diff --git a/charts/taiga/Chart.yaml b/charts/taiga/Chart.yaml new file mode 100644 index 0000000..9fb4c5a --- /dev/null +++ b/charts/taiga/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: taiga +version: 0.1.0 +description: Chart for Taiga +keywords: + - kanban + - project management +sources: + - https://github.com/taigaio + - https://github.com/rabbitmq/rabbitmq-server + - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq +maintainers: + - name: alexlebens +icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4 +dependencies: + - name: rabbitmq + version: 13.0.3 + repository: https://charts.bitnami.com/bitnami + alias: taiga-async-rabbitmq + - name: rabbitmq + version: 13.0.3 + repository: https://charts.bitnami.com/bitnami + alias: taiga-events-rabbitmq +appVersion: 6.7.7 diff --git a/charts/taiga/README.md b/charts/taiga/README.md new file mode 100644 index 0000000..9649e96 --- /dev/null +++ b/charts/taiga/README.md @@ -0,0 +1,17 @@ +## Introduction + +[Taiga 6](https://github.com/taigaio) + +Intuitive and simple, yet feature complete Kanban board + +This chart bootstraps a [Taiga](https://github.com/taigaio) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Prerequisites + +- Kubernetes +- Helm + +## Parameters + +See the [values files](values.yaml). diff --git a/charts/taiga/templates/_helpers.tpl b/charts/taiga/templates/_helpers.tpl new file mode 100644 index 0000000..909b0aa --- /dev/null +++ b/charts/taiga/templates/_helpers.tpl @@ -0,0 +1,135 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "taiga.name" -}} + {{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "taiga.fullname" -}} + {{- if .Values.global.fullnameOverride -}} + {{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- $name := default .Chart.Name .Values.global.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label +*/}} +{{- define "taiga.chart" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "taiga.labels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }} +helm.sh/chart: {{ template "taiga.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Common labels for specific components +*/}} +{{- define "taiga.back.labels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-back +helm.sh/chart: {{ template "taiga.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- define "taiga.async.labels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-async +helm.sh/chart: {{ template "taiga.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- define "taiga.front.labels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-front +helm.sh/chart: {{ template "taiga.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- define "taiga.events.labels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-events +helm.sh/chart: {{ template "taiga.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- define "taiga.protected.labels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-protected +helm.sh/chart: {{ template "taiga.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "taiga.matchLabels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- define "taiga.back.matchLabels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-back +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- define "taiga.async.matchLabels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-async +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- define "taiga.front.matchLabels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-front +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- define "taiga.events.matchLabels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-events +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- define "taiga.protected.matchLabels" -}} +app.kubernetes.io/name: {{ template "taiga.name" . }}-protected +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "taiga.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{ default (include "taiga.fullname" .) .Values.serviceAccount.name }} + {{- else -}} + {{ default "default" .Values.serviceAccount.name }} + {{- end -}} +{{- end -}} + +{{/* +Create the name of the static persistent volume +*/}} +{{- define "taiga.staticVolumeName" -}} + {{- if .Values.persistence.static.existingClaim -}} + {{ .Values.persistence.static.existingClaim }} + {{- else -}} + {{ printf "%s-static" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }} + {{- end -}} +{{- end -}} + +{{/* +Create the name of the media persistent volume +*/}} +{{- define "taiga.mediaVolumeName" -}} + {{- if .Values.persistence.media.existingClaim -}} + {{ .Values.persistence.media.existingClaim }} + {{- else -}} + {{ printf "%s-media" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }} + {{- end -}} +{{- end -}} diff --git a/charts/taiga/templates/config-map.yaml b/charts/taiga/templates/config-map.yaml new file mode 100644 index 0000000..059b8ac --- /dev/null +++ b/charts/taiga/templates/config-map.yaml @@ -0,0 +1,36 @@ +{{- if .Values.createInitialUser }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "taiga.fullname" . }}-create-initial-user + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +data: + createinitialuser.sh: | + #!/bin/sh + echo """ + import time + import requests + import subprocess + + print('Waiting for backend ...') + while requests.get('http://{{ template "taiga.fullname" . }}-back/api/v1/').status_code != 200: + print('...') + time.sleep(2) + + if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1: + print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back')) + else: + print('Admin user yet created.') + """ > /tmp/create_superuser.py + python /tmp/create_superuser.py +{{- end }} diff --git a/charts/taiga/templates/deployment-back.yaml b/charts/taiga/templates/deployment-back.yaml new file mode 100644 index 0000000..1c1bc60 --- /dev/null +++ b/charts/taiga/templates/deployment-back.yaml @@ -0,0 +1,515 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "taiga.fullname" . }}-back + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.back.