diff --git a/charts/penpot/README.md b/charts/penpot/README.md index 2e570d2..fe8d5bb 100644 --- a/charts/penpot/README.md +++ b/charts/penpot/README.md @@ -15,170 +15,228 @@ $ helm install my-release penpot/penpot ## Values +### Backend parameters + | Key | Type | Default | Description | |-----|------|---------|-------------| -| backend.affinity | object | `{}` | | -| backend.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | -| backend.containerSecurityContext.capabilities.drop[0] | string | `"all"` | | -| backend.containerSecurityContext.enabled | bool | `true` | | -| backend.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | | -| backend.containerSecurityContext.runAsNonRoot | bool | `true` | | -| backend.containerSecurityContext.runAsUser | int | `1001` | | -| backend.image.pullPolicy | string | `"IfNotPresent"` | | -| backend.image.repository | string | `"penpotapp/backend"` | | -| backend.image.tag | string | `"2.0.3"` | | -| backend.nodeSelector | object | `{}` | | -| backend.podSecurityContext.enabled | bool | `true` | | -| backend.podSecurityContext.fsGroup | int | `1001` | | -| backend.replicaCount | int | `1` | | -| backend.resources.limits | object | `{}` | | -| backend.resources.requests | object | `{}` | | -| backend.service.http.port | int | `6060` | | -| backend.service.http.type | string | `"ClusterIP"` | | -| backend.service.prepl.enabled | bool | `false` | | -| backend.service.prepl.port | int | `6063` | | -| backend.service.prepl.type | string | `"ClusterIP"` | | -| backend.tolerations | list | `[]` | | -| config.apiSecretKey | string | `"kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"` | | -| config.assets.filesystem.directory | string | `"/opt/data/assets"` | | -| config.assets.s3.accessKeyID | string | `""` | | -| config.assets.s3.bucket | string | `""` | | -| config.assets.s3.endpointURI | string | `""` | | -| config.assets.s3.existingSecret | string | `""` | | -| config.assets.s3.region | string | `""` | | -| config.assets.s3.secretAccessKey | string | `""` | | -| config.assets.s3.secretKeys.accessKeyIDKey | string | `""` | | -| config.assets.s3.secretKeys.endpointURIKey | string | `""` | | -| config.assets.s3.secretKeys.secretAccessKey | string | `""` | | -| config.assets.storageBackend | string | `"assets-fs"` | | -| config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"` | | -| config.postgresql.database | string | `"penpot"` | | -| config.postgresql.existingSecret | string | `""` | | -| config.postgresql.host | string | `""` | | -| config.postgresql.password | string | `"penpot"` | | -| config.postgresql.port | int | `5432` | | -| config.postgresql.secretKeys.passwordKey | string | `""` | | -| config.postgresql.secretKeys.usernameKey | string | `""` | | -| config.postgresql.username | string | `"penpot"` | | -| config.providers.existingSecret | string | `""` | | -| config.providers.github.clientID | string | `""` | | -| config.providers.github.clientSecret | string | `""` | | -| config.providers.github.enabled | bool | `false` | | -| config.providers.gitlab.baseURI | string | `"https://gitlab.com"` | | -| config.providers.gitlab.clientID | string | `""` | | -| config.providers.gitlab.clientSecret | string | `""` | | -| config.providers.gitlab.enabled | bool | `false` | | -| config.providers.google.clientID | string | `""` | | -| config.providers.google.clientSecret | string | `""` | | -| config.providers.google.enabled | bool | `false` | | -| config.providers.ldap.attributesEmail | string | `"mail"` | | -| config.providers.ldap.attributesFullname | string | `"cn"` | | -| config.providers.ldap.attributesPhoto | string | `"jpegPhoto"` | | -| config.providers.ldap.attributesUsername | string | `"uid"` | | -| config.providers.ldap.baseDN | string | `"ou=people,dc=planetexpress,dc=com"` | | -| config.providers.ldap.bindDN | string | `"cn=admin,dc=planetexpress,dc=com"` | | -| config.providers.ldap.bindPassword | string | `"GoodNewsEveryone"` | | -| config.providers.ldap.enabled | bool | `false` | | -| config.providers.ldap.host | string | `"ldap"` | | -| config.providers.ldap.port | int | `10389` | | -| config.providers.ldap.ssl | bool | `false` | | -| config.providers.ldap.startTLS | bool | `false` | | -| config.providers.ldap.userQuery | string | `"(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"` | | -| config.providers.oidc.authURI | string | `""` | | -| config.providers.oidc.baseURI | string | `""` | | -| config.providers.oidc.clientID | string | `""` | | -| config.providers.oidc.clientSecret | string | `""` | | -| config.providers.oidc.emailAttribute | string | `""` | | -| config.providers.oidc.enabled | bool | `false` | | -| config.providers.oidc.nameAttribute | string | `""` | | -| config.providers.oidc.roles | string | `"role1 role2"` | | -| config.providers.oidc.rolesAttribute | string | `""` | | -| config.providers.oidc.scopes | string | `"scope1 scope2"` | | -| config.providers.oidc.tokenURI | string | `""` | | -| config.providers.oidc.userURI | string | `""` | | -| config.providers.secretKeys.githubClientIDKey | string | `""` | | -| config.providers.secretKeys.githubClientSecretKey | string | `""` | | -| config.providers.secretKeys.gitlabClientIDKey | string | `""` | | -| config.providers.secretKeys.gitlabClientSecretKey | string | `""` | | -| config.providers.secretKeys.googleClientIDKey | string | `""` | | -| config.providers.secretKeys.googleClientSecretKey | string | `""` | | -| config.providers.secretKeys.oidcClientIDKey | string | `""` | | -| config.providers.secretKeys.oidcClientSecretKey | string | `""` | | -| config.publicUri | string | `"http://penpot.example.com"` | | -| config.redis.database | string | `"0"` | | -| config.redis.host | string | `""` | | -| config.redis.port | int | `6379` | | -| config.registrationDomainWhitelist | string | `""` | | -| config.smtp.defaultFrom | string | `""` | | -| config.smtp.defaultReplyTo | string | `""` | | -| config.smtp.enabled | bool | `false` | | -| config.smtp.existingSecret | string | `""` | | -| config.smtp.host | string | `""` | | -| config.smtp.password | string | `""` | | -| config.smtp.port | string | `""` | | -| config.smtp.secretKeys.passwordKey | string | `""` | | -| config.smtp.secretKeys.usernameKey | string | `""` | | -| config.smtp.ssl | bool | `false` | | -| config.smtp.tls | bool | `true` | | -| config.smtp.username | string | `""` | | -| config.telemetryEnabled | bool | `true` | | -| exporter.affinity | object | `{}` | | -| exporter.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | -| exporter.containerSecurityContext.capabilities.drop[0] | string | `"all"` | | -| exporter.containerSecurityContext.enabled | bool | `true` | | -| exporter.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | | -| exporter.containerSecurityContext.runAsNonRoot | bool | `true` | | -| exporter.containerSecurityContext.runAsUser | int | `1001` | | -| exporter.image.imagePullPolicy | string | `"IfNotPresent"` | | -| exporter.image.repository | string | `"penpotapp/exporter"` | | -| exporter.image.tag | string | `"2.0.3"` | | -| exporter.nodeSelector | object | `{}` | | -| exporter.persistence.accessModes[0] | string | `"ReadWriteOnce"` | | -| exporter.persistence.annotations | object | `{}` | | -| exporter.persistence.enabled | bool | `false` | | -| exporter.persistence.existingClaim | string | `""` | | -| exporter.persistence.size | string | `"10Gi"` | | -| exporter.persistence.storageClass | string | `""` | | -| exporter.podSecurityContext.enabled | bool | `true` | | -| exporter.podSecurityContext.fsGroup | int | `1001` | | -| exporter.replicaCount | int | `1` | | -| exporter.resources.limits | object | `{}` | | -| exporter.resources.requests | object | `{}` | | -| exporter.service.port | int | `6061` | | -| exporter.service.type | string | `"ClusterIP"` | | -| exporter.tolerations | list | `[]` | | -| frontend.affinity | object | `{}` | | -| frontend.image.pullPolicy | string | `"IfNotPresent"` | | -| frontend.image.repository | string | `"penpotapp/frontend"` | | -| frontend.image.tag | string | `"2.0.3"` | | -| frontend.nodeSelector | object | `{}` | | -| frontend.replicaCount | int | `1` | | -| frontend.resources.limits | object | `{}` | | -| frontend.resources.requests | object | `{}` | | -| frontend.service.port | int | `80` | | -| frontend.service.type | string | `"ClusterIP"` | | -| frontend.tolerations | list | `[]` | | -| fullnameOverride | string | `""` | | -| global.imagePullSecrets | list | `[]` | | -| global.postgresqlEnabled | bool | `false` | | -| global.redisEnabled | bool | `false` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"penpot.example.com"` | | -| ingress.path | string | `"/"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| persistence.accessModes[0] | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | string | `"fals"` | | -| persistence.existingClaim | string | `""` | | -| persistence.size | string | `"20Gi"` | | -| persistence.storageClass | string | `""` | | -| postgresql.auth.database | string | `"penpot"` | | -| postgresql.auth.password | string | `"penpot"` | | -| postgresql.auth.username | string | `"penpot"` | | -| redis.auth.enabled | bool | `false` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.enabled | bool | `true` | | -| serviceAccount.name | string | `"penpot"` | | +| backend.