mirror of
https://github.com/penpot/penpot-helm.git
synced 2024-12-22 05:32:59 -05:00
chore(doc): improve documentation of Values section
This commit is contained in:
parent
b0d83d010b
commit
2001dfc006
8 changed files with 646 additions and 503 deletions
|
@ -15,170 +15,228 @@ $ helm install my-release penpot/penpot
|
|||
|
||||
## Values
|
||||
|
||||
### Backend parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| backend.affinity | object | `{}` | |
|
||||
| backend.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||
| backend.containerSecurityContext.capabilities.drop[0] | string | `"all"` | |
|
||||
| backend.containerSecurityContext.enabled | bool | `true` | |
|
||||
| backend.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| backend.containerSecurityContext.runAsNonRoot | bool | `true` | |
|
||||
| backend.containerSecurityContext.runAsUser | int | `1001` | |
|
||||
| backend.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| backend.image.repository | string | `"penpotapp/backend"` | |
|
||||
| backend.image.tag | string | `"2.0.3"` | |
|
||||
| backend.nodeSelector | object | `{}` | |
|
||||
| backend.podSecurityContext.enabled | bool | `true` | |
|
||||
| backend.podSecurityContext.fsGroup | int | `1001` | |
|
||||
| backend.replicaCount | int | `1` | |
|
||||
| backend.resources.limits | object | `{}` | |
|
||||
| backend.resources.requests | object | `{}` | |
|
||||
| backend.service.http.port | int | `6060` | |
|
||||
| backend.service.http.type | string | `"ClusterIP"` | |
|
||||
| backend.service.prepl.enabled | bool | `false` | |
|
||||
| backend.service.prepl.port | int | `6063` | |
|
||||
| backend.service.prepl.type | string | `"ClusterIP"` | |
|
||||
| backend.tolerations | list | `[]` | |
|
||||
| config.apiSecretKey | string | `"kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"` | |
|
||||
| config.assets.filesystem.directory | string | `"/opt/data/assets"` | |
|
||||
| config.assets.s3.accessKeyID | string | `""` | |
|
||||
| config.assets.s3.bucket | string | `""` | |
|
||||
| config.assets.s3.endpointURI | string | `""` | |
|
||||
| config.assets.s3.existingSecret | string | `""` | |
|
||||
| config.assets.s3.region | string | `""` | |
|
||||
| config.assets.s3.secretAccessKey | string | `""` | |
|
||||
| config.assets.s3.secretKeys.accessKeyIDKey | string | `""` | |
|
||||
| config.assets.s3.secretKeys.endpointURIKey | string | `""` | |
|
||||
| config.assets.s3.secretKeys.secretAccessKey | string | `""` | |
|
||||
| config.assets.storageBackend | string | `"assets-fs"` | |
|
||||
| config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"` | |
|
||||
| config.postgresql.database | string | `"penpot"` | |
|
||||
| config.postgresql.existingSecret | string | `""` | |
|
||||
| config.postgresql.host | string | `""` | |
|
||||
| config.postgresql.password | string | `"penpot"` | |
|
||||
| config.postgresql.port | int | `5432` | |
|
||||
| config.postgresql.secretKeys.passwordKey | string | `""` | |
|
||||
| config.postgresql.secretKeys.usernameKey | string | `""` | |
|
||||
| config.postgresql.username | string | `"penpot"` | |
|
||||
| config.providers.existingSecret | string | `""` | |
|
||||
| config.providers.github.clientID | string | `""` | |
|
||||
| config.providers.github.clientSecret | string | `""` | |
|
||||
| config.providers.github.enabled | bool | `false` | |
|
||||
| config.providers.gitlab.baseURI | string | `"https://gitlab.com"` | |
|
||||
| config.providers.gitlab.clientID | string | `""` | |
|
||||
| config.providers.gitlab.clientSecret | string | `""` | |
|
||||
| config.providers.gitlab.enabled | bool | `false` | |
|
||||
| config.providers.google.clientID | string | `""` | |
|
||||
| config.providers.google.clientSecret | string | `""` | |
|
||||
| config.providers.google.enabled | bool | `false` | |
|
||||
| config.providers.ldap.attributesEmail | string | `"mail"` | |
|
||||
| config.providers.ldap.attributesFullname | string | `"cn"` | |
|
||||
| config.providers.ldap.attributesPhoto | string | `"jpegPhoto"` | |
|
||||
| config.providers.ldap.attributesUsername | string | `"uid"` | |
|
||||
| config.providers.ldap.baseDN | string | `"ou=people,dc=planetexpress,dc=com"` | |
|
||||
| config.providers.ldap.bindDN | string | `"cn=admin,dc=planetexpress,dc=com"` | |
|
||||
| config.providers.ldap.bindPassword | string | `"GoodNewsEveryone"` | |
|
||||
| config.providers.ldap.enabled | bool | `false` | |
|
||||
| config.providers.ldap.host | string | `"ldap"` | |
|
||||
| config.providers.ldap.port | int | `10389` | |
|
||||
| config.providers.ldap.ssl | bool | `false` | |
|
||||
| config.providers.ldap.startTLS | bool | `false` | |
|
||||
| config.providers.ldap.userQuery | string | `"(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"` | |
|
||||
| config.providers.oidc.authURI | string | `""` | |
|
||||
| config.providers.oidc.baseURI | string | `""` | |
|
||||
| config.providers.oidc.clientID | string | `""` | |
|
||||
| config.providers.oidc.clientSecret | string | `""` | |
|
||||
| config.providers.oidc.emailAttribute | string | `""` | |
|
||||
| config.providers.oidc.enabled | bool | `false` | |
|
||||
| config.providers.oidc.nameAttribute | string | `""` | |
|
||||
| config.providers.oidc.roles | string | `"role1 role2"` | |
|
||||
| config.providers.oidc.rolesAttribute | string | `""` | |
|
||||
| config.providers.oidc.scopes | string | `"scope1 scope2"` | |
|
||||
| config.providers.oidc.tokenURI | string | `""` | |
|
||||
| config.providers.oidc.userURI | string | `""` | |
|
||||
| config.providers.secretKeys.githubClientIDKey | string | `""` | |
|
||||
| config.providers.secretKeys.githubClientSecretKey | string | `""` | |
|
||||
| config.providers.secretKeys.gitlabClientIDKey | string | `""` | |
|
||||
| config.providers.secretKeys.gitlabClientSecretKey | string | `""` | |
|
||||
| config.providers.secretKeys.googleClientIDKey | string | `""` | |
|
||||
| config.providers.secretKeys.googleClientSecretKey | string | `""` | |
|
||||
| config.providers.secretKeys.oidcClientIDKey | string | `""` | |
|
||||
| config.providers.secretKeys.oidcClientSecretKey | string | `""` | |
|
||||
| config.publicUri | string | `"http://penpot.example.com"` | |
|
||||
| config.redis.database | string | `"0"` | |
|
||||
| config.redis.host | string | `""` | |
|
||||
| config.redis.port | int | `6379` | |
|
||||
| config.registrationDomainWhitelist | string | `""` | |
|
||||
| config.smtp.defaultFrom | string | `""` | |
|
||||
| config.smtp.defaultReplyTo | string | `""` | |
|
||||
| config.smtp.enabled | bool | `false` | |
|
||||
| config.smtp.existingSecret | string | `""` | |
|
||||
| config.smtp.host | string | `""` | |
|
||||
| config.smtp.password | string | `""` | |
|
||||
| config.smtp.port | string | `""` | |
|
||||
| config.smtp.secretKeys.passwordKey | string | `""` | |
|
||||
| config.smtp.secretKeys.usernameKey | string | `""` | |
|
||||
| config.smtp.ssl | bool | `false` | |
|
||||
| config.smtp.tls | bool | `true` | |
|
||||
| config.smtp.username | string | `""` | |
|
||||
| config.telemetryEnabled | bool | `true` | |
|
||||
| exporter.affinity | object | `{}` | |
|
||||
| exporter.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||
| exporter.containerSecurityContext.capabilities.drop[0] | string | `"all"` | |
|
||||
| exporter.containerSecurityContext.enabled | bool | `true` | |
|
||||
| exporter.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| exporter.containerSecurityContext.runAsNonRoot | bool | `true` | |
|
||||
| exporter.containerSecurityContext.runAsUser | int | `1001` | |
|
||||
| exporter.image.imagePullPolicy | string | `"IfNotPresent"` | |
|
||||
| exporter.image.repository | string | `"penpotapp/exporter"` | |
|
||||
| exporter.image.tag | string | `"2.0.3"` | |
|
||||
| exporter.nodeSelector | object | `{}` | |
|
||||
| exporter.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
|
||||
| exporter.persistence.annotations | object | `{}` | |
|
||||
| exporter.persistence.enabled | bool | `false` | |
|
||||
| exporter.persistence.existingClaim | string | `""` | |
|
||||
| exporter.persistence.size | string | `"10Gi"` | |
|
||||
| exporter.persistence.storageClass | string | `""` | |
|
||||
| exporter.podSecurityContext.enabled | bool | `true` | |
|
||||
| exporter.podSecurityContext.fsGroup | int | `1001` | |
|
||||
| exporter.replicaCount | int | `1` | |
|
||||
| exporter.resources.limits | object | `{}` | |
|
||||
| exporter.resources.requests | object | `{}` | |
|
||||
| exporter.service.port | int | `6061` | |
|
||||
| exporter.service.type | string | `"ClusterIP"` | |
|
||||
| exporter.tolerations | list | `[]` | |
|
||||
| frontend.affinity | object | `{}` | |
|
||||
| frontend.image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| frontend.image.repository | string | `"penpotapp/frontend"` | |