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: 3 + replicas: {{ .Values.back.replicas }} + strategy: + type: Recreate + selector: + matchLabels: + {{- include "taiga.back.matchLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "taiga.back.labels" . | nindent 8 }} + app.kubernetes.io/component: {{ template "taiga.name" . }}-back + annotations: + {{- with .Values.back.podAnnotations }} + {{ toYaml . | nindent 8 }} + {{- end }} + spec: + affinity: + {{- with .Values.back.affinity }} + {{ toYaml . | nindent 8 }} + {{- end }} + nodeSelector: + {{- with .Values.back.nodeSelector }} + {{ toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- with .Values.back.tolerations }} + {{ toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "taiga.serviceAccountName" . }} + securityContext: + {{- with .Values.back.securityContext }} + {{ toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ template "taiga.fullname" . }}-back + image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}" + imagePullPolicy: {{ .Values.back.image.pullPolicy }} + resources: + {{ toYaml .Values.back.resources | nindent 12 }} + ports: + - name: taiga-back + containerPort: {{ .Values.back.service.port }} + protocol: TCP + volumeMounts: + - name: taiga-static + mountPath: /taiga-back/static + - name: taiga-media + mountPath: /taiga-back/media + env: + - name: TAIGA_SECRET_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.secretKey.existingSecretName }}" + key: "{{ .Values.secretKey.existingSecretKey }}" + - name: ENABLE_TELEMETRY + value: "{{ .Values.enableTelemetry }}" + - name: PUBLIC_REGISTER_ENABLED + value: "{{ .Values.publicRegisterEnabled }}" + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.usernameKey }}" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.passwordKey }}" + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.databaseNameKey }}" + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.hostKey }}" + + {{ if .Values.oidc.enabled }} + - name: OIDC_ENABLED + value: "True" + - name: OIDC_SCOPES + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.scopesKey }}" + - name: OIDC_SIGN_ALGO + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.signatureAlgorithmKey }}" + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.clientIdKey }}" + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.clientSecretKey }}" + - name: OIDC_BASE_URL + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.baseUrlKey }}" + - name: OIDC_JWKS_ENDPOINT + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.jwksEndpointKey }}" + - name: OIDC_AUTHORIZATION_ENDPOINT + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.authorizationEndpointKey }}" + - name: OIDC_TOKEN_ENDPOINT + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.tokenEndpointKey }}" + - name: OIDC_USER_ENDPOINT + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.userEndpointKey }}" + {{ end }} + + {{ if .Values.email.enabled }} + - name: EMAIL_BACKEND + value: "django.core.mail.backends.smtp.EmailBackend" + - name: DEFAULT_FROM_EMAIL + value: "{{ .Values.email.from }}" + - name: EMAIL_HOST + value: "{{ .Values.email.host }}" + - name: EMAIL_PORT + value: "{{ .Values.email.port }}" + - name: EMAIL_USE_TLS + value: "{{ .Values.email.tls }}" + - name: EMAIL_USE_SSL + value: "{{ .Values.email.ssl }}" + - name: EMAIL_HOST_USER + value: "{{ .Values.email.user }}" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.email.existingPasswordSecret }}" + key: "{{ .Values.email.existingSecretPasswordKey }}" + {{ end }} + + - name: ENABLE_GITHUB_AUTH + value: "false" + - name: ENABLE_GITLAB_AUTH + value: "false" + - name: ENABLE_SLACK + value: "{{ .Values.enableSlack }}" + + {{ if .Values.githubImporter.enabled }} + - name: ENABLE_GITHUB_IMPORTER + value: "True" + - name: GITHUB_API_CLIENT_ID + valueFrom: + secretKeyRef: + name: "{{ .Values.githubImporter.existingSecretName }}" + key: "{{ .Values.githubImporter.existingSecretClientIdKey }}" + - name: GITHUB_API_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Values.githubImporter.existingSecretName }}" + key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}" + {{ else }} + - name: ENABLE_GITHUB_IMPORTER + value: "False" + {{ end }} + + {{ if .Values.jiraImporter.enabled }} + - name: ENABLE_JIRA_IMPORTER + value: "True" + - name: JIRA_IMPORTER_CONSUMER_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.jiraImporter.existingSecretName }}" + key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}" + - name: JIRA_IMPORTER_CERT + valueFrom: + secretKeyRef: + name: "{{ .Values.jiraImporter.existingSecretName }}" + key: "{{ .Values.jiraImporter.existingSecretCertKey }}" + - name: JIRA_IMPORTER_PUB_CERT + valueFrom: + secretKeyRef: + name: "{{ .Values.jiraImporter.existingSecretName }}" + key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}" + {{ else }} + - name: ENABLE_JIRA_IMPORTER + value: "False" + {{ end }} + + {{ if .Values.trelloImporter }} + - name: ENABLE_TRELLO_IMPORTER + value: "True" + - name: TRELLO_IMPORTER_API_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.trelloImporter.existingSecretName }}" + key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}" + - name: TRELLO_IMPORTER_SECRET_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.trelloImporter.existingSecretName }}" + key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}" + {{ else }} + - name: ENABLE_JIRA_IMPORTER + value: "False" + {{ end }} + + - name: RABBITMQ_USER + value: "{{ index .Values "taiga-async-rabbitmq" "auth" "username" }}" + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + name: {{ index .Values "taiga-async-rabbitmq" "auth" "existingPasswordSecret" }} + key: {{ index .Values "taiga-async-rabbitmq" "auth" "existingSecretPasswordKey" }} + + {{ if .Values.ingress.enabled }} + - name: TAIGA_SITES_DOMAIN + value: "{{ .Values.ingress.host }}" + - name: TAIGA_SITES_SCHEME + value: "https" + - name: SESSION_COOKIE_SECURE + value: "True" + - name: CSRF_COOKIE_SECURE + value: "True" + {{- end }} + + {{- if .Values.back.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.back.service.port }} + initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.back.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }} + {{- end }} + + {{- if .Values.back.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.back.service.port }} + initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.back.