-
Notifications
You must be signed in to change notification settings - Fork 52
/
values.yaml
177 lines (147 loc) · 4.53 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# Default values for zitadel.
zitadel:
# The ZITADEL config under configmapConfig is written to a Kubernetes ConfigMap
# See all defaults here:
# https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
configmapConfig:
Database:
cockroach:
Host: "crdb-public"
User:
SSL:
Mode: "verify-full"
Admin:
SSL:
Mode: "verify-full"
Machine:
Identification:
Hostname:
Enabled: true
Webhook:
Enabled: false
## If you want to setup ZITADEL with a service account
## instead of a human admin user, comment the following
## in by deleting each lines first hash and space
# FirstInstance:
# # path used for volume mounts and to write the secret
# MachineKeyPath: /machinekey/zitadel-admin-sa.json
# Org:
# Machine:
# Machine:
# # Creates a service account with the name zitadel-admin-sa,
# # which results in a secret 'zitadel-admin-sa' with a key 'zitadel-admin-sa.json'
# Username: zitadel-admin-sa
# Name: Admin
# MachineKey:
# Type: 1
# The ZITADEL config under secretConfig is written to a Kubernetes Secret
# See all defaults here:
# https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
secretConfig:
# Reference the name of a secret that contains ZITADEL configuration.
# The key should be named "config-yaml".
configSecretName:
# ZITADEL uses the masterkey for symmetric encryption.
# You can generate it for example with tr -dc A-Za-z0-9 </dev/urandom | head -c 32
masterkey: ""
# Reference the name of the secret that contains the masterkey. The key should be named "masterkey".
# Note: Either zitadel.masterkey or zitadel.masterkeySecretName must be set
masterkeySecretName: ""
# The root CA Certificate needed for establishing secure database connections
dbSslRootCrt: ""
# The Secret containing the root CA Certificate at key ca.crt needed for establishing secure database connections
dbSslRootCrtSecret: "crdb-ca-secret"
# The Secret containing the client CA Certificate and key at tls.crt and tls.key needed for establishing secure database connections
dbSslClientCrtSecret: "crdb-client-secret"
replicaCount: 3
image:
repository: ghcr.io/zitadel/zitadel
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
chownImage:
repository: alpine
pullPolicy: IfNotPresent
tag: "3.11"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
securityContext: {}
# Additional environment variables
env:
[]
# - name: ZITADEL_DATABASE_POSTGRES_HOST
# valueFrom:
# secretKeyRef:
# name: postgres-pguser-postgres
# key: host
service:
type: ClusterIP
port: 8080
protocol: http2
annotations: {}
ingress:
enabled: false
className: ""
annotations: {}
hosts:
- host: localhost
paths:
- path: /
pathType: Prefix
tls: []
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
initJob:
# Once ZITADEL is installed, the initJob can be disabled.
enabled: true
resources: {}
activeDeadlineSeconds: 300
extraContainers: []
podAnnotations: {}
setupJob:
resources: {}
activeDeadlineSeconds: 300
extraContainers: []
podAnnotations: {}
machinekeyWriterImage:
repository: alpine/k8s
tag: ""
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 5
failureThreshold: 3
livenessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 5
failureThreshold: 3
startupProbe:
enabled: true
periodSeconds: 1
failureThreshold: 30
metrics:
enabled: false
serviceMonitor:
# If true, the chart creates a ServiceMonitor that is compatible with Prometheus Operator
# https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.ServiceMonitor.
# The Prometheus community Helm chart installs this operator
# https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#kube-prometheus-stack
enabled: false
honorLabels: false
honorTimestamps: true