|
||||
| frontend.image.tag | string | `"2.0.3"` | |
|
||||
| frontend.nodeSelector | object | `{}` | |
|
||||
| frontend.replicaCount | int | `1` | |
|
||||
| frontend.resources.limits | object | `{}` | |
|
||||
| frontend.resources.requests | object | `{}` | |
|
||||
| frontend.service.port | int | `80` | |
|
||||
| frontend.service.type | string | `"ClusterIP"` | |
|
||||
| frontend.tolerations | list | `[]` | |
|
||||
| fullnameOverride | string | `""` | |
|
||||
| global.imagePullSecrets | list | `[]` | |
|
||||
| global.postgresqlEnabled | bool | `false` | |
|
||||
| global.redisEnabled | bool | `false` | |
|
||||
| ingress.annotations | object | `{}` | |
|
||||
| ingress.className | string | `""` | |
|
||||
| ingress.enabled | bool | `false` | |
|
||||
| ingress.hosts[0].host | string | `"penpot.example.com"` | |
|
||||
| ingress.path | string | `"/"` | |
|
||||
| ingress.tls | list | `[]` | |
|
||||
| nameOverride | string | `""` | |
|
||||
| persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
|
||||
| persistence.annotations | object | `{}` | |
|
||||
| persistence.enabled | string | `"fals"` | |
|
||||
| persistence.existingClaim | string | `""` | |
|
||||
| persistence.size | string | `"20Gi"` | |
|
||||
| persistence.storageClass | string | `""` | |
|
||||
| postgresql.auth.database | string | `"penpot"` | |
|
||||
| postgresql.auth.password | string | `"penpot"` | |
|
||||
| postgresql.auth.username | string | `"penpot"` | |
|
||||
| redis.auth.enabled | bool | `false` | |
|
||||
| serviceAccount.annotations | object | `{}` | |
|
||||
| serviceAccount.enabled | bool | `true` | |
|
||||
| serviceAccount.name | string | `"penpot"` | |
|
||||
| backend.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) |
|
||||
| backend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"enabled":true,"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001}` | Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
|
||||
| backend.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | Set Penpot containers' security context allowPrivilegeEscalation |
|
||||
| backend.containerSecurityContext.capabilities | object | `{"drop":["all"]}` | Set Penpot containers' security context capabilities to be dropped |
|
||||
| backend.containerSecurityContext.enabled | bool | `true` | Enabled Penpot containers' security context |
|
||||
| backend.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | Set Penpot containers' security context readOnlyRootFilesystem |
|
||||
| backend.containerSecurityContext.runAsNonRoot | bool | `true` | Set Penpot container's security context runAsNonRoot |
|
||||
| backend.containerSecurityContext.runAsUser | int | `1001` | Set Penpot containers' security context runAsUser |
|
||||
| backend.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy to use. |
|
||||
| backend.image.repository | string | `"penpotapp/backend"` | The Docker repository to pull the image from. |
|
||||
| backend.image.tag | string | `"2.0.3"` | The image tag to use. |
|
||||
| backend.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) |
|
||||
| backend.podSecurityContext | object | `{"enabled":true,"fsGroup":1001}` | Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
|
||||
| backend.podSecurityContext.enabled | bool | `true` | Enabled Penpot pods' security context |
|
||||
| backend.podSecurityContext.fsGroup | int | `1001` | Set Penpot pod's security context fsGroup |
|
||||
| backend.replicaCount | int | `1` | The number of replicas to deploy. |
|
||||
| backend.resources | object | `{"limits":{},"requests":{}}` | Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) |
|
||||
| backend.resources.limits | object | `{}` | The resources limits for the Penpot backend containers |
|
||||
| backend.resources.requests | object | `{}` | The requested resources for the Penpot backend containers |
|
||||
| backend.service.http.port | int | `6060` | The http service port to use. |
|
||||
| backend.service.http.type | string | `"ClusterIP"` | The http service type to create. |
|
||||
| backend.service.prepl.enabled | bool | `false` | Whether to enable the prepl service in the backend. |
|
||||
| backend.service.prepl.port | int | `6063` | The prepl service port to use. |
|
||||
| backend.service.prepl.type | string | `"ClusterIP"` | The prepl service type to create. |
|
||||
| backend.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |
|
||||
|
||||
### Configuration parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| config.apiSecretKey | string | `"kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"` | A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example. |
|
||||
| config.assets.filesystem.directory | string | `"/opt/data/assets"` | The storage directory to use if you chose the filesystem storage backend. |
|
||||
| config.assets.s3.accessKeyID | string | `""` | The S3 access key ID to use if you chose the S3 storage backend. |
|
||||
| config.assets.s3.bucket | string | `""` | The name of the S3 bucket to use if you chose the S3 storage backend. |
|
||||
| config.assets.s3.endpointURI | string | `""` | The S3 endpoint URI to use if you chose the S3 storage backend. |
|
||||
| config.assets.s3.existingSecret | string | `""` | The name of an existing secret. |
|
||||
| config.assets.s3.region | string | `""` | The S3 region to use if you chose the S3 storage backend. |
|
||||
| config.assets.s3.secretAccessKey | string | `""` | The S3 secret access key to use if you chose the S3 storage backend. |
|
||||
| config.assets.s3.secretKeys.accessKeyIDKey | string | `""` | The S3 access key ID to use from an existing secret. |
|
||||
| config.assets.s3.secretKeys.endpointURIKey | string | `""` | The S3 endpoint URI to use from an existing secret. |
|
||||
| config.assets.s3.secretKeys.secretAccessKey | string | `""` | The S3 secret access key to use from an existing secret. |
|
||||
| config.assets.storageBackend | string | `"assets-fs"` | The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. |
|
||||
| config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"` | The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. |
|
||||
| config.postgresql.database | string | `"penpot"` | The PostgreSQL database to use. |
|
||||
| config.postgresql.existingSecret | string | `""` | The name of an existing secret. |
|
||||
| config.postgresql.host | string | `""` | The PostgreSQL host to connect to. Empty to use dependencies. |
|
||||
| config.postgresql.password | string | `"penpot"` | The database password to use. |
|
||||
| config.postgresql.port | int | `5432` | The PostgreSQL host port to use. |
|
||||
| config.postgresql.secretKeys.passwordKey | string | `""` | The password key to use from an existing secret. |
|
||||
| config.postgresql.secretKeys.usernameKey | string | `""` | The username key to use from an existing secret. |
|
||||
| config.postgresql.username | string | `"penpot"` | The database username to use. |
|
||||
| config.providers | object | `{"existingSecret":"","github":{"clientID":"","clientSecret":"","enabled":false},"gitlab":{"baseURI":"https://gitlab.com","clientID":"","clientSecret":"","enabled":false},"google":{"clientID":"","clientSecret":"","enabled":false},"ldap":{"attributesEmail":"mail","attributesFullname":"cn","attributesPhoto":"jpegPhoto","attributesUsername":"uid","baseDN":"ou=people,dc=planetexpress,dc=com","bindDN":"cn=admin,dc=planetexpress,dc=com","bindPassword":"GoodNewsEveryone","enabled":false,"host":"ldap","port":10389,"ssl":false,"startTLS":false,"userQuery":"(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"},"oidc":{"authURI":"","baseURI":"","clientID":"","clientSecret":"","emailAttribute":"","enabled":false,"nameAttribute":"","roles":"role1 role2","rolesAttribute":"","scopes":"scope1 scope2","tokenURI":"","userURI":""},"secretKeys":{"githubClientIDKey":"","githubClientSecretKey":"","gitlabClientIDKey":"","gitlabClientSecretKey":"","googleClientIDKey":"","googleClientSecretKey":"","oidcClientIDKey":"","oidcClientSecretKey":""}}` | Penpot Authentication providers parameters |
|
||||
| config.providers.existingSecret | string | `""` | The name of an existing secret to use. |
|
||||
| config.providers.github.clientID | string | `""` | The GitHub client ID to use. |
|
||||
| config.providers.github.clientSecret | string | `""` | The GitHub client secret to use. |
|
||||
| config.providers.github.enabled | bool | `false` | Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. |
|
||||
| config.providers.gitlab.baseURI | string | `"https://gitlab.com"` | The GitLab base URI to use. |
|
||||
| config.providers.gitlab.clientID | string | `""` | The GitLab client ID to use. |
|
||||
| config.providers.gitlab.clientSecret | string | `""` | The GitLab client secret to use. |