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }} + {{- end }} + + - name: {{ template "taiga.fullname" . }}-async + image: "{{ .Values.async.image.repository }}:{{ .Values.async.image.tag }}" + imagePullPolicy: {{ .Values.async.image.pullPolicy }} + resources: + {{ toYaml .Values.async.resources | nindent 12 }} + command: + - /taiga-back/docker/async_entrypoint.sh + volumeMounts: + - name: taiga-static + mountPath: /taiga-back/static + - name: taiga-media + mountPath: /taiga-back/media + env: + - name: TAIGA_SECRET_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.secretKey.existingSecretName }}" + key: "{{ .Values.secretKey.existingSecretKey }}" + - name: ENABLE_TELEMETRY + value: "{{ .Values.enableTelemetry }}" + - name: PUBLIC_REGISTER_ENABLED + value: "{{ .Values.publicRegisterEnabled }}" + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.usernameKey }}" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.passwordKey }}" + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.databaseNameKey }}" + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.hostKey }}" + + {{ if .Values.oidc.enabled }} + - name: OIDC_ENABLED + value: "True" + - name: OIDC_SCOPES + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.scopesKey }}" + - name: OIDC_SIGN_ALGO + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.signatureAlgorithmKey }}" + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.clientIdKey }}" + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.clientSecretKey }}" + - name: OIDC_BASE_URL + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.baseUrlKey }}" + - name: OIDC_JWKS_ENDPOINT + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.jwksEndpointKey }}" + - name: OIDC_AUTHORIZATION_ENDPOINT + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.authorizationEndpointKey }}" + - name: OIDC_TOKEN_ENDPOINT + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.tokenEndpointKey }}" + - name: OIDC_USER_ENDPOINT + valueFrom: + secretKeyRef: + name: "{{ .Values.oidc.existingSecretName }}" + key: "{{ .Values.oidc.userEndpointKey }}" + {{ end }} + + {{ if .Values.email.enabled }} + - name: EMAIL_BACKEND + value: "django.core.mail.backends.smtp.EmailBackend" + - name: DEFAULT_FROM_EMAIL + value: "{{ .Values.email.from }}" + - name: EMAIL_HOST + value: "{{ .Values.email.host }}" + - name: EMAIL_PORT + value: "{{ .Values.email.port }}" + - name: EMAIL_USE_TLS + value: "{{ .Values.email.tls }}" + - name: EMAIL_USE_SSL + value: "{{ .Values.email.ssl }}" + - name: EMAIL_HOST_USER + value: "{{ .Values.email.user }}" + - name: EMAIL_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.email.existingPasswordSecret }}" + key: "{{ .Values.email.existingSecretPasswordKey }}" + {{ end }} + + - name: ENABLE_GITHUB_AUTH + value: "false" + - name: ENABLE_GITLAB_AUTH + value: "false" + - name: ENABLE_SLACK + value: "{{ .Values.enableSlack }}" + + {{ if .Values.githubImporter.enabled }} + - name: ENABLE_GITHUB_IMPORTER + value: "True" + - name: GITHUB_API_CLIENT_ID + valueFrom: + secretKeyRef: + name: "{{ .Values.githubImporter.existingSecretName }}" + key: "{{ .Values.githubImporter.existingSecretClientIdKey }}" + - name: GITHUB_API_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Values.githubImporter.existingSecretName }}" + key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}" + {{ else }} + - name: ENABLE_GITHUB_IMPORTER + value: "False" + {{ end }} + + {{ if .Values.jiraImporter.enabled }} + - name: ENABLE_JIRA_IMPORTER + value: "True" + - name: JIRA_IMPORTER_CONSUMER_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.jiraImporter.existingSecretName }}" + key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}" + - name: JIRA_IMPORTER_CERT + valueFrom: + secretKeyRef: + name: "{{ .Values.jiraImporter.existingSecretName }}" + key: "{{ .Values.jiraImporter.existingSecretCertKey }}" + - name: JIRA_IMPORTER_PUB_CERT + valueFrom: + secretKeyRef: + name: "{{ .Values.jiraImporter.existingSecretName }}" + key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}" + {{ else }} + - name: ENABLE_JIRA_IMPORTER + value: "False" + {{ end }} + + {{ if .Values.trelloImporter }} + - name: ENABLE_TRELLO_IMPORTER + value: "True" + - name: TRELLO_IMPORTER_API_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.trelloImporter.existingSecretName }}" + key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}" + - name: TRELLO_IMPORTER_SECRET_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.trelloImporter.existingSecretName }}" + key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}" + {{ else }} + - name: ENABLE_JIRA_IMPORTER + value: "False" + {{ end }} + + - name: RABBITMQ_USER + value: "{{ index .Values "taiga-async-rabbitmq" "auth" "username" }}" + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + name: {{ index .Values "taiga-async-rabbitmq" "auth" "existingPasswordSecret" }} + key: {{ index .Values "taiga-async-rabbitmq" "auth" "existingSecretPasswordKey" }} + + {{ if .Values.ingress.enabled }} + - name: TAIGA_SITES_DOMAIN + value: "{{ .Values.ingress.host }}" + - name: TAIGA_SITES_SCHEME + value: "https" + - name: SESSION_COOKIE_SECURE + value: "True" + - name: CSRF_COOKIE_SECURE + value: "True" + {{- end }} + + {{- if .Values.back.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.back.service.port }} + initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.back.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }} + {{- end }} + + {{- if .Values.back.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.back.service.port }} + initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.back.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }} + {{- end }} + + volumes: + - name: taiga-static + {{- if .Values.persistence.static.enabled }} + persistentVolumeClaim: + claimName: {{ include "taiga.staticVolumeName" . }} + {{- else }} + emptyDir: {} + {{- end }} + - name: taiga-media + {{- if .Values.persistence.media.enabled }} + persistentVolumeClaim: + claimName: {{ include "taiga.mediaVolumeName" . }} + {{- else }} + emptyDir: {} + {{- end }} diff --git a/charts/taiga/templates/deployment-events.yaml b/charts/taiga/templates/deployment-events.yaml new file mode 100644 index 0000000..b204cf7 --- /dev/null +++ b/charts/taiga/templates/deployment-events.