## Default values for Epinio Helm Chart. ## This is a YAML-formatted file. ## Declare variables to be passed into your templates. # Fall back email address to receive notifications from the `letsencrypt-production` issuer. # # __SUPERCEDED__ by `global.tlsIssuerMail`. # # Kept for backward compatibility, here and in the templates. email: "epinio@suse.com" image: epinio: repository: rancher/mirrored-epinio-epinio-server tag: v1.8.1 epinio-ui: repository: rancher/mirrored-epinio-epinio-ui tag: v1.8.1-0.0.1 bash: repository: rancher/mirrored-epinio-epinio-unpacker tag: v1.8.1 awscli: repository: rancher/mirrored-amazon-aws-cli tag: 2.9.14 skopeo: repository: rancher/mirrored-skopeo-skopeo tag: v1.10.0 kubectl: repository: rancher/kubectl tag: v1.22.6 builder: repository: rancher/mirrored-paketobuildpacks-builder tag: 0.2.407-full server: # Domain which serves the Rancher UI (to access the API) accessControlAllowOrigin: "" # increase this value to increase all timeouts by the same factor timeoutMultiplier: 1 # Increase this value to instruct the API server to produce more debug output traceLevel: 0 # The ingressClassName is used to select the ingress controller for apps. If empty ingress.ingressClassName (see below) is used ingressClassName: "" # Disable tracking of the Epinio and Kubernetes cluster version disableTracking: false # Name of the Service Account used by the staging job stagingServiceAccountName: "" ingress: # The ingressClassName is used to select the ingress controller for the server. If empty no class will be added to the ingresses. ingressClassName: "" # Annotations to add to the API ingress # e.g.: --set 'ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect=false' annotations: {} # nginxSSLRedirect to controll https->http redirects nginxSSLRedirect: "true" certManagerNamespace: cert-manager # Connection details for the S3 storage s3: endpoint: s3.amazonaws.com bucket: "epinio" region: "" accessKeyID: "" secretAccessKey: "" useSSL: true # Set it to an existing secret if S3 is using a self signed cert certificateSecret: "" api: # Default users users: - username: admin passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" role: admin - username: epinio passwordBcrypt: "$2a$10$6bCi5NMstMK781In7JGiL.B44pgoplUb330FQvm6mVXMppbXBPiXS" role: user workspaces: - workspace # Dex subchart values -- None for now, and sub chart disabled dex: # hardcode this, to avoid problems with release name fullnameOverride: "dex" configSecret: create: false name: "dex-config" ui: # secret should be supplied by dex automatically, this is just a fall back secret: "" # Defaults to https://epinio.{{ .Values.global.domain }}/auth/verify/ redirectURI: "" # Extra environment variables passed to the epinio-server pod. # extraEnv: # - name: MY_ENV_VAR # value: "1.0" # Minio subchart values minio: enabled: true # hardcode this, to avoid problems with release name fullnameOverride: minio existingSecret: minio-creds tls: enabled: true certSecret: minio-tls publicCrt: tls.crt privateKey: tls.key persistence: size: 2Gi drivesPerNode: 4 replicas: 1 resources: requests: memory: 1Gi makeUserJob: podAnnotations: linkerd.io/inject: disabled epinioUI: enabled: true # UI theme, either 'light' or 'dark' theme: light imagePullPolicy: IfNotPresent # API URL of epinio instance, for proxied connections, defaults to http://epinio-server.%s.svc.cluster.local" apiURL: "" wssURL: "" dexURL: "" uiURL: "" # Skip checking for valid SSL cert when making requests to `EPINIO_API_URL` apiSkipSSL: "true" logLevel: info # Domain that will serve the UI and be the origin of browser requests, used by CORS process allowedOrigins: "" ingress: enabled: false # The ingressClassName is used to select the ingress controller. If empty no class will be added to the ingresses. ingressClassName: "" kubed: enabled: true fullnameOverride: kubed enableAnalytics: false # s3gw subchart values s3gw: enabled: false ingress: enabled: false ui: enabled: false serviceName: s3gw useExistingSecret: true storageSize: 2Gi storageClass: create: false name: "" containerregistry: enabled: true image: registry: repository: rancher/mirrored-library-registry tag: 2.8.1 nginx: repository: rancher/mirrored-library-nginx tag: 1.23.2-alpine imagePullPolicy: IfNotPresent # The ingressClassName is used to select the ingress controller. If # empty no class will be added to the ingresses. ingressClassName: "" serviceCatalog: # Enable service catalog service for development enableDevServices: true global: rbac: pspEnabled: false dex: enabled: true # The domain that will be used to access the epinio API server and the registry domain: "" # Connection details for the container registry. # Skip if containerregistry.enabled is true registryURL: "" registryUsername: "admin" registryPassword: "changeme" # Used in registry path when pushing -> "external.tld/apps/APPNAME" registryNamespace: "apps" # The name of the cluster issuer to use. # Epinio creates three options: 'epinio-ca', 'letsencrypt-production', and 'selfsigned-issuer'. tlsIssuer: "epinio-ca" # Email address to receive the certificate notification emails send by the `letsencrypt-production` issuer. tlsIssuerEmail: "epinio@suse.com" # The URL of the container registry from where to pull container images for the various # created Pods. Don't confuse this registry with the "Epinio registry" which is the one # where Epinio stores the application images. cattle: systemDefaultRegistry: ""