Bridgeman-Accessible/services.bridgemanaccessible.ca-helm
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
services.bridgemanaccessibl.../values.yaml
Alan Bridgeman 21cfbf79dc
All checks were successful
Deploy the Helm Chart / build (push) Successful in 16s
Details
Added additional OAuth variable + refactored so that OAuth variables are now in template function
2025-12-29 07:22:27 -06:00

399 lines
No EOL
14 KiB
YAML
Raw Blame History

# Configuration for the Services Dashboard itself
app:
# The number of instances (replicas) of the app to run
replicaCount: 1
# Configurations around the image that is used for the Services Dashboard
image:
# The repository of the image to use for the app
# Should be in the format `<Image Repository (Ex. containers.example.com)>/<Image Name (Ex. app)>`
repository: "<Image Repository>/<Image Name>"
# The specific image tag to use. It's recommended to use some kind of versioning tag scheme as it makes updating the container without having to fully redeploy easier.
# Ex. v1.0.0
tag: "v1.0.0"
# How often the image should be pulled. The possible values are "Always", "Never", and "IfNotPresent"
# It's recommended for production to use "IfNotPresent" to avoid pulling the image every time the pod starts
# Though, for development, "Always" is recommended to ensure the latest changes are being tested
pullPolicy: "IfNotPresent"
container:
# The port that the container listens on (Ex. 8080)
port: 8080
# The environment that the container is running in (Ex. development, production, etc...)
# This is used for the NODE_ENV environment variable
env: "production"
resources:
requests:
cpu: 200m
memory: 512Mi
ephemeralStorage: 50Mi
limits:
cpu: 1000m
memory: 512Mi
ephemeralStorage: 1Gi
# The timestamp of the backup that the entrypoint script should wait for a restore to complete
restoreFromBackup: ""
# The ID of the first/initial user
# This is because AT LEAST one user must be setup to setup everything else
initialUserID: <user ID>
ingress:
# We want an ingress resource if we are deploying to a cluster that has a ingress controller/load balancer
# This includes most public cloud providers like EKS, GKE, and AKS
enabled: true
# The DNS Name (Ex. app.example.com) where the app will be accessible
host: "<hostname>"
# The class of the ingress controller that is being used (defaulted here to an NGINX ingress controller as it's popular for Kubernetes clusters)
class: nginx
# Configuration for using OAuth within the app
oauth:
baseAppUrl: "<Base App URL>"
appAbbreviation: "<App Abbreviation>"
appName: "<App Name>"
serviceName: "<Service Name>"
devPort: "<Dev Port>"
appRegContactEmail: "<App Registration Contact Email>"
# Configuration for the relational database
# See the [Database Deployment Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/db-deploy-helm) for more information
database:
# If a relational database should be used
enabled: true
# This override tells the helper: "Ignore the alias (Chart Name - `database`), use this string for K8s resources instead"
nameOverride: "db"
# The type of the relational database that is used.
type: "postgres"
# If set to `true`, the database will be created as part of the deployment
# This uses the [`postgres-controller` CRD](https://github.com/AlanBridgeman/postgres-controller) to create the database
create: false
# The host that the database is located on
host: "<DB Host>"
# The name of the database to be used
name: "<DB Name>"
# The user that is used to access the database
user: "<DB User>"
# The password that is used to access the database
password: "<DB Password>"
# Configurations for the secrets vault
# See the [Customized Hashicorp Vault Implementation - Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/custom-hashicorp-vault-helm) for more information
vault:
# If a secrets vault should be used
# That is, if a dedicated software for secret management should be used
# This should virtually always be true if storing any kind of sensitive information as it's the most secure option
enabled: true
# The type of secrets vault (or storage if `enabled` is `false`) to use.
#
# Vaults
# ------
# The following table lists the supported vault types:
#
# | Type | Description |
# | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
# | `hashicorp` | [Customized Hashicorp Vault Implementation - Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/custom-hashicorp-vault-helm) |