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "taiga.fullname" . }}-events + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.events.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: 3 + replicas: {{ .Values.events.replicas }} + strategy: + type: Recreate + selector: + matchLabels: + {{- include "taiga.events.matchLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "taiga.events.labels" . | nindent 8 }} + app.kubernetes.io/component: {{ template "taiga.name" . }}-events + annotations: + {{- with .Values.events.podAnnotations }} + {{ toYaml . | nindent 8 }} + {{- end }} + spec: + affinity: + {{- with .Values.events.affinity }} + {{ toYaml . | nindent 8 }} + {{- end }} + nodeSelector: + {{- with .Values.events.nodeSelector }} + {{ toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- with .Values.events.tolerations }} + {{ toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "taiga.serviceAccountName" . }} + securityContext: + {{- with .Values.events.securityContext }} + {{ toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ template "taiga.fullname" . }}-events + image: "{{ .Values.events.image.repository }}:{{ .Values.events.image.tag }}" + imagePullPolicy: {{ .Values.events.image.pullPolicy }} + resources: + {{ toYaml .Values.events.resources | nindent 12 }} + ports: + - name: taiga-events + containerPort: {{ .Values.events.service.port }} + protocol: TCP + env: + - name: TAIGA_SECRET_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.secretKey.existingSecretName }}" + key: "{{ .Values.secretKey.existingSecretKey }}" + - name: RABBITMQ_USER + value: "{{ index .Values "taiga-events-rabbitmq" "auth" "username" }}" + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + name: {{ index .Values "taiga-events-rabbitmq" "auth" "existingPasswordSecret" }} + key: {{ index .Values "taiga-events-rabbitmq" "auth" "existingSecretPasswordKey" }} + + {{- if .Values.events.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.events.service.port }} + initialDelaySeconds: {{ .Values.events.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.events.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.events.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.events.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.events.livenessProbe.failureThreshold }} + {{- end }} + + {{- if .Values.events.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.events.service.port }} + initialDelaySeconds: {{ .Values.events.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.events.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.events.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.events.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.events.readinessProbe.failureThreshold }} + {{- end }} diff --git a/charts/taiga/templates/deployment-front.yaml b/charts/taiga/templates/deployment-front.yaml new file mode 100644 index 0000000..efb8ec3 --- /dev/null +++ b/charts/taiga/templates/deployment-front.yaml @@ -0,0 +1,106 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "taiga.fullname" . }}-front + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.front.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: 3 + replicas: {{ .Values.front.replicas }} + strategy: + type: Recreate + selector: + matchLabels: + {{- include "taiga.front.matchLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "taiga.front.labels" . | nindent 8 }} + app.kubernetes.io/component: {{ template "taiga.name" . }}-front + annotations: + {{- with .Values.front.podAnnotations }} + {{ toYaml . | nindent 8 }} + {{- end }} + spec: + affinity: + {{- with .Values.front.affinity }} + {{ toYaml . | nindent 8 }} + {{- end }} + nodeSelector: + {{- with .Values.front.nodeSelector }} + {{ toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- with .Values.front.tolerations }} + {{ toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "taiga.serviceAccountName" . }} + securityContext: + {{- with .Values.front.securityContext }} + {{ toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ template "taiga.fullname" . }}-front + image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}" + imagePullPolicy: {{ .Values.front.image.pullPolicy }} + resources: + {{ toYaml .Values.front.resources | nindent 12 }} + ports: + - name: taiga-front + containerPort: {{ .Values.front.service.port }} + protocol: TCP + env: + {{ if .Values.ingress.enabled }} + - name: TAIGA_URL + value: "https://{{ .Values.ingress.host }}" + {{ else }} + - name: TAIGA_URL + value: "http://localhost:{{ .Values.front.service.port }}" + {{ end }} + + - name: PUBLIC_REGISTER_ENABLED + value: "{{ .Values.publicRegisterEnabled }}" + - name: ENABLE_GITHUB_AUTH + value: "false" + - name: ENABLE_GITLAB_AUTH + value: "false" + - name: ENABLE_SLACK + value: "{{ .Values.enableSlack }}" + - name: ENABLE_GITHUB_IMPORTER + value: "{{ .Values.githubImporter.enabled }}" + - name: ENABLE_JIRA_IMPORTER + value: "{{ .Values.jiraImporter.enabled }}" + - name: ENABLE_TRELLO_IMPORTER + value: "{{ .Values.trelloImporter.enabled }}" + + {{- if .Values.front.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.front.service.port }} + initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.front.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }} + {{- end }} + + {{- if .Values.front.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.front.service.port }} + initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.front.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }} + {{- end }} diff --git a/charts/taiga/templates/deployment-protected.yaml b/charts/taiga/templates/deployment-protected.yaml new file mode 100644 index 0000000..c159b3e --- /dev/null +++ b/charts/taiga/templates/deployment-protected.yaml @@ -0,0 +1,91 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "taiga.fullname" . }}-protected + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.protected.