successThreshold Success threshold for startupProbe
  ##
  startupProbe:
    enabled: false
    initialDelaySeconds: foo
    periodSeconds: bar
    timeoutSeconds: foo
    failureThreshold: bar
    successThreshold: foo
  ## @param desktop.customLivenessProbe Custom livenessProbe that overrides the default one
  ##
  customLivenessProbe: { }
  ## @param desktop.customReadinessProbe Custom readinessProbe that overrides the default one
  ##
  customReadinessProbe: { }
  ## @param desktop.customStartupProbe Custom startupProbe that overrides the default one
  ##
  customStartupProbe: { }
  ## desktop resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ## @param desktop.resources.limits The resources limits for the desktop containers
  ## @param desktop.resources.requests The requested resources for the desktop containers
  ##
  resources:
    limits: { }
    requests: { }
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param desktop.podSecurityContext.enabled Enabled desktop pods' Security Context
  ## @param desktop.podSecurityContext.fsGroup Set desktop pod's Security Context fsGroup
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## Configure Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  ## @param desktop.containerSecurityContext.enabled Enabled desktop containers' Security Context
  ## @param desktop.containerSecurityContext.runAsUser Set desktop containers' Security Context runAsUser
  ## @param desktop.containerSecurityContext.runAsNonRoot Set desktop containers' Security Context runAsNonRoot
  ## @param desktop.containerSecurityContext.readOnlyRootFilesystem Set desktop containers' Security Context runAsNonRoot
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    runAsNonRoot: true
    readOnlyRootFilesystem: false
    allowPrivilegeEscalation: false
    capabilities:
      drop:
        - "ALL"

  ## @param desktop.existingConfigmap The name of an existing ConfigMap with your custom configuration for desktop
  ##
  existingConfigmap:
  ## @param desktop.command Override default container command (useful when using custom images)
  ##
  command: [ ]
  ## @param desktop.args Override default container args (useful when using custom images)
  ##
  args: [ ]
  ## @param desktop.hostAliases desktop pods host aliases
  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  ##
  hostAliases: [ ]
  ## @param desktop.podLabels Extra labels for desktop pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  ##
  podLabels: { }
  ## @param desktop.podAnnotations Annotations for desktop pods
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: { }
  ## @param desktop.podAffinityPreset Pod affinity preset. Ignored if `desktop.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAffinityPreset: ""
  ## @param desktop.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `desktop.affinity` is set. Allowed values: `soft` or `hard`
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
  ##
  podAntiAffinityPreset: soft
  ## Pod Disruption Budget configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
  ## @param desktop.pdb.create Enable/disable a Pod Disruption Budget creation
  ## @param desktop.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
  ## @param desktop.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
  ##
  pdb:
    create: false
    minAvailable: 1
    maxUnavailable: ""
  ## Autoscaling configuration
  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
  ## @param desktop.autoscaling.enabled Enable autoscaling for desktop
  ## @param desktop.autoscaling.minReplicas Minimum number of desktop replicas
  ## @param desktop.autoscaling.maxReplicas Maximum number of desktop replicas
  ## @param desktop.autoscaling.targetCPU Target CPU utilization percentage
  ## @param desktop.autoscaling.targetMemory Target Memory utilization percentage
  ##
  autoscaling:
    enabled: false
    minReplicas: ""
    maxReplicas: ""
    targetCPU: ""
    targetMemory: ""
  ## Node desktop.affinity preset
  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
  ##
  nodeAffinityPreset:
    ## @param desktop.nodeAffinityPreset.type Node affinity preset type. Ignored if `desktop.affinity` is set. Allowed values: `soft` or `hard`
    ##
    type: ""
    ## @param desktop.nodeAffinityPreset.key Node label key to match. Ignored if `desktop.affinity` is set
    ##
    key: ""
    ## @param desktop.nodeAffinityPreset.values Node label values to match. Ignored if `desktop.affinity` is set
    ## E.g.
    ## values:
    ##   - e2e-az1
    ##   - e2e-az2
    ##
    values: [ ]
  ## @param desktop.affinity Affinity for desktop pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ## NOTE: `desktop.podAffinityPreset`, `desktop.podAntiAffinityPreset`, and `desktop.nodeAffinityPreset` will be ignored when it's set
  ##
  affinity: { }
  ## @param desktop.nodeSelector Node labels for desktop pods assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: { }
  ## @param desktop.tolerations Tolerations for desktop pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: [ ]
  ## @param desktop.updateStrategy.type desktop statefulset strategy type
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
  ##
  updateStrategy:
    ## StrategyType
    ## Can be set to RollingUpdate or OnDelete
    ##
    type: RollingUpdate

  ## ONLY FOR STATEFULSETS
  ## @param desktop.podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join
  ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
  ##
  podManagementPolicy: OrderedReady

