-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
391 lines (363 loc) · 13.8 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname template with a string
##
fullnameOverride: ""
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param extraDeploy A list of extra kubernetes resources to be deployed
##
extraDeploy: []
## @param clusterDomain Kubernetes cluster domain name
##
clusterDomain: cluster.local
## @section OpenFGA parameters
## OpenFGA image version
## ref: https://hub.docker.com/r/openfga/openfga/tags/
## @param image.registry OpenFGA image registry
## @param image.repository OpenFGA image repository
## @param image.tag OpenFGA image tag (immutable tags are recommended)
## @param image.digest OpenFGA image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy OpenFGA image pull policy
## @param image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: openfga/openfga
tag: v0.3.7
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param containerPorts.http Port to expose at container level
## @param containerPorts.grpc Port to expose at container level
##
containerPorts:
http: 8080
grpc: 8081
## @param playground.enabled Enable OpenFGA UI for playground
## @param playground.port Port to expose at container level
##
playground:
enabled: false
port: 3000
## Service configuration
##
service:
## @param service.http.enabled Enable http port on service
##
http:
enabled: true
## @param service.grpc.enabled Enable grpc port on service
##
grpc:
enabled: true
## @param service.playground.enabled Enable playground port on service
##
playground:
enabled: false
## @param service.ports.http HTTP service port
## @param service.ports.grpc gRPC service port
## @param service.ports.playground Playground service port
##
ports:
http: 8080
grpc: 8081
playground: 8082
## @param service.type Kubernetes Service type
##
type: ClusterIP
## @param service.nodePorts.http Specify the nodePort value for the LoadBalancer and NodePort service types
## @param service.nodePorts.grpc Specify the nodePort value for the LoadBalancer and NodePort service types
## @param service.nodePorts.playground Specify the nodePort value for the LoadBalancer and NodePort service types
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePorts:
http: ""
grpc: ""
playground: 8082
## @param service.clusterIP %%MAIN_CONTAINER_NAME%% service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.loadBalancerIP loadBalancerIP if Kibana service type is `LoadBalancer`
## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges %%MAIN_CONTAINER_NAME%% service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.externalTrafficPolicy Enable client source IP preservation
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.annotations Annotations for Kibana service (evaluated as a template)
## This can be used to set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## @param service.labels Extra labels for Kibana service
##
labels: {}
## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## @section Storage parameters
## @param persistencyMode Define the datastore used (default: postgres), can be "memory"
##
persistencyMode: postgres
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
##
postgresql:
enabled: true
auth:
username: openfga
password: openfga
database: openfga
architecture: standalone
## External PostgreSQL configuration
## @param externalDatabase.host Database host
## @param externalDatabase.port Database port number
## @param externalDatabase.user Non-root username
## @param externalDatabase.password Password for the non-root user
## @param externalDatabase.database Database name
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database uri
## @param externalDatabase.existingSecretKey Name of an existing secret key containing the database uri
##
externalDatabase:
host: ""
port: 5432
user: postgres
database: postgres
password: ""
existingSecret: ""
existingSecretKey: ""
# Migration job configuration when using postgresql
migrateJob:
## OpenFGA image version
## ref: https://hub.docker.com/r/openfga/openfga/tags/
## @param migrateJob.image.registry OpenFGA image registry
## @param migrateJob.image.repository OpenFGA image repository
## @param migrateJob.image.tag OpenFGA image tag (immutable tags are recommended)
## @param migrateJob.image.digest OpenFGA image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param migrateJob.image.pullPolicy OpenFGA image pull policy
##
image:
registry: docker.io
repository: openfga/openfga
tag: v0.3.7
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## @param migrateJob.annotations Annotations for migration job
##
annotations: {}
## @param migrateJob.podAnnotations Annotations for pod created by migration job
##
podAnnotations: {}
## @param migrateJob.podTolerations Tolerations for job pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
podTolerations: []
## @param migrateJob.initContainers Add additional init containers to migration job
##
initContainers: []
## @param migrateJob.command Change the command executed at run of migration job container
##
command: []
## @param migrateJob.args Change arguments executed at run of migration job container
##
args: []
## @param migrateJob.backoffLimit Number of backoff before migration job is considered as failed
##
backoffLimit: 1
## @param migrateJob.ttlSecondsAfterFinished Time in seconds for time to live of the job
##
ttlSecondsAfterFinished: 60
## Migration pod resources limits
## @param migrateJob.resources.limits Resources limits for migration pod
## @param migrateJob.resources.requests Resources requested for migration pod
##
resources:
limits: {}
requests: {}
## @section Deployment parameters
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext Enabled pod Security Context
##
podSecurityContext: {}
# fsGroup: 2000
## @param readinessProbe.enabled Enable readinessProbe on OpenFGA containers
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## @param extraEnvVars Extra environment variables to be set on OpenFGA container
## Example:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars
##
extraEnvVarsSecret: ""
## @section OpenFGA Logging parameters
## OpenFGA logging configuration
## @param logging.format Alternates between the default log output format or json format
##
logging:
format: default
## @section Security parameters
## Specifies whether a ServiceAccount should be created
##
serviceAccount:
## @param serviceAccount.create Enable the creation of a ServiceAccount for OpenFGA pods
##
create: true
## @param serviceAccount.name Name of the created ServiceAccount
## If not set and create is true, a name is generated using the fullname template
##
name: ""
## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod
##
automountServiceAccountToken: true
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## OpenFGA Autoscaling configuration
## @param autoscaling.enabled Enable autoscaling
## @param autoscaling.minReplicas Minimum number of OpenFGA replicas
## @param autoscaling.maxReplicas Maximum number of OpenFGA replicas
## @param autoscaling.targetCPUUtilizationPercentage Target CPU utilization percentage
## @param autoscaling.targetMemoryUtilizationPercentage Target Memory utilization percentage
##
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: ""
targetMemoryUtilizationPercentage: ""
## @param nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Allowed values: soft, hard
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []