feat(penpot): add Penpot (#4785)
* WIP(penpot) add Penpot * fix smtp * remove some comments * update code * update * fix secret * fix misspelling * fix redis * add tpls * Update charts/incubator/penpot/templates/_exporter.tpl Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/penpot/templates/common.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/penpot/templates/common.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/penpot/templates/_backend.tpl Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * fix values + tpls * cleanup * fix * Update charts/incubator/penpot/values.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * rofs set to false + update dependencies * hostAliases * Update charts/incubator/penpot/values.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * split publicURI * host * trim trim * probes * trimmmm Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros kois <s.kois@outlook.com>
This commit is contained in:
parent
8a804251ad
commit
a6cfb21b47
|
@ -0,0 +1,30 @@
|
||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
.vscode/
|
||||||
|
# OWNERS file for Kubernetes
|
||||||
|
OWNERS
|
||||||
|
# helm-docs templates
|
||||||
|
*.gotmpl
|
||||||
|
# docs folder
|
||||||
|
/docs
|
||||||
|
# icon
|
||||||
|
icon.png
|
|
@ -0,0 +1,40 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: "latest"
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
repository: https://library-charts.truecharts.org
|
||||||
|
version: 11.0.9
|
||||||
|
- condition: postgresql.enabled
|
||||||
|
name: postgresql
|
||||||
|
repository: https://charts.truecharts.org/
|
||||||
|
version: 11.0.13
|
||||||
|
- condition: redis.enabled
|
||||||
|
name: redis
|
||||||
|
repository: https://charts.truecharts.org
|
||||||
|
version: 5.0.17
|
||||||
|
deprecated: false
|
||||||
|
description: Open Source design and prototyping platform.
|
||||||
|
home: https://truecharts.org/docs/charts/incubator/penpot
|
||||||
|
icon: https://truecharts.org/img/hotlink-ok/chart-icons/penpot.png
|
||||||
|
keywords:
|
||||||
|
- penpot
|
||||||
|
- media
|
||||||
|
- design
|
||||||
|
kubeVersion: ">=1.16.0-0"
|
||||||
|
maintainers:
|
||||||
|
- email: info@truecharts.org
|
||||||
|
name: TrueCharts
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: penpot
|
||||||
|
sources:
|
||||||
|
- https://github.com/truecharts/charts/tree/master/charts/incubator/penpot
|
||||||
|
- https://github.com/penpot/penpot
|
||||||
|
- https://hub.docker.com/r/penpotapp/frontend
|
||||||
|
- https://hub.docker.com/r/penpotapp/backend
|
||||||
|
type: application
|
||||||
|
version: 0.0.1
|
||||||
|
annotations:
|
||||||
|
truecharts.org/catagories: |
|
||||||
|
- media
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/grade: U
|
|
@ -0,0 +1 @@
|
||||||
|
# penpot
|
Binary file not shown.
After Width: | Height: | Size: 38 KiB |
|
@ -0,0 +1,402 @@
|
||||||
|
# Include{groups}
|
||||||
|
portals:
|
||||||
|
open:
|
||||||
|
# Include{portalLink}
|
||||||
|
questions:
|
||||||
|
# Include{global}
|
||||||
|
# Include{controller}
|
||||||
|
# Include{replicas}
|
||||||
|
# Include{replica1}
|
||||||
|
# Include{controllerExpertExtraArgs}
|
||||||
|
- variable: penpot
|
||||||
|
group: App Configuration
|
||||||
|
label: Penpot Configuration
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: public_uri
|
||||||
|
label: Public URI
|
||||||
|
description: Public URI.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: telemetry_enabled
|
||||||
|
label: Telemetry Enabled
|
||||||
|
description: Telemetry Enabled.
