## Default values for Epinio Helm Chart. ## This is a YAML-formatted file. ## Declare variables to be passed into your templates. # Fall back email address to receive notifications from the `letsencrypt-production` issuer. # # __SUPERCEDED__ by `global.tlsIssuerMail`. # # Kept for backward compatibility, here and in the templates. email: "epinio@suse.com" image: epinio: repository: rancher/mirrored-epinio-epinio-server tag: v1.9.0 epinio-ui: repository: rancher/mirrored-epinio-epinio-ui tag: v1.9.0-0.0.3 bash: repository: rancher/mirrored-epinio-epinio-unpacker tag: v1.9.0 awscli: repository: rancher/mirrored-amazon-aws-cli tag: 2.9.14 skopeo: repository: rancher/mirrored-skopeo-skopeo tag: v1.10.0 kubectl: repository: rancher/kubectl tag: v1.22.6 builder: repository: rancher/mirrored-paketobuildpacks-builder tag: 0.2.441-full appChart: default: /assets/epinio-application-0.1.26.tgz server: # Domain which serves the Rancher UI (to access the API) accessControlAllowOrigin: "" # increase this value to increase all timeouts by the same factor timeoutMultiplier: 1 # Increase this value to instruct the API server to produce more debug output traceLevel: 0 # The ingressClassName is used to select the ingress controller for apps. # If empty ingress.ingressClassName (see below) is used ingressClassName: "" # Disable tracking of the Epinio and Kubernetes cluster version disableTracking: false # Name of the Service Account used by the staging job stagingServiceAccountName: "" # Resources to allocate to the staging job. Default: unbounded stagingResourceRequests: cpu: "" memory: "" ingress: # The ingressClassName is used to select the ingress controller for the server. If empty no class will be added to the ingresses. ingressClassName: "" # Annotations to add to the API ingress # e.g.: --set 'ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect=false' annotations: {} # nginxSSLRedirect to controll https->http redirects nginxSSLRedirect: "true" service: # -- Annotations to be added to the Epinio service. annotations: {} # The strategy used to deploy the Epinio server. # If you are using a RWO storage the following will avoid a Multi-Attach error during an `helm upgrade`. # See https://github.com/epinio/epinio/issues/2253. strategy: type: RollingUpdate rollingUpdate: maxSurge: 0 maxUnavailable: 1 certManagerNamespace: cert-manager # Connection details for the S3 storage s3: endpoint: s3.amazonaws.com bucket: "epinio" region: "" accessKeyID: "" secretAccessKey: "" useSSL: true # Set it to an existing secret if S3 is using a self signed cert certificateSecret: "" api: # Default users users: - username: admin passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" role: admin - username: epinio passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" role: user workspaces: - workspace # Dex subchart values -- None for now, and sub chart disabled dex: # hardcode this, to avoid problems with release name fullnameOverride: "dex" configSecret: create: false name: "dex-config" ui: # secret should be supplied by dex automatically, this is just a fall back secret: "" # Defaults to https://epinio.{{ .Values.global.domain }}/auth/verify/ redirectURI: "" service: # -- Annotations to be added to the Epinio service. annotations: {} # Extra environment variables passed to the epinio-server pod. # extraEnv: # - name: MY_ENV_VAR # value: "1.0" # Minio subchart values minio: enabled: true # hardcode this, to avoid problems with release name fullnameOverride: minio existingSecret: minio-creds tls: enabled: true certSecret: minio-tls publicCrt: tls.crt privateKey: tls.key persistence: size: 2Gi drivesPerNode: 4 replicas: 1 resources: requests: memory: 1Gi makeUserJob: podAnnotations: linkerd.io/inject: disabled epinioUI: enabled: true # UI theme, either 'light' or 'dark' theme: light imagePullPolicy: IfNotPresent # API URL of epinio instance, for proxied connections, defaults to http://epinio-server.%s.svc.cluster.local" apiURL: "" wssURL: "" dexURL: "" uiURL: "" # Skip checking for valid SSL cert when making requests to `EPINIO_API_URL` apiSkipSSL: "true" logLevel: info # Domain that will serve the UI and be the origin of browser requests, used by CORS process allowedOrigins: "" ingress: enabled: false # The ingressClassName is used to select the ingress controller. If empty no class will be added to the ingresses. ingressClassName: "" service: # -- Annotations to be added to the service. annotations: {} kubed: enabled: true fullnameOverride: kubed enableAnalytics: false # s3gw subchart values s3gw: enabled: false ingress: enabled: false ui: enabled: false serviceName: s3gw useExistingSecret: true defaultUserCredentialsSecret: s3gw-creds storageSize: 2Gi storageClass: create: false name: "" containerregistry: enabled: true image: registry: repository: rancher/mirrored-library-registry tag: 2.8.1 nginx: repository: rancher/mirrored-library-nginx tag: 1.23.2-alpine imagePullPolicy: IfNotPresent # The ingressClassName is used to select the ingress controller. If # empty no class will be added to the ingresses. ingressClassName: "" # The certificateSecret is used to load the certificate of the registry in the staging job. # The certificate has to be in PEM format within in a 'tls.crt' key (it can be an Opaque secret). # It also has to be trusted by the kubelet, and it needs to be added in the cluster as well. certificateSecret: "" serviceCatalog: # Enable service catalog service for development enableDevServices: true global: rbac: pspEnabled: false dex: enabled: true # The domain that will be used to access the epinio API server and the registry domain: "" # Connection details for the container registry. # Skip if containerregistry.enabled is true registryURL: "" registryUsername: "admin" registryPassword: "changeme" # Used in registry path when pushing -> "external.tld/apps/APPNAME" registryNamespace: "apps" # The name of the cluster issuer to use. # Epinio creates three options: 'epinio-ca', 'letsencrypt-production', and 'selfsigned-issuer'. tlsIssuer: "epinio-ca" # Email address to receive the certificate notification emails send by the `letsencrypt-production` issuer. tlsIssuerEmail: "epinio@suse.com" # The URL of the container registry from where to pull container images for the various # created Pods. Don't confuse this registry with the "Epinio registry" which is the one # where Epinio stores the application images. cattle: systemDefaultRegistry: ""