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + revisionHistoryLimit: 3 + replicas: {{ .Values.protected.replicas }} + strategy: + type: Recreate + selector: + matchLabels: + {{- include "taiga.protected.matchLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "taiga.protected.labels" . | nindent 8 }} + app.kubernetes.io/component: {{ template "taiga.name" . }}-protected + annotations: + {{- with .Values.protected.podAnnotations }} + {{ toYaml . | nindent 8 }} + {{- end }} + spec: + affinity: + {{- with .Values.protected.affinity }} + {{ toYaml . | nindent 8 }} + {{- end }} + nodeSelector: + {{- with .Values.protected.nodeSelector }} + {{ toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- with .Values.protected.tolerations }} + {{ toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "taiga.serviceAccountName" . }} + securityContext: + {{- with .Values.protected.securityContext }} + {{ toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ template "taiga.fullname" . }}-protected + image: "{{ .Values.protected.image.repository }}:{{ .Values.protected.image.tag }}" + imagePullPolicy: {{ .Values.protected.image.pullPolicy }} + resources: + {{ toYaml .Values.protected.resources | nindent 12 }} + ports: + - name: taiga-protected + containerPort: {{ .Values.protected.service.port }} + protocol: TCP + env: + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.secretKey.existingSecretName }}" + key: "{{ .Values.secretKey.existingSecretKey }}" + - name: MAX_AGE + value: "{{ .Values.maxAge }}" + + {{- if .Values.protected.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.protected.service.port }} + initialDelaySeconds: {{ .Values.protected.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.protected.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.protected.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.protected.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.protected.livenessProbe.failureThreshold }} + {{- end }} + + {{- if .Values.protected.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /admin/login/ + port: {{ .Values.protected.service.port }} + initialDelaySeconds: {{ .Values.protected.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.protected.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.protected.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.protected.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.protected.readinessProbe.failureThreshold }} + {{- end }} diff --git a/charts/taiga/templates/ingress.yaml b/charts/taiga/templates/ingress.yaml new file mode 100644 index 0000000..3753c16 --- /dev/null +++ b/charts/taiga/templates/ingress.yaml @@ -0,0 +1,65 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "taiga.fullname" . }} + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- toYaml .Values.ingress.annotations | nindent 4 }} + labels: + {{- include "taiga.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.className }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ template "taiga.fullname" . }}-secret-tls + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: / + backend: + service: + name: "{{ template "taiga.fullname" . }}-front" + port: + name: taiga-front + pathType: ImplementationSpecific + - path: /api + backend: + service: + name: "{{ template "taiga.fullname" . }}-back" + port: + name: taiga-back + pathType: ImplementationSpecific + - path: /admin + backend: + service: + name: "{{ template "taiga.fullname" . }}-back" + port: + name: taiga-back + pathType: ImplementationSpecific + - path: /events + backend: + service: + name: "{{ template "taiga.fullname" . }}-events" + port: + name: taiga-events + pathType: ImplementationSpecific + - path: /media + backend: + service: + name: "{{ template "taiga.fullname" . }}-protected" + port: + name: taiga-protected + pathType: ImplementationSpecific +{{- end }} diff --git a/charts/taiga/templates/job.yaml b/charts/taiga/templates/job.yaml new file mode 100644 index 0000000..22a78fb --- /dev/null +++ b/charts/taiga/templates/job.yaml @@ -0,0 +1,66 @@ +{{- if .Values.createInitialUser }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "taiga.fullname" . }}-create-initial-user + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + backoffLimit: 4 + template: + spec: + {{- if .Values.back.nodeSelector }} + nodeSelector: + {{ toYaml .Values.back.nodeSelector | nindent 8 }} + {{- end }} + restartPolicy: Never + containers: + - name: {{ template "taiga.fullname" . }}-create-initial-user + image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}" + imagePullPolicy: {{ .Values.back.image.pullPolicy }} + command: + - sh + - /scripts/createinitialuser.sh + volumeMounts: + - name: create-initial-user + mountPath: /scripts + env: + - name: TAIGA_SECRET_KEY + valueFrom: + secretKeyRef: + name: "{{ .Values.secretKey.existingSecretName }}" + key: "{{ .Values.secretKey.existingSecretKey }}" + - name: POSTGRES_USERNAME + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.usernameKey }}" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.passwordKey }}" + - name: POSTGRES_DATABASE_NAME + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.databaseNameKey }}" + - name: POSTGRES_DATABASE_HOST + valueFrom: + secretKeyRef: + name: "{{ .Values.postgresql.existingSecretName }}" + key: "{{ .Values.postgresql.hostKey }}" + volumes: + - name: create-initial-user + configMap: + name: {{ template "taiga.fullname" . }}-create-initial-user + defaultMode: 0744 +{{- end }} diff --git a/charts/taiga/templates/persistent-volume-claim.yaml b/charts/taiga/templates/persistent-volume-claim.yaml new file mode 100644 index 0000000..b261cf9 --- /dev/null +++ b/charts/taiga/templates/persistent-volume-claim.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.persistence.static.enabled (not .Values.persistence.static.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "taiga.staticVolumeName" . }} + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.persistence.static.retain }} + helm.sh/resource-policy: keep + {{- end }} + labels: + {{- include "taiga.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + storageClassName: {{ .Values.persistence.static.storageClass }} + accessModes: + - {{ .Values.persistence.static.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.static.size }} +{{- end }} + +--- +{{- if and .Values.persistence.media.enabled (not .Values.persistence.media.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "taiga.mediaVolumeName" . }} + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.persistence.media.retain }} + "helm.sh/resource-policy": keep + {{- end }} + labels: + {{- include "taiga.