Compare commits
28 Commits
postgres-c
...
taiga-0.2.
| Author | SHA1 | Date | |
|---|---|---|---|
|
6399a8ca97 | ||
|
|
580c7da73a | ||
|
|
11d47799f1 | ||
|
|
7d825da72d | ||
|
|
adf49292bd | ||
|
|
63e69df14a | ||
| 7bd8a4525a | |||
| a860789056 | |||
| 58f89640a8 | |||
| 132e086d6d | |||
| 617505ee99 | |||
| 34a21702ab | |||
| 15d3253af9 | |||
| 90970ef172 | |||
| 0d6f789ffd | |||
| f968776cd0 | |||
| 0b2beb08b7 | |||
| 8fae31a679 | |||
| f67ac05610 | |||
| 7803519d04 | |||
| 55e63c2c72 | |||
| 6e083293bb | |||
| 60e427826c | |||
| f905b4ccfe | |||
| 487786455c | |||
| 585d39657a | |||
| e5e2812ed5 | |||
| 506218210e |
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: home-assistant
|
||||
version: 0.1.9
|
||||
version: 0.1.10
|
||||
description: Chart for Home Assistant
|
||||
keywords:
|
||||
- home-automation
|
||||
|
||||
@@ -56,7 +56,7 @@ codeserver:
|
||||
enabled: false
|
||||
image:
|
||||
repository: linuxserver/code-server
|
||||
tag: 4.23.0
|
||||
tag: 4.23.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
TZ: UTC
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: homepage
|
||||
version: 0.0.10
|
||||
version: 0.0.11
|
||||
description: Chart for benphelps homepage
|
||||
keywords:
|
||||
- dashboard
|
||||
@@ -9,4 +9,4 @@ sources:
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
|
||||
appVersion: v0.8.11
|
||||
appVersion: v0.8.12
|
||||
|
||||
@@ -3,7 +3,7 @@ deployment:
|
||||
strategy: Recreate
|
||||
image:
|
||||
repository: ghcr.io/gethomepage/homepage
|
||||
tag: v0.8.11
|
||||
tag: v0.8.12
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
envFrom:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: matrix-hookshot
|
||||
version: 0.1.0
|
||||
version: 0.1.1
|
||||
description: Chart for Matrix Hookshot
|
||||
keywords:
|
||||
- matrix
|
||||
@@ -11,4 +11,4 @@ sources:
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4
|
||||
appVersion: "5.2.1"
|
||||
appVersion: "5.3.0"
|
||||
|
||||
@@ -3,7 +3,7 @@ deployment:
|
||||
strategy: Recreate
|
||||
image:
|
||||
repository: halfshot/matrix-hookshot
|
||||
tag: "5.2.1"
|
||||
tag: "5.3.0"
|
||||
imagePullPolicy: IfNotPresent
|
||||
env: {}
|
||||
envFrom: []
|
||||
@@ -39,7 +39,7 @@ ingress:
|
||||
enabled: false
|
||||
className: ""
|
||||
annotations: {}
|
||||
host: ""
|
||||
host: ""
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
@@ -81,7 +81,7 @@ hookshot:
|
||||
resources:
|
||||
- widgets
|
||||
|
||||
#github:
|
||||
# github:
|
||||
# # (Optional) Configure this to enable GitHub support
|
||||
# auth:
|
||||
# # Authentication for the GitHub App.
|
||||
@@ -104,7 +104,7 @@ hookshot:
|
||||
# # (Optional) Prefix used when creating ghost users for GitHub accounts.
|
||||
# _github_
|
||||
|
||||
#gitlab:
|
||||
# gitlab:
|
||||
# # (Optional) Configure this to enable GitLab support
|
||||
# instances:
|
||||
# gitlab.com:
|
||||
@@ -119,7 +119,7 @@ hookshot:
|
||||
# # (Optional) Aggregate comments by waiting this many miliseconds before posting them to Matrix. Defaults to 5000 (5 seconds)
|
||||
# 5000
|
||||
|
||||
#figma:
|
||||
# figma:
|
||||
# # (Optional) Configure this to enable Figma support
|
||||
# publicUrl: https://example.com/hookshot/
|
||||
# instances:
|
||||
@@ -128,7 +128,7 @@ hookshot:
|
||||
# accessToken: your-personal-access-token
|
||||
# passcode: your-webhook-passcode
|
||||
|
||||
#jira:
|
||||
# jira:
|
||||
# # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com)
|
||||
# webhook:
|
||||
# # Webhook settings for JIRA
|
||||
@@ -139,7 +139,7 @@ hookshot:
|
||||
# client_secret: bar
|
||||
# redirect_uri: https://example.com/oauth/
|
||||
|
||||
#generic:
|
||||
# generic:
|
||||
# # (Optional) Support for generic webhook events.
|
||||
# #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
|
||||
|
||||
@@ -150,23 +150,23 @@ hookshot:
|
||||
# allowJsTransformationFunctions: false
|
||||
# waitForComplete: false
|
||||
|
||||
#feeds:
|
||||
# feeds:
|
||||
# # (Optional) Configure this to enable RSS/Atom feed support
|
||||
# enabled: false
|
||||
# pollConcurrency: 4
|
||||
# pollIntervalSeconds: 600
|
||||
# pollTimeoutSeconds: 30
|
||||
|
||||
#provisioning:
|
||||
# provisioning:
|
||||
# # (Optional) Provisioning API for integration managers
|
||||
# secret: "!secretToken"
|
||||
|
||||
#bot:
|
||||
# bot:
|
||||
# # (Optional) Define profile information for the bot user
|
||||
# displayname: Hookshot Bot
|
||||
# avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
|
||||
|
||||
#serviceBots:
|
||||
# serviceBots:
|
||||
# # (Optional) Define additional bot users for specific services
|
||||
# - localpart: feeds
|
||||
# displayname: Feeds
|
||||
@@ -174,21 +174,21 @@ hookshot:
|
||||
# prefix: "!feeds"
|
||||
# service: feeds
|
||||
|
||||
#metrics:
|
||||
# metrics:
|
||||
# # (Optional) Prometheus metrics support
|
||||
# enabled: true
|
||||
|
||||
#cache:
|
||||
# cache:
|
||||
# # (Optional) Cache options for large scale deployments.
|
||||
# # For encryption to work, this must be configured.
|
||||
# redisUri: redis://localhost:6379
|
||||
|
||||
#queue:
|
||||
# queue:
|
||||
# # (Optional) Message queue configuration options for large scale deployments.
|
||||
# # For encryption to work, this must not be configured.
|
||||
# redisUri: redis://localhost:6379
|
||||
|
||||
#widgets:
|
||||
# widgets:
|
||||
# # (Optional) EXPERIMENTAL support for complimentary widgets
|
||||
# addToAdminRooms: false
|
||||
# disallowedIpRanges:
|
||||
@@ -217,12 +217,12 @@ hookshot:
|
||||
# branding:
|
||||
# widgetTitle: Hookshot Configuration
|
||||
|
||||
#sentry:
|
||||
# sentry:
|
||||
# # (Optional) Configure Sentry error reporting
|
||||
# dsn: https://examplePublicKey@o0.ingest.sentry.io/0
|
||||
# environment: production
|
||||
|
||||
#permissions:
|
||||
# permissions:
|
||||
# # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
|
||||
# - actor: example.com
|
||||
# services:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: mautrix-whatsapp
|
||||
version: 0.0.2
|
||||
version: 0.0.3
|
||||
description: Chart for Matrix Whatsapp Bridge
|
||||
keywords:
|
||||
- matrix
|
||||
@@ -12,4 +12,4 @@ sources:
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://avatars.githubusercontent.com/u/88519669?s=48&v=4
|
||||
appVersion: v0.10.6
|
||||
appVersion: v0.10.7
|
||||
|
||||
@@ -3,7 +3,7 @@ deployment:
|
||||
strategy: Recreate
|
||||
image:
|
||||
repository: dock.mau.dev/mautrix/whatsapp
|
||||
tag: v0.10.6
|
||||
tag: v0.10.7
|
||||
imagePullPolicy: IfNotPresent
|
||||
env: {}
|
||||
envFrom: []
|
||||
@@ -45,479 +45,477 @@ persistence:
|
||||
accessMode: ReadWriteOnce
|
||||
size: 500Mi
|
||||
|
||||
|
||||
# Reference the following for examples
|
||||
# https://github.com/mautrix/whatsapp/blob/main/example-config.yaml
|
||||
mautrixWhatsapp:
|
||||
|
||||
# config.yml contents
|
||||
existingSecret: ""
|
||||
config:
|
||||
# Homeserver details.
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: https://matrix.example.com
|
||||
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
|
||||
domain: example.com
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: https://matrix.example.com
|
||||
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
|
||||
domain: example.com
|
||||
|
||||
# What software is the homeserver running?
|
||||
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
|
||||
software: standard
|
||||
# The URL to push real-time bridge status to.
|
||||
# If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
|
||||
# The bridge will use the appservice as_token to authorize requests.
|
||||
status_endpoint: null
|
||||
# Endpoint for reporting per-message status.
|
||||
message_send_checkpoint_endpoint: null
|
||||
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
|
||||
async_media: false
|
||||
# What software is the homeserver running?
|
||||
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
|
||||
software: standard
|
||||
# The URL to push real-time bridge status to.
|
||||
# If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
|
||||
# The bridge will use the appservice as_token to authorize requests.
|
||||
status_endpoint: null
|
||||
# Endpoint for reporting per-message status.
|
||||
message_send_checkpoint_endpoint: null
|
||||
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
|
||||
async_media: false
|
||||
|
||||
# Should the bridge use a websocket for connecting to the homeserver?
|
||||
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
|
||||
# mautrix-asmux (deprecated), and hungryserv (proprietary).
|
||||
websocket: false
|
||||
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
|
||||
ping_interval_seconds: 0
|
||||
# Should the bridge use a websocket for connecting to the homeserver?
|
||||
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
|
||||
# mautrix-asmux (deprecated), and hungryserv (proprietary).
|
||||
websocket: false
|
||||
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
|
||||
ping_interval_seconds: 0
|
||||
|
||||
# Application service host/registration related details.
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: http://localhost:29318
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: http://localhost:29318
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 29318
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 29318
|
||||
|
||||
# Database config.
|
||||
database:
|
||||
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
|
||||
type: postgres
|
||||
# The database URI.
|
||||
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
|
||||
# https://github.com/mattn/go-sqlite3#connection-string
|
||||
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
|
||||
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
|
||||
uri: postgres://user:password@host/database?sslmode=disable
|
||||
# Maximum number of connections. Mostly relevant for Postgres.
|
||||
max_open_conns: 20
|
||||
max_idle_conns: 2
|
||||
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
|
||||
# Parsed with https://pkg.go.dev/time#ParseDuration
|
||||
max_conn_idle_time: null
|
||||
max_conn_lifetime: null
|
||||
# Database config.
|
||||
database:
|
||||
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
|
||||
type: postgres
|
||||
# The database URI.
|
||||
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
|
||||
# https://github.com/mattn/go-sqlite3#connection-string
|
||||
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
|
||||
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
|
||||
uri: postgres://user:password@host/database?sslmode=disable
|
||||
# Maximum number of connections. Mostly relevant for Postgres.
|
||||
max_open_conns: 20
|
||||
max_idle_conns: 2
|
||||
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
|
||||
# Parsed with https://pkg.go.dev/time#ParseDuration
|
||||
max_conn_idle_time: null
|
||||
max_conn_lifetime: null
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: whatsapp
|
||||
# Appservice bot details.
|
||||
bot:
|
||||
# Username of the appservice bot.
|
||||
username: whatsappbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
displayname: WhatsApp bridge bot
|
||||
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
|
||||
# The unique ID of this appservice.
|
||||
id: whatsapp
|
||||
# Appservice bot details.
|
||||
bot:
|
||||
# Username of the appservice bot.
|
||||
username: whatsappbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
displayname: WhatsApp bridge bot
|
||||
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
|
||||
|
||||
# Whether or not to receive ephemeral events via appservice transactions.
|
||||
# Requires MSC2409 support (i.e. Synapse 1.22+).
|
||||
ephemeral_events: true
|
||||
# Whether or not to receive ephemeral events via appservice transactions.
|
||||
# Requires MSC2409 support (i.e. Synapse 1.22+).
|
||||
ephemeral_events: true
|
||||
|
||||
# Should incoming events be handled asynchronously?
|
||||
# This may be necessary for large public instances with lots of messages going through.
|
||||
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
|
||||
async_transactions: false
|
||||
# Should incoming events be handled asynchronously?
|
||||
# This may be necessary for large public instances with lots of messages going through.
|
||||
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
|
||||
async_transactions: false
|
||||
|
||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||
as_token: "This value is generated when generating the registration"
|
||||
hs_token: "This value is generated when generating the registration"
|
||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||
as_token: "This value is generated when generating the registration"
|
||||
hs_token: "This value is generated when generating the registration"
|
||||
|
||||
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
|
||||
analytics:
|
||||
# Hostname of the tracking server. The path is hardcoded to /v1/track
|
||||
host: api.segment.io
|
||||
# API key to send with tracking requests. Tracking is disabled if this is null.
|
||||
token: null
|
||||
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
|
||||
user_id: null
|
||||
# Hostname of the tracking server. The path is hardcoded to /v1/track
|
||||
host: api.segment.io
|
||||
# API key to send with tracking requests. Tracking is disabled if this is null.
|
||||
token: null
|
||||
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
|
||||
user_id: null
|
||||
|
||||
# Prometheus config.
|
||||
metrics:
|
||||
# Enable prometheus metrics?
|
||||
enabled: false
|
||||
# IP and port where the metrics listener should be. The path is always /metrics
|
||||
listen: 127.0.0.1:8001
|
||||
# Enable prometheus metrics?
|
||||
enabled: false
|
||||
# IP and port where the metrics listener should be. The path is always /metrics
|
||||
listen: 127.0.0.1:8001
|
||||
|
||||
# Config for things that are directly sent to WhatsApp.
|
||||
whatsapp:
|
||||
# Device name that's shown in the "WhatsApp Web" section in the mobile app.
|
||||
os_name: Mautrix-WhatsApp bridge
|
||||
# Browser name that determines the logo shown in the mobile app.
|
||||
# Must be "unknown" for a generic icon or a valid browser name if you want a specific icon.
|
||||
# List of valid browser names: https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64
|
||||
browser_name: unknown
|
||||
# Device name that's shown in the "WhatsApp Web" section in the mobile app.
|
||||
os_name: Mautrix-WhatsApp bridge
|
||||
# Browser name that determines the logo shown in the mobile app.
|
||||
# Must be "unknown" for a generic icon or a valid browser name if you want a specific icon.
|
||||
# List of valid browser names: https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64
|
||||
browser_name: unknown
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for WhatsApp users.
