2021-02-05 20:17:06 +00:00
|
|
|
# type: options are deployment, daemonset or statefulset
|
|
|
|
controllerType: deployment
|
|
|
|
# Set annotations on the deployment/statefulset/daemonset
|
|
|
|
controllerAnnotations: {}
|
|
|
|
# Set labels on the deployment/statefulset/daemonset
|
|
|
|
controllerLabels: {}
|
|
|
|
|
|
|
|
replicas: 1
|
|
|
|
strategy:
|
|
|
|
## For Deployments, valid values are Recreate and RollingUpdate
|
|
|
|
## For StatefulSets, valid values are OnDelete and RollingUpdate
|
|
|
|
## DaemonSets ignore this
|
|
|
|
type: RollingUpdate
|
|
|
|
|
|
|
|
# Override the default command
|
|
|
|
command: []
|
|
|
|
# Override the default args
|
|
|
|
args: []
|
|
|
|
|
|
|
|
nameOverride: ""
|
|
|
|
fullnameOverride: ""
|
|
|
|
|
|
|
|
# Set annotations on the pod
|
|
|
|
podAnnotations: {}
|
|
|
|
|
|
|
|
serviceAccount:
|
|
|
|
# Specifies whether a service account should be created
|
|
|
|
create: false
|
|
|
|
# Annotations to add to the service account
|
|
|
|
annotations: {}
|
|
|
|
# The name of the service account to use.
|
|
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
|
|
name: ""
|
|
|
|
|
|
|
|
env: {}
|
|
|
|
# TZ: UTC
|
|
|
|
|
|
|
|
## Variables with values set from templates, example
|
|
|
|
## With a release name of: demo, the example env value will be: demo-admin
|
|
|
|
envTpl: {}
|
2021-02-08 15:10:14 +00:00
|
|
|
# TEMPLATE_VALUE: "{{ .Release.Name }}-admin"
|
|
|
|
|
|
|
|
## Variables with values from (for example) the Downward API
|
|
|
|
## See https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
|
|
|
|
envValueFrom: {}
|
|
|
|
# NODE_NAME:
|
|
|
|
# fieldRef:
|
|
|
|
# fieldPath: spec.nodeName
|
|
|
|
|
2021-02-05 20:17:06 +00:00
|
|
|
envFrom: []
|
|
|
|
# - configMapRef:
|
|
|
|
# name: config-map-name
|
|
|
|
# - secretRef:
|
|
|
|
# name: secret-name
|
|
|
|
|
|
|
|
# Custom priority class for different treatment by the scheduler
|
|
|
|
# priorityClassName: system-node-critical
|
|
|
|
|
|
|
|
# Allow specifying a custom scheduler name
|
|
|
|
# schedulerName: awkward-dangerous-scheduler
|
|
|
|
|
|
|
|
# Allow specifying explicit hostname setting
|
|
|
|
# hostname:
|
|
|
|
|
|
|
|
# When using hostNetwork make sure you set dnsPolicy to ClusterFirstWithHostNet
|
|
|
|
hostNetwork: false
|
|
|
|
|
|
|
|
dnsPolicy: ClusterFirst
|
|
|
|
|
|
|
|
# Optional DNS settings, configuring the ndots option may resolve
|
|
|
|
# nslookup issues on some Kubernetes setups.
|
|
|
|
# dnsConfig:
|
|
|
|
# options:
|
|
|
|
# - name: ndots
|
|
|
|
# value: "1"
|
|
|
|
|
|
|
|
# Enable/disable the generation of environment variables for services.
|
|
|
|
# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service
|
|
|
|
# for more information.
|
|
|
|
enableServiceLinks: true
|
|
|
|
|
|
|
|
# Configure the Security Context for the Pod
|
|
|
|
podSecurityContext: {}
|
|
|
|
|
|
|
|
# Configure the Security Context for the main container
|
|
|
|
securityContext: {}
|
|
|
|
|
|
|
|
initContainers: []
|
|
|
|
|
|
|
|
additionalContainers: []
|
|
|
|
|
|
|
|
## Probes configuration
|
|
|
|
probes:
|
|
|
|
liveness:
|
|
|
|
enabled: true
|
|
|
|
## Set this to true if you wish to specify your own livenessProbe
|
|
|
|
custom: false
|
|
|
|
## The spec field contains the values for the default livenessProbe.
|
|
|
|
## If you selected custom: true, this field holds the definition of the livenessProbe.
|
|
|
|
spec:
|
|
|
|
initialDelaySeconds: 30
|
|
|
|
failureThreshold: 5
|
|
|
|
periodSeconds: 10
|
|
|
|
timeoutSeconds: 10
|
|
|
|
|
|
|
|
readiness:
|
|
|
|
enabled: true
|
|
|
|
## Set this to true if you wish to specify your own readinessProbe
|
|
|
|
custom: false
|
|
|
|
## The spec field contains the values for the default readinessProbe.
|
|
|
|
## If you selected custom: true, this field holds the definition of the readinessProbe.
|
|
|
|
spec:
|
|
|
|
initialDelaySeconds: 30
|
|
|
|
failureThreshold: 5
|
|
|
|
periodSeconds: 10
|
|
|
|
timeoutSeconds: 10
|
|
|
|
|
|
|
|
startup:
|
|
|
|
enabled: false
|
|
|
|
## Set this to true if you wish to specify your own startupProbe
|
|
|
|
custom: false
|
|
|
|
## The spec field contains the values for the default startupProbe.
|
|
|
|
## If you selected custom: true, this field holds the definition of the startupProbe.
|
|
|
|
spec:
|
|
|
|
initialDelaySeconds: 5
|
|
|
|
failureThreshold: 30
|
|
|
|
periodSeconds: 10
|
|
|
|
timeoutSeconds: 10
|
|
|
|
|
|
|
|
service:
|
|
|
|
enabled: true
|
|
|
|
type: ClusterIP
|
|
|
|
## Specify the default port information
|
|
|
|
port:
|
|
|
|
port:
|
|
|
|
## name defaults to http
|
|
|
|
name:
|
|
|
|
protocol: TCP
|
|
|
|
## Specify a service targetPort if you wish to differ the service port from the application port.
|
|
|
|
## If targetPort is specified, this port number is used in the container definition instead of
|
|
|
|
## service.port.port. Therefore named ports are not supported for this field.
|
|
|
|
targetPort:
|
|
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
|
|
##
|
|
|
|
# nodePort:
|
|
|
|
additionalPorts: []
|
|
|
|
|
|
|
|
## Provide any additional annotations which may be required. This can be used to
|
|
|
|
## set the LoadBalancer service type to internal only.
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
|
|
##
|
|
|
|
annotations: {}
|
|
|
|
labels: {}
|
|
|
|
|
|
|
|
additionalServices: []
|
|
|
|
# - enabled: false
|
|
|
|
# nameSuffix: api
|
|
|
|
# type: ClusterIP
|
|
|
|
# # Specify the default port information
|
|
|
|
# port:
|
|
|
|
# port:
|
|
|
|
# # name defaults to http
|
|
|
|
# name:
|
|
|
|
# protocol: TCP
|
|
|
|
# # targetPort defaults to http
|
|
|
|
# targetPort:
|
|
|
|
# # nodePort:
|
|
|
|
# additionalPorts: []
|
|
|
|
# annotations: {}
|
|
|
|
# labels: {}
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
enabled: false
|
|
|
|
annotations: {}
|
|
|
|
# kubernetes.io/ingress.class: nginx
|
|
|
|
# kubernetes.io/tls-acme: "true"
|
|
|
|
labels: {}
|
|
|
|
hosts:
|
|
|
|
- host: chart-example.local
|
|
|
|
paths:
|
|
|
|
- path: /
|
|
|
|
# Ignored if not kubeVersion >= 1.14-0
|
|
|
|
pathType: Prefix
|
|
|
|
tls: []
|
|
|
|
# - secretName: chart-example-tls
|
|
|
|
# hosts:
|
|
|
|
# - chart-example.local
|
|
|
|
additionalIngresses: []
|
|
|
|
# - enabled: false
|
|
|
|
# nameSuffix: "api"
|
|
|
|
# annotations: {}
|
|
|
|
# # kubernetes.io/ingress.class: nginx
|
|
|
|
