andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-charts/charts/epinio/103.0.2+up1.10.0/values.yaml

227 lines
7.2 KiB
YAML
Raw Normal View History

[dev-v2.9] Forward port from dev-v2.8 after release of 2.8.6 (#4260)
2024-07-18 23:07:02 +00:00
## Default values for Epinio Helm Chart.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.
# Fall back email address to receive notifications from the `letsencrypt-production` issuer.
#
# __SUPERCEDED__ by `global.tlsIssuerMail`.
#
# Kept for backward compatibility, here and in the templates.
email: "epinio@suse.com"
image:
epinio:
repository: rancher/mirrored-epinio-epinio-server
tag: v1.10.0
epinio-ui:
repository: rancher/mirrored-epinio-epinio-ui
tag: v1.10.0-0.0.1
bash:
repository: rancher/mirrored-epinio-epinio-unpacker
tag: v1.10.0
awscli:
repository: rancher/mirrored-amazon-aws-cli
tag: 2.9.14
skopeo:
repository: rancher/mirrored-skopeo-skopeo
tag: v1.13.2
kubectl:
repository: rancher/kubectl
tag: v1.22.6
builder:
repository: rancher/mirrored-paketobuildpacks-builder
tag: 0.2.443-full
appChart:
default: /assets/epinio-application-0.1.26.tgz
server:
# Domain which serves the Rancher UI (to access the API)
accessControlAllowOrigin: ""
# increase this value to increase all timeouts by the same factor
timeoutMultiplier: 1
# Increase this value to instruct the API server to produce more debug output
traceLevel: 0
# The ingressClassName is used to select the ingress controller for apps.
# If empty ingress.ingressClassName (see below) is used
ingressClassName: ""
# Disable tracking of the Epinio and Kubernetes cluster version
disableTracking: false
# Name of the Service Account used by the staging job
stagingServiceAccountName: ""
# Resources to allocate to the staging job. Default: unbounded cpu/memory, and 1Gi disk
stagingResourceRequests:
cpu: ""
memory: ""
disk: "1Gi"
ingress:
# The ingressClassName is used to select the ingress controller for the server. If empty no class will be added to the ingresses.
ingressClassName: ""
# Annotations to add to the API ingress
# e.g.: --set 'ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect=false'
annotations: {}
# nginxSSLRedirect to controll https->http redirects
nginxSSLRedirect: "true"
service:
# -- Annotations to be added to the Epinio service.
annotations: {}
# The strategy used to deploy the Epinio server.
# If you are using a RWO storage the following will avoid a Multi-Attach error during an `helm upgrade`.
# See https://github.com/epinio/epinio/issues/2253.
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
certManagerNamespace: cert-manager
# Connection details for the S3 storage
s3:
endpoint: s3.amazonaws.com
bucket: "epinio"
region: ""
accessKeyID: ""
secretAccessKey: ""
useSSL: true
# Set it to an existing secret if S3 is using a self signed cert
certificateSecret: ""
api:
# Default users
# plain password used for the 'admin' user
adminPassword: ""
# plain password used for the 'epinio' user
epinioPassword: ""
users:
- username: admin
password: password
# or you can provide an already bcrypt hashed password
# passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS"
role: admin
- username: epinio
# the Bcrypt hash for the `password` password
passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS"
role: user
workspaces:
- workspace
# Dex subchart values -- None for now, and sub chart disabled
dex:
# hardcode this, to avoid problems with release name
fullnameOverride: "dex"
configSecret:
create: false
name: "dex-config"
ui:
# secret should be supplied by dex automatically, this is just a fall back
secret: ""
# Defaults to https://epinio.{{ .Values.global.domain }}/auth/verify/
redirectURI: ""
service:
# -- Annotations to be added to the Epinio service.
annotations: {}
# Extra environment variables passed to the epinio-server pod.
# extraEnv:
# - name: MY_ENV_VAR
# value: "1.0"
# Minio subchart values
minio:
enabled: true
# hardcode this, to avoid problems with release name
fullnameOverride: minio
existingSecret: minio-creds
tls:
enabled: true
certSecret: minio-tls
publicCrt: tls.crt
privateKey: tls.key
persistence:
size: 2Gi
drivesPerNode: 4
replicas: 1
resources:
requests:
memory: 1Gi
makeUserJob:
podAnnotations:
linkerd.io/inject: disabled
epinioUI:
enabled: true
# UI theme, either 'light' or 'dark'
theme: light
imagePullPolicy: IfNotPresent
# API URL of epinio instance, for proxied connections, defaults to http://epinio-server.%s.svc.cluster.local"
apiURL: ""
wssURL: ""
dexURL: ""
uiURL: ""
# Skip checking for valid SSL cert when making requests to `EPINIO_API_URL`
apiSkipSSL: "true"
logLevel: info
# Domain that will serve the UI and be the origin of browser requests, used by CORS process
allowedOrigins: ""
ingress:
enabled: false
# The ingressClassName is used to select the ingress controller. If empty no class will be added to the ingresses.
ingressClassName: ""
service:
# -- Annotations to be added to the service.
annotations: {}
kubed:
enabled: true
fullnameOverride: kubed
enableAnalytics: false
# s3gw subchart values
s3gw:
enabled: false
ingress:
enabled: false
ui:
enabled: false
serviceName: s3gw
useExistingSecret: true
defaultUserCredentialsSecret: s3gw-creds
storageSize: 2Gi
storageClass:
create: false
name: ""
containerregistry:
enabled: true
image:
registry:
repository: rancher/mirrored-library-registry
tag: 2.8.1
nginx:
repository: rancher/mirrored-library-nginx
tag: 1.23.2-alpine
imagePullPolicy: IfNotPresent
# The ingressClassName is used to select the ingress controller. If
# empty no class will be added to the ingresses.
ingressClassName: ""
# The certificateSecret is used to load the certificate of the registry in the staging job.
# The certificate has to be in PEM format within in a 'tls.crt' key (it can be an Opaque secret).
# It also has to be trusted by the kubelet, and it needs to be added in the cluster as well.
certificateSecret: ""
serviceCatalog:
# Enable service catalog service for development
enableDevServices: true
global:
rbac:
pspEnabled: false
dex:
enabled: true
# The domain that will be used to access the epinio API server and the registry
domain: ""
# Connection details for the container registry.
# Skip if containerregistry.enabled is true
registryURL: ""
registryUsername: "admin"
registryPassword: "changeme"
# Used in registry path when pushing -> "external.tld/apps/APPNAME"
registryNamespace: "apps"
# The name of the cluster issuer to use.
# Epinio creates three options: 'epinio-ca', 'selfsigned-issuer', 'letsencrypt-staging' and 'letsencrypt-production'.
tlsIssuer: "epinio-ca"
# The name of your ClusterIssuer (it will override the tlsIssuer)
customTlsIssuer: ""
# Email address to receive the certificate notification emails send by the `letsencrypt-production` issuer.
tlsIssuerEmail: ""
# The URL of the container registry from where to pull container images for the various
# created Pods. Don't confuse this registry with the "Epinio registry" which is the one
# where Epinio stores the application images.
cattle:
systemDefaultRegistry: ""