|
||||
# {{.}} is replaced with the phone number of the WhatsApp user.
|
||||
username_template: whatsapp_{{.}}
|
||||
# Displayname template for WhatsApp users.
|
||||
# {{.PushName}} - nickname set by the WhatsApp user
|
||||
# {{.BusinessName}} - validated WhatsApp business name
|
||||
# {{.Phone}} - phone number (international format)
|
||||
# The following variables are also available, but will cause problems on multi-user instances:
|
||||
# {{.FullName}} - full name from contact list
|
||||
# {{.FirstName}} - first name from contact list
|
||||
displayname_template: "{{or .BusinessName .PushName .JID}} (WA)"
|
||||
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
|
||||
# Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
|
||||
personal_filtering_spaces: false
|
||||
# Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
|
||||
delivery_receipts: false
|
||||
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
|
||||
message_status_events: false
|
||||
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
|
||||
message_error_notices: true
|
||||
# Should incoming calls send a message to the Matrix room?
|
||||
call_start_notices: true
|
||||
# Should another user's cryptographic identity changing send a message to Matrix?
|
||||
identity_change_notices: false
|
||||
portal_message_buffer: 128
|
||||
# Settings for handling history sync payloads.
|
||||
history_sync:
|
||||
# Enable backfilling history sync payloads from WhatsApp?
|
||||
backfill: true
|
||||
# The maximum number of initial conversations that should be synced.
|
||||
# Other conversations will be backfilled on demand when receiving a message or when initiating a direct chat.
|
||||
max_initial_conversations: -1
|
||||
# Maximum number of messages to backfill in each conversation.
|
||||
# Set to -1 to disable limit.
|
||||
message_count: 50
|
||||
# Should the bridge request a full sync from the phone when logging in?
|
||||
# This bumps the size of history syncs from 3 months to 1 year.
|
||||
request_full_sync: false
|
||||
# Configuration parameters that are sent to the phone along with the request full sync flag.
|
||||
# By default (when the values are null or 0), the config isn't sent at all.
|
||||
full_sync_config:
|
||||
# Number of days of history to request.
|
||||
# The limit seems to be around 3 years, but using higher values doesn't break.
|
||||
days_limit: null
|
||||
# This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob.
|
||||
size_mb_limit: null
|
||||
# This is presumably the local storage quota, which may affect what the phone includes in the history sync blob.
|
||||
storage_quota_mb: null
|
||||
# If this value is greater than 0, then if the conversation's last message was more than
|
||||
# this number of hours ago, then the conversation will automatically be marked it as read.
|
||||
# Conversations that have a last message that is less than this number of hours ago will
|
||||
# have their unread status synced from WhatsApp.
|
||||
unread_hours_threshold: 0
|
||||
# Localpart template of MXIDs for WhatsApp users.
|
||||
# {{.}} is replaced with the phone number of the WhatsApp user.
|
||||
username_template: whatsapp_{{.}}
|
||||
# Displayname template for WhatsApp users.
|
||||
# {{.PushName}} - nickname set by the WhatsApp user
|
||||
# {{.BusinessName}} - validated WhatsApp business name
|
||||
# {{.Phone}} - phone number (international format)
|
||||
# The following variables are also available, but will cause problems on multi-user instances:
|
||||
# {{.FullName}} - full name from contact list
|
||||
# {{.FirstName}} - first name from contact list
|
||||
displayname_template: "{{or .BusinessName .PushName .JID}} (WA)"
|
||||
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
|
||||
# Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
|
||||
personal_filtering_spaces: false
|
||||
# Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
|
||||
delivery_receipts: false
|
||||
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
|
||||
message_status_events: false
|
||||
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
|
||||
message_error_notices: true
|
||||
# Should incoming calls send a message to the Matrix room?
|
||||
call_start_notices: true
|
||||
# Should another user's cryptographic identity changing send a message to Matrix?
|
||||
identity_change_notices: false
|
||||
portal_message_buffer: 128
|
||||
# Settings for handling history sync payloads.
|
||||
history_sync:
|
||||
# Enable backfilling history sync payloads from WhatsApp?
|
||||
backfill: true
|
||||
# The maximum number of initial conversations that should be synced.
|
||||
# Other conversations will be backfilled on demand when receiving a message or when initiating a direct chat.
|
||||
max_initial_conversations: -1
|
||||
# Maximum number of messages to backfill in each conversation.
|
||||
# Set to -1 to disable limit.
|
||||
message_count: 50
|
||||
# Should the bridge request a full sync from the phone when logging in?
|
||||
# This bumps the size of history syncs from 3 months to 1 year.
|
||||
request_full_sync: false
|
||||
# Configuration parameters that are sent to the phone along with the request full sync flag.
|
||||
# By default (when the values are null or 0), the config isn't sent at all.
|
||||
full_sync_config:
|
||||
# Number of days of history to request.
|
||||
# The limit seems to be around 3 years, but using higher values doesn't break.
|
||||
days_limit: null
|
||||
# This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob.
|
||||
size_mb_limit: null
|
||||
# This is presumably the local storage quota, which may affect what the phone includes in the history sync blob.
|
||||
storage_quota_mb: null
|
||||
# If this value is greater than 0, then if the conversation's last message was more than
|
||||
# this number of hours ago, then the conversation will automatically be marked it as read.
|
||||
# Conversations that have a last message that is less than this number of hours ago will
|
||||
# have their unread status synced from WhatsApp.
|
||||
unread_hours_threshold: 0
|
||||
|
||||
###############################################################################
|
||||
# The settings below are only applicable for backfilling using batch sending, #
|
||||
# which is no longer supported in Synapse. #
|
||||
###############################################################################
|
||||
###############################################################################
|
||||
# The settings below are only applicable for backfilling using batch sending, #
|
||||
# which is no longer supported in Synapse. #
|
||||
###############################################################################
|
||||
|
||||
# Settings for media requests. If the media expired, then it will not be on the WA servers.
|
||||
# Media can always be requested by reacting with the ♻️ (recycle) emoji.
|
||||
# These settings determine if the media requests should be done automatically during or after backfill.
|
||||
media_requests:
|
||||
# Should expired media be automatically requested from the server as part of the backfill process?
|
||||
auto_request_media: true
|
||||
# Whether to request the media immediately after the media message is backfilled ("immediate")
|
||||
# or at a specific time of the day ("local_time").
|
||||
request_method: immediate
|
||||
# If request_method is "local_time", what time should the requests be sent (in minutes after midnight)?
|
||||
request_local_time: 120
|
||||
# Settings for immediate backfills. These backfills should generally be small and their main purpose is
|
||||
# to populate each of the initial chats (as configured by max_initial_conversations) with a few messages
|
||||
# so that you can continue conversations without losing context.
|
||||
immediate:
|
||||
# The number of concurrent backfill workers to create for immediate backfills.
|
||||
# Note that using more than one worker could cause the room list to jump around
|
||||
# since there are no guarantees about the order in which the backfills will complete.
|
||||
worker_count: 1
|
||||
# The maximum number of events to backfill initially.
|
||||
max_events: 10
|
||||
# Settings for deferred backfills. The purpose of these backfills are to fill in the rest of
|
||||
# the chat history that was not covered by the immediate backfills.
|
||||
# These backfills generally should happen at a slower pace so as not to overload the homeserver.
|
||||
# Each deferred backfill config should define a "stage" of backfill (i.e. the last week of messages).
|
||||
# The fields are as follows:
|
||||
# - start_days_ago: the number of days ago to start backfilling from.
|
||||
# To indicate the start of time, use -1. For example, for a week ago, use 7.
|
||||
# - max_batch_events: the number of events to send per batch.
|
||||
# - batch_delay: the number of seconds to wait before backfilling each batch.
|
||||
deferred:
|
||||
# Last Week
|
||||
- start_days_ago: 7
|
||||
max_batch_events: 20
|
||||
batch_delay: 5
|
||||
# Last Month
|
||||
- start_days_ago: 30
|
||||
max_batch_events: 50
|
||||
batch_delay: 10
|
||||
# Last 3 months
|
||||
- start_days_ago: 90
|
||||
max_batch_events: 100
|
||||
batch_delay: 10
|
||||
# The start of time
|
||||
- start_days_ago: -1
|
||||
max_batch_events: 500
|
||||
batch_delay: 10
|
||||
# Settings for media requests. If the media expired, then it will not be on the WA servers.
|
||||
# Media can always be requested by reacting with the ♻️ (recycle) emoji.
|
||||
# These settings determine if the media requests should be done automatically during or after backfill.
|
||||
media_requests:
|
||||
# Should expired media be automatically requested from the server as part of the backfill process?
|
||||
auto_request_media: true
|
||||
# Whether to request the media immediately after the media message is backfilled ("immediate")
|
||||
# or at a specific time of the day ("local_time").
|
||||
request_method: immediate
|
||||
# If request_method is "local_time", what time should the requests be sent (in minutes after midnight)?
|
||||
request_local_time: 120
|
||||
# Settings for immediate backfills. These backfills should generally be small and their main purpose is
|
||||
# to populate each of the initial chats (as configured by max_initial_conversations) with a few messages
|
||||
# so that you can continue conversations without losing context.
|
||||
immediate:
|
||||
# The number of concurrent backfill workers to create for immediate backfills.
|
||||
# Note that using more than one worker could cause the room list to jump around
|
||||
# since there are no guarantees about the order in which the backfills will complete.
|
||||
worker_count: 1
|
||||
# The maximum number of events to backfill initially.
|
||||
max_events: 10
|
||||
# Settings for deferred backfills. The purpose of these backfills are to fill in the rest of
|
||||
# the chat history that was not covered by the immediate backfills.
|
||||
# These backfills generally should happen at a slower pace so as not to overload the homeserver.
|
||||
# Each deferred backfill config should define a "stage" of backfill (i.e. the last week of messages).
|
||||
# The fields are as follows:
|
||||
# - start_days_ago: the number of days ago to start backfilling from.
|
||||
# To indicate the start of time, use -1. For example, for a week ago, use 7.
|
||||
# - max_batch_events: the number of events to send per batch.
|
||||
# - batch_delay: the number of seconds to wait before backfilling each batch.
|
||||
deferred:
|
||||
# Last Week
|
||||
- start_days_ago: 7
|
||||
max_batch_events: 20
|
||||
batch_delay: 5
|
||||
# Last Month
|
||||
- start_days_ago: 30
|
||||
max_batch_events: 50
|
||||
batch_delay: 10
|
||||
# Last 3 months
|
||||
- start_days_ago: 90
|
||||
max_batch_events: 100
|
||||
batch_delay: 10
|
||||
# The start of time
|
||||
- start_days_ago: -1
|
||||
max_batch_events: 500
|
||||
batch_delay: 10
|
||||
|
||||
# Should puppet avatars be fetched from the server even if an avatar is already set?
|
||||
user_avatar_sync: true
|
||||
# Should Matrix users leaving groups be bridged to WhatsApp?
|
||||
bridge_matrix_leave: true
|
||||
# Should the bridge update the m.direct account data event when double puppeting is enabled.
|
||||
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
|
||||
# and is therefore prone to race conditions.
|
||||
sync_direct_chat_list: false
|
||||
# Should the bridge use MSC2867 to bridge manual "mark as unread"s from
|
||||
# WhatsApp and set the unread status on initial backfill?
|
||||
# This will only work on clients that support the m.marked_unread or
|
||||
# com.famedly.marked_unread room account data.
|
||||
sync_manual_marked_unread: true
|
||||
# When double puppeting is enabled, users can use `!wa toggle` to change whether
|
||||
# presence is bridged. This setting sets the default value.
|
||||
# Existing users won't be affected when these are changed.
|
||||
default_bridge_presence: true
|
||||
# Send the presence as "available" to whatsapp when users start typing on a portal.
|
||||
# This works as a workaround for homeservers that do not support presence, and allows
|
||||
# users to see when the whatsapp user on the other side is typing during a conversation.
|
||||
send_presence_on_typing: false
|
||||
# Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp)
|
||||
# even if the user isn't marked as online (e.g. when presence bridging isn't enabled)?
|
||||
# Should puppet avatars be fetched from the server even if an avatar is already set?
|
||||
user_avatar_sync: true
|
||||
# Should Matrix users leaving groups be bridged to WhatsApp?
|
||||
bridge_matrix_leave: true
|
||||
# Should the bridge update the m.direct account data event when double puppeting is enabled.
|
||||
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
|
||||
# and is therefore prone to race conditions.
|
||||
sync_direct_chat_list: false
|
||||
# Should the bridge use MSC2867 to bridge manual "mark as unread"s from
|
||||
# WhatsApp and set the unread status on initial backfill?
|
||||
# This will only work on clients that support the m.marked_unread or
|
||||
# com.famedly.marked_unread room account data.
|
||||
sync_manual_marked_unread: true
|
||||
# When double puppeting is enabled, users can use `!wa toggle` to change whether
|
||||
# presence is bridged. This setting sets the default value.
|
||||
# Existing users won't be affected when these are changed.
|
||||
default_bridge_presence: true
|
||||
# Send the presence as "available" to whatsapp when users start typing on a portal.
|
||||
# This works as a workaround for homeservers that do not support presence, and allows
|
||||
# users to see when the whatsapp user on the other side is typing during a conversation.
|
||||
send_presence_on_typing: false
|
||||
# Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp)
|
||||
# even if the user isn't marked as online (e.g. when presence bridging isn't enabled)?
|
||||
#
|
||||
# By default, the bridge acts like WhatsApp web, which only sends active delivery
|
||||
# receipts when it's in the foreground.
|
||||
force_active_delivery_receipts: false
|
||||
# Servers to always allow double puppeting from
|
||||
double_puppet_server_map:
|
||||
example.com: https://example.com
|
||||
# Allow using double puppeting from any server with a valid client .well-known file.
|
||||
double_puppet_allow_discovery: false
|
||||
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, double puppeting will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret_map:
|
||||
example.com: foobar
|
||||
# Whether to explicitly set the avatar and room name for private chat portal rooms.
|
||||
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
|
||||
# If set to `always`, all DM rooms will have explicit names and avatars set.
|
||||
# If set to `never`, DM rooms will never have names and avatars set.
|
||||
private_chat_portal_meta: default
|
||||
# Should group members be synced in parallel? This makes member sync faster
|
||||
parallel_member_sync: false
|
||||
# Should Matrix m.notice-type messages be bridged?
|
||||
bridge_notices: true
|
||||
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
|
||||
# This field will automatically be changed back to false after it, except if the config file is not writable.
|
||||
resend_bridge_info: false
|
||||
# When using double puppeting, should muted chats be muted in Matrix?
|
||||
mute_bridging: false
|
||||
# When using double puppeting, should archived chats be moved to a specific tag in Matrix?
|
||||
# Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix.
