Bridgeman-Accessible/services.bridgemanaccessible.ca-helm
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Major change that brought the chart in line with others. Mainly by more heavily relyng on subcharts and *.tpl files for code modularity and reusability (and consistency)
All checks were successful
Deploy the Helm Chart / build (push) Successful in 15s
Details

Browse source
This commit is contained in:
Alan Bridgeman 2025-12-24 19:07:22 -06:00
parent 84a322eb28
commit 563a76b84e
34 changed files with 621 additions and 1103 deletions
Download patch file Download diff file Expand all files Collapse all files

271
values.yaml
View file

@ -1,27 +1,40 @@
# The number of instances (replicas) of the app to run
replicaCount: 1
# Configuration for the Services Dashboard itself
app:
# The number of instances (replicas) of the app to run
replicaCount: 1
image:
# The repository of the image to use for the app
# Should be in the format `<Image Repository (Ex. containers.example.com)>/<Image Name (Ex. app)>`
repository: "<Image Repository>/<Image Name>"
# The specific image tag to use. It's recommended to use some kind of versioning tag scheme as it makes updating the container without having to fully redeploy easier.
# Ex. v1.0.0
tag: "v1.0.0"
# How often the image should be pulled. The possible values are "Always", "Never", and "IfNotPresent"
# It's recommended for production to use "IfNotPresent" to avoid pulling the image every time the pod starts
# Though, for development, "Always" is recommended to ensure the latest changes are being tested
pullPolicy: "IfNotPresent"
# Configurations around the image that is used for the Services Dashboard
image:
# The repository of the image to use for the app
# Should be in the format `<Image Repository (Ex. containers.example.com)>/<Image Name (Ex. app)>`
repository: "<Image Repository>/<Image Name>"
container:
# The port that the container listens on (Ex. 8080)
port: 8080
# The specific image tag to use. It's recommended to use some kind of versioning tag scheme as it makes updating the container without having to fully redeploy easier.
# Ex. v1.0.0
tag: "v1.0.0"
# How often the image should be pulled. The possible values are "Always", "Never", and "IfNotPresent"
# It's recommended for production to use "IfNotPresent" to avoid pulling the image every time the pod starts
# Though, for development, "Always" is recommended to ensure the latest changes are being tested
pullPolicy: "IfNotPresent"
container:
# The port that the container listens on (Ex. 8080)
port: 8080
# The environment that the container is running in (Ex. development, production, etc...)
# This is used for the NODE_ENV environment variable
env: "production"
# The environment that the container is running in (Ex. development, production, etc...)
# This is used for the NODE_ENV environment variable
env: "production"
resources:
requests:
cpu: 200m
memory: 512Mi
ephemeralStorage: 50Mi
limits:
cpu: 1000m
memory: 512Mi
ephemeralStorage: 1Gi
# The timestamp of the backup that the entrypoint script should wait for a restore to complete
restoreFromBackup: ""
@ -50,17 +63,15 @@ oauth:
devPort: "<Dev Port>"
# Configuration for the relational database
# See the [Database Deployment Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/db-deploy-helm) for more information
database:
# If a relational database should be used
enabled: true
# This override tells the helper: "Ignore the alias (Chart Name - `database`), use this string for K8s resources instead"
nameOverride: "db"
# The type of the relational database that is used.
#
# The following table lists the possible values for this field:
#
# | Value | Description |
# | ---------- | ------------------------------------------ |
# | `postgres` | Uses PostgreSQL as the relational database |
#
# Note, for use of `postgres`, it uses a [`postgres-controller` CRD](https://github.com/AlanBridgeman/postgres-controller) to create the database
#
type: "postgres"
# If set to `true`, the database will be created as part of the deployment
@ -78,36 +89,68 @@ database:
# The password that is used to access the database
password: "<DB Password>"
# The port that the database listens on
#port: 5432
# Allows for distinguishing between multiple database instances/servers
#instance_id: ""
# Configurations for the secrets vault
# See the [Customized Hashicorp Vault Implementation - Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/custom-hashicorp-vault-helm) for more information
vault:
# If a secrets vault should be used
# That is, if a dedicated software for secret management should be used
# This should virtually always be true if storing any kind of sensitive information as it's the most secure option
enabled: true
# The type of secrets vault to use.
# The type of secrets vault (or storage if `enabled` is `false`) to use.
#
# Vaults
# ------
# The following table lists the supported vault types:
#
# | Type | Description | Current Status | Required Fields |
# | ----------- | -------------------- | -------------- | --------------------------------------------------- |
# | `hashicorp` | Uses Hashicorp Vault | Implemented | `vaultName` (if `create` not true) |
# | `azure` | Uses Azure Key Vault | Implemented | `vaultName`, `clientId`, `clientSecret`, `tenantId` |
# | Type | Description |
# | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
# | `hashicorp` | [Customized Hashicorp Vault Implementation - Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/custom-hashicorp-vault-helm) |
# | `azure` | Uses Azure Key Vault (Required fields: `vaultName`, `clientId`, `clientSecret`, `tenantId`) |
#
# Storage
# -------
# The following table lists the supported storage types.
# These are methods OUTSIDE of a dedicated "vault" software.
# These are generally **discouraged** as they are less secure.
#
# | Type | Description | Current Status | Required Fields |
# | ----------- | ------------------------------- | -------------- | ---------------- |
# | `file` | Uses a file | To-Do | `path` |
# | `mem` | Uses in-memory (no persistance) | To-Do | N/A |
#
type: "<Vault Type>"
# The name of the vault instance to connect to
#
# This is relevant if type is set to `hashicorp` or `azure`
# Note, if `create` is true this is ignored
#
# For `hashicorp`, see subchart's `values.yaml` for details
# For `azure`, this is the name of the Azure Key Vault instance to connect to
#vaultName: "<Vault Name>"
# The client ID of the Azure Key Vault instance
#
# ONLY RELEVANT IF `type` IS SET TO `azure`
#client-id: <Azure Key Vault Client ID>
# The client secret of the Azure Key Vault instance
#
# ONLY RELEVANT IF `type` IS SET TO `azure`
#client-secret: <Azure Key Vault Client Secret>
# The tenant ID of the Azure Key Vault instance
#
# ONLY RELEVANT IF `type` IS SET TO `azure`
#tenant-id: <Azure Key Vault Tenant ID>
# Configurations to create a Hashicorp Vault instance as part of the Helm chart
#
# THIS IS ONLY RELEVANT IF `type` IS SET TO `hashicorp`
#
# See subchart's `values.yaml` for more information
create:
# If a Hashicorp Vault instance should be created as part of the Helm chart
enabled: <true/false>
@ -141,88 +184,35 @@ vault:
# The internal port that the snapshot server listens on
internalPort: 8300
# Configurations for the storage of the created Hashicorp Vault instance
storage:
# The storage class to use for the created Hashicorp Vault instance's Persistent Volume Claim
storageClass: <Storage Class>
# The size of the created Hashicorp Vault instance's Persistent Volume Claim
size: <Storage Size>
appRole:
# The name of the environment variable/secret that contains the Role ID for the AppRole used by the app
roleIDSecretName: VAULT_ROLE_ID
# The name of the environment variable/secret that contains the Secret ID for the AppRole used by the app
secretIDSecretName: VAULT_SECRET_ID
# The capabilities of the policy to create for the app
policyCapabilities:
- read
- create
- update
# The name of the vault instance to connect to
#
# This is relevant if type is set to `hashicorp` or `azure`
# Note, if `create` is true this is ignored
#
# For `hashicorp`, this is generally the hostname of the Hashicorp Vault instance to connect to
# For `azure`, this is the name of the Azure Key Vault instance to connect to
#vaultName: "<Vault Name>"
# The port of the vault instance to connect to
#
# ONLY RELEVANT iF `type` IS SET TO `hashicorp` AND `create` IS NOT TRUE
#vaultPort: <Vault Port>
# The client ID of the Azure Key Vault instance
#
# ONLY RELEVANT IF `type` IS SET TO `azure`
#client-id: <Azure Key Vault Client ID>
# The client secret of the Azure Key Vault instance
#
# ONLY RELEVANT IF `type` IS SET TO `azure`
#client-secret: <Azure Key Vault Client Secret>
# The tenant ID of the Azure Key Vault instance
#
# ONLY RELEVANT IF `type` IS SET TO `azure`
#tenant-id: <Azure Key Vault Tenant ID>
