charts/pact-broker/values.yaml

# Pact Broker image information
image:

  # -- Pact Broker image registry
  registry: docker.io

  # -- Pact Broker image repository
  repository: pactfoundation/pact-broker

  # -- Pact Broker image tag (immutable tags are recommended)
  tag: 2.112.0-pactbroker2.107.1

  # -- Specify a imagePullPolicy
  # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  # more info [here](https://kubernetes.io/docs/user-guide/images/#pre-pulling-images)
  #
  pullPolicy: IfNotPresent

  # -- Array of imagePullSecrets to allow pulling the Pact Broker image from private registries.
  # PS: Secret's must exist in the namespace to which you deploy the Pact Broker.
  # more info [here](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)
  #
  # Example:
  #   pullSecrets:
  #    - mySecretName
  #
  pullSecrets: []

# Broker configuration
broker:

  # -- Additional labels that can be added to the Broker deployment
  labels: {}

  # -- Additional annotations that can be added to the Broker deployment
  annotations: {}

  # -- (int) Number of Pact Broker replicas to deploy
  replicaCount: 1

  # -- Number of Deployment Revisions to set
  revisionHistoryLimit: 10

  # Container port configuration
  containerPorts:

    # -- http port
    http: 9292

    # -- http port
    https: 8443

  # Pact Broker pods' [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
  podSecurityContext:

    # -- Enable Pact Broker pods' Security Context
    enabled: true

    # -- Set Pact Broker pod's Security Context fsGroup
    fsGroup: 1001

  # Pact Broker containers' [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)
  containerSecurityContext:

    # -- Enable Pact Broker containers' Security Context
    enabled: true

    # -- Set Pact Broker container's Security Context runAsUser
    runAsUser: 1001

    # -- Set Pact Broker container's Security Context runAsNonRoot
    runAsNonRoot: true

  # Pact Broker Config, mostly set with the [default values](https://docs.pact.io/pact_broker/configuration/settings).
  config:
    # -- The application log level
    # Allowed values: debug, info, warn, error, fatal
    logLevel: info

    # -- The application log format. Can be any value supported by Semantic Logger.
    # Allowed values: default, json, color
    logFormat: default

    # -- Enable this setting to print the entire request and response to the logs at debug level.
    # Do not leave this on permanently, as it will have performance and security issues.
    # Ensure the application log_level is set to debug when this setting is enabled.
    httpDebugLoggingEnabled: false

    # -- Set to true to hide the messages in the logs about PactFlow
    hidePactflowMessages: true

    # -- The Postgresql ssl mode.
    # Allowed values: disable, allow, prefer, require, verify-ca, verify-full
    databaseSslmode: prefer

    # -- The log level that will be used when the SQL query statements are logged.
    # Allowed values: none, debug, info, warn, error, fatal
    sqlLogLevel: none

    # -- The number of seconds after which to log an SQL query at warn level. Use this for detecting slow queries.
    sqlLogWarnDuration: 5

    # -- When enabled it logs source path that caused SQL query.
    sqlEnableCallerLogging: false

    # -- The maximum size of the connection pool (4 connections by default on most databases)
    databaseMaxConnections: 4

    # -- The number of seconds to wait if a connection cannot be acquired before raising an error
    databasePoolTimeout: 5

    # -- Setting the max retries to a non-zero number will allow it to retry the connection the configured number of times, waiting 3 seconds between attempts.
    databaseConnectMaxRetries: 0

    # -- Whether or not to run the database schema migrations on start up. It is recommended to set this to true.
    autoMigrateDb: true

    # -- Whether or not to run the database data migrations on start up. It is recommended to set this to true.
    autoMigrateDbData: true

    # -- If true, will not raise an error if a database migration is recorded in the database that does not have an equivalent file in the codebase.
    # If this is true, an older version of the code may be used with a newer version of the database, however, data integrity issues may occur.
    allowMissingMigrationFiles: true

    # -- The number of seconds after which an SQL query will be aborted. Only supported for Postgresql connections.
    databaseStatementTimeout: 15

    # -- The number of seconds after which the SQL queries used for the metrics endpoint will be aborted.
    # This is configurable separately from the standard database_statement_timeout as it may need to be significantly longer than the desired value for standard queries.
    metricsSqlStatementTimeout: 30