|
||||
# This can be set to a tag (e.g. m.lowpriority), or null to disable.
|
||||
archive_tag: null
|
||||
# Same as above, but for pinned chats. The favorite tag is called m.favourite
|
||||
pinned_tag: null
|
||||
# Should mute status and tags only be bridged when the portal room is created?
|
||||
tag_only_on_create: true
|
||||
# Should WhatsApp status messages be bridged into a Matrix room?
|
||||
# Disabling this won't affect already created status broadcast rooms.
|
||||
enable_status_broadcast: true
|
||||
# Should sending WhatsApp status messages be allowed?
|
||||
# This can cause issues if the user has lots of contacts, so it's disabled by default.
|
||||
disable_status_broadcast_send: true
|
||||
# Should the status broadcast room be muted and moved into low priority by default?
|
||||
# This is only applied when creating the room, the user can unmute it later.
|
||||
mute_status_broadcast: true
|
||||
# Tag to apply to the status broadcast room.
|
||||
status_broadcast_tag: m.lowpriority
|
||||
# Should the bridge use thumbnails from WhatsApp?
|
||||
# They're disabled by default due to very low resolution.
|
||||
whatsapp_thumbnail: false
|
||||
# Allow invite permission for user. User can invite any bots to room with whatsapp
|
||||
# users (private chat and groups)
|
||||
allow_user_invite: false
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
federate_rooms: true
|
||||
# Should the bridge never send alerts to the bridge management room?
|
||||
# These are mostly things like the user being logged out.
|
||||
disable_bridge_alerts: false
|
||||
# Should the bridge stop if the WhatsApp server says another user connected with the same session?
|
||||
# This is only safe on single-user bridges.
|
||||
crash_on_stream_replaced: false
|
||||
# Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview,
|
||||
# and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews`
|
||||
# key in the event content even if this is disabled.
|
||||
url_previews: false
|
||||
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
|
||||
# This is currently not supported in most clients.
|
||||
caption_in_message: false
|
||||
# Send galleries as a single event? This is not an MSC (yet).
|
||||
beeper_galleries: false
|
||||
# Should polls be sent using MSC3381 event types?
|
||||
extev_polls: false
|
||||
# Should cross-chat replies from WhatsApp be bridged? Most servers and clients don't support this.
|
||||
cross_room_replies: false
|
||||
# Disable generating reply fallbacks? Some extremely bad clients still rely on them,
|
||||
# but they're being phased out and will be completely removed in the future.
|
||||
disable_reply_fallbacks: false
|
||||
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
|
||||
# Null means there's no enforced timeout.
|
||||
message_handling_timeout:
|
||||
# Send an error message after this timeout, but keep waiting for the response until the deadline.
|
||||
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
|
||||
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
|
||||
error_after: null
|
||||
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
|
||||
# This is counted from the time the bridge starts handling the message.
|
||||
deadline: 120s
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!wa"
|
||||
|
||||
# Messages sent upon joining a management room.
|
||||
# Markdown is supported. The defaults are listed below.
|
||||
management_room_text:
|
||||
# Sent when joining a room.
|
||||
welcome: "Hello, I'm a WhatsApp bridge bot."
|
||||
# Sent when joining a management room and the user is already logged in.
|
||||
welcome_connected: "Use `help` for help."
|
||||
# Sent when joining a management room and the user is not logged in.
|
||||
welcome_unconnected: "Use `help` for help or `login` to log in."
|
||||
# Optional extra text sent when joining a management room.
|
||||
additional_help: ""
|
||||
|
||||
# End-to-bridge encryption support options.
|
||||
#
|
||||
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
|
||||
appservice: false
|
||||
# Require encryption, drop any unencrypted messages.
|
||||
require: false
|
||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||
# You must use a client that supports requesting keys from other users to use this feature.
|
||||
allow_key_sharing: false
|
||||
# Should users mentions be in the event wire content to enable the server to send push notifications?
|
||||
plaintext_mentions: false
|
||||
# Options for deleting megolm sessions from the bridge.
|
||||
delete_keys:
|
||||
# Beeper-specific: delete outbound sessions when hungryserv confirms
|
||||
# that the user has uploaded the key to key backup.
|
||||
delete_outbound_on_ack: false
|
||||
# Don't store outbound sessions in the inbound table.
|
||||
dont_store_outbound: false
|
||||
# Ratchet megolm sessions forward after decrypting messages.
|
||||
ratchet_on_decrypt: false
|
||||
# Delete fully used keys (index >= max_messages) after decrypting messages.
|
||||
delete_fully_used_on_decrypt: false
|
||||
# Delete previous megolm sessions from same device when receiving a new one.
|
||||
delete_prev_on_new_session: false
|
||||
# Delete megolm sessions received from a device when the device is deleted.
|
||||
delete_on_device_delete: false
|
||||
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
|
||||
periodically_delete_expired: false
|
||||
# Delete inbound megolm sessions that don't have the received_at field used for
|
||||
# automatic ratcheting and expired session deletion. This is meant as a migration
|
||||
# to delete old keys prior to the bridge update.
|
||||
delete_outdated_inbound: false
|
||||
# What level of device verification should be required from users?
|
||||
#
|
||||
# By default, the bridge acts like WhatsApp web, which only sends active delivery
|
||||
# receipts when it's in the foreground.
|
||||
force_active_delivery_receipts: false
|
||||
# Servers to always allow double puppeting from
|
||||
double_puppet_server_map:
|
||||
example.com: https://example.com
|
||||
# Allow using double puppeting from any server with a valid client .well-known file.
|
||||
double_puppet_allow_discovery: false
|
||||
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, double puppeting will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret_map:
|
||||
example.com: foobar
|
||||
# Whether to explicitly set the avatar and room name for private chat portal rooms.
|
||||
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
|
||||
# If set to `always`, all DM rooms will have explicit names and avatars set.
|
||||
# If set to `never`, DM rooms will never have names and avatars set.
|
||||
private_chat_portal_meta: default
|
||||
# Should group members be synced in parallel? This makes member sync faster
|
||||
parallel_member_sync: false
|
||||
# Should Matrix m.notice-type messages be bridged?
|
||||
bridge_notices: true
|
||||
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
|
||||
# This field will automatically be changed back to false after it, except if the config file is not writable.
|
||||
resend_bridge_info: false
|
||||
# When using double puppeting, should muted chats be muted in Matrix?
|
||||
mute_bridging: false
|
||||
# When using double puppeting, should archived chats be moved to a specific tag in Matrix?
|
||||
# Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix.
|
||||
# This can be set to a tag (e.g. m.lowpriority), or null to disable.
|
||||
archive_tag: null
|
||||
# Same as above, but for pinned chats. The favorite tag is called m.favourite
|
||||
pinned_tag: null
|
||||
# Should mute status and tags only be bridged when the portal room is created?
|
||||
tag_only_on_create: true
|
||||
# Should WhatsApp status messages be bridged into a Matrix room?
|
||||
# Disabling this won't affect already created status broadcast rooms.
|
||||
enable_status_broadcast: true
|
||||
# Should sending WhatsApp status messages be allowed?
|
||||
# This can cause issues if the user has lots of contacts, so it's disabled by default.
|
||||
disable_status_broadcast_send: true
|
||||
# Should the status broadcast room be muted and moved into low priority by default?
|
||||
# This is only applied when creating the room, the user can unmute it later.
|
||||
mute_status_broadcast: true
|
||||
# Tag to apply to the status broadcast room.
|
||||
status_broadcast_tag: m.lowpriority
|
||||
# Should the bridge use thumbnails from WhatsApp?
|
||||
# They're disabled by default due to very low resolution.
|
||||
whatsapp_thumbnail: false
|
||||
# Allow invite permission for user. User can invite any bots to room with whatsapp
|
||||
# users (private chat and groups)
|
||||
allow_user_invite: false
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
federate_rooms: true
|
||||
# Should the bridge never send alerts to the bridge management room?
|
||||
# These are mostly things like the user being logged out.
|
||||
disable_bridge_alerts: false
|
||||
# Should the bridge stop if the WhatsApp server says another user connected with the same session?
|
||||
# This is only safe on single-user bridges.
|
||||
crash_on_stream_replaced: false
|
||||
# Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview,
|
||||
# and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews`
|
||||
# key in the event content even if this is disabled.
|
||||
url_previews: false
|
||||
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
|
||||
# This is currently not supported in most clients.
|
||||
caption_in_message: false
|
||||
# Send galleries as a single event? This is not an MSC (yet).
|
||||
beeper_galleries: false
|
||||
# Should polls be sent using MSC3381 event types?
|
||||
extev_polls: false
|
||||
# Should cross-chat replies from WhatsApp be bridged? Most servers and clients don't support this.
|
||||
cross_room_replies: false
|
||||
# Disable generating reply fallbacks? Some extremely bad clients still rely on them,
|
||||
# but they're being phased out and will be completely removed in the future.
|
||||
disable_reply_fallbacks: false
|
||||
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
|
||||
# Null means there's no enforced timeout.
|
||||
message_handling_timeout:
|
||||
# Send an error message after this timeout, but keep waiting for the response until the deadline.
|
||||
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
|
||||
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
|
||||
error_after: null
|
||||
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
|
||||
# This is counted from the time the bridge starts handling the message.
|
||||
deadline: 120s
|
||||
# Valid levels:
|
||||
# unverified - Send keys to all device in the room.
|
||||
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
|
||||
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
|
||||
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
|
||||
# Note that creating user signatures from the bridge bot is not currently possible.
|
||||
# verified - Require manual per-device verification
|
||||
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
|
||||
verification_levels:
|
||||
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
|
||||
receive: unverified
|
||||
# Minimum level that the bridge should accept for incoming Matrix messages.
|
||||
send: unverified
|
||||
# Minimum level that the bridge should require for accepting key requests.
|
||||
share: cross-signed-tofu
|
||||
# Options for Megolm room key rotation. These options allow you to
|
||||
# configure the m.room.encryption event content. See:
|
||||
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
|
||||
# more information about that event.
|
||||
rotation:
|
||||
# Enable custom Megolm room key rotation settings. Note that these
|
||||
# settings will only apply to rooms created after this option is
|
||||
# set.
|
||||
enable_custom: false
|
||||
# The maximum number of milliseconds a session should be used
|
||||
# before changing it. The Matrix spec recommends 604800000 (a week)
|
||||
# as the default.
|
||||
milliseconds: 604800000
|
||||
# The maximum number of messages that should be sent with a given a
|
||||
# session before changing it. The Matrix spec recommends 100 as the
|
||||
# default.
|
||||
messages: 100
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!wa"
|
||||
# Disable rotating keys when a user's devices change?
|
||||
# You should not enable this option unless you understand all the implications.
|
||||
disable_device_change_key_rotation: false
|
||||
|
||||
# Messages sent upon joining a management room.
|
||||
# Markdown is supported. The defaults are listed below.
|
||||
management_room_text:
|
||||
# Sent when joining a room.
|
||||
welcome: "Hello, I'm a WhatsApp bridge bot."
|
||||
# Sent when joining a management room and the user is already logged in.
|
||||
welcome_connected: "Use `help` for help."
|
||||
# Sent when joining a management room and the user is not logged in.
|
||||
welcome_unconnected: "Use `help` for help or `login` to log in."
|
||||
# Optional extra text sent when joining a management room.
|
||||
additional_help: ""
|
||||
# Settings for provisioning API
|
||||
provisioning:
|
||||
# Prefix for the provisioning API paths.
|
||||
prefix: /_matrix/provision
|
||||
# Shared secret for authentication. If set to "generate", a random secret will be generated,
|
||||
# or if set to "disable", the provisioning API will be disabled.
|
||||
shared_secret: generate
|
||||
# Enable debug API at /debug with provisioning authentication.
|
||||
debug_endpoints: false
|
||||
|
||||
# End-to-bridge encryption support options.
|
||||
#
|
||||
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
|
||||
appservice: false
|
||||
# Require encryption, drop any unencrypted messages.
|
||||
require: false
|
||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||
# You must use a client that supports requesting keys from other users to use this feature.
|
||||
allow_key_sharing: false
|
||||
# Should users mentions be in the event wire content to enable the server to send push notifications?
|
||||
plaintext_mentions: false
|
||||
# Options for deleting megolm sessions from the bridge.
|
||||
delete_keys:
|
||||
# Beeper-specific: delete outbound sessions when hungryserv confirms
|
||||
# that the user has uploaded the key to key backup.
|
||||
delete_outbound_on_ack: false
|
||||
# Don't store outbound sessions in the inbound table.
|
||||
dont_store_outbound: false
|
||||
# Ratchet megolm sessions forward after decrypting messages.
|
||||
ratchet_on_decrypt: false
|
||||
# Delete fully used keys (index >= max_messages) after decrypting messages.
|
||||
delete_fully_used_on_decrypt: false
|
||||
# Delete previous megolm sessions from same device when receiving a new one.
|
||||
delete_prev_on_new_session: false
|
||||
# Delete megolm sessions received from a device when the device is deleted.
|
||||
delete_on_device_delete: false
|
||||
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
|
||||
periodically_delete_expired: false
|
||||
# Delete inbound megolm sessions that don't have the received_at field used for
|
||||
# automatic ratcheting and expired session deletion. This is meant as a migration
|
||||
# to delete old keys prior to the bridge update.
|
||||
delete_outdated_inbound: false
|
||||
# What level of device verification should be required from users?
|
||||
#
|
||||
# Valid levels:
|
||||
# unverified - Send keys to all device in the room.
|
||||
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
|
||||
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
|
||||
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
|
||||
# Note that creating user signatures from the bridge bot is not currently possible.
|
||||
# verified - Require manual per-device verification
|
||||
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
|
||||
verification_levels:
|
||||
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
|
||||
receive: unverified
|
||||
# Minimum level that the bridge should accept for incoming Matrix messages.
|
||||
send: unverified
|
||||
# Minimum level that the bridge should require for accepting key requests.
|
||||
share: cross-signed-tofu
|
||||
# Options for Megolm room key rotation. These options allow you to
|
||||
# configure the m.room.encryption event content. See:
|
||||
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
|
||||
# more information about that event.
|
||||
rotation:
|
||||
# Enable custom Megolm room key rotation settings. Note that these
|
||||
# settings will only apply to rooms created after this option is
|
||||
# set.
|
||||
enable_custom: false
|
||||
# The maximum number of milliseconds a session should be used
|
||||
# before changing it. The Matrix spec recommends 604800000 (a week)
|
||||
# as the default.
|
||||
milliseconds: 604800000
|
||||
# The maximum number of messages that should be sent with a given a
|
||||
# session before changing it. The Matrix spec recommends 100 as the
|
||||
# default.
|
||||
messages: 100
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# relay - Talk through the relaybot (if enabled), no access otherwise
|
||||
# user - Access to use the bridge to chat with a WhatsApp account.
|
||||
# admin - User level and some additional administration tools
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
"*": relay
|
||||
"example.com": user
|
||||
"@admin:example.com": admin
|
||||
|
||||
# Disable rotating keys when a user's devices change?
|
||||
# You should not enable this option unless you understand all the implications.
|
||||
disable_device_change_key_rotation: false
|
||||
|
||||
# Settings for provisioning API
|
||||
provisioning:
|
||||
# Prefix for the provisioning API paths.
|
||||
prefix: /_matrix/provision
|
||||
# Shared secret for authentication. If set to "generate", a random secret will be generated,
|
||||
# or if set to "disable", the provisioning API will be disabled.
|
||||
shared_secret: generate
|
||||
# Enable debug API at /debug with provisioning authentication.
|
||||
debug_endpoints: false
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# relay - Talk through the relaybot (if enabled), no access otherwise
|
||||
# user - Access to use the bridge to chat with a WhatsApp account.
|
||||
# admin - User level and some additional administration tools
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
"*": relay
|
||||
"example.com": user
|
||||
"@admin:example.com": admin
|
||||
|
||||
# Settings for relay mode
|
||||
relay:
|
||||
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
|
||||
# authenticated user into a relaybot for that chat.
|
||||
enabled: false
|
||||
# Should only admins be allowed to set themselves as relay users?
|
||||
admin_only: true
|
||||
# The formats to use when sending messages to WhatsApp via the relaybot.
|
||||
message_formats:
|
||||
m.text: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
|
||||
m.notice: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
|
||||
m.emote: "* <b>{{ .Sender.Displayname }}</b> {{ .Message }}"
|
||||
m.file: "<b>{{ .Sender.Displayname }}</b> sent a file"
|
||||
m.image: "<b>{{ .Sender.Displayname }}</b> sent an image"
|
||||
m.audio: "<b>{{ .Sender.Displayname }}</b> sent an audio file"
|
||||
m.video: "<b>{{ .Sender.Displayname }}</b> sent a video"
|
||||
m.location: "<b>{{ .Sender.Displayname }}</b> sent a location"
|
||||
# Settings for relay mode
|
||||
relay:
|
||||
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
|
||||
# authenticated user into a relaybot for that chat.
|
||||
enabled: false
|
||||
# Should only admins be allowed to set themselves as relay users?
|
||||
admin_only: true
|
||||
# The formats to use when sending messages to WhatsApp via the relaybot.
|
||||
message_formats:
|
||||
m.text: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
|
||||
m.notice: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
|
||||
m.emote: "* <b>{{ .Sender.Displayname }}</b> {{ .Message }}"
|
||||
m.file: "<b>{{ .Sender.Displayname }}</b> sent a file"
|
||||
m.image: "<b>{{ .Sender.Displayname }}</b> sent an image"
|
||||
m.audio: "<b>{{ .Sender.Displayname }}</b> sent an audio file"
|
||||
m.video: "<b>{{ .Sender.Displayname }}</b> sent a video"
|
||||
m.location: "<b>{{ .Sender.Displayname }}</b> sent a location"
|
||||
|
||||
# Logging config. See https://github.com/tulir/zeroconfig for details.
|
||||
logging:
|
||||
min_level: debug
|
||||
writers:
|
||||
min_level: debug
|
||||
writers:
|
||||
- type: stdout
|
||||
format: pretty-colored
|
||||
- type: file
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: outline
|
||||
version: 0.4.0
|
||||
version: 0.5.1
|
||||
description: Chart for Outline wiki
|
||||
keywords:
|
||||
- wiki
|
||||
@@ -14,5 +14,5 @@ icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
|
||||
dependencies:
|
||||
- name: redis
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 19.1.0
|
||||
version: 19.1.1
|
||||
appVersion: v0.75.2
|
||||
|
||||
@@ -55,7 +55,7 @@ spec:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.outline.database.usernameSecret.existingSecretName }}"
|
||||
key: "{{ .Values.outline.database.usernameSecret.existingSecretKey }}"
|
||||
key: "{{ .Values.outline.database.usernameSecret.existingSecretKey }}"
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@@ -75,7 +75,7 @@ spec:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.outline.database.databasePort.existingSecretName }}"
|
||||
key: "{{ .Values.outline.database.databasePort.existingSecretKey }}"
|
||||
key: "{{ .Values.outline.database.databasePort.existingSecretKey }}"
|
||||
- name: DATABASE_URL
|
||||
value: "postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)"
|
||||
- name: DATABASE_URL_TEST
|
||||
@@ -102,41 +102,14 @@ spec:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.persistence.s3.credentialsSecret }}"
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
{{- if .Values.persistence.s3.endpointConfigMap.enabled }}
|
||||
- name: AWS_REGION
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
|
||||
key: BUCKET_REGION
|
||||
- name: AWS_S3_UPLOAD_BUCKET_NAME
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
|
||||
key: BUCKET_NAME
|
||||
- name: AWS_S3_UPLOAD_BUCKET_HOST
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
|
||||
key: BUCKET_HOST
|
||||
- name: AWS_S3_UPLOAD_BUCKET_PORT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: "{{ .Values.persistence.s3.endpointConfigMap.name }}"
|
||||
key: BUCKET_PORT
|
||||
- name: AWS_S3_UPLOAD_BUCKET_URL
|
||||
value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"
|
||||
- name: AWS_S3_ACCELERATE_URL
|
||||
value: "{{ .Values.persistence.s3.urlProtocol }}://$(AWS_S3_UPLOAD_BUCKET_NAME).$(AWS_S3_UPLOAD_BUCKET_HOST):$(AWS_S3_UPLOAD_BUCKET_PORT)"
|
||||
{{- else }}
|
||||
- name: AWS_REGION
|
||||
value: "{{ .Values.persistence.s3.region }}"
|
||||
- name: AWS_S3_UPLOAD_BUCKET_NAME
|
||||
value: "{{ .Values.persistence.s3.bucketName }}"
|
||||
- name: AWS_S3_UPLOAD_BUCKET_URL
|
||||
value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"
|
||||
value: "{{ .Values.persistence.s3.bucketUrl }}"
|
||||
- name: AWS_S3_ACCELERATE_URL
|
||||
value: "{{ .Values.persistence.s3.urlProtocol }}://{{ .Values.persistence.s3.bucketName }}.{{ .Values.persistence.s3.host }}"
|
||||
{{- end }}
|
||||
value: "{{ .Values.persistence.s3.bucketUrl }}"
|
||||
- name: AWS_S3_FORCE_PATH_STYLE
|
||||
value: "{{ .Values.persistence.s3.forcePathStyle }}"
|
||||
- name: AWS_S3_ACL
|
||||
|
||||
@@ -24,13 +24,9 @@ persistence:
|
||||
type: s3
|
||||
s3:
|
||||
credentialsSecret:
|
||||
endpointConfigMap:
|
||||
enabled: false
|
||||
name:
|
||||
region:
|
||||
bucketName:
|
||||
host:
|
||||
urlProtocol: http
|
||||
bucketUrl:
|
||||
uploadMaxSize: "26214400"
|
||||
forcePathStyle: false
|
||||
acl: private
|
||||
@@ -63,7 +59,7 @@ outline:
|
||||
existingSecretKey:
|
||||
databasePort:
|
||||
existingSecretName:
|
||||
existingSecretKey:
|
||||
existingSecretKey:
|
||||
connectionPoolMin: ""
|
||||
connectionPoolMax: "20"
|
||||
sslMode: disable
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: postgres-cluster-upgrade
|
||||
version: 0.1.2
|
||||
description: Chart for upgrading a cloudnative-pg cluster in the same namespace
|
||||
keywords:
|
||||
- database
|
||||
- postgres
|
||||
- upgrade
|
||||
sources:
|
||||
- https://github.com/cloudnative-pg/cloudnative-pg
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
|
||||
appVersion: v1.22.2
|
||||
@@ -1,19 +0,0 @@
|
||||
## Introduction
|
||||
|
||||
[CloudNative PG](https://github.com/cloudnative-pg/cloudnative-pg)
|
||||
|
||||
CloudNativePG is the Kubernetes operator that covers the full lifecycle of a highly available PostgreSQL database cluster with a primary/standby architecture, using native streaming replication.
|
||||
|
||||
This chart bootstraps a [CNPG](https://github.com/cloudnative-pg/cloudnative-pg) cluster upgraade on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
The process is designed to be used in conjunction with the [postgres-cluster](https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster) chart. The cluster in this chart connects to the orignal cluster, peforms an upgrade, then backups to the objectStore endpoint. Afterwards the upgrade cluster is removed and the orignal cluster bootstraps from the upgrade's backup.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes
|
||||
- Helm
|
||||
- CloudNative PG Operator
|
||||
|
||||
## Parameters
|
||||
|
||||
See the [values files](values.yaml).
|
||||
@@ -1,17 +0,0 @@
|
||||
{{- if .Values.backup.inititeBackup }}
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Backup
|
||||
metadata:
|
||||
name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade-backup"
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: database
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
method: barmanObjectStore
|
||||
cluster:
|
||||
name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
|
||||
{{- end }}
|
||||
@@ -1,68 +0,0 @@
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: "postgresql-{{ .Release.Name }}-cluster-upgrade"
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: database
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
imageName: "{{ .Values.cluster.image.repository }}:{{ .Values.cluster.image.tag }}"
|
||||
instances: {{ .Values.cluster.instances }}
|
||||
affinity:
|
||||
enablePodAntiAffinity: true
|
||||
topologyKey: kubernetes.io/hostname
|
||||
postgresql:
|
||||
parameters:
|
||||
{{- toYaml .Values.cluster.parameters | nindent 6 }}
|
||||
resources:
|
||||
{{- toYaml .Values.cluster.resources | nindent 4 }}
|
||||
storage:
|
||||
storageClass: {{ .Values.cluster.storage.data.storageClass }}
|
||||
size: {{ .Values.cluster.storage.data.size }}
|
||||
walStorage:
|
||||
storageClass: {{ .Values.cluster.storage.wal.storageClass }}
|
||||
size: {{ .Values.cluster.storage.wal.size }}
|
||||
monitoring:
|
||||
enablePodMonitor: true
|
||||
|
||||
bootstrap:
|
||||
initdb:
|
||||
import:
|
||||
type: {{ .Values.upgrade.importType }}
|
||||
databases:
|
||||
{{- toYaml .Values.upgrade.importDatabases | nindent 10 }}
|
||||
source:
|
||||
externalCluster: "postgresql-{{ .Release.Name }}-cluster"
|
||||
externalClusters:
|
||||
- name: "postgresql-{{ .Release.Name }}-cluster"
|
||||
connectionParameters:
|
||||
host: "postgresql-{{ .Release.Name }}-cluster-rw"
|
||||
user: app
|
||||
dbname: app
|
||||
password:
|
||||
name: "postgresql-{{ .Release.Name }}-cluster-app"
|
||||
key: password
|
||||
|
||||
{{- if .Values.backup.backupEnabled }}
|
||||
backup:
|
||||
retentionPolicy: "{{ .Values.backup.retentionPolicy }}"
|
||||
barmanObjectStore:
|
||||
destinationPath: "s3://{{ .Values.backup.bucket }}/{{ .Values.cluster.name }}/postgresql/{{ .Release.Name }}-cluster"
|
||||
endpointURL: {{ .Values.backup.endpointURL }}
|
||||
serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: "postgresql-{{ .Release.Name }}-cluster-backup-secret"
|
||||
key: ACCESS_SECRET_KEY
|
||||
data:
|
||||
compression: {{ .Values.cluster.compression }}
|
||||
wal:
|
||||
compression: {{ .Values.cluster.compression }}
|
||||
{{- end }}
|
||||
@@ -1,37 +0,0 @@
|
||||
cluster:
|
||||
name:
|
||||
image:
|
||||
repository: ghcr.io/cloudnative-pg/postgresql
|
||||
tag: 16.2
|
||||
instances: 1
|
||||
parameters:
|
||||
shared_buffers: 128MB
|
||||
max_slot_wal_keep_size: 2000MB
|
||||
hot_standby_feedback: "on"
|
||||
compression: snappy
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 100m
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 1500m
|
||||
hugepages-2Mi: 512Mi
|
||||
storage:
|
||||
data:
|
||||
storageClass:
|
||||
size: 10Gi
|
||||
wal:
|
||||
storageClass:
|
||||
size: 2Gi
|
||||
upgrade:
|
||||
importType: microservice
|
||||
importDatabases:
|
||||
- app
|
||||
backup:
|
||||
backupEnabled: false
|
||||
inititeBackup: false
|
||||
retentionPolicy: 3d
|
||||
backupIndex: 1
|
||||
endpointURL:
|
||||
bucket:
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: postgres-cluster
|
||||
version: 1.0.0
|
||||
version: 2.2.0
|
||||
description: Chart for cloudnative-pg cluster
|
||||
keywords:
|
||||
- database
|
||||
|
||||
@@ -3,20 +3,20 @@
|
||||
backup:
|
||||
retentionPolicy: {{ .Values.backup.retentionPolicy }}
|
||||
barmanObjectStore:
|
||||
destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Release.Name }}"
|
||||
destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.name" . }}"
|
||||
endpointURL: {{ .Values.backup.endpointURL }}
|
||||
{{- if .Values.backup.endpointCA }}
|
||||
endpointCA:
|
||||
name: {{ .Values.backup.endpointCA }}
|
||||
key: ca-bundle.crt
|
||||
{{- end }}
|
||||
serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backup.backupIndex }}"
|
||||
serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.backup.backupIndex }}"
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.backup.credentials" . }}
|
||||
name: {{ include "cluster.backupCredentials" . }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.backup.credentials" . }}
|
||||
name: {{ include "cluster.backupCredentials" . }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
wal:
|
||||
compression: {{ .Values.backup.wal.compression }}
|
||||
|
||||
@@ -1,61 +0,0 @@
|
||||
{{- define "cluster.bootstrap" -}}
|
||||
bootstrap:
|
||||
{{- if eq .Values.mode "standalone" }}
|
||||
initdb:
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- with (omit . "postInitApplicationSQL") }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
postInitApplicationSQL:
|
||||
{{- if eq .Values.type "postgis" }}
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis;
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis_topology;
|
||||
- CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
|
||||
{{- else if eq .Values.type "timescaledb" }}
|
||||
- CREATE EXTENSION IF NOT EXISTS timescaledb;
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- range .postInitApplicationSQL }}
|
||||
{{- printf "- %s" . | nindent 6 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- else if eq .Values.mode "recovery" }}
|
||||
recovery:
|
||||
{{- with .Values.recovery.pitrTarget.time }}
|
||||
recoveryTarget:
|
||||
targetTime: {{ . }}
|
||||
{{- end }}
|
||||
source: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
|
||||
externalClusters:
|
||||
- name: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
|
||||
barmanObjectStore:
|
||||
serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
|
||||
destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Release.Name }}"
|
||||
endpointURL: {{ .Values.recovery.endpointURL }}
|
||||
{{- with .Values.recovery.endpointCA }}
|
||||
endpointCA:
|
||||
name: {{ . }}
|
||||
key: ca-bundle.crt
|
||||
{{- end }}
|
||||
serverName: "postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.recovery.credentials" . }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.recovery.credentials" . }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
wal:
|
||||
compression: {{ .Values.recovery.wal.compression }}
|
||||
encryption: {{ .Values.recovery.wal.encryption }}
|
||||
maxParallel: {{ .Values.recovery.wal.maxParallel }}
|
||||
data:
|
||||
compression: {{ .Values.recovery.data.compression }}
|
||||
encryption: {{ .Values.recovery.data.encryption }}
|
||||
jobs: {{ .Values.recovery.data.jobs }}
|
||||
{{- else }}
|
||||
{{ fail "Invalid cluster mode!" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
92
charts/postgres-cluster/templates/_bootstrap.tpl
Normal file
92
charts/postgres-cluster/templates/_bootstrap.tpl
Normal file
@@ -0,0 +1,92 @@
|
||||
{{- define "cluster.bootstrap" -}}
