kind: ConfigMap apiVersion: v1 metadata: labels: {{ include "helm.labels" . | indent 4 }} namespace: {{ .Release.Namespace }} name: k10-config data: loglevel: {{ .Values.logLevel | quote }} {{- if .Values.clusterName }} clustername: {{ quote .Values.clusterName }} {{- end }} version: {{ .Chart.AppVersion }} multiClusterVersion: {{ include "k10.multiClusterVersion" . | quote }} modelstoredirname: "//mnt/k10state/kasten-io/" apiDomain: {{ include "apiDomain" . }} concurrentSnapConversions: {{ include "k10.defaultConcurrentSnapshotConversions" . | quote }} concurrentWorkloadSnapshots: {{ include "k10.defaultConcurrentWorkloadSnapshots" . | quote }} k10DataStoreParallelUpload: {{ include "k10.defaultK10DataStoreParallelUpload" . | quote }} k10DataStoreGeneralContentCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralContentCacheSizeMB" . | quote }} k10DataStoreGeneralMetadataCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralMetadataCacheSizeMB" . | quote }} k10DataStoreRestoreContentCacheSizeMB: {{ include "k10.defaultK10DataStoreRestoreContentCacheSizeMB" . | quote }} k10DataStoreRestoreMetadataCacheSizeMB: {{ include "k10.defaultK10DataStoreRestoreMetadataCacheSizeMB" . | quote }} K10BackupBufferFileHeadroomFactor: {{ include "k10.defaultK10BackupBufferFileHeadroomFactor" . | quote }} AWSAssumeRoleDuration: {{ default (include "k10.defaultAssumeRoleDuration" .) .Values.awsConfig.assumeRoleDuration | quote }} KanisterBackupTimeout: {{ default (include "k10.defaultKanisterBackupTimeout" .) .Values.kanister.backupTimeout | quote }} KanisterRestoreTimeout: {{ default (include "k10.defaultKanisterRestoreTimeout" .) .Values.kanister.restoreTimeout | quote }} KanisterDeleteTimeout: {{ default (include "k10.defaultKanisterDeleteTimeout" .) .Values.kanister.deleteTimeout | quote }} KanisterHookTimeout: {{ default (include "k10.defaultKanisterHookTimeout" .) .Values.kanister.hookTimeout | quote }} KanisterCheckRepoTimeout: {{ default (include "k10.defaultKanisterCheckRepoTimeout" .) .Values.kanister.checkRepoTimeout | quote }} KanisterStatsTimeout: {{ default (include "k10.defaultKanisterStatsTimeout" .) .Values.kanister.statsTimeout | quote }} KanisterEFSPostRestoreTimeout: {{ default (include "k10.defaultKanisterEFSPostRestoreTimeout" .) .Values.kanister.efsPostRestoreTimeout | quote }} KanisterPodReadyWaitTimeout: {{ .Values.kanister.podReadyWaitTimeout | quote }} KanisterPodMetricSidecarEnabled: {{ .Values.kanisterPodMetricSidecar.enabled | quote }} KanisterPodMetricSidecarMetricLifetime: {{ .Values.kanisterPodMetricSidecar.metricLifetime | quote }} KanisterPodPushgatewayMetricsInterval: {{ .Values.kanisterPodMetricSidecar.pushGatewayInterval | quote }} K10MutatingWebhookTLSCertDir: "/etc/ssl/certs/webhook" K10LimiterGenericVolumeSnapshots: {{ default (include "k10.defaultK10LimiterGenericVolumeSnapshots" .) .Values.limiter.genericVolumeSnapshots | quote }} K10LimiterGenericVolumeCopies: {{ default (include "k10.defaultK10LimiterGenericVolumeCopies" .) .Values.limiter.genericVolumeCopies | quote }} K10LimiterGenericVolumeRestores: {{ default (include "k10.defaultK10LimiterGenericVolumeRestores" .) .Values.limiter.genericVolumeRestores | quote }} K10LimiterCsiSnapshots: {{ default (include "k10.defaultK10LimiterCsiSnapshots" .) .Values.limiter.csiSnapshots | quote }} K10LimiterProviderSnapshots: {{ default (include "k10.defaultK10LimiterProviderSnapshots" .) .Values.limiter.providerSnapshots | quote }} K10ExecutorWorkerCount: {{ default (include "k10.defaultK10ExecutorWorkerCount" .) .Values.services.executor.workerCount | quote }} K10ExecutorMaxConcurrentRestoreCsiSnapshots: {{ default (include "k10.defaultK10ExecutorMaxConcurrentRestoreCsiSnapshots" .) .Values.services.executor.maxConcurrentRestoreCsiSnapshots | quote }} K10ExecutorMaxConcurrentRestoreGenericVolumeSnapshots: {{ default (include "k10.defaultK10ExecutorMaxConcurrentRestoreGenericVolumeSnapshots" .) .Values.services.executor.maxConcurrentRestoreGenericVolumeSnapshots | quote }} K10ExecutorMaxConcurrentRestoreWorkloads: {{ default (include "k10.defaultK10ExecutorMaxConcurrentRestoreWorkloads" .) .Values.services.executor.maxConcurrentRestoreWorkloads | quote }} K10GCDaemonPeriod: {{ default (include "k10.defaultK10GCDaemonPeriod" .) .Values.garbagecollector.daemonPeriod | quote }} K10GCKeepMaxActions: {{ default (include "k10.defaultK10GCKeepMaxActions" .) .Values.garbagecollector.keepMaxActions | quote }} K10GCImportRunActionsEnabled: {{ default (include "k10.defaultK10GCImportRunActionsEnabled" .) .Values.garbagecollector.importRunActions.enabled | quote }} K10GCRetireActionsEnabled: {{ default (include "k10.defaultK10GCRetireActionsEnabled" .) .Values.garbagecollector.retireActions.enabled | quote }} kubeVirtVMsUnFreezeTimeout: {{ default (include "k10.defaultKubeVirtVMsUnfreezeTimeout" .) .Values.kubeVirtVMs.snapshot.unfreezeTimeout | quote }} k10JobMaxWaitDuration: {{ .Values.maxJobWaitDuration | quote }} {{- if .Values.awsConfig.efsBackupVaultName }} efsBackupVaultName: {{ quote .Values.awsConfig.efsBackupVaultName }} {{- end }} {{- if .Values.excludedApps }} excludedApps: '{{ join "," .Values.excludedApps }}' {{- end }} {{- if .Values.vmWare.taskTimeoutMin }} vmWareTaskTimeoutMin: {{ quote .Values.vmWare.taskTimeoutMin }} {{- end }} {{- include "get.kanisterPodCustomLabels" . | indent 2}} {{- include "get.kanisterPodCustomAnnotations" . | indent 2}} {{- if .Values.kanisterFunctionVersion }} kanisterFunctionVersion: {{ .Values.kanisterFunctionVersion | quote }} {{- else }} kanisterFunctionVersion: {{ quote "v1.0.0-alpha" }} {{- end }} {{- if eq "true" (include "overwite.kanisterToolsImage" .) }} {{- if (include "get.kanisterToolsImage" .) }} overwriteKanisterTools: {{ include "get.kanisterToolsImage" .}} {{- end }} {{- end }} {{- include "kanisterToolsResources" . | indent 2 }} {{ if .Values.features }} --- kind: ConfigMap apiVersion: v1 metadata: labels: {{ include "helm.labels" . | indent 4 }} namespace: {{ .Release.Namespace }} name: k10-features data: {{ include "k10.features" . | indent 2}} {{ end }} {{ if .Values.auth.dex.enabled }} --- kind: ConfigMap apiVersion: v1 metadata: labels: {{ include "helm.labels" . | indent 4 }} name: k10-dex namespace: {{ .Release.Namespace }} data: config.yaml: | issuer: {{ .Values.auth.oidcAuth.providerURL }} storage: type: memory web: http: 0.0.0.0:8080 logger: level: info format: text connectors: - type: oidc id: google name: Google config: issuer: {{ .Values.auth.dex.providerURL }} clientID: {{ .Values.auth.oidcAuth.clientID }} clientSecret: {{ .Values.auth.oidcAuth.clientSecret }} redirectURI: {{ .Values.auth.dex.redirectURL }} scopes: - openid - profile - email oauth2: skipApprovalScreen: true staticClients: - name: 'K10' id: {{ .Values.auth.oidcAuth.clientID }} secret: {{ .Values.auth.oidcAuth.clientSecret }} redirectURIs: - {{ printf "%s/k10/auth-svc/v0/oidc/redirect" .Values.auth.oidcAuth.redirectURL }} enablePasswordDB: true staticPasswords: {{ end }} {{ if .Values.auth.openshift.enabled }} --- kind: ConfigMap apiVersion: v1 metadata: labels: {{ include "helm.labels" . | indent 4 }} name: k10-dex namespace: {{ .Release.Namespace }} data: config.yaml: | issuer: {{ printf "%s/dex" (trimSuffix "/" .Values.auth.openshift.dashboardURL) }} storage: type: memory web: http: 0.0.0.0:8080 logger: level: info format: text connectors: - type: openshift id: openshift name: OpenShift config: issuer: {{ .Values.auth.openshift.openshiftURL }} clientID: {{printf "system:serviceaccount:%s:%s" .Release.Namespace .Values.auth.openshift.serviceAccount }} clientSecret: {{ .Values.auth.openshift.clientSecret }} redirectURI: {{ printf "%s/dex/callback" (trimSuffix "/" .Values.auth.openshift.dashboardURL) }} insecureCA: {{ .Values.auth.openshift.insecureCA }} {{- if and (eq (include "check.cacertconfigmap" .) "false") .Values.auth.openshift.useServiceAccountCA }} rootCA: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt {{- end }} oauth2: skipApprovalScreen: true staticClients: - name: 'K10' id: kasten secret: kastensecret redirectURIs: - {{ printf "%s/auth-svc/v0/oidc/redirect" (trimSuffix "/" .Values.auth.openshift.dashboardURL) }} {{ end }} {{ if .Values.auth.ldap.enabled }} --- kind: ConfigMap apiVersion: v1 metadata: labels: {{ include "helm.labels" . | indent 4 }} name: k10-dex namespace: {{ .Release.Namespace }} data: config.yaml: | issuer: {{ printf "%s/dex" (trimSuffix "/" .Values.auth.ldap.dashboardURL) }} storage: type: memory web: http: 0.0.0.0:8080 frontend: dir: {{ include "k10.dexFrontendDir" . }} theme: custom logoURL: theme/kasten-logo.svg logger: level: info format: text connectors: - type: ldap id: ldap name: LDAP config: host: {{ .Values.auth.ldap.host }} insecureNoSSL: {{ .Values.auth.ldap.insecureNoSSL }} insecureSkipVerify: {{ .Values.auth.ldap.insecureSkipVerifySSL }} startTLS: {{ .Values.auth.ldap.startTLS }} bindDN: {{ .Values.auth.ldap.bindDN }} bindPW: BIND_PASSWORD_PLACEHOLDER userSearch: baseDN: {{ .Values.auth.ldap.userSearch.baseDN }} filter: {{ .Values.auth.ldap.userSearch.filter }} username: {{ .Values.auth.ldap.userSearch.username }} idAttr: {{ .Values.auth.ldap.userSearch.idAttr }} emailAttr: {{ .Values.auth.ldap.userSearch.emailAttr }} nameAttr: {{ .Values.auth.ldap.userSearch.nameAttr }} preferredUsernameAttr: {{ .Values.auth.ldap.userSearch.preferredUsernameAttr }} groupSearch: baseDN: {{ .Values.auth.ldap.groupSearch.baseDN }} filter: {{ .Values.auth.ldap.groupSearch.filter }} nameAttr: {{ .Values.auth.ldap.groupSearch.nameAttr }} {{- with .Values.auth.ldap.groupSearch.userMatchers }} userMatchers: {{ toYaml . | indent 10 }} {{- end }} oauth2: skipApprovalScreen: true staticClients: - name: 'K10' id: kasten secret: kastensecret redirectURIs: - {{ printf "%s/auth-svc/v0/oidc/redirect" (trimSuffix "/" .Values.auth.ldap.dashboardURL) }} --- apiVersion: v1 kind: ConfigMap metadata: name: k10-logos-dex namespace: {{ .Release.Namespace }} binaryData: {{- $files := .Files }} {{- range tuple "files/favicon.png" "files/kasten-logo.svg" "files/styles.css" }} {{ trimPrefix "files/" . }}: |- {{ $files.Get . | b64enc }} {{- end }} {{ end }}