/
values.yaml
525 lines (371 loc) · 19.1 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
# Pact Broker image information
image:
# -- Pact Broker image registry
registry: docker.io
# -- Pact Broker image repository
repository: pactfoundation/pact-broker
# -- Pact Broker image tag (immutable tags are recommended)
tag: 2.112.0-pactbroker2.107.1
# -- Specify a imagePullPolicy
# Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
# more info [here](https://kubernetes.io/docs/user-guide/images/#pre-pulling-images)
#
pullPolicy: IfNotPresent
# -- Array of imagePullSecrets to allow pulling the Pact Broker image from private registries.
# PS: Secret's must exist in the namespace to which you deploy the Pact Broker.
# more info [here](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)
#
# Example:
# pullSecrets:
# - mySecretName
#
pullSecrets: []
# Broker configuration
broker:
# -- Additional labels that can be added to the Broker deployment
labels: {}
# -- Additional annotations that can be added to the Broker deployment
annotations: {}
# -- (int) Number of Pact Broker replicas to deploy
replicaCount: 1
# -- Number of Deployment Revisions to set
revisionHistoryLimit: 10
# Container port configuration
containerPorts:
# -- http port
http: 9292
# -- http port
https: 8443
# Pact Broker pods' [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
podSecurityContext:
# -- Enable Pact Broker pods' Security Context
enabled: true
# -- Set Pact Broker pod's Security Context fsGroup
fsGroup: 1001
# Pact Broker containers' [Security Context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)
containerSecurityContext:
# -- Enable Pact Broker containers' Security Context
enabled: true
# -- Set Pact Broker container's Security Context runAsUser
runAsUser: 1001
# -- Set Pact Broker container's Security Context runAsNonRoot
runAsNonRoot: true
# Pact Broker Config, mostly set with the [default values](https://docs.pact.io/pact_broker/configuration/settings).
config:
# -- The application log level
# Allowed values: debug, info, warn, error, fatal
logLevel: info
# -- The application log format. Can be any value supported by Semantic Logger.
# Allowed values: default, json, color
logFormat: default
# -- Enable this setting to print the entire request and response to the logs at debug level.
# Do not leave this on permanently, as it will have performance and security issues.
# Ensure the application log_level is set to debug when this setting is enabled.
httpDebugLoggingEnabled: false
# -- Set to true to hide the messages in the logs about PactFlow
hidePactflowMessages: true
# -- The Postgresql ssl mode.
# Allowed values: disable, allow, prefer, require, verify-ca, verify-full
databaseSslmode: prefer
# -- The log level that will be used when the SQL query statements are logged.
# Allowed values: none, debug, info, warn, error, fatal
sqlLogLevel: none
# -- The number of seconds after which to log an SQL query at warn level. Use this for detecting slow queries.
sqlLogWarnDuration: 5
# -- When enabled it logs source path that caused SQL query.
sqlEnableCallerLogging: false
# -- The maximum size of the connection pool (4 connections by default on most databases)
databaseMaxConnections: 4
# -- The number of seconds to wait if a connection cannot be acquired before raising an error
databasePoolTimeout: 5
# -- Setting the max retries to a non-zero number will allow it to retry the connection the configured number of times, waiting 3 seconds between attempts.
databaseConnectMaxRetries: 0
# -- Whether or not to run the database schema migrations on start up. It is recommended to set this to true.
autoMigrateDb: true
# -- Whether or not to run the database data migrations on start up. It is recommended to set this to true.
autoMigrateDbData: true
# -- If true, will not raise an error if a database migration is recorded in the database that does not have an equivalent file in the codebase.