|
||||
| config.providers.gitlab.enabled | bool | `false` | Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. |
|
||||
| config.providers.google.clientID | string | `""` | The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. |
|
||||
| config.providers.google.clientSecret | string | `""` | The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. |
|
||||
| config.providers.google.enabled | bool | `false` | Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. |
|
||||
| config.providers.ldap.attributesEmail | string | `"mail"` | The LDAP attributes email to use. |
|
||||
| config.providers.ldap.attributesFullname | string | `"cn"` | The LDAP attributes fullname to use. |
|
||||
| config.providers.ldap.attributesPhoto | string | `"jpegPhoto"` | The LDAP attributes photo format to use. |
|
||||
| config.providers.ldap.attributesUsername | string | `"uid"` | The LDAP attributes username to use. |
|
||||
| config.providers.ldap.baseDN | string | `"ou=people,dc=planetexpress,dc=com"` | The LDAP base DN to use. |
|
||||
| config.providers.ldap.bindDN | string | `"cn=admin,dc=planetexpress,dc=com"` | The LDAP bind DN to use. |
|
||||
| config.providers.ldap.bindPassword | string | `"GoodNewsEveryone"` | The LDAP bind password to use. |
|
||||
| config.providers.ldap.enabled | bool | `false` | Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. |
|
||||
| config.providers.ldap.host | string | `"ldap"` | The LDAP host to use. |
|
||||
| config.providers.ldap.port | int | `10389` | The LDAP port to use. |
|
||||
| config.providers.ldap.ssl | bool | `false` | Whether to use SSL for the LDAP connection. |
|
||||
| config.providers.ldap.startTLS | bool | `false` | Whether to utilize StartTLS for the LDAP connection. |
|
||||
| config.providers.ldap.userQuery | string | `"(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"` | The LDAP user query to use. |
|
||||
| config.providers.oidc.authURI | string | `""` | Optional OpenID Connect auth URI to use. Auto discovered if not provided. |
|
||||
| config.providers.oidc.baseURI | string | `""` | The OpenID Connect base URI to use. |
|
||||
| config.providers.oidc.clientID | string | `""` | The OpenID Connect client ID to use. |
|
||||
| config.providers.oidc.clientSecret | string | `""` | The OpenID Connect client secret to use. |
|
||||
| config.providers.oidc.emailAttribute | string | `""` | Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. |
|
||||
| config.providers.oidc.enabled | bool | `false` | Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. |
|
||||
| config.providers.oidc.nameAttribute | string | `""` | Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. |
|
||||
| config.providers.oidc.roles | string | `"role1 role2"` | Optional OpenID Connect roles to use. If no role is provided, roles checking disabled. |
|
||||
| config.providers.oidc.rolesAttribute | string | `""` | Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled. |
|
||||
| config.providers.oidc.scopes | string | `"scope1 scope2"` | Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. |
|
||||
| config.providers.oidc.tokenURI | string | `""` | Optional OpenID Connect token URI to use. Auto discovered if not provided. |
|
||||
| config.providers.oidc.userURI | string | `""` | Optional OpenID Connect user URI to use. Auto discovered if not provided. |
|
||||
| config.providers.secretKeys.githubClientIDKey | string | `""` | The GitHub client ID key to use from an existing secret. |
|
||||
| config.providers.secretKeys.githubClientSecretKey | string | `""` | The GitHub client secret key to use from an existing secret. |
|
||||
| config.providers.secretKeys.gitlabClientIDKey | string | `""` | The GitLab client ID key to use from an existing secret. |
|
||||
| config.providers.secretKeys.gitlabClientSecretKey | string | `""` | The GitLab client secret key to use from an existing secret. |
|
||||
| config.providers.secretKeys.googleClientIDKey | string | `""` | The Google client ID key to use from an existing secret. |
|
||||
| config.providers.secretKeys.googleClientSecretKey | string | `""` | The Google client secret key to use from an existing secret. |
|
||||
| config.providers.secretKeys.oidcClientIDKey | string | `""` | The OpenID Connect client ID key to use from an existing secret. |
|
||||
| config.providers.secretKeys.oidcClientSecretKey | string | `""` | The OpenID Connect client secret key to use from an existing secret. |
|
||||
| config.publicUri | string | `"http://penpot.example.com"` | The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. |
|
||||
| config.redis.database | string | `"0"` | The Redis database to connect to. |
|
||||
| config.redis.host | string | `""` | The Redis host to connect to. Empty to use dependencies |
|
||||
| config.redis.port | int | `6379` | The Redis host port to use. |
|
||||
| config.registrationDomainWhitelist | string | `""` | Comma separated list of allowed domains to register. Empty to allow all domains. |
|
||||
| config.smtp.defaultFrom | string | `""` | The SMTP default email to send from. |
|
||||
| config.smtp.defaultReplyTo | string | `""` | The SMTP default email to reply to. |
|
||||
| config.smtp.enabled | bool | `false` | Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. |
|
||||
| config.smtp.existingSecret | string | `""` | The name of an existing secret. |
|
||||
| config.smtp.host | string | `""` | The SMTP host to use. |
|
||||
| config.smtp.password | string | `""` | The SMTP password to use. |
|
||||
| config.smtp.port | string | `""` | The SMTP host port to use. |
|
||||
| config.smtp.secretKeys.passwordKey | string | `""` | The SMTP password to use from an existing secret. |
|
||||
| config.smtp.secretKeys.usernameKey | string | `""` | The SMTP username to use from an existing secret. |
|
||||
| config.smtp.ssl | bool | `false` | Whether to use SSL for the SMTP connection. |
|
||||
| config.smtp.tls | bool | `true` | Whether to use TLS for the SMTP connection. |
|
||||
| config.smtp.username | string | `""` | The SMTP username to use. |
|
||||
| config.telemetryEnabled | bool | `true` | Whether to enable sending of anonymous telemetry data. |
|
||||
|
||||
### Exporter parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| exporter.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) |
|
||||
| exporter.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"enabled":true,"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001}` | Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
|
||||
| exporter.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | Set Penpot containers' security context allowPrivilegeEscalation |
|
||||
| exporter.containerSecurityContext.capabilities | object | `{"drop":["all"]}` | Set Penpot containers' security context capabilities to be dropped |
|
||||
| exporter.containerSecurityContext.enabled | bool | `true` | Enabled Penpot containers' security context |
|
||||
| exporter.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | Set Penpot containers' security context readOnlyRootFilesystem |
|
||||
| exporter.containerSecurityContext.runAsNonRoot | bool | `true` | Set Penpot container's security context runAsNonRoot |
|
||||
| exporter.containerSecurityContext.runAsUser | int | `1001` | Set Penpot containers' security context runAsUser |
|
||||
| exporter.image.imagePullPolicy | string | `"IfNotPresent"` | The image pull policy to use. |
|
||||
| exporter.image.repository | string | `"penpotapp/exporter"` | The Docker repository to pull the image from. |
|
||||
| exporter.image.tag | string | `"2.0.3"` | The image tag to use. |
|
||||
| exporter.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) |
|
||||
| exporter.podSecurityContext | object | `{"enabled":true,"fsGroup":1001}` | Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |
|
||||
| exporter.podSecurityContext.enabled | bool | `true` | Enabled Penpot pods' security context |
|
||||
| exporter.podSecurityContext.fsGroup | int | `1001` | Set Penpot pod's security context fsGroup |
|
||||
| exporter.replicaCount | int | `1` | The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount |
|
||||
| exporter.resources | object | `{"limits":{},"requests":{}}` | Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) |
|
||||
| exporter.resources.limits | object | `{}` | The resources limits for the Penpot frontend containers |
|
||||
| exporter.resources.requests | object | `{}` | The requested resources for the Penpot frontend containers |
|
||||
| exporter.service.port | int | `6061` | The service port to use. |
|
||||
| exporter.service.type | string | `"ClusterIP"` | The service type to create. |
|
||||
| exporter.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |
|
||||
|
||||
### Frontend parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| frontend.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) |
|
