README.md

Stash Community

Stash Community by AppsCode - Free community features for Stash by AppsCode

TL;DR;

$ helm repo add appscode https://charts.appscode.com/stable/
$ helm repo update
$ helm search repo appscode/stash-community --version=v0.20.1
$ helm upgrade -i stash-community appscode/stash-community -n stash --create-namespace --version=v0.20.1

Introduction

This chart deploys a Stash community operator on a Kubernetes cluster using the Helm package manager.

Prerequisites

• Kubernetes 1.14+

Installing the Chart

To install/upgrade the chart with the release name stash-community:

$ helm upgrade -i stash-community appscode/stash-community -n stash --create-namespace --version=v0.20.1

The command deploys a Stash community operator on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.

Tip: List all releases using helm list

Uninstalling the Chart

To uninstall the stash-community:

$ helm uninstall stash-community -n stash

The command removes all the Kubernetes components associated with the chart and deletes the release.

Configuration

The following table lists the configurable parameters of the stash-community chart and their default values.

Parameter	Description	Default
nameOverride	Overrides name template	""
fullnameOverride	Overrides fullname template	""
replicaCount	Number of stash operator replicas to create (only 1 is supported)	1
license	License for the product. Get a license by following the steps from here. Example: helm install appscode/stash \ --set-file license=/path/to/license/file or helm install appscode/stash \ --set license=<license file content>	""
licenseApiService	Name of the ApiService to use by the addon to identify the respective service and certificate for license verification request	v1beta1.admission.stash.appscode.com
registryFQDN	Docker registry fqdn used to pull Stash related images. Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}	""
operator.registry	Docker registry used to pull operator image	stashed
operator.repository	Name of operator container image	stash
operator.tag	Operator container image tag	v0.20.1
operator.resources	Compute Resources required by the operator container	{"requests":{"cpu":"100m"}}
operator.securityContext	Security options the operator container should run with	{}
crdInstaller.registry	Docker registry of the CRD installer image. By default, it will use the same registry as the operator.	""
crdInstaller.repository	Name of CRD crd installer image. Default stash-crd-installer	stash-crd-installer
crdInstaller.tag	Tag of the CRD installer image. By default, it will use the same tag as the operator.	""
pushgateway.registry	Docker registry used to pull Prometheus pushgateway image	prom
pushgateway.repository	Prometheus pushgateway container image	pushgateway
pushgateway.tag	Prometheus pushgateway container image tag	v1.4.2
pushgateway.resources	Compute Resources required by the Prometheus pushgateway container	{}
pushgateway.securityContext	Security options the Prometheus pushgateway container should run with	{}
pushgateway.customURL	If you want to use a custom Pushgatway, specify its URL. Stash will not inject pushgatway sidecar if you set this field.	""
cleaner.registry	Docker registry used to pull Webhook cleaner image	appscode
cleaner.repository	Webhook cleaner container image	kubectl
cleaner.tag	Webhook cleaner container image tag	v1.16
cleaner.skip	Skip generating cleaner YAML	false
imagePullSecrets	Specify an array of imagePullSecrets. Secrets must be manually created in the namespace. Example: helm template charts/stash \ --set imagePullSecrets[0].name=sec0 \ --set imagePullSecrets[1].name=sec1	[]
imagePullPolicy	Container image pull policy	IfNotPresent
criticalAddon	If true, installs Stash operator as critical addon	false
logLevel	Log level for operator	3
annotations	Annotations applied to operator deployment	{}
podAnnotations	Annotations passed to operator pod(s).	{}
nodeSelector	Node labels for pod assignment	{"kubernetes.io/os":"linux"}
tolerations	Tolerations for pod assignment	[]
affinity	Affinity rules for pod assignment	{}
podSecurityContext	Security options the operator pod should run with.	{"fsGroup":65535}
serviceAccount.create	Specifies whether a service account should be created	true
serviceAccount.annotations	Annotations to add to the service account	{}
serviceAccount.name	The name of the service account to use. If not set and create is true, a name is generated using the fullname template
apiserver.groupPriorityMinimum	The minimum priority the webhook api group should have at least. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 for more information on proper values of this field.	10000
apiserver.versionPriority	The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field	15
apiserver.enableMutatingWebhook	If true, mutating webhook is configured for Kubernetes workloads	true
apiserver.enableValidatingWebhook	If true, validating webhook is configured for Stash CRDss	true
apiserver.ca	CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator.	not-ca-cert
apiserver.bypassValidatingWebhookXray	If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster.	false
apiserver.useKubeapiserverFqdnForAks	If true, uses kube-apiserver FQDN for AKS cluster to workaround Azure/AKS#522 (default true)	true
apiserver.healthcheck.enabled	If true, enables the readiness and liveliness probes for the operator pod.	false
apiserver.servingCerts.generate	If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in apiserver.servingCerts.{caCrt, serverCrt, serverKey}.	true
apiserver.servingCerts.caCrt	CA certficate used by serving certificate of webhook server.	""
apiserver.servingCerts.serverCrt	Serving certficate used by webhook server.	""
apiserver.servingCerts.serverKey	Private key for the serving certificate used by webhook server.	""
monitoring.agent	Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin")	""
monitoring.backup	Specify whether to monitor Stash backup and recovery	false
monitoring.operator	Specify whether to monitor Stash operator	false
monitoring.serviceMonitor.labels	Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is prometheus.io/operator.	{}
security.apparmor.enabled	Optional: Allows the default AppArmor profile, requires setting the default.	false
security.seccomp.enabled	Optional: Allows the default seccomp profile, requires setting the default.	false
security.podSecurityPolicies	PSP names passed to operator Example: helm install appscode/stash \ --set podSecurityPolicies[0]=abc \ --set podSecurityPolicies[1]=xyz	["baseline"]
security.createPSPs.privileged	Set to false to prevent chart creating "privileged" PSP.	true
security.createPSPs.baseline	Set to false to prevent chart creating "baseline" PSP.	true
platform.openshift	Set true, if installed in OpenShift	false

Specify each parameter using the --set key=value[,key=value] argument to helm upgrade -i. For example:

$ helm upgrade -i stash-community appscode/stash-community -n stash --create-namespace --version=v0.20.1 --set replicaCount=1

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example:

$ helm upgrade -i stash-community appscode/stash-community -n stash --create-namespace --version=v0.20.1 --values values.yaml