0
Fork 0
mirror of https://github.com/penpot/penpot-helm.git synced 2024-12-22 13:43:01 -05:00
penpot-helm/charts/penpot/README.md
2024-10-18 18:39:35 +02:00

28 KiB
Raw Blame History

penpot

Version: 0.4.0 AppVersion: 2.1.4 Type: application

Helm chart for Penpot, the Open Source design and prototyping platform.

What is Penpot

Penpot is the first open-source design tool for design and code collaboration. Designers can create stunning designs, interactive prototypes, design systems at scale, while developers enjoy ready-to-use code and make their workflow easy and fast. And all of this with no handoff drama.

Penpot is available on browser and self host. Its web-based and works with open standards (SVG, CSS and HTML). And last but not least, its free!

Installing the Chart

To install the chart with the release name my-release:

$ helm repo add penpot http://helm.penpot.app
$ helm install my-release penpot/penpot

You can customize the installation specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

helm install my-release \
  --set global.postgresqlEnabled=true \
  --set global.redisEnabled=true \
  --set persistence.assets.enabled=true \
  penpot/penpot

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,

helm install my-release -f values.yaml penpot/penpot

Tip: You can use the default values.yaml

Parameters

Global

Key Type Default Description
global.imagePullSecrets list [] Global Docker registry secret names. E.g. imagePullSecrets: - myRegistryKeySecretName
global.postgresqlEnabled bool false Whether to deploy the Bitnami PostgreSQL chart as subchart. Check the official chart for configuration.
global.redisEnabled bool false Whether to deploy the Bitnami Redis chart as subchart. Check the official chart for configuration.

General

Key Type Default Description
fullnameOverride string "" To fully override common.names.fullname
nameOverride string "" To partially override common.names.fullname
serviceAccount.annotations object {} Annotations for service account. Evaluated as a template.
serviceAccount.enabled bool true Specifies whether a ServiceAccount should be created.
serviceAccount.name string "penpot" The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.