||||
| frontend.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy to use. |
|
||||
| frontend.image.repository | string | `"penpotapp/frontend"` | The Docker repository to pull the image from. |
|
||||
| frontend.image.tag | string | `"2.0.3"` | The image tag to use. |
|
||||
| frontend.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) |
|
||||
| frontend.replicaCount | int | `1` | The number of replicas to deploy. |
|
||||
| frontend.resources | object | `{"limits":{},"requests":{}}` | Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) |
|
||||
| frontend.resources.limits | object | `{}` | The resources limits for the Penpot frontend containers |
|
||||
| frontend.resources.requests | object | `{}` | The requested resources for the Penpot frontend containers |
|
||||
| frontend.service.port | int | `80` | The service port to use. |
|
||||
| frontend.service.type | string | `"ClusterIP"` | The service type to create. |
|
||||
| frontend.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) |
|
||||
|
||||
### Common parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| fullnameOverride | string | `""` | To fully override common.names.fullname |
|
||||
| nameOverride | string | `""` | To partially override common.names.fullname |
|
||||
| serviceAccount.annotations | object | `{}` | Annotations for service account. Evaluated as a template. |
|
||||
| serviceAccount.enabled | bool | `true` | Specifies whether a ServiceAccount should be created. |
|
||||
| serviceAccount.name | string | `"penpot"` | The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. |
|
||||
|
||||
### Global parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| global.imagePullSecrets | list | `[]` | Global Docker registry secret names. E.g. imagePullSecrets: - myRegistryKeySecretName |
|
||||
| global.postgresqlEnabled | bool | `false` | Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration. |
|
||||
| global.redisEnabled | bool | `false` | Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. |
|
||||
|
||||
### Ingress parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| ingress.annotations | object | `{}` | Mapped annotations for the ingress crontroller. E.g. annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" |
|
||||
| ingress.className | string | `""` | The Ingress className. |
|
||||
| ingress.enabled | bool | `false` | Enable (frontend) Ingress Controller. |
|
||||
| ingress.hosts | list | `[{"host":"penpot.example.com"}]` | Array style hosts for the (frontend) ingress crontroller. |
|
||||
| ingress.hosts[0] | object | `{"host":"penpot.example.com"}` | The default external hostname to access to the penpot app. |
|
||||
| ingress.path | string | `"/"` | Root path for every hosts. |
|
||||
| ingress.tls | list | `[]` | Array style TLS secrets for the (frontend) ingress crontroller. E.g. tls: - secretName: penpot.example.com-tls hosts: - penpot.example.com |
|
||||
|
||||
### Persistence parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| persistence.assets.accessModes | list | `["ReadWriteOnce"]` | Assets persistent Volume access modes. |
|
||||
| persistence.assets.annotations | object | `{}` | Assetsp ersistent Volume Claim annotations. |
|
||||
| persistence.assets.enabled | string | `"fals"` | Enable assets persistence using Persistent Volume Claims. |
|
||||
| persistence.assets.existingClaim | string | `""` | The name of an existing PVC to use for assets persistence. |
|
||||
| persistence.assets.size | string | `"20Gi"` | Assets persistent Volume size. |
|
||||
| persistence.assets.storageClass | string | `""` | Assets persistent Volume storage class. If defined, storageClassName: <storageClass>. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
|
||||
| persistence.exporter.accessModes | list | `["ReadWriteOnce"]` | Exporter persistent Volume access modes. |
|
||||
| persistence.exporter.annotations | object | `{}` | Exporter persistent Volume Claim annotations. |
|
||||
| persistence.exporter.enabled | bool | `false` | Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it. |
|
||||
| persistence.exporter.existingClaim | string | `""` | The name of an existing PVC to use for persistence. |
|
||||
| persistence.exporter.size | string | `"10Gi"` | Exporter persistent Volume size. |
|
||||
| persistence.exporter.storageClass | string | `""` | Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider. |
|
||||
|
||||
### PostgreSQL Dependencie parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| postgresql | object | `{"auth":{"database":"penpot","password":"penpot","username":"penpot"}}` | PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql)) |
|
||||
| postgresql.auth.database | string | `"penpot"` | Name for a custom database to create. |
|
||||
| postgresql.auth.password | string | `"penpot"` | Password for the custom user to create. |
|
||||
| postgresql.auth.username | string | `"penpot"` | Name for a custom user to create. |
|
||||
|
||||
### Redis Dependencie parameters
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| redis | object | `{"auth":{"enabled":false}}` | Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) |
|
||||
| redis.auth.enabled | bool | `false` | Whether to enable password authentication. |
|
||||
|
|
|
@ -1,24 +1,24 @@
|
|||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
|
||||
{{- if and .Values.persistence.assets.enabled (not .Values.persistence.assets.existingClaim) -}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}
|
||||
name: {{ include "penpot.fullname" . }}-data-assets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
{{- if .Values.persistence.annotations }}
|
||||
{{- if .Values.persistence.assets.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.persistence.annotations | indent 4 }}
|
||||
{{ toYaml .Values.persistence.assets.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.persistence.accessModes }}
|
||||
{{- range .Values.persistence.assets.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
||||
storage: {{ .Values.persistence.assets.size | quote }}
|
||||
{{- if .Values.persistence.assets.storageClass }}
|
||||
storageClassName: "{{ .Values.persistence.assets.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
|
@ -395,9 +395,9 @@ spec:
|
|||
{{- end }}
|
||||
volumes:
|
||||
- name: app-data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
{{- if .Values.persistence.assets.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
|
||||
claimName: {{ .Values.persistence.assets.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-assets" ) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
|
|
|
@ -67,9 +67,9 @@ spec:
|
|||
{{- end }}
|
||||
volumes:
|
||||
- name: app-data
|
||||
{{- if .Values.exporter.persistence.enabled }}
|
||||
{{- if .Values.persistence.exporter.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.exporter.persistence.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "exporter" ) }}
|
||||
claimName: {{ .Values.persistence.exporter.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-exporter" ) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,24 +1,24 @@
|
|||
{{- if and .Values.exporter.persistence.enabled (not .Values.exporter.persistence.existingClaim) -}}
|
||||
{{- if and .Values.persistence.exporter.enabled (not .Values.persistence.exporter.existingClaim) -}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-exporter
|
||||
name: {{ include "penpot.fullname" . }}-data-exporter
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
{{- if .Values.exporter.persistence.annotations }}
|
||||
{{- if .Values.persistence.exporter.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.exporter.persistence.annotations | indent 4 }}
|
||||
{{ toYaml .Values.persistence.exporter.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.exporter.persistence.accessModes }}
|
||||
{{- range .Values.persistence.exporter.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.exporter.persistence.size | quote }}
|
||||
{{- if .Values.exporter.persistence.storageClass }}
|
||||
storageClassName: "{{ .Values.exporter.persistence.storageClass }}"
|
||||
storage: {{ .Values.persistence.exporter.size | quote }}
|
||||
{{- if .Values.persistence.exporter.storageClass }}
|
||||
storageClassName: "{{ .Values.persistence.exporter.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
|
@ -66,9 +66,9 @@ spec:
|
|||
{{- end }}
|
||||
volumes:
|
||||
- name: app-data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
{{- if .Values.persistence.assets.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
|
||||
claimName: {{ .Values.persistence.assets.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "data-assets" ) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,516 +1,600 @@
