helm/korifi/api/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: korifi-api-config
namespace: {{ .Release.Namespace }}
data:
korifi_api_config.yaml: |
externalFQDN: {{ .Values.api.apiServer.url }}
externalPort: {{ .Values.api.apiServer.port | default 0 }}
internalPort: {{ .Values.api.apiServer.internalPort }}
idleTimeout: {{ .Values.api.apiServer.timeouts.idle }}
readTimeout: {{ .Values.api.apiServer.timeouts.read }}
readHeaderTimeout: {{ .Values.api.apiServer.timeouts.readHeader }}
writeTimeout: {{ .Values.api.apiServer.timeouts.write }}
infoConfig:
description: {{ .Values.api.infoConfig.description }}
name: {{ .Values.api.infoConfig.name }}
minCLIVersion: {{ .Values.api.infoConfig.minCLIVersion }}
recommendedCLIVersion: {{ .Values.api.infoConfig.recommendedCLIVersion }}
{{- with .Values.api.infoConfig.custom }}
custom:
{{- toYaml . | nindent 8 }}
{{- end }}
supportAddress: {{ .Values.api.infoConfig.supportAddress }}
rootNamespace: {{ .Values.rootNamespace }}
builderName: {{ .Values.reconcilers.build }}
runnerName: {{ .Values.reconcilers.run }}
defaultLifecycleConfig:
type: {{ .Values.api.lifecycle.type }}
stack: {{ .Values.api.lifecycle.stack }}
stagingMemoryMB: {{ .Values.stagingRequirements.memoryMB }}
containerRepositoryPrefix: {{ .Values.containerRepositoryPrefix | quote }}
{{- if not .Values.eksContainerRegistryRoleARN }}
{{- if .Values.containerRegistrySecrets }}
packageRegistrySecretNames:
{{- range .Values.containerRegistrySecrets }}
- {{ . | quote }}
{{- end }}
{{- else if .Values.containerRegistrySecret }}
packageRegistrySecretNames:
- {{ .Values.containerRegistrySecret | quote }}
{{- else }}
{{ required "containerRegistrySecrets is required when eksContainerRegistryRoleARN is not set" .Values.containerRegistrySecrets }}
{{- end }}
{{- end }}
defaultDomainName: {{ .Values.defaultAppDomainName }}
userCertificateExpirationWarningDuration: {{ .Values.api.userCertificateExpirationWarningDuration }}
{{- if .Values.api.authProxy }}
authProxyHost: {{ .Values.api.authProxy.host | quote }}
authProxyCACert: {{ .Values.api.authProxy.caCert | quote }}
{{- end }}
logLevel: {{ .Values.logLevel }}
{{- if .Values.eksContainerRegistryRoleARN }}
containerRegistryType: "ECR"
{{- end }}
experimentalManagedServicesEnabled: {{ .Values.experimental.managedServices.include }}
role_mappings_config.yaml: |
roleMappings:
admin:
name: korifi-controllers-admin
propagate: true
admin_read_only:
name: korifi-controllers-admin-read-only
propagate: true
cf_user:
name: korifi-controllers-root-namespace-user
propagate: false
global_auditor:
name: korifi-controllers-global-auditor
propagate: true
organization_auditor:
name: korifi-controllers-organization-auditor
level: org
propagate: false
organization_billing_manager:
name: korifi-controllers-organization-billing-manager
level: org
propagate: false
organization_manager:
name: korifi-controllers-organization-manager
level: org
propagate: true
organization_user:
name: korifi-controllers-organization-user
level: org
propagate: false
space_auditor:
name: korifi-controllers-space-auditor
level: space
propagate: false
space_developer:
name: korifi-controllers-space-developer
level: space
propagate: false
space_manager:
name: korifi-controllers-space-manager
level: space
propagate: false
space_supporter:
name: korifi-controllers-space-supporter
level: space
propagate: false