commit 0aeca24aa438e6052b88d0b7cda2153013eac754 Author: Jonas Juselius Date: Tue Jan 30 16:03:23 2024 +0100 feat: initial commit diff --git a/argo/kustomize-helm-with-rewrite/.gitignore b/argo/kustomize-helm-with-rewrite/.gitignore new file mode 100644 index 00000000..5ab6415a --- /dev/null +++ b/argo/kustomize-helm-with-rewrite/.gitignore @@ -0,0 +1,2 @@ +argo-repo-server.yaml +values.yaml diff --git a/argo/kustomize-helm-with-rewrite/Dockerfile b/argo/kustomize-helm-with-rewrite/Dockerfile new file mode 100644 index 00000000..4675dac6 --- /dev/null +++ b/argo/kustomize-helm-with-rewrite/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine/k8s:1.28.3 + +RUN mkdir -p /home/argocd/cmp-server/config/ +COPY plugin.yaml /home/argocd/cmp-server/config/ + +WORKDIR /plugin +COPY init.sh get-values.sh generate.sh ./ + + + diff --git a/argo/kustomize-helm-with-rewrite/deploy.sh b/argo/kustomize-helm-with-rewrite/deploy.sh new file mode 100644 index 00000000..3aa05ecf --- /dev/null +++ b/argo/kustomize-helm-with-rewrite/deploy.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +img=registry.gitlab.com/oceanbox/gitops-manifests/kustomize-helm-with-rewrite +tag=${1:-latest} + +docker build -t $img:$tag . +docker push $img:$tag diff --git a/argo/kustomize-helm-with-rewrite/generate.sh b/argo/kustomize-helm-with-rewrite/generate.sh new file mode 100644 index 00000000..e6500aa9 --- /dev/null +++ b/argo/kustomize-helm-with-rewrite/generate.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +export HOME=/tmp + +echo $ARGOCD_APP_PARAMETERS | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml +cp parameters.yaml /tmp/$ARGOCD_APP_NAME-parameters.yaml + +if [ -f chart -a $PARAM_CHART = "." ]; then + CHART=$(cat chart) +else + CHART=$PARAM_CHART +fi + +helm template $PARAM_FLAGS \ + -f values.yaml \ + -f parameters.yaml \ + -f $PARAM_ENV/values.yaml \ + $ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml + +cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest.yaml +sed -i "$PARAM_REWRITE" ./base/_manifest.yaml +cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest-rw.yaml + +kubectl kustomize $PARAM_ENV > /tmp/$ARGOCD_APP_NAME-manifest.yaml +cat /tmp/$ARGOCD_APP_NAME-manifest.yaml diff --git a/argo/kustomize-helm-with-rewrite/get-values.sh b/argo/kustomize-helm-with-rewrite/get-values.sh new file mode 100644 index 00000000..ec4fbe92 --- /dev/null +++ b/argo/kustomize-helm-with-rewrite/get-values.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +# cat << EOF +# [{ +# "name": "values", +# "title": "Values", +# "collectionType": "map", +# "map": { "replicaCount": "1" } +# }] +# EOF + +yq e -o=p values.yaml | jq --slurp --raw-input ' + [{ + name: "helm-parameters", + title: "Helm Parameters", + collectionType: "map", + map: split("\n") | map(capture("(?.*) = (?.*)")) | from_entries + }]' + diff --git a/argo/kustomize-helm-with-rewrite/init.sh b/argo/kustomize-helm-with-rewrite/init.sh new file mode 100644 index 00000000..b88ef8f4 --- /dev/null +++ b/argo/kustomize-helm-with-rewrite/init.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +export HOME=/tmp + +helm repo add bitnami https://charts.bitnami.com/bitnami +helm repo add cerbos https://download.cerbos.dev/helm-charts +helm repo add dapr https://dapr.github.io/helm-charts/ +helm repo add ncsa https://opensource.ncsa.illinois.edu/charts + +helm repo update + diff --git a/argo/kustomize-helm-with-rewrite/plugin.yaml b/argo/kustomize-helm-with-rewrite/plugin.yaml new file mode 100644 index 00000000..d72ad88b --- /dev/null +++ b/argo/kustomize-helm-with-rewrite/plugin.yaml @@ -0,0 +1,94 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ConfigManagementPlugin +metadata: + name: kustomize-helm-with-rewrite +spec: + # version: v1.2 + # The init command runs in the Application source directory at the beginning of each manifest generation. The init + # command can output anything. A non-zero status code will fail manifest generation. + init: + # Init always happens immediately before generate, but its output is not treated as manifests. + # This is a good place to, for example, download chart dependencies. + command: [ /bin/sh ] + args: + - /plugin/init.sh + # The generate command runs in the Application source directory each time manifests are generated. Standard output + # must be ONLY valid Kubernetes Objects in either YAML or JSON. A non-zero exit code will fail manifest generation. + # To write log messages from the command, write them to stderr, it will always be displayed. + # Error output will be sent to the UI, so avoid printing sensitive information (such as secrets). + generate: + command: [ /bin/sh ] + args: + - /plugin/generate.sh + + # The discovery config is applied to a repository. If every configured discovery tool matches, then the plugin may be + # used to generate manifests for Applications using the repository. If the discovery config is omitted then the plugin + # will not match any application but can still be invoked explicitly by specifying the plugin name in the app spec. + # Only one of fileName, find.glob, or find.command should be specified. If multiple are specified then only the + # first (in that order) is evaluated. + # discover: + # fileName is a glob pattern (https://pkg.go.dev/path/filepath#Glob) that is applied to the Application's source + # directory. If there is a match, this plugin may be used for the Application. + # fileName: "./subdir/s*.yaml" + # find: + # This does the same thing as fileName, but it supports double-start (nested directory) glob patterns. + # glob: "**/Chart.yaml" + # The find command runs in the repository's root directory. To match, it must exit with status code 0 _and_ + # produce non-empty output to standard out. + # command: [sh, -c, find . -name env.yaml] + # The parameters config describes what parameters the UI should display for an Application. It is up to the user to + # actually set parameters in the Application manifest (in spec.source.plugin.parameters). The announcements _only_ + # inform the "Parameters" tab in the App Details page of the UI. + parameters: + # Static parameter announcements are sent to the UI for _all_ Applications handled by this plugin. + # Think of the `string`, `array`, and `map` values set here as "defaults". It is up to the plugin author to make + # sure that these default values actually reflect the plugin's behavior if the user doesn't explicitly set different + # values for those parameters. + static: + - name: env + title: Environment + tooltip: Kustomization