0
Fork 0
mirror of https://github.com/penpot/penpot-helm.git synced 2025-01-21 22:22:36 -05:00
penpot-helm/charts/penpot
2024-07-24 13:21:02 +02:00
..
charts 👶 initial code 2024-07-04 16:59:22 +02:00
templates feat: make pod labels customizable 2024-07-10 15:24:35 +02:00
.helmignore chore(docs): use pre-commit and helm-doc to generate documentation 2024-07-05 14:20:17 +02:00
Chart.lock 👶 initial code 2024-07-04 16:59:22 +02:00
Chart.yaml feat: upgrade app version to 2.1.0 2024-07-24 13:21:02 +02:00
README.md feat: upgrade app version to 2.1.0 2024-07-24 13:21:02 +02:00
README.md.gotmpl chore(docs): use pre-commit and helm-doc to generate documentation 2024-07-05 14:20:17 +02:00
values.yaml feat: upgrade app version to 2.1.0 2024-07-24 13:21:02 +02:00

penpot

Version: 0.1.0-alpha-001 AppVersion: 2.1.0 Type: application

Helm chart for Penpot, the Open Source design and prototyping platform.

Installing the Chart

To install the chart with the release name my-release:

$ helm repo add penpot http://helm.penpot.app
$ helm install my-release penpot/penpot

Values

Backend parameters

Key Type Default Description
backend.affinity object {} Affinity for Penpot pods assignment. Check the official doc
backend.containerSecurityContext object {"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"enabled":true,"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001} Configure Container Security Context. Check the official doc
backend.containerSecurityContext.allowPrivilegeEscalation bool false Set Penpot containers' security context allowPrivilegeEscalation
backend.containerSecurityContext.capabilities object {"drop":["all"]} Set Penpot containers' security context capabilities to be dropped
backend.containerSecurityContext.enabled bool true Enabled Penpot containers' security context
backend.containerSecurityContext.readOnlyRootFilesystem bool false Set Penpot containers' security context readOnlyRootFilesystem
backend.containerSecurityContext.runAsNonRoot bool true Set Penpot container's security context runAsNonRoot
backend.containerSecurityContext.runAsUser int 1001 Set Penpot containers' security context runAsUser
backend.deploymentAnnotations object {} An optional map of annotations to be applied to the controller Deployment
backend.image.pullPolicy string "IfNotPresent" The image pull policy to use.
backend.image.repository string "penpotapp/backend" The Docker repository to pull the image from.
backend.image.tag string "2.1.0" The image tag to use.
backend.nodeSelector object {} Node labels for Penpot pods assignment. Check the official doc
backend.podAnnotations object {} An optional map of annotations to be applied to the controller Pods
backend.podLabels object {} An optional map of labels to be applied to the controller Pods
backend.podSecurityContext object {"enabled":true,"fsGroup":1001} Configure Pods Security Context. Check the official doc
backend.podSecurityContext.enabled bool true Enabled Penpot pods' security context
backend.podSecurityContext.fsGroup int 1001 Set Penpot pod's security context fsGroup
backend.replicaCount int 1 The number of replicas to deploy.
backend.resources object {"limits":{},"requests":{}} Penpot backend resource requests and limits. Check the official doc
backend.resources.limits object {} The resources limits for the Penpot backend containers
backend.resources.requests object {} The requested resources for the Penpot backend containers
backend.service.port int 6060 The http service port to use.
backend.service.type string "ClusterIP" The http service type to create.
backend.tolerations list [] Tolerations for Penpot pods assignment. Check the official doc

