-
Notifications
You must be signed in to change notification settings - Fork 2k
/
values.yaml
433 lines (422 loc) · 18 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
global:
cloud:
domain: cloud.local
port: ""
mongodbURI: ""
ingress:
enabled: true
tls: true
selfSigned: true
wildcardCert:
name: "wildcard-tls"
enabled: true
commonLabels: { }
commonAnnotations: { }
desktop:
## @param desktop.domain set domain for desktop, default is empty, use cloud domain as desktop.domain
domain: ""
## @param desktop.callbackUrl set callback url for desktop, default is "<http schema>://<desktop domain>/callback" if unset
callbackUrl: ""
## @param desktop.jwtSecret set jwt secret for desktop
existingJwtSecret: ""
## @param desktop.passwordSalt set password salt for desktop
existingPasswordSalt: ""
## @param desktop.passwordEnabled set password enabled for desktop
passwordEnabled: true
## @param desktop.githubEnabled set github enabled for desktop
githubEnabled: false
## @param desktop.wechatEnabled set wechat enabled for desktop
wechatEnabled: false
## @param desktop.smsEnabled set sms enabled for desktop
smsEnabled: false
## @param desktop.mongodbURI set mongodb uri for desktop (mongodb://user:password@host:port/dbname)
mongodbURI: ""
## @param desktop.githubClientId set github client id for desktop
githubClientId: ""
## @param desktop.githubClientSecret set github client secret for desktop
githubClientSecret: ""
## @param desktop.wechatClientId set wechat client id for desktop
wechatClientId: ""
## @param desktop.wechatClientSecret set wechat client secret for desktop
wechatClientSecret: ""
## @param desktop.aliSmsEndpoint set ali sms endpoint for desktop
aliSmsEndpoint: ""
## @param desktop.aliSmsAccessKeyId set ali sms access key id for desktop
aliSmsAccessKeyId: ""
aliSmsAccessKeySecret: ""
aliSmsSignName: ""
aliSmsTemplateCode: ""
## sealos desktop image
## ref: https://github.com/labring/sealos/pkgs/container/sealos-desktop-frontend/
## @param desktop.image.registry desktop image registry
## @param desktop.image.repository desktop image repository
## @param desktop.image.tag desktop image tag (immutable tags are recommended)
## @param desktop.image.digest desktop image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
## @param desktop.image.pullPolicy desktop image pull policy
## @param desktop.image.pullSecrets desktop image pull secrets
## @param desktop.image.debug Enable desktop image debug mode
##
image:
registry: ghcr.io
repository: labring/sealos-desktop-frontend
tag: latest
digest: ""
pullPolicy: IfNotPresent
pullSecrets: [ ]
debug: false
replicaCount: 1
containerPorts:
http: 3000
## Configure extra options for desktop containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param desktop.livenessProbe.enabled Enable livenessProbe on desktop containers
## @param desktop.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param desktop.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param desktop.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param desktop.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param desktop.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: false
initialDelaySeconds: foo
periodSeconds: bar
timeoutSeconds: foo
failureThreshold: bar
successThreshold: foo
## @param desktop.readinessProbe.enabled Enable readinessProbe on desktop containers
## @param desktop.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param desktop.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param desktop.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param desktop.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param desktop.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: false
initialDelaySeconds: foo
periodSeconds: bar
timeoutSeconds: foo
failureThreshold: bar
successThreshold: foo
## @param desktop.startupProbe.enabled Enable startupProbe on desktop containers
## @param desktop.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param desktop.startupProbe.periodSeconds Period seconds for startupProbe
## @param desktop.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param desktop.startupProbe.failureThreshold Failure threshold for startupProbe
## @param desktop.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: foo
periodSeconds: bar
timeoutSeconds: foo
failureThreshold: bar
successThreshold: foo
## @param desktop.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: { }
## @param desktop.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: { }
## @param desktop.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: { }
## desktop resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## @param desktop.resources.limits The resources limits for the desktop containers
## @param desktop.resources.requests The requested resources for the desktop containers
##
resources:
limits: { }
requests: { }
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param desktop.podSecurityContext.enabled Enabled desktop pods' Security Context
## @param desktop.podSecurityContext.fsGroup Set desktop pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param desktop.containerSecurityContext.enabled Enabled desktop containers' Security Context
## @param desktop.containerSecurityContext.runAsUser Set desktop containers' Security Context runAsUser
## @param desktop.containerSecurityContext.runAsNonRoot Set desktop containers' Security Context runAsNonRoot
## @param desktop.containerSecurityContext.readOnlyRootFilesystem Set desktop containers' Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
## @param desktop.existingConfigmap The name of an existing ConfigMap with your custom configuration for desktop
##
existingConfigmap:
## @param desktop.command Override default container command (useful when using custom images)
##
command: [ ]
## @param desktop.args Override default container args (useful when using custom images)
##
args: [ ]