env (directory in manifest folder) + required: true + itemType: string + collectionType: string + string: "staging" + - name: rewrite + title: Rewrite + tooltip: sed rewrite experssion + required: false + itemType: string + collectionType: string + string: "" + - name: chart + title: Chart + tooltip: Name or path of helm chart + required: false + itemType: string + collectionType: string + string: "." + - name: flags + title: Helm flags + tooltip: Extra helm flags + required: false + itemType: string + collectionType: string + string: "" + # All the fields above besides "string" apply to both the array and map type parameter announcements. + # - name: array-param + # # This field communicates the parameter's default value to the UI. Setting this field is optional. + # array: [default, items] + # collectionType: array + # - name: map-param + # # This field communicates the parameter's default value to the UI. Setting this field is optional. + # map: + # some: value + # collectionType: map + dynamic: + # The command is run in an Application's source directory. Standard output must be JSON matching the schema of the + # static parameter announcements list. + command: [ /bin/sh, /plugin/get-values.sh ] + + # If set to `true` then the plugin receives repository files with original file mode. Dangerous since the repository + # might have executable files. Set to true only if you trust the CMP plugin authors. + preserveFileMode: false + diff --git a/busynix/applicationset.yaml b/busynix/applicationset.yaml new file mode 100644 index 00000000..72c4e9d0 --- /dev/null +++ b/busynix/applicationset.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: busynix + namespace: argocd +spec: + generators: + - list: + elements: + - cluster: https://kubernetes.default.svc + env: prod + hostname: busynix.srv.oceanbox.io + - cluster: https://kubernetes.default.svc + env: staging + hostname: busynix.yolo.oceanbox.io + template: + metadata: + name: '{{ env }}-busynix' + spec: + destination: + namespace: oceanbox + server: '{{ cluster }}' + project: atlantis + source: + path: busynix + plugin: + name: kustomize-helm-with-rewrite + parameters: + - name: env + string: '{{ env }}' + - name: hostname + string: '{{ hostname }}' + repoURL: https://gitlab.com/oceanbox/charts.git + targetRevision: HEAD diff --git a/cerbos/application.yaml b/cerbos/application.yaml new file mode 100644 index 00000000..f9feacb5 --- /dev/null +++ b/cerbos/application.yaml @@ -0,0 +1,63 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cerbos + namespace: argocd +spec: + project: atlantis + source: + repoURL: https://download.cerbos.dev/helm-charts + targetRevision: 0.33.0 + chart: cerbos + helm: + values: | + replicaCount: 1 + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + # Spec of the cert-manager certificate to create for the Cerbos deployment. + # If certSpec is not empty, a cert-manager.io/v1/Certificate resource will be created with its spec populated with values from certSpec. + # The certSpec value must be a valid Certificate spec. This Helm chart does not provide any defaults or inject any values into it. + # If cerbos.tlsSecretName is defined, it takes precedence over the generated certificate. + certManager: + certSpec: {} + + # Cerbos service settings. + service: + type: ClusterIP + httpPort: 3592 + grpcPort: 3593 + httpNodePort: 13592 + grpcNodePort: 13593 + annotations: {} + + envFrom: + - secretRef: + name: cerbos-gitlab-token + + cerbos: + httpPort: 3592 + grpcPort: 3593 + tlsSecretName: "" + logLevel: INFO + config: + storage: + driver: "git" + git: + protocol: https + url: https://gitlab.com/oceanbox/cerbos + branch: main + subDir: policies + checkoutDir: /work + updatePollInterval: 60s + https: + username: cerbos + password: ${GITLAB_TOKEN} + destination: + server: https://kubernetes.default.svc + namespace: atlantis + diff --git a/cerbos/cerbos-gitlab-token.yaml b/cerbos/cerbos-gitlab-token.yaml new file mode 100644 index 00000000..50b43983 --- /dev/null +++ b/cerbos/cerbos-gitlab-token.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + GITLAB_TOKEN: Z2xwYXQtOTZvWmVwdnNiSnYyMzVXUWVqTnM= +kind: Secret +metadata: + name: cerbos-gitlab-token + namespace: atlantis +type: Opaque diff --git a/dex/application.yaml b/dex/application.yaml new file mode 100644 index 00000000..bc9ccad9 --- /dev/null +++ b/dex/application.yaml @@ -0,0 +1,71 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: dex + namespace: argocd +spec: + project: atlantis + source: + repoURL: https://charts.dexidp.io + targetRevision: 0.16.0 + chart: dex + helm: + values: | + replicaCount: 1 + https: + enabled: false + grpc: + enabled: false + + configSecret: + create: true + name: "" + config: {} + + volumes: + - name: web + persistentVolumeClaim: + claimName: oceanbox-dex + volumeMounts: + - name: web + mountPath: /srv/dex/web + envVars: [] + + service: + annotations: {} + type: ClusterIP + clusterIP: "" + ports: + http: + port: 5556 + nodePort: + https: + port: 5554 + nodePort: + grpc: + port: 5557 + nodePort: + + ingress: + enabled: true + className: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-staging + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: idp.beta.oceanbox.io + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: dex-tls + hosts: + - idp.beta.oceanbox.io + + serviceMonitor: + enabled: true + + destination: + server: https://kubernetes.default.svc + namespace: atlantis + diff --git a/dex/dex-config.yaml b/dex/dex-config.yaml new file mode 100644 index 00000000..2ed8e32e --- /dev/null +++ b/dex/dex-config.yaml @@ -0,0 +1,145 @@ +apiVersion: v1 +kind: Secret +metadata: + name: dex + namespace: atlantis +type: Opaque +stringData: + config.yaml: | + issuer: https://idp.oceanbox.io/dex + storage: + type: postgres + config: + host: oboxdb-rw + port: 5432 + database: dex_db + user: dex + password: crafter keenness gilled sprinkled + ssl: + mode: disable + web: + http: 127.0.0.1:5556 + telemetry: + http: 127.0.0.1:5558 + grpc: + addr: 127.0.0.1:5557 + frontend: + dir: /srv/dex/web + issuer: oceanbox + extra: + client_logo_url: "../theme/client-logo.png" + # enablePasswordDB: true + # staticPasswords: + # - email: "admin@oceanbox.io" + # hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC" + # username: "admin" + # userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f" + oauth2: + responseTypes: [ "code" ] + skipApprovalScreen: true + alwaysShowLoginScreen: false + connectors: + - type: microsoft + id: oceanbox + name: oceanbox.io + config: + clientID: 43667ac0-37e1-422f-99fc-50a699bb255c + clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB + tenant: 3f737008-e9a0-4485-9d27-40329d288089 + redirectURI: https://idp.oceanbox.io/dex/callback + onlySecurityGroups: true + groups: + - atlantis + - type: microsoft + id: salmar + name: salmar.no + config: + clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058 + clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2 + tenant: de10159d-2c09-4762-966c-e841d3391feb + redirectURI: https://idp.oceanbox.io/dex/callback + onlySecurityGroups: true + groups: + - Azure-Grp-App-Cloud-Oceanbox + - type: microsoft + id: aqua-kompetanse + name: aqua-kompetanse.no + config: + clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2 + clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC + tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3 + redirectURI: https://idp.oceanbox.io/dex/callback + onlySecurityGroups: true + groups: + - Oceanbox + - type: oidc + id: keycloak + name: default + config: + issuer: https://keycloak.dev.oceanbox.io/realms/Oceanbox + clientID: dex + clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4 + redirectURI: https://idp.oceanbox.io/dex/callback + promptType: login + staticClients: + - id: atlantis + redirectURIs: + - 'https://maps.oceanbox.io/signin-oidc' + - 'https://maps.relic.oceanbox.io/signin-oidc' + name: 'Atlantis' + secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm + - id: atlantis_dev + redirectURIs: + - 'https://atlantis.dev.oceanbox.io/signin-oidc' + - 'https://jonas-tilt-atlantis.dev.oceanbox.io/signin-oidc' + - 'https://stig-tilt-atlantis.dev.oceanbox.io/signin-oidc' + - 'https://simkir-tilt-atlantis.dev.oceanbox.io/signin-oidc' + - 'https://atlantis.local.oceanbox.io:8080/signin-oidc' + name: 'Atlantis dev' + secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR + - id: petimeter + redirectURIs: + - 'https://petimeter.svc.oceanbox.io/signin-oidc' + name: 'Petimeter dev' + secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs + - id: petimeter_dev + redirectURIs: + - 'https://petimeter.dev.oceanbox.io/signin-oidc' + - 'https://jonas-tilt-petimeter.dev.oceanbox.io/signin-oidc' + - 'https://stig-tilt-petimeter.dev.oceanbox.io/signin-oidc' + - 'https://simkir-tilt-petimeter.dev.oceanbox.io/signin-oidc' + - 'https://petimeter.local.oceanbox.io:8080/signin-oidc' + name: 'Petimeter dev' + secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk + - id: sorcerer + redirectURIs: + - 'https://sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://sorcerer.hpc.oceanbox.io/signin-oidc' + name: 'Sorcerer' + secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB + - id: sorcerer_dev + redirectURIs: + - 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://sorcerer.hpc.oceanbox.io/signin-oidc' + - 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://s.local.oceanbox.io:11080/signin-oidc' + - 'https://sorcerer.local.oceanbox.io:11080/signin-oidc' + name: 'Sorcerer dev' + secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy + - id: archmeister + redirectURIs: + - 'https://archmeister.svc.oceanbox.io/signin-oidc' + name: 'Archmeister' + secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro + - id: archmeister_dev + redirectURIs: + - 'https://archmeister.dev.oceanbox.io/signin-oidc' + - 'https://jonas-archmeister.dev.oceanbox.io/signin-oidc' + - 'https://simkir-archmeister.dev.oceanbox.io/signin-oidc' + - 'https://r.local.oceanbox.io:11080/signin-oidc' + - 'https://archmeister.local.oceanbox.io:9080/signin-oidc' + name: 'Archmeister dev' + secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I + diff --git a/dex/dex-volumes.yaml b/dex/dex-volumes.yaml new file mode 100644 index 00000000..a1651f08 --- /dev/null +++ b/dex/dex-volumes.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-oceanbox-dex +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 50M + mountOptions: + - vers=4.2 + - soft + nfs: + path: /oceanbox/pv-oceanbox-dex + server: 10.255.241.210 + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: oceanbox-dex + namespace: atlantis +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50M + storageClassName: "" + volumeMode: Filesystem + volumeName: pv-oceanbox-dex diff --git a/dex/templates b/dex/templates new file mode 160000 index 00000000..1fd8cd00 --- /dev/null +++ b/dex/templates @@ -0,0 +1 @@ +Subproject commit 1fd8cd005f740e1dd7974ead1f3b82963cc3777a diff --git a/geoserver/application.yaml b/geoserver/application.yaml new file mode 100644 index 00000000..8c817d1c --- /dev/null +++ b/geoserver/application.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: geoserver + namespace: argocd +spec: + project: gis + source: + repoURL: https://gitlab.com/oceanbox/charts.git + targetRevision: HEAD + path: geoserver + plugin: + name: kustomize-helm-with-rewrite + parameters: + - name: env + string: prod + - name: hostname + string: geoserver.srv.oceanbox.io + - name: flags + string: "--skip-tests" + - name: chart + string: ncsa/geoserver + destination: + server: https://kubernetes.default.svc + namespace: geoserver + diff --git a/geoserver/data/Biomasse.gpkg b/geoserver/data/Biomasse.gpkg new file mode 100644 index 00000000..25befc11 Binary files /dev/null and b/geoserver/data/Biomasse.gpkg differ diff --git a/geoserver/data/Flate.gpkg b/geoserver/data/Flate.gpkg new file mode 100644 index 00000000..cd5b84e4 Binary files /dev/null and b/geoserver/data/Flate.gpkg differ diff --git a/geoserver/data/ILA.gpkg b/geoserver/data/ILA.gpkg new file mode 100644 index 00000000..19b7e93e Binary files /dev/null and b/geoserver/data/ILA.gpkg differ diff --git a/geoserver/data/Lokaliteter.gpkg b/geoserver/data/Lokaliteter.gpkg new file mode 100644 index 00000000..c325e7c5 Binary files /dev/null and b/geoserver/data/Lokaliteter.gpkg differ diff --git a/geoserver/data/PD.gpkg b/geoserver/data/PD.gpkg new file mode 100644 index 00000000..1b0581b3 Binary files /dev/null and b/geoserver/data/PD.gpkg differ diff --git a/k1/oceanbox-wp.yaml b/k1/oceanbox-wp.yaml new file mode 100644 index 00000000..3c441449 --- /dev/null +++ b/k1/oceanbox-wp.yaml @@ -0,0 +1,1125 @@ +image: + registry: docker.io + repository: bitnami/wordpress + tag: 6.1.1-debian-11-r1 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + +## @section WordPress Configuration parameters +## WordPress settings based on environment variables +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress#environment-variables +## + +## @param wordpressUsername WordPress username +## +wordpressUsername: admin +## @param wordpressPassword WordPress user password +## Defaults to a random 10-character alphanumeric string if not set +## +wordpressPassword: "identify stimulus whacky unluckily" +## @param existingSecret Name of existing secret containing WordPress credentials +## NOTE: Must contain key `wordpress-password` +## NOTE: When it's set, the `wordpressPassword` parameter is ignored +## +existingSecret: "" +## @param wordpressEmail WordPress user email +## +wordpressEmail: info@oceanbox.io +## @param wordpressFirstName WordPress user first name +## +wordpressFirstName: Svenn +## @param wordpressLastName WordPress user last name +## +wordpressLastName: Hanssen +## @param wordpressBlogName Blog name +## +wordpressBlogName: Oceanbox.io +## @param wordpressTablePrefix Prefix to use for WordPress database tables +## +wordpressTablePrefix: wp_ +## @param wordpressScheme Scheme to use to generate WordPress URLs +## +wordpressScheme: https +## @param wordpressSkipInstall Skip wizard installation +## NOTE: useful if you use an external database that already contains WordPress data +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress#connect-wordpress-docker-container-to-an-existing-database +## +wordpressSkipInstall: false +## @param wordpressExtraConfigContent Add extra content to the default wp-config.php file +## e.g: +## wordpressExtraConfigContent: | +## @ini_set( 'post_max_size', '128M'); +## @ini_set( 'memory_limit', '256M' ); +## +wordpressExtraConfigContent: "" +## @param wordpressConfiguration The content for your custom wp-config.php file (advanced feature) +## NOTE: This will override configuring WordPress based on environment variables (including those set by the chart) +## NOTE: Currently only supported when `wordpressSkipInstall=true` +## +wordpressConfiguration: "" +## @param existingWordPressConfigurationSecret The name of an existing secret with your custom wp-config.php file (advanced feature) +## NOTE: When it's set the `wordpressConfiguration` parameter is ignored +## +existingWordPressConfigurationSecret: "" +## @param wordpressConfigureCache Enable W3 Total Cache plugin and configure cache settings +## NOTE: useful if you deploy Memcached for caching database queries or you use an external cache server +## +wordpressConfigureCache: false +## @param wordpressPlugins Array of plugins to install and activate. Can be specified as `all` or `none`. +## NOTE: If set to all, only plugins that are already installed will be activated, and if set to none, no plugins will be activated +## +wordpressPlugins: none +## @param apacheConfiguration The content for your custom httpd.conf file (advanced feature) +## +apacheConfiguration: "" +## @param existingApacheConfigurationConfigMap The name of an existing secret with your custom httpd.conf file (advanced feature) +## NOTE: When it's set the `apacheConfiguration` parameter is ignored +## +existingApacheConfigurationConfigMap: "" +## @param customPostInitScripts Custom post-init.d user scripts +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress +## NOTE: supported formats are `.sh`, `.sql` or `.php` +## NOTE: scripts are exclusively executed during the 1st boot of the container +## e.g: +## customPostInitScripts: +## enable-multisite.sh: | +## #!/bin/bash +## chmod +w /bitnami/wordpress/wp-config.php +## wp core multisite-install --url=example.com --title="Welcome to the WordPress Multisite" --admin_user="doesntmatternotreallyused" --admin_password="doesntmatternotreallyused" --admin_email="user@example.com" +## cat /docker-entrypoint-init.d/.htaccess > /bitnami/wordpress/.htaccess +## chmod -w bitnami/wordpress/wp-config.php +## .htaccess: | +## RewriteEngine On +## RewriteBase / +## ... +## +customPostInitScripts: {} +## SMTP mail delivery configuration +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress/#smtp-configuration +## @param smtpHost SMTP server host +## @param smtpPort SMTP server port +## @param smtpUser SMTP username +## @param smtpPassword SMTP user password +## @param smtpProtocol SMTP protocol +## +smtpHost: smtpgw.itpartner.no +smtpPort: 465 +smtpUser: utvikling +smtpPassword: S0m3rp0m@de#21! +smtpProtocol: ssl +## @param smtpExistingSecret The name of an existing secret with SMTP credentials +## NOTE: Must contain key `smtp-password` +## NOTE: When it's set, the `smtpPassword` parameter is ignored +## +smtpExistingSecret: "" +## @param allowEmptyPassword Allow the container to be started with blank passwords +## +allowEmptyPassword: true +## @param allowOverrideNone Configure Apache to prohibit overriding directives with htaccess files +## +allowOverrideNone: false +## @param overrideDatabaseSettings Allow overriding the database settings persisted in wp-config.php +## +overrideDatabaseSettings: false +## @param htaccessPersistenceEnabled Persist custom changes on htaccess files +## If `allowOverrideNone` is `false`, it will persist `/opt/bitnami/wordpress/wordpress-htaccess.conf` +## If `allowOverrideNone` is `true`, it will persist `/opt/bitnami/wordpress/.htaccess` +## +htaccessPersistenceEnabled: false +## @param customHTAccessCM The name of an existing ConfigMap with custom htaccess rules +## NOTE: Must contain key `wordpress-htaccess.conf` with the file content +## NOTE: Requires setting `allowOverrideNone=false` +## +customHTAccessCM: "" +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param extraEnvVars Array with extra environment variables to add to the WordPress container +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars +## +extraEnvVarsSecret: "" + +## @section WordPress Multisite Configuration parameters +## ref: https://github.com/bitnami/containers/tree/main/bitnami/wordpress#multisite-configuration +## + +## @param multisite.enable Whether to enable WordPress Multisite configuration. +## @param multisite.host WordPress Multisite hostname/address. This value is mandatory when enabling Multisite mode. +## @param multisite.networkType WordPress Multisite network type to enable. Allowed values: `subfolder`, `subdirectory` or `subdomain`. +## @param multisite.enableNipIoRedirect Whether to enable IP address redirection to nip.io wildcard DNS. Useful when running on an IP address with subdomain network type. +## +multisite: + enable: false + host: "" + networkType: subdomain + enableNipIoRedirect: false + +## @section WordPress deployment parameters +## + +## @param replicaCount Number of WordPress replicas to deploy +## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 +## +replicaCount: 1 +## @param updateStrategy.type WordPress deployment strategy type +## @param updateStrategy.rollingUpdate WordPress deployment rolling update configuration parameters +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods +## e.g: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate + rollingUpdate: {} +## @param schedulerName Alternate scheduler +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param priorityClassName Name of the existing priority class to be used by WordPress pods, priority class needs to be created beforehand +## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param hostAliases [array] WordPress pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: + ## Required for Apache exporter to work + ## + - ip: "127.0.0.1" + hostnames: + - "status.localhost" +## @param extraVolumes Optionally specify extra list of additional volumes for WordPress pods +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for WordPress container(s) +## +extraVolumeMounts: [] +## @param sidecars Add additional sidecar containers to the WordPress pod +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @param initContainers Add additional init containers to the WordPress pods +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## command: ['sh', '-c', 'copy themes and plugins from git and push to /bitnami/wordpress/wp-content. Should work with extraVolumeMounts and extraVolumes'] +## +initContainers: [] +## @param podLabels Extra labels for WordPress pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for WordPress pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## WordPress containers' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## @param resources.limits The resources limits for the WordPress containers +## @param resources.requests.memory The requested memory for the WordPress containers +## @param resources.requests.cpu The requested cpu for the WordPress containers +## +resources: + limits: {} + requests: + memory: 512Mi + cpu: 300m +## Container ports +## @param containerPorts.http WordPress HTTP container port +## @param containerPorts.https WordPress HTTPS container port +## +containerPorts: + http: 8080 + https: 8443 +## @param extraContainerPorts Optionally specify extra list of additional ports for WordPress container(s) +## e.g: +## extraContainerPorts: +## - name: myservice +## containerPort: 9090 +## +extraContainerPorts: [] +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled WordPress pods' Security Context +## @param podSecurityContext.fsGroup Set WordPress pod's Security Context fsGroup +## @param podSecurityContext.seccompProfile.type Set WordPress container's Security Context seccomp profile +## +podSecurityContext: + enabled: true + fsGroup: 1001 + seccompProfile: + type: "RuntimeDefault" +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled WordPress containers' Security Context +## @param containerSecurityContext.runAsUser Set WordPress container's Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set WordPress container's Security Context runAsNonRoot +## @param containerSecurityContext.allowPrivilegeEscalation Set WordPress container's privilege escalation +## @param containerSecurityContext.capabilities.drop Set WordPress container's Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] +## Configure extra options for WordPress containers' liveness, readiness and startup probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe on WordPress containers +## @skip livenessProbe.httpGet +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + httpGet: + path: /wp-admin/install.php + port: '{{ .Values.wordpressScheme }}' + scheme: '{{ .Values.wordpressScheme | upper }}' + ## If using an HTTPS-terminating load-balancer, the probes may need to behave + ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes + ## docs, 302 should be considered "successful", but this issue on GitHub + ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. + ## E.g. + ## httpHeaders: + ## - name: X-Forwarded-Proto + ## value: https + ## + httpHeaders: [] + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param readinessProbe.enabled Enable readinessProbe on WordPress containers +## @skip readinessProbe.httpGet +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + httpGet: + path: /wp-login.php + port: '{{ .Values.wordpressScheme }}' + scheme: '{{ .Values.wordpressScheme | upper }}' + ## If using an HTTPS-terminating load-balancer, the probes may need to behave + ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes + ## docs, 302 should be considered "successful", but this issue on GitHub + ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. + ## E.g. + ## httpHeaders: + ## - name: X-Forwarded-Proto + ## value: https + ## + httpHeaders: [] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param startupProbe.enabled Enable startupProbe on WordPress containers +## @skip startupProbe.httpGet +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + httpGet: + path: /wp-login.php + port: '{{ .Values.wordpressScheme }}' + scheme: '{{ .Values.wordpressScheme | upper }}' + ## If using an HTTPS-terminating load-balancer, the probes may need to behave + ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes + ## docs, 302 should be considered "successful", but this issue on GitHub + ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. + ## E.g. + ## httpHeaders: + ## - name: X-Forwarded-Proto + ## value: https + ## + httpHeaders: [] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customReadinessProbe Custom readinessProbe that overrides the default one +## +customReadinessProbe: {} +## @param customStartupProbe Custom startupProbe that overrides the default one +## +customStartupProbe: {} +## @param lifecycleHooks for the WordPress container(s) to automate configuration before or after startup +## +lifecycleHooks: {} + +## @section Traffic Exposure Parameters +## + +## WordPress service parameters +## +service: + ## @param service.type WordPress service type + ## + type: LoadBalancer + ## @param service.ports.http WordPress service HTTP port + ## @param service.ports.https WordPress service HTTPS port + ## + ports: + http: 80 + https: 443 + ## @param service.httpsTargetPort Target port for HTTPS + ## + httpsTargetPort: https + ## Node ports to expose + ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.https Node port for HTTPS + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + https: "" + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## @param