mirror of
https://github.com/penpot/penpot-helm.git
synced 2024-12-21 21:23:04 -05:00
👶 initial code
This commit is contained in:
commit
bc96a6b4de
27 changed files with 1896 additions and 0 deletions
14
.gitignore
vendored
Normal file
14
.gitignore
vendored
Normal file
|
@ -0,0 +1,14 @@
|
|||
.DS_Store
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
# Dependencies
|
||||
charts/*.tgz
|
373
LICENSE
Normal file
373
LICENSE
Normal file
|
@ -0,0 +1,373 @@
|
|||
Mozilla Public License Version 2.0
|
||||
==================================
|
||||
|
||||
1. Definitions
|
||||
--------------
|
||||
|
||||
1.1. "Contributor"
|
||||
means each individual or legal entity that creates, contributes to
|
||||
the creation of, or owns Covered Software.
|
||||
|
||||
1.2. "Contributor Version"
|
||||
means the combination of the Contributions of others (if any) used
|
||||
by a Contributor and that particular Contributor's Contribution.
|
||||
|
||||
1.3. "Contribution"
|
||||
means Covered Software of a particular Contributor.
|
||||
|
||||
1.4. "Covered Software"
|
||||
means Source Code Form to which the initial Contributor has attached
|
||||
the notice in Exhibit A, the Executable Form of such Source Code
|
||||
Form, and Modifications of such Source Code Form, in each case
|
||||
including portions thereof.
|
||||
|
||||
1.5. "Incompatible With Secondary Licenses"
|
||||
means
|
||||
|
||||
(a) that the initial Contributor has attached the notice described
|
||||
in Exhibit B to the Covered Software; or
|
||||
|
||||
(b) that the Covered Software was made available under the terms of
|
||||
version 1.1 or earlier of the License, but not also under the
|
||||
terms of a Secondary License.
|
||||
|
||||
1.6. "Executable Form"
|
||||
means any form of the work other than Source Code Form.
|
||||
|
||||
1.7. "Larger Work"
|
||||
means a work that combines Covered Software with other material, in
|
||||
a separate file or files, that is not Covered Software.
|
||||
|
||||
1.8. "License"
|
||||
means this document.
|
||||
|
||||
1.9. "Licensable"
|
||||
means having the right to grant, to the maximum extent possible,
|
||||
whether at the time of the initial grant or subsequently, any and
|
||||
all of the rights conveyed by this License.
|
||||
|
||||
1.10. "Modifications"
|
||||
means any of the following:
|
||||
|
||||
(a) any file in Source Code Form that results from an addition to,
|
||||
deletion from, or modification of the contents of Covered
|
||||
Software; or
|
||||
|
||||
(b) any new file in Source Code Form that contains any Covered
|
||||
Software.
|
||||
|
||||
1.11. "Patent Claims" of a Contributor
|
||||
means any patent claim(s), including without limitation, method,
|
||||
process, and apparatus claims, in any patent Licensable by such
|
||||
Contributor that would be infringed, but for the grant of the
|
||||
License, by the making, using, selling, offering for sale, having
|
||||
made, import, or transfer of either its Contributions or its
|
||||
Contributor Version.
|
||||
|
||||
1.12. "Secondary License"
|
||||
means either the GNU General Public License, Version 2.0, the GNU
|
||||
Lesser General Public License, Version 2.1, the GNU Affero General
|
||||
Public License, Version 3.0, or any later versions of those
|
||||
licenses.
|
||||
|
||||
1.13. "Source Code Form"
|
||||
means the form of the work preferred for making modifications.
|
||||
|
||||
1.14. "You" (or "Your")
|
||||
means an individual or a legal entity exercising rights under this
|
||||
License. For legal entities, "You" includes any entity that
|
||||
controls, is controlled by, or is under common control with You. For
|
||||
purposes of this definition, "control" means (a) the power, direct
|
||||
or indirect, to cause the direction or management of such entity,
|
||||
whether by contract or otherwise, or (b) ownership of more than
|
||||
fifty percent (50%) of the outstanding shares or beneficial
|
||||
ownership of such entity.
|
||||
|
||||
2. License Grants and Conditions
|
||||
--------------------------------
|
||||
|
||||
2.1. Grants
|
||||
|
||||
Each Contributor hereby grants You a world-wide, royalty-free,
|
||||
non-exclusive license:
|
||||
|
||||
(a) under intellectual property rights (other than patent or trademark)
|
||||
Licensable by such Contributor to use, reproduce, make available,
|
||||
modify, display, perform, distribute, and otherwise exploit its
|
||||
Contributions, either on an unmodified basis, with Modifications, or
|
||||
as part of a Larger Work; and
|
||||
|
||||
(b) under Patent Claims of such Contributor to make, use, sell, offer
|
||||
for sale, have made, import, and otherwise transfer either its
|
||||
Contributions or its Contributor Version.
|
||||
|
||||
2.2. Effective Date
|
||||
|
||||
The licenses granted in Section 2.1 with respect to any Contribution
|
||||
become effective for each Contribution on the date the Contributor first
|
||||
distributes such Contribution.
|
||||
|
||||
2.3. Limitations on Grant Scope
|
||||
|
||||
The licenses granted in this Section 2 are the only rights granted under
|
||||
this License. No additional rights or licenses will be implied from the
|
||||
distribution or licensing of Covered Software under this License.
|
||||
Notwithstanding Section 2.1(b) above, no patent license is granted by a
|
||||
Contributor:
|
||||
|
||||
(a) for any code that a Contributor has removed from Covered Software;
|
||||
or
|
||||
|
||||
(b) for infringements caused by: (i) Your and any other third party's
|
||||
modifications of Covered Software, or (ii) the combination of its
|
||||
Contributions with other software (except as part of its Contributor
|
||||
Version); or
|
||||
|
||||
(c) under Patent Claims infringed by Covered Software in the absence of
|
||||
its Contributions.
|
||||
|
||||
This License does not grant any rights in the trademarks, service marks,
|
||||
or logos of any Contributor (except as may be necessary to comply with
|
||||
the notice requirements in Section 3.4).
|
||||
|
||||
2.4. Subsequent Licenses
|
||||
|
||||
No Contributor makes additional grants as a result of Your choice to
|
||||
distribute the Covered Software under a subsequent version of this
|
||||
License (see Section 10.2) or under the terms of a Secondary License (if
|
||||
permitted under the terms of Section 3.3).
|
||||
|
||||
2.5. Representation
|
||||
|
||||
Each Contributor represents that the Contributor believes its
|
||||
Contributions are its original creation(s) or it has sufficient rights
|
||||
to grant the rights to its Contributions conveyed by this License.
|
||||
|
||||
2.6. Fair Use
|
||||
|
||||
This License is not intended to limit any rights You have under
|
||||
applicable copyright doctrines of fair use, fair dealing, or other
|
||||
equivalents.
|
||||
|
||||
2.7. Conditions
|
||||
|
||||
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
|
||||
in Section 2.1.
|
||||
|
||||
3. Responsibilities
|
||||
-------------------
|
||||
|
||||
3.1. Distribution of Source Form
|
||||
|
||||
All distribution of Covered Software in Source Code Form, including any
|
||||
Modifications that You create or to which You contribute, must be under
|
||||
the terms of this License. You must inform recipients that the Source
|
||||
Code Form of the Covered Software is governed by the terms of this
|
||||
License, and how they can obtain a copy of this License. You may not
|
||||
attempt to alter or restrict the recipients' rights in the Source Code
|
||||
Form.
