Penpot/penpot-helm
0
Fork 0
mirror of https://github.com/penpot/penpot-helm.git synced 2024-12-22 13:43:01 -05:00
Code Issues Activity

chore(doc): improve documentation of Values section

Browse source
This commit is contained in:
David Barragán Merino 2024-07-08 18:44:24 +02:00
parent b0d83d010b
commit 2001dfc006
8 changed files with 646 additions and 503 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

388
charts/penpot/README.md
View file

@ -15,170 +15,228 @@ $ helm install my-release penpot/penpot
## Values ## Values
### Backend parameters
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| backend.affinity | object | `{}` | | | backend.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) |
| backend.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | backend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"enabled":true,"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001}` | Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
| backend.containerSecurityContext.capabilities.drop[0] | string | `"all"` | | | backend.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | Set Penpot containers' security context allowPrivilegeEscalation |
| backend.containerSecurityContext.enabled | bool | `true` | | | backend.containerSecurityContext.capabilities | object | `{"drop":["all"]}` | Set Penpot containers' security context capabilities to be dropped |
| backend.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | | | backend.containerSecurityContext.enabled | bool | `true` | Enabled Penpot containers' security context |
| backend.containerSecurityContext.runAsNonRoot | bool | `true` | | | backend.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | Set Penpot containers' security context readOnlyRootFilesystem |
| backend.containerSecurityContext.runAsUser | int | `1001` | | | backend.containerSecurityContext.runAsNonRoot | bool | `true` | Set Penpot container's security context runAsNonRoot |
| backend.image.pullPolicy | string | `"IfNotPresent"` | | | backend.containerSecurityContext.runAsUser | int | `1001` | Set Penpot containers' security context runAsUser |
| backend.image.repository | string | `"penpotapp/backend"` | | | backend.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy to use. |
| backend.image.tag | string | `"2.0.3"` | | | backend.image.repository | string | `"penpotapp/backend"` | The Docker repository to pull the image from. |
| backend.nodeSelector | object | `{}` | | | backend.image.tag | string | `"2.0.3"` | The image tag to use. |
| backend.podSecurityContext.enabled | bool | `true` | | | backend.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) |
| backend.podSecurityContext.fsGroup | int | `1001` | | | backend.podSecurityContext | object | `{"enabled":true,"fsGroup":1001}` | Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
| backend.replicaCount | int | `1` | | | backend.podSecurityContext.enabled | bool | `true` | Enabled Penpot pods' security context |
| backend.resources.limits | object | `{}` | | | backend.podSecurityContext.fsGroup | int | `1001` | Set Penpot pod's security context fsGroup |
| backend.resources.requests | object | `{}` | | | backend.replicaCount | int | `1` | The number of replicas to deploy. |
| backend.service.http.port | int | `6060` | | | backend.resources | object | `{"limits":{},"requests":{}}` | Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) |
| backend.service.http.type | string | `"ClusterIP"` | | | backend.resources.limits | object | `{}` | The resources limits for the Penpot backend containers |
| backend.service.prepl.enabled | bool | `false` | | | backend.resources.requests | object | `{}` | The requested resources for the Penpot backend containers |
| backend.service.prepl.port | int | `6063` | | | backend.service.http.port | int | `6060` | The http service port to use. |
| backend.service.prepl.type | string | `"ClusterIP"` | | | backend.service.http.type | string | `"ClusterIP"` | The http service type to create. |
| backend.tolerations | list | `[]` | | | backend.service.prepl.enabled | bool | `false` | Whether to enable the prepl service in the backend. |
| config.apiSecretKey | string | `"kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"` | | | backend.service.prepl.port | int | `6063` | The prepl service port to use. |
| config.assets.filesystem.directory | string | `"/opt/data/assets"` | | | backend.service.prepl.type | string | `"ClusterIP"` | The prepl service type to create. |
| config.assets.s3.accessKeyID | string | `""` | | | backend.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |
| config.assets.s3.bucket | string | `""` | |
| config.assets.s3.endpointURI | string | `""` | | ### Configuration parameters
| config.assets.s3.existingSecret | string | `""` | |
| config.assets.s3.region | string | `""` | | | Key | Type | Default | Description |
| config.assets.s3.secretAccessKey | string | `""` | | |-----|------|---------|-------------|
| config.assets.s3.secretKeys.accessKeyIDKey | string | `""` | | | config.apiSecretKey | string | `"kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"` | A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example. |
| config.assets.s3.secretKeys.endpointURIKey | string | `""` | | | config.assets.filesystem.directory | string | `"/opt/data/assets"` | The storage directory to use if you chose the filesystem storage backend. |
| config.assets.s3.secretKeys.secretAccessKey | string | `""` | | | config.assets.s3.accessKeyID | string | `""` | The S3 access key ID to use if you chose the S3 storage backend. |
| config.assets.storageBackend | string | `"assets-fs"` | | | config.assets.s3.bucket | string | `""` | The name of the S3 bucket to use if you chose the S3 storage backend. |
| config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"` | | | config.assets.s3.endpointURI | string | `""` | The S3 endpoint URI to use if you chose the S3 storage backend. |
| config.postgresql.database | string | `"penpot"` | | | config.assets.s3.existingSecret | string | `""` | The name of an existing secret. |
| config.postgresql.existingSecret | string | `""` | | | config.assets.s3.region | string | `""` | The S3 region to use if you chose the S3 storage backend. |
| config.postgresql.host | string | `""` | | | config.assets.s3.secretAccessKey | string | `""` | The S3 secret access key to use if you chose the S3 storage backend. |
| config.postgresql.password | string | `"penpot"` | | | config.assets.s3.secretKeys.accessKeyIDKey | string | `""` | The S3 access key ID to use from an existing secret. |
| config.postgresql.port | int | `5432` | | | config.assets.s3.secretKeys.endpointURIKey | string | `""` | The S3 endpoint URI to use from an existing secret. |
| config.postgresql.secretKeys.passwordKey | string | `""` | | | config.assets.s3.secretKeys.secretAccessKey | string | `""` | The S3 secret access key to use from an existing secret. |
| config.postgresql.secretKeys.usernameKey | string | `""` | | | config.assets.storageBackend | string | `"assets-fs"` | The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. |
| config.postgresql.username | string | `"penpot"` | | | config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"` | The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. |
| config.providers.existingSecret | string | `""` | | | config.postgresql.database | string | `"penpot"` | The PostgreSQL database to use. |
| config.providers.github.clientID | string | `""` | | | config.postgresql.existingSecret | string | `""` | The name of an existing secret. |
| config.providers.github.clientSecret | string | `""` | | | config.postgresql.host | string | `""` | The PostgreSQL host to connect to. Empty to use dependencies. |
| config.providers.github.enabled | bool | `false` | | | config.postgresql.password | string | `"penpot"` | The database password to use. |
| config.providers.gitlab.baseURI | string | `"https://gitlab.com"` | | | config.postgresql.port | int | `5432` | The PostgreSQL host port to use. |
| config.providers.gitlab.clientID | string | `""` | | | config.postgresql.secretKeys.passwordKey | string | `""` | The password key to use from an existing secret. |
| config.providers.gitlab.clientSecret | string | `""` | | | config.postgresql.secretKeys.usernameKey | string | `""` | The username key to use from an existing secret. |
| config.providers.gitlab.enabled | bool | `false` | | | config.postgresql.username | string | `"penpot"` | The database username to use. |
| config.providers.google.clientID | string | `""` | | | config.providers | object | `{"existingSecret":"","github":{"clientID":"","clientSecret":"","enabled":false},"gitlab":{"baseURI":"https://gitlab.com","clientID":"","clientSecret":"","enabled":false},"google":{"clientID":"","clientSecret":"","enabled":false},"ldap":{"attributesEmail":"mail","attributesFullname":"cn","attributesPhoto":"jpegPhoto","attributesUsername":"uid","baseDN":"ou=people,dc=planetexpress,dc=com","bindDN":"cn=admin,dc=planetexpress,dc=com","bindPassword":"GoodNewsEveryone","enabled":false,"host":"ldap","port":10389,"ssl":false,"startTLS":false,"userQuery":"(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"},"oidc":{"authURI":"","baseURI":"","clientID":"","clientSecret":"","emailAttribute":"","enabled":false,"nameAttribute":"","roles":"role1 role2","rolesAttribute":"","scopes":"scope1 scope2","tokenURI":"","userURI":""},"secretKeys":{"githubClientIDKey":"","githubClientSecretKey":"","gitlabClientIDKey":"","gitlabClientSecretKey":"","googleClientIDKey":"","googleClientSecretKey":"","oidcClientIDKey":"","oidcClientSecretKey":""}}` | Penpot Authentication providers parameters |
| config.providers.google.clientSecret | string | `""` | | | config.providers.existingSecret | string | `""` | The name of an existing secret to use. |
| config.providers.google.enabled | bool | `false` | | | config.providers.github.clientID | string | `""` | The GitHub client ID to use. |
