0
Fork 0
mirror of https://github.com/penpot/penpot-helm.git synced 2025-01-03 05:10:09 -05:00
penpot-helm/charts/penpot/values.yaml
2024-11-14 18:35:25 +01:00

622 lines
26 KiB
YAML

# yaml-language-server: $schema=values.schema.json
## Default values for Penpot
global:
# -- Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
# @section -- Global parameters
postgresqlEnabled: false
# -- Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
# @section -- Global parameters
redisEnabled: false
# -- Global Docker registry secret names.
# E.g.
# imagePullSecrets:
# - myRegistryKeySecretName
# @section -- Global parameters
imagePullSecrets: []
# -- To partially override common.names.fullname
# @section -- Common parameters
nameOverride: ""
# -- To fully override common.names.fullname
# @section -- Common parameters
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a ServiceAccount should be created.
# @section -- Common parameters
enabled: true
# -- Annotations for service account. Evaluated as a template.
# @section -- Common parameters
annotations: {}
# -- The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
# @section -- Common parameters
name: "penpot"
config:
# -- The public domain to serve Penpot on.
# **IMPORTANT:** Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
# @section -- Configuration parameters
publicUri: "http://penpot.example.com"
# -- The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
# @section -- Configuration parameters
flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-feature-plugins"
# -- A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example.
# @section -- Configuration parameters
apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"
# -- Comma separated list of allowed domains to register. Empty to allow all domains.
# @section -- Configuration parameters
registrationDomainWhitelist: ""
# -- Whether to enable sending of anonymous telemetry data.
# @section -- Configuration parameters
telemetryEnabled: true
postgresql:
# -- The PostgreSQL host to connect to. Empty to use dependencies.
# @section -- Configuration parameters
host: "" # Ex.: "postgresql.penpot.svc.cluster.local"
# -- The PostgreSQL host port to use.
# @section -- Configuration parameters
port: 5432
# -- The database username to use.
# @section -- Configuration parameters
username: "penpot"
# -- The database password to use.
# @section -- Configuration parameters
password: "penpot"
# -- The PostgreSQL database to use.
# @section -- Configuration parameters
database: "penpot"
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: ""
secretKeys:
# -- The username key to use from an existing secret.
# @section -- Configuration parameters
usernameKey: ""
# -- The password key to use from an existing secret.
# @section -- Configuration parameters
passwordKey: ""
redis:
# -- The Redis host to connect to. Empty to use dependencies
# @section -- Configuration parameters
host: "" # Ex.: "redis-headless.penpot.svc.cluster.local"
# -- The Redis host port to use.
# @section -- Configuration parameters
port: 6379
# -- The Redis database to connect to.
# @section -- Configuration parameters
database: "0"
assets:
# -- The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
# @section -- Configuration parameters
storageBackend: "assets-fs"
filesystem:
# -- The storage directory to use if you chose the filesystem storage backend.
# @section -- Configuration parameters
directory: "/opt/data/assets"
s3:
# -- The S3 access key ID to use if you chose the S3 storage backend.
# @section -- Configuration parameters
accessKeyID: ""
# -- The S3 secret access key to use if you chose the S3 storage backend.
# @section -- Configuration parameters
secretAccessKey: ""
# -- The S3 region to use if you chose the S3 storage backend.
# @section -- Configuration parameters
region: ""
# -- The name of the S3 bucket to use if you chose the S3 storage backend.
# @section -- Configuration parameters
bucket: ""
# -- The S3 endpoint URI to use if you chose the S3 storage backend.
# @section -- Configuration parameters
endpointURI: ""
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: ""
secretKeys:
# -- The S3 access key ID to use from an existing secret.
# @section -- Configuration parameters
accessKeyIDKey: ""
# -- The S3 secret access key to use from an existing secret.
# @section -- Configuration parameters
secretAccessKey: ""
# -- The S3 endpoint URI to use from an existing secret.
# @section -- Configuration parameters
endpointURIKey: ""
smtp:
# -- Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
# @section -- Configuration parameters
enabled: false
# -- The SMTP default email to send from.
# @section -- Configuration parameters
defaultFrom: ""
# -- The SMTP default email to reply to.
# @section -- Configuration parameters
defaultReplyTo: ""
# -- The SMTP host to use.
# @section -- Configuration parameters
host: ""