  ## @param desktop.priorityClassName desktop pods' priorityClassName
  ##
  priorityClassName: ""
  ## @param desktop.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
  ##
  topologySpreadConstraints: [ ]
  ## @param desktop.schedulerName Name of the k8s scheduler (other than default) for desktop pods
  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
  ##
  schedulerName: ""
  ## @param desktop.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
  ##
  terminationGracePeriodSeconds: ""
  ## @param desktop.lifecycleHooks for the desktop container(s) to automate configuration before or after startup
  ##
  lifecycleHooks: { }
  ## @param desktop.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for desktop nodes
  ##
  extraEnvVarsCM: ""
  ## @param desktop.extraEnvVarsSecret Name of existing Secret containing extra env vars for desktop nodes
  ##
  extraEnvVarsSecret: ""
  ## @param desktop.extraVolumes Optionally specify extra list of additional volumes for the desktop pod(s)
  ##
  sidecars: [ ]
  ## @param desktop.initContainers Add additional init containers to the desktop pod(s)
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
  ## e.g:
  ## initContainers:
  ##  - name: your-image-name
  ##    image: your-image
  ##    imagePullPolicy: Always
  ##    command: ['sh', '-c', 'echo "hello world"']
  ##
  initContainers: [ ]

## @section Traffic Exposure Parameters
##

## desktop service parameters
##
service:
  ## @param service.type desktop service type
  ##
  type: ClusterIP
  ## @param service.ports.http desktop service HTTP port
  ## @param service.ports.https desktop service HTTPS port
  ##
  ports:
    http: 3000
  ## Node ports to expose
  ## @param service.nodePorts.http Node port for HTTP
  ## @param service.nodePorts.https Node port for HTTPS
  ## NOTE: choose port between <30000-32767>
  ##
  nodePorts:
    http: ""
  ## @param service.clusterIP desktop service Cluster IP
  ## e.g.:
  ## clusterIP: None
  ##
  clusterIP: ""
  ## @param service.loadBalancerIP desktop service Load Balancer IP
  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
  ##
  loadBalancerIP: ""
  ## @param service.loadBalancerSourceRanges desktop service Load Balancer sources
  ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
  ## e.g:
  ## loadBalancerSourceRanges:
  ##   - 10.10.10.0/24
  ##
  loadBalancerSourceRanges: [ ]
  ## @param service.externalTrafficPolicy desktop service external traffic policy
  ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
  ##
  externalTrafficPolicy: Cluster
  ## @param service.annotations Additional custom annotations for desktop service
  ##
  annotations: { }
  ## @param service.extraPorts Extra ports to expose in desktop service (normally used with the `sidecars` value)
  ##
  extraPorts: [ ]
  ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
  ## Values: ClientIP or None
  sessionAffinity: None
  ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
  ## sessionAffinityConfig:
  ##   clientIP:
  ##     timeoutSeconds: 300
  ##
  sessionAffinityConfig: { }
## desktop ingress parameters
##
ingress:
  ## @param ingress.enabled Enable ingress record generation for desktop
  ##
  enabled: false
  ## @param ingress.pathType Ingress path type
  ##
  pathType: Prefix
  ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
  ##
  apiVersion: networking.k8s.io/v1
  ## /* @param ingress.hostname Default host for the ingress record */
  ## Use desktop.domain instead
  #  hostname: cloud.local
  ## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
  ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster.
  ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
  ##
  ingressClassName: nginx
  ## @param ingress.path Default path for the ingress record
  ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
  ##
  path: /
  ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
  ## Use this parameter to set the required annotations for cert-manager, see
  ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
  ## e.g:
  ## annotations:
  ##   kubernetes.io/ingress.class: nginx
  ##   cert-manager.io/cluster-issuer: cluster-issuer-name
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
  ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
  ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
  ## You can:
  ##   - Use the `ingress.secrets` parameter to create this TLS secret
  ##   - Rely on cert-manager to create it by setting the corresponding annotations
  ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
  ##
  tls: false
  ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
  ##
  selfSigned: false

## RBAC configuration
##
rbac:
  ## @param rbac.create Specifies whether RBAC resources should be created
  ##
  create: true
  ## @param rbac.rules Custom RBAC rules to set
  ## e.g:
  ## rules:
  ##   - apiGroups:
  ##       - ""
  ##     resources:
  ##       - pods
  ##     verbs:
  ##       - get
  ##       - list
  ##
  rules: [ ]

## ServiceAccount configuration
##
serviceAccount:
  ## @param serviceAccount.create Specifies whether a ServiceAccount should be created
  ##
  create: true
  ## @param serviceAccount.name The name of the ServiceAccount to use.
  ## If not set and create is true, a name is generated using the common.names.fullname template
  ##
  name: ""
  ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
  ##
  annotations: { }
  ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
  ##
  automountServiceAccountToken: true