service.clusterIP WordPress service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP WordPress service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges WordPress service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy WordPress service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for WordPress service + ## + annotations: {} + ## @param service.extraPorts Extra port to expose on WordPress service + ## + extraPorts: [] +## Configure the ingress resource that allows you to access the WordPress installation +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress record generation for WordPress + ## + enabled: true + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: oceanbox.io + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/proxy-body-size: 1024m + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: wordpress.local + ## path: / + ## + extraHosts: + - name: www.oceanbox.io + path: / + - name: wp.oceanbox.io + path: / + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - wordpress.local + ## secretName: wordpress.local-tls + ## + extraTls: + - hosts: + - oceanbox.io + - www.oceanbox.io + - wp.oceanbox.io + secretName: oceanbox-tls + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: wordpress.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: wordpress.local + ## http: + ## path: / + ## backend: + ## service: + ## name: wordpress-svc + ## port: + ## name: http + ## + extraRules: [] + +## @section Persistence Parameters +## + +## Persistence Parameters +## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + enabled: true + ## @param persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param persistence.accessModes [array] Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.accessMode Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) + ## + accessMode: ReadWriteOnce + ## @param persistence.size Persistent Volume size + ## + size: 10Gi + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param persistence.existingClaim The name of an existing PVC to use for persistence + ## + existingClaim: "" + ## @param persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param persistence.annotations Persistent Volume Claim annotations + ## + annotations: {} + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## Bitnami Shell image + ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ + ## @param volumePermissions.image.registry Bitnami Shell image registry + ## @param volumePermissions.image.repository Bitnami Shell image repository + ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy + ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 11-debian-11-r52 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits The resources limits for the init container + ## @param volumePermissions.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + ## Init container' Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.containerSecurityContext.runAsUser + ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container + ## + containerSecurityContext: + runAsUser: 0 + +## @section Other Parameters +## + +## WordPress Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for WordPress pod + ## + create: false + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: true + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## WordPress Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## @param pdb.create Enable a Pod Disruption Budget creation +## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled +## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable +## +pdb: + create: false + minAvailable: 1 + maxUnavailable: "" +## WordPress Autoscaling configuration +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +## @param autoscaling.enabled Enable Horizontal POD autoscaling for WordPress +## @param autoscaling.minReplicas Minimum number of WordPress replicas +## @param autoscaling.maxReplicas Maximum number of WordPress replicas +## @param autoscaling.targetCPU Target CPU utilization percentage +## @param autoscaling.targetMemory Target Memory utilization percentage +## +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 11 + targetCPU: 50 + targetMemory: 50 + +## @section Metrics Parameters +## + +## Prometheus Exporter / Metrics configuration +## +metrics: + ## @param metrics.enabled Start a sidecar prometheus exporter to expose metrics + ## + enabled: false + ## Bitnami Apache exporter image + ## ref: https://hub.docker.com/r/bitnami/apache-exporter/tags/ + ## @param metrics.image.registry Apache exporter image registry + ## @param metrics.image.repository Apache exporter image repository + ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy Apache exporter image pull policy + ## @param metrics.image.pullSecrets Apache exporter image pull secrets + ## + image: + registry: docker.io + repository: bitnami/apache-exporter + tag: 0.11.0-debian-11-r62 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.containerPorts.metrics Prometheus exporter container port + ## + containerPorts: + metrics: 9117 + ## Configure extra options for Prometheus exporter containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param metrics.livenessProbe.enabled Enable livenessProbe on Prometheus exporter containers + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + ## @param metrics.readinessProbe.enabled Enable readinessProbe on Prometheus exporter containers + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 3 + failureThreshold: 3 + successThreshold: 1 + ## @param metrics.startupProbe.enabled Enable startupProbe on Prometheus exporter containers + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## Prometheus exporter container's resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param metrics.resources.limits The resources limits for the Prometheus exporter container + ## @param metrics.resources.requests The requested resources for the Prometheus exporter container + ## + resources: + limits: {} + requests: {} + ## Prometheus exporter service parameters + ## + service: + ## @param metrics.service.ports.metrics Prometheus metrics service port + ## + ports: + metrics: 9150 + ## @param metrics.service.annotations [object] Additional custom annotations for Metrics service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.containerPorts.metrics }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + +## @section NetworkPolicy parameters +## + +## Add networkpolicies +## +networkPolicy: + ## @param networkPolicy.enabled Enable network policies + ## If ingress.enabled