global: # -- Set an override for the prefix of the fullname nameOverride: # -- Set the entire name definition fullnameOverride: # -- Set additional global labels. Helm templates can be used. labels: {} # -- Set additional global annotations. Helm templates can be used. annotations: {} controller: # -- enable the controller. enabled: true # -- Set the controller type. # Valid options are deployment, daemonset or statefulset type: deployment # -- Set annotations on the deployment/statefulset/daemonset annotations: {} # -- Set labels on the deployment/statefulset/daemonset labels: {} # -- Number of desired pods replicas: 1 # -- Set the controller upgrade strategy # For Deployments, valid values are Recreate (default) and RollingUpdate. # For StatefulSets, valid values are OnDelete and RollingUpdate (default). # DaemonSets ignore this. strategy: rollingUpdate: # -- Set deployment RollingUpdate max unavailable unavailable: # -- Set deployment RollingUpdate max surge surge: # -- Set statefulset RollingUpdate partition partition: # -- ReplicaSet revision history limit revisionHistoryLimit: 3 # -- Set statefulset podManagementPolicy, valid values are Parallel and OrderedReady (default). podManagementPolicy: image: # -- image repository repository: # -- image tag tag: # -- image pull policy pullPolicy: # -- Set image pull secrets imagePullSecrets: [] # -- Override the command(s) for the default container command: [] # -- Override the args for the default container args: [] # -- Set annotations on the pod podAnnotations: {} # -- Set labels on the pod podLabels: {} # -- Add a Horizontal Pod Autoscaler # @default -- autoscaling: enabled: false target: # deploymentname minReplicas: # 1 maxReplicas: # 100 targetCPUUtilizationPercentage: # 80 targetMemoryUtilizationPercentage: # 80 serviceAccount: # -- Specifies whether a service account should be created create: false # -- Annotations to add to the service account annotations: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- Specifies whether a service account token should be automatically mounted. automountServiceAccountToken: true # -- Use this to populate a secret with the values you specify. # Be aware that these values are not encrypted by default, and could therefore visible # to anybody with access to the values.yaml file. secret: {} # PASSWORD: my-password # -- Configure configMaps for the chart here. # Additional configMaps can be added by adding a dictionary key similar to the 'config' object. # @default -- See below configmap: config: # -- Enables or disables the configMap enabled: false # -- Labels to add to the configMap labels: {} # -- Annotations to add to the configMap annotations: {} # -- configMap data content. Helm template enabled. data: {} # foo: bar # -- Main environment variables. Template enabled. # Syntax options: # A) TZ: UTC # B) PASSWD: '{{ .Release.Name }}' # C) PASSWD: # configMapKeyRef: # name: config-map-name # key: key-name # D) PASSWD: # valueFrom: # secretKeyRef: # name: secret-name # key: key-name # ... # E) - name: TZ # value: UTC # F) - name: TZ # value: '{{ .Release.Name }}' env: # -- Secrets and/or ConfigMaps that will be loaded as environment variables. # [[ref]](https://unofficial-kubernetes.readthedocs.io/en/latest/tasks/configure-pod-container/configmap/#use-case-consume-configmap-in-environment-variables) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name # -- Custom priority class for different treatment by the scheduler priorityClassName: # system-node-critical # -- Allow specifying a runtimeClassName other than the default one (ie: nvidia) runtimeClassName: # nvidia # -- Allows specifying a custom scheduler name schedulerName: # awkward-dangerous-scheduler # -- Allows specifying explicit hostname setting hostname: # -- When using hostNetwork make sure you set dnsPolicy to `ClusterFirstWithHostNet` hostNetwork: false # -- Defaults to "ClusterFirst" if hostNetwork is false and "ClusterFirstWithHostNet" if hostNetwork is true. dnsPolicy: # ClusterFirst # -- Optional DNS settings, configuring the ndots option may resolve nslookup issues on some Kubernetes setups. dnsConfig: {} # options: # - name: ndots # value: "1" # -- Enable/disable the generation of environment variables for services. # [[ref]](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service) enableServiceLinks: true # -- Configure the Security Context for the Pod podSecurityContext: {} # -- Configure the Security Context for the main container securityContext: {} # -- Configure the lifecycle for the main container lifecycle: {} # -- Specify any initContainers here as dictionary items. Each initContainer should have its own key. # The dictionary item key will determine the order. Helm templates can be used. initContainers: {} # -- Specify any additional containers here as dictionary items. Each additional container should have its own key. # Helm templates can be used. additionalContainers: {} # -- Probe configuration # -- [[ref]](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) # @default -- See below probes: # -- Liveness probe configuration # @default -- See below liveness: # -- Enable the liveness probe enabled: true # -- Set this to `true` if you wish to specify your own livenessProbe custom: false # -- The spec field contains the values for the default livenessProbe. # If you selected `custom: true`, this field holds the definition of the livenessProbe. # @default -- See below spec: initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 # -- Redainess probe configuration # @default -- See below readiness: # -- Enable the readiness probe enabled: true # -- Set this to `true` if you wish to specify your own readinessProbe custom: false # -- The spec field contains the values for the default readinessProbe. # If you selected `custom: true`, this field holds the definition of the readinessProbe. # @default -- See below spec: initialDelaySeconds: 0 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 # -- Startup probe configuration # @default -- See below startup: # -- Enable the startup probe enabled: true # -- Set this to `true` if you wish to specify your own startupProbe custom: false # -- The spec field contains the values for the default startupProbe. # If you selected `custom: true`, this field holds the definition of the startupProbe. # @default -- See below spec: initialDelaySeconds: 0 timeoutSeconds: 1 ## This means it has a maximum of 5*30=150 seconds to start up before it fails periodSeconds: 5 failureThreshold: 30 termination: # -- Configure the path at which the file to which the main container's termination message will be written. # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] messagePath: # -- Indicate how the main container's termination message should be populated. # Valid options are `File` and `FallbackToLogsOnError`. # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle-1)] messagePolicy: # -- Duration in seconds the pod needs to terminate gracefully # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle)] gracePeriodSeconds: # -- Configure the services for the chart here. # Additional services can be added by adding a dictionary key similar to the 'main' service. # @default -- See below service: main: # -- Enables or disables the service enabled: true # -- Make this the primary service (used in probes, notes, etc...). # If there is more than 1 service, make sure that only 1 service is marked as primary. primary: true # -- Override the name suffix that is used for this service nameOverride: # -- Set the service type type: ClusterIP # -- Specify the externalTrafficPolicy for the service. Options: Cluster, Local # -- [[ref](https://kubernetes.io/docs/tutorials/services/source-ip/)] externalTrafficPolicy: # -- Specify the ip policy. Options: SingleStack, PreferDualStack, RequireDualStack ipFamilyPolicy: # -- The ip families that should be used. Options: IPv4, IPv6 ipFamilies: [] # -- Provide additional annotations which may be required. annotations: {} # -- Provide additional labels which may be required. labels: {} # -- Configure the Service port information here. # Additional ports can be added by adding a dictionary key similar to the 'http' service. # @default -- See below ports: http: # -- Enables or disables the port enabled: true # -- Make this the primary port (used in probes, notes, etc...) # If there is more than 1 service, make sure that only 1 port is marked as primary. primary: true # -- The port number port: # -- Port protocol. # Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`. # HTTPS and HTTPS spawn a TCP service and get used for internal URL and name generation protocol: HTTP # -- Specify a service targetPort if you wish to differ the service port from the application port. # If `targetPort` is specified, this port number is used in the container definition instead of # the `port` value. Therefore named ports are not supported for this field. targetPort: # -- Specify the nodePort value for the LoadBalancer and NodePort service types. # [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) nodePort: # -- Configure the ingresses for the chart here. # Additional ingresses can be added by adding a dictionary key similar to the 'main' ingress. # @default -- See below ingress: main: # -- Enables or disables the ingress enabled: false # -- Make this the primary ingress (used in probes, notes, etc...). # If there is more than 1 ingress, make sure that only 1 ingress is marked as primary. primary: true # -- Override the name suffix that is used for this ingress. nameOverride: # -- Provide additional annotations which may be required. annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # -- Provide additional labels which may be required. labels: {} # -- Set the ingressClass that is used for this ingress. # Requires Kubernetes >=1.19 ingressClassName: # "nginx" ## Configure the hosts for the ingress hosts: - # -- Host address. Helm template can be passed. host: chart-example.local ## Configure the paths for the host paths: - # -- Path. Helm template can be passed. path: / # -- Ignored if not kubeVersion >= 1.14-0 pathType: Prefix service: # -- Overrides the service name reference for this path name: # -- Overrides the service port reference for this path port: # -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template. tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # -- Configure persistence for the chart here. # Additional items can be added by adding a dictionary key similar to the 'config' key. # @default -- See below persistence: # -- Default persistence for configuration files. # @default -- See below config: # -- Enables or disables the persistence item enabled: false # -- Sets the persistence type # Valid options are pvc, emptyDir, hostPath, secret, configMap or custom type: pvc # -- Where to mount the volume in the main container. # Defaults to `/`, # setting to '-' creates the volume but disables the volumeMount. mountPath: # /config # -- Specify if the volume should be mounted read-only. readOnly: false # -- Override the name suffix that is used for this volume. nameOverride: # -- Storage Class for the config volume. # If set to `-`, dynamic provisioning is disabled. # If set to something else, the given storageClass is used. # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. storageClass: # "-" # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here. existingClaim: # your-claim # -- Used in conjunction with `existingClaim`. Specifies a sub-path inside the referenced volume instead of its root subPath: # some-subpath # -- AccessMode for the persistent volume. # Make sure to select an access mode that is supported by your storage provider! # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) accessMode: ReadWriteOnce # -- The amount of storage that is requested for the persistent volume. size: 1Gi # -- Set to true to retain the PVC upon `helm uninstall` retain: false # -- Create an emptyDir volume to share between all containers # [[ref]]https://kubernetes.io/docs/concepts/storage/volumes/#emptydir) # @default -- See below shared: enabled: false type: emptyDir mountPath: /shared # -- Set the medium to "Memory" to mount a tmpfs (RAM-backed filesystem) instead # of the storage medium that backs the node. medium: # Memory # -- If the `SizeMemoryBackedVolumes` feature gate is enabled, you can # specify a size for memory backed volumes. sizeLimit: # 1Gi # -- Used in conjunction with `controller.type: statefulset` to create individual disks for each instance. volumeClaimTemplates: [] # - name: data # mountPath: /data # accessMode: "ReadWriteOnce" # size: 1Gi # - name: backup # mountPath: /backup # subPath: theSubPath # accessMode: "ReadWriteOnce" # size: 2Gi # storageClass: cheap-storage-class # -- Node selection constraint # [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) nodeSelector: {} # -- Defines affinity constraint rules. # [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) affinity: {} # -- Defines topologySpreadConstraint rules. # [[ref]](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) topologySpreadConstraints: [] # - maxSkew: # topologyKey: # whenUnsatisfiable: # labelSelector: # -- Specify taint tolerations # [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) tolerations: [] # -- Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames. # [[ref]](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/) hostAliases: [] # - ip: "192.168.1.100" # hostnames: # - "example.com" # - "www.example.com" # -- Set the resource requests / limits for the main container. resources: {} ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # -- The common chart supports several add-ons. These can be configured under this key. # @default -- See below addons: # -- The common chart supports adding a VPN add-on. It can be configured under this key. # @default -- See values.yaml vpn: # -- Enable running a VPN in the pod to route traffic through a VPN enabled: false # -- Specify the VPN type. Valid options are `openvpn`, `wireguard` and `gluetun`. type: openvpn # -- OpenVPN specific configuration # @default -- See below openvpn: image: # -- Specify the openvpn client image repository: dperson/openvpn-client # -- Specify the openvpn client image tag tag: latest # -- Specify the openvpn client image pull policy pullPolicy: IfNotPresent # -- Credentials to connect to the VPN Service (used with -a) auth: # "user;password" # -- Optionally specify an existing secret that contains the credentials. # Credentials should be stored under the `VPN_AUTH` key authSecret: # my-vpn-secret # -- WireGuard specific configuration # @default -- See below wireguard: image: # -- Specify the WireGuard image repository: ghcr.io/k8s-at-home/wireguard # -- Specify the WireGuard image tag tag: v1.0.20210914 # -- Specify the WireGuard image pull policy pullPolicy: IfNotPresent # -- Gluetun specific configuration # -- Make sure to read the [documentation](https://github.com/qdm12/gluetun/wiki) to see how to configure this addon! # @default -- See below gluetun: image: # -- Specify the Gluetun image repository: docker.io/qmcgaw/gluetun # -- Specify the Gluetun image tag tag: v3.30.0 # -- Specify the Gluetun image pull policy pullPolicy: IfNotPresent # -- Set the VPN container securityContext # @default -- See values.yaml securityContext: capabilities: add: - NET_ADMIN - SYS_MODULE # -- All variables specified here will be added to the vpn sidecar container # See the documentation of the VPN image for all config values env: {} # TZ: UTC # -- Override the args for the vpn sidecar container args: [] # -- Provide a customized vpn configuration file to be used by the VPN. configFile: # |- # Some Example Config # remote greatvpnhost.com 8888 # auth-user-pass # Cipher AES # -- Reference an existing secret that contains the VPN configuration file # The chart expects it to be present under the `vpnConfigfile` key. configFileSecret: # -- Provide custom up/down scripts that can be used by the vpn configuration. # @default -- See values.yaml scripts: # @default -- See below up: # |- # #!/bin/bash # echo "connected" > /shared/vpnstatus # @default -- See below down: # |- # #!/bin/bash # echo "disconnected" > /shared/vpnstatus additionalVolumeMounts: [] # -- Optionally specify a livenessProbe, e.g. to check if the connection is still # being protected by the VPN livenessProbe: {} # exec: # command: # - sh # - -c # - if [ $(curl -s https://ipinfo.io/country) == 'US' ]; then exit 0; else exit $?; fi # initialDelaySeconds: 30 # periodSeconds: 60 # failureThreshold: 1 networkPolicy: # -- If set to true, will deploy a network policy that blocks all outbound # traffic except traffic specified as allowed enabled: false # -- Provide additional annotations which may be required. annotations: {} # -- Provide additional labels which may be required. labels: {} # -- Provide additional podSelector labels which may be required. podSelectorLabels: {} # -- The egress configuration for your network policy, All outbound traffic # from the pod will be blocked unless specified here. # [[ref]](https://kubernetes.io/docs/concepts/services-networking/network-policies/) # [[recipes]](https://github.com/ahmetb/kubernetes-network-policy-recipes) egress: # - to: # - ipBlock: # cidr: 0.0.0.0/0 # ports: # - port: 53 # protocol: UDP # - port: 53 # protocol: TCP # -- The common library supports adding a code-server add-on to access files. It can be configured under this key. # @default -- See values.yaml codeserver: # -- Enable running a code-server container in the pod enabled: false image: # -- Specify the code-server image repository: ghcr.io/coder/code-server # -- Specify the code-server image tag tag: 4.5.1 # -- Specify the code-server image pull policy pullPolicy: IfNotPresent # -- Set any environment variables for code-server here env: {} # TZ: UTC # -- Set codeserver command line arguments. # Consider setting --user-data-dir to a persistent location to preserve code-server setting changes args: - --auth - none # - --user-data-dir # - "/config/.vscode" # -- Specify a list of volumes that get mounted in the code-server container. # At least 1 volumeMount is required! volumeMounts: [] # - name: config # mountPath: /data/config # -- Specify the working dir that will be opened when code-server starts # If not given, the app will default to the mountpah of the first specified volumeMount workingDir: "" # -- Optionally allow access a Git repository by passing in a private SSH key # @default -- See below git: # -- Raw SSH private key deployKey: "" # -- Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence. deployKeyBase64: "" # -- Existing secret containing SSH private key # The chart expects it to be present under the `id_rsa` key. deployKeySecret: "" service: # -- Enable a service for the code-server add-on. enabled: true type: ClusterIP # Specify the default port information ports: codeserver: port: 12321 enabled: true protocol: TCP targetPort: codeserver ## Specify the nodePort value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## # nodePort: annotations: {} labels: {} ingress: # -- Enable an ingress for the code-server add-on. enabled: false annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" labels: {} # -- Set the ingressClass that is used for this ingress. # Requires Kubernetes >=1.19 ingressClassName: # "nginx" hosts: - host: code.chart-example.local paths: - path: / # Ignored if not kubeVersion >= 1.14-0 pathType: Prefix tls: [] # - secretName: chart-example-tls # hosts: # - code.chart-example.local securityContext: runAsUser: 0 # -- The common library supports adding a promtail add-on to to access logs and ship them to loki. It can be configured under this key. # @default -- See values.yaml promtail: # -- Enable running a promtail container in the pod enabled: false image: # -- Specify the promtail image repository: docker.io/grafana/promtail # -- Specify the promtail image tag tag: 2.6.1 # -- Specify the promtail image pull policy pullPolicy: IfNotPresent # -- Set any environment variables for promtail here env: {} # -- Set promtail command line arguments args: [] # -- The URL to Loki loki: "" # -- The paths to logs on the volume logs: [] # - name: log # path: /config/logs/*.log # -- Specify a list of volumes that get mounted in the promtail container. # At least 1 volumeMount is required! volumeMounts: [] # - name: config # mountPath: /config # readOnly: true securityContext: runAsUser: 0 # -- The common library supports adding a netshoot add-on to troubleshoot network issues within a Pod. It can be configured under this key. # @default -- See values.yaml netshoot: # -- Enable running a netshoot container in the pod enabled: false image: # -- Specify the netshoot image repository: ghcr.io/nicolaka/netshoot # -- Specify the netshoot image tag tag: v0.7 # -- Specify the netshoot image pull policy pullPolicy: IfNotPresent # -- Set any environment variables for netshoot here env: {} securityContext: capabilities: add: - NET_ADMIN