Penpot Configuration

Key Type Default Description
config.apiSecretKey string "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg" A random secret key needed for persistent user sessions. Generate with python3 -c "import secrets; print(secrets.token_urlsafe(64))" for example.
config.assets.filesystem.directory string "/opt/data/assets" The storage directory to use if you chose the filesystem storage backend.
config.assets.s3.accessKeyID string "" The S3 access key ID to use if you chose the S3 storage backend.
config.assets.s3.bucket string "" The name of the S3 bucket to use if you chose the S3 storage backend.
config.assets.s3.endpointURI string "" The S3 endpoint URI to use if you chose the S3 storage backend.
config.assets.s3.existingSecret string "" The name of an existing secret.
config.assets.s3.region string "" The S3 region to use if you chose the S3 storage backend.
config.assets.s3.secretAccessKey string "" The S3 secret access key to use if you chose the S3 storage backend.
config.assets.s3.secretKeys.accessKeyIDKey string "" The S3 access key ID to use from an existing secret.
config.assets.s3.secretKeys.endpointURIKey string "" The S3 endpoint URI to use from an existing secret.
config.assets.s3.secretKeys.secretAccessKey string "" The S3 secret access key to use from an existing secret.
config.assets.storageBackend string "assets-fs" The storage backend for assets to use. Use assets-fs for filesystem, and assets-s3 for S3.
config.flags string "enable-registration enable-login-with-password disable-email-verification enable-smtp" The feature flags to enable. Check the official docs for more info.
config.postgresql.database string "penpot" The PostgreSQL database to use.
config.postgresql.existingSecret string "" The name of an existing secret.
config.postgresql.host string "" The PostgreSQL host to connect to. Empty to use dependencies.
config.postgresql.password string "penpot" The database password to use.
config.postgresql.port int 5432 The PostgreSQL host port to use.
config.postgresql.secretKeys.passwordKey string "" The password key to use from an existing secret.
config.postgresql.secretKeys.usernameKey string "" The username key to use from an existing secret.
config.postgresql.username string "penpot" The database username to use.
config.providers.existingSecret string "" The name of an existing secret to use.
config.providers.github.clientID string "" The GitHub client ID to use.
config.providers.github.clientSecret string "" The GitHub client secret to use.
config.providers.github.enabled bool false Whether to enable GitHub configuration. To enable GitHub auth, also add enable-login-with-github to the flags.
config.providers.gitlab.baseURI string "https://gitlab.com" The GitLab base URI to use.
config.providers.gitlab.clientID string "" The GitLab client ID to use.
config.providers.gitlab.clientSecret string "" The GitLab client secret to use.
config.providers.gitlab.enabled bool false Whether to enable GitLab configuration. To enable GitLab auth, also add enable-login-with-gitlab to the flags.
config.providers.google.clientID string "" The Google client ID to use. To enable Google auth, add enable-login-with-google to the flags.
config.providers.google.clientSecret string "" The Google client secret to use. To enable Google auth, add enable-login-with-google to the flags.
config.providers.google.enabled bool false Whether to enable Google configuration. To enable Google auth, add enable-login-with-google to the flags.
config.providers.ldap.attributesEmail string "mail" The LDAP attributes email to use.
config.providers.ldap.attributesFullname string "cn" The LDAP attributes fullname to use.
config.providers.ldap.attributesPhoto string "jpegPhoto" The LDAP attributes photo format to use.
config.providers.ldap.attributesUsername string "uid" The LDAP attributes username to use.
config.providers.ldap.baseDN string "ou=people,dc=planetexpress,dc=com" The LDAP base DN to use.
config.providers.ldap.bindDN string "cn=admin,dc=planetexpress,dc=com" The LDAP bind DN to use.
config.providers.ldap.bindPassword string "GoodNewsEveryone" The LDAP bind password to use.
config.providers.ldap.enabled bool false Whether to enable LDAP configuration. To enable LDAP, also add enable-login-with-ldap to the flags.
config.providers.ldap.host string "ldap" The LDAP host to use.
config.providers.ldap.port int 10389 The LDAP port to use.
config.providers.ldap.ssl bool false Whether to use SSL for the LDAP connection.
config.providers.ldap.startTLS bool false Whether to utilize StartTLS for the LDAP connection.
config.providers.ldap.userQuery string `"(&( (uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"`
config.providers.oidc.authURI string "" Optional OpenID Connect auth URI to use. Auto discovered if not provided.
config.providers.oidc.baseURI string "" The OpenID Connect base URI to use.
config.providers.oidc.clientID string "" The OpenID Connect client ID to use.
config.providers.oidc.clientSecret string "" The OpenID Connect client secret to use.
config.providers.oidc.emailAttribute string "" Optional OpenID Connect email attribute to use. If not provided, the email prop will be used.
config.providers.oidc.enabled bool false Whether to enable OIDC configuration. To enable OpenID Connect auth, also add enable-login-with-oidc to the flags.
config.providers.oidc.nameAttribute string "" Optional OpenID Connect name attribute to use. If not provided, the name prop will be used.
config.providers.oidc.roles string "role1 role2" Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
config.providers.oidc.rolesAttribute string "" Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
config.providers.oidc.scopes string "scope1 scope2" Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least name and email attrs found on the user info. Optional, defaults to openid profile.
config.providers.oidc.tokenURI string "" Optional OpenID Connect token URI to use. Auto discovered if not provided.
config.providers.oidc.userURI string "" Optional OpenID Connect user URI to use. Auto discovered if not provided.
config.providers.secretKeys.githubClientIDKey string "" The GitHub client ID key to use from an existing secret.
config.providers.secretKeys.githubClientSecretKey string "" The GitHub client secret key to use from an existing secret.
config.providers.secretKeys.gitlabClientIDKey string "" The GitLab client ID key to use from an existing secret.
config.providers.secretKeys.gitlabClientSecretKey string "" The GitLab client secret key to use from an existing secret.
config.providers.secretKeys.googleClientIDKey string "" The Google client ID key to use from an existing secret.
config.providers.secretKeys.googleClientSecretKey string "" The Google client secret key to use from an existing secret.
config.providers.secretKeys.oidcClientIDKey string "" The OpenID Connect client ID key to use from an existing secret.
config.providers.secretKeys.oidcClientSecretKey string "" The OpenID Connect client secret key to use from an existing secret.
config.publicUri string "http://penpot.example.com" The public domain to serve Penpot on. IMPORTANT: Set disable-secure-session-cookies in the flags if you plan on serving it on a non HTTPS domain.
config.redis.database string "0" The Redis database to connect to.
config.redis.host string "" The Redis host to connect to. Empty to use dependencies
config.redis.port int 6379 The Redis host port to use.
config.registrationDomainWhitelist string "" Comma separated list of allowed domains to register. Empty to allow all domains.
config.smtp.defaultFrom string "" The SMTP default email to send from.
config.smtp.defaultReplyTo string "" The SMTP default email to reply to.
config.smtp.enabled bool false Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
config.smtp.existingSecret string "" The name of an existing secret.
config.smtp.host string "" The SMTP host to use.
config.smtp.password string "" The SMTP password to use.
config.smtp.port string "" The SMTP host port to use.
config.smtp.secretKeys.passwordKey string "" The SMTP password to use from an existing secret.
config.smtp.secretKeys.usernameKey string "" The SMTP username to use from an existing secret.
config.smtp.ssl bool false Whether to use SSL for the SMTP connection.
config.smtp.tls bool true Whether to use TLS for the SMTP connection.
config.smtp.username string "" The SMTP username to use.
config.telemetryEnabled bool true Whether to enable sending of anonymous telemetry data.