|
|||
## Default values for Penpot
|
||||
|
||||
########################################
|
||||
## @section Global parameters
|
||||
########################################
|
||||
|
||||
## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
|
||||
## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
|
||||
## @param global.imagePullSecrets Global Docker registry secret names as an array.
|
||||
##
|
||||
global:
|
||||
# -- Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
|
||||
# @section -- Global parameters
|
||||
postgresqlEnabled: false
|
||||
# -- Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
|
||||
# @section -- Global parameters
|
||||
redisEnabled: false
|
||||
## E.g.
|
||||
## imagePullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
# -- Global Docker registry secret names.
|
||||
# E.g.
|
||||
# imagePullSecrets:
|
||||
# - myRegistryKeySecretName
|
||||
# @section -- Global parameters
|
||||
imagePullSecrets: []
|
||||
|
||||
########################################
|
||||
## @section Common parameters
|
||||
########################################
|
||||
|
||||
## @param nameOverride String to partially override common.names.fullname
|
||||
##
|
||||
# -- To partially override common.names.fullname
|
||||
# @section -- Common parameters
|
||||
nameOverride: ""
|
||||
## @param fullnameOverride String to fully override common.names.fullname
|
||||
##
|
||||
# -- To fully override common.names.fullname
|
||||
# @section -- Common parameters
|
||||
fullnameOverride: ""
|
||||
## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created.
|
||||
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
|
||||
## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
|
||||
##
|
||||
serviceAccount:
|
||||
# -- Specifies whether a ServiceAccount should be created.
|
||||
# @section -- Common parameters
|
||||
enabled: true
|
||||
# -- Annotations for service account. Evaluated as a template.
|
||||
# @section -- Common parameters
|
||||
annotations: {}
|
||||
# -- The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
|
||||
# @section -- Common parameters
|
||||
name: "penpot"
|
||||
|
||||
########################################
|
||||
## @section Configuration parameters
|
||||
########################################
|
||||
|
||||
config:
|
||||
## @param config.publicUri The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
|
||||
## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
|
||||
## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example.
|
||||
##
|
||||
# -- The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
|
||||
# @section -- Configuration parameters
|
||||
publicUri: "http://penpot.example.com"
|
||||
# -- The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
|
||||
# @section -- Configuration parameters
|
||||
flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"
|
||||
# -- A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example.
|
||||
# @section -- Configuration parameters
|
||||
apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"
|
||||
## @param config.postgresql.host The PostgreSQL host to connect to. Empty to use dependencies.
|
||||
## @param config.postgresql.port The PostgreSQL host port to use.
|
||||
## @param config.postgresql.username The database username to use.
|
||||
## @param config.postgresql.password The database password to use.
|
||||
## @param config.postgresql.database The PostgreSQL database to use.
|
||||
## @param config.postgresql.existingSecret The name of an existing secret.
|
||||
## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret.
|
||||
## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret.
|
||||
##
|
||||
# -- Comma separated list of allowed domains to register. Empty to allow all domains.
|
||||
# @section -- Configuration parameters
|
||||
registrationDomainWhitelist: ""
|
||||
# -- Whether to enable sending of anonymous telemetry data.
|
||||
# @section -- Configuration parameters
|
||||
telemetryEnabled: true
|
||||
|
||||
postgresql:
|
||||
# -- The PostgreSQL host to connect to. Empty to use dependencies.
|
||||
# @section -- Configuration parameters
|
||||
host: "" # Ex.: "postgresql.penpot.svc.cluster.local"
|
||||
# -- The PostgreSQL host port to use.
|
||||
# @section -- Configuration parameters
|
||||
port: 5432
|
||||
# -- The database username to use.
|
||||
# @section -- Configuration parameters
|
||||
username: "penpot"
|
||||
# -- The database password to use.
|
||||
# @section -- Configuration parameters
|
||||
password: "penpot"
|
||||
# -- The PostgreSQL database to use.
|
||||
# @section -- Configuration parameters
|
||||
database: "penpot"
|
||||
# -- The name of an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
existingSecret: ""
|
||||
secretKeys:
|
||||
# -- The username key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
usernameKey: ""
|
||||
# -- The password key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
passwordKey: ""
|
||||
## @param config.redis.host The Redis host to connect to. Empty to use dependencies
|
||||
## @param config.redis.port The Redis host port to use.
|
||||
## @param config.redis.database The Redis database to connect to.
|
||||
##
|
||||
|
||||
redis:
|
||||
# -- The Redis host to connect to. Empty to use dependencies
|
||||
# @section -- Configuration parameters
|
||||
host: "" # Ex.: "redis-headless.penpot.svc.cluster.local"
|
||||
# -- The Redis host port to use.
|
||||
# @section -- Configuration parameters
|
||||
port: 6379
|
||||
# -- The Redis database to connect to.
|
||||
# @section -- Configuration parameters
|
||||
database: "0"
|
||||
## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
|
||||
## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend.
|
||||
## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.existingSecret The name of an existing secret.
|
||||
## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret.
|
||||
## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret.
|
||||
## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret.
|
||||
##
|
||||
|
||||
assets:
|
||||
# -- The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
|
||||
# @section -- Configuration parameters
|
||||
storageBackend: "assets-fs"
|
||||
filesystem:
|
||||
# -- The storage directory to use if you chose the filesystem storage backend.
|
||||
# @section -- Configuration parameters
|
||||
directory: "/opt/data/assets"
|
||||
s3:
|
||||
# -- The S3 access key ID to use if you chose the S3 storage backend.
|
||||
# @section -- Configuration parameters
|
||||
accessKeyID: ""
|
||||
# -- The S3 secret access key to use if you chose the S3 storage backend.
|
||||
# @section -- Configuration parameters
|
||||
secretAccessKey: ""
|
||||
# -- The S3 region to use if you chose the S3 storage backend.
|
||||
# @section -- Configuration parameters
|
||||
region: ""
|
||||
# -- The name of the S3 bucket to use if you chose the S3 storage backend.
|
||||
# @section -- Configuration parameters
|
||||
bucket: ""
|
||||
# -- The S3 endpoint URI to use if you chose the S3 storage backend.
|
||||
# @section -- Configuration parameters
|
||||
endpointURI: ""
|
||||
# -- The name of an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
existingSecret: ""
|
||||
secretKeys:
|
||||
# -- The S3 access key ID to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
accessKeyIDKey: ""
|
||||
# -- The S3 secret access key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
secretAccessKey: ""
|
||||
# -- The S3 endpoint URI to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
endpointURIKey: ""
|
||||
## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data.
|
||||
##
|
||||
telemetryEnabled: true
|
||||
## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
|
||||
## @param config.smtp.defaultFrom The SMTP default email to send from.
|
||||
## @param config.smtp.defaultReplyTo The SMTP default email to reply to.
|
||||
## @param config.smtp.host The SMTP host to use.
|
||||
## @param config.smtp.port The SMTP host port to use.
|
||||
## @param config.smtp.username The SMTP username to use.
|
||||
## @param config.smtp.password The SMTP password to use.
|
||||
## @param config.smtp.tls Whether to use TLS for the SMTP connection.
|
||||
## @param config.smtp.ssl Whether to use SSL for the SMTP connection.
|
||||
## @param config.smtp.existingSecret The name of an existing secret.
|
||||
## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret.
|
||||
## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret.
|
||||
##
|
||||
|
||||
smtp:
|
||||
# -- Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
|
||||
# @section -- Configuration parameters
|
||||
enabled: false
|
||||
# -- The SMTP default email to send from.
|
||||
# @section -- Configuration parameters
|
||||
defaultFrom: ""
|
||||
# -- The SMTP default email to reply to.
|
||||
# @section -- Configuration parameters
|
||||
defaultReplyTo: ""
|
||||
# -- The SMTP host to use.
|
||||
# @section -- Configuration parameters
|
||||
host: ""
|
||||
# -- The SMTP host port to use.
|
||||
# @section -- Configuration parameters
|
||||
port: ""
|
||||
# -- The SMTP username to use.
|
||||
# @section -- Configuration parameters
|
||||
username: ""
|
||||
# -- The SMTP password to use.
|
||||
# @section -- Configuration parameters
|
||||
password: ""
|
||||
# -- Whether to use TLS for the SMTP connection.
|
||||
# @section -- Configuration parameters
|
||||
tls: true
|
||||
# -- Whether to use SSL for the SMTP connection.
|
||||
# @section -- Configuration parameters
|
||||
ssl: false
|
||||
# -- The name of an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
existingSecret: ""
|
||||
secretKeys:
|
||||
# -- The SMTP username to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
usernameKey: ""
|
||||
# -- The SMTP password to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
passwordKey: ""
|
||||
## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains.
