1017 lines
33 KiB
YAML
1017 lines
33 KiB
YAML
# -- OpenVPN specific configuration
|
|
# @default -- See below
|
|
openvpnImage:
|
|
# -- Specify the openvpn client image
|
|
repository: ghcr.io/truecharts/openvpn-client
|
|
# -- Specify the openvpn client image tag
|
|
tag: latest@sha256:bc3a56b2c195a4b4ce5c67fb0c209f38036521ebd316df2a7d68b425b9c48b30
|
|
# -- Specify the openvpn client image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- WireGuard specific configuration
|
|
# @default -- See below
|
|
wireguardImage:
|
|
# -- Specify the WireGuard image
|
|
repository: ghcr.io/truecharts/wireguard
|
|
# -- Specify the WireGuard image tag
|
|
tag: v1.0.20210914@sha256:31da911257a76ac8278b0e462fd2da02e8aeac349af3cf2a5279c4bc99f51f8d
|
|
# -- Specify the WireGuard image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- promtail specific configuration
|
|
# @default -- See below
|
|
promtailImage:
|
|
# -- Specify the promtail image
|
|
repository: ghcr.io/truecharts/promtail
|
|
# -- Specify the promtail image tag
|
|
tag: v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4
|
|
# -- Specify the promtail image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- netshoot specific configuration
|
|
# @default -- See below
|
|
netshootImage:
|
|
# -- Specify the netshoot image
|
|
repository: ghcr.io/truecharts/netshoot
|
|
# -- Specify the netshoot image tag
|
|
tag: latest@sha256:505d3430ed7c1d43fed18dbd1177b76ecb6fc376113bc41d34da230c402a4855
|
|
# -- Specify the netshoot image pull policy
|
|
pullPolicy: Always
|
|
|
|
# -- codeserver specific configuration
|
|
# @default -- See below
|
|
codeserverImage:
|
|
# -- Specify the code-server image
|
|
repository: ghcr.io/truecharts/code-server
|
|
# -- Specify the code-server image tag
|
|
tag: v3.12.0@sha256:b2132ab84a76b799dca995c90d4eb5765f13267408f795541bec670ff22cce38
|
|
# -- Specify the code-server image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- alpine specific configuration
|
|
# @default -- See below
|
|
alpineImage:
|
|
# -- Specify the Alpine image
|
|
repository: ghcr.io/truecharts/alpine
|
|
# -- Specify the Alpine image tag
|
|
tag: v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
|
# -- Specify the Alpine image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- postgresql specific configuration
|
|
# @default -- See below
|
|
postgresqlImage:
|
|
# -- Specify the postgresql image
|
|
repository: ghcr.io/truecharts/postgresql
|
|
# -- Specify the postgresql image tag
|
|
tag: v14.1.0@sha256:bb32d5eedec5f729ff1618cecf3291dc3588a5da6ba5321d9dd88873d92b0832
|
|
# -- Specify the postgresql image pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
|
|
global:
|
|
# -- Set an override for the prefix of the fullname
|
|
nameOverride:
|
|
# -- Set the entire name definition
|
|
fullnameOverride:
|
|
isSCALE: false
|
|
|
|
controller:
|
|
# -- enable the controller.
|
|
enabled: true
|
|
# -- Set the controller type.
|
|
# Valid options are deployment, daemonset or statefulset
|
|
type: deployment
|
|
# -- Set additional annotations on the deployment/statefulset/daemonset
|
|
annotationsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Set annotations on the deployment/statefulset/daemonset
|
|
annotations: {}
|
|
# -- Set additional labels on the deployment/statefulset/daemonset
|
|
labelsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Set labels on the deployment/statefulset/daemonset