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | +| backend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"enabled":true,"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001}` | Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | +| backend.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | Set Penpot containers' security context allowPrivilegeEscalation | +| backend.containerSecurityContext.capabilities | object | `{"drop":["all"]}` | Set Penpot containers' security context capabilities to be dropped | +| backend.containerSecurityContext.enabled | bool | `true` | Enabled Penpot containers' security context | +| backend.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | Set Penpot containers' security context readOnlyRootFilesystem | +| backend.containerSecurityContext.runAsNonRoot | bool | `true` | Set Penpot container's security context runAsNonRoot | +| backend.containerSecurityContext.runAsUser | int | `1001` | Set Penpot containers' security context runAsUser | +| backend.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy to use. | +| backend.image.repository | string | `"penpotapp/backend"` | The Docker repository to pull the image from. | +| backend.image.tag | string | `"2.0.3"` | The image tag to use. | +| backend.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) | +| backend.podSecurityContext | object | `{"enabled":true,"fsGroup":1001}` | Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | +| backend.podSecurityContext.enabled | bool | `true` | Enabled Penpot pods' security context | +| backend.podSecurityContext.fsGroup | int | `1001` | Set Penpot pod's security context fsGroup | +| backend.replicaCount | int | `1` | The number of replicas to deploy. | +| backend.resources | object | `{"limits":{},"requests":{}}` | Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) | +| backend.resources.limits | object | `{}` | The resources limits for the Penpot backend containers | +| backend.resources.requests | object | `{}` | The requested resources for the Penpot backend containers | +| backend.service.http.port | int | `6060` | The http service port to use. | +| backend.service.http.type | string | `"ClusterIP"` | The http service type to create. | +| backend.service.prepl.enabled | bool | `false` | Whether to enable the prepl service in the backend. | +| backend.service.prepl.port | int | `6063` | The prepl service port to use. | +| backend.service.prepl.type | string | `"ClusterIP"` | The prepl service type to create. | +| backend.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | + +### Configuration parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| config.apiSecretKey | string | `"kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"` | A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example. | +| config.assets.filesystem.directory | string | `"/opt/data/assets"` | The storage directory to use if you chose the filesystem storage backend. | +| config.assets.s3.accessKeyID | string | `""` | The S3 access key ID to use if you chose the S3 storage backend. | +| config.assets.s3.bucket | string | `""` | The name of the S3 bucket to use if you chose the S3 storage backend. | +| config.assets.s3.endpointURI | string | `""` | The S3 endpoint URI to use if you chose the S3 storage backend. | +| config.assets.s3.existingSecret | string | `""` | The name of an existing secret. | +| config.assets.s3.region | string | `""` | The S3 region to use if you chose the S3 storage backend. | +| config.assets.s3.secretAccessKey | string | `""` | The S3 secret access key to use if you chose the S3 storage backend. | +| config.assets.s3.secretKeys.accessKeyIDKey | string | `""` | The S3 access key ID to use from an existing secret. | +| config.assets.s3.secretKeys.endpointURIKey | string | `""` | The S3 endpoint URI to use from an existing secret. | +| config.assets.s3.secretKeys.secretAccessKey | string | `""` | The S3 secret access key to use from an existing secret. | +| config.assets.storageBackend | string | `"assets-fs"` | The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. | +| config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"` | The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. | +| config.postgresql.database | string | `"penpot"` | The PostgreSQL database to use. | +| config.postgresql.existingSecret | string | `""` | The name of an existing secret. | +| config.postgresql.host | string | `""` | The PostgreSQL host to connect to. Empty to use dependencies. | +| config.postgresql.password | string | `"penpot"` | The database password to use. | +| config.postgresql.port | int | `5432` | The PostgreSQL host port to use. | +| config.postgresql.secretKeys.passwordKey | string | `""` | The password key to use from an existing secret. | +| config.postgresql.secretKeys.usernameKey | string | `""` | The username key to use from an existing secret. | +| config.postgresql.username | string | `"penpot"` | The database username to use. | +| config.providers | object | `{"existingSecret":"","github":{"clientID":"","clientSecret":"","enabled":false},"gitlab":{"baseURI":"https://gitlab.com","clientID":"","clientSecret":"","enabled":false},"google":{"clientID":"","clientSecret":"","enabled":false},"ldap":{"attributesEmail":"mail","attributesFullname":"cn","attributesPhoto":"jpegPhoto","attributesUsername":"uid","baseDN":"ou=people,dc=planetexpress,dc=com","bindDN":"cn=admin,dc=planetexpress,dc=com","bindPassword":"GoodNewsEveryone","enabled":false,"host":"ldap","port":10389,"ssl":false,"startTLS":false,"userQuery":"(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"},"oidc":{"authURI":"","baseURI":"","clientID":"","clientSecret":"","emailAttribute":"","enabled":false,"nameAttribute":"","roles":"role1 role2","rolesAttribute":"","scopes":"scope1 scope2","tokenURI":"","userURI":""},"secretKeys":{"githubClientIDKey":"","githubClientSecretKey":"","gitlabClientIDKey":"","gitlabClientSecretKey":"","googleClientIDKey":"","googleClientSecretKey":"","oidcClientIDKey":"","oidcClientSecretKey":""}}` | Penpot Authentication providers parameters | +| config.providers.existingSecret | string | `""` | The name of an existing secret to use. | +| config.providers.github.clientID | string | `""` | The GitHub client ID to use. | +| config.providers.github.clientSecret | string | `""` | The GitHub client secret to use. | +| config.providers.github.enabled | bool | `false` | Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. | +| config.providers.gitlab.baseURI | string | `"https://gitlab.com"` | The GitLab base URI to use. | +| config.providers.gitlab.clientID | string | `""` | The GitLab client ID to use. | +| config.providers.gitlab.clientSecret | string | `""` | The GitLab client secret to use. | +| config.providers.gitlab.enabled | bool | `false` | Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. | +| config.providers.google.clientID | string | `""` | The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. | +| config.providers.google.clientSecret | string | `""` | The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. | +| config.providers.google.enabled | bool | `false` | Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. | +| config.providers.ldap.attributesEmail | string | `"mail"` | The LDAP attributes email to use. | +| config.providers.ldap.attributesFullname | string | `"cn"` | The LDAP attributes fullname to use. | +| config.providers.ldap.attributesPhoto | string | `"jpegPhoto"` | The LDAP attributes photo format to use. | +| config.providers.ldap.attributesUsername | string | `"uid"` | The LDAP attributes username to use. | +| config.providers.ldap.baseDN | string | `"ou=people,dc=planetexpress,dc=com"` | The LDAP base DN to use. | +| config.providers.ldap.bindDN | string | `"cn=admin,dc=planetexpress,dc=com"` | The LDAP bind DN to use. | +| config.providers.ldap.bindPassword | string | `"GoodNewsEveryone"` | The LDAP bind password to use. | +| config.providers.ldap.enabled | bool | `false` | Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. | +| config.providers.ldap.host | string | `"ldap"` | The LDAP host to use. | +| config.providers.ldap.port | int | `10389` | The LDAP port to use. | +| config.providers.ldap.ssl | bool | `false` | Whether to use SSL for the LDAP connection. | +| config.providers.ldap.startTLS | bool | `false` | Whether to utilize StartTLS for the LDAP connection. | +| config.providers.ldap.userQuery | string | `"(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"` | The LDAP user query to use. | +| config.providers.oidc.authURI | string | `""` | Optional OpenID Connect auth URI to use. Auto discovered if not provided. | +| config.providers.oidc.baseURI | string | `""` | The OpenID Connect base URI to use. | +| config.providers.oidc.clientID | string | `""` | The OpenID Connect client ID to use. | +| config.providers.oidc.clientSecret | string | `""` | The OpenID Connect client secret to use. | +| config.providers.oidc.emailAttribute | string | `""` | Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. | +| config.providers.oidc.enabled | bool | `false` | Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. | +| config.providers.oidc.nameAttribute | string | `""` | Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. | +| config.providers.oidc.roles | string | `"role1 role2"` | Optional OpenID Connect roles to use. If no role is provided, roles checking disabled. | +| config.providers.oidc.rolesAttribute | string | `""` | Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled. | +| config.providers.oidc.scopes | string | `"scope1 scope2"` | Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. | +| config.providers.oidc.tokenURI | string | `""` | Optional OpenID Connect token URI to use. Auto discovered if not provided. | +| config.providers.oidc.userURI | string | `""` | Optional OpenID Connect user URI to use. Auto discovered if not provided. | +| config.providers.secretKeys.githubClientIDKey | string | `""` | The GitHub client ID key to use from an existing secret. | +| config.providers.secretKeys.githubClientSecretKey | string | `""` | The GitHub client secret key to use from an existing secret. | +| config.providers.secretKeys.gitlabClientIDKey | string | `""` | The GitLab client ID key to use from an existing secret. | +| config.providers.secretKeys.gitlabClientSecretKey | string | `""` | The GitLab client secret key to use from an existing secret. | +| config.providers.secretKeys.googleClientIDKey | string | `""` | The Google client ID key to use from an existing secret. | +| config.providers.secretKeys.googleClientSecretKey | string | `""` | The Google client secret key to use from an existing secret. | +| config.providers.secretKeys.oidcClientIDKey | string | `""` | The OpenID Connect client ID key to use from an existing secret. | +| config.providers.secretKeys.oidcClientSecretKey | string | `""` | The OpenID Connect client secret key to use from an existing secret. | +| config.publicUri | string | `"http://penpot.example.com"` | The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. | +| config.redis.database | string | `"0"` | The Redis database to connect to. | +| config.redis.host | string | `""` | The Redis host to connect to. Empty to use dependencies | +| config.redis.port | int | `6379` | The Redis host port to use. | +| config.registrationDomainWhitelist | string | `""` | Comma separated list of allowed domains to register. Empty to allow all domains. | +| config.smtp.defaultFrom | string | `""` | The SMTP default email to send from. | +| config.smtp.defaultReplyTo | string | `""` | The SMTP default email to reply to. | +| config.smtp.enabled | bool | `false` | Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. | +| config.smtp.existingSecret | string | `""` | The name of an existing secret. | +| config.smtp.host | string | `""` | The SMTP host to use. | +| config.smtp.password | string | `""` | The SMTP password to use. | +| config.smtp.port | string | `""` | The SMTP host port to use. | +| config.smtp.secretKeys.passwordKey | string | `""` | The SMTP password to use from an existing secret. | +| config.smtp.secretKeys.usernameKey | string | `""` | The SMTP username to use from an existing secret. | +| config.smtp.ssl | bool | `false` | Whether to use SSL for the SMTP connection. | +| config.smtp.tls | bool | `true` | Whether to use TLS for the SMTP connection. | +| config.smtp.username | string | `""` | The SMTP username to use. | +| config.telemetryEnabled | bool | `true` | Whether to enable sending of anonymous telemetry data. | + +### Exporter parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| exporter.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | +| exporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"enabled":true,"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001}` | Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | +| exporter.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | Set Penpot containers' security context allowPrivilegeEscalation | +| exporter.containerSecurityContext.capabilities | object | `{"drop":["all"]}` | Set Penpot containers' security context capabilities to be dropped | +| exporter.containerSecurityContext.enabled | bool | `true` | Enabled Penpot containers' security context | +| exporter.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | Set Penpot containers' security context readOnlyRootFilesystem | +| exporter.containerSecurityContext.runAsNonRoot | bool | `true` | Set Penpot container's security context runAsNonRoot | +| exporter.containerSecurityContext.runAsUser | int | `1001` | Set Penpot containers' security context runAsUser | +| exporter.image.imagePullPolicy | string | `"IfNotPresent"` | The image pull policy to use. | +| exporter.image.repository | string | `"penpotapp/exporter"` | The Docker repository to pull the image from. | +| exporter.image.tag | string | `"2.0.3"` | The image tag to use. | +| exporter.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) | +| exporter.podSecurityContext | object | `{"enabled":true,"fsGroup":1001}` | Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | +| exporter.podSecurityContext.enabled | bool | `true` | Enabled Penpot pods' security context | +| exporter.podSecurityContext.fsGroup | int | `1001` | Set Penpot pod's security context fsGroup | +| exporter.replicaCount | int | `1` | The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount | +| exporter.resources | object | `{"limits":{},"requests":{}}` | Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) | +| exporter.resources.limits | object | `{}` | The resources limits for the Penpot frontend containers | +| exporter.resources.requests | object | `{}` | The requested resources for the Penpot frontend containers | +| exporter.service.port | int | `6061` | The service port to use. | +| exporter.service.type | string | `"ClusterIP"` | The service type to create. | +| exporter.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | + +### Frontend parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| frontend.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | +| frontend.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy to use. | +| frontend.image.repository | string | `"penpotapp/frontend"` | The Docker repository to pull the image from. | +| frontend.image.tag | string | `"2.0.3"` | The image tag to use. | +| frontend.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) | +| frontend.replicaCount | int | `1` | The number of replicas to deploy. | +| frontend.resources | object | `{"limits":{},"requests":{}}` | Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) | +| frontend.resources.limits | object | `{}` | The resources limits for the Penpot frontend containers | +| frontend.resources.requests | object | `{}` | The requested resources for the Penpot frontend containers | +| frontend.service.port | int | `80` | The service port to use. | +| frontend.service.type | string | `"ClusterIP"` | The service type to create. | +| frontend.