Penpot/penpot-helm
0
Fork 0
mirror of https://github.com/penpot/penpot-helm.git synced 2025-01-03 13:20:14 -05:00
Code Issues Activity
penpot-helm/charts/penpot/values.yaml

517 lines
23 KiB
YAML
Raw Normal View History

:baby: initial code
2024-06-11 06:46:03 -05:00
## Default values for Penpot
########################################
## @section Global parameters
########################################
## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
## @param global.imagePullSecrets Global Docker registry secret names as an array.
##
global:
postgresqlEnabled: false
redisEnabled: false
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
########################################
## @section Common parameters
########################################
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created.
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
##
serviceAccount:
enabled: true
annotations: {}
name: "penpot"
########################################
## @section Configuration parameters
########################################
config:
## @param config.publicUri The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example.
##
publicUri: "http://penpot.example.com"
flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"
apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"
## @param config.postgresql.host The PostgreSQL host to connect to. Empty to use dependencies.
## @param config.postgresql.port The PostgreSQL host port to use.
## @param config.postgresql.username The database username to use.
## @param config.postgresql.password The database password to use.
## @param config.postgresql.database The PostgreSQL database to use.
## @param config.postgresql.existingSecret The name of an existing secret.
## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret.
## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret.
##
postgresql:
host: "" # Ex.: "postgresql.penpot.svc.cluster.local"
port: 5432
username: "penpot"
password: "penpot"
database: "penpot"
existingSecret: ""
secretKeys:
usernameKey: ""
passwordKey: ""
## @param config.redis.host The Redis host to connect to. Empty to use dependencies
## @param config.redis.port The Redis host port to use.
## @param config.redis.database The Redis database to connect to.
##
redis:
host: "" # Ex.: "redis-headless.penpot.svc.cluster.local"
port: 6379
database: "0"
## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend.
## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend.
## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend.
## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend.
## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend.
## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend.
## @param config.assets.s3.existingSecret The name of an existing secret.
## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret.
## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret.
## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret.
##
assets:
storageBackend: "assets-fs"
filesystem:
directory: "/opt/data/assets"
s3:
accessKeyID: ""
secretAccessKey: ""
region: ""
bucket: ""
endpointURI: ""
existingSecret: ""
secretKeys:
accessKeyIDKey: ""
secretAccessKey: ""
endpointURIKey: ""
## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data.
##
telemetryEnabled: true
## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
## @param config.smtp.defaultFrom The SMTP default email to send from.
## @param config.smtp.defaultReplyTo The SMTP default email to reply to.
## @param config.smtp.host The SMTP host to use.
## @param config.smtp.port The SMTP host port to use.
## @param config.smtp.username The SMTP username to use.
## @param config.smtp.password The SMTP password to use.
## @param config.smtp.tls Whether to use TLS for the SMTP connection.
## @param config.smtp.ssl Whether to use SSL for the SMTP connection.
## @param config.smtp.existingSecret The name of an existing secret.
## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret.
## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret.
##
smtp:
enabled: false
defaultFrom: ""
defaultReplyTo: ""
host: ""
port: ""
username: ""
password: ""
tls: true
ssl: false
existingSecret: ""
secretKeys:
usernameKey: ""
passwordKey: ""
## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains.
##
registrationDomainWhitelist: ""
## Penpot Authentication providers parameters
##
providers:
## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
##
google:
enabled: false
clientID: ""
clientSecret: ""
## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
## @param config.providers.github.clientID The GitHub client ID to use.
## @param config.providers.github.clientSecret The GitHub client secret to use.
##
github:
enabled: false
clientID: ""
clientSecret: ""
## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
## @param config.providers.gitlab.baseURI The GitLab base URI to use.
## @param config.providers.gitlab.clientID The GitLab client ID to use.
## @param config.providers.gitlab.clientSecret The GitLab client secret to use.
##
gitlab:
enabled: false
baseURI: "https://gitlab.com"
clientID: ""
clientSecret: ""
## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
## @param config.providers.oidc.baseURI The OpenID Connect base URI to use.
## @param config.providers.oidc.clientID The OpenID Connect client ID to use.
## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use.
## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided.
## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided.
## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided.
## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
##
oidc:
enabled: false
baseURI: ""
clientID: ""
clientSecret: ""
authURI: ""
tokenURI: ""
userURI: ""
roles: "role1 role2"
rolesAttribute: ""
scopes: "scope1 scope2"
nameAttribute: ""
emailAttribute: ""
## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
## @param config.providers.ldap.host The LDAP host to use.
## @param config.providers.ldap.port The LDAP port to use.
## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection.
## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection.
## @param config.providers.ldap.baseDN The LDAP base DN to use.
## @param config.providers.ldap.bindDN The LDAP bind DN to use.
## @param config.providers.ldap.bindPassword The LDAP bind password to use.
## @param config.providers.ldap.userQuery The LDAP user query to use.
## @param config.providers.ldap.attributesUsername The LDAP attributes username to use.
## @param config.providers.ldap.attributesEmail The LDAP attributes email to use.
## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use.
## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use.
##
ldap:
enabled: false
host: "ldap"
port: 10389
ssl: false
startTLS: false
baseDN: "ou=people,dc=planetexpress,dc=com"
bindDN: "cn=admin,dc=planetexpress,dc=com"
bindPassword: "GoodNewsEveryone"
userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"
attributesUsername: "uid"
attributesEmail: "mail"
attributesFullname: "cn"
attributesPhoto: "jpegPhoto"
## @param config.providers.existingSecret The name of an existing secret to use.
## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret.
## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret.
## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret.
## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret.
## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret.
## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret.
## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret.
## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret.
##
existingSecret: ""
secretKeys:
googleClientIDKey: ""
googleClientSecretKey: ""
githubClientIDKey: ""
githubClientSecretKey: ""
gitlabClientIDKey: ""
gitlabClientSecretKey: ""
oidcClientIDKey: ""
oidcClientSecretKey: ""
########################################
## @section Backend parameters
########################################
backend:
## @param backend.image.repository The Docker repository to pull the image from.
## @param backend.image.tag The image tag to use.
## @param backend.image.pullPolicy The image pull policy to use.
##
image:
repository: penpotapp/backend
tag: 2.0.3
pullPolicy: IfNotPresent
## @param backend.replicaCount The number of replicas to deploy.
##
replicaCount: 1
## @param backend.service.http.type The http service type to create.
## @param backend.service.http.port The http service port to use.
## @param backend.service.prepl.enabled Whether to enable the prepl service in the backend.
## @param backend.service.prepl.type The prepl service type to create.
## @param backend.service.prepl.port The prepl service port to use.
service:
http:
type: ClusterIP
port: 6060
prepl:
enabled: false
type: ClusterIP
port: 6063
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context
## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context
## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
## @param backend.affinity Affinity for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param backend.nodeSelector Node labels for Penpot pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param backend.tolerations Tolerations for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Penpot backend resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param backend.resources.limits The resources limits for the Penpot backend containers
## @param backend.resources.requests The requested resources for the Penpot backend containers
##
resources:
limits: {}
requests: {}
########################################
## @section Frontend parameters
########################################
frontend:
## @param frontend.image.repository The Docker repository to pull the image from.
## @param frontend.image.tag The image tag to use.
## @param frontend.image.imagePullPolicy The image pull policy to use.
##
image:
repository: penpotapp/frontend
tag: 2.0.3
pullPolicy: IfNotPresent
## @param frontend.replicaCount The number of replicas to deploy.
##
replicaCount: 1
## @param frontend.service.type The service type to create.
## @param frontend.service.port The service port to use.
##
service:
type: ClusterIP
port: 80
## @param frontend.affinity Affinity for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param frontend.nodeSelector Node labels for Penpot pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param frontend.tolerations Tolerations for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Penpot frontend resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param frontend.resources.limits The resources limits for the Penpot frontend containers
## @param frontend.resources.requests The requested resources for the Penpot frontend containers
##
resources:
limits: {}
requests: {}
########################################
## @section Exporter parameters
########################################
exporter:
## @param exporter.image.repository The Docker repository to pull the image from.
## @param exporter.image.tag The image tag to use.
## @param exporter.image.imagePullPolicy The image pull policy to use.
##
image:
repository: penpotapp/exporter
tag: 2.0.3
imagePullPolicy: IfNotPresent
## @param exporter.replicaCount The number of replicas to deploy. Enable exporter.persistence if you use more than 1 replicaCount
##
replicaCount: 1
## @param exporter.service.type The service type to create.
## @param exporter.service.port The service port to use.
##
service:
type: ClusterIP
port: 6061
## @param exporter.persistence.enabled Enable persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it.
## @param exporter.persistence.storageClass Persistent Volume storage class. Empty is choosing the default provisioner by the provider.
## @param exporter.persistence.size Persistent Volume size.
## @param exporter.persistence.existingClaim The name of an existing PVC to use for persistence.
## @param exporter.persistence.accessModes Persistent Volume access modes.
## @param exporter.persistence.annotations Persistent Volume Claim annotations.
##
persistence:
enabled: false
storageClass: ""
size: 10Gi
existingClaim: ""
accessModes:
- ReadWriteOnce
annotations: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context
## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context
## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
## @param exporter.affinity Affinity for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param exporter.nodeSelector Node labels for Penpot pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param exporter.tolerations Tolerations for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Penpot exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param exporter.resources.limits The resources limits for the Penpot exporter containers
## @param exporter.resources.requests The requested resources for the Penpot exporter containers
##
resources:
limits: {}
requests: {}
########################################
## @section Assets Persistence parameters
########################################
persistence:
## @param persistence.enabled Enable persistence using Persistent Volume Claims.
##
enabled: fals
## @param persistence.storageClass Persistent Volume storage class.
## If defined, storageClassName: <storageClass>.
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
##
storageClass: ""
## @param persistence.size Persistent Volume size.
##
size: 20Gi
## @param persistence.existingClaim The name of an existing PVC to use for persistence.
##
existingClaim: ""
## @param persistence.accessModes Persistent Volume access modes.
##
accessModes:
- ReadWriteOnce
## @param persistence.annotations Persistent Volume Claim annotations.
##
annotations: {}
########################################
## @section Ingress parameters
########################################
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: "/"
hosts:
- host: penpot.example.com
tls: []
# - secretName: penpot.example.com-tls
# hosts:
# - penpot.example.com
########################################
## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
########################################
## @param postgresql.auth.username Name for a custom user to create.
## @param postgresql.auth.password Password for the custom user to create.
## @param postgresql.auth.database Name for a custom database to create.
##
postgresql:
auth:
username: "penpot"
password: "penpot"
database: "penpot"
########################################
## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
########################################
## @param redis.auth.enabled Whether to enable password authentication.
##
redis:
auth:
enabled: false
Reference in a new issue Copy permalink