# Configuration for the Services Dashboard itself app: # The number of instances (replicas) of the app to run replicaCount: 1 # Configurations around the image that is used for the Services Dashboard image: # The repository of the image to use for the app # Should be in the format `/` repository: "/" # The specific image tag to use. It's recommended to use some kind of versioning tag scheme as it makes updating the container without having to fully redeploy easier. # Ex. v1.0.0 tag: "v1.0.0" # How often the image should be pulled. The possible values are "Always", "Never", and "IfNotPresent" # It's recommended for production to use "IfNotPresent" to avoid pulling the image every time the pod starts # Though, for development, "Always" is recommended to ensure the latest changes are being tested pullPolicy: "IfNotPresent" container: # The port that the container listens on (Ex. 8080) port: 8080 # The environment that the container is running in (Ex. development, production, etc...) # This is used for the NODE_ENV environment variable env: "production" resources: requests: cpu: 200m memory: 512Mi ephemeralStorage: 50Mi limits: cpu: 1000m memory: 512Mi ephemeralStorage: 1Gi # The timestamp of the backup that the entrypoint script should wait for a restore to complete restoreFromBackup: "" # The ID of the first/initial user # This is because AT LEAST one user must be setup to setup everything else initialUserID: ingress: # We want an ingress resource if we are deploying to a cluster that has a ingress controller/load balancer # This includes most public cloud providers like EKS, GKE, and AKS enabled: true # The DNS Name (Ex. app.example.com) where the app will be accessible host: "" # The class of the ingress controller that is being used (defaulted here to an NGINX ingress controller as it's popular for Kubernetes clusters) class: nginx # Configuration for using OAuth within the app oauth: baseAppUrl: "" appAbbreviation: "" appName: "" serviceName: "" devPort: "" appRegContactEmail: "" # Configuration for the relational database # See the [Database Deployment Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/db-deploy-helm) for more information database: # If a relational database should be used enabled: true # This override tells the helper: "Ignore the alias (Chart Name - `database`), use this string for K8s resources instead" nameOverride: "db" # The type of the relational database that is used. type: "postgres" # If set to `true`, the database will be created as part of the deployment # This uses the [`postgres-controller` CRD](https://github.com/AlanBridgeman/postgres-controller) to create the database create: false # The host that the database is located on host: "" # The name of the database to be used name: "" # The user that is used to access the database user: "" # The password that is used to access the database password: "" # Configurations for the secrets vault # See the [Customized Hashicorp Vault Implementation - Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/custom-hashicorp-vault-helm) for more information vault: # If a secrets vault should be used # That is, if a dedicated software for secret management should be used # This should virtually always be true if storing any kind of sensitive information as it's the most secure option enabled: true # The type of secrets vault (or storage if `enabled` is `false`) to use. # # Vaults # ------ # The following table lists the supported vault types: # # | Type | Description | # | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------- | # | `hashicorp` | [Customized Hashicorp Vault Implementation - Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/custom-hashicorp-vault-helm) | # | `azure` | Uses Azure Key Vault (Required fields: `vaultName`, `clientId`, `clientSecret`, `tenantId`) | # # Storage # ------- # The following table lists the supported storage types. # These are methods OUTSIDE of a dedicated "vault" software. # These are generally **discouraged** as they are less secure. # # | Type | Description | Current Status | Required Fields | # | ----------- | ------------------------------- | -------------- | ---------------- | # | `file` | Uses a file | To-Do | `path` | # | `mem` | Uses in-memory (no persistance) | To-Do | N/A | # type: "" # The name of the vault instance to connect to # # This is relevant if type is set to `hashicorp` or `azure` # Note, if `create` is true this is ignored # # For `hashicorp`, see subchart's `values.yaml` for details # For `azure`, this is the name of the Azure Key Vault instance to connect to #vaultName: "" # The client ID of the Azure Key Vault instance # # ONLY RELEVANT IF `type` IS SET TO `azure` #client-id: # The client secret of the Azure Key Vault instance # # ONLY RELEVANT IF `type` IS SET TO `azure` #client-secret: # The tenant ID of the Azure Key Vault instance # # ONLY RELEVANT IF `type` IS SET TO `azure` #tenant-id: # Configurations to create a Hashicorp Vault instance as part of the Helm chart # # THIS IS ONLY RELEVANT IF `type` IS SET TO `hashicorp` # # See subchart's `values.yaml` for more information create: # If a Hashicorp Vault instance should be created as part of the Helm chart enabled: # Configurations for the image to use if creating the Hashicorp Vault instance # as part of the Helm chart image: # The repository of the image to use repository: # The tag of the image to use tag: # Configurations for the ingress of the created Hashicorp Vault instance ingress: # If an ingress should be created for the created Hashicorp Vault instance enabled: # The host of the ingress for the created Hashicorp Vault instance host: # As part of the custom Hashicorp Vault image it includes a "snapshot server" # This allows for the triggering and receiving