| config.providers.ldap.attributesEmail | string | `"mail"` | | | config.providers.github.clientSecret | string | `""` | The GitHub client secret to use. |
| config.providers.ldap.attributesFullname | string | `"cn"` | | | config.providers.github.enabled | bool | `false` | Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. |
| config.providers.ldap.attributesPhoto | string | `"jpegPhoto"` | | | config.providers.gitlab.baseURI | string | `"https://gitlab.com"` | The GitLab base URI to use. |
| config.providers.ldap.attributesUsername | string | `"uid"` | | | config.providers.gitlab.clientID | string | `""` | The GitLab client ID to use. |
| config.providers.ldap.baseDN | string | `"ou=people,dc=planetexpress,dc=com"` | | | config.providers.gitlab.clientSecret | string | `""` | The GitLab client secret to use. |
| config.providers.ldap.bindDN | string | `"cn=admin,dc=planetexpress,dc=com"` | | | config.providers.gitlab.enabled | bool | `false` | Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. |
| config.providers.ldap.bindPassword | string | `"GoodNewsEveryone"` | | | config.providers.google.clientID | string | `""` | The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. |
| config.providers.ldap.enabled | bool | `false` | | | config.providers.google.clientSecret | string | `""` | The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. |
| config.providers.ldap.host | string | `"ldap"` | | | config.providers.google.enabled | bool | `false` | Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. |
| config.providers.ldap.port | int | `10389` | | | config.providers.ldap.attributesEmail | string | `"mail"` | The LDAP attributes email to use. |
| config.providers.ldap.ssl | bool | `false` | | | config.providers.ldap.attributesFullname | string | `"cn"` | The LDAP attributes fullname to use. |
| config.providers.ldap.startTLS | bool | `false` | | | config.providers.ldap.attributesPhoto | string | `"jpegPhoto"` | The LDAP attributes photo format to use. |
| config.providers.ldap.userQuery | string | `"(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"` | | | config.providers.ldap.attributesUsername | string | `"uid"` | The LDAP attributes username to use. |
| config.providers.oidc.authURI | string | `""` | | | config.providers.ldap.baseDN | string | `"ou=people,dc=planetexpress,dc=com"` | The LDAP base DN to use. |
| config.providers.oidc.baseURI | string | `""` | | | config.providers.ldap.bindDN | string | `"cn=admin,dc=planetexpress,dc=com"` | The LDAP bind DN to use. |
| config.providers.oidc.clientID | string | `""` | | | config.providers.ldap.bindPassword | string | `"GoodNewsEveryone"` | The LDAP bind password to use. |
| config.providers.oidc.clientSecret | string | `""` | | | config.providers.ldap.enabled | bool | `false` | Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. |
| config.providers.oidc.emailAttribute | string | `""` | | | config.providers.ldap.host | string | `"ldap"` | The LDAP host to use. |
| config.providers.oidc.enabled | bool | `false` | | | config.providers.ldap.port | int | `10389` | The LDAP port to use. |
| config.providers.oidc.nameAttribute | string | `""` | | | config.providers.ldap.ssl | bool | `false` | Whether to use SSL for the LDAP connection. |
| config.providers.oidc.roles | string | `"role1 role2"` | | | config.providers.ldap.startTLS | bool | `false` | Whether to utilize StartTLS for the LDAP connection. |
| config.providers.oidc.rolesAttribute | string | `""` | | | config.providers.ldap.userQuery | string | `"(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"` | The LDAP user query to use. |
| config.providers.oidc.scopes | string | `"scope1 scope2"` | | | config.providers.oidc.authURI | string | `""` | Optional OpenID Connect auth URI to use. Auto discovered if not provided. |
| config.providers.oidc.tokenURI | string | `""` | | | config.providers.oidc.baseURI | string | `""` | The OpenID Connect base URI to use. |
| config.providers.oidc.userURI | string | `""` | | | config.providers.oidc.clientID | string | `""` | The OpenID Connect client ID to use. |
| config.providers.secretKeys.githubClientIDKey | string | `""` | | | config.providers.oidc.clientSecret | string | `""` | The OpenID Connect client secret to use. |
| config.providers.secretKeys.githubClientSecretKey | string | `""` | | | config.providers.oidc.emailAttribute | string | `""` | Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. |
| config.providers.secretKeys.gitlabClientIDKey | string | `""` | | | config.providers.oidc.enabled | bool | `false` | Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. |
| config.providers.secretKeys.gitlabClientSecretKey | string | `""` | | | config.providers.oidc.nameAttribute | string | `""` | Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. |
| config.providers.secretKeys.googleClientIDKey | string | `""` | | | config.providers.oidc.roles | string | `"role1 role2"` | Optional OpenID Connect roles to use. If no role is provided, roles checking disabled. |
| config.providers.secretKeys.googleClientSecretKey | string | `""` | | | config.providers.oidc.rolesAttribute | string | `""` | Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled. |
| config.providers.secretKeys.oidcClientIDKey | string | `""` | | | config.providers.oidc.scopes | string | `"scope1 scope2"` | Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. |
| config.providers.secretKeys.oidcClientSecretKey | string | `""` | | | config.providers.oidc.tokenURI | string | `""` | Optional OpenID Connect token URI to use. Auto discovered if not provided. |
| config.publicUri | string | `"http://penpot.example.com"` | | | config.providers.oidc.userURI | string | `""` | Optional OpenID Connect user URI to use. Auto discovered if not provided. |
| config.redis.database | string | `"0"` | | | config.providers.secretKeys.githubClientIDKey | string | `""` | The GitHub client ID key to use from an existing secret. |
| config.redis.host | string | `""` | | | config.providers.secretKeys.githubClientSecretKey | string | `""` | The GitHub client secret key to use from an existing secret. |
| config.redis.port | int | `6379` | | | config.providers.secretKeys.gitlabClientIDKey | string | `""` | The GitLab client ID key to use from an existing secret. |
| config.registrationDomainWhitelist | string | `""` | | | config.providers.secretKeys.gitlabClientSecretKey | string | `""` | The GitLab client secret key to use from an existing secret. |
| config.smtp.defaultFrom | string | `""` | | | config.providers.secretKeys.googleClientIDKey | string | `""` | The Google client ID key to use from an existing secret. |
| config.smtp.defaultReplyTo | string | `""` | | | config.providers.secretKeys.googleClientSecretKey | string | `""` | The Google client secret key to use from an existing secret. |
| config.smtp.enabled | bool | `false` | | | config.providers.secretKeys.oidcClientIDKey | string | `""` | The OpenID Connect client ID key to use from an existing secret. |
| config.smtp.existingSecret | string | `""` | | | config.providers.secretKeys.oidcClientSecretKey | string | `""` | The OpenID Connect client secret key to use from an existing secret. |
| config.smtp.host | string | `""` | | | config.publicUri | string | `"http://penpot.example.com"` | The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. |
| config.smtp.password | string | `""` | | | config.redis.database | string | `"0"` | The Redis database to connect to. |
| config.smtp.port | string | `""` | | | config.redis.host | string | `""` | The Redis host to connect to. Empty to use dependencies |
| config.smtp.secretKeys.passwordKey | string | `""` | | | config.redis.port | int | `6379` | The Redis host port to use. |
| config.smtp.secretKeys.usernameKey | string | `""` | | | config.registrationDomainWhitelist | string | `""` | Comma separated list of allowed domains to register. Empty to allow all domains. |
| config.smtp.ssl | bool | `false` | | | config.smtp.defaultFrom | string | `""` | The SMTP default email to send from. |
| config.smtp.tls | bool | `true` | | | config.smtp.defaultReplyTo | string | `""` | The SMTP default email to reply to. |
| config.smtp.username | string | `""` | | | config.smtp.enabled | bool | `false` | Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. |
| config.telemetryEnabled | bool | `true` | | | config.smtp.existingSecret | string | `""` | The name of an existing secret. |
| exporter.affinity | object | `{}` | | | config.smtp.host | string | `""` | The SMTP host to use. |
| exporter.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | config.smtp.password | string | `""` | The SMTP password to use. |
| exporter.containerSecurityContext.capabilities.drop[0] | string | `"all"` | | | config.smtp.port | string | `""` | The SMTP host port to use. |
| exporter.containerSecurityContext.enabled | bool | `true` | | | config.smtp.secretKeys.passwordKey | string | `""` | The SMTP password to use from an existing secret. |
| exporter.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | | | config.smtp.secretKeys.usernameKey | string | `""` | The SMTP username to use from an existing secret. |
| exporter.containerSecurityContext.runAsNonRoot | bool | `true` | | | config.smtp.ssl | bool | `false` | Whether to use SSL for the SMTP connection. |
| exporter.containerSecurityContext.runAsUser | int | `1001` | | | config.smtp.tls | bool | `true` | Whether to use TLS for the SMTP connection. |
| exporter.image.imagePullPolicy | string | `"IfNotPresent"` | | | config.smtp.username | string | `""` | The SMTP username to use. |
| exporter.image.repository | string | `"penpotapp/exporter"` | | | config.telemetryEnabled | bool | `true` | Whether to enable sending of anonymous telemetry data. |
| exporter.image.tag | string | `"2.0.3"` | |
| exporter.nodeSelector | object | `{}` | | ### Exporter parameters
