charts/coms/values.yaml
# Default values for coms.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 2
image:
# -- Default image repository
repository: docker.io/bcgovimages
# -- Default image pull policy
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion.
tag: ~
# -- Specify docker-registry secret names as an array
imagePullSecrets: []
# -- String to partially override fullname
nameOverride: ~
# -- String to fully override fullname
fullnameOverride: ~
# DeploymentConfig pre-hook failure behavior
failurePolicy: Retry
# -- Annotations for coms pods
podAnnotations: {}
# -- Privilege and access control settings
podSecurityContext:
{}
# fsGroup: 2000
# -- Privilege and access control settings
securityContext:
{}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
autoscaling:
# -- Specifies whether the Horizontal Pod Autoscaler should be created
enabled: false
# -- behavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively).
behavior:
scaleDown:
stabilizationWindowSeconds: 120
selectPolicy: Max
policies:
- type: Pods
value: 1
periodSeconds: 120
scaleUp:
stabilizationWindowSeconds: 0
selectPolicy: Max
policies:
- type: Pods
value: 2
periodSeconds: 30
minReplicas: 2
maxReplicas: 16
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
serviceAccount:
# -- Specifies whether a service account should be created
enabled: false
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ~
networkPolicy:
# -- Specifies whether a network policy should be created
enabled: true
service:
# -- Service type
type: ClusterIP
# -- Service port
port: 3000
# -- Service port name
portName: http
route:
# -- Specifies whether a route should be created
enabled: true
# -- Annotations to add to the route
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
host: chart-example.local
# path: /
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
wildcardPolicy: None
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
# -- Limit Peak CPU (in millicores ex. 1000m)
cpu: 200m
# -- Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi)
memory: 256Mi
requests:
# -- Requested CPU (in millicores ex. 500m)
cpu: 50m
# -- Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi)
memory: 128Mi
features:
# -- Specifies whether basic auth is enabled
basicAuth: false
# -- Specifies whether a default bucket is enabled
defaultBucket: false
# -- Specifies whether oidc auth is enabled
oidcAuth: false
config:
# -- Set to true if you want to let Helm manage and overwrite your configmaps.
enabled: false
# -- This should be set to true if and only if you require configmaps and secrets to be release
# scoped. In the event you want all instances in the same namespace to share a similar
# configuration, this should be set to false
releaseScoped: false
# -- These values will be wholesale added to the configmap as is; refer to the coms
# documentation for what each of these values mean and whether you need them defined.
# Ensure that all values are represented explicitly as strings, as non-string values will
# not translate over as expected into container environment variables.
# For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them
# to string value "true".
configMap:
# BASICAUTH_ENABLED: "true"
# DB_HOST: ~
DB_PORT: "5432"
# DB_POOL_MIN: "2"
# DB_POOL_MAX: "10"
# KC_ENABLED: "true"
KC_IDENTITYKEY: ~
KC_PUBLICKEY: ~
KC_REALM: ~
KC_SERVERURL: ~
OBJECTSTORAGE_BUCKET: ~
# OBJECTSTORAGE_ENABLED: "true"
OBJECTSTORAGE_ENDPOINT: ~
OBJECTSTORAGE_KEY: ~
# SERVER_HARDRESET: "true"
# SERVER_LOGFILE: ~
SERVER_LOGLEVEL: "http"
SERVER_PORT: "3000"
# SERVER_PRIVACY_MASK: "true"
SERVER_TEMP_EXPIRESIN: "300"
# Modify the following variables if you need to acquire secret values from a custom-named resource
basicAuthSecretOverride:
# -- Basic authentication username
username: ~
# -- Basic authentication password
password: ~
dbSecretOverride:
# -- Database username
username: ~
# -- Database password
password: ~
keycloakSecretOverride:
# -- Keycloak username
username: ~
# -- Keycloak password
password: ~
objectStorageSecretOverride:
# -- Object storage username
username: ~
# -- Object storage password
password: ~
# crunchy-postgres subchart configuration overrides
postgres:
enabled: true
# --------------------------------
# --------crunchydb config: ------
# --------------------------------
# note: override methodology:
# - defaults exist in subchart postgres
# - overrides that apply to all coms environments are defined in this values.yaml file
# - overrides specific to a single environment are defined in values.<environment>.yaml
# name of the cluster.
# in COMS pipeline we pass this in Helm deploy command in github action
# eg: --set postgres.name=postgres-master
# name: postgres-master
postgresVersion: 16
# --- resource allocation ----
instances:
- name: db # do not change this name after initial install, pvc (data) and stateful sets will be deleted
replicas: 2
dataVolumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 1Gi
storageClassName: "netapp-block-standard"
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 100m
memory: 256Mi
sidecars:
replicaCertCopy:
resources:
requests:
cpu: 1m
memory: 32Mi
limits:
cpu: 50m
memory: 64Mi
# ------- postgres user/db configuration ----------
users:
- name: app
databases:
- app
# Custom SQL commands we want to run, that get added to a ConfigMap
# that crunchyDB references duriing intialization
# gives our app permissions on the schemas (also required to run our knex migrations)
databaseInitSQL:
name: bootstrap-sql
key: bootstrap.sql
sql: |
\c app;
ALTER DATABASE app OWNER TO app;
ALTER SCHEMA public OWNER TO app;
REVOKE CREATE ON SCHEMA public FROM PUBLIC;
CREATE SCHEMA invite;
ALTER SCHEMA invite OWNER TO app;
CREATE SCHEMA audit;
ALTER SCHEMA audit OWNER TO app;
CREATE SCHEMA queue;
ALTER SCHEMA queue OWNER TO app;
# -------- backups ---------
pgBackRestConfig:
# allow one-off backups
manual:
repoName: repo1
options:
- --type=full
repoHost:
resources:
requests:
cpu: 20m
memory: 128Mi
limits:
cpu: 50m
memory: 256Mi
sidecars:
pgbackrest:
resources:
requests:
cpu: 5m
memory: 16Mi
limits:
cpu: 20m
memory: 64Mi
pgbackrestConfig:
resources:
requests:
cpu: 5m
memory: 32Mi
limits:
cpu: 20m
memory: 64Mi
jobs:
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 50m
memory: 128Mi
# ----- pgBouncer (network pooling) ------
pgBouncerConfig:
replicas: 2
config:
global:
client_tls_sslmode: disable
resources:
requests:
cpu: 5m
memory: 32Mi
limits:
cpu: 20m
memory: 64Mi
# -------- monitoring ----------
monitoring: false