|
||||
##
|
||||
registrationDomainWhitelist: ""
|
||||
## Penpot Authentication providers parameters
|
||||
##
|
||||
|
||||
# -- Penpot Authentication providers parameters
|
||||
# @section -- Configuration parameters
|
||||
providers:
|
||||
## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
|
||||
## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
|
||||
## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
|
||||
##
|
||||
google:
|
||||
# -- Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
|
||||
# @section -- Configuration parameters
|
||||
enabled: false
|
||||
# -- The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
|
||||
# @section -- Configuration parameters
|
||||
clientID: ""
|
||||
# -- The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
|
||||
# @section -- Configuration parameters
|
||||
clientSecret: ""
|
||||
## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
|
||||
## @param config.providers.github.clientID The GitHub client ID to use.
|
||||
## @param config.providers.github.clientSecret The GitHub client secret to use.
|
||||
##
|
||||
github:
|
||||
# -- Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
|
||||
# @section -- Configuration parameters
|
||||
enabled: false
|
||||
# -- The GitHub client ID to use.
|
||||
# @section -- Configuration parameters
|
||||
clientID: ""
|
||||
# -- The GitHub client secret to use.
|
||||
# @section -- Configuration parameters
|
||||
clientSecret: ""
|
||||
## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
|
||||
## @param config.providers.gitlab.baseURI The GitLab base URI to use.
|
||||
## @param config.providers.gitlab.clientID The GitLab client ID to use.
|
||||
## @param config.providers.gitlab.clientSecret The GitLab client secret to use.
|
||||
##
|
||||
gitlab:
|
||||
# -- Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
|
||||
# @section -- Configuration parameters
|
||||
enabled: false
|
||||
# -- The GitLab base URI to use.
|
||||
# @section -- Configuration parameters
|
||||
baseURI: "https://gitlab.com"
|
||||
# -- The GitLab client ID to use.
|
||||
# @section -- Configuration parameters
|
||||
clientID: ""
|
||||
# -- The GitLab client secret to use.
|
||||
# @section -- Configuration parameters
|
||||
clientSecret: ""
|
||||
## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
|
||||
## @param config.providers.oidc.baseURI The OpenID Connect base URI to use.
|
||||
## @param config.providers.oidc.clientID The OpenID Connect client ID to use.
|
||||
## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use.
|
||||
## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided.
|
||||
## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided.
|
||||
## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided.
|
||||
## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
|
||||
## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
|
||||
## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
|
||||
## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
|
||||
## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
|
||||
##
|
||||
oidc:
|
||||
# -- Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
|
||||
# @section -- Configuration parameters
|
||||
enabled: false
|
||||
# -- The OpenID Connect base URI to use.
|
||||
# @section -- Configuration parameters
|
||||
baseURI: ""
|
||||
# -- The OpenID Connect client ID to use.
|
||||
# @section -- Configuration parameters
|
||||
clientID: ""
|
||||
# -- The OpenID Connect client secret to use.
|
||||
# @section -- Configuration parameters
|
||||
clientSecret: ""
|
||||
# -- Optional OpenID Connect auth URI to use. Auto discovered if not provided.
|
||||
# @section -- Configuration parameters
|
||||
authURI: ""
|
||||
# -- Optional OpenID Connect token URI to use. Auto discovered if not provided.
|
||||
# @section -- Configuration parameters
|
||||
tokenURI: ""
|
||||
# -- Optional OpenID Connect user URI to use. Auto discovered if not provided.
|
||||
# @section -- Configuration parameters
|
||||
userURI: ""
|
||||
# -- Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
|
||||
# @section -- Configuration parameters
|
||||
roles: "role1 role2"
|
||||
# -- Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
|
||||
# @section -- Configuration parameters
|
||||
rolesAttribute: ""
|
||||
# -- Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
|
||||
# @section -- Configuration parameters
|
||||
scopes: "scope1 scope2"
|
||||
# -- Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
|
||||
# @section -- Configuration parameters
|
||||
nameAttribute: ""
|
||||
# -- Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
|
||||
# @section -- Configuration parameters
|
||||
emailAttribute: ""
|
||||
## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
|
||||
## @param config.providers.ldap.host The LDAP host to use.
|
||||
## @param config.providers.ldap.port The LDAP port to use.
|
||||
## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection.
|
||||
## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection.
|
||||
## @param config.providers.ldap.baseDN The LDAP base DN to use.
|
||||
## @param config.providers.ldap.bindDN The LDAP bind DN to use.
|
||||
## @param config.providers.ldap.bindPassword The LDAP bind password to use.
|
||||
## @param config.providers.ldap.userQuery The LDAP user query to use.
|
||||
## @param config.providers.ldap.attributesUsername The LDAP attributes username to use.
|
||||
## @param config.providers.ldap.attributesEmail The LDAP attributes email to use.
|
||||
## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use.
|
||||
## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use.
|
||||
##
|
||||
ldap:
|
||||
# -- Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
|
||||
# @section -- Configuration parameters
|
||||
enabled: false
|
||||
# -- The LDAP host to use.
|
||||
# @section -- Configuration parameters
|
||||
host: "ldap"
|
||||
# -- The LDAP port to use.
|
||||
# @section -- Configuration parameters
|
||||
port: 10389
|
||||
# -- Whether to use SSL for the LDAP connection.
|
||||
# @section -- Configuration parameters
|
||||
ssl: false
|
||||
# -- Whether to utilize StartTLS for the LDAP connection.
|
||||
# @section -- Configuration parameters
|
||||
startTLS: false
|
||||
# -- The LDAP base DN to use.
|
||||
# @section -- Configuration parameters
|
||||
baseDN: "ou=people,dc=planetexpress,dc=com"
|
||||
# -- The LDAP bind DN to use.
|
||||
# @section -- Configuration parameters
|
||||
bindDN: "cn=admin,dc=planetexpress,dc=com"
|
||||
# -- The LDAP bind password to use.
|
||||
# @section -- Configuration parameters
|
||||
bindPassword: "GoodNewsEveryone"
|
||||
# -- The LDAP user query to use.
|
||||
# @section -- Configuration parameters
|
||||
userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"
|
||||
# -- The LDAP attributes username to use.
|
||||
# @section -- Configuration parameters
|
||||
attributesUsername: "uid"
|
||||
# -- The LDAP attributes email to use.
|
||||
# @section -- Configuration parameters
|
||||
attributesEmail: "mail"
|
||||
# -- The LDAP attributes fullname to use.
|
||||
# @section -- Configuration parameters
|
||||
attributesFullname: "cn"
|
||||
# -- The LDAP attributes photo format to use.
|
||||
# @section -- Configuration parameters
|
||||
attributesPhoto: "jpegPhoto"
|
||||
## @param config.providers.existingSecret The name of an existing secret to use.
|
||||
## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret.