| exporter.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
| exporter.persistence.annotations | object | `{}` | | | Key | Type | Default | Description |
| exporter.persistence.enabled | bool | `false` | | |-----|------|---------|-------------|
| exporter.persistence.existingClaim | string | `""` | | | exporter.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) |
| exporter.persistence.size | string | `"10Gi"` | | | exporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"enabled":true,"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001}` | Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
| exporter.persistence.storageClass | string | `""` | | | exporter.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | Set Penpot containers' security context allowPrivilegeEscalation |
| exporter.podSecurityContext.enabled | bool | `true` | | | exporter.containerSecurityContext.capabilities | object | `{"drop":["all"]}` | Set Penpot containers' security context capabilities to be dropped |
| exporter.podSecurityContext.fsGroup | int | `1001` | | | exporter.containerSecurityContext.enabled | bool | `true` | Enabled Penpot containers' security context |
| exporter.replicaCount | int | `1` | | | exporter.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | Set Penpot containers' security context readOnlyRootFilesystem |
| exporter.resources.limits | object | `{}` | | | exporter.containerSecurityContext.runAsNonRoot | bool | `true` | Set Penpot container's security context runAsNonRoot |
| exporter.resources.requests | object | `{}` | | | exporter.containerSecurityContext.runAsUser | int | `1001` | Set Penpot containers' security context runAsUser |
| exporter.service.port | int | `6061` | | | exporter.image.imagePullPolicy | string | `"IfNotPresent"` | The image pull policy to use. |
| exporter.service.type | string | `"ClusterIP"` | | | exporter.image.repository | string | `"penpotapp/exporter"` | The Docker repository to pull the image from. |
| exporter.tolerations | list | `[]` | | | exporter.image.tag | string | `"2.0.3"` | The image tag to use. |
| frontend.affinity | object | `{}` | | | exporter.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) |
| frontend.image.pullPolicy | string | `"IfNotPresent"` | | | exporter.podSecurityContext | object | `{"enabled":true,"fsGroup":1001}` | Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
| frontend.image.repository | string | `"penpotapp/frontend"` | | | exporter.podSecurityContext.enabled | bool | `true` | Enabled Penpot pods' security context |
| frontend.image.tag | string | `"2.0.3"` | | | exporter.podSecurityContext.fsGroup | int | `1001` | Set Penpot pod's security context fsGroup |
| frontend.nodeSelector | object | `{}` | | | exporter.replicaCount | int | `1` | The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount |
| frontend.replicaCount | int | `1` | | | exporter.resources | object | `{"limits":{},"requests":{}}` | Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) |
| frontend.resources.limits | object | `{}` | | | exporter.resources.limits | object | `{}` | The resources limits for the Penpot frontend containers |
| frontend.resources.requests | object | `{}` | | | exporter.resources.requests | object | `{}` | The requested resources for the Penpot frontend containers |
| frontend.service.port | int | `80` | | | exporter.service.port | int | `6061` | The service port to use. |
| frontend.service.type | string | `"ClusterIP"` | | | exporter.service.type | string | `"ClusterIP"` | The service type to create. |
| frontend.tolerations | list | `[]` | | | exporter.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |
| fullnameOverride | string | `""` | |
| global.imagePullSecrets | list | `[]` | | ### Frontend parameters
| global.postgresqlEnabled | bool | `false` | |
| global.redisEnabled | bool | `false` | | | Key | Type | Default | Description |
| ingress.annotations | object | `{}` | | |-----|------|---------|-------------|
| ingress.className | string | `""` | | | frontend.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) |
| ingress.enabled | bool | `false` | | | frontend.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy to use. |
| ingress.hosts[0].host | string | `"penpot.example.com"` | | | frontend.image.repository | string | `"penpotapp/frontend"` | The Docker repository to pull the image from. |
| ingress.path | string | `"/"` | | | frontend.image.tag | string | `"2.0.3"` | The image tag to use. |
| ingress.tls | list | `[]` | | | frontend.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) |
| nameOverride | string | `""` | | | frontend.replicaCount | int | `1` | The number of replicas to deploy. |
| persistence.accessModes[0] | string | `"ReadWriteOnce"` | | | frontend.resources | object | `{"limits":{},"requests":{}}` | Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) |
| persistence.annotations | object | `{}` | | | frontend.resources.limits | object | `{}` | The resources limits for the Penpot frontend containers |
| persistence.enabled | string | `"fals"` | | | frontend.resources.requests | object | `{}` | The requested resources for the Penpot frontend containers |
| persistence.existingClaim | string | `""` | | | frontend.service.port | int | `80` | The service port to use. |
| persistence.size | string | `"20Gi"` | | | frontend.service.type | string | `"ClusterIP"` | The service type to create. |
| persistence.storageClass | string | `""` | | | frontend.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |
| postgresql.auth.database | string | `"penpot"` | |
| postgresql.auth.password | string | `"penpot"` | | ### Common parameters
| postgresql.auth.username | string | `"penpot"` | |
| redis.auth.enabled | bool | `false` | | | Key | Type | Default | Description |
| serviceAccount.annotations | object | `{}` | | |-----|------|---------|-------------|
| serviceAccount.enabled | bool | `true` | | | fullnameOverride | string | `""` | To fully override common.names.fullname |
| serviceAccount.name | string | `"penpot"` | | | nameOverride | string | `""` | To partially override common.names.fullname |
| serviceAccount.annotations | object | `{}` | Annotations for service account. Evaluated as a template. |
| serviceAccount.enabled | bool | `true` | Specifies whether a ServiceAccount should be created. |
| serviceAccount.name | string | `"penpot"` | The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. |
### Global parameters
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| global.imagePullSecrets | list | `[]` | Global Docker registry secret names. E.g. imagePullSecrets: - myRegistryKeySecretName |
| global.postgresqlEnabled | bool | `false` | Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration. |
| global.redisEnabled | bool | `false` | Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. |
### Ingress parameters
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| ingress.annotations | object | `{}` | Mapped annotations for the ingress crontroller. E.g. annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" |
| ingress.className | string | `""` | The Ingress className. |
| ingress.enabled | bool | `false` | Enable (frontend) Ingress Controller. |
| ingress.hosts | list | `[{"host":"penpot.example.com"}]` | Array style hosts for the (frontend) ingress crontroller. |
| ingress.hosts[0] | object | `{"host":"penpot.example.com"}` | The default external hostname to access to the penpot app. |
| ingress.path | string | `"/"` | Root path for every hosts. |
| ingress.tls | list | `[]` | Array style TLS secrets for the (frontend) ingress crontroller. E.g. tls: - secretName: penpot.example.com-tls hosts: - penpot.example.com |
### Persistence parameters
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| persistence.assets.accessModes | list | `["ReadWriteOnce"]` | Assets persistent Volume access modes. |
| persistence.assets.annotations | object | `{}` | Assetsp ersistent Volume Claim annotations. |
| persistence.assets.enabled | string | `"fals"` | Enable assets persistence using Persistent Volume Claims. |
| persistence.assets.existingClaim | string | `""` | The name of an existing PVC to use for assets persistence. |
| persistence.assets.size | string | `"20Gi"` | Assets persistent Volume size. |
| persistence.assets.storageClass | string | `""` | Assets persistent Volume storage class. If defined, storageClassName: <storageClass>. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| persistence.exporter.accessModes | list | `["ReadWriteOnce"]` | Exporter persistent Volume access modes. |
| persistence.exporter.annotations | object | `{}` | Exporter persistent Volume Claim annotations. |
| persistence.exporter.enabled | bool | `false` | Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it. |
| persistence.exporter.existingClaim | string | `""` | The name of an existing PVC to use for persistence. |
| persistence.exporter.size | string | `"10Gi"` | Exporter persistent Volume size. |
| persistence.exporter.storageClass | string | `""` | Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider. |
### PostgreSQL Dependencie parameters
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| postgresql | object | `{"auth":{"database":"penpot","password":"penpot","username":"penpot"}}` | PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql)) |
| postgresql.auth.database | string | `"penpot"` | Name for a custom database to create. |
| postgresql.auth.password | string | `"penpot"` | Password for the custom user to create. |
| postgresql.auth.username | string | `"penpot"` | Name for a custom user to create. |
### Redis Dependencie parameters
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| redis | object | `{"auth":{"enabled":false}}` | Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) |
| redis.auth.enabled | bool | `false` | Whether to enable password authentication. |