|
|
labels: {}
|
|
# -- Number of desired pods
|
|
replicas: 1
|
|
# -- Set the controller upgrade strategy
|
|
# For Deployments, valid values are Recreate (default) and RollingUpdate.
|
|
# For StatefulSets, valid values are OnDelete and RollingUpdate (default).
|
|
# DaemonSets ignore this.
|
|
strategy:
|
|
rollingUpdate:
|
|
# -- Set deployment RollingUpdate max unavailable
|
|
unavailable:
|
|
# -- Set deployment RollingUpdate max surge
|
|
surge:
|
|
# -- Set statefulset RollingUpdate partition
|
|
partition:
|
|
# -- ReplicaSet revision history limit
|
|
revisionHistoryLimit: 3
|
|
|
|
image:
|
|
# -- image repository
|
|
repository:
|
|
# -- image tag
|
|
tag:
|
|
# -- image pull policy
|
|
pullPolicy:
|
|
|
|
# -- Override the command(s) for the default container
|
|
command: []
|
|
# -- Override the args for the default container
|
|
args: []
|
|
|
|
# -- Set additional annotations on the pod
|
|
podAnnotationsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
|
|
#
|
|
# -- Set annotations on the pod
|
|
podAnnotations: {}
|
|
|
|
# -- Set additional labels on the pod
|
|
podLabelsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
|
|
# -- Set labels on the pod
|
|
podLabels: {}
|
|
|
|
# -- Add a Horizontal Pod Autoscaler
|
|
# @default -- <disabled>
|
|
autoscaling:
|
|
enabled: false
|
|
target: # deploymentname
|
|
minReplicas: # 1
|
|
maxReplicas: # 100
|
|
targetCPUUtilizationPercentage: # 80
|
|
targetMemoryUtilizationPercentage: # 80
|
|
|
|
# -- Create serviceaccount
|
|
# @default -- See below
|
|
serviceAccount:
|
|
# -- Specifies whether a service account should be created
|
|
create: false
|
|
|
|
# -- Annotations to add to the service account
|
|
annotations: {}
|
|
|
|
# -- The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
# -- Create a ClusterRole and ClusterRoleBinding
|
|
# @default -- See below
|
|
rbac:
|
|
# -- Enables or disables the ClusterRole and ClusterRoleBinding
|
|
enabled: false
|
|
|
|
# -- Set Annotations on the ClusterRole
|
|
clusterRoleLabels: {}
|
|
|
|
# -- Set labels on the ClusterRole
|
|
clusterRoleAnnotations: {}
|
|
|
|
# -- Set Annotations on the ClusterRoleBinding
|
|
|
|
clusterRoleBindingLabels: {}
|
|
|
|
# -- Set labels on the ClusterRoleBinding
|
|
clusterRoleBindingAnnotations: {}
|
|
|
|
# -- Set Rules on the ClusterRole
|
|
rules: {}
|
|
|
|
# -- Add subjects to the ClusterRoleBinding.
|
|
# includes the above created serviceaccount
|
|
subjects: {}
|
|
|
|
# -- Configure networkPolicy for the chart here.
|
|
# @default -- See below
|
|
networkPolicy:
|
|
# -- Enables or disables the networkPolicy
|
|
enabled: false
|
|
|
|
# customizes the podSelector (defaults to the helm-chart selector-labels
|
|
# podSelector:
|
|
|
|
# -- add or remove Policy types
|
|
policyTypes: []
|
|
|
|
# -- add or remove egress policies
|
|
egress: []
|
|
|
|
# -- add or remove egress policies
|
|
ingress: []
|
|
|
|
# -- Use this to populate a secret with the values you specify.
|
|
# Be aware that these values are not encrypted by default, and could therefore visible
|
|
# to anybody with access to the values.yaml file.
|
|
secret: {}
|
|
# PASSWORD: my-password
|
|
|
|
# -- Main environment variables. Template enabled.
|
|
# Syntax options:
|
|
# A) TZ: UTC
|
|
# B) PASSWD: '{{ .Release.Name }}'
|
|
# C) PASSWD:
|
|
# envFrom:
|
|
# ...
|
|
env: {}
|
|
## Variables with values set from templates, example
|
|
## With a release name of: demo, the example env value will be: demo-admin
|
|
envTpl: {}
|
|
# TEMPLATE_VALUE: "{{ .Release.Name }}-admin"
|
|
|
|
## Variables with values from (for example) the Downward API
|
|
## See https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
|
|
envValueFrom: {}
|
|
# NODE_NAME:
|
|
# fieldRef:
|
|
# fieldPath: spec.nodeName
|
|
|
|
envFrom: []
|
|
# - configMapRef:
|
|
# name: config-map-name
|
|
# - secretRef:
|
|
# name: secret-name
|
|
# -- Custom priority class for different treatment by the scheduler
|
|
priorityClassName: # system-node-critical
|
|
|
|
# -- Allows specifying a custom scheduler name
|
|
schedulerName: # awkward-dangerous-scheduler
|
|
|
|
# -- Allows specifying explicit hostname setting
|
|
hostname:
|
|
|
|
# -- When using hostNetwork make sure you set dnsPolicy to `ClusterFirstWithHostNet`
|
|
hostNetwork: false
|
|
|
|
# -- Defaults to "ClusterFirst" if hostNetwork is false and "ClusterFirstWithHostNet" if hostNetwork is true.
|
|
dnsPolicy: # ClusterFirst
|
|
|
|
# -- Optional DNS settings, configuring the ndots option may resolve nslookup issues on some Kubernetes setups.
|
|
dnsConfig:
|
|
options:
|
|
- name: ndots
|
|
value: "1"
|
|
nameservers: []
|
|
searches: []
|
|
|
|
# -- Enable/disable the generation of environment variables for services.
|
|
# [[ref]](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service)
|
|
enableServiceLinks: false
|
|
|
|
# -- Can be used to set securityContext.capabilities outside of the GUI on TrueNAS SCALE
|
|
customCapabilities:
|
|
drop: []
|
|
add: []
|
|
|
|
# -- Configure the Security Context for the Pod
|
|
podSecurityContext:
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
fsGroup: 568
|
|
supplementalGroups: []
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
|
|
# -- Configure the Security Context for the main container
|
|
securityContext:
|
|
privileged: false
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
runAsNonRoot: true
|
|
capabilities:
|
|
drop: []
|
|
add: []
|
|
|
|
|
|
# -- Configure the lifecycle for the main container
|
|
lifecycle: {}
|
|
|
|
# -- Specify any initContainers here as dictionary items. Each initContainer should have its own key.
|
|
# The dictionary item key will determine the order. Helm templates can be used.
|
|
initContainers: {}
|
|
|
|
# -- Specify any additional containers here as dictionary items. Each additional container should have its own key.
|
|
# Helm templates can be used.
|
|
additionalContainers: {}
|
|
|
|
# -- Probe configuration
|
|
# -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
|
|
# @default -- See below
|
|
probes:
|
|
# -- Liveness probe configuration
|
|
# @default -- See below
|
|
liveness:
|
|
# -- Enable the liveness probe
|
|
enabled: true
|
|
# -- Set this to `true` if you wish to specify your own livenessProbe
|
|
custom: false
|
|
# -- sets the probe type when not using a custom probe
|
|
# @default -- "TCP"
|
|
type: TCP
|
|
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
|
# @default -- "/"
|
|
path: "/"
|
|
# -- The spec field contains the values for the default livenessProbe.
|
|
# If you selected `custom: true`, this field holds the definition of the livenessProbe.
|
|
# @default -- See below
|
|
spec:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 5
|
|
|
|
# -- Redainess probe configuration
|
|
# @default -- See below
|
|
readiness:
|
|
# -- Enable the readiness probe
|
|
enabled: true
|
|
# -- Set this to `true` if you wish to specify your own readinessProbe
|
|
custom: false
|
|
# -- sets the probe type when not using a custom probe
|
|
# @default -- "TCP"
|
|
type: TCP
|
|
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
|
# @default -- "/"
|
|
path: "/"
|
|
# -- The spec field contains the values for the default readinessProbe.
|
|
# If you selected `custom: true`, this field holds the definition of the readinessProbe.
|
|
# @default -- See below
|
|
spec:
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 5
|
|
|
|
# -- Startup probe configuration
|
|
# @default -- See below
|
|
startup:
|
|
# -- Enable the startup probe
|
|
enabled: true
|
|
# -- Set this to `true` if you wish to specify your own startupProbe
|
|
custom: false
|
|
# -- sets the probe type when not using a custom probe
|
|
# @default -- "TCP"
|
|
type: TCP
|
|
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
|
# @default -- "/"
|
|
path: "/"
|
|
# -- The spec field contains the values for the default startupProbe.
|
|
# If you selected `custom: true`, this field holds the definition of the startupProbe.
|
|
# @default -- See below
|
|
spec:
|
|
initialDelaySeconds: 10
|
|
timeoutSeconds: 2
|
|
## This means it has a maximum of 5*30=150 seconds to start up before it fails
|
|
periodSeconds: 5
|
|
failureThreshold: 60
|
|
|
|
termination:
|
|
# -- Configure the path at which the file to which the main container's termination message will be written.
|
|
# -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)]
|
|
messagePath:
|
|
|
|
# -- Indicate how the main container's termination message should be populated.
|
|
# Valid options are `File` and `FallbackToLogsOnError`.
|
|
# -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)]
|
|
messagePolicy:
|
|
|
|
# -- Duration in seconds the pod needs to terminate gracefully
|
|
# -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle)]
|
|
gracePeriodSeconds: 10
|
|
|
|
# -- Configure additional services for the chart here.
|
|
# @default -- See below
|
|
serviceList: []
|
|
|
|
# -- Configure the services for the chart here.
|
|
# Additional services can be added by adding a dictionary key similar to the 'main' service.
|
|
# @default -- See below
|
|
service:
|
|
main:
|
|
# -- Enables or disables the service
|
|
enabled: true
|
|
|
|
# -- Make this the primary service (used in probes, notes, etc...).
|
|
# If there is more than 1 service, make sure that only 1 service is marked as primary.
|
|
primary: true
|
|
|
|
# -- Override the name suffix that is used for this service
|
|
nameOverride:
|
|
|
|
# -- Override default selector
|
|
selector: {}
|
|
|
|
# -- Set the service type
|
|
# Options: Simple(Loadbalancer), LoadBalancer, ClusterIP, NodePort
|
|
type: ClusterIP
|
|
annotationsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Provide additional annotations which may be required.
|
|
annotations: {}
|
|
|
|
labelsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Set labels on the deployment/statefulset/daemonset
|
|
# -- Provide additional labels which may be required.
|
|
labels: {}
|
|
|
|
# -- Configure additional Service port information here.
|
|
# @default -- See below
|
|
portsList: []
|
|
|
|
# -- Configure the Service port information here.
|
|
# Additional ports can be added by adding a dictionary key similar to the 'http' service.
|
|
# @default -- See below
|
|
ports:
|
|
main:
|
|
# -- Enables or disables the port
|
|
enabled: true
|
|
|
|
# -- Make this the primary port (used in probes, notes, etc...)
|
|
# If there is more than 1 service, make sure that only 1 port is marked as primary.
|
|
primary: true
|
|
|
|
# -- The port number
|
|
port:
|
|
|
|
# -- Port protocol.
|
|
# Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`.
|
|
# HTTPS and HTTPS spawn a TCP service and get used for internal URL and name generation
|
|
protocol: HTTP
|
|
|
|
# -- Specify a service targetPort if you wish to differ the service port from the application port.
|
|
# If `targetPort` is specified, this port number is used in the container definition instead of
|
|
# the `port` value. Therefore named ports are not supported for this field.
|
|
targetPort:
|
|
|
|
# -- Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
# [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport)
|
|
nodePort:
|
|
|
|
# -- Configure ingressList for the chart here.
|
|
# Additional items can be added by adding a items similar to ingress
|
|
# @default -- []
|
|
ingressList: []
|
|
|
|
# -- Configure the ingresses for the chart here.
|
|
# Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress.
|
|
# @default -- See below
|
|
ingress:
|
|
main:
|
|
# -- Enables or disables the ingress
|
|
enabled: false
|
|
|
|
# -- Make this the primary ingress (used in probes, notes, etc...).
|
|
# If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
|
|
primary: true
|
|
|
|
# -- Override the name suffix that is used for this ingress.
|
|
nameOverride:
|
|
|
|
# -- disable to ignore any default middlwares
|
|
enableFixedMiddlewares: true
|
|
|
|
# -- List of middlewares in the traefikmiddlewares k8s namespace to add automatically
|
|
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
|
|
# Primarily used for TrueNAS SCALE to add additional (seperate) middlewares without exposing them to the end-user
|
|
fixedMiddlewares:
|
|
- chain-basic
|
|
|
|
# -- Additional List of middlewares in the traefikmiddlewares k8s namespace to add automatically
|
|
# Creates an annotation with the middlewares and appends k8s and traefik namespaces to the middleware names
|
|
middlewares: []
|
|
annotationsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Provide additional annotations which may be required.
