-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
3646 lines (3448 loc) · 164 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
##
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
postgresql:
## @param global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`)
##
service:
ports:
postgresql: ""
## @section K8S Env parameters
##
## @param k8sSetup.platform The platform on which you install the chart. Possible values: AWSEKS/AzureAKS/GoogleGKE/PlainK8s
## @param k8sSetup.validateValues Enable validation of the values
##
k8sSetup:
platform: PlainK8s
validateValues: true
## @section Deploy servers common parameters
##
## @param license Sets your XL License by passing a base64 string license, which will then be added to the license file.
## Convert xl-deploy.lic files content to base64 ( cat xl-deploy.lic | base64 -w 0 ) and put the output here
##
license:
## @param licenseAcceptEula Accept EULA, in case of missing license, it will generate temporary license.
##
licenseAcceptEula: false
## @param generateXlConfig Generate configuration from environment parameters passed, and volumes mounted with custom changes. If set to false, a default config will be used and all environment variables and volumes added will be ignored.
##
generateXlConfig: true
## @param externalCentralConfig Flag to disable the embedded config server and use external config server. If "true", the embedded config server will be used and the external config server denoted by the "CENTRAL_CONFIG_URL" variable will be used
##
externalCentralConfig: true
## @param xldInProcess Used to control whether the internal in-process worker should be used or not. If you need to use external workers then this needs to be set to false.
xldInProcess: false
## @param usaCache Flag to disable/enable the use of application cache
usaCache: false
## @param appContextRoot Deploy context root.
##
appContextRoot: /
## @param clusterMode This is to specify if the HA setup is needed and to specify the HA mode. Possible values: "default", "hot-standby", "full"
##
clusterMode: full
## @section Deploy external resources
external:
db:
## @param external.db.enabled Enable external database
enabled: false
main:
## @param external.db.main.url Main database URL for Deploy
url: ""
## @param external.db.main.username Main database username for Deploy
username:
## @param external.db.main.password Main database password for Deploy
password:
## @param external.db.main.maxPoolSize Main database max pool size for Deploy
maxPoolSize: ""
report:
## @param external.db.report.url Report database URL for Deploy
url: ""
## @param external.db.report.username Report database username for Deploy
username:
## @param external.db.report.password Report database password for Deploy
password:
## @param external.db.report.maxPoolSize Report database max pool size for Deploy
maxPoolSize: ""
mq:
## @param external.mq.enabled Enable external message queue
enabled: false
## @param external.mq.url External message queue broker URL for Deploy
url: ""
## @param external.mq.queueName External message queue name for Deploy
queueName: ""
## @param external.mq.username External message queue broker username for Deploy
username:
## @param external.mq.password External message queue broker password for Deploy
password:
## @param external.mq.driverClassName External message queue driver class name for Deploy
driverClassName: ""
## @param external.mq.queueType Valid only for External rabbitmq message queue. Possible values: "quorum", "classic"
queueType: "classic"
## @section Deploy keystore and truststore parameters
keystore:
## @param keystore.passphrase Set passphrase for the keystore
passphrase:
## @param keystore.keystore Use repository-keystore.jceks files content ecoded with base64
# https://docs.xebialabs.com/v.9.8/deploy/how-to/update-the-xl-deploy-digital-certificate/#view-the-certificate
# Convert repository-keystore.jceks files content to base64
# ( cat repository-keystore.jceks | base64 -w 0 ) and put the output here
# if empty during initial run, the default keystore will be generated with provided "passphrase"
keystore:
truststore:
## @param truststore.type Type of truststore, possible value jks or jceks or pkcs12
type: "pkcs12"
## @param truststore.password Truststore password
password:
## @param truststore.truststore Truststore file base64 encoded
truststore: {}
## @param truststore.params Truststore params in the command line
params: "{{- if .Values.truststore.truststore }} -Djavax.net.ssl.trustStore=$(TRUSTSTORE) -Djavax.net.ssl.trustStorePassword=$(TRUSTSTORE_PASSWORD) -Djavax.net.ssl.trustStoreType=$(TRUSTSTORE_TYPE){{- end }}"
## @section Deploy hooks
##
hooks:
## @param busyBox.image.registry busyBox container image registry
## @param busyBox.image.repository busyBox container image repository
## @param busyBox.image.tag busyBox container image tag
## @param busyBox.image.pullPolicy busyBox container image pull policy
## @param busyBox.image.pullSecrets Specify docker-registry secret names as an array
##
getLicense:
## @param hooks.getLicense.enabled set to true to support license auto generation by using helm hook, it is working together with enabled licenseAcceptEula
enabled: true
## @param hooks.getLicense.name Name of the resources that will be used during hook execution
name: '{{ include "common.names.fullname" . }}-license'
## @param hooks.getLicense.deletePolicy Helm hook delete policy
deletePolicy: "before-hook-creation,hook-succeeded"
## @param hooks.getLicense.getCommand The command for getting temporary license, see hooks.getLicense.configuration.bin_get-license
getCommand:
- /opt/xebialabs/xl-deploy-server/bin/get-license.sh
## @param hooks.getLicense.installCommand The command for creating the secret with the license, see hooks.getLicense.configuration.bin_install-license
installCommand:
- /opt/xebialabs/xl-deploy-server/bin/install-license.sh
## @param hooks.getLicense.image.registry getLicense hook container image registry
## @param hooks.getLicense.image.repository getLicense hook container image repository
## @param hooks.getLicense.image.tag getLicense hook container image tag
## @param hooks.getLicense.image.pullPolicy getLicense hook container image pull policy
## @param hooks.getLicense.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/kubectl
tag: 1.30.6-debian-12-r0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param hooks.getLicense.containerSecurityContext.enabled Enabled get licence containers' Security Context
## @param hooks.getLicense.containerSecurityContext.runAsNonRoot Set get licence container's Security Context runAsNonRoot
## @param hooks.getLicense.containerSecurityContext.readOnlyRootFilesystem Mounts the container's root filesystem as read-only
## @param hooks.getLicense.containerSecurityContext.allowPrivilegeEscalation Set get licence container's Security Context allowPrivilegeEscalation
## @extra hooks.getLicense.containerSecurityContext.capabilities Set get licence container's Security Context capabilities
## @skip hooks.getLicense.containerSecurityContext.capabilities
## @extra hooks.getLicense.containerSecurityContext.seccompProfile Set get licence container's Security Context seccompProfile
## @skip hooks.getLicense.containerSecurityContext.seccompProfile
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## Example:
## containerSecurityContext:
## capabilities:
## drop: ["NET_RAW"]
## readOnlyRootFilesystem: true
##
containerSecurityContext:
enabled: true
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
## @extra hooks.getLicense.configuration Deploy Configuration file content
## Do not override unless you know what you are doing.
##
configuration:
## @extra hooks.getLicense.configuration.bin_get-license The configuration of the script for getting the license
## @param hooks.getLicense.configuration.bin_get-license.path The path to the script for getting the license
## @param hooks.getLicense.configuration.bin_get-license.mode The access mode of the script for getting the license
## @param hooks.getLicense.configuration.bin_get-license.content Content of the script for getting the license
bin_get-license:
path: "bin/get-license.sh"
mode: 0755
content: |
#!/bin/bash
echo "Requesting unregistered license"
SERVER_PATH_PART=https://download.xebialabs.com
echo -e $(curl -X POST "${SERVER_PATH_PART}/api/unregistered/xl-deploy" | jq --raw-output .license) > ${APP_HOME}/conf/deployit-license.lic
file_size=$(stat -c%s "${APP_HOME}/conf/deployit-license.lic")
if [ "$file_size" -lt 10 ]; then
echo "License file is NOT valid"
exit 1
fi
## @extra hooks.getLicense.configuration.bin_install-license The configuration of the script for setting up license secret
## @param hooks.getLicense.configuration.bin_install-license.path The path to the script for setting up license secret
## @param hooks.getLicense.configuration.bin_install-license.mode The access mode of the script for setting up license secret
## @param hooks.getLicense.configuration.bin_install-license.content Content of the script for setting up license secret
bin_install-license:
path: "bin/install-license.sh"
mode: 0755
content: |
#!/bin/bash
SECRET_NAME="{{ include "common.tplvalues.render" ( dict "value" $.Values.hooks.getLicense.name "context" $ ) }}"
FILE_PATH="/opt/xebialabs/xl-deploy-server/conf/deployit-license.lic"
if kubectl get secret "$SECRET_NAME" > /dev/null 2>&1; then
echo "Secret '$SECRET_NAME' exists skipping creation."