    # The number of seconds after which to check the health of a connection from a connection pool before passing it to the application.
    databaseConnectionValidationTimeout: 3600

    # Pact Broker Basic Authentication
    basicAuth:

      # -- Set to true if you basic authentication to be enabled
      #
      enabled: false

      # -- Set to true if you want public read access, but still require credentials for writing.
      #
      allowPublicRead: false

      # -- Set to true if you want the heartbeat endpoint to be publicly accessible.
      # This will have to be true if you have enabled basic auth.
      publicHeartbeat: true

      # -- Set this to true to allow status badges to be embedded in README files without requiring a hardcoded password.
      enablePublicBadgeAccess: false

      # Pact Broker Basic Authentication Credentials For Write user
      writeUser:

        # -- Username for write access to the Pact Broker
        username: ""

        # -- Password for write access to the Pact Broker
        password: ""

        # -- Name of an existing Kubernetes secret containing credentials to access the Pact Broker
        existingSecret: ""

        # -- The key to which holds the value of the username within the existingSecret
        existingSecretUsernameKey: ""

        # -- The key to which holds the value of the password within the existingSecret
        existingSecretPasswordKey: ""

      # Pact Broker Basic Authentication Credentials For Read user
      readUser:

        # -- Username for read access to the Pact Broker
        username: ""

        # -- Password for read access to the Pact Broker
        password: ""

        # -- Name of an existing Kubernetes secret containing credentials to access the Pact Broker
        existingSecret: ""

        # -- The key to which holds the value of the username within the existingSecret
        existingSecretUsernameKey: ""

        # -- The key to which holds the value of the password within the existingSecret
        existingSecretPasswordKey: ""

    # -- The schedule of seconds to wait between webhook execution attempts.
    # The default schedule is 10 sec, 1 min, 2 min, 5 min, 10 min, 20 min (38 minutes in total).
    webhookRetrySchedule: 10 60 120 300 600 1200

    # -- The allowed HTTP methods for webhooks.
    # It is highly recommended that only POST requests are allowed to ensure that webhooks cannot be used to retrieve sensitive information from hosts within the same network.
    webhookHttpMethodWhitelist: POST

    # -- If webhook call returns the response with an HTTP code that is listed in the success codes then the operation is considered a success,
    # otherwise the webhook will be re-triggered based on the webhook_retry_schedule configuration.
    webhookHttpCodeSuccess: "200 201 202 203 204 205 206"

    # -- The allowed URL schemes for webhooks.
    webhookSchemeWhitelist: https

    # -- A list of hosts, network ranges, or host regular expressions.
    webhookHostWhitelist:

    # -- If set to true, SSL verification will be disabled for the HTTP requests made by the webhooks
    disable_ssl: false

    # -- Base URLs can be configured for architectures that use gateways or proxies that allow the same Pact Broker instance to be addressed with different base URLs.
    #  The application may run correctly without this attribute, however,
    # it is strongly recommended to set it when deploying the Pact Broker to production as it prevents cache poisoning security vulnerabilities
    baseUrls:

    # -- The URL of the shields.io server used to generate the README badges.
    shieldsIoBaseUrl: https://img.shields.io

    # -- The method by which the badges are generated.
    # Allowed values: redirect, proxy
    badgeProviderMode: redirect

    # -- Whether or not to enable the diagnostic endpoints at /diagnostic/status/heartbeat and "diagnostic/status/dependencies
    enableDiagnosticEndpoints: true

    # -- Whether or not to enable the embedded HAL Browser.
    useHalBrowser: true

    # -- When a pact is published, the consumer, provider and consumer version resources are automatically created.
    # To prevent a pacticipant (consumer or provider) being created multiple times with slightly different name variants (eg. FooBar/foo-bar/foo bar/Foo Bar Service),
    # a check is performed to determine if a new pacticipant name is likely to be a duplicate of any existing applications.
    # If it is deemed similar enough to an existing name, a 409 will be returned.
    checkForPotentialDuplicatePacticipantNames: true

    # -- When true and a tag is created, if there is an environment with the name of the newly created tag,
    # a deployed version is also created for the pacticipant version.
    createDeployedVersionsForTags: true

    # -- When true, the first tag applied to a version within the use_first_tag_as_branch_time_limit (10 seconds) will be used to populate the branch property of the version.
    useFirstTagAsBranch: true