|
||||
bootstrap:
|
||||
{{- if eq .Values.mode "standalone" }}
|
||||
initdb:
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- with (omit . "postInitApplicationSQL") }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
postInitApplicationSQL:
|
||||
{{- if eq .Values.type "postgis" }}
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis;
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis_topology;
|
||||
- CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;
|
||||
- CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder;
|
||||
{{- else if eq .Values.type "timescaledb" }}
|
||||
- CREATE EXTENSION IF NOT EXISTS timescaledb;
|
||||
{{- end }}
|
||||
{{- with .Values.cluster.initdb }}
|
||||
{{- range .postInitApplicationSQL }}
|
||||
{{- printf "- %s" . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.mode "replica" }}
|
||||
initdb:
|
||||
import:
|
||||
type: {{ .Values.replica.importType }}
|
||||
databases:
|
||||
{{- if and (len .Values.replica.importDatabases gt 1) (.Values.replica.importType eq "microservice") }}
|
||||
{{ fail "Too many databases in import type of microservice!" }}
|
||||
{{- else}}
|
||||
{{- with .Values.replica.importDatabases }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.replica.importType eq "monolith" }}
|
||||
roles:
|
||||
{{- with .Values.replica.importRoles }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and (.Values.replica.postImportApplicationSQL) (.Values.replica.importType eq "microservice") }}
|
||||
postImportApplicationSQL:
|
||||
{{- with .Values.replica.postImportApplicationSQL }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
source:
|
||||
externalCluster: "{{ include "cluster.name" . }}-cluster"
|
||||
externalClusters:
|
||||
- name: "{{ include "cluster.name" . }}-cluster"
|
||||
{{- with .Values.replica.externalCluster }}
|
||||
{{- . | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.mode "recovery" }}
|
||||
recovery:
|
||||
{{- with .Values.recovery.pitrTarget.time }}
|
||||
recoveryTarget:
|
||||
targetTime: {{ . }}
|
||||
{{- end }}
|
||||
source: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
|
||||
externalClusters:
|
||||
- name: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
|
||||
barmanObjectStore:
|
||||
serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
|
||||
destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Values.recovery.recoveryName }}"
|
||||
endpointURL: {{ .Values.recovery.endpointURL }}
|
||||
{{- with .Values.recovery.endpointCA }}
|
||||
endpointCA:
|
||||
name: {{ . }}
|
||||
key: ca-bundle.crt
|
||||
{{- end }}
|
||||
serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
|
||||
s3Credentials:
|
||||
accessKeyId:
|
||||
name: {{ include "cluster.recoveryCredentials" . }}
|
||||
key: ACCESS_KEY_ID
|
||||
secretAccessKey:
|
||||
name: {{ include "cluster.recoveryCredentials" . }}
|
||||
key: ACCESS_SECRET_KEY
|
||||
wal:
|
||||
compression: {{ .Values.recovery.wal.compression }}
|
||||
encryption: {{ .Values.recovery.wal.encryption }}
|
||||
maxParallel: {{ .Values.recovery.wal.maxParallel }}
|
||||
data:
|
||||
compression: {{ .Values.recovery.data.compression }}
|
||||
encryption: {{ .Values.recovery.data.encryption }}
|
||||
jobs: {{ .Values.recovery.data.jobs }}
|
||||
{{- else }}
|
||||
{{ fail "Invalid cluster mode!" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -2,26 +2,12 @@
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "cluster.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "cluster.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- if .Values.nameOverride }}
|
||||
{{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- printf "postgresql-%s-%s" .Values.cluster.image.majorVersion .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
@@ -54,18 +40,29 @@ app.kubernetes.io/part-of: cloudnative-pg
|
||||
{{/*
|
||||
Generate name for object store credentials
|
||||
*/}}
|
||||
{{- define "cluster.recovery.credentials" -}}
|
||||
{{- define "cluster.recoveryCredentials" -}}
|
||||
{{- if .Values.recovery.endpointCredentials -}}
|
||||
{{- .Values.recovery.endpointCredentials -}}
|
||||
{{- else -}}
|
||||
{{- printf "postgresql-%s-cluster-backup-secret" .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- define "cluster.backup.credentials" -}}
|
||||
{{- define "cluster.backupCredentials" -}}
|
||||
{{- if .Values.backup.endpointCredentials -}}
|
||||
{{- .Values.backup.endpointCredentials -}}
|
||||
{{- else -}}
|
||||
{{- printf "postgresql-%s-cluster-backup-secret" .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- printf "%s-backup-secret" (include "cluster.name" .) | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate recovery server name
|
||||
*/}}
|
||||
{{- define "cluster.recoveryName" -}}
|
||||
{{- if .Values.recovery.recoveryName -}}
|
||||
{{- .Values.recovery.recoveryName -}}
|
||||
{{- else -}}
|
||||
{{ include "cluster.name" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: "postgresql-{{ include "cluster.fullname" . }}-cluster"
|
||||
name: {{ include "cluster.name" . }}-cluster
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- with .Values.cluster.annotations }}
|
||||
annotations:
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: "postgresql-{{ include "cluster.fullname" . }}-alert-rules"
|
||||
name: {{ include "cluster.name" . }}-alert-rules
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
@@ -11,14 +11,14 @@ metadata:
|
||||
{{- end }}
|
||||
spec:
|
||||
groups:
|
||||
- name: cloudnative-pg/{{ include "cluster.fullname" . }}
|
||||
- name: cloudnative-pg/{{ include "cluster.name" . }}
|
||||
rules:
|
||||
{{- $dict := dict "excludeRules" .Values.cluster.monitoring.prometheusRule.excludeRules -}}
|
||||
{{- $_ := set $dict "value" "{{ $value }}" -}}
|
||||
{{- $_ := set $dict "namespace" .Release.Namespace -}}
|
||||
{{- $_ := set $dict "cluster" (include "cluster.fullname" .) -}}
|
||||
{{- $_ := set $dict "cluster" (printf "%s-cluster" (include "cluster.name" .) ) -}}
|
||||
{{- $_ := set $dict "labels" (dict "job" "{{ $labels.job }}" "node" "{{ $labels.node }}" "pod" "{{ $labels.pod }}") -}}
|
||||
{{- $_ := set $dict "podSelector" (printf "%s-([1-9][0-9]*)$" (include "cluster.fullname" .)) -}}
|
||||
{{- $_ := set $dict "podSelector" (printf "%s-cluster-([1-9][0-9]*)$" (include "cluster.name" .) ) -}}
|
||||
{{- $_ := set $dict "Values" .Values -}}
|
||||
{{- $_ := set $dict "Template" .Template -}}
|
||||
{{- range $path, $_ := .Files.Glob "prometheus_rules/**.yaml" }}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: ScheduledBackup
|
||||
metadata:
|
||||
name: "postgresql-{{ include "cluster.fullname" . }}-cluster-scheduled-backup"
|
||||
name: {{ include "cluster.name" . }}-scheduled-backup
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "cluster.labels" . | nindent 4 }}
|
||||
@@ -14,5 +14,5 @@ spec:
|
||||
schedule: {{ .Values.backup.schedule }}
|
||||
backupOwnerReference: self
|
||||
cluster:
|
||||
name: "postgresql-{{ include "cluster.fullname" . }}-cluster"
|
||||
name: {{ include "cluster.name" . }}-cluster
|
||||
{{ end }}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
# -- Override the name of the chart
|
||||
# -- Override the name of the cluster
|
||||
nameOverride: ""
|
||||
# -- Override the full name of the chart
|
||||
fullnameOverride: ""
|
||||
|
||||
###
|
||||
# -- Type of the CNPG database. Available types:
|
||||
@@ -12,8 +10,9 @@ type: postgresql
|
||||
|
||||
###
|
||||
# Cluster mode of operation. Available modes:
|
||||
# * `standalone` - default mode. Creates new or updates an existing CNPG cluster.
|
||||
# * `standalone` - Default mode. Creates new or updates an existing CNPG cluster.
|
||||
# * `recovery` - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup
|
||||
# * `replica` - Create database as a replica from another CNPG cluster
|
||||
mode: standalone
|
||||
|
||||
# Generates bucket name and path for recovery and backup, creates: <endpointBucket>/<clusterName>/postgresql/{{ .Release.Name }}
|
||||
@@ -24,7 +23,8 @@ cluster:
|
||||
|
||||
image:
|
||||
repository: ghcr.io/cloudnative-pg/postgresql
|
||||
tag: 16.2
|
||||
tag: "16.2"
|
||||
majorVersion: "16"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# The UID and GID of the postgres user inside the image
|
||||
@@ -111,6 +111,9 @@ recovery:
|
||||
# Generate external cluster name, uses: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
|
||||
recoveryIndex: 1
|
||||
|
||||
# Name of the recovery cluster in the object store, defaults to "cluster.name"
|
||||
recoveryName: ""
|
||||
|
||||
wal:
|
||||
# WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
|
||||
compression: snappy
|
||||
@@ -126,6 +129,32 @@ recovery:
|
||||
# Number of data files to be archived or restored in parallel.
|
||||
jobs: 2
|
||||
|
||||
replica:
|
||||
# See https://cloudnative-pg.io/documentation/current/database_import/
|
||||
# * `microservice` - Single database import as expected from cnpg clusters
|
||||
# * `monolith` - Import multiple databases and roles
|
||||
importType: microservice
|
||||
|
||||
# If type microservice only one database is allowed, default is app as standard in cnpg clusters
|
||||
importDatabases:
|
||||
- app
|
||||
|
||||
# If type microservice no roles are imported and ignored
|
||||
importRoles: []
|
||||
|
||||
# If import type is monolith postImportApplicationSQL is not supported and ignored
|
||||
postImportApplicationSQL: []
|
||||
|
||||
# External cluster connection, password specifies a secret name and the key containing the password value
|
||||
externalCluster:
|
||||
connectionParameters:
|
||||
host: postgresql
|
||||
user: app
|
||||
dbname: app
|
||||
password:
|
||||
name: postgresql
|
||||
key: password
|
||||
|
||||
backup:
|
||||
enabled: false
|
||||
|
||||
|
||||
24
charts/taiga/Chart.yaml
Normal file
24
charts/taiga/Chart.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
apiVersion: v2
|
||||
name: taiga
|
||||
version: 0.2.0
|
||||
description: Chart for Taiga
|
||||
keywords:
|
||||
- kanban
|
||||
- project management
|
||||
sources:
|
||||
- https://github.com/taigaio
|
||||
- https://github.com/rabbitmq/rabbitmq-server
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4
|
||||
dependencies:
|
||||
- name: rabbitmq
|
||||
version: 14.0.1
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
alias: async-rabbitmq
|
||||
- name: rabbitmq
|
||||
version: 14.0.1
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
alias: events-rabbitmq
|
||||
appVersion: 6.7.7
|
||||
17
charts/taiga/README.md
Normal file
17
charts/taiga/README.md
Normal file
@@ -0,0 +1,17 @@
|
||||
## Introduction
|
||||
|
||||
[Taiga 6](https://github.com/taigaio)
|
||||
|
||||
Intuitive and simple, yet feature complete Kanban board
|
||||
|
||||
This chart bootstraps a [Taiga](https://github.com/taigaio) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes
|
||||
- Helm
|
||||
|
||||
## Parameters
|
||||
|
||||
See the [values files](values.yaml).
|
||||
135
charts/taiga/templates/_helpers.tpl
Normal file
135
charts/taiga/templates/_helpers.tpl
Normal file
@@ -0,0 +1,135 @@
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "taiga.name" -}}
|
||||
{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "taiga.fullname" -}}
|
||||
{{- if .Values.global.fullnameOverride -}}
|
||||
{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.global.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label
|
||||
*/}}
|
||||
{{- define "taiga.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "taiga.labels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}
|
||||
helm.sh/chart: {{ template "taiga.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels for specific components
|
||||
*/}}
|
||||
{{- define "taiga.back.labels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-back
|
||||
helm.sh/chart: {{ template "taiga.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
{{- define "taiga.async.labels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-async
|
||||
helm.sh/chart: {{ template "taiga.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
{{- define "taiga.front.labels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-front
|
||||
helm.sh/chart: {{ template "taiga.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
{{- define "taiga.events.labels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-events
|
||||
helm.sh/chart: {{ template "taiga.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
{{- define "taiga.protected.labels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
|
||||
helm.sh/chart: {{ template "taiga.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
|
||||
*/}}
|
||||
{{- define "taiga.matchLabels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
{{- define "taiga.back.matchLabels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-back
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
{{- define "taiga.async.matchLabels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-async
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
{{- define "taiga.front.matchLabels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-front
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
{{- define "taiga.events.matchLabels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-events
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
{{- define "taiga.protected.matchLabels" -}}
|
||||
app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "taiga.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "taiga.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the static persistent volume
|
||||
*/}}
|
||||
{{- define "taiga.staticVolumeName" -}}
|
||||
{{- if .Values.persistence.static.existingClaim -}}
|
||||
{{ .Values.persistence.static.existingClaim }}
|
||||
{{- else -}}
|
||||
{{ printf "%s-static" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the media persistent volume
|
||||
*/}}
|
||||
{{- define "taiga.mediaVolumeName" -}}
|
||||
{{- if .Values.persistence.media.existingClaim -}}
|
||||
{{ .Values.persistence.media.existingClaim }}
|
||||
{{- else -}}
|
||||
{{ printf "%s-media" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
36
charts/taiga/templates/config-map.yaml
Normal file
36
charts/taiga/templates/config-map.yaml
Normal file
@@ -0,0 +1,36 @@
|
||||
{{- if .Values.createInitialUser }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-create-initial-user
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
createinitialuser.sh: |
|
||||
#!/bin/sh
|
||||
echo """
|
||||
import time
|
||||
import requests
|
||||
import subprocess
|
||||
|
||||
print('Waiting for backend ...')
|
||||
while requests.get('http://{{ template "taiga.fullname" . }}-back/api/v1/').status_code != 200:
|
||||
print('...')
|
||||
time.sleep(2)
|
||||
|
||||
if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
|
||||
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
|
||||
else:
|
||||
print('Admin user yet created.')