|
||||
|
||||
3.2. Distribution of Executable Form
|
||||
|
||||
If You distribute Covered Software in Executable Form then:
|
||||
|
||||
(a) such Covered Software must also be made available in Source Code
|
||||
Form, as described in Section 3.1, and You must inform recipients of
|
||||
the Executable Form how they can obtain a copy of such Source Code
|
||||
Form by reasonable means in a timely manner, at a charge no more
|
||||
than the cost of distribution to the recipient; and
|
||||
|
||||
(b) You may distribute such Executable Form under the terms of this
|
||||
License, or sublicense it under different terms, provided that the
|
||||
license for the Executable Form does not attempt to limit or alter
|
||||
the recipients' rights in the Source Code Form under this License.
|
||||
|
||||
3.3. Distribution of a Larger Work
|
||||
|
||||
You may create and distribute a Larger Work under terms of Your choice,
|
||||
provided that You also comply with the requirements of this License for
|
||||
the Covered Software. If the Larger Work is a combination of Covered
|
||||
Software with a work governed by one or more Secondary Licenses, and the
|
||||
Covered Software is not Incompatible With Secondary Licenses, this
|
||||
License permits You to additionally distribute such Covered Software
|
||||
under the terms of such Secondary License(s), so that the recipient of
|
||||
the Larger Work may, at their option, further distribute the Covered
|
||||
Software under the terms of either this License or such Secondary
|
||||
License(s).
|
||||
|
||||
3.4. Notices
|
||||
|
||||
You may not remove or alter the substance of any license notices
|
||||
(including copyright notices, patent notices, disclaimers of warranty,
|
||||
or limitations of liability) contained within the Source Code Form of
|
||||
the Covered Software, except that You may alter any license notices to
|
||||
the extent required to remedy known factual inaccuracies.
|
||||
|
||||
3.5. Application of Additional Terms
|
||||
|
||||
You may choose to offer, and to charge a fee for, warranty, support,
|
||||
indemnity or liability obligations to one or more recipients of Covered
|
||||
Software. However, You may do so only on Your own behalf, and not on
|
||||
behalf of any Contributor. You must make it absolutely clear that any
|
||||
such warranty, support, indemnity, or liability obligation is offered by
|
||||
You alone, and You hereby agree to indemnify every Contributor for any
|
||||
liability incurred by such Contributor as a result of warranty, support,
|
||||
indemnity or liability terms You offer. You may include additional
|
||||
disclaimers of warranty and limitations of liability specific to any
|
||||
jurisdiction.
|
||||
|
||||
4. Inability to Comply Due to Statute or Regulation
|
||||
---------------------------------------------------
|
||||
|
||||
If it is impossible for You to comply with any of the terms of this
|
||||
License with respect to some or all of the Covered Software due to
|
||||
statute, judicial order, or regulation then You must: (a) comply with
|
||||
the terms of this License to the maximum extent possible; and (b)
|
||||
describe the limitations and the code they affect. Such description must
|
||||
be placed in a text file included with all distributions of the Covered
|
||||
Software under this License. Except to the extent prohibited by statute
|
||||
or regulation, such description must be sufficiently detailed for a
|
||||
recipient of ordinary skill to be able to understand it.
|
||||
|
||||
5. Termination
|
||||
--------------
|
||||
|
||||
5.1. The rights granted under this License will terminate automatically
|
||||
if You fail to comply with any of its terms. However, if You become
|
||||
compliant, then the rights granted under this License from a particular
|
||||
Contributor are reinstated (a) provisionally, unless and until such
|
||||
Contributor explicitly and finally terminates Your grants, and (b) on an
|
||||
ongoing basis, if such Contributor fails to notify You of the
|
||||
non-compliance by some reasonable means prior to 60 days after You have
|
||||
come back into compliance. Moreover, Your grants from a particular
|
||||
Contributor are reinstated on an ongoing basis if such Contributor
|
||||
notifies You of the non-compliance by some reasonable means, this is the
|
||||
first time You have received notice of non-compliance with this License
|
||||
from such Contributor, and You become compliant prior to 30 days after
|
||||
Your receipt of the notice.
|
||||
|
||||
5.2. If You initiate litigation against any entity by asserting a patent
|
||||
infringement claim (excluding declaratory judgment actions,
|
||||
counter-claims, and cross-claims) alleging that a Contributor Version
|
||||
directly or indirectly infringes any patent, then the rights granted to
|
||||
You by any and all Contributors for the Covered Software under Section
|
||||
2.1 of this License shall terminate.
|
||||
|
||||
5.3. In the event of termination under Sections 5.1 or 5.2 above, all
|
||||
end user license agreements (excluding distributors and resellers) which
|
||||
have been validly granted by You or Your distributors under this License
|
||||
prior to termination shall survive termination.
|
||||
|
||||
************************************************************************
|
||||
* *
|
||||
* 6. Disclaimer of Warranty *
|
||||
* ------------------------- *
|
||||
* *
|
||||
* Covered Software is provided under this License on an "as is" *
|
||||
* basis, without warranty of any kind, either expressed, implied, or *
|
||||
* statutory, including, without limitation, warranties that the *
|
||||
* Covered Software is free of defects, merchantable, fit for a *
|
||||
* particular purpose or non-infringing. The entire risk as to the *
|
||||
* quality and performance of the Covered Software is with You. *
|
||||
* Should any Covered Software prove defective in any respect, You *
|
||||
* (not any Contributor) assume the cost of any necessary servicing, *
|
||||
* repair, or correction. This disclaimer of warranty constitutes an *
|
||||
* essential part of this License. No use of any Covered Software is *
|
||||
* authorized under this License except under this disclaimer. *
|
||||
* *
|
||||
************************************************************************
|
||||
|
||||
************************************************************************
|
||||
* *
|
||||
* 7. Limitation of Liability *
|
||||
* -------------------------- *
|
||||
* *
|
||||
* Under no circumstances and under no legal theory, whether tort *
|
||||
* (including negligence), contract, or otherwise, shall any *
|
||||
* Contributor, or anyone who distributes Covered Software as *
|
||||
* permitted above, be liable to You for any direct, indirect, *
|
||||
* special, incidental, or consequential damages of any character *
|
||||
* including, without limitation, damages for lost profits, loss of *
|
||||
* goodwill, work stoppage, computer failure or malfunction, or any *
|
||||
* and all other commercial damages or losses, even if such party *
|
||||
* shall have been informed of the possibility of such damages. This *
|
||||
* limitation of liability shall not apply to liability for death or *
|
||||
* personal injury resulting from such party's negligence to the *
|
||||
* extent applicable law prohibits such limitation. Some *
|
||||
* jurisdictions do not allow the exclusion or limitation of *
|
||||
* incidental or consequential damages, so this exclusion and *
|
||||
* limitation may not apply to You. *
|
||||
* *
|
||||
************************************************************************
|
||||
|
||||
8. Litigation
|
||||
-------------
|
||||
|
||||
Any litigation relating to this License may be brought only in the
|
||||
courts of a jurisdiction where the defendant maintains its principal
|
||||
place of business and such litigation shall be governed by laws of that
|
||||
jurisdiction, without reference to its conflict-of-law provisions.
|
||||
Nothing in this Section shall prevent a party's ability to bring
|
||||
cross-claims or counter-claims.