|
||||
##
|
||||
# -- The name of an existing secret to use.
|
||||
# @section -- Configuration parameters
|
||||
existingSecret: ""
|
||||
secretKeys:
|
||||
# -- The Google client ID key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
googleClientIDKey: ""
|
||||
# -- The Google client secret key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
googleClientSecretKey: ""
|
||||
# -- The GitHub client ID key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
githubClientIDKey: ""
|
||||
# -- The GitHub client secret key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
githubClientSecretKey: ""
|
||||
# -- The GitLab client ID key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
gitlabClientIDKey: ""
|
||||
# -- The GitLab client secret key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
gitlabClientSecretKey: ""
|
||||
# -- The OpenID Connect client ID key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
oidcClientIDKey: ""
|
||||
# -- The OpenID Connect client secret key to use from an existing secret.
|
||||
# @section -- Configuration parameters
|
||||
oidcClientSecretKey: ""
|
||||
|
||||
########################################
|
||||
## @section Backend parameters
|
||||
########################################
|
||||
|
||||
backend:
|
||||
## @param backend.image.repository The Docker repository to pull the image from.
|
||||
## @param backend.image.tag The image tag to use.
|
||||
## @param backend.image.pullPolicy The image pull policy to use.
|
||||
##
|
||||
image:
|
||||
# -- The Docker repository to pull the image from.
|
||||
# @section -- Backend parameters
|
||||
repository: penpotapp/backend
|
||||
# -- The image tag to use.
|
||||
# @section -- Backend parameters
|
||||
tag: 2.0.3
|
||||
# -- The image pull policy to use.
|
||||
# @section -- Backend parameters
|
||||
pullPolicy: IfNotPresent
|
||||
## @param backend.replicaCount The number of replicas to deploy.
|
||||
##
|
||||
# -- The number of replicas to deploy.
|
||||
# @section -- Backend parameters
|
||||
replicaCount: 1
|
||||
## @param backend.service.http.type The http service type to create.
|
||||
## @param backend.service.http.port The http service port to use.
|
||||
## @param backend.service.prepl.enabled Whether to enable the prepl service in the backend.
|
||||
## @param backend.service.prepl.type The prepl service type to create.
|
||||
## @param backend.service.prepl.port The prepl service port to use.
|
||||
service:
|
||||
http:
|
||||
# -- The http service type to create.
|
||||
# @section -- Backend parameters
|
||||
type: ClusterIP
|
||||
# -- The http service port to use.
|
||||
# @section -- Backend parameters
|
||||
port: 6060
|
||||
prepl:
|
||||
# -- Whether to enable the prepl service in the backend.
|
||||
# @section -- Backend parameters
|
||||
enabled: false
|
||||
# -- The prepl service type to create.
|
||||
# @section -- Backend parameters
|
||||
type: ClusterIP
|
||||
# -- The prepl service port to use.
|
||||
# @section -- Backend parameters
|
||||
port: 6063
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context
|
||||
## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
|
||||
##
|
||||
# -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
|
||||
# @section -- Backend parameters
|
||||
podSecurityContext:
|
||||
# -- Enabled Penpot pods' security context
|
||||
# @section -- Backend parameters
|
||||
enabled: true
|
||||
# -- Set Penpot pod's security context fsGroup
|
||||
# @section -- Backend parameters
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context
|
||||
## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
|
||||
## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
|
||||
## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
|
||||
## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
|
||||
## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
|
||||
##
|
||||
# -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
|
||||
# @section -- Backend parameters
|
||||
containerSecurityContext:
|
||||
# -- Enabled Penpot containers' security context
|
||||
# @section -- Backend parameters
|
||||
enabled: true
|
||||
# -- Set Penpot containers' security context runAsUser
|
||||
# @section -- Backend parameters
|
||||
runAsUser: 1001
|
||||
# -- Set Penpot containers' security context allowPrivilegeEscalation
|
||||
# @section -- Backend parameters
|
||||
allowPrivilegeEscalation: false
|
||||
# -- Set Penpot containers' security context capabilities to be dropped
|
||||
# @section -- Backend parameters
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
# -- Set Penpot containers' security context readOnlyRootFilesystem
|
||||
# @section -- Backend parameters
|
||||
readOnlyRootFilesystem: false
|
||||
# -- Set Penpot container's security context runAsNonRoot
|
||||
# @section -- Backend parameters
|
||||
runAsNonRoot: true
|
||||
## @param backend.affinity Affinity for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
# -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
|
||||
# @section -- Backend parameters
|
||||
affinity: {}
|
||||
## @param backend.nodeSelector Node labels for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
# -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
|
||||
# @section -- Backend parameters
|
||||
nodeSelector: {}
|
||||
## @param backend.tolerations Tolerations for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
# -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
|
||||
# @section -- Backend parameters
|
||||
tolerations: []
|
||||
## Penpot backend resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param backend.resources.limits The resources limits for the Penpot backend containers
|
||||
## @param backend.resources.requests The requested resources for the Penpot backend containers
|
||||
##
|
||||
# -- Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
|
||||
# @section -- Backend parameters
|
||||
resources:
|
||||
# -- The resources limits for the Penpot backend containers
|
||||
# @section -- Backend parameters
|
||||
limits: {}
|
||||
# -- The requested resources for the Penpot backend containers
|
||||
# @section -- Backend parameters
|
||||
requests: {}
|
||||
|
||||
########################################
|
||||
## @section Frontend parameters
|
||||
########################################
|
||||
|
||||
frontend:
|
||||
## @param frontend.image.repository The Docker repository to pull the image from.
|
||||
## @param frontend.image.tag The image tag to use.
|
||||
## @param frontend.image.imagePullPolicy The image pull policy to use.
|
||||
##
|
||||
image:
|
||||
# -- The Docker repository to pull the image from.
|
||||
# @section -- Frontend parameters
|
||||
repository: penpotapp/frontend
|
||||
# -- The image tag to use.
|
||||
# @section -- Frontend parameters
|
||||
tag: 2.0.3
|
||||
# -- The image pull policy to use.
|
||||
# @section -- Frontend parameters
|
||||
pullPolicy: IfNotPresent
|
||||
## @param frontend.replicaCount The number of replicas to deploy.
|
||||
##
|
||||
# -- The number of replicas to deploy.
|
||||
# @section -- Frontend parameters
|
||||
replicaCount: 1
|
||||
## @param frontend.service.type The service type to create.
|
||||
## @param frontend.service.port The service port to use.
|
||||
##
|
||||
service:
|
||||
# -- The service type to create.
|
||||
# @section -- Frontend parameters
|
||||
type: ClusterIP
|
||||
# -- The service port to use.
|
||||
# @section -- Frontend parameters
|
||||
port: 80
|
||||
## @param frontend.affinity Affinity for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
# -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
|
||||
# @section -- Frontend parameters
|
||||
affinity: {}
|
||||
## @param frontend.nodeSelector Node labels for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
# -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
|
||||
# @section -- Frontend parameters
|
||||
nodeSelector: {}
|
||||
## @param frontend.tolerations Tolerations for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
# -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
|
||||
# @section -- Frontend parameters
|
||||
tolerations: []
|
||||
## Penpot frontend resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param frontend.resources.limits The resources limits for the Penpot frontend containers
|
||||
## @param frontend.resources.requests The requested resources for the Penpot frontend containers
|
||||
##
|
||||
# -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
|
||||
# @section -- Frontend parameters
|
||||
resources:
|
||||
# -- The resources limits for the Penpot frontend containers
|
||||
# @section -- Frontend parameters
|
||||
limits: {}
|
||||
# -- The requested resources for the Penpot frontend containers
|
||||
# @section -- Frontend parameters
|
||||
requests: {}
|
||||
|
||||
########################################
|
||||
## @section Exporter parameters
|
||||
########################################
|
||||
|
||||
exporter:
|
||||
## @param exporter.image.repository The Docker repository to pull the image from.
|
||||
## @param exporter.image.tag The image tag to use.
|
||||
## @param exporter.image.imagePullPolicy The image pull policy to use.
|
||||
##
|
||||
image:
|
||||
# -- The Docker repository to pull the image from.
|
||||
# @section -- Exporter parameters
|
||||
repository: penpotapp/exporter
|
||||
# -- The image tag to use.
|
||||
# @section -- Exporter parameters
|
||||
tag: 2.0.3
|
||||
# -- The image pull policy to use.
|
||||
# @section -- Exporter parameters
|
||||
imagePullPolicy: IfNotPresent
|
||||
## @param exporter.replicaCount The number of replicas to deploy. Enable exporter.persistence if you use more than 1 replicaCount
|
||||
##
|
||||
# -- The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount
|
||||
# @section -- Exporter parameters
|
||||
replicaCount: 1
|
||||
## @param exporter.service.type The service type to create.
|
||||
## @param exporter.service.port The service port to use.
|
||||
##
|
||||
service:
|
||||
# -- The service type to create.
|
||||
# @section -- Exporter parameters
|
||||
type: ClusterIP
|
||||
# -- The service port to use.
|
||||
# @section -- Exporter parameters
|
||||
port: 6061
|
||||
|
||||
## @param exporter.persistence.enabled Enable persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it.
|
||||
## @param exporter.persistence.storageClass Persistent Volume storage class. Empty is choosing the default provisioner by the provider.