Configuration parameters

Key Type Default Description
config.apiSecretKey string "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg" A random secret key needed for persistent user sessions. Generate with python3 -c "import secrets; print(secrets.token_urlsafe(64))" for example.
config.assets.filesystem.directory string "/opt/data/assets" The storage directory to use if you chose the filesystem storage backend.
config.assets.s3.accessKeyID string "" The S3 access key ID to use if you chose the S3 storage backend.
config.assets.s3.bucket string "" The name of the S3 bucket to use if you chose the S3 storage backend.
config.assets.s3.endpointURI string "" The S3 endpoint URI to use if you chose the S3 storage backend.
config.assets.s3.existingSecret string "" The name of an existing secret.
config.assets.s3.region string "" The S3 region to use if you chose the S3 storage backend.
config.assets.s3.secretAccessKey string "" The S3 secret access key to use if you chose the S3 storage backend.
config.assets.s3.secretKeys.accessKeyIDKey string "" The S3 access key ID to use from an existing secret.
config.assets.s3.secretKeys.endpointURIKey string "" The S3 endpoint URI to use from an existing secret.
config.assets.s3.secretKeys.secretAccessKey string "" The S3 secret access key to use from an existing secret.
config.assets.storageBackend string "assets-fs" The storage backend for assets to use. Use assets-fs for filesystem, and assets-s3 for S3.
config.flags string "enable-registration enable-login-with-password disable-email-verification enable-smtp" The feature flags to enable. Check the official docs for more info.
config.postgresql.database string "penpot" The PostgreSQL database to use.
config.postgresql.existingSecret string "" The name of an existing secret.
config.postgresql.host string "" The PostgreSQL host to connect to. Empty to use dependencies.
config.postgresql.password string "penpot" The database password to use.
config.postgresql.port int 5432 The PostgreSQL host port to use.
config.postgresql.secretKeys.passwordKey string "" The password key to use from an existing secret.
config.postgresql.secretKeys.usernameKey string "" The username key to use from an existing secret.
config.postgresql.username string "penpot" The database username to use.
config.providers object `{"existingSecret":"","github":{"clientID":"","clientSecret":"","enabled":false},"gitlab":{"baseURI":"https://gitlab.com","clientID":"","clientSecret":"","enabled":false},"google":{"clientID":"","clientSecret":"","enabled":false},"ldap":{"attributesEmail":"mail","attributesFullname":"cn","attributesPhoto":"jpegPhoto","attributesUsername":"uid","baseDN":"ou=people,dc=planetexpress,dc=com","bindDN":"cn=admin,dc=planetexpress,dc=com","bindPassword":"GoodNewsEveryone","enabled":false,"host":"ldap","port":10389,"ssl":false,"startTLS":false,"userQuery":"(&( (uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"},"oidc":{"authURI":"","baseURI":"","clientID":"","clientSecret":"","emailAttribute":"","enabled":false,"nameAttribute":"","roles":"role1 role2","rolesAttribute":"","scopes":"scope1 scope2","tokenURI":"","userURI":""},"secretKeys":{"githubClientIDKey":"","githubClientSecretKey":"","gitlabClientIDKey":"","gitlabClientSecretKey":"","googleClientIDKey":"","googleClientSecretKey":"","oidcClientIDKey":"","oidcClientSecretKey":""}}`
config.providers.existingSecret string "" The name of an existing secret to use.
config.providers.github.clientID string "" The GitHub client ID to use.
config.providers.github.clientSecret string "" The GitHub client secret to use.
config.providers.github.enabled bool false Whether to enable GitHub configuration. To enable GitHub auth, also add enable-login-with-github to the flags.
config.providers.gitlab.baseURI string "https://gitlab.com" The GitLab base URI to use.
config.providers.gitlab.clientID string "" The GitLab client ID to use.
config.providers.gitlab.clientSecret string "" The GitLab client secret to use.
config.providers.gitlab.enabled bool false Whether to enable GitLab configuration. To enable GitLab auth, also add enable-login-with-gitlab to the flags.
config.providers.google.clientID string "" The Google client ID to use. To enable Google auth, add enable-login-with-google to the flags.
config.providers.google.clientSecret string "" The Google client secret to use. To enable Google auth, add enable-login-with-google to the flags.
config.providers.google.enabled bool false Whether to enable Google configuration. To enable Google auth, add enable-login-with-google to the flags.
config.providers.ldap.attributesEmail string "mail" The LDAP attributes email to use.
config.providers.ldap.attributesFullname string "cn" The LDAP attributes fullname to use.
config.providers.ldap.attributesPhoto string "jpegPhoto" The LDAP attributes photo format to use.
config.providers.ldap.attributesUsername string "uid" The LDAP attributes username to use.
config.providers.ldap.baseDN string "ou=people,dc=planetexpress,dc=com" The LDAP base DN to use.
config.providers.ldap.bindDN string "cn=admin,dc=planetexpress,dc=com" The LDAP bind DN to use.
config.providers.ldap.bindPassword string "GoodNewsEveryone" The LDAP bind password to use.
config.providers.ldap.enabled bool false Whether to enable LDAP configuration. To enable LDAP, also add enable-login-with-ldap to the flags.
config.providers.ldap.host string "ldap" The LDAP host to use.
config.providers.ldap.port int 10389 The LDAP port to use.
config.providers.ldap.ssl bool false Whether to use SSL for the LDAP connection.
config.providers.ldap.startTLS bool false Whether to utilize StartTLS for the LDAP connection.
config.providers.ldap.userQuery string `"(&( (uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"`
config.providers.oidc.authURI string "" Optional OpenID Connect auth URI to use. Auto discovered if not provided.
config.providers.oidc.baseURI string "" The OpenID Connect base URI to use.
config.providers.oidc.clientID string "" The OpenID Connect client ID to use.
config.providers.oidc.clientSecret string "" The OpenID Connect client secret to use.
config.providers.oidc.emailAttribute string "" Optional OpenID Connect email attribute to use. If not provided, the email prop will be used.
config.providers.oidc.enabled bool false Whether to enable OIDC configuration. To enable OpenID Connect auth, also add enable-login-with-oidc to the flags.
config.providers.oidc.nameAttribute string "" Optional OpenID Connect name attribute to use. If not provided, the name prop will be used.
config.providers.oidc.roles string "role1 role2" Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
config.providers.oidc.rolesAttribute string "" Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
config.providers.oidc.scopes string "scope1 scope2" Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least name and email attrs found on the user info. Optional, defaults to openid profile.
config.providers.oidc.tokenURI string "" Optional OpenID Connect token URI to use. Auto discovered if not provided.
config.providers.oidc.userURI string "" Optional OpenID Connect user URI to use. Auto discovered if not provided.
config.providers.secretKeys.githubClientIDKey string "" The GitHub client ID key to use from an existing secret.
config.providers.secretKeys.githubClientSecretKey string "" The GitHub client secret key to use from an existing secret.
config.providers.secretKeys.gitlabClientIDKey string "" The GitLab client ID key to use from an existing secret.
config.providers.secretKeys.gitlabClientSecretKey string "" The GitLab client secret key to use from an existing secret.
config.providers.secretKeys.googleClientIDKey string "" The Google client ID key to use from an existing secret.
config.providers.secretKeys.googleClientSecretKey string "" The Google client secret key to use from an existing secret.
config.providers.secretKeys.oidcClientIDKey string "" The OpenID Connect client ID key to use from an existing secret.
config.providers.secretKeys.oidcClientSecretKey string "" The OpenID Connect client secret key to use from an existing secret.
config.publicUri string "http://penpot.example.com" The public domain to serve Penpot on. IMPORTANT: Set disable-secure-session-cookies in the flags if you plan on serving it on a non HTTPS domain.
config.redis.database string "0" The Redis database to connect to.
config.redis.host string "" The Redis host to connect to. Empty to use dependencies
config.redis.port int 6379 The Redis host port to use.
config.registrationDomainWhitelist string "" Comma separated list of allowed domains to register. Empty to allow all domains.
config.smtp.defaultFrom string "" The SMTP default email to send from.
config.smtp.defaultReplyTo string "" The SMTP default email to reply to.
config.smtp.enabled bool false Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
config.smtp.existingSecret string "" The name of an existing secret.
config.smtp.host string "" The SMTP host to use.
config.smtp.password string "" The SMTP password to use.
config.smtp.port string "" The SMTP host port to use.
config.smtp.secretKeys.passwordKey string "" The SMTP password to use from an existing secret.
config.smtp.secretKeys.usernameKey string "" The SMTP username to use from an existing secret.
config.smtp.ssl bool false Whether to use SSL for the SMTP connection.
config.smtp.tls bool true Whether to use TLS for the SMTP connection.
config.smtp.username string "" The SMTP username to use.
config.telemetryEnabled bool true Whether to enable sending of anonymous telemetry data.