16
charts/penpot/templates/assets-persistentvolumeclaim.yml
View file

@ -1,24 +1,24 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} {{- if and .Values.persistence.assets.enabled (not .Values.persistence.assets.existingClaim) -}}
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "penpot.fullname" . }} name: {{ include "penpot.fullname" . }}-data-assets
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "penpot.labels" . | nindent 4 }} {{- include "penpot.labels" . | nindent 4 }}
{{- if .Values.persistence.annotations }} {{- if .Values.persistence.assets.annotations }}
annotations: annotations:
{{ toYaml .Values.persistence.annotations | indent 4 }} {{ toYaml .Values.persistence.assets.annotations | indent 4 }}
{{- end }} {{- end }}
spec: spec:
accessModes: accessModes:
{{- range .Values.persistence.accessModes }} {{- range .Values.persistence.assets.accessModes }}
- {{ . | quote }} - {{ . | quote }}
{{- end }} {{- end }}
resources: resources:
requests: requests:
storage: {{ .Values.persistence.size | quote }} storage: {{ .Values.persistence.assets.size | quote }}
{{- if .Values.persistence.storageClass }} {{- if .Values.persistence.assets.storageClass }}
storageClassName: "{{ .Values.persistence.storageClass }}" storageClassName: "{{ .Values.persistence.assets.storageClass }}"
{{- end }} {{- end }}
{{- end -}} {{- end -}}

4
charts/penpot/templates/backend-deployment.yml
View file

@ -395,9 +395,9 @@ spec:
{{- end }} {{- end }}
volumes: volumes:
- name: app-data - name: app-data
{{- if .Values.persistence.enabled }} {{- if .Values.persistence.assets.enabled }}
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} claimName: {{ .Values.persistence.assets.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-assets" ) }}
{{- else }} {{- else }}
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}

4
charts/penpot/templates/exporter-deployment.yml
View file

@ -67,9 +67,9 @@ spec:
{{- end }} {{- end }}
volumes: volumes:
- name: app-data - name: app-data
{{- if .Values.exporter.persistence.enabled }} {{- if .Values.persistence.exporter.enabled }}
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Values.exporter.persistence.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "exporter" ) }} claimName: {{ .Values.persistence.exporter.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-exporter" ) }}
{{- else }} {{- else }}
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}

16
charts/penpot/templates/exporter-persistentvolumeclaim.yml
View file

@ -1,24 +1,24 @@
{{- if and .Values.exporter.persistence.enabled (not .Values.exporter.persistence.existingClaim) -}} {{- if and .Values.persistence.exporter.enabled (not .Values.persistence.exporter.existingClaim) -}}
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "penpot.fullname" . }}-exporter name: {{ include "penpot.fullname" . }}-data-exporter
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "penpot.labels" . | nindent 4 }} {{- include "penpot.labels" . | nindent 4 }}
{{- if .Values.exporter.persistence.annotations }} {{- if .Values.persistence.exporter.annotations }}
annotations: annotations:
{{ toYaml .Values.exporter.persistence.annotations | indent 4 }} {{ toYaml .Values.persistence.exporter.annotations | indent 4 }}
{{- end }} {{- end }}
spec: spec:
accessModes: accessModes:
{{- range .Values.exporter.persistence.accessModes }} {{- range .Values.persistence.exporter.accessModes }}
- {{ . | quote }} - {{ . | quote }}
{{- end }} {{- end }}
resources: resources:
requests: requests:
storage: {{ .Values.exporter.persistence.size | quote }} storage: {{ .Values.persistence.exporter.size | quote }}
{{- if .Values.exporter.persistence.storageClass }} {{- if .Values.persistence.exporter.storageClass }}
storageClassName: "{{ .Values.exporter.persistence.storageClass }}" storageClassName: "{{ .Values.persistence.exporter.storageClass }}"
{{- end }} {{- end }}
{{- end -}} {{- end -}}