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
|
|
labelsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Set labels on the deployment/statefulset/daemonset
|
|
# -- Provide additional labels which may be required.
|
|
# -- Provide additional labels which may be required.
|
|
labels: {}
|
|
|
|
# -- Set the ingressClass that is used for this ingress.
|
|
# Requires Kubernetes >=1.19
|
|
ingressClassName: # "nginx"
|
|
|
|
## Configure the hosts for the ingress
|
|
hosts:
|
|
- # -- Host address. Helm template can be passed.
|
|
host: chart-example.local
|
|
## Configure the paths for the host
|
|
paths:
|
|
- # -- Path. Helm template can be passed.
|
|
path: /
|
|
# -- Ignored if not kubeVersion >= 1.14-0
|
|
pathType: Prefix
|
|
service:
|
|
# -- Overrides the service name reference for this path
|
|
name:
|
|
# -- Overrides the service port reference for this path
|
|
port:
|
|
|
|
# -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# -- Create a secret from a GUI selected TrueNAS SCALE certificate
|
|
# scaleCert: true
|
|
# hosts:
|
|
# - chart-example.local
|
|
|
|
# -- Configure persistenceList for the chart here.
|
|
# Used to create an additional GUI element in SCALE for mounting USB devices
|
|
# Additional items can be added by adding a items similar to persistence
|
|
# @default -- []
|
|
deviceList: []
|
|
|
|
# -- Configure persistenceList for the chart here.
|
|
# Additional items can be added by adding a items similar to persistence
|
|
# @default -- []
|
|
persistenceList: []
|
|
|
|
# -- Configure configMaps for the chart here.
|
|
# Additional configMaps can be added by adding a dictionary key similar to the 'config' object.
|
|
# @default -- See below
|
|
configmap:
|
|
config:
|
|
# -- Enables or disables the configMap
|
|
enabled: false
|
|
# -- Labels to add to the configMap
|
|
labels: {}
|
|
# -- Annotations to add to the configMap
|
|
annotations: {}
|
|
# -- configMap data content. Helm template enabled.
|
|
data: {}
|
|
# foo: bar
|
|
|
|
# -- Configure persistence for the chart here.
|
|
# Additional items can be added by adding a dictionary key similar to the 'config' key.
|
|
# @default -- See below
|
|
persistence:
|
|
# -- Default persistence for configuration files.
|
|
# @default -- See below
|
|
config:
|
|
# -- Enables or disables the persistence item
|
|
enabled: false
|
|
annotationsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Add annotations to PVC object
|
|
annotations: {}
|
|
|
|
labelsList: []
|
|
# - name: somename
|
|
# value: somevalue
|
|
# -- Set labels on the deployment/statefulset/daemonset
|
|
# -- Provide additional labels which may be required.
|
|
# -- Add labels to PVC object
|
|
labels: {}
|
|
|
|
# -- Sets the persistence type
|
|
# Valid options are: simplePVC, simpleHP, pvc, emptyDir, secret, configMap, hostPath or custom
|
|
type: pvc
|
|
|
|
# -- force the complete PVC name
|
|
# Will not add any prefix or suffix
|
|
forceName: ""
|
|
|
|
# -- Where to mount the volume in the main container.
|
|
# Defaults to `/<name_of_the_volume>`,
|
|
# setting to '-' creates the volume but disables the volumeMount.
|
|
mountPath: # /config
|
|
# -- Specify if the volume should be mounted read-only.
|
|
readOnly: false
|
|
# -- Override the name suffix that is used for this volume.
|
|
nameOverride:
|
|
|
|
# -- Storage Class for the config volume.
|
|
# If set to `-`, dynamic provisioning is disabled.
|
|
# If set to `SCALE-ZFS`, the default provisioner for TrueNAS SCALE is used.
|
|
# If set to something else, the given storageClass is used.
|
|
# If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
|
|
storageClass: # "-"