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | + +### Common parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| fullnameOverride | string | `""` | To fully override common.names.fullname | +| nameOverride | string | `""` | To partially override common.names.fullname | +| serviceAccount.annotations | object | `{}` | Annotations for service account. Evaluated as a template. | +| serviceAccount.enabled | bool | `true` | Specifies whether a ServiceAccount should be created. | +| serviceAccount.name | string | `"penpot"` | The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. | + +### Global parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| global.imagePullSecrets | list | `[]` | Global Docker registry secret names. E.g. imagePullSecrets: - myRegistryKeySecretName | +| global.postgresqlEnabled | bool | `false` | Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration. | +| global.redisEnabled | bool | `false` | Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. | + +### Ingress parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| ingress.annotations | object | `{}` | Mapped annotations for the ingress crontroller. E.g. annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" | +| ingress.className | string | `""` | The Ingress className. | +| ingress.enabled | bool | `false` | Enable (frontend) Ingress Controller. | +| ingress.hosts | list | `[{"host":"penpot.example.com"}]` | Array style hosts for the (frontend) ingress crontroller. | +| ingress.hosts[0] | object | `{"host":"penpot.example.com"}` | The default external hostname to access to the penpot app. | +| ingress.path | string | `"/"` | Root path for every hosts. | +| ingress.tls | list | `[]` | Array style TLS secrets for the (frontend) ingress crontroller. E.g. tls: - secretName: penpot.example.com-tls hosts: - penpot.example.com | + +### Persistence parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| persistence.assets.accessModes | list | `["ReadWriteOnce"]` | Assets persistent Volume access modes. | +| persistence.assets.annotations | object | `{}` | Assetsp ersistent Volume Claim annotations. | +| persistence.assets.enabled | string | `"fals"` | Enable assets persistence using Persistent Volume Claims. | +| persistence.assets.existingClaim | string | `""` | The name of an existing PVC to use for assets persistence. | +| persistence.assets.size | string | `"20Gi"` | Assets persistent Volume size. | +| persistence.assets.storageClass | string | `""` | Assets persistent Volume storage class. If defined, storageClassName: . If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. | +| persistence.exporter.accessModes | list | `["ReadWriteOnce"]` | Exporter persistent Volume access modes. | +| persistence.exporter.annotations | object | `{}` | Exporter persistent Volume Claim annotations. | +| persistence.exporter.enabled | bool | `false` | Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it. | +| persistence.exporter.existingClaim | string | `""` | The name of an existing PVC to use for persistence. | +| persistence.exporter.size | string | `"10Gi"` | Exporter persistent Volume size. | +| persistence.exporter.storageClass | string | `""` | Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider. | + +### PostgreSQL Dependencie parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| postgresql | object | `{"auth":{"database":"penpot","password":"penpot","username":"penpot"}}` | PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql)) | +| postgresql.auth.database | string | `"penpot"` | Name for a custom database to create. | +| postgresql.auth.password | string | `"penpot"` | Password for the custom user to create. | +| postgresql.auth.username | string | `"penpot"` | Name for a custom user to create. | + +### Redis Dependencie parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redis | object | `{"auth":{"enabled":false}}` | Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) | +| redis.auth.enabled | bool | `false` | Whether to enable password authentication. | diff --git a/charts/penpot/templates/assets-persistentvolumeclaim.yml b/charts/penpot/templates/assets-persistentvolumeclaim.yml index d093f36..fa2a917 100644 --- a/charts/penpot/templates/assets-persistentvolumeclaim.yml +++ b/charts/penpot/templates/assets-persistentvolumeclaim.yml @@ -1,24 +1,24 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if and .Values.persistence.assets.enabled (not .Values.persistence.assets.existingClaim) -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ include "penpot.fullname" . }} + name: {{ include "penpot.fullname" . }}-data-assets namespace: {{ .Release.Namespace }} labels: {{- include "penpot.labels" . | nindent 4 }} -{{- if .Values.persistence.annotations }} +{{- if .Values.persistence.assets.annotations }} annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} +{{ toYaml .Values.persistence.assets.annotations | indent 4 }} {{- end }} spec: accessModes: - {{- range .Values.persistence.accessModes }} + {{- range .Values.persistence.assets.accessModes }} - {{ . | quote }} {{- end }} resources: requests: - storage: {{ .Values.persistence.size | quote }} -{{- if .Values.persistence.storageClass }} - storageClassName: "{{ .Values.persistence.storageClass }}" + storage: {{ .Values.persistence.assets.size | quote }} +{{- if .Values.persistence.assets.storageClass }} + storageClassName: "{{ .Values.persistence.assets.storageClass }}" {{- end }} {{- end -}} diff --git a/charts/penpot/templates/backend-deployment.yml b/charts/penpot/templates/backend-deployment.yml index 944d501..bfbc473 100644 --- a/charts/penpot/templates/backend-deployment.yml +++ b/charts/penpot/templates/backend-deployment.yml @@ -395,9 +395,9 @@ spec: {{- end }} volumes: - name: app-data - {{- if .Values.persistence.enabled }} + {{- if .Values.persistence.assets.enabled }} persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} + claimName: {{ .Values.persistence.assets.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-assets" ) }} {{- else }} emptyDir: {} {{- end }} diff --git a/charts/penpot/templates/exporter-deployment.yml b/charts/penpot/templates/exporter-deployment.yml index bc8b037..e1d1ea9 100644 --- a/charts/penpot/templates/exporter-deployment.yml +++ b/charts/penpot/templates/exporter-deployment.yml @@ -67,9 +67,9 @@ spec: {{- end }} volumes: - name: app-data - {{- if .Values.exporter.persistence.enabled }} + {{- if .Values.persistence.exporter.enabled }} persistentVolumeClaim: - claimName: {{ .Values.exporter.persistence.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "exporter" ) }} + claimName: {{ .Values.persistence.exporter.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-exporter" ) }} {{- else }} emptyDir: {} {{- end }} diff --git a/charts/penpot/templates/exporter-persistentvolumeclaim.yml b/charts/penpot/templates/exporter-persistentvolumeclaim.yml index fe33192..19582bd 100644 --- a/charts/penpot/templates/exporter-persistentvolumeclaim.yml +++ b/charts/penpot/templates/exporter-persistentvolumeclaim.yml @@ -1,24 +1,24 @@ -{{- if and .Values.exporter.persistence.enabled (not .Values.exporter.persistence.existingClaim) -}} +{{- if and .Values.persistence.exporter.enabled (not .Values.persistence.exporter.existingClaim) -}} apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ include "penpot.fullname" . }}-exporter + name: {{ include "penpot.fullname" . }}-data-exporter namespace: {{ .Release.Namespace }} labels: {{- include "penpot.labels" . | nindent 4 }} -{{- if .Values.exporter.persistence.annotations }} +{{- if .Values.persistence.exporter.annotations }} annotations: -{{ toYaml .Values.exporter.persistence.annotations | indent 4 }} +{{ toYaml .Values.persistence.exporter.annotations | indent 4 }} {{- end }} spec: accessModes: - {{- range .Values.exporter.persistence.accessModes }} + {{- range .Values.persistence.exporter.accessModes }} - {{ . | quote }} {{- end }} resources: requests: - storage: {{ .Values.exporter.persistence.size | quote }} -{{- if .Values.exporter.persistence.storageClass }} - storageClassName: "{{ .Values.exporter.persistence.storageClass }}" + storage: {{ .Values.persistence.exporter.size | quote }} +{{- if .Values.persistence.exporter.storageClass }} + storageClassName: "{{ .Values.persistence.exporter.storageClass }}" {{- end }} {{- end -}} diff --git a/charts/penpot/templates/frontend-deployment.yml b/charts/penpot/templates/frontend-deployment.yml index d968f56..c6c06db 100644 --- a/charts/penpot/templates/frontend-deployment.yml +++ b/charts/penpot/templates/frontend-deployment.yml @@ -66,9 +66,9 @@ spec: {{- end }} volumes: - name: app-data - {{- if .Values.persistence.enabled }} + {{- if .Values.persistence.assets.enabled }} persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} + claimName: {{ .Values.persistence.assets.