4
charts/penpot/templates/frontend-deployment.yml
View file

@ -66,9 +66,9 @@ spec:
{{- end }} {{- end }}
volumes: volumes:
- name: app-data - name: app-data
{{- if .Values.persistence.enabled }} {{- if .Values.persistence.assets.enabled }}
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} claimName: {{ .Values.persistence.assets.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-assets" ) }}
{{- else }} {{- else }}
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}

698
charts/penpot/values.yaml
View file

@ -1,516 +1,600 @@
## Default values for Penpot ## Default values for Penpot
########################################
## @section Global parameters
########################################
## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
## @param global.imagePullSecrets Global Docker registry secret names as an array.
##
global: global:
# -- Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
# @section -- Global parameters
postgresqlEnabled: false postgresqlEnabled: false
# -- Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
# @section -- Global parameters
redisEnabled: false redisEnabled: false
## E.g. # -- Global Docker registry secret names.
## imagePullSecrets: # E.g.
## - myRegistryKeySecretName # imagePullSecrets:
## # - myRegistryKeySecretName
# @section -- Global parameters
imagePullSecrets: [] imagePullSecrets: []
######################################## # -- To partially override common.names.fullname
## @section Common parameters # @section -- Common parameters
########################################
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: "" nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname # -- To fully override common.names.fullname
## # @section -- Common parameters
fullnameOverride: "" fullnameOverride: ""
## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created.
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
##
serviceAccount: serviceAccount:
# -- Specifies whether a ServiceAccount should be created.
# @section -- Common parameters
enabled: true enabled: true
# -- Annotations for service account. Evaluated as a template.
# @section -- Common parameters
annotations: {} annotations: {}
# -- The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
# @section -- Common parameters
name: "penpot" name: "penpot"
########################################
## @section Configuration parameters
########################################
config: config:
## @param config.publicUri The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. # -- The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. # @section -- Configuration parameters
## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example.
##
publicUri: "http://penpot.example.com" publicUri: "http://penpot.example.com"
# -- The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
# @section -- Configuration parameters
flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server" flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"
# -- A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example.
# @section -- Configuration parameters
apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg" apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"
## @param config.postgresql.host The PostgreSQL host to connect to. Empty to use dependencies. # -- Comma separated list of allowed domains to register. Empty to allow all domains.
## @param config.postgresql.port The PostgreSQL host port to use. # @section -- Configuration parameters
## @param config.postgresql.username The database username to use. registrationDomainWhitelist: ""
## @param config.postgresql.password The database password to use. # -- Whether to enable sending of anonymous telemetry data.
## @param config.postgresql.database The PostgreSQL database to use. # @section -- Configuration parameters
## @param config.postgresql.existingSecret The name of an existing secret. telemetryEnabled: true
## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret.
## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret.
##
postgresql: postgresql:
# -- The PostgreSQL host to connect to. Empty to use dependencies.
# @section -- Configuration parameters
host: "" # Ex.: "postgresql.penpot.svc.cluster.local" host: "" # Ex.: "postgresql.penpot.svc.cluster.local"
# -- The PostgreSQL host port to use.
# @section -- Configuration parameters
port: 5432 port: 5432
# -- The database username to use.
# @section -- Configuration parameters
username: "penpot" username: "penpot"
# -- The database password to use.
# @section -- Configuration parameters
password: "penpot" password: "penpot"
# -- The PostgreSQL database to use.
# @section -- Configuration parameters
database: "penpot" database: "penpot"
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: "" existingSecret: ""
secretKeys: secretKeys:
# -- The username key to use from an existing secret.
# @section -- Configuration parameters
usernameKey: "" usernameKey: ""
# -- The password key to use from an existing secret.
# @section -- Configuration parameters
passwordKey: "" passwordKey: ""
## @param config.redis.host The Redis host to connect to. Empty to use dependencies
## @param config.redis.port The Redis host port to use.
## @param config.redis.database The Redis database to connect to.
##
redis: redis:
# -- The Redis host to connect to. Empty to use dependencies
# @section -- Configuration parameters
host: "" # Ex.: "redis-headless.penpot.svc.cluster.local" host: "" # Ex.: "redis-headless.penpot.svc.cluster.local"
# -- The Redis host port to use.
# @section -- Configuration parameters
port: 6379 port: 6379
# -- The Redis database to connect to.
# @section -- Configuration parameters
database: "0" database: "0"
## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend.
## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend.
## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend.
## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend.
## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend.
## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend.
## @param config.assets.s3.existingSecret The name of an existing secret.
## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret.
## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret.
## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret.
##
assets: assets:
# -- The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
# @section -- Configuration parameters
storageBackend: "assets-fs" storageBackend: "assets-fs"
filesystem: filesystem:
# -- The storage directory to use if you chose the filesystem storage backend.
# @section -- Configuration parameters
directory: "/opt/data/assets" directory: "/opt/data/assets"
s3: s3:
# -- The S3 access key ID to use if you chose the S3 storage backend.
# @section -- Configuration parameters
accessKeyID: "" accessKeyID: ""
# -- The S3 secret access key to use if you chose the S3 storage backend.
# @section -- Configuration parameters
secretAccessKey: "" secretAccessKey: ""
# -- The S3 region to use if you chose the S3 storage backend.
# @section -- Configuration parameters
region: "" region: ""
# -- The name of the S3 bucket to use if you chose the S3 storage backend.
# @section -- Configuration parameters
bucket: "" bucket: ""
# -- The S3 endpoint URI to use if you chose the S3 storage backend.
# @section -- Configuration parameters
endpointURI: "" endpointURI: ""
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: "" existingSecret: ""
secretKeys: secretKeys:
# -- The S3 access key ID to use from an existing secret.
# @section -- Configuration parameters
accessKeyIDKey: "" accessKeyIDKey: ""
# -- The S3 secret access key to use from an existing secret.
# @section -- Configuration parameters
secretAccessKey: "" secretAccessKey: ""
# -- The S3 endpoint URI to use from an existing secret.
# @section -- Configuration parameters
endpointURIKey: "" endpointURIKey: ""
## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data.
##
telemetryEnabled: true
## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
## @param config.smtp.defaultFrom The SMTP default email to send from.
## @param config.smtp.defaultReplyTo The SMTP default email to reply to.
## @param config.smtp.host The SMTP host to use.
## @param config.smtp.port The SMTP host port to use.
## @param config.smtp.username The SMTP username to use.
## @param config.smtp.password The SMTP password to use.
## @param config.smtp.tls Whether to use TLS for the SMTP connection.
## @param config.smtp.ssl Whether to use SSL for the SMTP connection.
## @param config.smtp.existingSecret The name of an existing secret.
## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret.
## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret.
##
smtp: smtp:
# -- Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
# @section -- Configuration parameters
enabled: false enabled: false
# -- The SMTP default email to send from.
# @section -- Configuration parameters
defaultFrom: "" defaultFrom: ""