|
||||
|
||||
9. Miscellaneous
|
||||
----------------
|
||||
|
||||
This License represents the complete agreement concerning the subject
|
||||
matter hereof. If any provision of this License is held to be
|
||||
unenforceable, such provision shall be reformed only to the extent
|
||||
necessary to make it enforceable. Any law or regulation which provides
|
||||
that the language of a contract shall be construed against the drafter
|
||||
shall not be used to construe this License against a Contributor.
|
||||
|
||||
10. Versions of the License
|
||||
---------------------------
|
||||
|
||||
10.1. New Versions
|
||||
|
||||
Mozilla Foundation is the license steward. Except as provided in Section
|
||||
10.3, no one other than the license steward has the right to modify or
|
||||
publish new versions of this License. Each version will be given a
|
||||
distinguishing version number.
|
||||
|
||||
10.2. Effect of New Versions
|
||||
|
||||
You may distribute the Covered Software under the terms of the version
|
||||
of the License under which You originally received the Covered Software,
|
||||
or under the terms of any subsequent version published by the license
|
||||
steward.
|
||||
|
||||
10.3. Modified Versions
|
||||
|
||||
If you create software not governed by this License, and you want to
|
||||
create a new license for such software, you may create and use a
|
||||
modified version of this License if you rename the license and remove
|
||||
any references to the name of the license steward (except to note that
|
||||
such modified license differs from this License).
|
||||
|
||||
10.4. Distributing Source Code Form that is Incompatible With Secondary
|
||||
Licenses
|
||||
|
||||
If You choose to distribute Source Code Form that is Incompatible With
|
||||
Secondary Licenses under the terms of this version of the License, the
|
||||
notice described in Exhibit B of this License must be attached.
|
||||
|
||||
Exhibit A - Source Code Form License Notice
|
||||
-------------------------------------------
|
||||
|
||||
This Source Code Form is subject to the terms of the Mozilla Public
|
||||
License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
If it is not possible or desirable to put the notice in a particular
|
||||
file, then You may include the notice in a location (such as a LICENSE
|
||||
file in a relevant directory) where a recipient would be likely to look
|
||||
for such a notice.
|
||||
|
||||
You may add additional accurate notices of copyright ownership.
|
||||
|
||||
Exhibit B - "Incompatible With Secondary Licenses" Notice
|
||||
---------------------------------------------------------
|
||||
|
||||
This Source Code Form is "Incompatible With Secondary Licenses", as
|
||||
defined by the Mozilla Public License, v. 2.0.
|
36
README.md
Normal file
36
README.md
Normal file
|
@ -0,0 +1,36 @@
|
|||
# Penpot Helm Chart
|
||||
|
||||
This repository contains the Penpot Helm Chart curated by Penpot.
|
||||
|
||||
## Local Development
|
||||
|
||||
### Requirements:
|
||||
|
||||
- [docker](https://docs.docker.com/engine/install/)
|
||||
- [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
|
||||
- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
|
||||
- [helm](https://helm.sh/docs/intro/install/)
|
||||
|
||||
### Usage:
|
||||
|
||||
- Create the cluster `penpot-cluster` with a namespace `penpot`:
|
||||
```shell
|
||||
./scripts/cluster_create.sh
|
||||
```
|
||||
|
||||
- Download dependencies
|
||||
```shell
|
||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
helm dependency build ./charts/penpot
|
||||
```
|
||||
|
||||
- Install the chart
|
||||
```shell
|
||||
helm install penpot ./charts/penpot -f devel/penpot.values.yaml
|
||||
```
|
||||
|
||||
- Access to http://localhost/
|
||||
> :bulb: if you disable ingress, you can exposing the app in the port 8888 with:
|
||||
> ```shell
|
||||
> kubectl port-forward service/penpot 8888:80
|
||||
> ```
|
5
SECURITY.md
Normal file
5
SECURITY.md
Normal file
|
@ -0,0 +1,5 @@
|
|||
# Security Policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Please report security issues to `support@penpot.app`
|
23
charts/penpot/.helmignore
Normal file
23
charts/penpot/.helmignore
Normal file
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
9
charts/penpot/Chart.lock
Normal file
9
charts/penpot/Chart.lock
Normal file
|
@ -0,0 +1,9 @@
|
|||
dependencies:
|
||||
- name: postgresql
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 15.5.10
|
||||
- name: redis
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 19.5.5
|
||||
digest: sha256:1987422035eb83d10647c04826d9ee984e5675678a683013864a557301b70a2c
|
||||
generated: "2024-06-25T17:19:37.004734089+02:00"
|
32
charts/penpot/Chart.yaml
Normal file
32
charts/penpot/Chart.yaml
Normal file
|
@ -0,0 +1,32 @@
|
|||
apiVersion: v2
|
||||
version: 0.1.0 # Chart version
|
||||
appVersion: "2.0.3" # Penpot version
|
||||
type: application
|
||||
name: penpot
|
||||
description: Helm chart for Penpot, the Open Source design and prototyping platform.
|
||||
maintainers:
|
||||
- name: Kaleidos INC
|
||||
url: https://kaleidos.net
|
||||
home: https://penpot.app
|
||||
icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4
|
||||
sources:
|
||||
- https://github.com/penpot/penpot/tree/main
|
||||
- https://github.com/penpot/penpot-helm/tree/main
|
||||
keywords:
|
||||
- kubernetes
|
||||
- penpot
|
||||
- penpotapp
|
||||
- design
|
||||
- designsystem
|
||||
- opensource
|
||||
- ux
|
||||
- ui
|
||||
dependencies:
|
||||
- name: postgresql
|
||||
version: 15.x.x # appVersion >= 16.2.0
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
condition: global.postgresqlEnabled
|
||||
- name: redis
|
||||
version: 19.x.x # appVersion >= 7.2.4
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
condition: global.redisEnabled
|
BIN
charts/penpot/charts/postgresql-15.5.10.tgz
Normal file
BIN
charts/penpot/charts/postgresql-15.5.10.tgz
Normal file
Binary file not shown.
BIN
charts/penpot/charts/redis-19.5.5.tgz
Normal file
BIN
charts/penpot/charts/redis-19.5.5.tgz
Normal file
Binary file not shown.
8
charts/penpot/templates/NOTES.txt
Normal file
8
charts/penpot/templates/NOTES.txt
Normal file
|
@ -0,0 +1,8 @@
|
|||
Thank you for installing {{ .Chart.Name }}.
|
||||
|
||||
Your release is named '{{ .Release.Name }}'.
