Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / f9f0beec8492e05a459bd7080ad095b4cf9292bc / . / charts / penpot / values.yaml
blob: 78dba0f99d3818feb524846ef20f73f68303dc90 [file] [log] [blame]
## Default values for Penpot
## @section Global parameters
## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
## @param global.imagePullSecrets Global Docker registry secret names as an array.
##
global:
postgresqlEnabled: false
redisEnabled: false
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
## @section Common parameters
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created.
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
##
serviceAccount:
enabled: true
annotations: {}
name: ""
## @section Backend parameters
## Penpot Backend
##
backend:
## @param backend.image.repository The Docker repository to pull the image from.
## @param backend.image.tag The image tag to use.
## @param backend.image.imagePullPolicy The image pull policy to use.
##
image:
repository: penpotapp/backend
tag: 1.16.0-beta
imagePullPolicy: IfNotPresent
## @param backend.replicaCount The number of replicas to deploy.
##
replicaCount: 1
## @param backend.service.type The service type to create.
## @param backend.service.port The service port to use.
##
service:
type: ClusterIP
port: 6060
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context
## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context
## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
## @param backend.affinity Affinity for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param backend.nodeSelector Node labels for Penpot pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param backend.tolerations Tolerations for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Penpot backend resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param backend.resources.limits The resources limits for the Penpot backend containers
## @param backend.resources.requests The requested resources for the Penpot backend containers
##
resources:
limits: {}
requests: {}
## @section Frontend parameters
## Penpot Frontend
##
frontend:
## @param frontend.image.repository The Docker repository to pull the image from.
## @param frontend.image.tag The image tag to use.
## @param frontend.image.imagePullPolicy The image pull policy to use.
##
image:
repository: penpotapp/frontend
tag: 1.16.0-beta
imagePullPolicy: IfNotPresent
## @param frontend.replicaCount The number of replicas to deploy.
##
replicaCount: 1
## @param frontend.service.type The service type to create.
## @param frontend.service.port The service port to use.
##
service:
type: ClusterIP
port: 80
## @param frontend.ingress.enabled Enable ingress record generation for Penpot frontend.
## @param frontend.ingress.annotations Mapped annotations for the frontend ingress.
## @param frontend.ingress.hosts Array style hosts for the frontend ingress.
## @param frontend.ingress.tls Array style TLS secrets for the frontend ingress.
##
ingress:
enabled: false
className: "" # TODO(giolekva): contribute
## E.g.
## annotations:
## kubernetes.io/ingress.class: nginx
## kubernetes.io/tls-acme: "true"
##
annotations:
{}
## E.g.
## hosts:
## - host: penpot-example.local
hosts: []
## E.g.
## - secretName: chart-example-tls
## hosts:
## - chart-example.local
tls: []
## @param frontend.affinity Affinity for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param frontend.nodeSelector Node labels for Penpot pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param frontend.tolerations Tolerations for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Penpot frontend resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param frontend.resources.limits The resources limits for the Penpot frontend containers
## @param frontend.resources.requests The requested resources for the Penpot frontend containers
##
resources:
limits: {}
requests: {}
## @section Exporter parameters
## Penpot Exporter
##
exporter:
## @param exporter.image.repository The Docker repository to pull the image from.
## @param exporter.image.tag The image tag to use.
## @param exporter.image.imagePullPolicy The image pull policy to use.
##
image:
repository: penpotapp/exporter
tag: 1.16.0-beta
imagePullPolicy: IfNotPresent
## @param exporter.replicaCount The number of replicas to deploy.
##
replicaCount: 1
## @param exporter.service.type The service type to create.
## @param exporter.service.port The service port to use.
##
service:
type: ClusterIP
port: 6061
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context
## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context
## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
## @param exporter.affinity Affinity for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param exporter.nodeSelector Node labels for Penpot pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param exporter.tolerations Tolerations for Penpot pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Penpot exporter resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## @param exporter.resources.limits The resources limits for the Penpot exporter containers
## @param exporter.resources.requests The requested resources for the Penpot exporter containers
##
resources:
limits: {}
requests: {}
## @section Persistence parameters
## Penpot persistence
##
persistence:
## @param persistence.enabled Enable persistence using Persistent Volume Claims.
##
enabled: false
## @param persistence.storageClass Persistent Volume storage class.
## If defined, storageClassName: <storageClass>.
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
##
storageClass: ""
## @param persistence.size Persistent Volume size.
##
size: 8Gi
## @param persistence.existingClaim The name of an existing PVC to use for persistence.
##
existingClaim: ""
## @param persistence.accessModes Persistent Volume access modes.
##
accessModes:
- ReadWriteOnce
## @param persistence.annotations Persistent Volume Claim annotations.
##
annotations: {}
## @section Configuration parameters
## Penpot configuration
##
config:
## @param config.publicURI The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `openssl rand -hex 16` for example.
##
publicURI: "http://localhost:8080"
flags: "enable-registration enable-login disable-demo-users disable-demo-warning"
apiSecretKey: "b46a12cb4bedc6b9df8cb3f18c708b65"
## @param config.postgresql.host The PostgreSQL host to connect to.
## @param config.postgresql.port The PostgreSQL host port to use.
## @param config.postgresql.database The PostgreSQL database to use.
## @param config.postgresql.username The database username to use.
## @param config.postgresql.password The database username to use.
## @param config.postgresql.existingSecret The name of an existing secret.
## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret.
## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret.
##
postgresql:
host: "postgresql.penpot.svc.cluster.local"
port: 5432
username: ""
password: ""
database: ""
existingSecret: ""
secretKeys:
usernameKey: ""
passwordKey: ""
## @param config.redis.host The Redis host to connect to.
## @param config.redis.port The Redis host port to use.
## @param config.redis.database The Redis database to connect to.
##
redis:
host: "redis-headless.penpot.svc.cluster.local"
port: 6379
database: "0"
## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend.
## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend.
## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend.
## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend.
## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend.
## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend.
## @param config.assets.s3.existingSecret The name of an existing secret.
## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret.
## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret.
## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret.
##
assets:
storageBackend: "assets-fs"
filesystem:
directory: "/opt/data/assets"
s3:
accessKeyID: ""
secretAccessKey: ""
region: ""
bucket: ""
endpointURI: ""
existingSecret: ""
secretKeys:
accessKeyIDKey: ""
secretAccessKey: ""
endpointURIKey: ""
## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data.
##
telemetryEnabled: true
## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
## @param config.smtp.defaultFrom The SMTP default email to send from.
## @param config.smtp.defaultReplyTo The SMTP default email to reply to.
## @param config.smtp.host The SMTP host to use.
## @param config.smtp.port The SMTP host port to use.
## @param config.smtp.username The SMTP username to use.
## @param config.smtp.password The SMTP password to use.
## @param config.smtp.tls Whether to use TLS for the SMTP connection.
## @param config.smtp.ssl Whether to use SSL for the SMTP connection.
## @param config.smtp.existingSecret The name of an existing secret.
## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret.
## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret.
##
smtp:
enabled: false
defaultFrom: ""
defaultReplyTo: ""
host: ""
port: ""
username: ""
password: ""
tls: true
ssl: false
existingSecret: ""
secretKeys:
usernameKey: ""
passwordKey: ""
## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains.
##
registrationDomainWhitelist: ""
## Penpot Authentication providers parameters
##
providers:
## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
##
google:
enabled: false
clientID: ""
clientSecret: ""
## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
## @param config.providers.github.clientID The GitHub client ID to use.
## @param config.providers.github.clientSecret The GitHub client secret to use.
##
github:
enabled: false
clientID: ""
clientSecret: ""
## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
## @param config.providers.gitlab.baseURI The GitLab base URI to use.
## @param config.providers.gitlab.clientID The GitLab client ID to use.
## @param config.providers.gitlab.clientSecret The GitLab client secret to use.
##
gitlab:
enabled: false
baseURI: "https://gitlab.com"
clientID: ""
clientSecret: ""
## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
## @param config.providers.oidc.baseURI The OpenID Connect base URI to use.
## @param config.providers.oidc.clientID The OpenID Connect client ID to use.
## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use.
## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided.
## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided.
## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided.
## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled.
## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
##
oidc:
enabled: false
baseURI: ""
clientID: ""
clientSecret: ""
authURI: ""
tokenURI: ""
userURI: ""
roles: "role1 role2"
rolesAttribute: ""
scopes: "scope1 scope2"
nameAttribute: ""
emailAttribute: ""
## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
## @param config.providers.ldap.host The LDAP host to use.
## @param config.providers.ldap.port The LDAP port to use.
## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection.
## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection.
## @param config.providers.ldap.baseDN The LDAP base DN to use.
## @param config.providers.ldap.bindDN The LDAP bind DN to use.
## @param config.providers.ldap.bindPassword The LDAP bind password to use.
## @param config.providers.ldap.attributesUsername The LDAP attributes username to use.
## @param config.providers.ldap.attributesEmail The LDAP attributes email to use.
## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use.
## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use.
##
ldap:
enabled: false
host: "ldap"
port: 10389
ssl: false
startTLS: false
baseDN: "ou=people,dc=planetexpress,dc=com"
bindDN: "cn=admin,dc=planetexpress,dc=com"
bindPassword: "GoodNewsEveryone"
attributesUsername: "uid"
attributesEmail: "mail"
attributesFullname: "cn"
attributesPhoto: "jpegPhoto"
## @param config.providers.existingSecret The name of an existing secret to use.
## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret.
## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret.
## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret.
## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret.
## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret.
## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret.
## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret.
## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret.
##
existingSecret: ""
secretKeys:
googleClientIDKey: ""
googleClientSecretKey: ""
githubClientIDKey: ""
githubClientSecretKey: ""
gitlabClientIDKey: ""
gitlabClientSecretKey: ""
oidcClientIDKey: ""
oidcClientSecretKey: ""
## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
## @param postgresql.auth.username Name for a custom user to create.
## @param postgresql.auth.password Password for the custom user to create.
## @param postgresql.auth.database Name for a custom database to create.
##
postgresql:
auth:
username: example
password: secretpassword
database: penpot
## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
## @param redis.auth.enabled Whether to enable password authentication.
##
redis:
auth:
enabled: false