# -- The SMTP default email to reply to.
# @section -- Configuration parameters
defaultReplyTo: "" defaultReplyTo: ""
# -- The SMTP host to use.
# @section -- Configuration parameters
host: "" host: ""
# -- The SMTP host port to use.
# @section -- Configuration parameters
port: "" port: ""
# -- The SMTP username to use.
# @section -- Configuration parameters
username: "" username: ""
# -- The SMTP password to use.
# @section -- Configuration parameters
password: "" password: ""
# -- Whether to use TLS for the SMTP connection.
# @section -- Configuration parameters
tls: true tls: true
# -- Whether to use SSL for the SMTP connection.
# @section -- Configuration parameters
ssl: false ssl: false
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: "" existingSecret: ""
secretKeys: secretKeys:
# -- The SMTP username to use from an existing secret.
# @section -- Configuration parameters
usernameKey: "" usernameKey: ""
# -- The SMTP password to use from an existing secret.
# @section -- Configuration parameters
passwordKey: "" passwordKey: ""
## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains.
## # -- Penpot Authentication providers parameters
registrationDomainWhitelist: "" # @section -- Configuration parameters
## Penpot Authentication providers parameters
##
providers: providers:
## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
##
google: google:
# -- Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
# @section -- Configuration parameters
enabled: false enabled: false
# -- The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
# @section -- Configuration parameters
clientID: "" clientID: ""
# -- The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
# @section -- Configuration parameters
clientSecret: "" clientSecret: ""
## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
## @param config.providers.github.clientID The GitHub client ID to use.
## @param config.providers.github.clientSecret The GitHub client secret to use.
##
github: github:
# -- Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
# @section -- Configuration parameters
enabled: false enabled: false
# -- The GitHub client ID to use.
# @section -- Configuration parameters
clientID: "" clientID: ""
# -- The GitHub client secret to use.
# @section -- Configuration parameters
clientSecret: "" clientSecret: ""
## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
## @param config.providers.gitlab.baseURI The GitLab base URI to use.
## @param config.providers.gitlab.clientID The GitLab client ID to use.
## @param config.providers.gitlab.clientSecret The GitLab client secret to use.
##
gitlab: gitlab:
# -- Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
# @section -- Configuration parameters
enabled: false enabled: false
# -- The GitLab base URI to use.
# @section -- Configuration parameters
baseURI: "https://gitlab.com" baseURI: "https://gitlab.com"
# -- The GitLab client ID to use.
# @section -- Configuration parameters
clientID: "" clientID: ""
# -- The GitLab client secret to use.
# @section -- Configuration parameters
clientSecret: "" clientSecret: ""
## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
## @param config.providers.oidc.baseURI The OpenID Connect base URI to use.
## @param config.providers.oidc.clientID The OpenID Connect client ID to use.
## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use.
## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided.
## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided.
## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided.
## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
##
oidc: oidc:
# -- Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
# @section -- Configuration parameters
enabled: false enabled: false
# -- The OpenID Connect base URI to use.
# @section -- Configuration parameters
baseURI: "" baseURI: ""
# -- The OpenID Connect client ID to use.
# @section -- Configuration parameters
clientID: "" clientID: ""
# -- The OpenID Connect client secret to use.
# @section -- Configuration parameters
clientSecret: "" clientSecret: ""
# -- Optional OpenID Connect auth URI to use. Auto discovered if not provided.
# @section -- Configuration parameters
authURI: "" authURI: ""
# -- Optional OpenID Connect token URI to use. Auto discovered if not provided.
# @section -- Configuration parameters
tokenURI: "" tokenURI: ""
# -- Optional OpenID Connect user URI to use. Auto discovered if not provided.
# @section -- Configuration parameters
userURI: "" userURI: ""
# -- Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
# @section -- Configuration parameters
roles: "role1 role2" roles: "role1 role2"
# -- Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
# @section -- Configuration parameters
rolesAttribute: "" rolesAttribute: ""
# -- Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
# @section -- Configuration parameters
scopes: "scope1 scope2" scopes: "scope1 scope2"
# -- Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
# @section -- Configuration parameters
nameAttribute: "" nameAttribute: ""
# -- Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
# @section -- Configuration parameters
emailAttribute: "" emailAttribute: ""
## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
## @param config.providers.ldap.host The LDAP host to use.
## @param config.providers.ldap.port The LDAP port to use.
## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection.
## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection.
## @param config.providers.ldap.baseDN The LDAP base DN to use.
## @param config.providers.ldap.bindDN The LDAP bind DN to use.
## @param config.providers.ldap.bindPassword The LDAP bind password to use.
## @param config.providers.ldap.userQuery The LDAP user query to use.
## @param config.providers.ldap.attributesUsername The LDAP attributes username to use.
## @param config.providers.ldap.attributesEmail The LDAP attributes email to use.
## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use.
## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use.
##
ldap: ldap:
# -- Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
# @section -- Configuration parameters
enabled: false enabled: false
# -- The LDAP host to use.
# @section -- Configuration parameters
host: "ldap" host: "ldap"
# -- The LDAP port to use.
# @section -- Configuration parameters
port: 10389 port: 10389
# -- Whether to use SSL for the LDAP connection.
# @section -- Configuration parameters
ssl: false ssl: false
# -- Whether to utilize StartTLS for the LDAP connection.
# @section -- Configuration parameters
startTLS: false startTLS: false
# -- The LDAP base DN to use.
# @section -- Configuration parameters
baseDN: "ou=people,dc=planetexpress,dc=com" baseDN: "ou=people,dc=planetexpress,dc=com"
# -- The LDAP bind DN to use.
# @section -- Configuration parameters
bindDN: "cn=admin,dc=planetexpress,dc=com" bindDN: "cn=admin,dc=planetexpress,dc=com"
# -- The LDAP bind password to use.
# @section -- Configuration parameters
bindPassword: "GoodNewsEveryone" bindPassword: "GoodNewsEveryone"
# -- The LDAP user query to use.
# @section -- Configuration parameters
userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))" userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"
# -- The LDAP attributes username to use.
# @section -- Configuration parameters
attributesUsername: "uid" attributesUsername: "uid"
# -- The LDAP attributes email to use.
# @section -- Configuration parameters
attributesEmail: "mail" attributesEmail: "mail"
# -- The LDAP attributes fullname to use.
# @section -- Configuration parameters
attributesFullname: "cn" attributesFullname: "cn"
# -- The LDAP attributes photo format to use.
# @section -- Configuration parameters
attributesPhoto: "jpegPhoto" attributesPhoto: "jpegPhoto"
## @param config.providers.existingSecret The name of an existing secret to use. # -- The name of an existing secret to use.
## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret. # @section -- Configuration parameters
## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret.
## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret.
## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret.
## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret.
## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret.
## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret.
## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret.
##
existingSecret: "" existingSecret: ""
secretKeys: secretKeys:
# -- The Google client ID key to use from an existing secret.
# @section -- Configuration parameters
googleClientIDKey: "" googleClientIDKey: ""
# -- The Google client secret key to use from an existing secret.
# @section -- Configuration parameters
googleClientSecretKey: "" googleClientSecretKey: ""
# -- The GitHub client ID key to use from an existing secret.
# @section -- Configuration parameters
githubClientIDKey: "" githubClientIDKey: ""