|
||||
|
||||
To learn more about the release, try:
|
||||
|
||||
$ helm status {{ .Release.Name }}
|
||||
$ helm get all {{ .Release.Name }}
|
75
charts/penpot/templates/_helpers.tpl
Normal file
75
charts/penpot/templates/_helpers.tpl
Normal file
|
@ -0,0 +1,75 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "penpot.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "penpot.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "penpot.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "penpot.labels" -}}
|
||||
helm.sh/chart: {{ include "penpot.chart" . }}
|
||||
{{ include "penpot.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "penpot.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "penpot.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- define "penpot.frontendSelectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
{{- define "penpot.backendSelectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "penpot.name" . }}-backend
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
{{- define "penpot.exporterSelectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "penpot.name" . }}-exporter
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "penpot.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "penpot.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
24
charts/penpot/templates/assets-persistentvolumeclaim.yml
Normal file
24
charts/penpot/templates/assets-persistentvolumeclaim.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
{{- if .Values.persistence.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.persistence.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end -}}
|
403
charts/penpot/templates/backend-deployment.yml
Normal file
403
charts/penpot/templates/backend-deployment.yml
Normal file
|
@ -0,0 +1,403 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-backend
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "penpot.backendSelectorLabels" . | nindent 6 }}
|
||||
replicas: {{ .Values.backend.replicaCount }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: penpot-backend
|
||||
{{- include "penpot.backendSelectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
||||
{{- if .Values.backend.podSecurityContext.enabled }}
|
||||
securityContext:
|
||||
{{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
affinity:
|
||||
podAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- {{ .Release.Name }}
|
||||
topologyKey: "kubernetes.io/hostname"
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-backend
|
||||
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.backend.image.pullPolicy }}
|
||||
{{- if .Values.backend.containerSecurityContext.enabled }}
|
||||
securityContext:
|
||||
{{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{/* General settings */}}
|
||||
- name: PENPOT_PUBLIC_URI
|
||||
value: {{ .Values.config.publicUri | quote }}
|
||||
- name: PENPOT_FLAGS
|
||||
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
|
||||
- name: PENPOT_SECRET_KEY
|
||||
value: {{ .Values.config.apiSecretKey | quote }}
|
||||
{{- if .Values.config.registrationDomainWhitelist }}
|
||||
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
|
||||
value: {{ .Values.config.registrationDomainWhitelist | quote }}
|
||||
{{- end }}
|
||||
- name: PENPOT_TELEMETRY_ENABLED
|
||||
value: {{ .Values.config.telemetryEnabled | quote }}
|
||||
{{- if .Values.backend.service.prepl.enabled }}
|
||||
- name: PENPOT_PREPL_HOST
|
||||
value: "0.0.0.0"
|
||||
{{- end }}
|
||||
{{/* PosgreSQL connection settings */}}
|
||||
- name: PENPOT_DATABASE_URI
|
||||
{{- if .Values.config.postgresql.host }}
|
||||
value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
|
||||
{{- else }}
|
||||
value: {{ print "postgresql://" (include "penpot.fullname" .) "-postgresql:" .Values.config.postgresql.port "/" .Values.config.postgresql.database }}
|
||||
{{- end }}
|
||||
- name: PENPOT_DATABASE_USERNAME
|
||||
{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
|
||||
value: {{ .Values.config.postgresql.username | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.postgresql.existingSecret }}
|
||||
key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
|
||||
{{- end }}
|
||||
- name: PENPOT_DATABASE_PASSWORD
|
||||
{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
|
||||
value: {{ .Values.config.postgresql.password | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.postgresql.existingSecret }}
|
||||
key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
|
||||
{{- end }}
|
||||
{{/* Redis connection settings */}}
|
||||
- name: PENPOT_REDIS_URI
|
||||
{{- if .Values.config.redis.host }}
|
||||
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
|
||||
{{- else }}
|
||||
value: {{ print "redis://" (include "penpot.fullname" .) "-redis-master:" .Values.config.redis.port "/" .Values.config.redis.database }}
|
||||
{{- end }}
|
||||
{{/* Assets storage settings */}}
|
||||
- name: PENPOT_ASSETS_STORAGE_BACKEND
|
||||
value: {{ .Values.config.assets.storageBackend | quote }}
|
||||
{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
|
||||
- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
|
||||
value: {{ .Values.config.assets.filesystem.directory | quote }}
|
||||
{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
|
||||
- name: PENPOT_STORAGE_ASSETS_S3_REGION
|
||||
value: {{ .Values.config.assets.s3.region | quote }}
|
||||
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
|
||||
value: {{ .Values.config.assets.s3.bucket | quote }}
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
|
||||
value: {{ .Values.config.assets.s3.accessKeyID | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.assets.s3.existingSecret }}
|
||||
key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
|
||||
{{- end }}
|
||||
- name: AWS_SECRET_ACCESS_KEY
|
||||
{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
|
||||
value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.assets.s3.existingSecret }}
|
||||
key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
|
||||
{{- end }}
|
||||
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
|
||||
{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
|
||||
value: {{ .Values.config.assets.s3.endpointURI | quote }}
|
||||
{{- else }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.assets.s3.existingSecret }}
|
||||
key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* SMTP settings */}}
|
||||
{{- if .Values.config.smtp.enabled }}
|
||||
{{- if .Values.config.smtp.defaultFrom }}
|
||||
- name: PENPOT_SMTP_DEFAULT_FROM
|
||||
value: {{ .Values.config.smtp.defaultFrom | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.smtp.defaultReplyTo }}
|
||||
- name: PENPOT_SMTP_DEFAULT_REPLY_TO
|
||||
value: {{ .Values.config.smtp.defaultReplyTo | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.smtp.host }}
|
||||
- name: PENPOT_SMTP_HOST
|
||||
value: {{ .Values.config.smtp.host | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.smtp.port }}
|
||||
- name: PENPOT_SMTP_PORT
|
||||
value: {{ .Values.config.smtp.port | quote }}
|
||||
{{- end }}
|
||||
{{- if not .Values.config.smtp.secretKeys.usernameKey }}
|
||||
- name: PENPOT_SMTP_USERNAME
|
||||
value: {{ .Values.config.smtp.username | quote }}
|
||||
{{- else }}
|
||||
- name: PENPOT_SMTP_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.smtp.existingSecret }}
|
||||
key: {{ .Values.config.smtp.secretKeys.usernameKey }}
|
||||
{{- end }}
|
||||
{{- if not .Values.config.smtp.secretKeys.passwordKey }}
|
||||
- name: PENPOT_SMTP_PASSWORD
|
||||
value: {{ .Values.config.smtp.password | quote }}
|
||||
{{- else }}
|
||||
- name: PENPOT_SMTP_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.smtp.existingSecret }}
|
||||
key: {{ .Values.config.smtp.secretKeys.passwordKey }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.smtp.tls }}
|
||||
- name: PENPOT_SMTP_TLS
|
||||
value: {{ .Values.config.smtp.tls | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.smtp.ssl }}
|
||||
- name: PENPOT_SMTP_SSL
|
||||
value: {{ .Values.config.smtp.ssl | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* Google Auth provider settings */}}
|
||||
{{- if .Values.config.providers.google.enabled }}
|
||||
{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
|
||||
- name: PENPOT_GOOGLE_CLIENT_ID
|
||||
value: {{ .Values.config.providers.google.clientID | quote }}
|
||||
{{- else }}
|
||||
- name: PENPOT_GOOGLE_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.providers.existingSecret }}
|
||||
key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
|
||||
{{- end }}
|
||||
{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
|
||||
- name: PENPOT_GOOGLE_CLIENT_SECRET
|
||||
value: {{ .Values.config.providers.google.clientSecret | quote }}
|
||||
{{- else }}
|
||||
- name: PENPOT_GOOGLE_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.providers.existingSecret }}
|
||||
key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* Github Auth provider settings */}}
|
||||
{{- if .Values.config.providers.github.enabled }}
|
||||
{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
|
||||
- name: PENPOT_GITHUB_CLIENT_ID
|
||||
value: {{ .Values.config.providers.github.clientID | quote }}
|
||||
{{- else }}
|
||||
- name: PENPOT_GITHUB_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.providers.existingSecret }}
|
||||
key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
|
||||
{{- end }}
|
||||
{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
|
||||
- name: PENPOT_GITHUB_CLIENT_SECRET
|
||||
value: {{ .Values.config.providers.github.clientSecret | quote }}
|
||||
{{- else }}
|
||||
- name: PENPOT_GITHUB_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.providers.existingSecret }}
|
||||
key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* Gitlab Auth provider settings */}}
|
||||
{{- if .Values.config.providers.gitlab.enabled }}
|
||||
{{- if .Values.config.providers.gitlab.baseURI }}
|
||||
- name: PENPOT_GITLAB_BASE_URI
|
||||
value: {{ .Values.config.providers.gitlab.baseURI | quote }}
|
||||
{{- end }}
|
||||
{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
|
||||
- name: PENPOT_GITLAB_CLIENT_ID
|
||||
value: {{ .Values.config.providers.gitlab.clientID | quote }}
|
||||
{{- else }}
|
||||
- name: PENPOT_GITLAB_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.providers.existingSecret }}
|
||||
key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
|
||||
{{- end }}
|
||||
{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
|
||||
- name: PENPOT_GITLAB_CLIENT_SECRET
|
||||
value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
|
||||
{{- else }}
|
||||
- name: PENPOT_GITLAB_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.providers.existingSecret }}
|
||||
key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* OIDC provider settings */}}
|
||||
{{- if .Values.config.providers.oidc.enabled }}
|
||||
{{- if .Values.config.providers.oidc.baseURI }}
|
||||
- name: PENPOT_OIDC_BASE_URI
|
||||
value: {{ .Values.config.providers.oidc.baseURI | quote }}
|
||||
{{- end }}
|
||||
{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
|
||||
- name: PENPOT_OIDC_CLIENT_ID
|
||||
value: {{ .Values.config.providers.oidc.clientID | quote}}
|
||||
{{- else }}
|
||||
- name: PENPOT_OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.providers.existingSecret }}
|
||||
key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
|
||||
{{- end }}
|
||||
{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
|
||||
- name: PENPOT_OIDC_CLIENT_SECRET
|
||||
value: {{ .Values.config.providers.oidc.clientSecret | quote }}
|
||||
{{- else }}
|
||||
- name: PENPOT_OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.config.providers.existingSecret }}
|
||||
key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.oidc.authURI }}
|
||||
- name: PENPOT_OIDC_AUTH_URI
|
||||
value: {{ .Values.config.providers.oidc.authURI | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.oidc.tokenURI }}
|
||||
- name: PENPOT_OIDC_TOKEN_URI
|
||||
value: {{ .Values.config.providers.oidc.tokenURI | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.oidc.userURI }}
|
||||
- name: PENPOT_OIDC_USER_URI
|
||||
value: {{ .Values.config.providers.oidc.userURI | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.oidc.roles }}
|
||||
- name: PENPOT_OIDC_ROLES
|
||||
value: {{ .Values.config.providers.oidc.roles | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.oidc.rolesAttribute }}
|
||||
- name: PENPOT_OIDC_ROLES_ATTR
|
||||
value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.oidc.scopes }}
|
||||
- name: PENPOT_OIDC_SCOPES
|
||||
value: {{ .Values.config.providers.oidc.scopes | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.oidc.nameAttribute }}
|
||||
- name: PENPOT_OIDC_NAME_ATTR
|
||||
value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.oidc.emailAttribute }}
|
||||
- name: PENPOT_OIDC_EMAIL_ATTR
|
||||
value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.oidc.userInfoSource }}
|
||||
- name: PENPOT_OIDC_USER_INFO_SOURCE
|
||||
value: {{ .Values.config.providers.oidc.userInfoSource | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* LDAP provider settings */}}
|
||||
{{- if .Values.config.providers.ldap.enabled }}
|
||||
{{- if .Values.config.providers.ldap.host }}
|
||||
- name: PENPOT_LDAP_HOST
|
||||
value: {{ .Values.config.providers.ldap.host | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.port }}
|
||||
- name: PENPOT_LDAP_PORT
|
||||
value: {{ .Values.config.providers.ldap.port | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.ssl }}
|
||||
- name: PENPOT_LDAP_SSL
|
||||
value: {{ .Values.config.providers.ldap.ssl | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.startTLS }}
|
||||
- name: PENPOT_LDAP_STARTTLS
|
||||
value: {{ .Values.config.providers.ldap.startTLS | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.baseDN }}
|
||||
- name: PENPOT_LDAP_BASE_DN
|
||||
value: {{ .Values.config.providers.ldap.baseDN | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.bindDN }}
|
||||
- name: PENPOT_LDAP_BIND_DN
|
||||
value: {{ .Values.config.providers.ldap.bindDN | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.bindPassword }}
|
||||
- name: PENPOT_LDAP_BIND_PASSWORD
|
||||
value: {{ .Values.config.providers.ldap.bindPassword | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.userQuery }}
|
||||
- name: PENPOT_LDAP_USER_QUERY
|
||||
value: {{ .Values.config.providers.ldap.userQuery | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.attributesUsername }}
|
||||
- name: PENPOT_LDAP_ATTRS_USERNAME
|
||||
value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.attributesEmail }}
|
||||
- name: PENPOT_LDAP_ATTRS_EMAIL
|
||||
value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.attributesFullname }}
|
||||
- name: PENPOT_LDAP_ATTRS_FULLNAME
|
||||
value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.config.providers.ldap.attributesPhoto }}
|
||||
- name: PENPOT_LDAP_ATTRS_PHOTO
|
||||
value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- mountPath: /opt/data/assets
|
||||
name: app-data
|
||||
readOnly: false
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.backend.service.http.port }}
|
||||
protocol: TCP
|
||||
{{- if .Values.backend.service.prepl.enabled }}
|
||||
- name: prepl
|
||||
containerPort: {{ .Values.backend.service.prepl.port }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.backend.resources | nindent 12 }}
|
||||
{{- with .Values.backend.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.backend.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.backend.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: app-data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
37
charts/penpot/templates/backend-service.yml
Normal file
37
charts/penpot/templates/backend-service.yml
Normal file
|
@ -0,0 +1,37 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-backend
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
{{- include "penpot.backendSelectorLabels" . | nindent 4 }}
|
||||
type: {{ .Values.backend.service.http.type }}
|
||||
ports:
|
||||
- port: {{ .Values.backend.service.http.port }}
|
||||
targetPort: {{ .Values.backend.service.http.port }}
|
||||
protocol: TCP
|
||||
name: http
|
||||
|
||||
---
|
||||
|
||||
{{- if .Values.backend.service.prepl.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-backend-prepl
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
{{- include "penpot.backendSelectorLabels" . | nindent 4 }}
|
||||
type: {{ .Values.backend.service.prepl.type }}
|
||||
ports:
|
||||
- port: {{ .Values.backend.service.prepl.port }}
|
||||
targetPort: {{ .Values.backend.service.prepl.port }}
|
||||
protocol: TCP
|
||||
name: prepl
|
||||
{{- end }}
|
75
charts/penpot/templates/exporter-deployment.yml
Normal file
75
charts/penpot/templates/exporter-deployment.yml
Normal file
|
@ -0,0 +1,75 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-exporter
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.exporter.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "penpot.exporterSelectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "penpot.exporterSelectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
||||
{{ if .Values.exporter.podSecurityContext.enabled }}
|
||||
securityContext:
|
||||
{{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-exporter
|
||||
image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }}
|
||||
{{ if .Values.exporter.containerSecurityContext.enabled }}
|
||||
securityContext:
|
||||
{{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: PENPOT_PUBLIC_URI
|
||||
value: {{ .Values.config.publicURI | quote }}
|
||||
- name: PENPOT_REDIS_URI
|
||||
{{- if .Values.config.redis.host }}
|
||||
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
|
||||
{{- else }}
|
||||
value: {{ print "redis://" (include "penpot.fullname" .) "-redis-master:" .Values.config.redis.port "/" .Values.config.redis.database }}
|
||||
{{- end }}
|
||||
- name: PENPOT_TEMPDIR
|
||||
value: "/tmp/penpot-exporter"
|
||||
volumeMounts:
|
||||
- mountPath: /tmp/penpot-exporter
|