# # kubernetes.io/tls-acme: "true"
|
|
|
|
# labels: {}
|
|
|
|
# hosts:
|
|
|
|
# - host: chart-example.local
|
|
|
|
# paths:
|
|
|
|
# - path: /api
|
|
|
|
# # Ignored if not kubeVersion >= 1.14-0
|
|
|
|
# pathType: Prefix
|
|
|
|
# tls: []
|
|
|
|
# # - secretName: chart-example-tls
|
|
|
|
# # hosts:
|
|
|
|
# # - chart-example.local
|
|
|
|
|
|
|
|
persistence:
|
|
|
|
config:
|
|
|
|
enabled: false
|
|
|
|
mountPath: /config
|
|
|
|
## configuration data Persistent Volume Storage Class
|
|
|
|
## If defined, storageClassName: <storageClass>
|
|
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
|
|
## GKE, AWS & OpenStack)
|
|
|
|
##
|
|
|
|
# storageClass: "-"
|
|
|
|
##
|
|
|
|
## If you want to reuse an existing claim, you can pass the name of the PVC using
|
|
|
|
## the existingClaim variable
|
|
|
|
# existingClaim: your-claim
|
|
|
|
# subPath: some-subpath
|
|
|
|
accessMode: ReadWriteOnce
|
|
|
|
size: 1Gi
|
|
|
|
## Set to true to retain the PVC upon helm uninstall
|
|
|
|
skipuninstall: false
|
|
|
|
|
|
|
|
# Create an emptyDir volume to share between all containers
|
|
|
|
shared:
|
|
|
|
enabled: false
|
|
|
|
emptyDir: true
|
|
|
|
mountPath: /shared
|
|
|
|
|
|
|
|
additionalVolumes: []
|
|
|
|
|
|
|
|
additionalVolumeMounts: []
|
|
|
|
|
|
|
|
volumeClaimTemplates: []
|
|
|
|
# Used in statefulset to create individual disks for each instance
|
|
|
|
# - name: data
|
|
|
|
# mountPath: /data
|
|
|
|
# accessMode: "ReadWriteOnce"
|
|
|
|
# size: 1Gi
|
|
|
|
# - name: backup
|
|
|
|
# mountPath: /backup
|
|
|
|
# subPath: theSubPath
|
|
|
|
# accessMode: "ReadWriteOnce"
|
|
|
|
# size: 2Gi
|
|
|
|
# storageClass: cheap-storage-class
|
|
|
|
|
|
|
|
nodeSelector: {}
|
|
|
|
|
|
|
|
affinity: {}
|
|
|
|
|
|
|
|
tolerations: []
|
|
|
|
|
|
|
|
hostAliases: []
|
|
|
|
# Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
|
|
|
|
# ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
|
|
# - ip: "192.168.1.100"
|
|
|
|
# hostnames:
|
|
|
|
# - "example.com"
|
|
|
|
# - "www.example.com"
|
|
|
|
|
|
|
|
resources: {}
|
|
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
|
|
# limits:
|
|
|
|
# cpu: 100m
|
|
|
|
# memory: 128Mi
|
|
|
|
# requests:
|
|
|
|
# cpu: 100m
|
|
|
|
# memory: 128Mi
|
|
|
|
|
|
|
|
addons:
|
|
|
|
|
|
|
|
# Enable running a VPN in the pod to route traffic through a VPN
|
|
|
|
vpn:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
# VPN type: options are openvpn or wireguard
|
|
|
|
type: openvpn
|
|
|
|
|
|
|
|
# OpenVPN specific configuration
|
|
|
|
openvpn:
|
|
|
|
image:
|
|
|
|
repository: dperson/openvpn-client
|
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
tag: latest
|
|
|
|
|
|
|
|
# Credentials to connect to the VPN Service (used with -a)
|
|
|
|
auth: # "user;password"
|
|
|
|
# OR specify an existing secret that contains the credentials. Credentials should be stored
|
|
|
|
# under the VPN_AUTH key
|
|
|
|
authSecret: # my-vpn-secret
|
|
|
|
|
|
|
|
# WireGuard specific configuration
|
|
|
|
wireguard:
|
|
|
|
image:
|
|
|
|
repository: k8sathome/wireguard
|
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
tag: 1.0.20200827
|
|
|
|
|
|
|
|
# Set the VPN container securityContext
|
|
|
|
securityContext:
|
|
|
|
capabilities:
|
|
|
|
add:
|
|
|
|
- NET_ADMIN
|
|
|
|
- SYS_MODULE
|
|
|
|
|
|
|
|
# All variables specified here will be added to the vpn sidecar container
|
|
|
|
# See the documentation of the VPN image for all config values
|
|
|
|
env: {}
|
|
|
|
# TZ: UTC
|
|
|
|
|
|
|
|
# Provide a customized vpn configuration file to be used by the VPN.
|
|
|
|
configFile: # |-
|
|
|
|
# Some Example Config
|
|
|
|
# remote greatvpnhost.com 8888
|
|
|
|
# auth-user-pass
|
|
|
|
# Cipher AES
|
|
|
|
|
|
|
|
# Provide custom up/down scripts that can be used by the vpnConf
|
|
|
|
scripts:
|
|
|
|
up: # |-
|
|
|
|
# #!/bin/bash
|
|
|
|
# echo "connected" > /shared/vpnstatus
|
|
|
|
down: # |-
|
|
|
|
# #!/bin/bash
|
|
|
|
# echo "disconnected" > /shared/vpnstatus
|
|
|
|
|
|
|
|
additionalVolumeMounts: []
|
|
|
|
|
|
|
|
# Optionally specify a livenessProbe, e.g. to check if the connection is still
|
|
|
|
# being protected by the VPN
|
|
|
|
livenessProbe: {}
|
|
|
|
# exec:
|
|
|
|
# command:
|
|
|
|
# - sh
|
|
|
|
# - -c
|
|
|
|
# - if [ $(curl -s https://ipinfo.io/country) == 'US' ]; then exit 0; else exit $?; fi
|
|
|
|
# initialDelaySeconds: 30
|
|
|
|
# periodSeconds: 60
|
|
|
|
# failureThreshold: 1
|
|
|
|
|
|
|
|
# If set to true, will deploy a network policy that blocks all outbound
|
|
|
|
# traffic except traffic specified as allowed
|
|
|
|
networkPolicy:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
# The egress configuration for your network policy, All outbound traffic
|
|
|
|
# From the pod will be blocked unless specified here. Your cluster must
|
|
|
|
# have a CNI that supports network policies (Canal, Calico, etc...)
|
|
|
|
# https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
|
|
|
# https://github.com/ahmetb/kubernetes-network-policy-recipes
|
|
|
|
egress:
|
|
|
|
# - to:
|
|
|
|
# - ipBlock:
|
|
|
|
# cidr: 0.0.0.0/0
|
|
|
|
# ports:
|
|
|
|
# - port: 53
|
|
|
|
# protocol: UDP
|
|
|
|
# - port: 53
|
|
|
|
# protocol: TCP
|
|
|
|
|
|
|
|
# Enable running a code-server container in the pod to access files
|
|
|
|
codeserver:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
image:
|
|
|
|
repository: codercom/code-server
|
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
tag: 3.7.4
|
|
|
|
|
|
|
|
# Set any environment variables for code-server here
|
|
|
|
env: {}
|
|
|
|
# TZ: UTC
|
|
|
|
|
|
|
|
# Set codeserver command line arguments
|
|
|
|
# consider setting --user-data-dir to a persistent location to preserve code-server setting changes
|
|
|
|
args:
|
|
|
|
- --auth
|
|
|
|
- none
|
|
|
|
# - --user-data-dir
|
|
|
|
# - "/config/.vscode"
|
|
|
|
|
|
|
|
# Specify a list of volumes that get mounted in the code-server container.
|
|
|
|
# At least 1 volumeMount is required!
|
|
|
|
volumeMounts: []
|
|
|
|
# - name: config
|
|
|
|
# mountPath: /data/config
|
|
|
|
|
|
|
|
# Specify the working dir that will be opened when code-server starts
|
|
|
|
# If not given, the app will default to the mountpah of the first specified volumeMount
|
|
|
|
workingDir: ""
|
|
|
|
|
|
|
|
service:
|
|
|
|
enabled: true
|
|
|
|
type: ClusterIP
|
|
|
|
# Specify the default port information
|
|
|
|
port:
|
|
|
|
port: 12321
|
|
|
|
name: codeserver
|
|
|
|
protocol: TCP
|
|
|
|
targetPort: codeserver
|
|
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
|
|
##
|
|
|
|
# nodePort:
|
|
|
|
|
|
|
|
## Provide any additional annotations which may be required. This can be used to
|
|
|
|
## set the LoadBalancer service type to internal only.
|
|
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
|
|
##
|
|
|
|
annotations: {}
|
|
|
|
labels: {}
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
enabled: false
|
|
|
|
nameSuffix: codeserver
|
|
|
|
annotations: {}
|
|
|
|
# kubernetes.io/ingress.class: nginx
|
|
|
|
# kubernetes.io/tls-acme: "true"
|
|
|
|
labels: {}
|
|
|
|
hosts:
|
|
|
|
- host: code.chart-example.local
|
|
|
|
paths:
|
|
|
|
- path: /
|
|
|
|
# Ignored if not kubeVersion >= 1.14-0
|
|
|
|
pathType: Prefix
|
|
|
|
tls: []
|
|
|
|
# - secretName: chart-example-tls
|
|
|
|
# hosts:
|
|
|
|
# - code.chart-example.local
|
|
|
|
|
|
|
|
securityContext:
|
|
|
|
runAsUser: 0
|
|
|
|
|
|
|
|
|
|
|
|
## TrueCharts Specific
|
|
|
|
|
|
|
|
appAdditionalServicesEnabled: false
|
|
|
|
# appAdditionalServices:
|
|
|
|
# api:
|
|
|
|
# enabled: false
|
|
|
|
# type: NodePort
|
|
|
|
# protocol: TCP
|
|
|
|
# port:
|
|
|
|
# port: 8091
|
|
|
|
# nodePort: 38091
|
|
|
|
# additionalPorts: []
|
|
|
|
# - name: api-alt
|
|
|
|
# port: 8092
|
|
|
|
# targetPort: 8092
|
|
|
|
# protocol: TCP
|
|
|
|
# nodePort: 38092
|
|
|
|
# ws:
|
|
|
|
# enabled: false
|
|
|
|
# type: ClusterIP
|
|
|
|
# port:
|
|
|
|
# port: 3000
|
|
|
|
# additionalPorts: {}
|
|
|
|
# foo:
|
|
|
|
# name: ws-alt
|
|
|
|
# protocol: TCP
|
|
|
|
# port: 3001
|
|
|
|
# targetPort: 3001
|
|
|
|
|
|
|
|
appVolumesEnabled: false
|
|
|
|
# appVolumeMounts:
|
|
|
|
# config:
|
|
|
|
# enabled: false
|
|
|
|
# emptyDir: false
|
|
|
|
# datasetName: "config"
|
|
|
|
# mountPath: "/config"
|
|
|
|
# subPath: some-subpath
|
|
|
|
# hostPathEnabled: false
|
|
|
|
# hostPath: ""
|
|
|
|
# data:
|
|
|
|
# enabled: false
|
|
|
|
# emptyDir: false
|
|
|
|
# datasetName: "data"
|
|
|
|
# mountPath: "/data"
|
|
|
|
# subPath: some-subpath
|
|
|
|
# hostPathEnabled: false
|
|
|
|
# hostPath: ""
|
|
|
|
|
|
|
|
emptyDirVolumes: true
|
|
|
|
|
|
|
|
appIngressEnabled: false
|
|
|
|
appIngress:
|
|
|
|
main:
|
|
|
|
enabled: false
|
|
|
|
entrypoint: "websecure"
|
|
|
|
certType: "letsencrypt-prod"
|
|
|
|
existingcert: ""
|
|
|
|
authForwardURL: ""
|
|
|
|
annotations: {}
|
|
|
|
labels: {}
|
|
|
|
hosts:
|
|
|
|
- host: app.truecharts.placeholder
|
|
|
|
paths:
|
|
|
|
- path: /
|
|
|
|
# Ignored if not kubeVersion >= 1.14-0
|
|
|
|
pathType: Prefix
|
|
|
|
|
|
|
|
maintcp:
|
|
|
|
enabled: false
|
|
|
|
type: "TCP"
|
|
|
|
entrypoint: "kms"
|
|
|
|
certType: "none"
|
|
|
|
existingcert: ""
|
|
|
|
annotations: {}
|
|
|
|
labels: {}
|
|
|
|
hosts:
|
|
|
|
- host: app.truecharts.placeholder
|
|
|
|
paths:
|
|
|
|
- path: /
|
|
|
|
# Ignored if not kubeVersion >= 1.14-0
|
|
|
|
pathType: Prefix
|
|
|
|
mainudp:
|
|
|
|
enabled: false
|
|
|
|
type: "UDP"
|
|
|
|
entrypoint: "DNSUDP"
|
|
|
|
annotations: {}
|
|
|
|
labels: {}
|