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-assets" ) }} {{- else }} emptyDir: {} {{- end }} diff --git a/charts/penpot/values.yaml b/charts/penpot/values.yaml index fb495c9..2786724 100644 --- a/charts/penpot/values.yaml +++ b/charts/penpot/values.yaml @@ -1,516 +1,600 @@ ## Default values for Penpot -######################################## -## @section Global parameters -######################################## - -## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration. -## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. -## @param global.imagePullSecrets Global Docker registry secret names as an array. -## global: + # -- Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration. + # @section -- Global parameters postgresqlEnabled: false + # -- Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. + # @section -- Global parameters redisEnabled: false - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## + # -- Global Docker registry secret names. + # E.g. + # imagePullSecrets: + # - myRegistryKeySecretName + # @section -- Global parameters imagePullSecrets: [] -######################################## -## @section Common parameters -######################################## - -## @param nameOverride String to partially override common.names.fullname -## +# -- To partially override common.names.fullname +# @section -- Common parameters nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## +# -- To fully override common.names.fullname +# @section -- Common parameters fullnameOverride: "" -## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created. -## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. -## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. -## serviceAccount: + # -- Specifies whether a ServiceAccount should be created. + # @section -- Common parameters enabled: true + # -- Annotations for service account. Evaluated as a template. + # @section -- Common parameters annotations: {} + # -- The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. + # @section -- Common parameters name: "penpot" -######################################## -## @section Configuration parameters -######################################## - config: - ## @param config.publicUri The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. - ## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. - ## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example. - ## + # -- The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. + # @section -- Configuration parameters publicUri: "http://penpot.example.com" + # -- The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. + # @section -- Configuration parameters flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server" + # -- A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example. + # @section -- Configuration parameters apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg" - ## @param config.postgresql.host The PostgreSQL host to connect to. Empty to use dependencies. - ## @param config.postgresql.port The PostgreSQL host port to use. - ## @param config.postgresql.username The database username to use. - ## @param config.postgresql.password The database password to use. - ## @param config.postgresql.database The PostgreSQL database to use. - ## @param config.postgresql.existingSecret The name of an existing secret. - ## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret. - ## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret. - ## + # -- Comma separated list of allowed domains to register. Empty to allow all domains. + # @section -- Configuration parameters + registrationDomainWhitelist: "" + # -- Whether to enable sending of anonymous telemetry data. + # @section -- Configuration parameters + telemetryEnabled: true + postgresql: + # -- The PostgreSQL host to connect to. Empty to use dependencies. + # @section -- Configuration parameters host: "" # Ex.: "postgresql.penpot.svc.cluster.local" + # -- The PostgreSQL host port to use. + # @section -- Configuration parameters port: 5432 + # -- The database username to use. + # @section -- Configuration parameters username: "penpot" + # -- The database password to use. + # @section -- Configuration parameters password: "penpot" + # -- The PostgreSQL database to use. + # @section -- Configuration parameters database: "penpot" + # -- The name of an existing secret. + # @section -- Configuration parameters existingSecret: "" secretKeys: + # -- The username key to use from an existing secret. + # @section -- Configuration parameters usernameKey: "" + # -- The password key to use from an existing secret. + # @section -- Configuration parameters passwordKey: "" - ## @param config.redis.host The Redis host to connect to. Empty to use dependencies - ## @param config.redis.port The Redis host port to use. - ## @param config.redis.database The Redis database to connect to. - ## + redis: + # -- The Redis host to connect to. Empty to use dependencies + # @section -- Configuration parameters host: "" # Ex.: "redis-headless.penpot.svc.cluster.local" + # -- The Redis host port to use. + # @section -- Configuration parameters port: 6379 + # -- The Redis database to connect to. + # @section -- Configuration parameters database: "0" - ## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. - ## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend. - ## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend. - ## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend. - ## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend. - ## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend. - ## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend. - ## @param config.assets.s3.existingSecret The name of an existing secret. - ## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret. - ## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret. - ## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret. - ## + assets: + # -- The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. + # @section -- Configuration parameters storageBackend: "assets-fs" filesystem: + # -- The storage directory to use if you chose the filesystem storage backend. + # @section -- Configuration parameters directory: "/opt/data/assets" s3: + # -- The S3 access key ID to use if you chose the S3 storage backend. + # @section -- Configuration parameters accessKeyID: "" + # -- The S3 secret access key to use if you chose the S3 storage backend. + # @section -- Configuration parameters secretAccessKey: "" + # -- The S3 region to use if you chose the S3 storage backend. + # @section -- Configuration parameters region: "" + # -- The name of the S3 bucket to use if you chose the S3 storage backend. + # @section -- Configuration parameters bucket: "" + # -- The S3 endpoint URI to use if you chose the S3 storage backend. + # @section -- Configuration parameters endpointURI: "" + # -- The name of an existing secret. + # @section -- Configuration parameters existingSecret: "" secretKeys: + # -- The S3 access key ID to use from an existing secret. + # @section -- Configuration parameters accessKeyIDKey: "" + # -- The S3 secret access key to use from an existing secret. + # @section -- Configuration parameters secretAccessKey: "" + # -- The S3 endpoint URI to use from an existing secret. + # @section -- Configuration parameters endpointURIKey: "" - ## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data. - ## - telemetryEnabled: true - ## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. - ## @param config.smtp.defaultFrom The SMTP default email to send from. - ## @param config.smtp.defaultReplyTo The SMTP default email to reply to. - ## @param config.smtp.host The SMTP host to use. - ## @param config.smtp.port The SMTP host port to use. - ## @param config.smtp.username The SMTP username to use. - ## @param config.smtp.password The SMTP password to use. - ## @param config.smtp.tls Whether to use TLS for the SMTP connection. - ## @param config.smtp.ssl Whether to use SSL for the SMTP connection. - ## @param config.smtp.existingSecret The name of an existing secret. - ## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret. - ## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret. - ## + smtp: + # -- Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. + # @section -- Configuration parameters enabled: false + # -- The SMTP default email to send from. + # @section -- Configuration parameters defaultFrom: "" + # -- The SMTP default email to reply to. + # @section -- Configuration parameters defaultReplyTo: "" + # -- The SMTP host to use. + # @section -- Configuration parameters host: "" + # -- The SMTP host port to use. + # @section -- Configuration parameters port: "" + # -- The SMTP username to use. + # @section -- Configuration parameters username: "" + # -- The SMTP password to