|
||||
## @param exporter.persistence.size Persistent Volume size.
|
||||
## @param exporter.persistence.existingClaim The name of an existing PVC to use for persistence.
|
||||
## @param exporter.persistence.accessModes Persistent Volume access modes.
|
||||
## @param exporter.persistence.annotations Persistent Volume Claim annotations.
|
||||
##
|
||||
persistence:
|
||||
enabled: false
|
||||
storageClass: ""
|
||||
size: 10Gi
|
||||
existingClaim: ""
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
annotations: {}
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context
|
||||
## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
|
||||
##
|
||||
# -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
|
||||
# @section -- Exporter parameters
|
||||
podSecurityContext:
|
||||
# -- Enabled Penpot pods' security context
|
||||
# @section -- Exporter parameters
|
||||
enabled: true
|
||||
# -- Set Penpot pod's security context fsGroup
|
||||
# @section -- Exporter parameters
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context
|
||||
## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
|
||||
## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
|
||||
## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
|
||||
## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
|
||||
## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
|
||||
##
|
||||
# -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
|
||||
# @section -- Exporter parameters
|
||||
containerSecurityContext:
|
||||
# -- Enabled Penpot containers' security context
|
||||
# @section -- Exporter parameters
|
||||
enabled: true
|
||||
# -- Set Penpot containers' security context runAsUser
|
||||
# @section -- Exporter parameters
|
||||
runAsUser: 1001
|
||||
# -- Set Penpot containers' security context allowPrivilegeEscalation
|
||||
# @section -- Exporter parameters
|
||||
allowPrivilegeEscalation: false
|
||||
# -- Set Penpot containers' security context capabilities to be dropped
|
||||
# @section -- Exporter parameters
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
# -- Set Penpot containers' security context readOnlyRootFilesystem
|
||||
# @section -- Exporter parameters
|
||||
readOnlyRootFilesystem: false
|
||||
# -- Set Penpot container's security context runAsNonRoot
|
||||
# @section -- Exporter parameters
|
||||
runAsNonRoot: true
|
||||
## @param exporter.affinity Affinity for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
# -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
|
||||
# @section -- Exporter parameters
|
||||
affinity: {}
|
||||
## @param exporter.nodeSelector Node labels for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
# -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
|
||||
# @section -- Exporter parameters
|
||||
nodeSelector: {}
|
||||
## @param exporter.tolerations Tolerations for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
# -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
|
||||
# @section -- Exporter parameters
|
||||
tolerations: []
|
||||
## Penpot exporter resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param exporter.resources.limits The resources limits for the Penpot exporter containers
|
||||
## @param exporter.resources.requests The requested resources for the Penpot exporter containers
|
||||
##
|
||||
# -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
|
||||
# @section -- Exporter parameters
|
||||
resources:
|
||||
# -- The resources limits for the Penpot frontend containers
|
||||
# @section -- Exporter parameters
|
||||
limits: {}
|
||||
# -- The requested resources for the Penpot frontend containers
|
||||
# @section -- Exporter parameters
|
||||
requests: {}
|
||||
|
||||
|
||||
########################################
|
||||
## @section Assets Persistence parameters
|
||||
########################################
|
||||
|
||||
# @section -- Persistence parameters
|
||||
persistence:
|
||||
## @param persistence.enabled Enable persistence using Persistent Volume Claims.
|
||||
##
|
||||
assets:
|
||||
# -- Enable assets persistence using Persistent Volume Claims.
|
||||
# @section -- Persistence parameters
|
||||
enabled: fals
|
||||
## @param persistence.storageClass Persistent Volume storage class.
|
||||
## If defined, storageClassName: <storageClass>.
|
||||
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
|
||||
##
|
||||
# -- Assets persistent Volume storage class.
|
||||
# If defined, storageClassName: <storageClass>.
|
||||
# If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
|
||||
# @section -- Persistence parameters
|
||||
storageClass: ""
|
||||
## @param persistence.size Persistent Volume size.
|
||||
##
|
||||
# -- Assets persistent Volume size.
|
||||
# @section -- Persistence parameters
|
||||
size: 20Gi
|
||||
## @param persistence.existingClaim The name of an existing PVC to use for persistence.
|
||||
##
|
||||
# -- The name of an existing PVC to use for assets persistence.
|
||||
# @section -- Persistence parameters
|
||||
existingClaim: ""
|
||||
## @param persistence.accessModes Persistent Volume access modes.
|
||||
##
|
||||
# -- Assets persistent Volume access modes.
|
||||
# @section -- Persistence parameters
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
## @param persistence.annotations Persistent Volume Claim annotations.
|
||||
##
|
||||
# -- Assetsp ersistent Volume Claim annotations.
|
||||
# @section -- Persistence parameters
|
||||
annotations: {}
|
||||
exporter:
|
||||
# -- Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it.
|
||||
# @section -- Persistence parameters
|
||||
enabled: false
|
||||
# -- Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider.
|
||||
# @section -- Persistence parameters
|
||||
storageClass: ""
|
||||
# -- Exporter persistent Volume size.
|
||||
# @section -- Persistence parameters
|
||||
size: 10Gi
|
||||
# -- The name of an existing PVC to use for persistence.
|
||||
# @section -- Persistence parameters
|
||||
existingClaim: ""
|
||||
# -- Exporter persistent Volume access modes.
|
||||
# @section -- Persistence parameters
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
# -- Exporter persistent Volume Claim annotations.
|
||||
# @section -- Persistence parameters
|
||||
annotations: {}
|
||||
|
||||
|
||||
########################################
|
||||
## @section Ingress parameters
|
||||
########################################
|
||||
|
||||
ingress:
|
||||
# -- Enable (frontend) Ingress Controller.
|
||||
# @section -- Ingress parameters
|
||||
enabled: false
|
||||
# -- The Ingress className.
|
||||
# @section -- Ingress parameters
|
||||
className: ""
|
||||
annotations: {}
|
||||
# -- Mapped annotations for the ingress crontroller.
|
||||
# E.g.
|
||||
# annotations:
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
# @section -- Ingress parameters
|
||||
annotations: {}
|
||||
# -- Root path for every hosts.
|
||||
# @section -- Ingress parameters
|
||||
path: "/"
|
||||
# -- Array style hosts for the (frontend) ingress crontroller.
|
||||
# @section -- Ingress parameters
|
||||
hosts:
|
||||
# -- The default external hostname to access to the penpot app.
|
||||
# @section -- Ingress parameters
|
||||
- host: penpot.example.com
|
||||
tls: []
|
||||
# -- Array style TLS secrets for the (frontend) ingress crontroller.
|
||||
# E.g.
|
||||
# tls:
|
||||
# - secretName: penpot.example.com-tls
|
||||
# hosts:
|
||||
# - penpot.example.com
|
||||
# @section -- Ingress parameters
|
||||
tls: []
|
||||
|
||||
|
||||
########################################
|
||||
## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
|
||||
########################################
|
||||
|
||||
## @param postgresql.auth.username Name for a custom user to create.
|
||||
## @param postgresql.auth.password Password for the custom user to create.
|
||||
## @param postgresql.auth.database Name for a custom database to create.
|
||||
##
|
||||
# -- PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
|
||||
# @section -- PostgreSQL Dependencie parameters
|
||||
postgresql:
|
||||
auth:
|
||||
# -- Name for a custom user to create.
|
||||
# @section -- PostgreSQL Dependencie parameters
|
||||
username: "penpot"
|
||||
# -- Password for the custom user to create.
|
||||
# @section -- PostgreSQL Dependencie parameters
|
||||
password: "penpot"
|
||||
# -- Name for a custom database to create.
|
||||
# @section -- PostgreSQL Dependencie parameters
|
||||
database: "penpot"
|
||||
|
||||
########################################
|
||||
## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
|
||||
########################################
|
||||
|
||||
## @param redis.auth.enabled Whether to enable password authentication.
|
||||
##
|
||||
# -- Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
|
||||
# @section -- Redis Dependencie parameters
|
||||
redis:
|
||||
auth:
|
||||
# -- Whether to enable password authentication.
|
||||
# @section -- Redis Dependencie parameters
|
||||
enabled: false
|
||||
|
|
|
@ -15,10 +15,11 @@ config:
|
|||
|
||||
#exporter:
|
||||
# replicaCount: 2
|
||||
# persistence:
|
||||
# enabled: true
|
||||
|
||||
persistence:
|
||||
assets:
|
||||
enabled: true
|
||||
exporter:
|
||||
enabled: true
|
||||
|
||||
ingress:
|
||||
|
|
Loading…
Reference in a new issue