|
|
|
|
# -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
|
|
existingClaim: # your-claim
|
|
|
|
# -- Used in conjunction with `existingClaim`. Specifies a sub-path inside the referenced volume instead of its root
|
|
subPath: # some-subpath
|
|
|
|
# mountPropagation: {}
|
|
|
|
# -- AccessMode for the persistent volume.
|
|
# Make sure to select an access mode that is supported by your storage provider!
|
|
# [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
|
|
accessMode: ReadWriteOnce
|
|
|
|
# -- The amount of storage that is requested for the persistent volume.
|
|
size: 999Gi
|
|
|
|
# - Set to true to retain the PVC upon `helm uninstall`
|
|
retain: false
|
|
|
|
# -- Create an emptyDir volume to share between all containers
|
|
# [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir)
|
|
# @default -- See below
|
|
shared:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /shared
|
|
|
|
# -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead
|
|
# of the storage medium that backs the node.
|
|
medium: # Memory
|
|
|
|
# -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can
|
|
# specify a size for memory backed volumes.
|
|
sizeLimit: # 1Gi
|
|
|
|
# -- Create an emptyDir volume to share between all containers
|
|
# [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir)
|
|
# @default -- See below
|
|
varlogs:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /var/logs
|
|
|
|
# -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead
|
|
# of the storage medium that backs the node.
|
|
medium: # Memory
|
|
|
|
# -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can
|
|
# specify a size for memory backed volumes.
|
|
sizeLimit: # 1Gi
|
|
|
|
# -- Create an emptyDir volume to share between all containers for temporary storage
|
|
# @default -- See below
|
|
temp:
|
|
enabled: true
|
|
type: emptyDir
|
|
mountPath: /tmp
|
|
# -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead
|
|
# of the storage medium that backs the node.
|
|
medium: Memory
|
|
# -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can
|
|
# specify a size for memory backed volumes.
|
|
sizeLimit: # 1Gi
|
|
|
|
# -- Create an emptyDir volume to share between all containers
|
|
# [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir)
|
|
# @default -- See below
|
|
varrun:
|
|
enabled: false
|
|
type: emptyDir
|
|
mountPath: /var/run
|
|
# -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead
|
|
# of the storage medium that backs the node.
|
|
medium: Memory
|
|
# -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can
|
|
# specify a size for memory backed volumes.
|
|
sizeLimit: # 1Gi
|
|
|
|
|
|
# -- Example of a hostPath mount
|
|
# [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#hostpath)
|
|
# @default -- See below
|
|
host-dev:
|
|
enabled: false
|
|
type: hostPath
|
|
# -- Which path on the host should be mounted.
|
|
hostPath: /dev
|
|
# -- Automatic set permissions using chown and chmod
|
|
setPermissions: false
|
|
# -- Where to mount the path in the main container.
|
|
# Defaults to the value of `hostPath`
|
|
mountPath: "" # /myDev
|
|
# -- Specifying a hostPathType adds a check before trying to mount the path.
|
|
# See Kubernetes documentation for options.
|
|
hostPathType: ""
|
|
# -- Specify if the path should be mounted read-only.
|
|
readOnly: true
|
|
|
|
# -- Example of a Simple hostPath mount
|
|
# [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#hostpath)
|
|
# @default -- See below
|
|
host-simple-dev:
|
|
enabled: false
|
|
type: simpleHP
|
|
# -- Which path on the host should be mounted.
|
|
hostPathSimple: /dev
|
|
# -- Automatic set permissions using chown and chmod
|
|
setPermissionsSimple: false
|
|
# -- Where to mount the path in the main container.
|
|
# Defaults to the value of `hostPath`
|
|
mountPath: "" # /myDev
|
|
# -- Specifying a hostPathType adds a check before trying to mount the path.
|
|
# See Kubernetes documentation for options.
|
|
hostPathType: ""
|
|
# -- Specify if the path should be mounted read-only.
|
|
readOnly: true
|
|
|
|
# -- Example of a custom mount
|
|
# @default -- See below
|
|
custom-mount:
|
|
enabled: false
|
|
type: custom
|
|
# -- Where to mount the volume in the main container.
|
|
# Defaults to `/<name_of_the_volume>`,
|
|
# setting to '-' creates the volume but disables the volumeMount.
|
|
mountPath: # /custom-mount
|
|
# -- Specify if the volume should be mounted read-only.
|
|
readOnly: false
|
|
# -- Define the custom Volume spec here
|
|
# [[ref]](https://kubernetes.io/docs/concepts/storage/volumes/)
|
|
volumeSpec: {}
|
|
# configMap:
|
|
# defaultMode: 420
|
|
# name: my-settings
|
|
|
|
# -- Example of a configmap mount
|
|
# @default -- See below
|
|
configmap-example:
|
|
enabled: false
|
|
type: configMap
|
|
# -- Specify the name of the configmap object to be mounted
|
|
objectName: myconfig-map
|
|
# -- Where to mount the volume in the main container.
|
|
# Defaults to `/<name_of_the_volume>`,
|
|
# setting to '-' creates the volume but disables the volumeMount.
|
|
mountPath: # /custom-mount
|
|
# -- Specify if the volume should be mounted read-only.
|
|
readOnly: false
|
|
|
|
# -- Example of a secret mount
|
|
# @default -- See below
|
|
secret-example:
|
|
enabled: false
|
|
type: secret
|
|
# -- Specify the name of the secret object to be mounted
|
|
objectName: mysecret
|
|
# -- Where to mount the volume in the main container.
|
|
# Defaults to `/<name_of_the_volume>`,
|
|
# setting to '-' creates the volume but disables the volumeMount.
|
|
mountPath: # /custom-mount
|
|
# -- Specify if the volume should be mounted read-only.
|
|
readOnly: false
|
|
# -- define the default mount mode for the secret
|
|
defaultMode: 777
|
|
# -- Define the secret items to be mounted
|
|
items:
|
|
- key: username
|
|
path: my-group/my-username
|
|
|
|
# -- Used in conjunction with `controller.type: statefulset` to create individual disks for each instance.
|
|
volumeClaimTemplates: []
|
|
# data:
|
|
# mountPath: /data
|
|
# accessMode: "ReadWriteOnce"
|
|
# size: 1Gi
|
|
|
|
## Or use a list
|
|
# - name: backup
|
|
# mountPath: /backup
|
|
# subPath: theSubPath
|
|
# accessMode: "ReadWriteOnce"
|
|
# size: 2Gi
|
|
# storageClass: cheap-storage-class
|
|
|
|
# -- Node selection constraint
|
|
# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)
|
|
nodeSelector: {}
|
|
|
|
# -- Defines affinity constraint rules.
|
|
# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
|
|
affinity: {}
|
|
|
|
# -- Defines topologySpreadConstraint rules.
|
|
# [[ref]](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/)
|
|
topologySpreadConstraints: []
|
|
# - maxSkew: <integer>
|
|
# topologyKey: <string>
|
|
# whenUnsatisfiable: <string>
|
|
# labelSelector: <object>
|
|
|
|
# -- Specify taint tolerations
|
|
# [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
|
|
tolerations: []
|
|
|
|
# -- Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
|
|
# [[ref]](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/)
|
|
hostAliases: []
|
|
# - ip: "192.168.1.100"
|
|
# hostnames:
|
|
# - "example.com"
|
|
# - "www.example.com"
|
|
|
|
# -- Set the resource requests / limits for the main container.
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits:
|
|
cpu: 4000m
|
|
memory: 8Gi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 50Mi
|
|
|
|
# -- The common chart supports several add-ons. These can be configured under this key.
|
|
# @default -- See below
|
|
addons:
|
|
# -- The common chart supports adding a VPN add-on. It can be configured under this key.
|
|
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn)
|
|
# @default -- See values.yaml
|
|
vpn:
|
|
# -- Specify the VPN type. Valid options are disabled, openvpn or wireguard
|
|
type: disabled
|
|
|
|
# -- OpenVPN specific configuration
|
|
# @default -- See below
|
|
openvpn:
|
|
# -- Credentials to connect to the VPN Service (used with -a)
|
|
# Only using password is enough
|
|
username: ""
|
|
password: ""
|
|
|
|
killSwitch: true
|
|
excludedNetworks_IPv4: []
|
|
excludedNetworks_IPv6: []
|
|
|
|
# -- Set the VPN container specific securityContext
|
|
# @default -- See values.yaml
|
|
securityContext: {}
|
|
|
|
# -- All variables specified here will be added to the vpn sidecar container
|
|
# See the documentation of the VPN image for all config values
|
|
env: {}
|
|
# TZ: UTC
|
|
|
|
# -- All variables specified here will be added to the vpn sidecar container
|
|
# See the documentation of the VPN image for all config values
|
|
envList: []
|
|
#- name: someenv
|
|
# value: somevalue
|
|
|
|
# -- Provide a customized vpn configuration file to be used by the VPN.
|
|
configFile:
|
|
enabled: true
|
|
type: hostPath
|
|
# -- Which path on the host should be mounted.
|
|
hostPath: /vpn/vpn.conf
|
|
noMount: true
|
|
# -- Specifying a hostPathType adds a check before trying to mount the path.
|
|
# See Kubernetes documentation for options.
|
|
hostPathType: "File"
|
|
|
|
# -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
|
|
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#code-server)
|
|
# @default -- See values.yaml
|
|
codeserver:
|
|
# -- Enable running a code-server container in the pod
|
|
enabled: false
|
|
|
|
# -- Set any environment variables for code-server here
|
|
env: {}
|
|
# TZ: UTC
|
|
|
|
# -- All variables specified here will be added to the codeserver sidecar container
|
|
# See the documentation of the codeserver image for all config values
|
|
envList: []
|
|
#- name: someenv
|
|
# value: somevalue
|
|
# -- Set codeserver command line arguments.
|
|
# Consider setting --user-data-dir to a persistent location to preserve code-server setting changes
|
|
args:
|
|
- --auth
|
|
- none
|
|
# - --user-data-dir
|
|
# - "/config/.vscode"
|
|
|
|
# -- Specify the working dir that will be opened when code-server starts
|
|
# If not given, the app will default to the mountpah of the first specified volumeMount
|
|
workingDir: "/"
|
|
|
|
# -- Optionally allow access a Git repository by passing in a private SSH key
|
|
# @default -- See below
|
|
git:
|
|
# -- Raw SSH private key
|
|
deployKey: ""
|
|
# -- Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence.
|
|
deployKeyBase64: ""
|
|
# -- Existing secret containing SSH private key
|
|
# The chart expects it to be present under the `id_rsa` key.
|
|
deployKeySecret: ""
|
|
|
|
service:
|
|
# -- Enable a service for the code-server add-on.
|
|
enabled: true
|
|
type: ClusterIP
|
|
# Specify the default port information
|
|
ports:
|
|
codeserver:
|
|
port: 12321
|
|
enabled: true
|
|
protocol: TCP
|
|
targetPort: codeserver
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort: 36107
|
|
|
|
ingress:
|
|
# -- Enable an ingress for the code-server add-on.
|
|
enabled: false
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
labels: {}
|
|
hosts:
|
|
- host: code.chart-example.local
|
|
paths:
|
|
- path: /
|
|
# Ignored if not kubeVersion >= 1.14-0
|
|
pathType: Prefix
|
|
tls: []
|
|
|
|
|
|
# -- The common library supports adding a promtail add-on to to access logs and ship them to loki. It can be configured under this key.
|
|
# @default -- See values.yaml
|
|
promtail:
|
|
# -- Enable running a promtail container in the pod
|
|
enabled: false
|
|
# -- Set any environment variables for promtail here
|
|
env: {}
|
|
# -- All variables specified here will be added to the promtail sidecar container
|
|
# See the documentation of the promtail image for all config values
|
|
envList: []
|
|
#- name: someenv
|
|
# value: somevalue
|
|
# -- Set promtail command line arguments
|
|
args: []
|
|
# -- The URL to Loki
|
|
loki: ""
|
|
# -- The paths to logs on the volume
|
|
logs: []
|
|
# - name: log
|
|
# path: /config/logs/*.log
|
|
|
|
securityContext:
|
|
runAsUser: 0
|
|
|
|
# -- The common library supports adding a netshoot add-on to troubleshoot network issues within a Pod. It can be configured under this key.
|
|
# @default -- See values.yaml
|
|
netshoot:
|
|
# -- Enable running a netshoot container in the pod
|
|
enabled: false
|
|
|
|
# -- Set any environment variables for netshoot here
|
|
env: {}
|
|
# -- All variables specified here will be added to the netshoot sidecar container
|
|
# See the documentation of the netshoot image for all config values
|
|
envList: []
|
|
#- name: someenv
|
|
# value: somevalue
|
|
|
|
##
|
|
# This section contains some-preconfig for frequently used dependencies
|
|
##
|
|
|
|
# -- Postgresql dependency configuration
|
|
# @default -- See below
|
|
postgresql:
|
|
enabled: false
|
|
existingSecret: "dbcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
|
|
# -- Redis dependency configuration
|
|
# @default -- See below
|
|
redis:
|
|
enabled: false
|
|
existingSecret: "rediscreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|
|
|
|
# -- mariadb dependency configuration
|
|
# @default -- See below
|
|
mariadb:
|
|
enabled: false
|
|
existingSecret: "mariadbcreds"
|
|
# -- can be used to make an easy accessable note which URLS to use to access the DB.
|
|
url: {}
|