# -- The GitHub client secret key to use from an existing secret.
# @section -- Configuration parameters
githubClientSecretKey: "" githubClientSecretKey: ""
# -- The GitLab client ID key to use from an existing secret.
# @section -- Configuration parameters
gitlabClientIDKey: "" gitlabClientIDKey: ""
# -- The GitLab client secret key to use from an existing secret.
# @section -- Configuration parameters
gitlabClientSecretKey: "" gitlabClientSecretKey: ""
# -- The OpenID Connect client ID key to use from an existing secret.
# @section -- Configuration parameters
oidcClientIDKey: "" oidcClientIDKey: ""
# -- The OpenID Connect client secret key to use from an existing secret.
# @section -- Configuration parameters
oidcClientSecretKey: "" oidcClientSecretKey: ""
########################################
## @section Backend parameters
########################################
backend: backend:
## @param backend.image.repository The Docker repository to pull the image from.
## @param backend.image.tag The image tag to use.
## @param backend.image.pullPolicy The image pull policy to use.
##
image: image:
# -- The Docker repository to pull the image from.
# @section -- Backend parameters
repository: penpotapp/backend repository: penpotapp/backend
# -- The image tag to use.
# @section -- Backend parameters
tag: 2.0.3 tag: 2.0.3
# -- The image pull policy to use.
# @section -- Backend parameters
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## @param backend.replicaCount The number of replicas to deploy. # -- The number of replicas to deploy.
## # @section -- Backend parameters
replicaCount: 1 replicaCount: 1
## @param backend.service.http.type The http service type to create.
## @param backend.service.http.port The http service port to use.
## @param backend.service.prepl.enabled Whether to enable the prepl service in the backend.
## @param backend.service.prepl.type The prepl service type to create.
## @param backend.service.prepl.port The prepl service port to use.
service: service:
http: http:
# -- The http service type to create.
# @section -- Backend parameters
type: ClusterIP type: ClusterIP
# -- The http service port to use.
# @section -- Backend parameters
port: 6060 port: 6060
prepl: prepl:
# -- Whether to enable the prepl service in the backend.
# @section -- Backend parameters
enabled: false enabled: false
# -- The prepl service type to create.
# @section -- Backend parameters
type: ClusterIP type: ClusterIP
# -- The prepl service port to use.
# @section -- Backend parameters
port: 6063 port: 6063
## Configure Pods Security Context # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod # @section -- Backend parameters
## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context
## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
##
podSecurityContext: podSecurityContext:
# -- Enabled Penpot pods' security context
# @section -- Backend parameters
enabled: true enabled: true
# -- Set Penpot pod's security context fsGroup
# @section -- Backend parameters
fsGroup: 1001 fsGroup: 1001
## Configure Container Security Context # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod # @section -- Backend parameters
## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context
## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
##
containerSecurityContext: containerSecurityContext:
# -- Enabled Penpot containers' security context
# @section -- Backend parameters
enabled: true enabled: true
# -- Set Penpot containers' security context runAsUser
# @section -- Backend parameters
runAsUser: 1001 runAsUser: 1001
# -- Set Penpot containers' security context allowPrivilegeEscalation
# @section -- Backend parameters
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
# -- Set Penpot containers' security context capabilities to be dropped
# @section -- Backend parameters
capabilities: capabilities:
drop: drop:
- all - all
# -- Set Penpot containers' security context readOnlyRootFilesystem
# @section -- Backend parameters
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
# -- Set Penpot container's security context runAsNonRoot
# @section -- Backend parameters
runAsNonRoot: true runAsNonRoot: true
## @param backend.affinity Affinity for Penpot pods assignment # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # @section -- Backend parameters
##
affinity: {} affinity: {}
## @param backend.nodeSelector Node labels for Penpot pods assignment # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
## ref: https://kubernetes.io/docs/user-guide/node-selection/ # @section -- Backend parameters
##
nodeSelector: {} nodeSelector: {}
## @param backend.tolerations Tolerations for Penpot pods assignment # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ # @section -- Backend parameters
##
tolerations: [] tolerations: []
## Penpot backend resource requests and limits # -- Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ # @section -- Backend parameters
## @param backend.resources.limits The resources limits for the Penpot backend containers
## @param backend.resources.requests The requested resources for the Penpot backend containers
##
resources: resources:
# -- The resources limits for the Penpot backend containers
# @section -- Backend parameters
limits: {} limits: {}
# -- The requested resources for the Penpot backend containers
# @section -- Backend parameters
requests: {} requests: {}
########################################
## @section Frontend parameters
########################################
frontend: frontend:
## @param frontend.image.repository The Docker repository to pull the image from.
## @param frontend.image.tag The image tag to use.
## @param frontend.image.imagePullPolicy The image pull policy to use.
##
image: image:
# -- The Docker repository to pull the image from.
# @section -- Frontend parameters
repository: penpotapp/frontend repository: penpotapp/frontend
# -- The image tag to use.
# @section -- Frontend parameters
tag: 2.0.3 tag: 2.0.3
# -- The image pull policy to use.
# @section -- Frontend parameters
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## @param frontend.replicaCount The number of replicas to deploy. # -- The number of replicas to deploy.
## # @section -- Frontend parameters
replicaCount: 1 replicaCount: 1
## @param frontend.service.type The service type to create.
## @param frontend.service.port The service port to use.
##
service: service:
# -- The service type to create.
# @section -- Frontend parameters
type: ClusterIP type: ClusterIP
# -- The service port to use.
# @section -- Frontend parameters
port: 80 port: 80
## @param frontend.affinity Affinity for Penpot pods assignment # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # @section -- Frontend parameters
##
affinity: {} affinity: {}
## @param frontend.nodeSelector Node labels for Penpot pods assignment # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
## ref: https://kubernetes.io/docs/user-guide/node-selection/ # @section -- Frontend parameters
##
nodeSelector: {} nodeSelector: {}
## @param frontend.tolerations Tolerations for Penpot pods assignment # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ # @section -- Frontend parameters
##
tolerations: [] tolerations: []
## Penpot frontend resource requests and limits # -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ # @section -- Frontend parameters
## @param frontend.resources.limits The resources limits for the Penpot frontend containers
## @param frontend.resources.requests The requested resources for the Penpot frontend containers
##
resources: resources:
# -- The resources limits for the Penpot frontend containers
# @section -- Frontend parameters
limits: {} limits: {}
# -- The requested resources for the Penpot frontend containers
# @section -- Frontend parameters
requests: {} requests: {}
########################################
## @section Exporter parameters
########################################
exporter: exporter:
## @param exporter.image.repository The Docker repository to pull the image from.
## @param exporter.image.tag The image tag to use.
## @param exporter.image.imagePullPolicy The image pull policy to use.
##
image: image:
# -- The Docker repository to pull the image from.
# @section -- Exporter parameters
repository: penpotapp/exporter repository: penpotapp/exporter
# -- The image tag to use.
# @section -- Exporter parameters
tag: 2.0.3 tag: 2.0.3
# -- The image pull policy to use.
# @section -- Exporter parameters
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
## @param exporter.replicaCount The number of replicas to deploy. Enable exporter.persistence if you use more than 1 replicaCount # -- The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount
## # @section -- Exporter parameters
replicaCount: 1 replicaCount: 1
## @param exporter.service.type The service type to create.
## @param exporter.service.port The service port to use.
##
service: service:
# -- The service type to create.
# @section -- Exporter parameters
type: ClusterIP type: ClusterIP
# -- The service port to use.
# @section -- Exporter parameters
port: 6061 port: 6061
# -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
## @param exporter.persistence.enabled Enable persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it. # @section -- Exporter parameters
## @param exporter.persistence.storageClass Persistent Volume storage class. Empty is choosing the default provisioner by the provider.
## @param exporter.persistence.size Persistent Volume size.
## @param exporter.persistence.existingClaim The name of an existing PVC to use for persistence.
## @param exporter.persistence.accessModes Persistent Volume access modes.
## @param exporter.persistence.annotations Persistent Volume Claim annotations.
##
persistence:
enabled: false
storageClass: ""
size: 10Gi
existingClaim: ""
accessModes:
- ReadWriteOnce
annotations: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context
## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
##
podSecurityContext: podSecurityContext:
# -- Enabled Penpot pods' security context
# @section -- Exporter parameters
enabled: true enabled: true
# -- Set Penpot pod's security context fsGroup
# @section -- Exporter parameters
fsGroup: 1001 fsGroup: 1001
## Configure Container Security Context # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod # @section -- Exporter parameters
## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context
## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
##
containerSecurityContext: containerSecurityContext:
# -- Enabled Penpot containers' security context
# @section -- Exporter parameters
enabled: true enabled: true
# -- Set Penpot containers' security context runAsUser
# @section -- Exporter parameters
runAsUser: 1001 runAsUser: 1001
# -- Set Penpot containers' security context allowPrivilegeEscalation
# @section -- Exporter parameters
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
# -- Set Penpot containers' security context capabilities to be dropped
# @section -- Exporter parameters
capabilities: capabilities:
drop: drop:
- all - all
# -- Set Penpot containers' security context readOnlyRootFilesystem
# @section -- Exporter parameters
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
# -- Set Penpot container's security context runAsNonRoot
# @section -- Exporter parameters
runAsNonRoot: true runAsNonRoot: true
## @param exporter.affinity Affinity for Penpot pods assignment # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity # @section -- Exporter parameters
##
affinity: {} affinity: {}
## @param exporter.nodeSelector Node labels for Penpot pods assignment # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
## ref: https://kubernetes.io/docs/user-guide/node-selection/ # @section -- Exporter parameters
##
nodeSelector: {} nodeSelector: {}
## @param exporter.tolerations Tolerations for Penpot pods assignment # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ # @section -- Exporter parameters
##
tolerations: [] tolerations: []
## Penpot exporter resource requests and limits # -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
## ref: https://kubernetes.io/docs/user-guide/compute-resources/ # @section -- Exporter parameters
## @param exporter.resources.limits The resources limits for the Penpot exporter containers
## @param exporter.resources.requests The requested resources for the Penpot exporter containers
##
resources: resources:
# -- The resources limits for the Penpot frontend containers
# @section -- Exporter parameters
limits: {} limits: {}
# -- The requested resources for the Penpot frontend containers
# @section -- Exporter parameters
requests: {} requests: {}
# @section -- Persistence parameters
########################################
## @section Assets Persistence parameters
########################################
persistence: persistence:
## @param persistence.enabled Enable persistence using Persistent Volume Claims. assets:
## # -- Enable assets persistence using Persistent Volume Claims.
enabled: fals # @section -- Persistence parameters
## @param persistence.storageClass Persistent Volume storage class. enabled: fals
## If defined, storageClassName: <storageClass>. # -- Assets persistent Volume storage class.
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. # If defined, storageClassName: <storageClass>.
## # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
storageClass: "" # @section -- Persistence parameters
## @param persistence.size Persistent Volume size. storageClass: ""
## # -- Assets persistent Volume size.
size: 20Gi # @section -- Persistence parameters
## @param persistence.existingClaim The name of an existing PVC to use for persistence. size: 20Gi
## # -- The name of an existing PVC to use for assets persistence.
existingClaim: "" # @section -- Persistence parameters
## @param persistence.accessModes Persistent Volume access modes. existingClaim: ""
## # -- Assets persistent Volume access modes.
accessModes: # @section -- Persistence parameters
- ReadWriteOnce accessModes:
## @param persistence.annotations Persistent Volume Claim annotations. - ReadWriteOnce
## # -- Assetsp ersistent Volume Claim annotations.
annotations: {} # @section -- Persistence parameters
annotations: {}
exporter:
######################################## # -- Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it.
## @section Ingress parameters # @section -- Persistence parameters
######################################## enabled: false
# -- Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider.
# @section -- Persistence parameters
storageClass: ""
# -- Exporter persistent Volume size.
# @section -- Persistence parameters
size: 10Gi
# -- The name of an existing PVC to use for persistence.
# @section -- Persistence parameters
existingClaim: ""
# -- Exporter persistent Volume access modes.
# @section -- Persistence parameters
accessModes:
- ReadWriteOnce
# -- Exporter persistent Volume Claim annotations.
# @section -- Persistence parameters
annotations: {}
ingress: ingress:
# -- Enable (frontend) Ingress Controller.
# @section -- Ingress parameters
enabled: false enabled: false
# -- The Ingress className.
# @section -- Ingress parameters
className: "" className: ""
# -- Mapped annotations for the ingress crontroller.
# E.g.
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# @section -- Ingress parameters
annotations: {} annotations: {}
# kubernetes.io/ingress.class: nginx # -- Root path for every hosts.
# kubernetes.io/tls-acme: "true" # @section -- Ingress parameters
path: "/" path: "/"
# -- Array style hosts for the (frontend) ingress crontroller.
# @section -- Ingress parameters
hosts: hosts:
# -- The default external hostname to access to the penpot app.
# @section -- Ingress parameters
- host: penpot.example.com - host: penpot.example.com
# -- Array style TLS secrets for the (frontend) ingress crontroller.
# E.g.
# tls:
# - secretName: penpot.example.com-tls
# hosts:
# - penpot.example.com
# @section -- Ingress parameters
tls: [] tls: []
# - secretName: penpot.example.com-tls
# hosts:
# - penpot.example.com
# -- PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
######################################## # @section -- PostgreSQL Dependencie parameters
## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
########################################
## @param postgresql.auth.username Name for a custom user to create.
## @param postgresql.auth.password Password for the custom user to create.
## @param postgresql.auth.database Name for a custom database to create.
##
postgresql: postgresql:
auth: auth:
# -- Name for a custom user to create.
# @section -- PostgreSQL Dependencie parameters
username: "penpot" username: "penpot"
# -- Password for the custom user to create.
# @section -- PostgreSQL Dependencie parameters
password: "penpot" password: "penpot"
# -- Name for a custom database to create.
# @section -- PostgreSQL Dependencie parameters
database: "penpot" database: "penpot"
######################################## # -- Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) # @section -- Redis Dependencie parameters
########################################
## @param redis.auth.enabled Whether to enable password authentication.
##
redis: redis:
auth: auth:
# -- Whether to enable password authentication.
# @section -- Redis Dependencie parameters
enabled: false enabled: false

19
devel/penpot.values.yaml
View file

@ -7,19 +7,20 @@ config:
publicUri: "http://localhost" publicUri: "http://localhost"
apiSecretKey: "my-secret-key" apiSecretKey: "my-secret-key"
# backend: #backend:
# replicaCount: 2 # replicaCount: 2
# frontend: #frontend:
# replicaCount: 2 # replicaCount: 2
# exporter: #exporter:
# replicaCount: 2 # replicaCount: 2
# persistence:
# enabled: true
persistence: persistence:
enabled: true assets:
enabled: true
exporter:
enabled: true
ingress: ingress:
enabled: true enabled: true