# Configuration the NoSQL database
# Within the parlance of the system these are often called "properties" databases (and store less structured data)
# See the [NoSQL Deployment Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/nosql-deploy-helm) for more information
nosql:
# Determines the type of NoSQL storage that is used
#
# The following table lists the possible values for this field:
#
# | Value | Description |
# | --------- | ------------------------------------------------------------------------------------------ |
# | `mongodb` | Uses MongoDB as the NoSQL database for the default account properties database |
# | `azure` | Uses Azure Table Storage as the NoSQL database for the default account properties database |
#
# If a NoSQL database should be used
enabled: true
# Determines the type of NoSQL storage that is used
type: <NoSQL Storage Type>
# If to create a resource as part of the deployment process
# ONLY relevant if `type` is set to `mongodb`
# This uses the [MongoDBCommunity CRD](https://github.com/mongodb/mongodb-kubernetes-operator) to create the resource
create: false
# The number of replicas/members as part of the Mongo deployment
# See the `member` parameter of the [MongoDBCommunity CRD](https://github.com/mongodb/mongodb-kubernetes-operator) for more information
# ONLY relevant if `type` is set to `mongodb` and `create` is set to `true`
#replicaCount: <Number of replicas>
# The TLS configuration for the connection to the NoSQL database
# ONLY relevant if `type` is set to `mongodb` and `create` is set to `true`
tls:
# If to use TLS for the connection to the NoSQL database
create:
# If to create a resource as part of the deployment process
enabled: <true/false>
# The connection string used to access the NoSQL database
# ONLY relevant if `type` is set to `mongodb` and `create` is set to `false`
# Should be in the following format: `mongodb://<hostname>:<port>`
#connectionString: "mongodb://mongo.example.com:27017"
# The key used to access the NoSQL database
# ONLY relevant if `type` is set to `azure`
#key: ""
# The name of the NoSQL database
name: "<NoSQL DB Name>"
@ -240,40 +230,28 @@ nosql:
grouping:
<Table Intermediate Name>: "<NoSQL Table Name>"
# Configuration for cache server
# Configuration for Redis cache
# See the [Cache Deployment Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/cache-deploy-helm) for more information
cache:
# If a cache (Redis) should be used
enabled: true
# This override tells the helper: "Ignore the alias (Chart Name - `cache`), use this string for K8s resources instead"
nameOverride: "redis"
type: "redis"
# If to create a Redis instance/resource as part of the deployment process
create: false
# The image to use for the Redis instance
# ONLY relevant if `create` is set to `true`
image: {}
# The number of replicas of the Redis instance
# ONLY relevant if `create` is set to `true`
#replicaCount: <Number of replicas (Ex. 1)>
# Hostname of the Redis server
# ONLY relevant if `create` is set to `false`
#hostName: "<Redis Host Name>"
# Configurations if creating Redis resources as part of the deployment
create:
# If to create a Redis instance/resource as part of the deployment process
enabled: true
redisData:
size: 2Gi
# The password to use for the Redis server
password: "<Redis Password>"
# The port of the Redis server
port: "<Redis Port>"
# Redis TLS Configurations
tls:
# If TLS is enabled for the Redis instance
enabled: false
# The port of the Redis instance for TLS
# ONLY relevant if `tls.enabled` is set to `true`
#port: "<TLS Port (Ex. 6380)>"
# Configurations for communication services/relays
comms:
# Configurations for Email
@ -362,6 +340,9 @@ loggingSidecar:
# If the logging sidecar should be used (enabled)
enabled: true
# This override tells the helper: "Ignore the alias (Chart Name - `loggingSidecar`), use this string for K8s resources instead"
nameOverride: "logging-sidecar"
# The image used for the logging sidecar
image:
repository: "<repository>/<Logging Sidecar Image Name>"
@ -378,6 +359,16 @@ loggingSidecar:
auth:
username: "<Log Aggregator (OpenObserve) Username>"
password: "<Log Aggregator (OpenObserve) Password>"
resources:
requests:
cpu: 20m
memory: 128Mi
ephemeralStorage: 50Mi
limits:
cpu: 200m
memory: 256Mi
ephemeralStorage: 200Mi
# Configuration for the backup sidecar
backupSidecar:
@ -394,4 +385,14 @@ backupSidecar:
name: backup-sidecar
# The port that the backup sidecar listens on
port: 3001
port: 3001
resources:
requests:
cpu: 20m
memory: 128Mi
ephemeralStorage: 50Mi
limits:
cpu: 500m
memory: 256Mi
ephemeralStorage: 200Mi