||||
name: app-data
|
||||
readOnly: false
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.exporter.service.port }}
|
||||
protocol: TCP
|
||||
resources:
|
||||
{{- toYaml .Values.exporter.resources | nindent 12 }}
|
||||
{{- with .Values.exporter.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.exporter.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.exporter.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: app-data
|
||||
{{- if .Values.exporter.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.exporter.persistence.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "exporter" ) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
24
charts/penpot/templates/exporter-persistentvolumeclaim.yml
Normal file
24
charts/penpot/templates/exporter-persistentvolumeclaim.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
{{- if and .Values.exporter.persistence.enabled (not .Values.exporter.persistence.existingClaim) -}}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-exporter
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
{{- if .Values.exporter.persistence.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.exporter.persistence.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.exporter.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.exporter.persistence.size | quote }}
|
||||
{{- if .Values.exporter.persistence.storageClass }}
|
||||
storageClassName: "{{ .Values.exporter.persistence.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end -}}
|
17
charts/penpot/templates/exporter-service.yml
Normal file
17
charts/penpot/templates/exporter-service.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-exporter
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.exporter.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.exporter.service.port }}
|
||||
targetPort: {{ .Values.exporter.service.port }}
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "penpot.exporterSelectorLabels" . | nindent 4 }}
|
||||
|
74
charts/penpot/templates/frontend-deployment.yml
Normal file
74
charts/penpot/templates/frontend-deployment.yml
Normal file
|
@ -0,0 +1,74 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-frontend
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "penpot.frontendSelectorLabels" . | nindent 6 }}
|
||||
replicas: {{ .Values.frontend.replicaCount }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: penpot-frontend
|
||||
{{- include "penpot.frontendSelectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- with .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
||||
affinity:
|
||||
podAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- {{ .Release.Name }}
|
||||
topologyKey: "kubernetes.io/hostname"
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-frontend
|
||||
image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.frontend.image.pullPolicy }}
|
||||
env:
|
||||
- name: PENPOT_FLAGS
|
||||
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
|
||||
- name: PENPOT_BACKEND_URI
|
||||
value: {{ print "http://" (include "penpot.fullname" .) "-backend:" .Values.backend.service.http.port }}
|
||||
- name: PENPOT_EXPORTER_URI
|
||||
value: {{ print "http://" (include "penpot.fullname" .) "-exporter:" .Values.exporter.service.port }}
|
||||
volumeMounts:
|
||||
- mountPath: /opt/data/assets
|
||||
name: app-data
|
||||
readOnly: false
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: {{ .Values.frontend.service.port }}
|
||||
protocol: TCP
|
||||
resources:
|
||||
{{- toYaml .Values.frontend.resources | nindent 12 }}
|
||||
{{- with .Values.frontend.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.frontend.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.frontend.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: app-data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
16
charts/penpot/templates/frontend-service.yml
Normal file
16
charts/penpot/templates/frontend-service.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: {{ .Values.frontend.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.frontend.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "penpot.frontendSelectorLabels" . | nindent 4 }}
|
53
charts/penpot/templates/ingress.yml
Normal file
53
charts/penpot/templates/ingress.yml
Normal file
|
@ -0,0 +1,53 @@
|
|||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "penpot.fullname" . -}}
|
||||
{{- $svcPort := .Values.frontend.service.port -}}
|
||||
{{- $path := .Values.ingress.path }}
|
||||
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
|
||||
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
|
||||
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- .Values.ingress.tls | toYaml | nindent 4 }}
|
||||
{{ end }}
|
||||
rules:
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
- host: {{ $host | quote }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ $path }}
|
||||
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $svcPort }}
|
||||
{{- else }}
|
||||
backend:
|
||||
serviceName: {{ $fullName }}
|
||||
servicePort: {{ $svcPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
13
charts/penpot/templates/serviceaccount.yml
Normal file
13
charts/penpot/templates/serviceaccount.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
{{- if .Values.serviceAccount.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "penpot.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
516
charts/penpot/values.yaml
Normal file
516
charts/penpot/values.yaml
Normal file
|
@ -0,0 +1,516 @@
|
|||
## Default values for Penpot
|
||||
|
||||
########################################
|
||||
## @section Global parameters
|
||||
########################################
|
||||
|
||||
## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
|
||||
## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
|
||||
## @param global.imagePullSecrets Global Docker registry secret names as an array.
|
||||
##
|
||||
global:
|
||||
postgresqlEnabled: false
|
||||
redisEnabled: false
|
||||
## E.g.
|
||||
## imagePullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
imagePullSecrets: []
|
||||
|
||||
########################################
|
||||
## @section Common parameters
|
||||
########################################
|
||||
|
||||
## @param nameOverride String to partially override common.names.fullname
|
||||
##
|
||||
nameOverride: ""
|
||||
## @param fullnameOverride String to fully override common.names.fullname
|
||||
##
|
||||
fullnameOverride: ""
|
||||
## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created.
|
||||
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
|
||||
## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
|
||||
##
|
||||
serviceAccount:
|
||||
enabled: true
|
||||
annotations: {}
|
||||
name: "penpot"
|
||||
|
||||
########################################
|
||||
## @section Configuration parameters
|
||||
########################################
|
||||
|
||||
config:
|
||||
## @param config.publicUri The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
|
||||
## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
|
||||
## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example.
|
||||
##
|
||||
publicUri: "http://penpot.example.com"
|
||||
flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"
|
||||
apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"
|
||||
## @param config.postgresql.host The PostgreSQL host to connect to. Empty to use dependencies.
|
||||
## @param config.postgresql.port The PostgreSQL host port to use.
|
||||
## @param config.postgresql.username The database username to use.
|
||||
## @param config.postgresql.password The database password to use.
|
||||
## @param config.postgresql.database The PostgreSQL database to use.
|
||||
## @param config.postgresql.existingSecret The name of an existing secret.
|
||||
## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret.
|
||||
## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret.
|
||||
##
|
||||
postgresql:
|
||||
host: "" # Ex.: "postgresql.penpot.svc.cluster.local"
|
||||
port: 5432
|
||||
username: "penpot"
|
||||
password: "penpot"
|
||||
database: "penpot"
|
||||
existingSecret: ""
|
||||
secretKeys:
|
||||
usernameKey: ""
|
||||
passwordKey: ""
|
||||
## @param config.redis.host The Redis host to connect to. Empty to use dependencies
|
||||
## @param config.redis.port The Redis host port to use.
|
||||
## @param config.redis.database The Redis database to connect to.
|
||||
##
|
||||
redis:
|
||||
host: "" # Ex.: "redis-headless.penpot.svc.cluster.local"
|
||||
port: 6379
|
||||
database: "0"
|
||||
## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
|
||||
## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend.
|
||||
## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend.
|
||||
## @param config.assets.s3.existingSecret The name of an existing secret.
|
||||
## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret.
|
||||
## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret.
|
||||
## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret.