# -- The SMTP host port to use.
# @section -- Configuration parameters
port: ""
# -- The SMTP username to use.
# @section -- Configuration parameters
username: ""
# -- The SMTP password to use.
# @section -- Configuration parameters
password: ""
# -- Whether to use TLS for the SMTP connection.
# @section -- Configuration parameters
tls: true
# -- Whether to use SSL for the SMTP connection.
# @section -- Configuration parameters
ssl: false
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: ""
secretKeys:
# -- The SMTP username to use from an existing secret.
# @section -- Configuration parameters
usernameKey: ""
# -- The SMTP password to use from an existing secret.
# @section -- Configuration parameters
passwordKey: ""
providers:
google:
# -- Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
# @section -- Configuration parameters
clientID: ""
# -- The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
# @section -- Configuration parameters
clientSecret: ""
github:
# -- Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The GitHub client ID to use.
# @section -- Configuration parameters
clientID: ""
# -- The GitHub client secret to use.
# @section -- Configuration parameters
clientSecret: ""
gitlab:
# -- Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The GitLab base URI to use.
# @section -- Configuration parameters
baseURI: "https://gitlab.com"
# -- The GitLab client ID to use.
# @section -- Configuration parameters
clientID: ""
# -- The GitLab client secret to use.
# @section -- Configuration parameters
clientSecret: ""
oidc:
# -- Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The OpenID Connect base URI to use.
# @section -- Configuration parameters
baseURI: ""
# -- The OpenID Connect client ID to use.
# @section -- Configuration parameters
clientID: ""
# -- The OpenID Connect client secret to use.
# @section -- Configuration parameters
clientSecret: ""
# -- Optional OpenID Connect auth URI to use. Auto discovered if not provided.
# @section -- Configuration parameters
authURI: ""
# -- Optional OpenID Connect token URI to use. Auto discovered if not provided.
# @section -- Configuration parameters
tokenURI: ""
# -- Optional OpenID Connect user URI to use. Auto discovered if not provided.
# @section -- Configuration parameters
userURI: ""
# -- Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
# @section -- Configuration parameters
roles: "role1 role2"
# -- Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
# @section -- Configuration parameters
rolesAttribute: ""
# -- Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
# @section -- Configuration parameters
scopes: "scope1 scope2"
# -- Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
# @section -- Configuration parameters
nameAttribute: ""
# -- Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
# @section -- Configuration parameters
emailAttribute: ""
ldap:
# -- Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The LDAP host to use.
# @section -- Configuration parameters
host: "ldap"
# -- The LDAP port to use.
# @section -- Configuration parameters
port: 10389
# -- Whether to use SSL for the LDAP connection.
# @section -- Configuration parameters
ssl: false
# -- Whether to utilize StartTLS for the LDAP connection.
# @section -- Configuration parameters
startTLS: false
# -- The LDAP base DN to use.
# @section -- Configuration parameters
baseDN: "ou=people,dc=planetexpress,dc=com"
# -- The LDAP bind DN to use.
# @section -- Configuration parameters
bindDN: "cn=admin,dc=planetexpress,dc=com"
# -- The LDAP bind password to use.
# @section -- Configuration parameters
bindPassword: "GoodNewsEveryone"
# -- The LDAP user query to use.
# @section -- Configuration parameters
userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"
# -- The LDAP attributes username to use.
# @section -- Configuration parameters
attributesUsername: "uid"
# -- The LDAP attributes email to use.
# @section -- Configuration parameters
attributesEmail: "mail"
# -- The LDAP attributes fullname to use.
# @section -- Configuration parameters
attributesFullname: "cn"
# -- The LDAP attributes photo format to use.
# @section -- Configuration parameters
attributesPhoto: "jpegPhoto"
# -- The name of an existing secret to use.
# @section -- Configuration parameters
existingSecret: ""
secretKeys:
# -- The Google client ID key to use from an existing secret.
# @section -- Configuration parameters
googleClientIDKey: ""
# -- The Google client secret key to use from an existing secret.
# @section -- Configuration parameters
googleClientSecretKey: ""
# -- The GitHub client ID key to use from an existing secret.
# @section -- Configuration parameters
githubClientIDKey: ""
# -- The GitHub client secret key to use from an existing secret.
# @section -- Configuration parameters
githubClientSecretKey: ""
