4698075aa0
* chore(helm): Better configurability. Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * chore(init): Adding sleep 10 for resources to be up Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * fix(helm): Updated env vars Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * chore(helm): Derive namespace from minio endpoint Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * feat(helm): Update namespace for chalice env vars Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * chore(init): random secret for assist jwt secret Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * chore(backend): Removing unnecessary files Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
106 lines
3 KiB
YAML
106 lines
3 KiB
YAML
# Default values for openreplay.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
replicaCount: 1
|
|
|
|
image:
|
|
repository: nginx
|
|
pullPolicy: IfNotPresent
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
tag: ""
|
|
|
|
imagePullSecrets: []
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
podAnnotations: {}
|
|
|
|
securityContext:
|
|
runAsUser: 1001
|
|
runAsGroup: 1001
|
|
podSecurityContext:
|
|
runAsUser: 1001
|
|
runAsGroup: 1001
|
|
fsGroup: 1001
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
# podSecurityContext: {}
|
|
# fsGroup: 2000
|
|
|
|
# securityContext: {}
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
# readOnlyRootFilesystem: true
|
|
# runAsNonRoot: true
|
|
# runAsUser: 1000
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 100
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
ingress-nginx:
|
|
enabled: true
|
|
controller:
|
|
name: controller
|
|
image:
|
|
registry: k8s.gcr.io
|
|
image: ingress-nginx/controller
|
|
## for backwards compatibility consider setting the full image url via the repository value below
|
|
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
|
|
## repository:
|
|
tag: "v1.3.0"
|
|
digest: ""
|
|
|
|
# For enterpriseEdition Only
|
|
vault: &vault
|
|
vaultHost: databases-vault.db.svc.cluster.local:8200
|
|
annotations:
|
|
vault.hashicorp.com/agent-cache-enable: "true"
|
|
vault.hashicorp.com/agent-inject: "true"
|
|
vault.hashicorp.com/agent-inject-token: "true"
|
|
vault.hashicorp.com/template-static-secret-render-interval: 2m
|
|
# vault.hashicorp.com/log-level: debug
|
|
vault.hashicorp.com/agent-run-as-same-user: "true"
|
|
vault.hashicorp.com/agent-inject-command-processor.properties: |
|
|
pkill -TERM openreplay
|
|
vault.hashicorp.com/role: pgaccess
|
|
vault.hashicorp.com/agent-inject-secret-processor.properties: database/creds/db-app
|
|
vault.hashicorp.com/agent-inject-template-processor.properties: |
|
|
{{- with secret "database/creds/db-app" -}}
|
|
POSTGRES_STRING=postgres://{{.Data.username}}:{{.Data.password}}@postgresql.db.svc.cluster.local:5432/postgres
|
|
{{- end -}}
|
|
|
|
global:
|
|
vault: *vault
|
|
clusterDomain: "svc.cluster.local"
|