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + storageClassName: {{ .Values.persistence.media.storageClass }} + accessModes: + - {{ .Values.persistence.media.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.media.size }} +{{- end }} diff --git a/charts/taiga/templates/service-account.yaml b/charts/taiga/templates/service-account.yaml new file mode 100644 index 0000000..6545939 --- /dev/null +++ b/charts/taiga/templates/service-account.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "taiga.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/taiga/templates/service.yaml b/charts/taiga/templates/service.yaml new file mode 100644 index 0000000..3b73e89 --- /dev/null +++ b/charts/taiga/templates/service.yaml @@ -0,0 +1,134 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "taiga.fullname" . }}-back + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.back.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.back.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.back.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.back.service.type }} + ports: + - port: {{ .Values.back.service.port }} + targetPort: taiga-back + protocol: TCP + name: taiga-back + selector: + {{- include "taiga.back.matchLabels" . | nindent 4 }} + {{- with .Values.back.service.extraSelectorLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "taiga.fullname" . }}-events + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.events.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.events.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.events.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.events.service.type }} + ports: + - port: {{ .Values.events.service.port }} + targetPort: taiga-events + protocol: TCP + name: taiga-events + selector: + {{- include "taiga.events.matchLabels" . | nindent 4 }} + {{- with .Values.events.service.extraSelectorLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "taiga.fullname" . }}-front + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.front.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.front.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.front.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.front.service.type }} + ports: + - port: {{ .Values.front.service.port }} + targetPort: taiga-front + protocol: TCP + name: taiga-front + selector: + {{- include "taiga.front.matchLabels" . | nindent 4 }} + {{- with .Values.front.service.extraSelectorLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "taiga.fullname" . }}-protected + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.global.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.protected.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "taiga.protected.labels" . | nindent 4 }} + {{- with .Values.global.labels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.protected.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.protected.service.type }} + ports: + - port: {{ .Values.protected.service.port }} + targetPort: taiga-protected + protocol: TCP + name: taiga-protected + selector: + {{- include "taiga.protected.matchLabels" . | nindent 4 }} + {{- with .Values.protected.service.extraSelectorLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/taiga/values.yaml b/charts/taiga/values.yaml new file mode 100644 index 0000000..2dc1500 --- /dev/null +++ b/charts/taiga/values.yaml @@ -0,0 +1,832 @@ +## Global +## +global: + # -- Set an override for the prefix of the fullname + nameOverride: + + # -- Set the entire name definition + fullnameOverride: + + # -- Set additional global labels. Helm templates can be used. + labels: {} + + # -- Set additional global annotations. Helm templates can be used. + annotations: {} + +## Service Account +## +serviceAccount: + # -- Specifies whether a service account should be created + create: false + + # -- Annotations to add to the service account + annotations: {} + + # -- Labels to add to the service account + labels: {} + + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +## Secret key +## Specificy the secret name and the key containg a strong secret key +## +secretKey: + existingSecretName: "" + existingSecretKey: "" + +## Create initial user with credentials admin/123123 +## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html +## +# TODO: set to false by default or create with a random password which is stored in a secret +# or allow to pass in the data for username and secret +createInitialUser: true + +## Max age +## +maxAge: 360 + +## Create initial templates +## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html +## +# TODO: This values seems to be unused +createInitialTemplates: false + +## Taiga's url +## +taigaUrl: "" + +## Telemetry settings +## +enableTelemetry: true + +## Public registration +## +publicRegisterEnabled: true + +## Enable debug +## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html +debug: false + +## Postgresql +## Configuration is expected to be stored in a secret, reference the secret name and each key for the value +## +postgresql: + existingSecretName: "" + usernameKey: "" + passwordKey: "" + databaseNameKey: "" + hostKey: "" + portKey: "" + +## OIDC authentication +## Configuration is expected to be stored in a secret, reference the secret name and each key for the value +## +oidc: + enabled: false + existingSecretName: "" + scopesKey: "" # "openid profile email" + signatureAlgorithmKey: "" # "RS256" + clientIdKey: "" # + clientSecretKey: "" # + baseUrlKey: "" # "https://id.fedoraproject.org/openidc" + jwksEndpointKey: "" # "https://id.fedoraproject.org/openidc/Jwks" + authorizationEndpointKey: "" # "https://id.fedoraproject.org/openidc/Authorization" + tokenEndpointKey: "" # "https://id.fedoraproject.org/openidc/Token" + userEndpointKey: "" # "https://id.fedoraproject.org/openidc/UserInfo" + +## SMTP mail delivery configuration +## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html +## +email: + enabled: false + from: no-reply@example.com + host: localhost + port: 587 + tls: false + ssl: false + user: "" + + ## Specificy an existing secret containg the password for the smtp user + ## + existingPasswordSecret: "" + existingSecretPasswordKey: "" + +## Slack +## +enableSlack: false + +## Importers +## +# Github importer +githubImporter: + enabled: false + existingSecretName: "" + existingSecretClientIdKey: "" + existingSecretClientSecretKey: "" + +# Jira importer +jiraImporter: + enabled: false + existingSecretName: "" + existingSecretConsumerKeyKey: "" + existingSecretCertKey: "" + existingSecretPubCertKey: "" + +# Trello importer +trelloImporter: + enabled: false + existingSecretName: "" + existingSecretApiKeyKey: "" + existingSecretSecretKeyKey: "" + +## taiga-back +## +back: + ## Taiga image version + ## ref: https://hub.docker.com/r/taigaio/taiga5/tags + ## + image: + repository: taigaio/taiga-back + tag: "6.7.3" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + + ## Define the number of pods the deployment will create + ## Do not change unless your persistent volume allows more than one writer, ie NFS + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ + ## + replicas: 1 + + ## Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: {} + + ## taiga containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 2 + # memory: 1Gi + requests: {} + # cpu: 1 + # memory: 1Gi + + ## Configure extra options for liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## + livenessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + + readinessProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Environment variables, to pass to the entry point + ## + # extraVars: + # - name: NAMI_DEBUG + # value: --log-level trace + + ## Service + ## + service: + # -- Set the service type + type: ClusterIP + + # -- Provide additional annotations which may be required. + annotations: {} + + # -- Provide additional labels which may be required. + labels: {} + + # -- Allow adding additional match labels + extraSelectorLabels: {} + + # -- HTTP port number + port: 8000 + +## Async +## +async: + ## Taiga image version + ## ref: https://hub.docker.com/r/taigaio/taiga5/tags + ## + image: + repository: taigaio/taiga-back + tag: "6.7.3" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + + ## async-taiga rabbitmq credentials + ## Must match to async-rabbitmq.auth.username and async-rabbitmq.auth.password + ## I don't use async-rabbitmq values because this bug: https://github.com/helm/helm/issues/2192 + rabbitmq: + auth: + username: taiga + password: taiga + + ## Define the number of pods the deployment will create + ## Do not change unless your persistent volume allows more than one writer, ie NFS + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ + ## + replicas: 1 + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: {} + + ## Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## taiga containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 2 + # memory: 1Gi + requests: {} + # cpu: 1 + # memory: 1Gi + + ## Configure extra options for liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## + livenessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Environment variables, to pass to the entry point + ## + # extraVars: + # - name: NAMI_DEBUG + # value: --log-level trace + + ## Service + ## + service: + # -- Set the service type + type: ClusterIP + + # -- Provide additional annotations which may be required. + annotations: {} + + # -- Provide additional labels which may be required. + labels: {} + + # -- Allow adding additional match labels + extraSelectorLabels: {} + + # -- HTTP port number + port: 8000 + +## Async Rabbitmq +## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema +## +taiga-async-rabbitmq: + auth: + ## @param auth.username RabbitMQ application username + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables + ## + username: taiga + + ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey) + ## e.g: + ## existingPasswordSecret: name-of-existing-secret + ## + existingPasswordSecret: "" + existingSecretPasswordKey: "" + + ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey) + ## e.g: + ## existingErlangSecret: name-of-existing-secret + ## + existingErlangSecret: "" + ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret + ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set + ## + existingSecretErlangKey: "" + + ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf. + ## Must contain the key "rabbitmq.conf" + ## Takes precedence over `configuration`, so do not use both simultaneously + ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect + ## + configurationExistingSecret: "" + ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration + ## Use this instead of `configuration` to add more configuration + ## Do not use simultaneously with `extraConfigurationExistingSecret` + ## + extraConfiguration: |- + default_vhost = taiga + default_permissions.configure = .* + default_permissions.read = .* + default_permissions.write = .* + +## Events +## +events: + ## Taiga image version + ## ref: https://hub.docker.com/r/taigaio/taiga5/tags + ## + image: + repository: taigaio/taiga-events + tag: "6.7.0" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + + ## events-taiga rabbitmq credentials + ## Must match to events-rabbitmq.auth.username and events-rabbitmq.auth.password + ## I don't use events-rabbitmq values because this bug: https://github.com/helm/helm/issues/2192 + rabbitmq: + auth: + username: taiga + password: taiga + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: {} + + ## Define the number of pods the deployment will create + ## Do not change unless your persistent volume allows more than one writer, ie NFS + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ + ## + replicas: 1 + + ## Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## taiga containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 2 + # memory: 1Gi + requests: {} + # cpu: 1 + # memory: 1Gi + + ## Configure extra options for liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## + livenessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Environment variables, to pass to the entry point + ## + # extraVars: + # - name: NAMI_DEBUG + # value: --log-level trace + + ## Service + ## + service: + # -- Set the service type + type: ClusterIP + + # -- Provide additional annotations which may be required. + annotations: {} + + # -- Provide additional