From 8946778c0c207ee39f3020cc3851ea40fd1ddda8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Thu, 11 Sep 2025 14:25:37 +0200 Subject: [PATCH] fix: Slim --- values/matomo/values/values-prod.yaml | 814 +------------------------- 1 file changed, 7 insertions(+), 807 deletions(-) diff --git a/values/matomo/values/values-prod.yaml b/values/matomo/values/values-prod.yaml index 41d1c9b6..7d2ff1a7 100644 --- a/values/matomo/values/values-prod.yaml +++ b/values/matomo/values/values-prod.yaml @@ -1,178 +1,28 @@ -# yaml-language-server: $schema= -# -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) -## global: security: ## @param global.security.allowInsecureImages Allows skipping image verification allowInsecureImages: true -## @section Common parameters -## - -## @param usePasswordFiles Mount credentials as files instead of using environment variables -## usePasswordFiles: false -## @section Matomo parameters -## - -## Bitnami Matomo image version -## ref: https://hub.docker.com/r/bitnami/matomo/tags/ -## @param image.registry [default: REGISTRY_NAME] Matomo image registry -## @param image.repository [default: REPOSITORY_NAME/matomo] Matomo Image name -## @skip image.tag Matomo Image tag -## @param image.digest Matomo image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy Matomo image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## image: # repository: digitalist/matomo repository: bitnamilegacy/matomo - # tag: 5.2.1 - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## pullPolicy: IfNotPresent - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param replicaCount Number of Matomo Pods to run (requires ReadWriteMany PVC support) -## + replicaCount: 1 -## @param matomoUsername User of the application -## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo#configuration -## matomoUsername: admin -## @param matomoPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo#configuration -## matomoPassword: "en to tre fire" -## @param matomoEmail Admin email -## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo#configuration -## matomoEmail: user@example.com -## @param matomoWebsiteName Matomo application name -## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo#configuration -## matomoWebsiteName: oceanbox -## @param matomoWebsiteHost Matomo application host -## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo#configuration -## matomoWebsiteHost: https://matomo.adm.oceanbox.io -## @param matomoSkipInstall Skip Matomo installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo#configuration -## matomoSkipInstall: false -## @param customPostInitScripts Custom post-init.d user scripts -## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo -## NOTE: supported formats are `.sh` or `.php` -## NOTE: scripts are exclusively executed during the 1st boot of the container -## e.g: -## customPostInitScripts: -## custom-post-init.sh: | -## #!/bin/bash -## echo "Hello from custom-post-init.sh" -## .htaccess: | -## RewriteEngine On -## RewriteBase / -## ... -## -customPostInitScripts: {} -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo#environment-variables -## + allowEmptyPassword: false -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## + updateStrategy: type: RollingUpdate -## @param priorityClassName Matomo pods' priorityClassName -## -priorityClassName: "" -## @param schedulerName Name of the k8s scheduler (other than default) -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment -## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## The value is evaluated as a template -## -topologySpreadConstraints: [] -## @param automountServiceAccountToken Mount Service Account token in pod -## -automountServiceAccountToken: true -## @param hostAliases [array] Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## @param extraEnvVars Extra environment variables -## For example: -## -extraEnvVars: [] -# - name: BEARER_AUTH -# value: true -## @param extraEnvVarsCM ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) -## -extraEnvVarsSecret: "" -## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. -## -extraVolumeMounts: [] -## @param initContainers Add additional init containers to the pod (evaluated as a template) -## -initContainers: [] -## Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb -## @param pdb.create Enable/disable a Pod Disruption Budget creation -## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled -## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty. -## -pdb: - create: true - minAvailable: "" - maxUnavailable: "" -## @param sidecars Attach additional containers to the pod (evaluated as a template) -## -sidecars: [] -## @param serviceAccountName Attach serviceAccountName to the pod and sidecars -## -serviceAccountName: "" -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Name of a secret with the application password -## + existingSecret: "" ## SMTP mail delivery configuration ## ref: https://github.com/bitnami/containers/tree/main/bitnami/matomo/#smtp-configuration @@ -203,16 +53,7 @@ smtpExistingSecret: "" containerPorts: http: 8080 https: 8443 -## @param extraContainerPorts Optionally specify extra list of additional ports for Matomo container(s) -## e.g: -## extraContainerPorts: -## - name: myservice -## containerPort: 9090 -## -extraContainerPorts: [] -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ -## + persistence: ## @param persistence.enabled Enable persistence using PVC ## @@ -259,245 +100,7 @@ persistence: ## app: my-app ## selector: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. -## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. -## -nodeAffinityPreset: - type: "" - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ -## -nodeSelector: {} -## Matomo container's resource requests and limits -## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). -## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 -## -resourcesPreset: "micro" -## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) -## Example: -## resources: -## requests: -## cpu: 2 -## memory: 512Mi -## limits: -## cpu: 3 -## memory: 1024Mi -## -resources: {} -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable Matomo pods' Security Context -## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy -## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface -## @param podSecurityContext.supplementalGroups Set filesystem extra groups -## @param podSecurityContext.fsGroup Matomo pods' group ID -## -podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container -## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser -## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup -## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot -## @param containerSecurityContext.privileged Set container's Security Context privileged -## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem -## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation -## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped -## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile -## -containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 0 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -## Configure extra options for startup probe -## Matomo core exposes / to unauthenticated requests, making it a good -## default startup and readiness path. However, that may not always be the -## case. For example, if the image value is overridden to an image containing a -## module that alters that route, or an image that does not auto-install Matomo. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.path Request path for startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - path: /matomo.php - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 1 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 1 -## Configure extra options for readiness probe -## Matomo core exposes / to unauthenticated requests, making it a good -## default startup and readiness path. However, that may not always be the -## case. For example, if the image value is overridden to an image containing a -## module that alters that route, or an image that does not auto-install Matomo. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: /matomo.php - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 5 - successThreshold: 1 -## @param customStartupProbe Override default startup probe -## -customStartupProbe: {} -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Add additional labels to the pod (evaluated as a template) -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @section Traffic Exposure Parameters -## -## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.ports.http Service HTTP port - ## @param service.ports.https Service HTTPS port - ## - ports: - http: 80 - https: 443 - ## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) - ## e.g: - ## loadBalancerSourceRanges: - ## - 0.0.0.0/0 - ## - loadBalancerSourceRanges: [] - ## @param service.loadBalancerIP loadBalancerIP for the Matomo Service (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.nodePorts [object] Kubernetes node port - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.clusterIP Matomo service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param service.annotations Additional custom annotations for Matomo service - ## - annotations: {} - ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} -## Configure the ingress resource that allows you to access the -## Matomo installation. Set up the URL -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## ingress: ## @param ingress.enabled Enable ingress controller resource ## @@ -604,8 +207,8 @@ mariadb: ## username: bn_matomo password: test - passwordUpdateJob: - enabled: true + # passwordUpdateJob: + # enabled: true primary: ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ @@ -649,14 +252,6 @@ mariadb: ## resources: {} -## External database configuration -## @param externalDatabase.host Host of the existing database -## @param externalDatabase.port Port of the existing database -## @param externalDatabase.user Existing username in the external db -## @param externalDatabase.password Password for the above username -## @param externalDatabase.database Name of the existing database -## @param externalDatabase.existingSecret Name of a secret containing the database credentials -## externalDatabase: host: matomo-mariadb port: 3306 @@ -664,398 +259,3 @@ externalDatabase: database: bitnami_matomo existingSecret: matomo-mariadb # existingSecretPasswordKey: mariadb-password - -## @section Volume Permissions parameters -## - -## @section Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a exporter side-car - ## - enabled: false - ## @param metrics.image.registry [default: REGISTRY_NAME] Apache exporter image registry - ## @param metrics.image.repository [default: REPOSITORY_NAME/apache-exporter] Apache exporter image repository - ## @skip metrics.image.tag Apache exporter image tag - ## @param metrics.image.digest Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 1.0.10-debian-12-r55 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "small" - ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## - resources: {} - ## - ## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" -## @section Certificate injection parameters -## - -## Add custom certificates and certificate authorities to matomo container -## -certificates: - ## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add - ## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain - ## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret - ## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate - ## @param certificates.customCertificate.keyLocation Location in the container to store the private key - ## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain - ## - customCertificate: - certificateSecret: "" - chainSecret: - name: secret-name - key: secret-key - certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem - keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key - chainLocation: /etc/ssl/certs/mychain.pem - ## @param certificates.customCAs Defines a list of secrets to import into the container trust store - ## - customCAs: [] - ## @param certificates.command Override default container command (useful when using custom images) - ## - command: [] - ## @param certificates.args Override default container args (useful when using custom images) - ## - args: [] - ## @param certificates.extraEnvVars Container sidecar extra environment variables (eg proxy) - ## - extraEnvVars: [] - ## @param certificates.extraEnvVarsCM ConfigMap containing extra env vars - ## - extraEnvVarsCM: "" - ## @param certificates.extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param certificates.image.registry [default: REGISTRY_NAME] Container sidecar registry - ## @param certificates.image.repository [default: REPOSITORY_NAME/os-shell] Container sidecar image - ## @skip certificates.image.tag Container sidecar image tag - ## @param certificates.image.digest Container sidecar image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param certificates.image.pullPolicy Container sidecar image pull policy - ## @param certificates.image.pullSecrets Container sidecar image pull secrets - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r50 - digest: "" - ## Specify a imagePullPolicy - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @section NetworkPolicy parameters -## - -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section CronJob parameters -## -cronjobs: - taskScheduler: - ## @param cronjobs.taskScheduler.enabled Whether to enable scheduled mail-to-task CronJob - ## - enabled: true - ## @param cronjobs.taskScheduler.schedule Kubernetes CronJob schedule - ## - schedule: "*/5 * * * *" - ## @param cronjobs.taskScheduler.serviceAccountName Attach serviceAccountName to the pod of the CronJob - ## - serviceAccountName: "" - ## @param cronjobs.taskScheduler.automountServiceAccountToken Mount Service Account token in pod of the CronJob - ## - automountServiceAccountToken: true - ## @param cronjobs.taskScheduler.suspend Whether to create suspended CronJob - ## - suspend: false - ## @param cronjobs.taskScheduler.affinity Affinity for CronJob pod assignment - ## - affinity: {} - ## @param cronjobs.taskScheduler.nodeSelector Node labels for CronJob pod assignment. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param cronjobs.taskScheduler.tolerations Tolerations for CronJob pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param cronjobs.taskScheduler.command Override default container command (useful when using custom images) - ## - command: [] - ## @param cronjobs.taskScheduler.args Override default container args (useful when using custom images) - ## - args: [] - ## @param - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param cronjobs.taskScheduler.containerSecurityContext.enabled Enabled containers' Security Context - ## @param cronjobs.taskScheduler.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param cronjobs.taskScheduler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param cronjobs.taskScheduler.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param cronjobs.taskScheduler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param cronjobs.taskScheduler.containerSecurityContext.privileged Set container's Security Context privileged - ## @param cronjobs.taskScheduler.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param cronjobs.taskScheduler.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param cronjobs.taskScheduler.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param cronjobs.taskScheduler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 0 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param cronjobs.taskScheduler.podAnnotations Additional pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param cronjobs.taskScheduler.podLabels Additional pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param cronjobs.taskScheduler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - - ## Persistence using Persistent Volume Claims for the taskScheduler CronJob - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## @param cronjobs.taskScheduler.persistence.enabled Enable persistence using Persistent Volume Claims - ## @param cronjobs.taskScheduler.persistence.existingClaim A manually managed Persistent Volume Claim - ## - persistence: - enabled: true - existingClaim: "" - - ## Configure Pods Security Context for the taskScheduler CronJob - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param cronjobs.taskScheduler.podSecurityContext.enabled Enable Task scheduler cronjob pods' Security Context - ## @param cronjobs.taskScheduler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param cronjobs.taskScheduler.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param cronjobs.taskScheduler.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param cronjobs.taskScheduler.podSecurityContext.fsGroup Task scheduler cronjob pods' group ID - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - - ## @param cronjobs.taskScheduler.extraEnvVars Extra environment variables for the taskScheduler CronJob - extraEnvVars: [] - - ## @param cronjobs.taskScheduler.initContainers Additional init containers for the taskScheduler CronJob - ## - initContainers: [] - archive: - ## @param cronjobs.archive.enabled Whether to enable scheduled mail-to-task CronJob - ## - enabled: true - ## @param cronjobs.archive.schedule Kubernetes CronJob schedule - ## - schedule: "*/5 * * * *" - ## @param cronjobs.archive.serviceAccountName Attach serviceAccountName to the pod of the CronJob - ## - serviceAccountName: "" - ## @param cronjobs.archive.automountServiceAccountToken Mount Service Account token in pod of the CronJob - ## - automountServiceAccountToken: true - ## @param cronjobs.archive.suspend Whether to create suspended CronJob - ## - suspend: false - ## @param cronjobs.archive.affinity Affinity for CronJob pod assignment - ## - affinity: {} - ## @param cronjobs.archive.tolerations Tolerations for CronJob pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param cronjobs.archive.nodeSelector Node labels for CronJob pod assignment. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param cronjobs.archive.command Override default container command (useful when using custom images) - ## - command: [] - ## @param cronjobs.archive.args Override default container args (useful when using custom images) - ## - args: [] - ## @param - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param cronjobs.archive.containerSecurityContext.enabled Enabled containers' Security Context - ## @param cronjobs.archive.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param cronjobs.archive.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param cronjobs.archive.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param cronjobs.archive.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param cronjobs.archive.containerSecurityContext.privileged Set container's Security Context privileged - ## @param cronjobs.archive.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param cronjobs.archive.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param cronjobs.archive.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param cronjobs.archive.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 0 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## @param cronjobs.archive.podAnnotations Additional pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param cronjobs.archive.podLabels Additional pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - - ## @param cronjobs.archive.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - # NOTE: If not defined, this will fallback to the main resources request/limit to preserve backwards compatibility. This behaviour might be DEPRECATED - # in upcoming versions of the chart - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - - ## Persistence using Persistent Volume Claims for the archive CronJob - ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ - ## @param cronjobs.archive.persistence.enabled Enable persistence using Persistent Volume Claims - ## @param cronjobs.archive.persistence.existingClaim A manually managed Persistent Volume Claim - ## - persistence: - enabled: true - existingClaim: "" - - ## Configure Pods Security Context for the archive CronJob - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param cronjobs.archive.podSecurityContext.enabled Enable Archive cronjob pods' Security Context - ## @param cronjobs.archive.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param cronjobs.archive.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param cronjobs.archive.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param cronjobs.archive.podSecurityContext.fsGroup Archive cronjob pods' group ID - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - - ## @param cronjobs.archive.extraEnvVars Extra environment variables for the archive CronJob - extraEnvVars: [] - - ## @param cronjobs.archive.initContainers Additional init containers for the archive CronJob - ## - initContainers: []