charts/zot/values.yaml

# Default values for zot.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
  repository: ghcr.io/project-zot/zot-linux-amd64
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: "v2.0.3"
serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
service:
  type: NodePort
  port: 5000
  nodePort: null  # Set to a specific port if type is NodePort
  # Annotations to add to the service
  annotations: {}
  # Set to a static IP if a static IP is desired, only works when
  # type: ClusterIP
  clusterIP: null
# Enabling this will publicly expose your zot server
# Only enable this if you have security enabled on your cluster
ingress:
  enabled: false
  annotations: {}
  # kubernetes.io/ingress.class: nginx
  # kubernetes.io/tls-acme: "true"
  # If using nginx, disable body limits and increase read and write timeouts
  # nginx.ingress.kubernetes.io/proxy-body-size: "0"
  # nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
  # nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
  className: "nginx"
  pathtype: ImplementationSpecific
  hosts:
    - host: chart-example.local
      paths:
        - path: /
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
# By default, Kubernetes HTTP probes use HTTP 'scheme'. So if TLS is enabled
# in configuration, to prevent failures, the scheme must be set to 'HTTPS'.
httpGet:
  scheme: HTTP
# By default, Kubernetes considers a Pod healthy if the liveness probe returns
# successfully. However, sometimes applications need additional startup time on
# their first initialization. By defining a startupProbe, we can allow the
# application to take extra time for initialization without compromising fast
# response to deadlocks.
startupProbe:
  initialDelaySeconds: 5
  periodSeconds: 10
  failureThreshold: 3
# If mountConfig is true the configMap named $CHART_RELEASE-config is mounted
# on the pod's '/etc/zot' directory
mountConfig: false
# If mountConfig is true the chart creates the '$CHART_RELEASE-config', if it
# does not exist the user is in charge of managing it (as this file includes a
# sample file you have to add it empty to handle it externally) ... note that
# the service does not reload the configFiles once mounted, so you need to
# delete the pods to create new ones to use the new values.
configFiles:
  config.json: |-
    {
      "storage": { "rootDirectory": "/var/lib/registry" },
      "http": { "address": "0.0.0.0", "port": "5000" },
      "log": { "level": "debug" }
    }
# Alternatively, the configuration can include authentication and acessControl
# data and we can use mountSecret option for the passwords.
#
#  config.json: |-
#    {
#      "storage": { "rootDirectory": "/var/lib/registry" },
#      "http": {
#        "address": "0.0.0.0",
#        "port": "5000",
#        "auth": { "htpasswd": { "path": "/secret/htpasswd" } },
#        "accessControl": {
#          "repositories": {
#            "**": {
#              "policies": [{
#                "users": ["user"],
#                "actions": ["read"]
#              }],
#              "defaultPolicy": []
#            }
#          },
#          "adminPolicy": {
#            "users": ["admin"],
#            "actions": ["read", "create", "update", "delete"]
#          }
#        }
#      },
#      "log": { "level": "debug" }
#    }

# externalSecrets allows to mount external (meaning not managed by this chart)
# Kubernetes secrets within the Zot container.
# The secret is identified by its name (property "secretName") and should be
# present in the same namespace. The property "mountPath" specifies the path
# within the container filesystem where the secret is mounted.
#
# Below is an example:
#
#  externalSecrets:
#  - secretName: "secret1"
#    mountPath: "/secrets/s1"
#  - secretName: "secret2"
#    mountPath: "/secrets/s2"
externalSecrets: []
# If mountSecret is true, the Secret named $CHART_RELEASE-secret is mounted on
# the pod's '/secret' directory (it is used to keep files with passwords, like
# a `htpasswd` file)
mountSecret: false
# If secretFiles does not exist the user is in charge of managing it, again, if
# you want to manage it the value has to be added empty to avoid using this one
secretFiles:
  # Example htpasswd with 'admin:admin' & 'user:user' user:pass pairs
  htpasswd: |-
    admin:$2y$05$vmiurPmJvHylk78HHFWuruFFVePlit9rZWGA/FbZfTEmNRneGJtha
    user:$2y$05$L86zqQDfH5y445dcMlwu6uHv.oXFgT6AiJCwpv3ehr7idc0rI3S2G
# Authentication string for Kubernetes probes, which is needed when `htpasswd`
# authentication is enabled, but the anonymous access policy is not.
# It contains a `user:password` string encoded in base64. The example value is
# from running `echo -n "foo:var" | base64`
# authHeader: "Zm9vOmJhcg=="

# If persistence is 'true' the service uses a persistentVolumeClaim to mount a
# volume for zot on '/var/lib/registry'; by default the pvc used is named
# '$CHART_RELEASE-pvc', but the name can be changed below
persistence: false
# PVC data, only used if persistence is 'true'
pvc:
  # Make the chart create the PVC, this option is used with storageClasses that
  # can create volumes dynamically, if that is not the case is better to do it
  # manually and set create to false
  create: false
  # Name of the PVC to use or create if persistence is enabled, if not set the
  # value '$CHART_RELEASE-pvc' is used
  name: null
  # Volume access mode, if using more than one replica we need
  accessMode: "ReadWriteOnce"
  # Size of the volume requested
  storage: 8Gi
  # Name of the storage class to use if it is different than the default one
  storageClassName: null
# List of environment variables to set on the container
env:
# - name: "TEST"
#  value: "ME"
# - name: SECRET_NAME
#  valueFrom:
#    secretKeyRef:
#      name: mysecret
#      key: username

# Extra Volume Mounts
extraVolumeMounts: []
# - name: data
#   mountPath: /var/lib/registry

# Extra Volumes
extraVolumes: []
# - name: data
#   emptyDir: {}

# Deployment strategy type
strategy:
  type: RollingUpdate
#  rollingUpdate:
#    maxUnavailable: 25%

podAnnotations: {}