Penpot backend

Key Type Default Description
backend.affinity object {} Affinity for Penpot pods assignment. Check the official doc
backend.containerSecurityContext object {"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001} Configure Container Security Context. Check the official doc
backend.deploymentAnnotations object {} An optional map of annotations to be applied to the controller Deployment
backend.image.pullPolicy string "IfNotPresent" The image pull policy to use.
backend.image.repository string "penpotapp/backend" The Docker repository to pull the image from.
backend.image.tag string "2.1.4" The image tag to use.
backend.nodeSelector object {} Node labels for Penpot pods assignment. Check the official doc
backend.pdb object {"enabled":false,"maxUnavailable":null,"minAvailable":null} Configure Pod Disruption Budget for the backend pods. Check the official doc
backend.pdb.enabled bool false Enable Pod Disruption Budget for the backend pods.
backend.pdb.maxUnavailable int,string nil The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%").
backend.pdb.minAvailable int,string nil The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%").
backend.podAnnotations object {} An optional map of annotations to be applied to the controller Pods
backend.podLabels object {} An optional map of labels to be applied to the controller Pods
backend.podSecurityContext object {"fsGroup":1001} Configure Pods Security Context. Check the official doc
backend.replicaCount int 1 The number of replicas to deploy.
backend.resources object {"limits":{},"requests":{}} Penpot backend resource requests and limits. Check the official doc
backend.resources.limits object {} The resources limits for the Penpot backend containers
backend.resources.requests object {} The requested resources for the Penpot backend containers
backend.service.port int 6060 The http service port to use.
backend.service.type string "ClusterIP" The http service type to create.
backend.tolerations list [] Tolerations for Penpot pods assignment. Check the official doc

Penpot Frontend

Key Type Default Description
frontend.affinity object {} Affinity for Penpot pods assignment. Check the official doc
frontend.containerSecurityContext object {"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001} Configure Container Security Context. Check the official doc
frontend.deploymentAnnotations object {} An optional map of annotations to be applied to the controller Deployment
frontend.image.pullPolicy string "IfNotPresent" The image pull policy to use.
frontend.image.repository string "bameda00/test-p" The Docker repository to pull the image from.
frontend.image.tag string "latest" The image tag to use.
frontend.nodeSelector object {} Node labels for Penpot pods assignment. Check the official doc
frontend.pdb object {"enabled":false,"maxUnavailable":null,"minAvailable":null} Configure Pod Disruption Budget for the frontend pods. Check the official doc
frontend.pdb.enabled bool false Enable Pod Disruption Budget for the frontend pods.
frontend.pdb.maxUnavailable int,string nil The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%").
frontend.pdb.minAvailable int,string nil The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%").
frontend.podAnnotations object {} An optional map of annotations to be applied to the controller Pods
frontend.podLabels object {} An optional map of labels to be applied to the controller Pods
frontend.podSecurityContext object {"fsGroup":1001} Configure Pods Security Context. Check the official doc
frontend.replicaCount int 1 The number of replicas to deploy.
frontend.resources object {"limits":{},"requests":{}} Penpot frontend resource requests and limits. Check the official doc
frontend.resources.limits object {} The resources limits for the Penpot frontend containers
frontend.resources.requests object {} The requested resources for the Penpot frontend containers
frontend.service.port int 8080 The service port to use.
frontend.service.type string "ClusterIP" The service type to create.
frontend.tolerations list [] Tolerations for Penpot pods assignment. Check the official doc