or metrics.enabled are true, configure networkPolicy.ingress and networkPolicy.metrics selectors respectively to allow communication + ## + enabled: false + ## @param networkPolicy.metrics.enabled Enable network policy for metrics (prometheus) + ## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. + ## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. + ## + metrics: + enabled: false + ## e.g: + ## podSelector: + ## label: monitoring + ## + podSelector: {} + ## e.g: + ## namespaceSelector: + ## label: monitoring + ## + namespaceSelector: {} + ## @param networkPolicy.ingress.enabled Enable network policy for Ingress Proxies + ## @param networkPolicy.ingress.namespaceSelector [object] Ingress Proxy namespace selector labels. These labels will be used to identify the Ingress Proxy's namespace. + ## @param networkPolicy.ingress.podSelector [object] Ingress Proxy pods selector labels. These labels will be used to identify the Ingress Proxy pods. + ## + ingress: + enabled: false + ## e.g: + ## podSelector: + ## label: ingress + ## + podSelector: {} + ## e.g: + ## namespaceSelector: + ## label: ingress + ## + namespaceSelector: {} + ## @param networkPolicy.ingressRules.backendOnlyAccessibleByFrontend Enable ingress rule that makes the backend (mariadb) only accessible by testlink's pods. + ## @param networkPolicy.ingressRules.customBackendSelector [object] Backend selector labels. These labels will be used to identify the backend pods. + ## @param networkPolicy.ingressRules.accessOnlyFrom.enabled Enable ingress rule that makes testlink only accessible from a particular origin + ## @param networkPolicy.ingressRules.accessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access testlink. This label will be used to identified the allowed namespace(s). + ## @param networkPolicy.ingressRules.accessOnlyFrom.podSelector [object] Pods selector label that is allowed to access testlink. This label will be used to identified the allowed pod(s). + ## @param networkPolicy.ingressRules.customRules [object] Custom network policy ingress rule + ## + ingressRules: + ## mariadb backend only can be accessed from testlink + ## + backendOnlyAccessibleByFrontend: false + ## Additional custom backend selector + ## e.g: + ## customBackendSelector: + ## - to: + ## - namespaceSelector: + ## matchLabels: + ## label: example + ## + customBackendSelector: {} + ## Allow only from the indicated: + ## + accessOnlyFrom: + enabled: false + ## e.g: + ## podSelector: + ## label: access + ## + podSelector: {} + ## e.g: + ## namespaceSelector: + ## label: access + ## + namespaceSelector: {} + ## custom ingress rules + ## e.g: + ## customRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + ## + customRules: {} + ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). + ## @param networkPolicy.egressRules.customRules [object] Custom network policy rule + ## + egressRules: + # Deny connections to external. This is not compatible with an external database. + denyConnectionsToExternal: false + ## Additional custom egress rules + ## e.g: + ## customRules: + ## - to: + ## - namespaceSelector: + ## matchLabels: + ## label: example + ## + customRules: {} + +## @section Database Parameters +## + +## MariaDB chart configuration +## ref: https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml +## +mariadb: + ## @param mariadb.enabled Deploy a MariaDB server to satisfy the applications database requirements + ## To use an external database set this to false and configure the `externalDatabase.*` parameters + ## + enabled: true + ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` + ## + architecture: standalone + ## MariaDB Authentication parameters + ## @param mariadb.auth.rootPassword MariaDB root password + ## @param mariadb.auth.database MariaDB custom database + ## @param mariadb.auth.username MariaDB custom user name + ## @param mariadb.auth.password MariaDB custom user password + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run + ## https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run + ## https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run + ## + auth: + rootPassword: "" + database: bitnami_wordpress + username: bn_wordpress + password: "" + ## MariaDB Primary configuration + ## + primary: + ## MariaDB Primary Persistence parameters + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ + ## @param mariadb.primary.persistence.enabled Enable persistence on MariaDB using PVC(s) + ## @param mariadb.primary.persistence.storageClass Persistent Volume storage class + ## @param mariadb.primary.persistence.accessModes [array] Persistent Volume access modes + ## @param mariadb.primary.persistence.size Persistent Volume size + ## + persistence: + enabled: true + storageClass: "" + accessModes: + - ReadWriteOnce + size: 8Gi +## External Database Configuration +## All of these values are only used if `mariadb.enabled=false` +## +externalDatabase: + ## @param externalDatabase.host External Database server host + ## + host: localhost + ## @param externalDatabase.port External Database server port + ## + port: 3306 + ## @param externalDatabase.user External Database username + ## + user: bn_wordpress + ## @param externalDatabase.password External Database user password + ## + password: "" + ## @param externalDatabase.database External Database database name + ## + database: bitnami_wordpress + ## @param externalDatabase.existingSecret The name of an existing secret with database credentials. Evaluated as a template + ## NOTE: Must contain key `mariadb-password` + ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored + ## + existingSecret: "" +## Memcached chart configuration +## ref: https://github.com/bitnami/charts/blob/main/bitnami/memcached/values.yaml +## +memcached: + ## @param memcached.enabled Deploy a Memcached server for caching database queries + ## + enabled: false + ## Authentication parameters + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/memcached#creating-the-memcached-admin-user + ## + auth: + ## @param memcached.auth.enabled Enable Memcached authentication + ## + enabled: false + ## @param memcached.auth.username Memcached admin user + ## + username: "" + ## @param memcached.auth.password Memcached admin password + ## + password: "" + ## Service parameters + ## + service: + ## @param memcached.service.port Memcached service port + ## + port: 11211 +## External Memcached Configuration +## All of these values are only used if `memcached.enabled=false` +## +externalCache: + ## @param externalCache.host External cache server host + ## + host: localhost + ## @param externalCache.port External cache server port + ## + port: 11211 + diff --git a/k1/redis-nodeport.yaml b/k1/redis-nodeport.yaml new file mode 100644 index 00000000..44fc06ac --- /dev/null +++ b/k1/redis-nodeport.