## @param desktop.hostAliases desktop pods host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: [ ]
## @param desktop.podLabels Extra labels for desktop pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: { }
## @param desktop.podAnnotations Annotations for desktop pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: { }
## @param desktop.podAffinityPreset Pod affinity preset. Ignored if `desktop.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param desktop.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `desktop.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
## @param desktop.pdb.create Enable/disable a Pod Disruption Budget creation
## @param desktop.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
## @param desktop.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
##
pdb:
create: false
minAvailable: 1
maxUnavailable: ""
## Autoscaling configuration
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
## @param desktop.autoscaling.enabled Enable autoscaling for desktop
## @param desktop.autoscaling.minReplicas Minimum number of desktop replicas
## @param desktop.autoscaling.maxReplicas Maximum number of desktop replicas
## @param desktop.autoscaling.targetCPU Target CPU utilization percentage
## @param desktop.autoscaling.targetMemory Target Memory utilization percentage
##
autoscaling:
enabled: false
minReplicas: ""
maxReplicas: ""
targetCPU: ""
targetMemory: ""
## Node desktop.affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param desktop.nodeAffinityPreset.type Node affinity preset type. Ignored if `desktop.affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param desktop.nodeAffinityPreset.key Node label key to match. Ignored if `desktop.affinity` is set
##
key: ""
## @param desktop.nodeAffinityPreset.values Node label values to match. Ignored if `desktop.affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: [ ]
## @param desktop.affinity Affinity for desktop pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: `desktop.podAffinityPreset`, `desktop.podAntiAffinityPreset`, and `desktop.nodeAffinityPreset` will be ignored when it's set
##
affinity: { }
## @param desktop.nodeSelector Node labels for desktop pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: { }
## @param desktop.tolerations Tolerations for desktop pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: [ ]
## @param desktop.updateStrategy.type desktop statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## ONLY FOR STATEFULSETS
## @param desktop.podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
##
podManagementPolicy: OrderedReady
## @param desktop.priorityClassName desktop pods' priorityClassName
##
priorityClassName: ""
## @param desktop.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: [ ]
## @param desktop.schedulerName Name of the k8s scheduler (other than default) for desktop pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param desktop.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param desktop.lifecycleHooks for the desktop container(s) to automate configuration before or after startup
##
lifecycleHooks: { }
## @param desktop.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for desktop nodes
##
extraEnvVarsCM: ""
## @param desktop.extraEnvVarsSecret Name of existing Secret containing extra env vars for desktop nodes
##
extraEnvVarsSecret: ""
## @param desktop.extraVolumes Optionally specify extra list of additional volumes for the desktop pod(s)
##
sidecars: [ ]
## @param desktop.initContainers Add additional init containers to the desktop pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: [ ]
## @section Traffic Exposure Parameters
##
## desktop service parameters
##
service:
## @param service.type desktop service type
##
type: ClusterIP
## @param service.ports.http desktop service HTTP port
## @param service.ports.https desktop service HTTPS port
##
ports:
http: 3000
## Node ports to expose
## @param service.nodePorts.http Node port for HTTP
## @param service.nodePorts.https Node port for HTTPS
## NOTE: choose port between <30000-32767>
##
nodePorts:
http: ""
## @param service.clusterIP desktop service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.loadBalancerIP desktop service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges desktop service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: [ ]
## @param service.externalTrafficPolicy desktop service external traffic policy
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.annotations Additional custom annotations for desktop service
##
annotations: { }
## @param service.extraPorts Extra ports to expose in desktop service (normally used with the `sidecars` value)
##
extraPorts: [ ]
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: { }
## desktop ingress parameters
##
ingress:
## @param ingress.enabled Enable ingress record generation for desktop
##
enabled: false
## @param ingress.pathType Ingress path type
##
pathType: Prefix
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: networking.k8s.io/v1
## /* @param ingress.hostname Default host for the ingress record */
## Use desktop.domain instead
# hostname: cloud.local
## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster.
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: nginx
## @param ingress.path Default path for the ingress record
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
##
path: /
## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
## You can:
## - Use the `ingress.secrets` parameter to create this TLS secret
## - Rely on cert-manager to create it by setting the corresponding annotations
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## RBAC configuration
##
rbac:
## @param rbac.create Specifies whether RBAC resources should be created
##
create: true
## @param rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: [ ]
## ServiceAccount configuration
##
serviceAccount:
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the common.names.fullname template
##
name: ""
## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
##
annotations: { }
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
##
automountServiceAccountToken: true