    # -- When true and a pacticipant version is created with a tag or a branch that matches one of the names in main_branch_candidates,
    # the mainBranch property is set for that pacticipant if it is not already set.
    autoDetectMainBranch: true

    # -- An array of potential main branch names used when automatically detecting the main branch for a pacticipant.
    mainBranchCandidates: "develop main master"

    # -- Whether or not to allow the pact content for an existing consumer version to be modified.
    # It is strongly recommended that this is set to false, as allowing modification makes the results of can-i-deploy unreliable.
    allowDangerousContractModification: false

    # -- The maximum amount of time in seconds to attempt to generate the diff between two pacts before aborting the request.
    pactContentDiffTimeout: 15

    # -- A list of features to enable in the Pact Broker for beta testing before public release.
    features:

    # Pact Broker [automatic data cleanup](https://docs.pact.io/pact_broker/docker_images/pactfoundation#automatic-data-clean-up)
    databaseClean:

      # -- Set to true to enable the automatic data cleanup.
      enabled: false

      # -- Set the mode of the cleanup task. Can either be `embedded` or `external`. Setting the mode to `external` will create a Kubernetes `CronJob` to handle the cleanup; thus implementing https://docs.pact.io/pact_broker/docker_images/pactfoundation#running-the-clean-task-from-an-external-source
      mode: embedded

      # -- Set to a cron schedule that will run when your Broker is under the least operational load.
      cronSchedule: 15 2 * * *

      # -- The maximum number of records to delete at a time for each of the removable data categories.
      deletionLimit: 500

      # -- The maximum number of days to keep "overwritten" data.
      overwrittenDataMaxAge: 90

      # -- A JSON string containing a list of the "keep" selectors.
      keepVersionSelectors: '[{"latest": true}, { "max_age": 180 }]'

      # -- Defaults to false. Set to true to see the output of what would have been deleted if the task had run.
      dryRun: false

  # -- Pact Broker [Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
  affinity: {}

  # -- Pact Broker [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
  tolerations: []

  # -- Pact Broker [Node Selector](https://kubernetes.io/docs/user-guide/node-selection/)
  nodeSelector: {}

  # Pact Broker [resource requests and limits](https://kubernetes.io/docs/user-guide/compute-resources/)
  resources:

    # The resources limits for the Pact Broker containers
    limits:
      memory: 1024Mi
      cpu: 2500m

    # The requested resources for the Pact Broker containers
    requests:
      memory: 512Mi
      cpu: 100m

  # Pact Broker [Liveness Probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes)
  livenessProbe:

    # -- Enable livenessProbe on Pact Broker containers
    enabled: true

    # -- Initial delay seconds for livenessProbe
    initialDelaySeconds: 300

    # -- Period seconds for livenessProbe
    periodSeconds: 1

    # -- Timeout seconds for livenessProbe
    timeoutSeconds: 5

    # -- Failure threshold for livenessProbe
    failureThreshold: 3

    # -- Success threshold for livenessProbe
    successThreshold: 1

  # Pact Broker [Readiness Probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes)
  readinessProbe:

    # -- Enable readinessProbe on Pact Broker containers
    enabled: true

    # -- Initial delay seconds for readinessProbe
    initialDelaySeconds: 30

    # -- Period seconds for readinessProbe
    periodSeconds: 10

    # -- Timeout seconds for readinessProbe
    timeoutSeconds: 1

    # -- Failure threshold for readinessProbe
    failureThreshold: 3

    # -- Success threshold for readinessProbe
    successThreshold: 1

  # Pact Broker [Pod Disruption Budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget)
  podDisruptionBudget:
    # -- Max Unavailable Pods (alternatively one can define `minAvailable`)
    maxUnavailable: 1
    # minAvailable: 1

  # -- Volumes to mount
  volumes: []
    # - name: cache-volume
    #   emptyDir:
    #    sizeLimit: 500Mi

  # -- Volume mounts
  volumeMounts: []
    # - mountPath: <CONTAINER_PATH>
    #   name: <VOLUME_NAME>
    #   readOnly: true