use. + # @section -- Configuration parameters password: "" + # -- Whether to use TLS for the SMTP connection. + # @section -- Configuration parameters tls: true + # -- Whether to use SSL for the SMTP connection. + # @section -- Configuration parameters ssl: false + # -- The name of an existing secret. + # @section -- Configuration parameters existingSecret: "" secretKeys: + # -- The SMTP username to use from an existing secret. + # @section -- Configuration parameters usernameKey: "" + # -- The SMTP password to use from an existing secret. + # @section -- Configuration parameters passwordKey: "" - ## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains. - ## - registrationDomainWhitelist: "" - ## Penpot Authentication providers parameters - ## + + # -- Penpot Authentication providers parameters + # @section -- Configuration parameters providers: - ## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. - ## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. - ## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. - ## google: + # -- Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. + # @section -- Configuration parameters enabled: false + # -- The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. + # @section -- Configuration parameters clientID: "" + # -- The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. + # @section -- Configuration parameters clientSecret: "" - ## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. - ## @param config.providers.github.clientID The GitHub client ID to use. - ## @param config.providers.github.clientSecret The GitHub client secret to use. - ## github: + # -- Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. + # @section -- Configuration parameters enabled: false + # -- The GitHub client ID to use. + # @section -- Configuration parameters clientID: "" + # -- The GitHub client secret to use. + # @section -- Configuration parameters clientSecret: "" - ## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. - ## @param config.providers.gitlab.baseURI The GitLab base URI to use. - ## @param config.providers.gitlab.clientID The GitLab client ID to use. - ## @param config.providers.gitlab.clientSecret The GitLab client secret to use. - ## gitlab: + # -- Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. + # @section -- Configuration parameters enabled: false + # -- The GitLab base URI to use. + # @section -- Configuration parameters baseURI: "https://gitlab.com" + # -- The GitLab client ID to use. + # @section -- Configuration parameters clientID: "" + # -- The GitLab client secret to use. + # @section -- Configuration parameters clientSecret: "" - ## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. - ## @param config.providers.oidc.baseURI The OpenID Connect base URI to use. - ## @param config.providers.oidc.clientID The OpenID Connect client ID to use. - ## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use. - ## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided. - ## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided. - ## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided. - ## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled. - ## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled. - ## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. - ## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. - ## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. - ## oidc: + # -- Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. + # @section -- Configuration parameters enabled: false + # -- The OpenID Connect base URI to use. + # @section -- Configuration parameters baseURI: "" + # -- The OpenID Connect client ID to use. + # @section -- Configuration parameters clientID: "" + # -- The OpenID Connect client secret to use. + # @section -- Configuration parameters clientSecret: "" + # -- Optional OpenID Connect auth URI to use. Auto discovered if not provided. + # @section -- Configuration parameters authURI: "" + # -- Optional OpenID Connect token URI to use. Auto discovered if not provided. + # @section -- Configuration parameters tokenURI: "" + # -- Optional OpenID Connect user URI to use. Auto discovered if not provided. + # @section -- Configuration parameters userURI: "" + # -- Optional OpenID Connect roles to use. If no role is provided, roles checking disabled. + # @section -- Configuration parameters roles: "role1 role2" + # -- Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled. + # @section -- Configuration parameters rolesAttribute: "" + # -- Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. + # @section -- Configuration parameters scopes: "scope1 scope2" + # -- Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. + # @section -- Configuration parameters nameAttribute: "" + # -- Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. + # @section -- Configuration parameters emailAttribute: "" - ## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. - ## @param config.providers.ldap.host The LDAP host to use. - ## @param config.providers.ldap.port The LDAP port to use. - ## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection. - ## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection. - ## @param config.providers.ldap.baseDN The LDAP base DN to use. - ## @param config.providers.ldap.bindDN The LDAP bind DN to use. - ## @param config.providers.ldap.bindPassword The LDAP bind password to use. - ## @param config.providers.ldap.userQuery The LDAP user query to use. - ## @param config.providers.ldap.attributesUsername The LDAP attributes username to use. - ## @param config.providers.ldap.attributesEmail The LDAP attributes email to use. - ## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use. - ## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use. - ## ldap: + # -- Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. + # @section -- Configuration parameters enabled: false + # -- The LDAP host to use. + # @section -- Configuration parameters host: "ldap" + # -- The LDAP port to use. + # @section -- Configuration parameters port: 10389 + # -- Whether to use SSL for the LDAP connection. + # @section -- Configuration parameters ssl: false + # -- Whether to utilize StartTLS for the LDAP connection. + # @section -- Configuration parameters startTLS: false + # -- The LDAP base DN to use. + # @section -- Configuration parameters baseDN: "ou=people,dc=planetexpress,dc=com" + # -- The LDAP bind DN to use. + # @section -- Configuration parameters bindDN: "cn=admin,dc=planetexpress,dc=com" + # -- The LDAP bind password to use. + # @section -- Configuration parameters bindPassword: "GoodNewsEveryone" + # -- The LDAP user query to use. + # @section -- Configuration parameters userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))" + # -- The LDAP attributes username to use. + # @section -- Configuration parameters attributesUsername: "uid" + # -- The LDAP attributes email to use. + # @section -- Configuration parameters attributesEmail: "mail" + # -- The LDAP attributes fullname to use. + # @section -- Configuration parameters attributesFullname: "cn" + # -- The LDAP attributes photo format to use. + # @section -- Configuration parameters attributesPhoto: "jpegPhoto" - ## @param config.providers.existingSecret The name of an existing secret to use. - ## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret. - ## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret. - ## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret. - ## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret. - ## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret. - ## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret. - ## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret. - ## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret. - ## + # -- The name of an existing secret to use. + # @section -- Configuration parameters existingSecret: "" secretKeys: + # -- The Google client ID key to use from an existing secret. + # @section -- Configuration parameters googleClientIDKey: "" + # -- The Google client secret key to use from an existing secret. + # @section -- Configuration parameters googleClientSecretKey: "" + # -- The GitHub client ID key to use from an existing secret. + # @section -- Configuration parameters githubClientIDKey: "" + # -- The GitHub client secret key to use from an existing secret. + # @section -- Configuration parameters githubClientSecretKey: "" + # -- The GitLab client ID key to use from an existing secret. + # @section -- Configuration parameters gitlabClientIDKey: "" + # -- The GitLab client secret key to