of manual backups ("snapshots") and restoration via HTTP snapshotServer: # If the snapshot server should be enabled/running enabled: true # The external port that is opened via the service resource externalPort: 81 # The internal port that the snapshot server listens on internalPort: 8300 appRole: # The name of the environment variable/secret that contains the Role ID for the AppRole used by the app roleIDSecretName: VAULT_ROLE_ID # The name of the environment variable/secret that contains the Secret ID for the AppRole used by the app secretIDSecretName: VAULT_SECRET_ID # The capabilities of the policy to create for the app policyCapabilities: - read - create - update # Configuration the NoSQL database # Within the parlance of the system these are often called "properties" databases (and store less structured data) # See the [NoSQL Deployment Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/nosql-deploy-helm) for more information nosql: # If a NoSQL database should be used enabled: true # Determines the type of NoSQL storage that is used type: "mongodb" # # ONLY relevant if `type` is set to `mongodb` # This uses the [MongoDBCommunity CRD](https://github.com/mongodb/mongodb-kubernetes-operator) to create the resource create: # If to create a resource as part of the deployment process enabled: true # # The name of the NoSQL database name: "" # The username used to access the NoSQL database # ONLY relevant if `type` is set to `mongodb` user: "" # The password used to access the NoSQL database # ONLY relevant if `type` is set to `mongodb` password: "" # Configurable NoSQL information groupings # For Azure Table Storage these are table names # For MongoDB these are collection names grouping: {} #Elements in the format: : "" # Configuration for Redis cache # See the [Cache Deployment Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/cache-deploy-helm) for more information cache: # If a cache (Redis) should be used enabled: true # This override tells the helper: "Ignore the alias (Chart Name - `cache`), use this string for K8s resources instead" nameOverride: "redis" type: "redis" # Configurations if creating Redis resources as part of the deployment create: # If to create a Redis instance/resource as part of the deployment process enabled: true redisData: size: 2Gi # The password to use for the Redis server password: "" # Configurations for communication services/relays comms: # Configurations for Email email: # If emailing is enabled # # Note, if `true` then the `type` must be set (along with any required fields for that type) # # Please see the notes on the `type` property below for more information. # Including required fields for each type enabled: true # The type/provider to use for sending emails # # The following types are supported: # # | Type | Description | Current Status | Required Fields | # | --------- | --------------------------------------- | -------------- | --------------------------------------- | # | `acs` | Uses Azure Communication Services (ACS) | Implemented | `connectionString` | # | `sendgrid`| Uses SendGrid | To-Do | `apiKey` | # | `smtp` | Uses SMTP | To-Do | `host`, `port`, `username`, `password` | # type: 'acs' # The connection string for the Azure Communication Services (ACS) Email service # # THIS IS REQUIRED IF `type` IS SET TO `acs`. Ignored otherwise. connectionString: "" # Configurations for integration with third-party services thirdParty: # Configurations for the Stripe integration stripe: # If the integration is enabled enabled: true # The public key (live) of the Stripe integration publicKey: # The secret key (live) of the Stripe integration secretKey: # The public key (test) of the Stripe integration testPublicKey: # The secret key (test) of the Stripe integration testSecretKey: # Configurations for the Moneris integration moneris: # If the integration is enabled enabled: true # The Merchant ID (production) for the Moneris integration merchantId: # The Store ID (production) for the Moneris integration storeId: # The Hosted Tokenization Profile ID (production) for the Moneris iframe htProfileId: # The Application/client ID (production) for the Moneris API appId: # The Application/client Secret (production) for the Moneris API appSecret: # The Merchant ID (test) for the Moneris integration testMerchantId: # The Store ID (test) for the Moneris integration testStoreId: # The Hosted Tokenization Profile ID (test) for the Moneris iframe testHtProfileId: # The Application/client ID (test) for the Moneris API testAppId: # The Application/client Secret (test) for the Moneris API testAppSecret: # Configuration for the logging sidecar loggingSidecar: # If the logging sidecar should be used (enabled) enabled: true # This override tells the helper: "Ignore the alias (Chart Name - `loggingSidecar`), use this string for K8s resources instead" nameOverride: "logging-sidecar" # The image used for the logging sidecar image: repository: "/" tag: v1.0.0 pullPolicy: IfNotPresent # The name of the logging sidecar container name: logging-sidecar # The port that the logging sidecar listens on port: 3000 # Log aggretator authentication details auth: username: "" password: "" resources: requests: cpu: 20m memory: 128Mi ephemeralStorage: 50Mi limits: cpu: 200m memory: 256Mi ephemeralStorage: 200Mi # Configuration for the backup sidecar backupSidecar: # If the backup sidecar should be used (enabled) enabled: true # The image used for the backup sidecar image: repository: "/" tag: v1.0.0 pullPolicy: IfNotPresent # The name of the backup sidecar container name: backup-sidecar # The port that the backup sidecar listens on port: 3001 resources: requests: cpu: 20m memory: 128Mi ephemeralStorage: 50Mi limits: cpu: 500m memory: 256Mi ephemeralStorage: 200Mi