# -- The GitLab client ID key to use from an existing secret.
# @section -- Configuration parameters
gitlabClientIDKey: ""
# -- The GitLab client secret key to use from an existing secret.
# @section -- Configuration parameters
gitlabClientSecretKey: ""
# -- The OpenID Connect client ID key to use from an existing secret.
# @section -- Configuration parameters
oidcClientIDKey: ""
# -- The OpenID Connect client secret key to use from an existing secret.
# @section -- Configuration parameters
oidcClientSecretKey: ""
backend:
image:
# -- The Docker repository to pull the image from.
# @section -- Backend parameters
repository: penpotapp/backend
# -- The image tag to use.
# @section -- Backend parameters
tag: 2.3.2
# -- The image pull policy to use.
# @section -- Backend parameters
pullPolicy: IfNotPresent
# -- The number of replicas to deploy.
# @section -- Backend parameters
replicaCount: 1
service:
# -- The http service type to create.
# @section -- Backend parameters
type: ClusterIP
# -- The http service port to use.
# @section -- Backend parameters
port: 6060
# -- An optional map of annotations to be applied to the controller Deployment
# @section -- Backend parameters
deploymentAnnotations: {}
# -- An optional map of labels to be applied to the controller Pods
# @section -- Backend parameters
podLabels: {}
# -- An optional map of annotations to be applied to the controller Pods
# @section -- Backend parameters
podAnnotations: {}
# -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Backend parameters
podSecurityContext:
fsGroup: 1001
# -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Backend parameters
containerSecurityContext:
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
# -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# @section -- Backend parameters
affinity: {}
# -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
# @section -- Backend parameters
nodeSelector: {}
# -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
# @section -- Backend parameters
tolerations: []
# -- Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
# @section -- Backend parameters
resources:
# -- The resources limits for the Penpot backend containers
# @section -- Backend parameters
limits: {}
# -- The requested resources for the Penpot backend containers
# @section -- Backend parameters
requests: {}
# -- Configure Pod Disruption Budget for the backend pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
# @section -- Backend parameters
pdb:
# -- Enable Pod Disruption Budget for the backend pods.
# @section -- Backend parameters
enabled: false
# -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%").
# @section -- Backend parameters
minAvailable:
# -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%").
# @section -- Backend parameters
maxUnavailable:
frontend:
image:
# -- The Docker repository to pull the image from.
# @section -- Frontend parameters
repository: penpotapp/frontend
# -- The image tag to use.
# @section -- Frontend parameters
tag: 2.3.2
# -- The image pull policy to use.
# @section -- Frontend parameters
pullPolicy: IfNotPresent
# -- The number of replicas to deploy.
# @section -- Frontend parameters
replicaCount: 1
service:
# -- The service type to create.
# @section -- Frontend parameters
type: ClusterIP
# -- The service port to use.
# @section -- Frontend parameters
port: 80
# -- An optional map of annotations to be applied to the controller Deployment
# @section -- Frontend parameters
deploymentAnnotations: {}
# -- An optional map of labels to be applied to the controller Pods
# @section -- Frontend parameters
podLabels: {}
# -- An optional map of annotations to be applied to the controller Pods
# @section -- Frontend parameters
podAnnotations: {}
# -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Frontend parameters
podSecurityContext: {}
# -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Frontend parameters
containerSecurityContext: {}
# -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# @section -- Frontend parameters
affinity: {}
# -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
# @section -- Frontend parameters
nodeSelector: {}
# -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
# @section -- Frontend parameters
tolerations: []
# -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
# @section -- Frontend parameters
resources:
# -- The resources limits for the Penpot frontend containers
# @section -- Frontend parameters
limits: {}
# -- The requested resources for the Penpot frontend containers
# @section -- Frontend parameters
requests: {}
# -- Configure Pod Disruption Budget for the frontend pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
# @section -- Frontend parameters
pdb:
# -- Enable Pod Disruption Budget for the frontend pods.
# @section -- Frontend parameters
enabled: false
# -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%").
# @section -- Frontend parameters
minAvailable:
# -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%").
# @section -- Frontend parameters
maxUnavailable:
exporter:
image:
# -- The Docker repository to pull the image from.
# @section -- Exporter parameters
repository: penpotapp/exporter
# -- The image tag to use.
# @section -- Exporter parameters
tag: 2.3.2
# -- The image pull policy to use.
# @section -- Exporter parameters
imagePullPolicy: IfNotPresent
# -- The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount
# @section -- Exporter parameters
replicaCount: 1
service:
# -- The service type to create.
# @section -- Exporter parameters
type: ClusterIP
# -- The service port to use.
# @section -- Exporter parameters
port: 6061
# -- An optional map of annotations to be applied to the controller Deployment
# @section -- Exporter parameters
deploymentAnnotations: {}
# -- An optional map of labels to be applied to the controller Pods
# @section -- Exporter parameters
podLabels: {}
# -- An optional map of annotations to be applied to the controller Pods
# @section -- Exporter parameters
podAnnotations: {}
# -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Exporter parameters
podSecurityContext:
fsGroup: 1001
# -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Exporter parameters
containerSecurityContext:
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
# -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# @section -- Exporter parameters
affinity: {}
# -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
# @section -- Exporter parameters
nodeSelector: {}
# -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
# @section -- Exporter parameters
tolerations: []
# -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
# @section -- Exporter parameters
resources:
# -- The resources limits for the Penpot frontend containers
# @section -- Exporter parameters
limits: {}
# -- The requested resources for the Penpot frontend containers
# @section -- Exporter parameters
requests: {}
# -- Configure Pod Disruption Budget for the exporter pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
# @section -- Exporter parameters
pdb:
# -- Enable Pod Disruption Budget for the exporter pods.
# @section -- Exporter parameters
enabled: false
# -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%").
# @section -- Exporter parameters
minAvailable:
# -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%").
# @section -- Exporter parameters
maxUnavailable:
# @section -- Persistence parameters
persistence:
assets:
# -- Enable assets persistence using Persistent Volume Claims.
# @section -- Persistence parameters
enabled: false
# -- Assets persistent Volume storage class.
# If defined, storageClassName: <storageClass>.
# If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
# @section -- Persistence parameters
storageClass: ""
# -- Assets persistent Volume size.
# @section -- Persistence parameters
size: 20Gi
# -- The name of an existing PVC to use for assets persistence.
# @section -- Persistence parameters
existingClaim: ""
# -- Assets persistent Volume access modes.
# @section -- Persistence parameters
accessModes:
- ReadWriteOnce
# -- Assetsp ersistent Volume Claim annotations.
# @section -- Persistence parameters
annotations: {}
exporter:
# -- Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it.
# @section -- Persistence parameters
enabled: false
# -- Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider.
# @section -- Persistence parameters
storageClass: ""
# -- Exporter persistent Volume size.
# @section -- Persistence parameters
size: 10Gi
# -- The name of an existing PVC to use for persistence.
# @section -- Persistence parameters
existingClaim: ""
# -- Exporter persistent Volume access modes.
# @section -- Persistence parameters
accessModes:
- ReadWriteOnce
# -- Exporter persistent Volume Claim annotations.
# @section -- Persistence parameters
annotations: {}
ingress:
# -- Enable (frontend) Ingress Controller.
# @section -- Ingress parameters
enabled: false
# -- The Ingress className.
# @section -- Ingress parameters
className: ""
# -- Mapped annotations for the ingress crontroller.
# E.g.
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# @section -- Ingress parameters
annotations: {}
# -- Root path for every hosts.
# @section -- Ingress parameters
path: "/"
# -- Array style hosts for the (frontend) ingress crontroller.
# @section -- Ingress parameters
hosts:
# -- The default external hostname to access to the penpot app.
# @section -- Ingress parameters
- "penpot.example.com"
# -- Array style TLS secrets for the (frontend) ingress crontroller.
# E.g.
# tls:
# - secretName: penpot.example.com-tls
# hosts:
# - penpot.example.com
# @section -- Ingress parameters
tls: []
# -- PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
# @section -- PostgreSQL Dependencie parameters
postgresql:
auth:
# -- Name for a custom user to create.
# @section -- PostgreSQL Dependencie parameters
username: "penpot"
# -- Password for the custom user to create.
# @section -- PostgreSQL Dependencie parameters
password: "penpot"
# -- Name for a custom database to create.
# @section -- PostgreSQL Dependencie parameters
database: "penpot"
# -- Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
# @section -- Redis Dependencie parameters
redis:
auth:
# -- Whether to enable password authentication.
# @section -- Redis Dependencie parameters
enabled: false