imterah/kittehcluster
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feature: Adds more operational services.

Browse source
This commit is contained in:
greysoh 2024-11-05 10:47:53 -05:00
parent 9f85ec639d
commit a704e75851
Signed by: imterah
GPG key ID: 8FA7DD57BA6CEA37
47 changed files with 1484 additions and 519 deletions
Download patch file Download diff file Expand all files Collapse all files

366
kubernetes/services/passbolt/passbolt.yml Normal file
View file

@ -0,0 +1,366 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## Dependencies configuration parameters
## Redis dependency parameters
# -- Install redis as a depending chart
redisDependencyEnabled: true
# -- Install mariadb as a depending chart
mariadbDependencyEnabled: true
# -- Install mariadb as a depending chart
postgresqlDependencyEnabled: false
global:
imageRegistry: ""
imagePullSecrets: []
# Configure redis dependency chart
redis:
auth:
# -- Enable redis authentication
enabled: true
# -- Configure redis password
password: "P4ssb0lt"
sentinel:
# -- Enable redis sentinel
enabled: true
## MariaDB dependency parameters
# Configure mariadb as a dependency chart
mariadb:
# -- Configure mariadb architecture
architecture: replication
auth:
# -- Configure mariadb auth root password
rootPassword: root
# -- Configure mariadb auth username
username: passbolt
# -- Configure mariadb auth password
password: P4ssb0lt
# -- Configure mariadb auth database
database: passbolt
# -- Configure mariadb auth replicationPassword
replicationPassword: P4ssb0ltReplica
# -- Configure parameters for the primary instance.
primary:
# -- Configure persistence options.
persistence:
# -- Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir
enabled: true
# -- Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas. When it's set the rest of persistence parameters are ignored.
existingClaim: ""
# -- Subdirectory of the volume to mount at
subPath: ""
# -- Primary persistent volume storage Class
storageClass: "longhorn"
# -- Labels for the PVC
labels: {}
# -- Primary persistent volume claim annotations
annotations: {}
# -- Primary persistent volume access Modes
accessModes:
- ReadWriteOnce
# -- Primary persistent volume size
size: 8Gi
# -- Selector to match an existing Persistent Volume
selector: {}
# -- Configure parameters for the secondary instance.
secondary:
# -- Configure persistence options.
persistence:
# -- Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim`. If false, use emptyDir
enabled: true
# -- Subdirectory of the volume to mount at
subPath: ""
# -- Secondary persistent volume storage Class
storageClass: "longhorn"
# -- Labels for the PVC
labels: {}
# -- Secondary persistent volume claim annotations
annotations: {}
# -- Secondary persistent volume access Modes
accessModes:
- ReadWriteOnce
# -- Secondary persistent volume size
size: 8Gi
# -- Selector to match an existing Persistent Volume
selector: {}
## Passbolt configuration
## Passbolt container and sidecar parameters
app:
# -- Configure pasbolt deployment init container that waits for database
databaseInitContainer:
# -- Toggle pasbolt deployment init container that waits for database
enabled: true
#initImage:
# # -- Configure pasbolt deployment init container image client for database
# client: mariadb
# registry: ""
# # -- Configure pasbolt deployment image repsitory
# repository: mariadb
# # -- Configure pasbolt deployment image pullPolicy
# pullPolicy: IfNotPresent
# # -- Overrides the image tag whose default is the chart appVersion.
# tag: latest
image:
# -- Configure pasbolt deployment image repsitory
registry: ""
repository: passbolt/passbolt
# -- Configure pasbolt deployment image pullPolicy
pullPolicy: IfNotPresent
# Allowed options: mariadb, mysql or postgresql
database:
kind: mariadb
# -- Configure ssl on mariadb/mysql clients
# -- In case this is enabled, you will be responsible for creating and mounting the certificates and
# -- additional configutions on both the client and the server.
# ssl: off
cache:
# Use CACHE_CAKE_DEFAULT_* variables to configure the connection to redis instance
# on the passboltEnv configuration section
redis:
# -- By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php
# That instructs passbolt to store sessions on redis and to use it as a general cache.
enabled: true
sentinelProxy:
# -- Inject a haproxy sidecar container configured as a proxy to redis sentinel
# Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy
enabled: true
# -- Configure redis sentinel proxy image
image:
registry: ""
# -- Configure redis sentinel image repository
repository: haproxy
# -- Configure redis sentinel image tag
tag: "latest"
# -- Configure redis sentinel container resources
resources: {}
# -- Configure the passbolt deployment resources
extraPodLabels: {}
resources: {}
tls:
# -- If autogenerate is true, the chart will generate a secret with a certificate for APP_FULL_BASE_URL hostname
# -- if autogenerate is false, existingSecret should be filled with an existing tls kind secret name
# @ignored
autogenerate: true
#existingSecret: ""
# -- Enable email cron
cronJobEmail:
enabled: true
schedule: "* * * * *"
extraPodLabels: {}
## Passbolt environment parameters
# -- Pro subscription key in base64 only if you are using pro version
# subscriptionKey:
# -- Configure passbolt subscription key path
# subscription_keyPath: /etc/passbolt/subscription_key.txt
# -- Configure passbolt gpg directory
gpgPath: /etc/passbolt/gpg
# -- Gpg server private key in base64
gpgServerKeyPrivate: ""