use from an existing secret. + # @section -- Configuration parameters gitlabClientSecretKey: "" + # -- The OpenID Connect client ID key to use from an existing secret. + # @section -- Configuration parameters oidcClientIDKey: "" + # -- The OpenID Connect client secret key to use from an existing secret. + # @section -- Configuration parameters oidcClientSecretKey: "" -######################################## -## @section Backend parameters -######################################## - backend: - ## @param backend.image.repository The Docker repository to pull the image from. - ## @param backend.image.tag The image tag to use. - ## @param backend.image.pullPolicy The image pull policy to use. - ## image: + # -- The Docker repository to pull the image from. + # @section -- Backend parameters repository: penpotapp/backend + # -- The image tag to use. + # @section -- Backend parameters tag: 2.0.3 + # -- The image pull policy to use. + # @section -- Backend parameters pullPolicy: IfNotPresent - ## @param backend.replicaCount The number of replicas to deploy. - ## + # -- The number of replicas to deploy. + # @section -- Backend parameters replicaCount: 1 - ## @param backend.service.http.type The http service type to create. - ## @param backend.service.http.port The http service port to use. - ## @param backend.service.prepl.enabled Whether to enable the prepl service in the backend. - ## @param backend.service.prepl.type The prepl service type to create. - ## @param backend.service.prepl.port The prepl service port to use. service: http: + # -- The http service type to create. + # @section -- Backend parameters type: ClusterIP + # -- The http service port to use. + # @section -- Backend parameters port: 6060 prepl: + # -- Whether to enable the prepl service in the backend. + # @section -- Backend parameters enabled: false + # -- The prepl service type to create. + # @section -- Backend parameters type: ClusterIP + # -- The prepl service port to use. + # @section -- Backend parameters port: 6063 - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context - ## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup - ## + # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Backend parameters podSecurityContext: + # -- Enabled Penpot pods' security context + # @section -- Backend parameters enabled: true + # -- Set Penpot pod's security context fsGroup + # @section -- Backend parameters fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context - ## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser - ## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation - ## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped - ## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem - ## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot - ## + # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Backend parameters containerSecurityContext: + # -- Enabled Penpot containers' security context + # @section -- Backend parameters enabled: true + # -- Set Penpot containers' security context runAsUser + # @section -- Backend parameters runAsUser: 1001 + # -- Set Penpot containers' security context allowPrivilegeEscalation + # @section -- Backend parameters allowPrivilegeEscalation: false + # -- Set Penpot containers' security context capabilities to be dropped + # @section -- Backend parameters capabilities: drop: - all + # -- Set Penpot containers' security context readOnlyRootFilesystem + # @section -- Backend parameters readOnlyRootFilesystem: false + # -- Set Penpot container's security context runAsNonRoot + # @section -- Backend parameters runAsNonRoot: true - ## @param backend.affinity Affinity for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## + # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # @section -- Backend parameters affinity: {} - ## @param backend.nodeSelector Node labels for Penpot pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## + # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) + # @section -- Backend parameters nodeSelector: {} - ## @param backend.tolerations Tolerations for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## + # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) + # @section -- Backend parameters tolerations: [] - ## Penpot backend resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param backend.resources.limits The resources limits for the Penpot backend containers - ## @param backend.resources.requests The requested resources for the Penpot backend containers - ## + # -- Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) + # @section -- Backend parameters resources: + # -- The resources limits for the Penpot backend containers + # @section -- Backend parameters limits: {} + # -- The requested resources for the Penpot backend containers + # @section -- Backend parameters requests: {} -######################################## -## @section Frontend parameters -######################################## - frontend: - ## @param frontend.image.repository The Docker repository to pull the image from. - ## @param frontend.image.tag The image tag to use. - ## @param frontend.image.imagePullPolicy The image pull policy to use. - ## image: + # -- The Docker repository to pull the image from. + # @section -- Frontend parameters repository: penpotapp/frontend + # -- The image tag to use. + # @section -- Frontend parameters tag: 2.0.3 + # -- The image pull policy to use. + # @section -- Frontend parameters pullPolicy: IfNotPresent - ## @param frontend.replicaCount The number of replicas to deploy. - ## + # -- The number of replicas to deploy. + # @section -- Frontend parameters replicaCount: 1 - ## @param frontend.service.type The service type to create. - ## @param frontend.service.port The service port to use. - ## service: + # -- The service type to create. + # @section -- Frontend parameters type: ClusterIP + # -- The service port to use. + # @section -- Frontend parameters port: 80 - ## @param frontend.affinity Affinity for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## + # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # @section -- Frontend parameters affinity: {} - ## @param frontend.nodeSelector Node labels for Penpot pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## + # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) + # @section -- Frontend parameters nodeSelector: {} - ## @param frontend.tolerations Tolerations for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## + # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) + # @section -- Frontend parameters tolerations: [] - ## Penpot frontend resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param frontend.resources.limits The resources limits for the Penpot frontend containers - ## @param frontend.resources.requests The requested resources for the Penpot frontend containers - ## + # -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) + # @section -- Frontend parameters resources: + # -- The resources limits for the Penpot frontend containers + # @section -- Frontend parameters limits: {} + # -- The requested resources for the Penpot frontend containers + # @section -- Frontend parameters requests: {} -######################################## -## @section Exporter parameters -######################################## - exporter: - ## @param exporter.image.repository The Docker repository to pull the image from. - ## @param exporter.image.tag The image tag to use. - ## @param exporter.image.imagePullPolicy The image pull policy to use. - ## image: + # -- The Docker repository to pull the image from. + # @section -- Exporter parameters repository: penpotapp/exporter + # -- The image tag to use. + # @section -- Exporter parameters tag: 2.0.3 + # -- The image pull policy to use. + # @section -- Exporter parameters imagePullPolicy: IfNotPresent - ## @param exporter.replicaCount The number of replicas to deploy. Enable exporter.persistence if you use more than 1 replicaCount - ## + # -- The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount + # @section -- Exporter parameters replicaCount: 1 - ## @param exporter.service.type The service type to create. - ## @param exporter.service.port The service port to use. - ## service: + # -- The service type to create. + # @section -- Exporter parameters type: ClusterIP + # -- The service port to use. + # @section -- Exporter parameters port: 6061 - - ## @param exporter.persistence.enabled Enable persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it. - ## @param exporter.persistence.storageClass Persistent Volume storage class. Empty is choosing the default provisioner by the provider. - ## @param exporter.persistence.size Persistent Volume size. - ## @param exporter.persistence.existingClaim The name of an existing PVC to use for persistence. - ## @param exporter.persistence.accessModes Persistent Volume access modes. - ## @param exporter.persistence.annotations Persistent Volume Claim annotations. - ## - persistence: - enabled: false - storageClass: "" - size: 10Gi - existingClaim: "" - accessModes: - - ReadWriteOnce - annotations: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context - ## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup - ## + # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Exporter parameters podSecurityContext: + # -- Enabled Penpot pods' security context + # @section -- Exporter parameters enabled: true + # -- Set Penpot pod's security context fsGroup + # @section -- Exporter parameters fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context - ## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser - ## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation - ## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped - ## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem - ## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot - ## + # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Exporter parameters containerSecurityContext: + # -- Enabled Penpot containers' security context + # @section -- Exporter parameters enabled: true + # -- Set Penpot containers' security context runAsUser + # @section -- Exporter parameters runAsUser: 1001 + # -- Set Penpot containers' security context allowPrivilegeEscalation + # @section -- Exporter parameters allowPrivilegeEscalation: false + # -- Set Penpot containers' security context capabilities to be dropped + # @section -- Exporter parameters capabilities: drop: - - all + - all + # -- Set Penpot containers' security context readOnlyRootFilesystem + # @section -- Exporter parameters readOnlyRootFilesystem: false + # -- Set Penpot container's security context runAsNonRoot + # @section -- Exporter parameters runAsNonRoot: true - ## @param exporter.affinity Affinity for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## + # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # @section -- Exporter parameters affinity: {} - ## @param exporter.nodeSelector Node labels for Penpot pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## + # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) + # @section -- Exporter parameters nodeSelector: {} - ## @param exporter.tolerations Tolerations for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## + # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) + # @section -- Exporter parameters tolerations: [] - ## Penpot exporter resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param exporter.resources.limits The resources limits for the Penpot exporter containers - ## @param exporter.resources.requests The requested resources for the Penpot exporter containers - ## + # -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) + # @section -- Exporter parameters resources: + # -- The resources limits for the Penpot frontend containers + # @section -- Exporter parameters limits: {} + # -- The requested resources for the Penpot frontend containers + # @section -- Exporter parameters requests: {} - -######################################## -## @section Assets Persistence parameters -######################################## - +# @section -- Persistence parameters persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims. - ## - enabled: fals - ## @param persistence.storageClass Persistent Volume storage class. - ## If defined, storageClassName: . - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. - ## - storageClass: "" - ## @param persistence.size Persistent Volume size. - ## - size: 20Gi - ## @param persistence.existingClaim The name of an existing PVC to use for persistence. - ## - existingClaim: "" - ## @param persistence.accessModes Persistent Volume access modes. - ## - accessModes: - - ReadWriteOnce - ## @param persistence.annotations Persistent Volume Claim annotations. - ## - annotations: {} - - -######################################## -## @section Ingress parameters -######################################## + assets: + # -- Enable assets persistence using Persistent Volume Claims. + # @section -- Persistence parameters + enabled: fals + # -- Assets persistent Volume storage class. + # If defined, storageClassName: . + # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. + # @section -- Persistence parameters + storageClass: "" + # -- Assets persistent Volume size. + # @section -- Persistence parameters + size: 20Gi + # -- The name of an existing PVC to use for assets persistence. + # @section -- Persistence parameters + existingClaim: "" + # -- Assets persistent Volume access modes. + # @section -- Persistence parameters + accessModes: + - ReadWriteOnce + # -- Assetsp ersistent Volume Claim annotations. + # @section -- Persistence parameters + annotations: {} + exporter: + # -- Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it. + # @section -- Persistence parameters + enabled: false + # -- Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider. + # @section -- Persistence parameters + storageClass: "" + # -- Exporter persistent Volume size. + # @section -- Persistence parameters + size: 10Gi + # -- The name of an existing PVC to use for persistence. + # @section -- Persistence parameters + existingClaim: "" + # -- Exporter persistent Volume access modes. + # @section -- Persistence parameters + accessModes: + - ReadWriteOnce + # -- Exporter persistent Volume Claim annotations. + # @section -- Persistence parameters + annotations: {} ingress: + # -- Enable (frontend) Ingress Controller. + # @section -- Ingress parameters enabled: false + # -- The Ingress className. + # @section -- Ingress parameters className: "" + # -- Mapped annotations for the ingress crontroller. + # E.g. + # annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # @section -- Ingress parameters annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + # -- Root path for every hosts. + # @section -- Ingress parameters path: "/" + # -- Array style hosts for the (frontend) ingress crontroller. + # @section -- Ingress parameters hosts: + # -- The default external hostname to access to the penpot app. + # @section -- Ingress parameters - host: penpot.example.com + # -- Array style TLS secrets for the (frontend) ingress crontroller. + # E.g. + # tls: + # - secretName: penpot.example.com-tls + # hosts: + # - penpot.example.com + # @section -- Ingress parameters tls: [] - # - secretName: penpot.example.com-tls - # hosts: - # - penpot.example.com - -######################################## -## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql)) -######################################## - -## @param postgresql.auth.username Name for a custom user to create. -## @param postgresql.auth.password Password for the custom user to create. -## @param postgresql.auth.database Name for a custom database to create. -## +# -- PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql)) +# @section -- PostgreSQL Dependencie parameters postgresql: auth: + # -- Name for a custom user to create. + # @section -- PostgreSQL Dependencie parameters username: "penpot" + # -- Password for the custom user to create. + # @section -- PostgreSQL Dependencie parameters password: "penpot" + # -- Name for a custom database to create. + # @section -- PostgreSQL Dependencie parameters database: "penpot" -######################################## -## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) -######################################## - -## @param redis.auth.enabled Whether to enable password authentication. -## +# -- Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) +# @section -- Redis Dependencie parameters redis: auth: + # -- Whether to enable password authentication. + # @section -- Redis Dependencie parameters enabled: false diff --git a/devel/penpot.values.yaml b/devel/penpot.values.yaml index 76cdd26..5b5fea9 100644 --- a/devel/penpot.values.yaml +++ b/devel/penpot.values.yaml @@ -7,19 +7,20 @@ config: publicUri: "http://localhost" apiSecretKey: "my-secret-key" -# backend: -# replicaCount: 2 +#backend: +# replicaCount: 2 -# frontend: -# replicaCount: 2 +#frontend: +# replicaCount: 2 -# exporter: -# replicaCount: 2 -# persistence: -# enabled: true +#exporter: +# replicaCount: 2 persistence: - enabled: true + assets: + enabled: true + exporter: + enabled: true ingress: enabled: true