Exporter parameters

Key Type Default Description
exporter.affinity object {} Affinity for Penpot pods assignment. Check the official doc
exporter.containerSecurityContext object {"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"enabled":true,"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001} Configure Container Security Context. Check the official doc
exporter.containerSecurityContext.allowPrivilegeEscalation bool false Set Penpot containers' security context allowPrivilegeEscalation
exporter.containerSecurityContext.capabilities object {"drop":["all"]} Set Penpot containers' security context capabilities to be dropped
exporter.containerSecurityContext.enabled bool true Enabled Penpot containers' security context
exporter.containerSecurityContext.readOnlyRootFilesystem bool false Set Penpot containers' security context readOnlyRootFilesystem
exporter.containerSecurityContext.runAsNonRoot bool true Set Penpot container's security context runAsNonRoot
exporter.containerSecurityContext.runAsUser int 1001 Set Penpot containers' security context runAsUser
exporter.deploymentAnnotations object {} An optional map of annotations to be applied to the controller Deployment
exporter.image.imagePullPolicy string "IfNotPresent" The image pull policy to use.
exporter.image.repository string "penpotapp/exporter" The Docker repository to pull the image from.
exporter.image.tag string "2.1.0" The image tag to use.
exporter.nodeSelector object {} Node labels for Penpot pods assignment. Check the official doc
exporter.podAnnotations object {} An optional map of annotations to be applied to the controller Pods
exporter.podLabels object {} An optional map of labels to be applied to the controller Pods
exporter.podSecurityContext object {"enabled":true,"fsGroup":1001} Configure Pods Security Context. Check the official doc
exporter.podSecurityContext.enabled bool true Enabled Penpot pods' security context
exporter.podSecurityContext.fsGroup int 1001 Set Penpot pod's security context fsGroup
exporter.replicaCount int 1 The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount
exporter.resources object {"limits":{},"requests":{}} Penpot frontend resource requests and limits. Check the official doc
exporter.resources.limits object {} The resources limits for the Penpot frontend containers
exporter.resources.requests object {} The requested resources for the Penpot frontend containers
exporter.service.port int 6061 The service port to use.
exporter.service.type string "ClusterIP" The service type to create.
exporter.tolerations list [] Tolerations for Penpot pods assignment. Check the official doc