|
||||
""" > /tmp/create_superuser.py
|
||||
python /tmp/create_superuser.py
|
||||
{{- end }}
|
||||
515
charts/taiga/templates/deployment-back.yaml
Normal file
515
charts/taiga/templates/deployment-back.yaml
Normal file
@@ -0,0 +1,515 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-back
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.back.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
revisionHistoryLimit: 3
|
||||
replicas: {{ .Values.back.replicas }}
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "taiga.back.matchLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "taiga.back.labels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: {{ template "taiga.name" . }}-back
|
||||
annotations:
|
||||
{{- with .Values.back.podAnnotations }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
affinity:
|
||||
{{- with .Values.back.affinity }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
nodeSelector:
|
||||
{{- with .Values.back.nodeSelector }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
tolerations:
|
||||
{{- with .Values.back.tolerations }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- with .Values.back.securityContext }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "taiga.fullname" . }}-back
|
||||
image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.back.image.pullPolicy }}
|
||||
resources:
|
||||
{{ toYaml .Values.back.resources | nindent 12 }}
|
||||
ports:
|
||||
- name: taiga-back
|
||||
containerPort: {{ .Values.back.service.port }}
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: taiga-static
|
||||
mountPath: /taiga-back/static
|
||||
- name: taiga-media
|
||||
mountPath: /taiga-back/media
|
||||
env:
|
||||
- name: TAIGA_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.secretKey.existingSecretName }}"
|
||||
key: "{{ .Values.secretKey.existingSecretKey }}"
|
||||
- name: ENABLE_TELEMETRY
|
||||
value: "{{ .Values.enableTelemetry }}"
|
||||
- name: PUBLIC_REGISTER_ENABLED
|
||||
value: "{{ .Values.publicRegisterEnabled }}"
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.usernameKey }}"
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.passwordKey }}"
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.databaseNameKey }}"
|
||||
- name: POSTGRES_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.hostKey }}"
|
||||
|
||||
{{ if .Values.oidc.enabled }}
|
||||
- name: OIDC_ENABLED
|
||||
value: "True"
|
||||
- name: OIDC_SCOPES
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.scopesKey }}"
|
||||
- name: OIDC_SIGN_ALGO
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.signatureAlgorithmKey }}"
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.clientIdKey }}"
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.clientSecretKey }}"
|
||||
- name: OIDC_BASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.baseUrlKey }}"
|
||||
- name: OIDC_JWKS_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.jwksEndpointKey }}"
|
||||
- name: OIDC_AUTHORIZATION_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.authorizationEndpointKey }}"
|
||||
- name: OIDC_TOKEN_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.tokenEndpointKey }}"
|
||||
- name: OIDC_USER_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.userEndpointKey }}"
|
||||
{{ end }}
|
||||
|
||||
{{ if .Values.email.enabled }}
|
||||
- name: EMAIL_BACKEND
|
||||
value: "django.core.mail.backends.smtp.EmailBackend"
|
||||
- name: DEFAULT_FROM_EMAIL
|
||||
value: "{{ .Values.email.from }}"
|
||||
- name: EMAIL_HOST
|
||||
value: "{{ .Values.email.host }}"
|
||||
- name: EMAIL_PORT
|
||||
value: "{{ .Values.email.port }}"
|
||||
- name: EMAIL_USE_TLS
|
||||
value: "{{ .Values.email.tls }}"
|
||||
- name: EMAIL_USE_SSL
|
||||
value: "{{ .Values.email.ssl }}"
|
||||
- name: EMAIL_HOST_USER
|
||||
value: "{{ .Values.email.user }}"
|
||||
- name: EMAIL_HOST_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.email.existingPasswordSecret }}"
|
||||
key: "{{ .Values.email.existingSecretPasswordKey }}"
|
||||
{{ end }}
|
||||
|
||||
- name: ENABLE_GITHUB_AUTH
|
||||
value: "false"
|
||||
- name: ENABLE_GITLAB_AUTH
|
||||
value: "false"
|
||||
- name: ENABLE_SLACK
|
||||
value: "{{ .Values.enableSlack }}"
|
||||
|
||||
{{ if .Values.githubImporter.enabled }}
|
||||
- name: ENABLE_GITHUB_IMPORTER
|
||||
value: "True"
|
||||
- name: GITHUB_API_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.githubImporter.existingSecretName }}"
|
||||
key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
|
||||
- name: GITHUB_API_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.githubImporter.existingSecretName }}"
|
||||
key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
|
||||
{{ else }}
|
||||
- name: ENABLE_GITHUB_IMPORTER
|
||||
value: "False"
|
||||
{{ end }}
|
||||
|
||||
{{ if .Values.jiraImporter.enabled }}
|
||||
- name: ENABLE_JIRA_IMPORTER
|
||||
value: "True"
|
||||
- name: JIRA_IMPORTER_CONSUMER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.jiraImporter.existingSecretName }}"
|
||||
key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
|
||||
- name: JIRA_IMPORTER_CERT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.jiraImporter.existingSecretName }}"
|
||||
key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
|
||||
- name: JIRA_IMPORTER_PUB_CERT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.jiraImporter.existingSecretName }}"
|
||||
key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
|
||||
{{ else }}
|
||||
- name: ENABLE_JIRA_IMPORTER
|
||||
value: "False"
|
||||
{{ end }}
|
||||
|
||||
{{ if .Values.trelloImporter.enabled }}
|
||||
- name: ENABLE_TRELLO_IMPORTER
|
||||
value: "True"
|
||||
- name: TRELLO_IMPORTER_API_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.trelloImporter.existingSecretName }}"
|
||||
key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
|
||||
- name: TRELLO_IMPORTER_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.trelloImporter.existingSecretName }}"
|
||||
key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
|
||||
{{ else }}
|
||||
- name: ENABLE_JIRA_IMPORTER
|
||||
value: "False"
|
||||
{{ end }}
|
||||
|
||||
- name: RABBITMQ_USER
|
||||
value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
|
||||
- name: RABBITMQ_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
|
||||
key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
|
||||
|
||||
{{ if .Values.ingress.enabled }}
|
||||
- name: TAIGA_SITES_DOMAIN
|
||||
value: "{{ .Values.ingress.host }}"
|
||||
- name: TAIGA_SITES_SCHEME
|
||||
value: "https"
|
||||
- name: SESSION_COOKIE_SECURE
|
||||
value: "True"
|
||||
- name: CSRF_COOKIE_SECURE
|
||||
value: "True"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.back.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /admin/login/
|
||||
port: {{ .Values.back.service.port }}
|
||||
initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.back.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /admin/login/
|
||||
port: {{ .Values.back.service.port }}
|
||||
initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
|
||||
- name: {{ template "taiga.fullname" . }}-async
|
||||
image: "{{ .Values.async.image.repository }}:{{ .Values.async.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.async.image.pullPolicy }}
|
||||
resources:
|
||||
{{ toYaml .Values.async.resources | nindent 12 }}
|
||||
command:
|
||||
- /taiga-back/docker/async_entrypoint.sh
|
||||
volumeMounts:
|
||||
- name: taiga-static
|
||||
mountPath: /taiga-back/static
|
||||
- name: taiga-media
|
||||
mountPath: /taiga-back/media
|
||||
env:
|
||||
- name: TAIGA_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.secretKey.existingSecretName }}"
|
||||
key: "{{ .Values.secretKey.existingSecretKey }}"
|
||||
- name: ENABLE_TELEMETRY
|
||||
value: "{{ .Values.enableTelemetry }}"
|
||||
- name: PUBLIC_REGISTER_ENABLED
|
||||
value: "{{ .Values.publicRegisterEnabled }}"
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.usernameKey }}"
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.passwordKey }}"
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.databaseNameKey }}"
|
||||
- name: POSTGRES_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.hostKey }}"
|
||||
|
||||
{{ if .Values.oidc.enabled }}
|
||||
- name: OIDC_ENABLED
|
||||
value: "True"
|
||||
- name: OIDC_SCOPES
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.scopesKey }}"
|
||||
- name: OIDC_SIGN_ALGO
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.signatureAlgorithmKey }}"
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.clientIdKey }}"
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.clientSecretKey }}"
|
||||
- name: OIDC_BASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.baseUrlKey }}"
|
||||
- name: OIDC_JWKS_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.jwksEndpointKey }}"
|
||||
- name: OIDC_AUTHORIZATION_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.authorizationEndpointKey }}"
|
||||
- name: OIDC_TOKEN_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.tokenEndpointKey }}"
|
||||
- name: OIDC_USER_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.oidc.existingSecretName }}"
|
||||
key: "{{ .Values.oidc.userEndpointKey }}"
|
||||
{{ end }}
|
||||
|
||||
{{ if .Values.email.enabled }}
|
||||
- name: EMAIL_BACKEND
|
||||
value: "django.core.mail.backends.smtp.EmailBackend"
|
||||
- name: DEFAULT_FROM_EMAIL
|
||||
value: "{{ .Values.email.from }}"
|
||||
- name: EMAIL_HOST
|
||||
value: "{{ .Values.email.host }}"
|
||||
- name: EMAIL_PORT
|
||||
value: "{{ .Values.email.port }}"
|
||||
- name: EMAIL_USE_TLS
|
||||
value: "{{ .Values.email.tls }}"
|
||||
- name: EMAIL_USE_SSL
|
||||
value: "{{ .Values.email.ssl }}"
|
||||
- name: EMAIL_HOST_USER
|
||||
value: "{{ .Values.email.user }}"
|
||||
- name: EMAIL_HOST_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.email.existingPasswordSecret }}"
|
||||
key: "{{ .Values.email.existingSecretPasswordKey }}"
|
||||
{{ end }}
|
||||
|
||||
- name: ENABLE_GITHUB_AUTH
|
||||
value: "false"
|
||||
- name: ENABLE_GITLAB_AUTH
|
||||
value: "false"
|
||||
- name: ENABLE_SLACK
|
||||
value: "{{ .Values.enableSlack }}"
|
||||
|
||||
{{ if .Values.githubImporter.enabled }}
|
||||
- name: ENABLE_GITHUB_IMPORTER
|
||||
value: "True"
|
||||
- name: GITHUB_API_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.githubImporter.existingSecretName }}"
|
||||
key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
|
||||
- name: GITHUB_API_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.githubImporter.existingSecretName }}"
|
||||
key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
|
||||
{{ else }}
|
||||
- name: ENABLE_GITHUB_IMPORTER
|
||||
value: "False"
|
||||
{{ end }}
|
||||
|
||||
{{ if .Values.jiraImporter.enabled }}
|
||||
- name: ENABLE_JIRA_IMPORTER
|
||||
value: "True"
|
||||
- name: JIRA_IMPORTER_CONSUMER_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.jiraImporter.existingSecretName }}"
|
||||
key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
|
||||
- name: JIRA_IMPORTER_CERT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.jiraImporter.existingSecretName }}"
|
||||
key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
|
||||
- name: JIRA_IMPORTER_PUB_CERT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.jiraImporter.existingSecretName }}"
|
||||
key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
|
||||
{{ else }}
|
||||
- name: ENABLE_JIRA_IMPORTER
|
||||
value: "False"
|
||||
{{ end }}
|
||||
|
||||
{{ if .Values.trelloImporter.enabled }}
|
||||
- name: ENABLE_TRELLO_IMPORTER
|
||||
value: "True"
|
||||
- name: TRELLO_IMPORTER_API_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.trelloImporter.existingSecretName }}"
|
||||
key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
|
||||
- name: TRELLO_IMPORTER_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.trelloImporter.existingSecretName }}"
|
||||
key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
|
||||
{{ else }}
|
||||
- name: ENABLE_JIRA_IMPORTER
|
||||
value: "False"
|
||||
{{ end }}
|
||||
|
||||
- name: RABBITMQ_USER
|
||||
value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
|
||||
- name: RABBITMQ_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
|
||||
key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
|
||||
|
||||
{{ if .Values.ingress.enabled }}
|
||||
- name: TAIGA_SITES_DOMAIN
|
||||
value: "{{ .Values.ingress.host }}"
|
||||
- name: TAIGA_SITES_SCHEME
|
||||
value: "https"
|
||||
- name: SESSION_COOKIE_SECURE
|
||||
value: "True"
|
||||
- name: CSRF_COOKIE_SECURE
|
||||
value: "True"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.back.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /admin/login/
|
||||
port: {{ .Values.back.service.port }}
|
||||
initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.back.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /admin/login/
|
||||
port: {{ .Values.back.service.port }}
|
||||
initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
|
||||
volumes:
|
||||
- name: taiga-static
|
||||
{{- if .Values.persistence.static.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ include "taiga.staticVolumeName" . }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
- name: taiga-media
|
||||
{{- if .Values.persistence.media.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ include "taiga.mediaVolumeName" . }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
101
charts/taiga/templates/deployment-events.yaml
Normal file
101
charts/taiga/templates/deployment-events.yaml
Normal file
@@ -0,0 +1,101 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-events
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.events.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
revisionHistoryLimit: 3
|
||||
replicas: {{ .Values.events.replicas }}
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "taiga.events.matchLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "taiga.events.labels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: {{ template "taiga.name" . }}-events
|
||||
annotations:
|
||||
{{- with .Values.events.podAnnotations }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
affinity:
|
||||
{{- with .Values.events.affinity }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
nodeSelector:
|
||||
{{- with .Values.events.nodeSelector }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
tolerations:
|
||||
{{- with .Values.events.tolerations }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- with .Values.events.securityContext }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "taiga.fullname" . }}-events
|
||||
image: "{{ .Values.events.image.repository }}:{{ .Values.events.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.events.image.pullPolicy }}
|
||||
resources:
|
||||
{{ toYaml .Values.events.resources | nindent 12 }}
|
||||
ports:
|
||||
- name: taiga-events
|
||||
containerPort: {{ .Values.events.service.http.port }}
|
||||
protocol: TCP
|
||||
- name: taiga-app
|
||||
containerPort: {{ .Values.events.service.app.port }}
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: TAIGA_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.secretKey.existingSecretName }}"
|
||||
key: "{{ .Values.secretKey.existingSecretKey }}"
|
||||
- name: RABBITMQ_USER
|
||||
value: "{{ index .Values "events-rabbitmq" "auth" "username" }}"
|
||||
- name: RABBITMQ_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ index .Values "events-rabbitmq" "auth" "existingPasswordSecret" }}
|
||||
key: {{ index .Values "events-rabbitmq" "auth" "existingSecretPasswordKey" }}
|
||||
- name: APP_PORT
|
||||
value: "{{ .Values.events.service.app.port }}"
|
||||
|
||||
{{- if .Values.events.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.events.service.app.port }}
|
||||
initialDelaySeconds: {{ .Values.events.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.events.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.events.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.events.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.events.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.events.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.events.service.app.port }}
|
||||
initialDelaySeconds: {{ .Values.events.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.events.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.events.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.events.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.events.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
108
charts/taiga/templates/deployment-front.yaml
Normal file
108
charts/taiga/templates/deployment-front.yaml
Normal file
@@ -0,0 +1,108 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-front
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.front.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
revisionHistoryLimit: 3
|
||||
replicas: {{ .Values.front.replicas }}
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "taiga.front.matchLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "taiga.front.labels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: {{ template "taiga.name" . }}-front
|
||||
annotations:
|
||||