# If this is true, an older version of the code may be used with a newer version of the database, however, data integrity issues may occur.
allowMissingMigrationFiles: true
# -- The number of seconds after which an SQL query will be aborted. Only supported for Postgresql connections.
databaseStatementTimeout: 15
# -- The number of seconds after which the SQL queries used for the metrics endpoint will be aborted.
# This is configurable separately from the standard database_statement_timeout as it may need to be significantly longer than the desired value for standard queries.
metricsSqlStatementTimeout: 30
# The number of seconds after which to check the health of a connection from a connection pool before passing it to the application.
databaseConnectionValidationTimeout: 3600
# Pact Broker Basic Authentication
basicAuth:
# -- Set to true if you basic authentication to be enabled
#
enabled: false
# -- Set to true if you want public read access, but still require credentials for writing.
#
allowPublicRead: false
# -- Set to true if you want the heartbeat endpoint to be publicly accessible.
# This will have to be true if you have enabled basic auth.
publicHeartbeat: true
# -- Set this to true to allow status badges to be embedded in README files without requiring a hardcoded password.
enablePublicBadgeAccess: false
# Pact Broker Basic Authentication Credentials For Write user
writeUser:
# -- Username for write access to the Pact Broker
username: ""
# -- Password for write access to the Pact Broker
password: ""
# -- Name of an existing Kubernetes secret containing credentials to access the Pact Broker
existingSecret: ""
# -- The key to which holds the value of the username within the existingSecret
existingSecretUsernameKey: ""
# -- The key to which holds the value of the password within the existingSecret
existingSecretPasswordKey: ""
# Pact Broker Basic Authentication Credentials For Read user
readUser:
# -- Username for read access to the Pact Broker
username: ""
# -- Password for read access to the Pact Broker
password: ""
# -- Name of an existing Kubernetes secret containing credentials to access the Pact Broker
existingSecret: ""
# -- The key to which holds the value of the username within the existingSecret
existingSecretUsernameKey: ""
# -- The key to which holds the value of the password within the existingSecret
existingSecretPasswordKey: ""
# -- The schedule of seconds to wait between webhook execution attempts.
# The default schedule is 10 sec, 1 min, 2 min, 5 min, 10 min, 20 min (38 minutes in total).
webhookRetrySchedule: 10 60 120 300 600 1200
# -- The allowed HTTP methods for webhooks.
# It is highly recommended that only POST requests are allowed to ensure that webhooks cannot be used to retrieve sensitive information from hosts within the same network.
webhookHttpMethodWhitelist: POST
# -- If webhook call returns the response with an HTTP code that is listed in the success codes then the operation is considered a success,
# otherwise the webhook will be re-triggered based on the webhook_retry_schedule configuration.
webhookHttpCodeSuccess: "200 201 202 203 204 205 206"
# -- The allowed URL schemes for webhooks.
webhookSchemeWhitelist: https
# -- A list of hosts, network ranges, or host regular expressions.
webhookHostWhitelist:
# -- If set to true, SSL verification will be disabled for the HTTP requests made by the webhooks
disable_ssl: false
# -- Base URLs can be configured for architectures that use gateways or proxies that allow the same Pact Broker instance to be addressed with different base URLs.
# The application may run correctly without this attribute, however,
# it is strongly recommended to set it when deploying the Pact Broker to production as it prevents cache poisoning security vulnerabilities
baseUrls:
# -- The URL of the shields.io server used to generate the README badges.
shieldsIoBaseUrl: https://img.shields.io
# -- The method by which the badges are generated.
# Allowed values: redirect, proxy
badgeProviderMode: redirect
# -- Whether or not to enable the diagnostic endpoints at /diagnostic/status/heartbeat and "diagnostic/status/dependencies
enableDiagnosticEndpoints: true
# -- Whether or not to enable the embedded HAL Browser.
useHalBrowser: true
# -- When a pact is published, the consumer, provider and consumer version resources are automatically created.
# To prevent a pacticipant (consumer or provider) being created multiple times with slightly different name variants (eg. FooBar/foo-bar/foo bar/Foo Bar Service),
# a check is performed to determine if a new pacticipant name is likely to be a duplicate of any existing applications.
# If it is deemed similar enough to an existing name, a 409 will be returned.
checkForPotentialDuplicatePacticipantNames: true
# -- When true and a tag is created, if there is an environment with the name of the newly created tag,
# a deployed version is also created for the pacticipant version.
createDeployedVersionsForTags: true
# -- When true, the first tag applied to a version within the use_first_tag_as_branch_time_limit (10 seconds) will be used to populate the branch property of the version.