  # -- Additional containers to add to the Pact Broker pods
  extraContainers: []
  # extraContainers:
  #   - name: cloudsql-proxy
  #     image: gcr.io/cloudsql-docker/gce-proxy:1.22.0
  #     command:
  #       - /cloud_sql_proxy
  #       - '-instances=my-project:my-zone:my-db-name=tcp:5432'
  #       - '-enable_iam_login'

#  Service configuration
service:

  # -- Kubernetes service type
  #
  type: "ClusterIP"

  # Service port configuration
  ports:

    # -- Pact service HTTP port
    http: 80

    # -- Pact service HTTPS port
    https: 443

  # Service [NodePort configuration](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport)
  nodePorts:

    # -- http nodePort
    http: ""

    # -- https nodePort
    https: ""

  # -- Pact Broker service clusterIP
  clusterIP: ""

  # -- Pact Broker Service [loadBalancerIP](https://kubernetes.io/docs/user-guide/services/#type-loadbalancer)
  loadBalancerIP: ""

# Ingress parameters
ingress:
  # -- ingress.enabled Enable the creation of the ingress resource
  enabled: true

  # -- ingress.className Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx)
  className: ""

  # -- ingress.annotations Additional annotations for the Ingress resource
  annotations: {}

  # -- host Hostname to be used to expose the route to access the Pact Broker
  host: ""

  # Ingress TLS parameters
  tls:

    # -- ingress.tls.enabled Enable TLS configuration for the host defined at `ingress.host` parameter
    enabled: false

    # -- ingress.tls.secretName The name to which the TLS Secret will be called
    secretName: ""

# PostgreSQL [chart configuration](https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml)
postgresql:

  # -- Switch to enable or disable the PostgreSQL helm chart
  enabled: true

  # The authentication details of the Postgres database
  auth:

    # -- Name for a custom user to create
    username: bn_broker

    # -- Password for the custom user to create
    password: ""

    # -- Name for a custom database to create
    database: bitnami_broker

    # -- Name of existing secret to use for PostgreSQL credentials
    existingSecret: ""

    # The secret keys Postgres will look for to retrieve the relevant password
    secretKeys:

      # -- The key in which Postgres well look for, for the admin password, in the existing Secret
      adminPasswordKey: admin-password

      # -- The key in which Postgres well look for, for the user password, in the existing Secret
      userPasswordKey: user-password

      # -- The key in which Postgres well look for, for the replication password, in the existing Secret
      replicationPasswordKey: replication-password

  # -- PostgreSQL architecture (`standalone` or `replication`)
  architecture: standalone

# External database configuration
externalDatabase:

  # -- Switch to enable or disable the externalDatabase connection
  enabled: false

  # External Database Configuration
  config:

    # -- Database host
    host: ""

    # -- Database port number
    port: ""

    # -- Database engine to use.
    # Only allowed values are `postgres` or `sqlite`. More info [here](https://docs.pact.io/pact_broker/docker_images/pactfoundation#getting-started)
    adapter: ""

    # -- External database name
    databaseName: ""

    # External database auth details that the Pact Broker will use to connect
    auth:

      # -- Non-root username for the Pact Broker
      username: ""

      # -- Password for the non-root username for the Pact Broker
      password: ""

      # -- Name of an existing Kubernetes secret containing the database credentials
      existingSecret: ""

      # -- The key to which the password will be stored under within existing secret.
      existingSecretPasswordKey: "user-password"

# Service Account Configuration
serviceAccount:

  # -- Enable the creation of a ServiceAccount for Pact Broker pods
  create: true

  # -- Name of the ServiceAccount
  # If `serviceAccount.create` is `true` and `serviceAccount.name` is not set, a name is generated based on the release name.
  # If `serviceAccount.create` is `true` and `serviceAccount.name` is set, a service account is created and named after value set in `serviceAccount.name`
  # If `serviceAccount.create` is `false` and `serviceAccount.name` is not set, the `default` service account is used for the Deployment.
  # If `serviceAccount.create` is `false` and `serviceAccount.name` is set, the service account specified at `serviceAccount.name` is used for the Deployment.
  name: ""


  # -- Additional custom labels to the service ServiceAccount.
  labels: {}

  # -- Additional custom annotations for the ServiceAccount.
  annotations: {}

  # -- Auto-mount the service account token in the pod
  automountServiceAccountToken: true

  # -- Name of image pull secrets that should be attached to the service account
  imagePullSecrets: []