Penpot exporter

Key Type Default Description
exporter.affinity object {} Affinity for Penpot pods assignment. Check the official doc
exporter.containerSecurityContext object {"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001} Configure Container Security Context. Check the official doc
exporter.deploymentAnnotations object {} An optional map of annotations to be applied to the controller Deployment
exporter.image.imagePullPolicy string "IfNotPresent" The image pull policy to use.
exporter.image.repository string "penpotapp/exporter" The Docker repository to pull the image from.
exporter.image.tag string "2.1.4" The image tag to use.
exporter.nodeSelector object {} Node labels for Penpot pods assignment. Check the official doc
exporter.pdb object {"enabled":false,"maxUnavailable":null,"minAvailable":null} Configure Pod Disruption Budget for the exporter pods. Check the official doc
exporter.pdb.enabled bool false Enable Pod Disruption Budget for the exporter pods.
exporter.pdb.maxUnavailable int,string nil The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%").
exporter.pdb.minAvailable int,string nil The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%").
exporter.podAnnotations object {} An optional map of annotations to be applied to the controller Pods
exporter.podLabels object {} An optional map of labels to be applied to the controller Pods
exporter.podSecurityContext object {"fsGroup":1001} Configure Pods Security Context. Check the official doc
exporter.replicaCount int 1 The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount
exporter.resources object {"limits":{},"requests":{}} Penpot frontend resource requests and limits. Check the official doc
exporter.resources.limits object {} The resources limits for the Penpot frontend containers
exporter.resources.requests object {} The requested resources for the Penpot frontend containers
exporter.service.port int 6061 The service port to use.
exporter.service.type string "ClusterIP" The service type to create.
exporter.tolerations list [] Tolerations for Penpot pods assignment. Check the official doc

Persistence

Key Type Default Description
persistence.assets.accessModes list ["ReadWriteOnce"] Assets persistent Volume access modes.
persistence.assets.annotations object {} Assetsp ersistent Volume Claim annotations.
persistence.assets.enabled bool false Enable assets persistence using Persistent Volume Claims.
persistence.assets.existingClaim string "" The name of an existing PVC to use for assets persistence.
persistence.assets.size string "20Gi" Assets persistent Volume size.
persistence.assets.storageClass string "" Assets persistent Volume storage class. If defined, storageClassName: . If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
persistence.exporter.accessModes list ["ReadWriteOnce"] Exporter persistent Volume access modes.
persistence.exporter.annotations object {} Exporter persistent Volume Claim annotations.
persistence.exporter.enabled bool false Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it.
persistence.exporter.existingClaim string "" The name of an existing PVC to use for persistence.
persistence.exporter.size string "10Gi" Exporter persistent Volume size.
persistence.exporter.storageClass string "" Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider.

Ingress

Key Type Default Description
ingress.annotations object {} Mapped annotations for the ingress crontroller. E.g. annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true"
ingress.className string "" The Ingress className.
ingress.enabled bool false Enable (frontend) Ingress Controller.
ingress.hosts list ["penpot.example.com"] Array style hosts for the (frontend) ingress crontroller.
ingress.hosts[0] string "penpot.example.com" The default external hostname to access to the penpot app.
ingress.path string "/" Root path for every hosts.
ingress.tls list [] Array style TLS secrets for the (frontend) ingress crontroller. E.g. tls: - secretName: penpot.example.com-tls hosts: - penpot.example.com

Reute (for OpenShift Container Platform)

Key Type Default Description
route.annotations object {} An optional map of annotations to be applied to the route.
route.enabled bool false Enable Openshift/OKD Route. Check the official doc. When it is enabled, all fsGroup and runAsUser must be changed to null.
route.host string "penpot.example.com" The default external hostname to access to the penpot app.
route.path string nil Define a path to use Path-based routes.
route.tls object {} A Map with TLS configuration for the route. E.g. tls: terminationType: edge terminationPolicy: Redirect
route.wildcardPolicy string "None" Define the wildcard policy (None, Subdomain, ...)

PostgreSQL

Key Type Default Description
postgresql.auth.database string "penpot" Name for a custom database to create.
postgresql.auth.password string "penpot" Password for the custom user to create.
postgresql.auth.username string "penpot" Name for a custom user to create.
postgresql.global.compatibility.openshift.adaptSecurityContext string "auto" Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)

NOTE: You can use more parameters according to the PostgreSQL oficial documentation.

Redis

Key Type Default Description
redis.auth.enabled bool false Whether to enable password authentication.
redis.global.compatibility.openshift.adaptSecurityContext string "auto" Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)

NOTE: You can use more parameters according to the Redis oficial documentation.

Resources

You can ask and answer questions, have open-ended conversations, and follow along on decisions affecting the project.

💾 Documentation

🚀 Getting Started

✏️ Tutorials

🏘️ Architecture

📚 Dev Diaries

License

This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.

Copyright (c) KALEIDOS INC

Penpot is a Kaleidos open source project