|
||||
##
|
||||
assets:
|
||||
storageBackend: "assets-fs"
|
||||
filesystem:
|
||||
directory: "/opt/data/assets"
|
||||
s3:
|
||||
accessKeyID: ""
|
||||
secretAccessKey: ""
|
||||
region: ""
|
||||
bucket: ""
|
||||
endpointURI: ""
|
||||
existingSecret: ""
|
||||
secretKeys:
|
||||
accessKeyIDKey: ""
|
||||
secretAccessKey: ""
|
||||
endpointURIKey: ""
|
||||
## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data.
|
||||
##
|
||||
telemetryEnabled: true
|
||||
## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
|
||||
## @param config.smtp.defaultFrom The SMTP default email to send from.
|
||||
## @param config.smtp.defaultReplyTo The SMTP default email to reply to.
|
||||
## @param config.smtp.host The SMTP host to use.
|
||||
## @param config.smtp.port The SMTP host port to use.
|
||||
## @param config.smtp.username The SMTP username to use.
|
||||
## @param config.smtp.password The SMTP password to use.
|
||||
## @param config.smtp.tls Whether to use TLS for the SMTP connection.
|
||||
## @param config.smtp.ssl Whether to use SSL for the SMTP connection.
|
||||
## @param config.smtp.existingSecret The name of an existing secret.
|
||||
## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret.
|
||||
## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret.
|
||||
##
|
||||
smtp:
|
||||
enabled: false
|
||||
defaultFrom: ""
|
||||
defaultReplyTo: ""
|
||||
host: ""
|
||||
port: ""
|
||||
username: ""
|
||||
password: ""
|
||||
tls: true
|
||||
ssl: false
|
||||
existingSecret: ""
|
||||
secretKeys:
|
||||
usernameKey: ""
|
||||
passwordKey: ""
|
||||
## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains.
|
||||
##
|
||||
registrationDomainWhitelist: ""
|
||||
## Penpot Authentication providers parameters
|
||||
##
|
||||
providers:
|
||||
## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
|
||||
## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
|
||||
## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
|
||||
##
|
||||
google:
|
||||
enabled: false
|
||||
clientID: ""
|
||||
clientSecret: ""
|
||||
## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
|
||||
## @param config.providers.github.clientID The GitHub client ID to use.
|
||||
## @param config.providers.github.clientSecret The GitHub client secret to use.
|
||||
##
|
||||
github:
|
||||
enabled: false
|
||||
clientID: ""
|
||||
clientSecret: ""
|
||||
## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
|
||||
## @param config.providers.gitlab.baseURI The GitLab base URI to use.
|
||||
## @param config.providers.gitlab.clientID The GitLab client ID to use.
|
||||
## @param config.providers.gitlab.clientSecret The GitLab client secret to use.
|
||||
##
|
||||
gitlab:
|
||||
enabled: false
|
||||
baseURI: "https://gitlab.com"
|
||||
clientID: ""
|
||||
clientSecret: ""
|
||||
## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
|
||||
## @param config.providers.oidc.baseURI The OpenID Connect base URI to use.
|
||||
## @param config.providers.oidc.clientID The OpenID Connect client ID to use.
|
||||
## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use.
|
||||
## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided.
|
||||
## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided.
|
||||
## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided.
|
||||
## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
|
||||
## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
|
||||
## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
|
||||
## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
|
||||
## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
|
||||
##
|
||||
oidc:
|
||||
enabled: false
|
||||
baseURI: ""
|
||||
clientID: ""
|
||||
clientSecret: ""
|
||||
authURI: ""
|
||||
tokenURI: ""
|
||||
userURI: ""
|
||||
roles: "role1 role2"
|
||||
rolesAttribute: ""
|
||||
scopes: "scope1 scope2"
|
||||
nameAttribute: ""
|
||||
emailAttribute: ""
|
||||
## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
|
||||
## @param config.providers.ldap.host The LDAP host to use.
|
||||
## @param config.providers.ldap.port The LDAP port to use.
|
||||
## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection.
|
||||
## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection.
|
||||
## @param config.providers.ldap.baseDN The LDAP base DN to use.
|
||||
## @param config.providers.ldap.bindDN The LDAP bind DN to use.
|
||||
## @param config.providers.ldap.bindPassword The LDAP bind password to use.
|
||||
## @param config.providers.ldap.userQuery The LDAP user query to use.
|
||||
## @param config.providers.ldap.attributesUsername The LDAP attributes username to use.
|
||||
## @param config.providers.ldap.attributesEmail The LDAP attributes email to use.
|
||||
## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use.
|
||||
## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use.
|
||||
##
|
||||
ldap:
|
||||
enabled: false
|
||||
host: "ldap"
|
||||
port: 10389
|
||||
ssl: false
|
||||
startTLS: false
|
||||
baseDN: "ou=people,dc=planetexpress,dc=com"
|
||||
bindDN: "cn=admin,dc=planetexpress,dc=com"
|
||||
bindPassword: "GoodNewsEveryone"
|
||||
userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"
|
||||
attributesUsername: "uid"
|
||||
attributesEmail: "mail"
|
||||
attributesFullname: "cn"
|
||||
attributesPhoto: "jpegPhoto"
|
||||
## @param config.providers.existingSecret The name of an existing secret to use.
|
||||
## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret.
|
||||
## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret.
|
||||
##
|
||||
existingSecret: ""
|
||||
secretKeys:
|
||||
googleClientIDKey: ""
|
||||
googleClientSecretKey: ""
|
||||
githubClientIDKey: ""
|
||||
githubClientSecretKey: ""
|
||||
gitlabClientIDKey: ""
|
||||
gitlabClientSecretKey: ""
|
||||
oidcClientIDKey: ""
|
||||
oidcClientSecretKey: ""
|
||||
|
||||
########################################
|
||||
## @section Backend parameters
|
||||
########################################
|
||||
|
||||
backend:
|
||||
## @param backend.image.repository The Docker repository to pull the image from.
|
||||
## @param backend.image.tag The image tag to use.
|
||||
## @param backend.image.pullPolicy The image pull policy to use.
|
||||
##
|
||||
image:
|
||||
repository: penpotapp/backend
|
||||
tag: 2.0.3
|
||||
pullPolicy: IfNotPresent
|
||||
## @param backend.replicaCount The number of replicas to deploy.
|
||||
##
|
||||
replicaCount: 1
|
||||
## @param backend.service.http.type The http service type to create.
|
||||
## @param backend.service.http.port The http service port to use.
|
||||
## @param backend.service.prepl.enabled Whether to enable the prepl service in the backend.
|
||||
## @param backend.service.prepl.type The prepl service type to create.
|
||||
## @param backend.service.prepl.port The prepl service port to use.
|
||||
service:
|
||||
http:
|
||||
type: ClusterIP
|
||||
port: 6060
|
||||
prepl:
|
||||
enabled: false
|
||||
type: ClusterIP
|
||||
port: 6063
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context
|
||||
## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context
|
||||
## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
|
||||
## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
|
||||
## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
|
||||
## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
|
||||
## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
## @param backend.affinity Affinity for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
## @param backend.nodeSelector Node labels for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## @param backend.tolerations Tolerations for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
## Penpot backend resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param backend.resources.limits The resources limits for the Penpot backend containers
|
||||
## @param backend.resources.requests The requested resources for the Penpot backend containers
|
||||
##
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
||||
|
||||
########################################
|
||||
## @section Frontend parameters
|
||||
########################################
|
||||
|
||||
frontend:
|
||||
## @param frontend.image.repository The Docker repository to pull the image from.
|
||||
## @param frontend.image.tag The image tag to use.
|
||||
## @param frontend.image.imagePullPolicy The image pull policy to use.
|
||||
##
|
||||
image:
|
||||
repository: penpotapp/frontend
|
||||
tag: 2.0.3
|
||||
pullPolicy: IfNotPresent
|
||||
## @param frontend.replicaCount The number of replicas to deploy.
|
||||
##
|
||||
replicaCount: 1
|
||||
## @param frontend.service.type The service type to create.
|
||||
## @param frontend.service.port The service port to use.
|
||||
##
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 80
|
||||
## @param frontend.affinity Affinity for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
## @param frontend.nodeSelector Node labels for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## @param frontend.tolerations Tolerations for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
## Penpot frontend resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param frontend.resources.limits The resources limits for the Penpot frontend containers
|
||||
## @param frontend.resources.requests The requested resources for the Penpot frontend containers
|
||||
##
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
||||
|
||||
########################################
|
||||
## @section Exporter parameters
|
||||
########################################
|
||||
|
||||
exporter:
|
||||
## @param exporter.image.repository The Docker repository to pull the image from.
|
||||
## @param exporter.image.tag The image tag to use.
|
||||
## @param exporter.image.imagePullPolicy The image pull policy to use.
|
||||
##
|
||||
image:
|
||||
repository: penpotapp/exporter
|
||||
tag: 2.0.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
## @param exporter.replicaCount The number of replicas to deploy. Enable exporter.persistence if you use more than 1 replicaCount
|
||||
##
|
||||
replicaCount: 1
|
||||
## @param exporter.service.type The service type to create.
|
||||
## @param exporter.service.port The service port to use.
|
||||
##
|
||||
service:
|
||||
type: ClusterIP
|
||||
port: 6061
|
||||
|
||||
## @param exporter.persistence.enabled Enable persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it.
|
||||
## @param exporter.persistence.storageClass Persistent Volume storage class. Empty is choosing the default provisioner by the provider.
|
||||
## @param exporter.persistence.size Persistent Volume size.
|
||||
## @param exporter.persistence.existingClaim The name of an existing PVC to use for persistence.
|
||||
## @param exporter.persistence.accessModes Persistent Volume access modes.
|
||||
## @param exporter.persistence.annotations Persistent Volume Claim annotations.
|
||||
##
|
||||
persistence:
|
||||
enabled: false
|
||||
storageClass: ""
|
||||
size: 10Gi
|
||||
existingClaim: ""
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
annotations: {}
|
||||
## Configure Pods Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context
|
||||
## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||||
## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context
|
||||
## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
|
||||
## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
|
||||
## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
|
||||
## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
|
||||
## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
## @param exporter.affinity Affinity for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
## @param exporter.nodeSelector Node labels for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
## @param exporter.tolerations Tolerations for Penpot pods assignment
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
## Penpot exporter resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param exporter.resources.limits The resources limits for the Penpot exporter containers
|
||||
## @param exporter.resources.requests The requested resources for the Penpot exporter containers
|
||||
##
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
||||
|
||||
|
||||
########################################
|
||||
## @section Assets Persistence parameters
|
||||
########################################
|
||||
|
||||
persistence:
|
||||
## @param persistence.enabled Enable persistence using Persistent Volume Claims.
|
||||
##
|
||||
enabled: fals
|
||||
## @param persistence.storageClass Persistent Volume storage class.
|
||||
## If defined, storageClassName: <storageClass>.
|
||||
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
|
||||
##
|
||||
storageClass: ""
|
||||
## @param persistence.size Persistent Volume size.
|
||||
##
|
||||
size: 20Gi
|
||||
## @param persistence.existingClaim The name of an existing PVC to use for persistence.
|
||||
##
|
||||
existingClaim: ""
|
||||
## @param persistence.accessModes Persistent Volume access modes.
|
||||
##
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
## @param persistence.annotations Persistent Volume Claim annotations.
|
||||
##
|
||||
annotations: {}
|
||||
|
||||
|
||||
########################################
|
||||
## @section Ingress parameters
|
||||
########################################
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
className: ""
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
path: "/"
|
||||
hosts:
|
||||
- host: penpot.example.com
|
||||
tls: []
|
||||
# - secretName: penpot.example.com-tls
|
||||
# hosts:
|
||||
# - penpot.example.com
|
||||
|
||||
|
||||
########################################
|
||||
## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
|
||||
########################################
|
||||
|
||||
## @param postgresql.auth.username Name for a custom user to create.
|
||||
## @param postgresql.auth.password Password for the custom user to create.
|
||||
## @param postgresql.auth.database Name for a custom database to create.
|
||||
##
|
||||
postgresql:
|
||||
auth:
|
||||
username: "penpot"
|
||||
password: "penpot"
|
||||
database: "penpot"
|
||||
|
||||
########################################
|
||||
## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
|
||||
########################################
|
||||
|
||||
## @param redis.auth.enabled Whether to enable password authentication.
|
||||
##
|
||||
redis:
|
||||
auth:
|
||||
enabled: false
|
23
devel/kind.config.yml
Normal file
23
devel/kind.config.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
apiVersion: kind.x-k8s.io/v1alpha4
|
||||
kind: Cluster
|
||||
name: penpot-cluster
|
||||
nodes:
|
||||
- role: control-plane
|
||||
kubeadmConfigPatches:
|
||||
- |
|
||||
kind: InitConfiguration
|
||||
nodeRegistration:
|
||||
kubeletExtraArgs:
|
||||
node-labels: "ingress-ready=true"
|
||||
extraPortMappings:
|
||||
- containerPort: 80
|
||||
hostPort: 80
|
||||
protocol: TCP
|
||||
- containerPort: 443
|
||||
hostPort: 443
|
||||
protocol: TCP
|
||||
- role: worker
|
||||
- role: worker
|
||||
- role: worker
|
||||
- role: worker
|
||||
- role: worker
|
4
devel/penpot-namespace.yml
Normal file
4
devel/penpot-namespace.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: penpot
|
27
devel/penpot.values.yaml
Normal file
27
devel/penpot.values.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
## Default values for Penpot (local setup for development purpose)
|
||||
global:
|
||||
postgresqlEnabled: true
|
||||
redisEnabled: true
|
||||
|
||||
config:
|
||||
publicUri: "http://localhost"
|
||||
apiSecretKey: "my-secret-key"
|
||||
|
||||
# backend:
|
||||
# replicaCount: 2
|
||||
|
||||
# frontend:
|
||||
# replicaCount: 2
|
||||
|
||||
# exporter:
|
||||
# replicaCount: 2
|
||||
# persistence:
|
||||
# enabled: true
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
hosts:
|
||||
- "localhost"
|
12
scripts/cluster_create.sh
Executable file
12
scripts/cluster_create.sh
Executable file
|
@ -0,0 +1,12 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
# Create a kind cluster
|
||||
kind create cluster --name penpot-cluster --config devel/kind.config.yml
|
||||
|
||||
# Create a namespace for Penpot
|
||||
kubectl apply -f devel/penpot-namespace.yml
|
||||
kubectl config set-context penpot --namespace=penpot --cluster=kind-penpot-cluster --user=kind-penpot-cluster
|
||||
kubectl config use-context penpot
|
||||
|
||||
# Setup ingress
|
||||
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
|
3
scripts/cluster_delete.sh
Executable file
3
scripts/cluster_delete.sh
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/usr/bin/bash
|
||||
|
||||
kind delete clusters penpot-cluster
|
Loading…
Reference in a new issue