mirror of
https://github.com/fhswf/aki_prj23_transparenzregister.git
synced 2025-04-25 00:42:35 +02:00
188 lines
6.8 KiB
YAML
188 lines
6.8 KiB
YAML
### helm upgrade --cleanup-on-fail --install aki-transparenzregister-mongo bitnami/mongodb --namespace transparenzregister --create-namespace --values values.yaml
|
|
|
|
global:
|
|
storageClass: "csi-beegfs-dynhot-sc"
|
|
namespaceOverride: ""
|
|
|
|
namespaceOverride: ""
|
|
clusterDomain: kicluster.local
|
|
|
|
## @param extraDeploy Array of extra objects to deploy with the release
|
|
## extraDeploy:
|
|
## - apiVersion: v1
|
|
## kind: Service
|
|
## metadata:
|
|
## ...
|
|
## spec:
|
|
## ...
|
|
extraDeploy: []
|
|
|
|
## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
|
|
##
|
|
commonLabels: {}
|
|
## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template
|
|
##
|
|
commonAnnotations: {}
|
|
|
|
## @section MongoDB(®) parameters
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/mongodb
|
|
tag: 6.0.8-debian-11-r0
|
|
debug: false
|
|
|
|
## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`)
|
|
## note replicaset needs more configuration
|
|
architecture: standalone
|
|
useStatefulSet: false # StatefulSet instead of a Deployment (only when `architecture=standalone`)
|
|
|
|
## MongoDB(®) Authentication parameters
|
|
## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
|
|
auth:
|
|
enabled: true
|
|
rootUser: root
|
|
## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run
|
|
rootPassword: <some pw>
|
|
## MongoDB(®) custom users and databases
|
|
## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#creating-a-user-and-database-on-first-run
|
|
## @param auth.usernames List of custom users to be created during the initialization
|
|
## @param auth.passwords List of passwords for the custom users set at `auth.usernames`
|
|
## @param auth.databases List of custom databases to be created during the initialization
|
|
##
|
|
usernames: ["aki_transparenzregister"]
|
|
passwords: <[some pw]>
|
|
databases: ["transparenzregister"]
|
|
## @param auth.username DEPRECATED: use `auth.usernames` instead
|
|
## @param auth.password DEPRECATED: use `auth.passwords` instead
|
|
## @param auth.database DEPRECATED: use `auth.databases` instead
|
|
username: ""
|
|
password: ""
|
|
database: ""
|
|
|
|
## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`)
|
|
## NOTE: When it's set the previous parameters are ignored.
|
|
existingSecret: ""
|
|
|
|
tls:
|
|
## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes
|
|
##
|
|
enabled: false
|
|
## @param tls.autoGenerated Generate a custom CA and self-signed certificates
|
|
##
|
|
autoGenerated: true
|
|
## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`)
|
|
## NOTE: When it's set it will disable secret creation.
|
|
##
|
|
existingSecret: ""
|
|
## Add Custom CA certificate
|
|
## @param tls.caCert Custom CA certificated (base64 encoded)
|
|
## @param tls.caKey CA certificate private key (base64 encoded)
|
|
##
|
|
caCert: ""
|
|
caKey: ""
|
|
## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert.
|
|
## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA.
|
|
##
|
|
pemChainIncluded: false
|
|
standalone:
|
|
## @param tls.standalone.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
|
|
## NOTE: When it's set it will disable certificate self-generation from existing CA.
|
|
##
|
|
existingSecret: ""
|
|
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/nginx
|
|
tag: 1.25.1-debian-11-r9
|
|
## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients
|
|
## extraDnsNames
|
|
## "DNS.6": "$my_host"
|
|
## "DNS.7": "$test"
|
|
extraDnsNames: []
|
|
## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`)
|
|
mode: requireTLS
|
|
|
|
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
hostAliases: []
|
|
## mongo db general settings:
|
|
directoryPerDB: false # not sure whatperformance gains/impact this would have
|
|
disableJavascript: false # should probably be disabled when not needed. Required for serverside map reduce.
|
|
|
|
## overwrite config file for mongo db http://docs.mongodb.org/manual/reference/configuration-options/
|
|
configuration: ""
|
|
|
|
extraFlags: []
|
|
extraEnvVars: []
|
|
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
|
|
extraEnvVarsSecret: ""
|
|
|
|
affinity: {}
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
|
|
podLabels: {}
|
|
podAnnotations: {}
|
|
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsGroup: 0
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
|
|
containerPorts:
|
|
mongodb: 27017
|
|
|
|
sidecars: []
|
|
extraVolumeMounts: []
|
|
extraVolumes: []
|
|
|
|
service:
|
|
nameOverride: "" # service name
|
|
type: NodePort # others are NodePort and LoadBalancer ( only for standalone architecture)
|
|
portName: mongodb # (only for standalone architecture)
|
|
ports:
|
|
mongodb: 27017
|
|
|
|
nodePorts:
|
|
mongodb: 30217
|
|
|
|
## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture)
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
|
|
##
|
|
externalIPs: []
|
|
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
|
|
extraPorts: []
|
|
## @param service.annotations Provide any additional annotations that may be required
|
|
annotations: {}
|
|
## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture)
|
|
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
|
externalTrafficPolicy: Local
|
|
|
|
persistence:
|
|
enabled: true
|
|
## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
|
|
## Requires persistence.enabled: true
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## Ignored when mongodb.architecture=replicaset
|
|
existingClaim: ""
|
|
## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
|
|
resourcePolicy: ""
|
|
storageClass: "csi-beegfs-dynhot-sc"
|
|
## @param persistence.accessModes PV Access Mode
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
annotations: {}
|