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: flags
|
||||||
|
label: Flags
|
||||||
|
description: Feature flags
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
required: true
|
||||||
|
# TODO: Check if it works
|
||||||
|
default: ["enable-registration", "enable-login", "disable-email-verification"]
|
||||||
|
items:
|
||||||
|
- variable: feature_flag
|
||||||
|
label: Feature Flag Entry
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: registration_domain_whitelist
|
||||||
|
label: Registration Domain Whitelist
|
||||||
|
description: Registration Domain Whitelist
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
required: true
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: domain_whitelist
|
||||||
|
label: Domain Whitelist Entry
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: smtp
|
||||||
|
group: App Configuration
|
||||||
|
label: SMTP Configuration
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: Enable SMTP
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: default_from
|
||||||
|
label: Default From
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: default_reply_to
|
||||||
|
label: Default Reply To
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: smtp_host
|
||||||
|
label: SMTP Host
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: smtp_port
|
||||||
|
label: SMTP Port
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
required: true
|
||||||
|
default: 587
|
||||||
|
- variable: smtp_user
|
||||||
|
label: SMTP User
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: smtp_pass
|
||||||
|
label: SMTP Pass
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
private: true
|
||||||
|
default: ""
|
||||||
|
- variable: identity_providers
|
||||||
|
group: App Configuration
|
||||||
|
label: Identity Providers Configuration
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: google
|
||||||
|
label: Google Identity Provider
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: Show Google Settings
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: client_id
|
||||||
|
label: Client ID
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: client_secret
|
||||||
|
label: Client Secret
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: github
|
||||||
|
label: Github Identity Provider
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: Show Github Settings
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: client_id
|
||||||
|
label: Client ID
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: client_secret
|
||||||
|
label: Client Secret
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: gitlab
|
||||||
|
label: Gitlab Identity Provider
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: Show Gitlab Settings
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: base_uri
|
||||||
|
label: Base URI
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: "https://gitlab.com"
|
||||||
|
- variable: client_id
|
||||||
|
label: Client ID
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: client_secret
|
||||||
|
label: Client Secret
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: oidc
|
||||||
|
label: OIDC Identity Provider
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: Show OIDC Settings
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: base_uri
|
||||||
|
label: Base URI
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: client_id
|
||||||
|
label: Client ID
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: client_secret
|
||||||
|
label: Client Secret
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: ldap
|
||||||
|
label: LDAP Identity Provider
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: Show LDAP Settings
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
show_subquestions_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: host
|
||||||
|
label: Host
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: port
|
||||||
|
label: Port
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
required: true
|
||||||
|
default: 587
|
||||||
|
- variable: ssl
|
||||||
|
label: SSL
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: starttls
|
||||||
|
label: StartTLS
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: base_dn
|
||||||
|
label: Base DN
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: bind_dn
|
||||||
|
label: Bind DN
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: bind_pass
|
||||||
|
label: Bind Pass
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: attrs_username
|
||||||
|
label: ATTRS Username
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
rquired: true
|
||||||
|
default: ""
|
||||||
|
- variable: attrs_email
|
||||||
|
label: ATTRS Email
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: attrs_fullname
|
||||||
|
label: ATTRS Fullname
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
# Include{containerConfig}
|
||||||
|
# Include{serviceRoot}
|
||||||
|
- variable: main
|
||||||
|
label: Main Service
|
||||||
|
description: The Primary service on which the healthcheck runs, often the webUI
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
# Include{serviceSelectorLoadBalancer}
|
||||||
|
# Include{serviceSelectorExtras}
|
||||||
|
- variable: main
|
||||||
|
label: Main Service Port Configuration
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: port
|
||||||
|
label: Port
|
||||||
|
description: This port exposes the container port on the service
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 10592
|
||||||
|
required: true
|
||||||
|
# Include{serviceExpertRoot}
|
||||||
|
default: false
|
||||||
|
# Include{serviceExpert}
|
||||||
|
# Include{serviceList}
|
||||||
|
# Include{persistenceRoot}
|
||||||
|
- variable: data
|
||||||
|
label: App Data Storage
|
||||||
|
description: Stores the Application Data.