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: redis-nodeport + namespace: oceanbox +spec: + externalTrafficPolicy: Cluster + ports: + - name: redis + nodePort: 30379 + port: 6379 + protocol: TCP + targetPort: 6379 + selector: + app.kubernetes.io/instance: redis + app.kubernetes.io/name: redis + sessionAffinity: None + type: NodePort diff --git a/keycloak/application.yaml b/keycloak/application.yaml new file mode 100644 index 00000000..b8efcbd4 --- /dev/null +++ b/keycloak/application.yaml @@ -0,0 +1,59 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: keycloak + namespace: argocd +spec: + project: atlantis + destination: + server: https://kubernetes.default.svc + namespace: atlantis + source: + repoURL: https://charts.bitnami.com/bitnami + targetRevision: 18.3.3 + chart: keycloak + helm: + values: | + auth: + adminPassword: en to tre fire + adminUser: admin + existingSecret: "" + managementPassword: "" + managementUser: manager + extraVolumeMounts: + - mountPath: /opt/bitnami/keycloak/themes/oceanbox + name: theme + extraVolumes: + - emptyDir: {} + name: theme + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + nginx.ingress.kubernetes.io/ssl-redirect: "true" + enabled: true + extraHosts: [] + extraPaths: [] + hostname: auth.oceanbox.io + ingressClassName: nginx + path: / + pathType: ImplementationSpecific + selfSigned: false + servicePort: http + tls: true + initContainers: | + - name: keycloak-theme-provider + image: docker.io/juselius/oceanbox-theme:1.0 + imagePullPolicy: IfNotPresent + command: + - sh + args: + - -c + - | + echo "Copying theme..." + cp -R /theme/* /keycloak/themes/oceanbox + volumeMounts: + - name: theme + mountPath: /keycloak/themes/oceanbox + diff --git a/rabbitmq/application.yaml b/rabbitmq/application.yaml new file mode 100644 index 00000000..793fc069 --- /dev/null +++ b/rabbitmq/application.yaml @@ -0,0 +1,46 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: rabbitmq + namespace: argocd +spec: + project: atlantis + destination: + server: https://kubernetes.default.svc + namespace: atlantis + source: + repoURL: https://charts.bitnami.com/bitnami + targetRevision: 12.9.0 + chart: redis + helm: + values: | + auth: + erlangCookie: "" + existingErlangSecret: "" + existingPasswordSecret: "" + password: hunny-bunny + username: user + clusterDomain: cluster.local + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + enabled: true + extraHosts: [] + extraPaths: [] + extraRules: [] + hostname: rabbitmq.svc.oceanbox.io + ingressClassName: "" + path: / + pathType: ImplementationSpecific + secrets: [] + selfSigned: false + tls: true + persistence: + accessModes: + - ReadWriteOnce + enabled: true + existingClaim: "" + size: 8Gi + storageClass: "" diff --git a/redis/application.yaml b/redis/application.yaml new file mode 100644 index 00000000..908e4e73 --- /dev/null +++ b/redis/application.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: redis + namespace: argocd +spec: + project: atlantis + destination: + server: https://kubernetes.default.svc + namespace: atlantis + source: + repoURL: https://charts.bitnami.com/bitnami + targetRevision: 18.9.1 + chart: redis + helm: + values: | + diff --git a/seq/application.yaml b/seq/application.yaml new file mode 100644 index 00000000..1b84ea03 --- /dev/null +++ b/seq/application.yaml @@ -0,0 +1,137 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: seq + namespace: argocd +spec: + project: atlantis + destination: + server: https://kubernetes.default.svc + namespace: atlantis + source: + repoURL: https://helm.datalust.co + targetRevision: 2024.1.0 + chart: seq + helm: + values: | + acceptEULA: "Y" + + # Set this URL if you enable ingress and/or AAD authentication. + # Without this URL set to include HTTPS, Seq will try to set a login redirect + # URL with HTTP instead of HTTPS and AAD's registration requires HTTPS. + # The result is that you'll get an error during login: + # AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application + # baseURI: https://my.public.url/ + + # Set this to create an admin user with given password hash at first run. + # See here for docs on how to create the password hash: https://blog.datalust.co/setting-an-initial-password-when-deploying-seq-to-docker/ + # firstRunAdminUsername: "admin" + # firstRunAdminPasswordHash: "" + # firstRunRequireAuthenticationForHttpIngestion: true + + # The complete Seq API and UI. + # This API can accept events and serve API requests. + ui: + service: + port: 80 + ingress: + enabled: true + path: / + hosts: + - seq.beta.oceanbox.io + + # The ingestion-only API. + # This API is a subset of ui that can only ingest events. + ingestion: + service: + port: 5341 + ingress: + enabled: false + path: / + hosts: + - ingestion.seq.beta.oceanbox.io + + # Accept events in the GELF format and forward them to Seq. + gelf: + enabled: false + image: + repository: datalust/seq-input-gelf + pullPolicy: IfNotPresent + service: + port: 12201 + # GELF can be ingested through either TCP or UDP + protocol: TCP + + # Accept events in the Syslog format and forward them to Seq. + syslog: + enabled: false + image: + repository: datalust/seq-input-syslog + pullPolicy: IfNotPresent + service: + port: 514 + # Only UDP is currently supported for ingesting Syslog + protocol: UDP + + service: + type: ClusterIP + + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-staging + nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + kubernetes.io/ingress.class: nginx + tls: + - secretName: seq-tls + hosts: + - seq.beta.oceanbox.io + labels: {} + + resources: + limits: + memory: 2Gi + + cache: + # The fraction of RAM that the cache should try fit within. Specifying a larger + # value may allow more events in RAM at the expense of potential instability. + # Setting it to `0` will disable the cache completely. + # 60% (`0.6`) is a good starting point for machines with up to ~8GB of RAM. + targetSize: 0.6 + + persistence: + enabled: true + path: /data + subPath: "" + accessMode: ReadWriteOnce + size: 8Gi + + serviceAccount: + create: false + name: + + ## Enable RBAC + rbac: + create: false + rules: [] + + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + startupProbe: + enabled: true + failureThreshold: 30 + periodSeconds: 10 +