# -- Gpg server public key in base64
gpgServerKeyPublic: ""
# -- Name of the existing secret for the GPG server keypair. The secret must contain the `serverkey.asc` and `serverkey_private.asc` keys.
gpgExistingSecret: ""
# -- Name of the existing secret for the JWT server keypair. The secret must contain the `jwt.key` and `jwt.pem` keys.
jwtExistingSecret: ""
# -- Configure passbolt jwt directory
jwtPath: /etc/passbolt/jwt
# -- JWT server private key in base64
jwtServerPrivate: ""
# -- JWT server public key in base64
jwtServerPublic: ""
# -- Forces overwrite JWT keys
jwtCreateKeysForced: false
jobCreateJwtKeys:
extraPodLabels: {}
jobCreateGpgKeys:
extraPodLabels: {}
passboltEnv:
plain:
# -- Configure passbolt privacy url
PASSBOLT_LEGAL_PRIVACYPOLICYURL: https://www.passbolt.com/privacy
# -- Configure passbolt to force ssl
PASSBOLT_SSL_FORCE: false
# -- Toggle passbolt public registration
PASSBOLT_REGISTRATION_PUBLIC: false
# -- Configure passbolt cake cache server
CACHE_CAKE_DEFAULT_SERVER: 127.0.0.1
# -- Configure passbolt default email service port
EMAIL_TRANSPORT_DEFAULT_PORT: 587
# -- Toggle passbolt debug mode
DEBUG: false
# -- Toggle passbolt selenium mode
PASSBOLT_SELENIUM_ACTIVE: false
# -- Configure passbolt license path
PASSBOLT_PLUGINS_LICENSE_LICENSE: /etc/passbolt/subscription_key.txt
# -- Configure passbolt jwt private key path
PASSBOLT_JWT_SERVER_KEY: /var/www/passbolt/config/jwt/jwt.key
# -- Configure passbolt jwt public key path
PASSBOLT_JWT_SERVER_PEM: /var/www/passbolt/config/jwt/jwt.pem
# -- Toggle passbolt jwt authentication
PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED: true
# -- Download Command for kubectl
KUBECTL_DOWNLOAD_CMD: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
secret:
# -- Configure passbolt cake cache password
CACHE_CAKE_DEFAULT_PASSWORD: P4ssb0lt
# -- Configure passbolt default database password
DATASOURCES_DEFAULT_PASSWORD: P4ssb0lt
# -- Configure passbolt default database username
DATASOURCES_DEFAULT_USERNAME: passbolt
# -- Configure passbolt default database
DATASOURCES_DEFAULT_DATABASE: passbolt
# -- Configure passbolt server gpg key fingerprint
# PASSBOLT_GPG_SERVER_KEY_FINGERPRINT:
# -- Configure passbolt security salt.
# SECURITY_SALT:
# -- Environment variables to add to the passbolt pods
extraEnv: []
# -- Environment variables from secrets or configmaps to add to the passbolt pods
extraEnvFrom:
[]
# - secretRef:
# name: passbolt-secret
## Passbolt deployment parameters
# -- If autoscaling is disabled this will define the number of pods to run
replicaCount: 2
# Configure autoscaling on passbolt deployment
autoscaling:
# -- Enable autoscaling on passbolt deployment
enabled: false
# -- Configure autoscaling minimum replicas
minReplicas: 1
# -- Configure autoscaling maximum replicas
maxReplicas: 100
# -- Configure autoscaling target CPU uptilization percentage
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# -- Enable role based access control
rbacEnabled: true
# -- Configure passbolt container livenessProbe
livenessProbe:
# @ignore
httpGet:
port: https
scheme: HTTPS
path: /healthcheck/status.json
httpHeaders:
- name: Host
value: passbolt.hofers.cloud
initialDelaySeconds: 20
periodSeconds: 10
# -- Configure passbolt container RadinessProbe
readinessProbe:
# @ignore
httpGet:
port: https
scheme: HTTPS
httpHeaders:
- name: Host
value: passbolt.hofers.cloud
path: /healthcheck/status.json
initialDelaySeconds: 5
periodSeconds: 10
# Configure network policies to allow ingress access passbolt pods
# networkPolicy defines which labels are allowed to reach to passbolt
# and which namespaces
networkPolicy:
# -- Enable network policies to allow ingress access passbolt pods
enabled: false
# -- Configure network policies label for ingress deployment
label: app.kubernetes.io/name
# -- Configure network policies podLabel for podSelector
podLabel: ingress-nginx
# -- Configure network policies namespaceLabel for namespaceSelector
namespaceLabel: ingress-nginx
# -- Configure image pull secrets
imagePullSecrets: []
# -- Value to override the chart name on default
nameOverride: ""
# -- Value to override the whole fullName
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- Map of annotation for passbolt server pod
podAnnotations: {}
# -- Security Context configuration for passbolt server pod
podSecurityContext:
{}
# fsGroup: 2000
service:
# -- Configure passbolt service type
type: ClusterIP
# -- Annotations to add to the service
annotations: {}
# -- Configure the service ports
ports:
# -- Configure the HTTPS port
https:
# -- Configure passbolt HTTPS service port
port: 443
# -- Configure passbolt HTTPS service targetPort
targetPort: 443
# -- Configure passbolt HTTPS service port name
name: https
http:
# -- Configure passbolt HTTP service port
port: 80
# -- Configure passbolt HTTP service targetPort
targetPort: 80
# -- Configure passbolt HTTP service port name
name: http
ingress:
# -- Enable passbolt ingress
enabled: true
# -- Configure passbolt ingress annotations
annotations: {}
# -- Configure passbolt ingress hosts
hosts:
# @ignored
- host: passbolt.hofers.cloud
paths:
- path: /
port: http
pathType: ImplementationSpecific
# -- Configure passbolt deployment nodeSelector
nodeSelector: {}
# -- Configure passbolt deployment tolerations
tolerations: []
# -- Configure passbolt deployment affinity
affinity: {}
# -- Add additional volumes, e.g. for overwriting config files
extraVolumes: []
# -- Add additional volume mounts, e.g. for overwriting config files
extraVolumeMounts: []