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
# Include{persistenceBasic}
|
||||||
|
# Include{persistenceList}
|
||||||
|
# Include{ingressRoot}
|
||||||
|
- variable: main
|
||||||
|
label: Main Ingress
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
# Include{ingressDefault}
|
||||||
|
# Include{ingressTLS}
|
||||||
|
# Include{ingressTraefik}
|
||||||
|
# Include{ingressList}
|
||||||
|
# Include{security}
|
||||||
|
# Include{securityContextAdvancedRoot}
|
||||||
|
- variable: privileged
|
||||||
|
label: Privileged mode
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: readOnlyRootFilesystem
|
||||||
|
label: ReadOnly Root Filesystem
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: allowPrivilegeEscalation
|
||||||
|
label: Allow Privilege Escalation
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: runAsNonRoot
|
||||||
|
label: runAsNonRoot
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
# Include{podSecurityContextRoot}
|
||||||
|
- variable: runAsUser
|
||||||
|
label: runAsUser
|
||||||
|
description: The UserID of the user running the application
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 0
|
||||||
|
- variable: runAsGroup
|
||||||
|
label: runAsGroup
|
||||||
|
description: The groupID this App of the user running the application
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 0
|
||||||
|
- variable: fsGroup
|
||||||
|
label: fsGroup
|
||||||
|
description: The group that should own ALL storage.
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 568
|
||||||
|
# Include{podSecurityContextAdvanced}
|
||||||
|
# Include{resources}
|
||||||
|
# Include{advanced}
|
||||||
|
# Include{addons}
|
||||||
|
# Include{codeserver}
|
||||||
|
# Include{vpn}
|
||||||
|
# Include{documentation}
|
|
@ -0,0 +1,39 @@
|
||||||
|
{{/* Define the backend container */}}
|
||||||
|
{{- define "penpot.backend" -}}
|
||||||
|
image: {{ .Values.backendImage.repository }}:{{ .Values.backendImage.tag }}
|
||||||
|
imagePullPolicy: '{{ .Values.backendImage.pullPolicy }}'
|
||||||
|
securityContext:
|
||||||
|
runAsUser: {{ .Values.podSecurityContext.runAsUser }}
|
||||||
|
runAsGroup: {{ .Values.podSecurityContext.runAsGroup }}
|
||||||
|
readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }}
|
||||||
|
runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: data
|
||||||
|
mountPath: {{ .Values.persistence.data.mountPath }}
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: '{{ include "tc.common.names.fullname" . }}-common-secret'
|
||||||
|
- secretRef:
|
||||||
|
name: '{{ include "tc.common.names.fullname" . }}-backend-secret'
|
||||||
|
readinessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 6060
|
||||||
|
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
|
||||||
|
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
|
||||||
|
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
|
||||||
|
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
|
||||||
|
livenessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 6060
|
||||||
|
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
|
||||||
|
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
|
||||||
|
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
|
||||||
|
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
|
||||||
|
startupProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 6060
|
||||||
|
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
|
||||||
|
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
|
||||||
|
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
|
||||||
|
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,37 @@
|
||||||
|
{{/* Define the exporter container */}}
|
||||||
|
{{- define "penpot.exporter" -}}
|
||||||
|
image: {{ .Values.exporterImage.repository }}:{{ .Values.exporterImage.tag }}
|
||||||
|
imagePullPolicy: '{{ .Values.exporterImage.pullPolicy }}'
|
||||||
|
securityContext:
|
||||||
|
runAsUser: {{ .Values.podSecurityContext.runAsUser }}
|
||||||
|
runAsGroup: {{ .Values.podSecurityContext.runAsGroup }}
|
||||||
|
readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }}
|
||||||
|
runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: '{{ include "tc.common.names.fullname" . }}-common-secret'
|
||||||
|
- secretRef:
|
||||||
|
name: '{{ include "tc.common.names.fullname" . }}-exporter-secret'
|
||||||
|
readinessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 6061
|
||||||
|
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
|
||||||
|
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
|
||||||
|
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
|
||||||
|
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
tcpSocket:
|
||||||
|
port: 6061
|
||||||
|
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
|
||||||
|
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
|
||||||
|
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
|
||||||
|
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
|
||||||
|
startupProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 6061
|
||||||
|
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
|
||||||
|
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
|
||||||
|
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
|
||||||
|
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,105 @@
|
||||||
|
{{/* Define the secret */}}
|
||||||
|
{{- define "penpot.secret" -}}
|
||||||
|
|
||||||
|
{{- $secretName := printf "%s-common-secret" (include "tc.common.names.fullname" .) }}
|
||||||
|
{{- $exporterSecretName := printf "%s-exporter-secret" (include "tc.common.names.fullname" .) }}
|
||||||
|
{{- $backendSecretName := printf "%s-backend-secret" (include "tc.common.names.fullname" .) }}
|
||||||
|
{{- $frontendSecretName := printf "%s-frontend-secret" (include "tc.common.names.fullname" .) }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
type: Opaque
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
labels:
|
||||||
|
{{- include "tc.common.labels" . | nindent 4 }}
|
||||||
|
stringData:
|
||||||
|
{{/* Dependencies */}}
|
||||||
|
PENPOT_DATABASE_URI: {{ printf "postgresql://%v/%v" (.Values.postgresql.url.plainport | trimAll "\"") .Values.postgresql.postgresqlDatabase }}
|
||||||
|
PENPOT_DATABASE_USERNAME: {{ .Values.postgresql.postgresqlUsername }}
|
||||||
|
PENPOT_DATABASE_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}
|
||||||
|
PENPOT_REDIS_URI: {{ printf "redis://%v:%v@%v/%v" "default" (.Values.redis.redisPassword | trimAll "\"") (.Values.redis.url.plainport | trimAll "\"") "0" }}
|
||||||
|
{{/* Penpot */}}
|
||||||
|
PENPOT_STORAGE_ASSETS_FS_DIRECTORY: {{ .Values.persistence.assets.mountPath }}
|
||||||
|
PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
|
||||||
|
PENPOT_HTTP_SERVER_HOST: "0.0.0.0"
|
||||||
|
{{- with .Values.penpot.flags }}
|
||||||
|
PENPOT_FLAGS: {{ join " " . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
PENPOT_TELEMETRY_ENABLED: {{ .Values.penpot.telemetry_enabled | quote }}
|
||||||
|
{{- with .Values.penpot.registration_domain_whitelist }}
|
||||||
|
PENPOT_REGISTRATION_DOMAIN_WHITELIST: {{ join "," . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.penpot.smtp.enabled }}
|
||||||
|
PENPOT_SMTP_DEFAULT_FROM: {{ .Values.penpot.smtp.default_from | quote }}
|
||||||
|
PENPOT_SMTP_DEFAULT_REPLY_TO: {{ .Values.penpot.smtp.default_reply_to | quote }}
|
||||||
|
PENPOT_SMTP_HOST: {{ .Values.penpot.smtp.host | quote }}
|
||||||
|
PENPOT_SMTP_PORT: {{ .Values.penpot.smtp.port | quote }}
|
||||||
|
PENPOT_SMTP_USERNAME: {{ .Values.penpot.smtp.user | quote }}
|
||||||
|
PENPOT_SMTP_PASSWORD: {{ .Values.penpot.smtp.pass | quote }}
|
||||||
|
PENPOT_SMTP_TLS: {{ .Values.penpot.smtp.tls | quote }}
|
||||||
|
PENPOT_SMTP_SSL: {{ .Values.penpot.smtp.ssl | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.penpot.identity_providers.google.enabled }}
|
||||||
|
PENPOT_GOOGLE_CLIENT_ID: {{ .Values.penpot.identity_providers.google.client_id | quote }}
|
||||||
|
PENPOT_GOOGLE_CLIENT_SECRET: {{ .Values.penpot.identity_providers.google.client_secret | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.penpot.identity_providers.github.enabled }}
|
||||||
|
PENPOT_GITHUB_CLIENT_ID: {{ .Values.penpot.identity_providers.github.client_id | quote }}
|
||||||
|
PENPOT_GITHUB_CLIENT_ID: {{ .Values.penpot.identity_providers.github.client_secret | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.penpot.identity_providers.gitlab.enabled }}
|
||||||
|
PENPOT_GITLAB_BASE_URI: {{ .Values.penpot.identity_providers.gitlab.base_uri | quote }}
|
||||||
|
PENPOT_GITLAB_CLIENT_ID: {{ .Values.penpot.identity_providers.gitlab.client_id | quote }}
|
||||||
|
PENPOT_GITLAB_CLIENT_SECRET: {{ .Values.penpot.identity_providers.gitlab.client_secret | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.penpot.identity_providers.oidc.enabled }}
|
||||||
|
PENPOT_OIDC_BASE_URI: {{ .Values.penpot.identity_providers.oidc.base_uri | quote }}
|
||||||
|
PENPOT_OIDC_CLIENT_ID: {{ .Values.penpot.identity_providers.oidc.client_id | quote }}
|
||||||
|
PENPOT_OIDC_CLIENT_SECRET: {{ .Values.penpot.identity_providers.oidc.client_secret | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.penpot.identity_providers.ldap.enabled }}
|
||||||
|
PENPOT_LDAP_HOST: {{ .Values.penpot.identity_providers.ldap.host | quote }}
|
||||||
|
PENPOT_LDAP_PORT: {{ .Values.penpot.identity_providers.ldap.port | quote }}
|
||||||
|
PENPOT_LDAP_SSL: {{ .Values.penpot.identity_providers.ldap.ssl | quote }}
|
||||||
|
PENPOT_LDAP_STARTTLS: {{ .Values.penpot.identity_providers.ldap.starttls | quote }}
|
||||||
|
PENPOT_LDAP_BASE_DN: {{ .Values.penpot.identity_providers.ldap.base_dn | quote }}
|
||||||
|
PENPOT_LDAP_BIND_DN: {{ .Values.penpot.identity_providers.ldap.bind_dn | quote }}
|
||||||
|
PENPOT_LDAP_BIND_PASSWORD: {{ .Values.penpot.identity_providers.ldap.bind_pass | quote }}
|
||||||
|
PENPOT_LDAP_ATTRS_USERNAME: {{ .Values.penpot.identity_providers.ldap.attrs_username | quote }}
|
||||||
|
PENPOT_LDAP_ATTRS_EMAIL: {{ .Values.penpot.identity_providers.ldap.attrs_email | quote }}
|
||||||
|
PENPOT_LDAP_ATTRS_FULLNAME: {{ .Values.penpot.identity_providers.ldap.attrs_fullname | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
type: Opaque
|
||||||
|
metadata:
|
||||||
|
name: {{ $exporterSecretName }}
|
||||||
|
labels:
|
||||||
|
{{- include "tc.common.labels" . | nindent 4 }}
|
||||||
|
stringData:
|
||||||
|
PENPOT_PUBLIC_URI: http://penpot-frontend:{{ .Values.service.main.ports.main.targetPort }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
type: Opaque
|
||||||
|
metadata:
|
||||||
|
name: {{ $backendSecretName }}
|
||||||
|
labels:
|
||||||
|
{{- include "tc.common.labels" . | nindent 4 }}
|
||||||
|
stringData:
|
||||||
|
PENPOT_PUBLIC_URI: {{ .Values.penpot.public_uri | quote }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
type: Opaque
|
||||||
|
metadata:
|
||||||
|
name: {{ $frontendSecretName }}
|
||||||
|
labels:
|
||||||
|
{{- include "tc.common.labels" . | nindent 4 }}
|
||||||
|
stringData:
|
||||||
|
PENPOT_PUBLIC_URI: {{ .Values.penpot.public_uri | quote }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,10 @@
|
||||||
|
{{/* Make sure all variables are set properly */}}
|
||||||
|
{{- include "tc.common.loader.init" . }}
|
||||||
|
|
||||||
|
{{- include "penpot.secret" . -}}
|
||||||
|
|
||||||
|
{{- $_ := set .Values.additionalContainers "backend" (include "penpot.backend" . | fromYaml) -}}
|
||||||
|
{{- $_ := set .Values.additionalContainers "exporter" (include "penpot.exporter" . | fromYaml) -}}
|
||||||
|
|
||||||
|
{{/* Render the templates */}}
|
||||||
|
{{ include "tc.common.loader.apply" . }}
|
|
@ -0,0 +1,128 @@