Frontend parameters

Key Type Default Description
frontend.affinity object {} Affinity for Penpot pods assignment. Check the official doc
frontend.deploymentAnnotations object {} An optional map of annotations to be applied to the controller Deployment
frontend.image.pullPolicy string "IfNotPresent" The image pull policy to use.
frontend.image.repository string "penpotapp/frontend" The Docker repository to pull the image from.
frontend.image.tag string "2.1.0" The image tag to use.
frontend.nodeSelector object {} Node labels for Penpot pods assignment. Check the official doc
frontend.podAnnotations object {} An optional map of annotations to be applied to the controller Pods
frontend.podLabels object {} An optional map of labels to be applied to the controller Pods
frontend.replicaCount int 1 The number of replicas to deploy.
frontend.resources object {"limits":{},"requests":{}} Penpot frontend resource requests and limits. Check the official doc
frontend.resources.limits object {} The resources limits for the Penpot frontend containers
frontend.resources.requests object {} The requested resources for the Penpot frontend containers
frontend.service.port int 80 The service port to use.
frontend.service.type string "ClusterIP" The service type to create.
frontend.tolerations list [] Tolerations for Penpot pods assignment. Check the official doc

Common parameters

Key Type Default Description
fullnameOverride string "" To fully override common.names.fullname
nameOverride string "" To partially override common.names.fullname
serviceAccount.annotations object {} Annotations for service account. Evaluated as a template.
serviceAccount.enabled bool true Specifies whether a ServiceAccount should be created.
serviceAccount.name string "penpot" The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.

Global parameters

Key Type Default Description
global.imagePullSecrets list [] Global Docker registry secret names. E.g. imagePullSecrets: - myRegistryKeySecretName
global.postgresqlEnabled bool false Whether to deploy the Bitnami PostgreSQL chart as subchart. Check the official chart for configuration.
global.redisEnabled bool false Whether to deploy the Bitnami Redis chart as subchart. Check the official chart for configuration.

Ingress parameters

Key Type Default Description
ingress.annotations object {} Mapped annotations for the ingress crontroller. E.g. annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true"
ingress.className string "" The Ingress className.
ingress.enabled bool false Enable (frontend) Ingress Controller.
ingress.hosts list [{"host":"penpot.example.com"}] Array style hosts for the (frontend) ingress crontroller.
ingress.hosts[0] object {"host":"penpot.example.com"} The default external hostname to access to the penpot app.
ingress.path string "/" Root path for every hosts.
ingress.tls list [] Array style TLS secrets for the (frontend) ingress crontroller. E.g. tls: - secretName: penpot.example.com-tls hosts: - penpot.example.com

Persistence parameters

Key Type Default Description
persistence.assets.accessModes list ["ReadWriteOnce"] Assets persistent Volume access modes.
persistence.assets.annotations object {} Assetsp ersistent Volume Claim annotations.
persistence.assets.enabled string "fals" Enable assets persistence using Persistent Volume Claims.
persistence.assets.existingClaim string "" The name of an existing PVC to use for assets persistence.
persistence.assets.size string "20Gi" Assets persistent Volume size.
persistence.assets.storageClass string "" Assets persistent Volume storage class. If defined, storageClassName: . If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
persistence.exporter.accessModes list ["ReadWriteOnce"] Exporter persistent Volume access modes.
persistence.exporter.annotations object {} Exporter persistent Volume Claim annotations.
persistence.exporter.enabled bool false Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it.
persistence.exporter.existingClaim string "" The name of an existing PVC to use for persistence.
persistence.exporter.size string "10Gi" Exporter persistent Volume size.
persistence.exporter.storageClass string "" Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider.

PostgreSQL Dependencie parameters

Key Type Default Description
postgresql object {"auth":{"database":"penpot","password":"penpot","username":"penpot"}} PostgreSQL configuration (Check for more parameters here)
postgresql.auth.database string "penpot" Name for a custom database to create.
postgresql.auth.password string "penpot" Password for the custom user to create.
postgresql.auth.username string "penpot" Name for a custom user to create.

Redis Dependencie parameters

Key Type Default Description
redis object {"auth":{"enabled":false}} Redis configuration (Check for more parameters here)
redis.auth.enabled bool false Whether to enable password authentication.