labels which may be required. + labels: {} + + # -- Allow adding additional match labels + extraSelectorLabels: {} + + # -- HTTP port number + port: 8888 + +## Events Rabbitmq +## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema +## +taiga-events-rabbitmq: + auth: + ## @param auth.username RabbitMQ application username + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables + ## + username: taiga + + ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey) + ## e.g: + ## existingPasswordSecret: name-of-existing-secret + ## + existingPasswordSecret: "" + existingSecretPasswordKey: "" + + ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey) + ## e.g: + ## existingErlangSecret: name-of-existing-secret + ## + existingErlangSecret: "" + ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret + ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set + ## + existingSecretErlangKey: "" + + ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf. + ## Must contain the key "rabbitmq.conf" + ## Takes precedence over `configuration`, so do not use both simultaneously + ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect + ## + configurationExistingSecret: "" + ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration + ## Use this instead of `configuration` to add more configuration + ## Do not use simultaneously with `extraConfigurationExistingSecret` + ## + extraConfiguration: |- + default_vhost = taiga + default_permissions.configure = .* + default_permissions.read = .* + default_permissions.write = .* + +## Protected +## +protected: + ## Taiga image version + ## ref: https://hub.docker.com/r/taigaio/taiga5/tags + ## + image: + repository: taigaio/taiga-protected + tag: "6.7.0" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: {} + + ## Define the number of pods the deployment will create + ## Do not change unless your persistent volume allows more than one writer, ie NFS + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ + ## + replicas: 1 + + ## Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## taiga containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 2 + # memory: 1Gi + requests: {} + # cpu: 1 + # memory: 1Gi + + ## Configure extra options for liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## + livenessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Environment variables, to pass to the entry point + ## + # extraVars: + # - name: NAMI_DEBUG + # value: --log-level trace + + ## Service + ## + service: + # -- Set the service type + type: ClusterIP + + # -- Provide additional annotations which may be required. + annotations: {} + + # -- Provide additional labels which may be required. + labels: {} + + # -- Allow adding additional match labels + extraSelectorLabels: {} + + # -- HTTP port number + port: 8003 + +## Front +## +front: + ## Taiga image version + ## ref: https://hub.docker.com/r/taigaio/taiga5/tags + ## + image: + repository: taigaio/taiga-front + tag: "6.7.7" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + + ## Define the number of pods the deployment will create + ## Do not change unless your persistent volume allows more than one writer, ie NFS + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ + ## + replicas: 1 + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: {} + + ## Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## taiga containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 2 + # memory: 1Gi + requests: {} + # cpu: 1 + # memory: 1Gi + + ## Configure extra options for liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## + livenessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Environment variables, to pass to the entry point + ## + # extraVars: + # - name: NAMI_DEBUG + # value: --log-level trace + + ## Service + ## + service: + # -- Set the service type + type: ClusterIP + + # -- Provide additional annotations which may be required. + annotations: {} + + # -- Provide additional labels which may be required. + labels: {} + + # -- Allow adding additional match labels + extraSelectorLabels: {} + + # -- HTTP port number + port: 80 + +## Configure the ingress resource that allows you to access the +## taiga installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + # -- Enables or disables the ingress + enabled: false + + # -- Provide additional annotations which may be required. + annotations: {} + + # -- Provide additional labels which may be required. + labels: {} + + # -- Set the ingressClass that is used for this ingress. + className: "" + + ## Configure the hosts for the ingress + host: chart-example.local + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + static: + # -- Enables or disables the persistence item. Defaults to true + enabled: true + + # -- Storage Class for the config volume. + # If set to `-`, dynamic provisioning is disabled. + # If set to something else, the given storageClass is used. + # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. + storageClass: "" + + # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here. + existingClaim: "" + + # -- AccessMode for the persistent volume. + # Make sure to select an access mode that is supported by your storage provider! + # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) + accessMode: ReadWriteOnce + + # -- The amount of storage that is requested for the persistent volume. + size: 5Gi + + # -- Set to true to retain the PVC upon `helm uninstall` + retain: false + + media: + # -- Enables or disables the persistence item. Defaults to true + enabled: true + + # -- Storage Class for the config volume. + # If set to `-`, dynamic provisioning is disabled. + # If set to something else, the given storageClass is used. + # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. + storageClass: "" + + # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here. + existingClaim: "" + + # -- AccessMode for the persistent volume. + # Make sure to select an access mode that is supported by your storage provider! + # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) + accessMode: ReadWriteOnce + + # -- The amount of storage that is requested for the persistent volume. + size: 5Gi + + # -- Set to true to retain the PVC upon `helm uninstall` + retain: false