useFirstTagAsBranch: true
# -- When true and a pacticipant version is created with a tag or a branch that matches one of the names in main_branch_candidates,
# the mainBranch property is set for that pacticipant if it is not already set.
autoDetectMainBranch: true
# -- An array of potential main branch names used when automatically detecting the main branch for a pacticipant.
mainBranchCandidates: "develop main master"
# -- Whether or not to allow the pact content for an existing consumer version to be modified.
# It is strongly recommended that this is set to false, as allowing modification makes the results of can-i-deploy unreliable.
allowDangerousContractModification: false
# -- The maximum amount of time in seconds to attempt to generate the diff between two pacts before aborting the request.
pactContentDiffTimeout: 15
# -- A list of features to enable in the Pact Broker for beta testing before public release.
features:
# Pact Broker [automatic data cleanup](https://docs.pact.io/pact_broker/docker_images/pactfoundation#automatic-data-clean-up)
databaseClean:
# -- Set to true to enable the automatic data cleanup.
enabled: false
# -- Set the mode of the cleanup task. Can either be `embedded` or `external`. Setting the mode to `external` will create a Kubernetes `CronJob` to handle the cleanup; thus implementing https://docs.pact.io/pact_broker/docker_images/pactfoundation#running-the-clean-task-from-an-external-source
mode: embedded
# -- Set to a cron schedule that will run when your Broker is under the least operational load.
cronSchedule: 15 2 * * *
# -- The maximum number of records to delete at a time for each of the removable data categories.
deletionLimit: 500
# -- The maximum number of days to keep "overwritten" data.
overwrittenDataMaxAge: 90
# -- A JSON string containing a list of the "keep" selectors.
keepVersionSelectors: '[{"latest": true}, { "max_age": 180 }]'
# -- Defaults to false. Set to true to see the output of what would have been deleted if the task had run.
dryRun: false
# -- Pact Broker [Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
affinity: {}
# -- Pact Broker [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
tolerations: []
# -- Pact Broker [Node Selector](https://kubernetes.io/docs/user-guide/node-selection/)
nodeSelector: {}
# Pact Broker [resource requests and limits](https://kubernetes.io/docs/user-guide/compute-resources/)
resources:
# The resources limits for the Pact Broker containers
limits:
memory: 1024Mi
cpu: 2500m
# The requested resources for the Pact Broker containers
requests:
memory: 512Mi
cpu: 100m
# Pact Broker [Liveness Probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes)
livenessProbe:
# -- Enable livenessProbe on Pact Broker containers
enabled: true
# -- Initial delay seconds for livenessProbe
initialDelaySeconds: 300
# -- Period seconds for livenessProbe
periodSeconds: 1
# -- Timeout seconds for livenessProbe
timeoutSeconds: 5
# -- Failure threshold for livenessProbe
failureThreshold: 3
# -- Success threshold for livenessProbe
successThreshold: 1
# Pact Broker [Readiness Probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes)
readinessProbe:
# -- Enable readinessProbe on Pact Broker containers
enabled: true
# -- Initial delay seconds for readinessProbe
initialDelaySeconds: 30
# -- Period seconds for readinessProbe
periodSeconds: 10
# -- Timeout seconds for readinessProbe
timeoutSeconds: 1
# -- Failure threshold for readinessProbe
failureThreshold: 3
# -- Success threshold for readinessProbe
successThreshold: 1
# Pact Broker [Pod Disruption Budget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget)
podDisruptionBudget:
# -- Max Unavailable Pods (alternatively one can define `minAvailable`)
maxUnavailable: 1
# minAvailable: 1
# -- Volumes to mount
volumes: []
# - name: cache-volume
# emptyDir:
# sizeLimit: 500Mi
# -- Volume mounts
volumeMounts: []
# - mountPath: <CONTAINER_PATH>
# name: <VOLUME_NAME>
# readOnly: true
# -- Additional containers to add to the Pact Broker pods
extraContainers: []
# extraContainers:
# - name: cloudsql-proxy
# image: gcr.io/cloudsql-docker/gce-proxy:1.22.0
# command:
# - /cloud_sql_proxy
# - '-instances=my-project:my-zone:my-db-name=tcp:5432'
# - '-enable_iam_login'
# Service configuration
service:
# -- Kubernetes service type
#
type: "ClusterIP"
# Service port configuration
ports:
# -- Pact service HTTP port
http: 80
# -- Pact service HTTPS port
https: 443
# Service [NodePort configuration](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport)
nodePorts:
# -- http nodePort
http: ""
# -- https nodePort
https: ""
# -- Pact Broker service clusterIP
clusterIP: ""
# -- Pact Broker Service [loadBalancerIP](https://kubernetes.io/docs/user-guide/services/#type-loadbalancer)
loadBalancerIP: ""
# Ingress parameters
ingress:
# -- ingress.enabled Enable the creation of the ingress resource
enabled: true
# -- ingress.className Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx)
className: ""
# -- ingress.annotations Additional annotations for the Ingress resource
annotations: {}
# -- host Hostname to be used to expose the route to access the Pact Broker
host: ""
# Ingress TLS parameters
tls:
# -- ingress.tls.enabled Enable TLS configuration for the host defined at `ingress.host` parameter
enabled: false
# -- ingress.tls.secretName The name to which the TLS Secret will be called
secretName: ""
# PostgreSQL [chart configuration](https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml)
postgresql:
# -- Switch to enable or disable the PostgreSQL helm chart
enabled: true
# The authentication details of the Postgres database
auth:
# -- Name for a custom user to create
username: bn_broker
# -- Password for the custom user to create
password: ""
# -- Name for a custom database to create
database: bitnami_broker
# -- Name of existing secret to use for PostgreSQL credentials
existingSecret: ""
# The secret keys Postgres will look for to retrieve the relevant password
secretKeys:
# -- The key in which Postgres well look for, for the admin password, in the existing Secret
adminPasswordKey: admin-password
# -- The key in which Postgres well look for, for the user password, in the existing Secret
userPasswordKey: user-password
# -- The key in which Postgres well look for, for the replication password, in the existing Secret
replicationPasswordKey: replication-password
# -- PostgreSQL architecture (`standalone` or `replication`)
architecture: standalone
# External database configuration
externalDatabase:
# -- Switch to enable or disable the externalDatabase connection
enabled: false
# External Database Configuration
config:
# -- Database host
host: ""
# -- Database port number
port: ""
# -- Database engine to use.
# Only allowed values are `postgres` or `sqlite`. More info [here](https://docs.pact.io/pact_broker/docker_images/pactfoundation#getting-started)
adapter: ""
# -- External database name
databaseName: ""
# External database auth details that the Pact Broker will use to connect
auth:
# -- Non-root username for the Pact Broker
username: ""
# -- Password for the non-root username for the Pact Broker
password: ""
# -- Name of an existing Kubernetes secret containing the database credentials
existingSecret: ""
# -- The key to which the password will be stored under within existing secret.
existingSecretPasswordKey: "user-password"
# Service Account Configuration
serviceAccount:
# -- Enable the creation of a ServiceAccount for Pact Broker pods
create: true
# -- Name of the ServiceAccount
# If `serviceAccount.create` is `true` and `serviceAccount.name` is not set, a name is generated based on the release name.
# If `serviceAccount.create` is `true` and `serviceAccount.name` is set, a service account is created and named after value set in `serviceAccount.name`
# If `serviceAccount.create` is `false` and `serviceAccount.name` is not set, the `default` service account is used for the Deployment.
# If `serviceAccount.create` is `false` and `serviceAccount.name` is set, the service account specified at `serviceAccount.name` is used for the Deployment.
name: ""
# -- Additional custom labels to the service ServiceAccount.
labels: {}
# -- Additional custom annotations for the ServiceAccount.
annotations: {}
# -- Auto-mount the service account token in the pod
automountServiceAccountToken: true
# -- Name of image pull secrets that should be attached to the service account
imagePullSecrets: []