{{- with .Values.front.podAnnotations }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
affinity:
|
||||
{{- with .Values.front.affinity }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
nodeSelector:
|
||||
{{- with .Values.front.nodeSelector }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
tolerations:
|
||||
{{- with .Values.front.tolerations }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- with .Values.front.securityContext }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "taiga.fullname" . }}-front
|
||||
image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.front.image.pullPolicy }}
|
||||
resources:
|
||||
{{ toYaml .Values.front.resources | nindent 12 }}
|
||||
ports:
|
||||
- name: taiga-front
|
||||
containerPort: {{ .Values.front.service.port }}
|
||||
protocol: TCP
|
||||
env:
|
||||
{{ if .Values.ingress.enabled }}
|
||||
- name: TAIGA_URL
|
||||
value: "https://{{ .Values.ingress.host }}"
|
||||
{{ else }}
|
||||
- name: TAIGA_URL
|
||||
value: "http://localhost:{{ .Values.front.service.port }}"
|
||||
{{ end }}
|
||||
|
||||
- name: PUBLIC_REGISTER_ENABLED
|
||||
value: "{{ .Values.publicRegisterEnabled }}"
|
||||
- name: ENABLE_GITHUB_AUTH
|
||||
value: "false"
|
||||
- name: ENABLE_GITLAB_AUTH
|
||||
value: "false"
|
||||
- name: ENABLE_OIDC
|
||||
value: "{{ .Values.oidc.enabled }}"
|
||||
- name: ENABLE_SLACK
|
||||
value: "{{ .Values.enableSlack }}"
|
||||
- name: ENABLE_GITHUB_IMPORTER
|
||||
value: "{{ .Values.githubImporter.enabled }}"
|
||||
- name: ENABLE_JIRA_IMPORTER
|
||||
value: "{{ .Values.jiraImporter.enabled }}"
|
||||
- name: ENABLE_TRELLO_IMPORTER
|
||||
value: "{{ .Values.trelloImporter.enabled }}"
|
||||
|
||||
{{- if .Values.front.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /admin/login/
|
||||
port: {{ .Values.front.service.port }}
|
||||
initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.front.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.front.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /admin/login/
|
||||
port: {{ .Values.front.service.port }}
|
||||
initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.front.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
91
charts/taiga/templates/deployment-protected.yaml
Normal file
91
charts/taiga/templates/deployment-protected.yaml
Normal file
@@ -0,0 +1,91 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-protected
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.protected.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
revisionHistoryLimit: 3
|
||||
replicas: {{ .Values.protected.replicas }}
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "taiga.protected.matchLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "taiga.protected.labels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: {{ template "taiga.name" . }}-protected
|
||||
annotations:
|
||||
{{- with .Values.protected.podAnnotations }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
affinity:
|
||||
{{- with .Values.protected.affinity }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
nodeSelector:
|
||||
{{- with .Values.protected.nodeSelector }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
tolerations:
|
||||
{{- with .Values.protected.tolerations }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
|
||||
securityContext:
|
||||
{{- with .Values.protected.securityContext }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "taiga.fullname" . }}-protected
|
||||
image: "{{ .Values.protected.image.repository }}:{{ .Values.protected.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.protected.image.pullPolicy }}
|
||||
resources:
|
||||
{{ toYaml .Values.protected.resources | nindent 12 }}
|
||||
ports:
|
||||
- name: taiga-protected
|
||||
containerPort: {{ .Values.protected.service.port }}
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.secretKey.existingSecretName }}"
|
||||
key: "{{ .Values.secretKey.existingSecretKey }}"
|
||||
- name: MAX_AGE
|
||||
value: "{{ .Values.maxAge }}"
|
||||
|
||||
{{- if .Values.protected.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /admin/login/
|
||||
port: {{ .Values.protected.service.port }}
|
||||
initialDelaySeconds: {{ .Values.protected.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.protected.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.protected.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.protected.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.protected.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.protected.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /admin/login/
|
||||
port: {{ .Values.protected.service.port }}
|
||||
initialDelaySeconds: {{ .Values.protected.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.protected.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.protected.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.protected.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.protected.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
74
charts/taiga/templates/ingress.yaml
Normal file
74
charts/taiga/templates/ingress.yaml
Normal file
@@ -0,0 +1,74 @@
|
||||
{{- if .Values.ingress.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- toYaml .Values.ingress.annotations | nindent 4 }}
|
||||
labels:
|
||||
{{- include "taiga.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.ingress.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.ingress.host }}
|
||||
secretName: {{ template "taiga.fullname" . }}-secret-tls
|
||||
rules:
|
||||
- host: {{ .Values.ingress.host }}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
backend:
|
||||
service:
|
||||
name: "{{ template "taiga.fullname" . }}-front"
|
||||
port:
|
||||
name: taiga-front
|
||||
pathType: ImplementationSpecific
|
||||
- path: /api
|
||||
backend:
|
||||
service:
|
||||
name: "{{ template "taiga.fullname" . }}-back"
|
||||
port:
|
||||
name: taiga-back
|
||||
pathType: ImplementationSpecific
|
||||
- path: /admin
|
||||
backend:
|
||||
service:
|
||||
name: "{{ template "taiga.fullname" . }}-back"
|
||||
port:
|
||||
name: taiga-back
|
||||
pathType: ImplementationSpecific
|
||||
{{ if .Values.oidc.enabled }}
|
||||
- path: /oidc
|
||||
backend:
|
||||
service:
|
||||
name: "{{ template "taiga.fullname" . }}-back"
|
||||
port:
|
||||
name: taiga-back
|
||||
pathType: ImplementationSpecific
|
||||
{{- end }}
|
||||
- path: /events
|
||||
backend:
|
||||
service:
|
||||
name: "{{ template "taiga.fullname" . }}-events"
|
||||
port:
|
||||
name: taiga-events
|
||||
pathType: ImplementationSpecific
|
||||
- path: /media
|
||||
backend:
|
||||
service:
|
||||
name: "{{ template "taiga.fullname" . }}-protected"
|
||||
port:
|
||||
name: taiga-protected
|
||||
pathType: ImplementationSpecific
|
||||
{{- end }}
|
||||
66
charts/taiga/templates/job.yaml
Normal file
66
charts/taiga/templates/job.yaml
Normal file
@@ -0,0 +1,66 @@
|
||||
{{- if .Values.createInitialUser }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-create-initial-user
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
backoffLimit: 4
|
||||
template:
|
||||
spec:
|
||||
{{- if .Values.back.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.back.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: {{ template "taiga.fullname" . }}-create-initial-user
|
||||
image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.back.image.pullPolicy }}
|
||||
command:
|
||||
- sh
|
||||
- /scripts/createinitialuser.sh
|
||||
volumeMounts:
|
||||
- name: create-initial-user
|
||||
mountPath: /scripts
|
||||
env:
|
||||
- name: TAIGA_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.secretKey.existingSecretName }}"
|
||||
key: "{{ .Values.secretKey.existingSecretKey }}"
|
||||
- name: POSTGRES_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.usernameKey }}"
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.passwordKey }}"
|
||||
- name: POSTGRES_DATABASE_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.databaseNameKey }}"
|
||||
- name: POSTGRES_DATABASE_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Values.postgresql.existingSecretName }}"
|
||||
key: "{{ .Values.postgresql.hostKey }}"
|
||||
volumes:
|
||||
- name: create-initial-user
|
||||
configMap:
|
||||
name: {{ template "taiga.fullname" . }}-create-initial-user
|
||||
defaultMode: 0744
|
||||
{{- end }}
|
||||
54
charts/taiga/templates/persistent-volume-claim.yaml
Normal file
54
charts/taiga/templates/persistent-volume-claim.yaml
Normal file
@@ -0,0 +1,54 @@
|
||||
{{- if and .Values.persistence.static.enabled (not .Values.persistence.static.existingClaim) }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "taiga.staticVolumeName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.static.retain }}
|
||||
helm.sh/resource-policy: keep
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
storageClassName: {{ .Values.persistence.static.storageClass }}
|
||||
accessModes:
|
||||
- {{ .Values.persistence.static.accessMode }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.static.size }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
{{- if and .Values.persistence.media.enabled (not .Values.persistence.media.existingClaim) }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "taiga.mediaVolumeName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.media.retain }}
|
||||
"helm.sh/resource-policy": keep
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
storageClassName: {{ .Values.persistence.media.storageClass }}
|
||||
accessModes:
|
||||
- {{ .Values.persistence.media.accessMode }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.media.size }}
|
||||
{{- end }}
|
||||
20
charts/taiga/templates/service-account.yaml
Normal file
20
charts/taiga/templates/service-account.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "taiga.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.serviceAccount.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
138
charts/taiga/templates/service.yaml
Normal file
138
charts/taiga/templates/service.yaml
Normal file
@@ -0,0 +1,138 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-back
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.back.service.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.back.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.back.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.back.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.back.service.port }}
|
||||
targetPort: taiga-back
|
||||
protocol: TCP
|
||||
name: taiga-back
|
||||
selector:
|
||||
{{- include "taiga.back.matchLabels" . | nindent 4 }}
|
||||
{{- with .Values.back.service.extraSelectorLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-events
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.events.service.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.events.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.events.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.events.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.events.service.http.port }}
|
||||
targetPort: taiga-events
|
||||
protocol: TCP
|
||||
name: taiga-events
|
||||
- port: {{ .Values.events.service.app.port }}
|
||||
targetPort: taiga-app
|
||||
protocol: TCP
|
||||
name: taiga-app
|
||||
selector:
|
||||
{{- include "taiga.events.matchLabels" . | nindent 4 }}
|
||||
{{- with .Values.events.service.extraSelectorLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-front
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.front.service.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.front.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.front.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.front.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.front.service.port }}
|
||||
targetPort: taiga-front
|
||||
protocol: TCP
|
||||
name: taiga-front
|
||||
selector:
|
||||
{{- include "taiga.front.matchLabels" . | nindent 4 }}
|
||||
{{- with .Values.front.service.extraSelectorLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "taiga.fullname" . }}-protected
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- with .Values.global.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.protected.service.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "taiga.protected.labels" . | nindent 4 }}
|
||||
{{- with .Values.global.labels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.protected.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.protected.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.protected.service.port }}
|
||||
targetPort: taiga-protected
|
||||
protocol: TCP
|
||||
name: taiga-protected
|
||||
selector:
|
||||
{{- include "taiga.protected.matchLabels" . | nindent 4 }}
|
||||
{{- with .Values.protected.service.extraSelectorLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
817
charts/taiga/values.yaml
Normal file
817
charts/taiga/values.yaml
Normal file
@@ -0,0 +1,817 @@
|
||||
## Global
|
||||
##
|
||||
global:
|
||||
# -- Set an override for the prefix of the fullname
|
||||
nameOverride:
|
||||
|
||||
# -- Set the entire name definition
|
||||
fullnameOverride:
|
||||
|
||||
# -- Set additional global labels. Helm templates can be used.
|
||||
labels: {}
|
||||
|
||||
# -- Set additional global annotations. Helm templates can be used.
|
||||
annotations: {}
|
||||
|
||||
## Service Account
|
||||
##
|
||||
serviceAccount:
|
||||
# -- Specifies whether a service account should be created
|
||||
create: false
|
||||
|
||||
# -- Annotations to add to the service account
|
||||
annotations: {}
|
||||
|
||||
# -- Labels to add to the service account
|
||||
labels: {}
|
||||
|
||||
# -- The name of the service account to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name: ""
|
||||
|
||||
## Secret key
|
||||
## Specificy the secret name and the key containg a strong secret key
|
||||
##
|
||||
secretKey:
|
||||
existingSecretName: ""
|
||||
existingSecretKey: ""
|
||||
|
||||
## Create initial user with credentials admin/123123
|
||||
## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
|
||||
##
|
||||
# TODO: set to false by default or create with a random password which is stored in a secret
|
||||
# or allow to pass in the data for username and secret
|
||||
createInitialUser: true
|
||||
|
||||
## Max age
|
||||
##
|
||||
maxAge: 360
|
||||
|
||||
## Create initial templates
|
||||
## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
|
||||
##
|
||||
# TODO: This values seems to be unused
|
||||
createInitialTemplates: false
|
||||
|
||||
## Telemetry settings
|
||||
##
|
||||
enableTelemetry: true
|
||||
|
||||
## Public registration
|
||||
##
|
||||
publicRegisterEnabled: true
|
||||
|
||||
## Enable debug
|
||||
## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
|
||||
debug: false
|
||||
|
||||
## Postgresql
|
||||
## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
|
||||
##
|
||||
postgresql:
|
||||
existingSecretName: ""
|
||||
usernameKey: ""
|
||||
passwordKey: ""
|
||||
databaseNameKey: ""
|
||||
hostKey: ""
|
||||
portKey: ""
|
||||
|
||||
## OIDC authentication
|
||||
## Configuration is expected to be stored in a secret, reference the secret name and each key for the value
|
||||
##
|
||||
oidc:
|
||||
enabled: false
|
||||
existingSecretName: ""
|
||||
scopesKey: "" # "openid profile email"
|
||||
signatureAlgorithmKey: "" # "RS256"
|
||||
clientIdKey: "" # <generate from auth provider>
|
||||
clientSecretKey: "" # <generate from auth provider>
|
||||
baseUrlKey: "" # "https://id.fedoraproject.org/openidc"
|
||||
jwksEndpointKey: "" # "https://id.fedoraproject.org/openidc/Jwks"
|
||||
authorizationEndpointKey: "" # "https://id.fedoraproject.org/openidc/Authorization"
|
||||
tokenEndpointKey: "" # "https://id.fedoraproject.org/openidc/Token"
|
||||
userEndpointKey: "" # "https://id.fedoraproject.org/openidc/UserInfo"
|
||||
|
||||
## SMTP mail delivery configuration
|
||||
## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
|
||||
##
|
||||
email:
|
||||
enabled: false
|
||||
from: no-reply@example.com
|
||||
host: localhost
|
||||
port: 587
|
||||
tls: false
|
||||
ssl: false
|
||||
user: ""
|
||||
|
||||
## Specificy an existing secret containg the password for the smtp user
|
||||
##
|
||||
existingPasswordSecret: ""
|
||||
existingSecretPasswordKey: ""
|
||||
|
||||
## Slack
|
||||
##
|
||||
enableSlack: false
|
||||
|
||||
## Importers
|
||||
##
|
||||
# Github importer
|
||||
githubImporter:
|
||||
enabled: false
|
||||
existingSecretName: ""
|
||||
existingSecretClientIdKey: ""
|
||||
existingSecretClientSecretKey: ""
|
||||
|
||||
# Jira importer
|
||||
jiraImporter:
|
||||
enabled: false
|
||||
existingSecretName: ""
|
||||
existingSecretConsumerKeyKey: ""
|
||||
existingSecretCertKey: ""
|
||||
existingSecretPubCertKey: ""
|
||||
|
||||
# Trello importer
|
||||
trelloImporter:
|
||||
enabled: false
|
||||
existingSecretName: ""
|
||||
existingSecretApiKeyKey: ""
|
||||
existingSecretSecretKeyKey: ""
|
||||
|
||||
## taiga-back
|
||||
##
|
||||
back:
|
||||
## Taiga image version
|
||||
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
|
||||
##
|
||||
image:
|
||||
repository: taigaio/taiga-back
|
||||
tag: "6.7.3"
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## Define the number of pods the deployment will create
|
||||
## Do not change unless your persistent volume allows more than one writer, ie NFS
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||
##
|
||||
replicas: 1
|
||||
|
||||
## Pod annotations
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||
##
|
||||
podAnnotations: {}
|
||||
|
||||
## Affinity for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
|
||||
## Node labels for pod assignment. Evaluated as a template.
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
|
||||
## Pod Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
##
|
||||
securityContext: {}
|
||||
|
||||
## taiga containers' resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||
##
|
||||
resources:
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
limits: {}
|
||||
# cpu: 2
|
||||
# memory: 1Gi
|
||||
requests: {}
|
||||
# cpu: 1
|
||||
# memory: 1Gi
|
||||
|
||||
## Configure extra options for liveness and readiness probes
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
|
||||
##
|
||||
livenessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 20
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
|
||||
readinessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
|
||||
## Environment variables, to pass to the entry point
|
||||
##
|
||||
# extraVars:
|
||||
# - name: NAMI_DEBUG
|
||||
# value: --log-level trace
|
||||
|
||||
## Service
|
||||
##
|
||||
service:
|
||||
# -- Set the service type
|
||||
type: ClusterIP
|
||||
|
||||
# -- Provide additional annotations which may be required.
|
||||
annotations: {}
|
||||
|
||||
# -- Provide additional labels which may be required.
|
||||
labels: {}
|
||||
|
||||
# -- Allow adding additional match labels
|
||||
extraSelectorLabels: {}
|
||||
|
||||
# -- HTTP port number
|
||||
port: 8000
|
||||
|
||||
## Async
|
||||
##
|
||||
async:
|
||||
## Taiga image version
|
||||
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
|
||||
##
|
||||
image:
|
||||
repository: taigaio/taiga-back
|
||||
tag: "6.7.3"
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## Define the number of pods the deployment will create
|
||||
## Do not change unless your persistent volume allows more than one writer, ie NFS
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||
##
|
||||
replicas: 1
|
||||
|
||||
## Pod Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
##
|
||||
securityContext: {}
|
||||
|
||||
## Pod annotations
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||
##
|
||||
podAnnotations: {}
|
||||
|
||||
## Affinity for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
|
||||
## Node labels for pod assignment. Evaluated as a template.
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
|
||||
## taiga containers' resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||
##
|
||||
resources:
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
limits: {}
|
||||
# cpu: 2
|
||||
# memory: 1Gi
|
||||
requests: {}
|
||||
# cpu: 1
|
||||
# memory: 1Gi
|
||||
|
||||
## Configure extra options for liveness and readiness probes
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
|
||||
##
|
||||
livenessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 20
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
|
||||
## Environment variables, to pass to the entry point
|
||||
##
|
||||
# extraVars:
|
||||
# - name: NAMI_DEBUG
|
||||
# value: --log-level trace
|
||||
|
||||
## Service
|
||||
##
|
||||
service:
|
||||
# -- Set the service type
|
||||
type: ClusterIP
|
||||
|
||||
# -- Provide additional annotations which may be required.
|
||||
annotations: {}
|
||||
|
||||
# -- Provide additional labels which may be required.
|
||||
labels: {}
|
||||
|
||||
# -- Allow adding additional match labels
|
||||
extraSelectorLabels: {}
|
||||
|
||||
# -- HTTP port number
|
||||
port: 8000
|
||||
|
||||
## Async Rabbitmq
|
||||
## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
|
||||
##
|
||||
async-rabbitmq:
|
||||
auth:
|
||||
## @param auth.username RabbitMQ application username
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
|
||||
##
|
||||
username: taiga
|
||||
|
||||
## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
|
||||
## e.g:
|
||||
## existingPasswordSecret: name-of-existing-secret
|
||||
##
|
||||
existingPasswordSecret: ""
|
||||
existingSecretPasswordKey: ""
|
||||
|
||||
## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
|
||||
## e.g:
|
||||
## existingErlangSecret: name-of-existing-secret
|
||||
##
|
||||
existingErlangSecret: ""
|
||||
## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
|
||||
## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
|
||||
##
|
||||
existingSecretErlangKey: ""
|
||||
|
||||
## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
|
||||
## Must contain the key "rabbitmq.conf"
|
||||
## Takes precedence over `configuration`, so do not use both simultaneously
|
||||
## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
|
||||
##
|
||||
configurationExistingSecret: ""
|
||||
## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
|
||||
## Use this instead of `configuration` to add more configuration
|
||||
## Do not use simultaneously with `extraConfigurationExistingSecret`
|
||||
##
|
||||
extraConfiguration: |-
|
||||
default_vhost = taiga
|
||||
default_permissions.configure = .*
|
||||
default_permissions.read = .*
|
||||
default_permissions.write = .*
|
||||
|
||||
## Events
|
||||
##
|
||||
events:
|
||||
## Taiga image version
|
||||
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
|
||||
##
|
||||
image:
|
||||
repository: taigaio/taiga-events
|
||||
tag: "6.7.0"
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## Pod Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
##
|
||||
securityContext: {}
|
||||
|
||||
## Define the number of pods the deployment will create
|
||||
## Do not change unless your persistent volume allows more than one writer, ie NFS
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||
##
|
||||
replicas: 1
|
||||
|
||||
## Pod annotations
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||
##
|
||||
podAnnotations: {}
|
||||
|
||||
## Affinity for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
|
||||
## Node labels for pod assignment. Evaluated as a template.
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
|
||||
## taiga containers' resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||
##
|
||||
resources:
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
limits: {}
|
||||
# cpu: 2
|
||||
# memory: 1Gi
|
||||
requests: {}
|
||||
# cpu: 1
|
||||
# memory: 1Gi
|
||||
|
||||
## Configure extra options for liveness and readiness probes
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
|
||||
##
|
||||
livenessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 20
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
|
||||
## Environment variables, to pass to the entry point
|
||||
##
|
||||
# extraVars:
|
||||
# - name: NAMI_DEBUG
|
||||
# value: --log-level trace
|
||||
|
||||
## Service
|
||||
##
|
||||
service:
|
||||
# -- Set the service type
|
||||
type: ClusterIP
|
||||
|
||||
# -- Provide additional annotations which may be required.
|
||||
annotations: {}
|
||||
|
||||
# -- Provide additional labels which may be required.
|
||||
labels: {}
|
||||
|
||||
# -- Allow adding additional match labels
|
||||
extraSelectorLabels: {}
|
||||
|
||||
http:
|
||||
# -- HTTP port number
|
||||
port: 8888
|
||||
|
||||
app:
|
||||
# -- HTTP port number
|
||||
port: 3023
|
||||
|
||||
## Events Rabbitmq
|
||||
## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
|
||||
##
|
||||
events-rabbitmq:
|
||||
auth:
|
||||
## @param auth.username RabbitMQ application username
|
||||
## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
|
||||
##
|
||||
username: taiga
|
||||
|
||||
## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
|
||||
## e.g:
|
||||
## existingPasswordSecret: name-of-existing-secret
|
||||
##
|
||||
existingPasswordSecret: ""
|
||||
existingSecretPasswordKey: ""
|
||||
|
||||
## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
|
||||
## e.g:
|
||||
## existingErlangSecret: name-of-existing-secret
|
||||
##
|
||||
existingErlangSecret: ""
|
||||
## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
|
||||
## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
|
||||
##
|
||||
existingSecretErlangKey: ""
|
||||
|
||||
## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
|
||||
## Must contain the key "rabbitmq.conf"
|
||||
## Takes precedence over `configuration`, so do not use both simultaneously
|
||||
## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
|
||||
##
|
||||
configurationExistingSecret: ""
|
||||
## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
|
||||
## Use this instead of `configuration` to add more configuration
|
||||
## Do not use simultaneously with `extraConfigurationExistingSecret`
|
||||
##
|
||||
extraConfiguration: |-
|
||||
default_vhost = taiga
|
||||
default_permissions.configure = .*
|
||||
default_permissions.read = .*
|
||||
default_permissions.write = .*
|
||||
|
||||
## Protected
|
||||
##
|
||||
protected:
|
||||
## Taiga image version
|
||||
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
|
||||
##
|
||||
image:
|
||||
repository: taigaio/taiga-protected
|
||||
tag: "6.7.0"
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## Pod Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
##
|
||||
securityContext: {}
|
||||
|
||||
## Define the number of pods the deployment will create
|
||||
## Do not change unless your persistent volume allows more than one writer, ie NFS
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||
##
|
||||
replicas: 1
|
||||
|
||||
## Pod annotations
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||
##
|
||||
podAnnotations: {}
|
||||
|
||||
## Affinity for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
|
||||
## Node labels for pod assignment. Evaluated as a template.
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
|
||||
## taiga containers' resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||
##
|
||||
resources:
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
limits: {}
|
||||
# cpu: 2
|
||||
# memory: 1Gi
|
||||
requests: {}
|
||||
# cpu: 1
|
||||
# memory: 1Gi
|
||||
|
||||
## Configure extra options for liveness and readiness probes
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
|
||||
##
|
||||
livenessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 20
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
|
||||
## Environment variables, to pass to the entry point
|
||||
##
|
||||
# extraVars:
|
||||
# - name: NAMI_DEBUG
|
||||
# value: --log-level trace
|
||||
|
||||
## Service
|
||||
##
|
||||
service:
|
||||
# -- Set the service type
|
||||
type: ClusterIP
|
||||
|
||||
# -- Provide additional annotations which may be required.
|
||||
annotations: {}
|
||||
|
||||
# -- Provide additional labels which may be required.
|
||||
labels: {}
|
||||
|
||||
# -- Allow adding additional match labels
|
||||
extraSelectorLabels: {}
|
||||
|
||||
# -- HTTP port number
|
||||
port: 8003
|
||||
|
||||
## Front
|
||||
##
|
||||
front:
|
||||
## Taiga image version
|
||||
## ref: https://hub.docker.com/r/taigaio/taiga5/tags
|
||||
##
|
||||
image:
|
||||
repository: taigaio/taiga-front
|
||||
tag: "6.7.7"
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
## Define the number of pods the deployment will create
|
||||
## Do not change unless your persistent volume allows more than one writer, ie NFS
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
||||
##
|
||||
replicas: 1
|
||||
|
||||
## Pod Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
##
|
||||
securityContext: {}
|
||||
|
||||
## Pod annotations
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||||
##
|
||||
podAnnotations: {}
|
||||
|
||||
## Affinity for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||
##
|
||||
affinity: {}
|
||||
|
||||
## Node labels for pod assignment. Evaluated as a template.
|
||||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||
##
|
||||
nodeSelector: {}
|
||||
|
||||
## Tolerations for pod assignment
|
||||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
##
|
||||
tolerations: []
|
||||
|
||||
## taiga containers' resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||
##
|
||||
resources:
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
limits: {}
|
||||
# cpu: 2
|
||||
# memory: 1Gi
|
||||
requests: {}
|
||||
# cpu: 1
|
||||
# memory: 1Gi
|
||||
|
||||
## Configure extra options for liveness and readiness probes
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
|
||||
##
|
||||
livenessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 20
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
enabled: false
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
|
||||
## Environment variables, to pass to the entry point
|
||||
##
|
||||
# extraVars:
|
||||
# - name: NAMI_DEBUG
|
||||
# value: --log-level trace
|
||||
|
||||
## Service
|
||||
##
|
||||
service:
|
||||
# -- Set the service type
|
||||
type: ClusterIP
|
||||
|
||||
# -- Provide additional annotations which may be required.
|
||||
annotations: {}
|
||||
|
||||
# -- Provide additional labels which may be required.
|
||||
labels: {}
|
||||
|
||||
# -- Allow adding additional match labels
|
||||
extraSelectorLabels: {}
|
||||
|
||||
# -- HTTP port number
|
||||
port: 80
|
||||
|
||||
## Configure the ingress resource that allows you to access the
|
||||
## taiga installation. Set up the URL
|
||||
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
||||
##
|
||||
ingress:
|
||||
# -- Enables or disables the ingress
|
||||
enabled: false
|
||||
|
||||
# -- Provide additional annotations which may be required.
|
||||
annotations: {}
|
||||
|
||||
# -- Provide additional labels which may be required.
|
||||
labels: {}
|
||||
|
||||
# -- Set the ingressClass that is used for this ingress.
|
||||
className: ""
|
||||
|
||||
## Configure the hosts for the ingress
|
||||
host: chart-example.local
|
||||
|
||||
## Enable persistence using Persistent Volume Claims
|
||||
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
||||
##
|
||||
persistence:
|
||||
static:
|
||||
# -- Enables or disables the persistence item. Defaults to true
|
||||
enabled: true
|
||||
|
||||
# -- Storage Class for the config volume.
|
||||
# If set to `-`, dynamic provisioning is disabled.
|
||||
# If set to something else, the given storageClass is used.
|
||||
# If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
|
||||
storageClass: ""
|
||||
|
||||
# -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
|
||||
existingClaim: ""
|
||||
|
||||
# -- AccessMode for the persistent volume.
|
||||
# Make sure to select an access mode that is supported by your storage provider!
|
||||
# [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
|
||||
accessMode: ReadWriteOnce
|
||||
|
||||
# -- The amount of storage that is requested for the persistent volume.
|
||||
size: 5Gi
|
||||
|
||||
# -- Set to true to retain the PVC upon `helm uninstall`
|
||||
retain: false
|
||||
|
||||
media:
|
||||
# -- Enables or disables the persistence item. Defaults to true
|
||||
enabled: true
|
||||
|
||||
# -- Storage Class for the config volume.
|
||||
# If set to `-`, dynamic provisioning is disabled.
|
||||
# If set to something else, the given storageClass is used.
|
||||
# If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
|
||||
storageClass: ""
|
||||
|
||||
# -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
|
||||
existingClaim: ""
|
||||
|
||||
# -- AccessMode for the persistent volume.
|
||||
# Make sure to select an access mode that is supported by your storage provider!
|
||||
# [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
|
||||
accessMode: ReadWriteOnce
|
||||
|
||||
# -- The amount of storage that is requested for the persistent volume.
|
||||
size: 5Gi
|
||||
|
||||
# -- Set to true to retain the PVC upon `helm uninstall`
|
||||
retain: false
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: tubearchivist
|
||||
version: 0.2.0
|
||||
version: 0.2.1
|
||||
description: Chart for Tube Archivist
|
||||
keywords:
|
||||
- download
|
||||
@@ -14,7 +14,7 @@ maintainers:
|
||||
icon: https://avatars.githubusercontent.com/u/102734415?s=48&v=4
|
||||
dependencies:
|
||||
- name: redis
|
||||
version: 19.1.0
|
||||
version: 19.1.1
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
- name: elasticsearch
|
||||
version: 20.0.4
|
||||
|
||||
Reference in New Issue
Block a user