|
||||||
|
# TODO: Update images
|
||||||
|
image:
|
||||||
|
repository: penpotapp/frontend
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
tag: latest@sha256:0cf7ce270c8e3fc18459165567549b8c578a7f37c257785efd21d15189fb10ae
|
||||||
|
|
||||||
|
backendImage:
|
||||||
|
repository: penpotapp/backend
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
tag: latest@sha256:e1485e99dd7b587155cf577408bab8fb85daf7b1bb0586958acc19ed5422b869
|
||||||
|
|
||||||
|
exporterImage:
|
||||||
|
repository: penpotapp/exporter
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
tag: latest@sha256:e5c8d7b78feae9997a11bf6b7281aa19907a799c97d76b8d46e0caa7a349fc3f
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: false
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
runAsGroup: 0
|
||||||
|
|
||||||
|
hostAliases:
|
||||||
|
- ip: 127.0.0.1
|
||||||
|
hostnames:
|
||||||
|
- penpot-backend
|
||||||
|
- penpot-exporter
|
||||||
|
- penpot-frontend
|
||||||
|
|
||||||
|
penpot:
|
||||||
|
public_uri: "http://localhost:{{ .Values.service.main.ports.main.port }}"
|
||||||
|
flags:
|
||||||
|
- enable-registration
|
||||||
|
- enable-login
|
||||||
|
- disable-email-verification
|
||||||
|
telemetry_enabled: false
|
||||||
|
registration_domain_whitelist: []
|
||||||
|
smtp:
|
||||||
|
enabled: false
|
||||||
|
default_from: "no-reply@example.com"
|
||||||
|
default_reply_to: "no-reply@example.com"
|
||||||
|
tls: true
|
||||||
|
ssl: false
|
||||||
|
host: ""
|
||||||
|
port: 587
|
||||||
|
user: ""
|
||||||
|
pass: ""
|
||||||
|
identity_providers:
|
||||||
|
google:
|
||||||
|
enabled: false
|
||||||
|
client_id: ""
|
||||||
|
client_secret: ""
|
||||||
|
github:
|
||||||
|
enabled: false
|
||||||
|
client_id: ""
|
||||||
|
client_secret: ""
|
||||||
|
gitlab:
|
||||||
|
enabled: false
|
||||||
|
base_uri: ""
|
||||||
|
client_id: ""
|
||||||
|
client_secret: ""
|
||||||
|
oidc:
|
||||||
|
enabled: false
|
||||||
|
base_uri: ""
|
||||||
|
client_id: ""
|
||||||
|
client_secret: ""
|
||||||
|
ldap:
|
||||||
|
enabled: false
|
||||||
|
host: ""
|
||||||
|
port: 10389
|
||||||
|
ssl: false
|
||||||
|
starttls: false
|
||||||
|
base_dn: ""
|
||||||
|
bind_dn: ""
|
||||||
|
bind_pass: ""
|
||||||
|
attrs_username: ""
|
||||||
|
attrs_email: ""
|
||||||
|
attrs_fullname: ""
|
||||||
|
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: '{{ include "tc.common.names.fullname" . }}-common-secret'
|
||||||
|
- secretRef:
|
||||||
|
name: '{{ include "tc.common.names.fullname" . }}-frontend-secret'
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
type: HTTP
|
||||||
|
path: /
|
||||||
|
readiness:
|
||||||
|
type: HTTP
|
||||||
|
path: /
|
||||||
|
startup:
|
||||||
|
type: HTTP
|
||||||
|
path: /
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
main:
|
||||||
|
protocol: HTTP
|
||||||
|
targetPort: 80
|
||||||
|
port: 10592
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
data:
|
||||||
|
enabled: true
|
||||||
|
mountPath: /opt/data
|
||||||
|
noMount: true
|
||||||
|
assets:
|
||||||
|
enabled: true
|
||||||
|
mountPath: /opt/data/assets
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
enabled: true
|
||||||
|
existingSecret: dbcreds
|
||||||
|
postgresqlDatabase: penpot
|
||||||
|
postgresqlUsername: penpot
|
||||||
|
|
||||||
|
redis:
|
||||||
|
enabled: true
|
||||||
|
existingSecret: rediscreds
|
||||||
|
redisUsername: penpot
|
||||||
|
|
||||||
|
portal:
|
||||||
|
enabled: true
|
|
@ -175,11 +175,13 @@ words:
|
||||||
- Nordigen
|
- Nordigen
|
||||||
- notebookbar
|
- notebookbar
|
||||||
- ODBC
|
- ODBC
|
||||||
|
- OIDC
|
||||||
- OOKLA
|
- OOKLA
|
||||||
- organizr
|
- organizr
|
||||||
- ornias
|
- ornias
|
||||||
- ovpn
|
- ovpn
|
||||||
- passwrd
|
- passwrd
|
||||||
|
- penpot
|
||||||
- pgid
|
- pgid
|
||||||
- photoprism
|
- photoprism
|
||||||
- pihole
|
- pihole
|
||||||
|
|
Loading…
Reference in New Issue