# | `azure` | Uses Azure Key Vault (Required fields: `vaultName`, `clientId`, `clientSecret`, `tenantId`) |
#
# Storage
# -------
# The following table lists the supported storage types.
# These are methods OUTSIDE of a dedicated "vault" software.
# These are generally **discouraged** as they are less secure.
#
# | Type | Description | Current Status | Required Fields |
# | ----------- | ------------------------------- | -------------- | ---------------- |
# | `file` | Uses a file | To-Do | `path` |
# | `mem` | Uses in-memory (no persistance) | To-Do | N/A |
#
type: "<Vault Type>"
# The name of the vault instance to connect to
#
# This is relevant if type is set to `hashicorp` or `azure`
# Note, if `create` is true this is ignored
#
# For `hashicorp`, see subchart's `values.yaml` for details
# For `azure`, this is the name of the Azure Key Vault instance to connect to
#vaultName: "<Vault Name>"
# The client ID of the Azure Key Vault instance
#
# ONLY RELEVANT IF `type` IS SET TO `azure`
#client-id: <Azure Key Vault Client ID>
# The client secret of the Azure Key Vault instance
#
# ONLY RELEVANT IF `type` IS SET TO `azure`
#client-secret: <Azure Key Vault Client Secret>
# The tenant ID of the Azure Key Vault instance
#
# ONLY RELEVANT IF `type` IS SET TO `azure`
#tenant-id: <Azure Key Vault Tenant ID>
# Configurations to create a Hashicorp Vault instance as part of the Helm chart
#
# THIS IS ONLY RELEVANT IF `type` IS SET TO `hashicorp`
#
# See subchart's `values.yaml` for more information
create:
# If a Hashicorp Vault instance should be created as part of the Helm chart
enabled: <true/false>
# Configurations for the image to use if creating the Hashicorp Vault instance
# as part of the Helm chart
image:
# The repository of the image to use
repository: <image repository>
# The tag of the image to use
tag: <image tag>
# Configurations for the ingress of the created Hashicorp Vault instance
ingress:
# If an ingress should be created for the created Hashicorp Vault instance
enabled: <true/false>
# The host of the ingress for the created Hashicorp Vault instance
host: <DNS Name for vault>
# As part of the custom Hashicorp Vault image it includes a "snapshot server"
# This allows for the triggering and receiving of manual backups ("snapshots") and restoration via HTTP
snapshotServer:
# If the snapshot server should be enabled/running
enabled: true
# The external port that is opened via the service resource
externalPort: 81
# The internal port that the snapshot server listens on
internalPort: 8300
appRole:
# The name of the environment variable/secret that contains the Role ID for the AppRole used by the app
roleIDSecretName: VAULT_ROLE_ID
# The name of the environment variable/secret that contains the Secret ID for the AppRole used by the app
secretIDSecretName: VAULT_SECRET_ID
# The capabilities of the policy to create for the app
policyCapabilities:
- read
- create
- update
# Configuration the NoSQL database
# Within the parlance of the system these are often called "properties" databases (and store less structured data)
# See the [NoSQL Deployment Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/nosql-deploy-helm) for more information
nosql:
# If a NoSQL database should be used
enabled: true
# Determines the type of NoSQL storage that is used
type: "mongodb" # <NoSQL Storage Type>
# ONLY relevant if `type` is set to `mongodb`
# This uses the [MongoDBCommunity CRD](https://github.com/mongodb/mongodb-kubernetes-operator) to create the resource
create:
# If to create a resource as part of the deployment process
enabled: true # <true/false>
# The name of the NoSQL database
name: "<NoSQL DB Name>"
# The username used to access the NoSQL database
# ONLY relevant if `type` is set to `mongodb`
user: "<MongoDB User>"
# The password used to access the NoSQL database
# ONLY relevant if `type` is set to `mongodb`
password: "<MongoDB Password>"
# Configurable NoSQL information groupings
# For Azure Table Storage these are table names
# For MongoDB these are collection names
grouping: {}
#Elements in the format: <Table Intermediate Name>: "<NoSQL Table Name>"
# Configuration for Redis cache
# See the [Cache Deployment Helm Chart](https://git.bridgemanaccessible.ca/Bridgeman-Accessible/cache-deploy-helm) for more information
cache:
# If a cache (Redis) should be used
enabled: true
# This override tells the helper: "Ignore the alias (Chart Name - `cache`), use this string for K8s resources instead"
nameOverride: "redis"
type: "redis"
# Configurations if creating Redis resources as part of the deployment
create:
# If to create a Redis instance/resource as part of the deployment process
enabled: true
redisData:
size: 2Gi
# The password to use for the Redis server
password: "<Redis Password>"
# Configurations for communication services/relays
comms:
# Configurations for Email
email:
# If emailing is enabled
#
# Note, if `true` then the `type` must be set (along with any required fields for that type)
#
# Please see the notes on the `type` property below for more information.
# Including required fields for each type
enabled: true
# The type/provider to use for sending emails
#
# The following types are supported:
#
# | Type | Description | Current Status | Required Fields |
# | --------- | --------------------------------------- | -------------- | --------------------------------------- |
# | `acs` | Uses Azure Communication Services (ACS) | Implemented | `connectionString` |
# | `sendgrid`| Uses SendGrid | To-Do | `apiKey` |
# | `smtp` | Uses SMTP | To-Do | `host`, `port`, `username`, `password` |
#
type: 'acs'
# The connection string for the Azure Communication Services (ACS) Email service
#
# THIS IS REQUIRED IF `type` IS SET TO `acs`. Ignored otherwise.
connectionString: "<ACS Connection String>"
# Configurations for integration with third-party services
thirdParty:
# Configurations for the Stripe integration
stripe:
# If the integration is enabled
enabled: true
# The public key (live) of the Stripe integration
publicKey: <Stripe Live Public Key>
# The secret key (live) of the Stripe integration
secretKey: <Stripe Live Secret Key>
# The public key (test) of the Stripe integration
testPublicKey: <Stripe Test Public Key>
# The secret key (test) of the Stripe integration
testSecretKey: <Stripe Test Secret Key>
# Configurations for the Moneris integration
moneris:
# If the integration is enabled
enabled: true
# The Merchant ID (production) for the Moneris integration
merchantId: <Moneris Merchant ID>
# The Store ID (production) for the Moneris integration
storeId: <Moneris Store ID>
# The Hosted Tokenization Profile ID (production) for the Moneris iframe
htProfileId: <Moneris Hosted Tokenization Profile ID>
# The Application/client ID (production) for the Moneris API
appId: <Moneris Application ID>
# The Application/client Secret (production) for the Moneris API
appSecret: <Moneris App Secret>
# The Merchant ID (test) for the Moneris integration
testMerchantId: <Moneris Test Merchant ID>
# The Store ID (test) for the Moneris integration
testStoreId: <Moneris Test/QA Store ID>
# The Hosted Tokenization Profile ID (test) for the Moneris iframe
testHtProfileId: <Moneris Test/QA Hosted Tokenization Profile ID>
# The Application/client ID (test) for the Moneris API
testAppId: <Moneris Sandbox/Tes Application Id>
# The Application/client Secret (test) for the Moneris API
testAppSecret: <Moneris Sandbox/Test App Secret>
# Configuration for the logging sidecar
loggingSidecar:
# If the logging sidecar should be used (enabled)
enabled: true
# This override tells the helper: "Ignore the alias (Chart Name - `loggingSidecar`), use this string for K8s resources instead"
nameOverride: "logging-sidecar"
# The image used for the logging sidecar
image:
repository: "<repository>/<Logging Sidecar Image Name>"
tag: v1.0.0
pullPolicy: IfNotPresent
# The name of the logging sidecar container
name: logging-sidecar
# The port that the logging sidecar listens on
port: 3000
# Log aggretator authentication details
auth:
username: "<Log Aggregator (OpenObserve) Username>"
password: "<Log Aggregator (OpenObserve) Password>"
resources:
requests:
cpu: 20m
memory: 128Mi
ephemeralStorage: 50Mi
limits:
cpu: 200m
memory: 256Mi
ephemeralStorage: 200Mi
# Configuration for the backup sidecar
backupSidecar:
# If the backup sidecar should be used (enabled)
enabled: true
# The image used for the backup sidecar
image:
repository: "<repository>/<Backup Sidecar Image Name>"
tag: v1.0.0
pullPolicy: IfNotPresent
# The name of the backup sidecar container
name: backup-sidecar
# The port that the backup sidecar listens on
port: 3001
resources:
requests:
cpu: 20m
memory: 128Mi
ephemeralStorage: 50Mi
limits:
cpu: 500m
memory: 256Mi
ephemeralStorage: 200Mi
Reference in a new issue View git blame Copy permalink