else
kubectl create secret generic $SECRET_NAME \
--from-file=$FILE_PATH \
--dry-run=client \
-o yaml | kubectl apply -f -
fi
genSelfSigned:
## @param hooks.genSelfSigned.enabled set to true to support self-signed ket auto generation by using helm hook
enabled: false
## @param hooks.genSelfSigned.name Name of the resources that will be used during hook execution
name: '{{ include "common.names.fullname" . }}-self-signed'
## @param hooks.genSelfSigned.deletePolicy Helm hook delete policy
deletePolicy: "before-hook-creation,hook-succeeded"
## @param hooks.genSelfSigned.genCommand The command for getting self-signed key, see hooks.genSelfSigned.configuration.bin_gen-self-signed
genCommand:
- /opt/xebialabs/xl-deploy-server/bin/gen-self-signed.sh
## @param hooks.genSelfSigned.installCommand The command for creating the secret with the self-signed key, see hooks.genSelfSigned.configuration.bin_install-self-signed
installCommand:
- /opt/xebialabs/xl-deploy-server/bin/install-self-signed.sh
## @param hooks.genSelfSigned.image.registry genSelfSigned hook container image registry
## @param hooks.genSelfSigned.image.repository genSelfSigned hook container image repository
## @param hooks.genSelfSigned.image.tag genSelfSigned hook container image tag
## @param hooks.genSelfSigned.image.pullPolicy genSelfSigned hook container image pull policy
## @param hooks.genSelfSigned.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/kubectl
tag: 1.30.6-debian-12-r0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param hooks.genSelfSigned.containerSecurityContext.enabled Enabled generate self-signed containers' Security Context
## @param hooks.genSelfSigned.containerSecurityContext.runAsNonRoot Set generate self-signed container's Security Context runAsNonRoot
## @param hooks.genSelfSigned.containerSecurityContext.allowPrivilegeEscalation Set generate self-signed container's Security Context allowPrivilegeEscalation
## @param hooks.genSelfSigned.containerSecurityContext.readOnlyRootFilesystem Mounts the container's root filesystem as read-only
## @extra hooks.genSelfSigned.containerSecurityContext.capabilities Set generate self-signed container's Security Context capabilities
## @skip hooks.genSelfSigned.containerSecurityContext.capabilities
## @extra hooks.genSelfSigned.containerSecurityContext.seccompProfile Set generate self-signed container's Security Context seccompProfile
## @skip hooks.genSelfSigned.containerSecurityContext.seccompProfile
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## Example:
## containerSecurityContext:
## capabilities:
## drop: ["NET_RAW"]
## readOnlyRootFilesystem: true
##
containerSecurityContext:
enabled: true
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
## @extra hooks.genSelfSigned.configuration Deploy Configuration file content
## Do not override unless you know what you are doing.
##
configuration:
## @extra hooks.genSelfSigned.configuration.bin_gen-self-signed The configuration of the script for creating self signed key
## @param hooks.genSelfSigned.configuration.bin_gen-self-signed.path The path to the script forcreating self signed key
## @param hooks.genSelfSigned.configuration.bin_gen-self-signed.mode The access mode of the script for creating self signed key
## @param hooks.genSelfSigned.configuration.bin_gen-self-signed.content Content of the script for creating self signed key
bin_gen-self-signed:
path: "bin/gen-self-signed.sh"
mode: 0755
content: |
#!/bin/bash
echo "Generating deploy self-signed cert"
HOSTNAME="{{- include "deploy.hostname" . -}}"
STOREPASS="{{- .Values.ssl.keystorePassword -}}"
KEYPASS="{{- .Values.ssl.keystoreKeypassword -}}"
KEYTYPE="{{- .Values.ssl.keystoreType -}}"
keytool -genkey -keyalg RSA -alias dai-deploy -keystore conf/keystore.$KEYTYPE -validity 365 -keysize 2048 -storepass "$STOREPASS" -storetype "$KEYTYPE" -keypass "$KEYPASS" \
-dname "CN=$HOSTNAME,OU=,O=Digital.ai Deploy,L=,ST=,C=" \
-ext "SAN=DNS:{{- include "common.names.fullname" . -}}.local"
keytool -export -alias dai-deploy -keystore conf/keystore.$KEYTYPE -rfc -file conf/public.cert -storepass "$STOREPASS" -storetype "$KEYTYPE" -keypass "$KEYPASS"
## @extra hooks.genSelfSigned.configuration.bin_install-self-signed The configuration of the script for setting up self-signed key secret
## @param hooks.genSelfSigned.configuration.bin_install-self-signed.path The path to the script for setting up self-signed key secret
## @param hooks.genSelfSigned.configuration.bin_install-self-signed.mode The access mode of the script for setting up self-signed key secret
## @param hooks.genSelfSigned.configuration.bin_install-self-signed.content Content of the script for setting up self-signed key secret
bin_install-self-signed:
path: "bin/install-self-signed.sh"
mode: 0755
content: |
#!/bin/bash
SECRET_NAME="{{ include "common.tplvalues.render" ( dict "value" $.Values.hooks.genSelfSigned.name "context" $ ) }}"
KEYSTORE_FILE_PATH="/opt/xebialabs/xl-deploy-server/conf/keystore.{{- .Values.ssl.keystoreType -}}"
CERT_FILE_PATH="/opt/xebialabs/xl-deploy-server/conf/public.cert"
if kubectl get secret "$SECRET_NAME" > /dev/null 2>&1; then
echo "Secret '$SECRET_NAME' exists skipping creation."
else
kubectl create secret generic $SECRET_NAME \
--from-file=$KEYSTORE_FILE_PATH \
--from-file=$CERT_FILE_PATH \
--dry-run=client \
-o yaml | kubectl apply -f -
fi
## @section Deploy satellite parameters
##
satellite:
## @param satellite.enabled Enable support to work with Deploy Satellites
enabled: false
## @section Deploy security parameters
##
## Deploy Authentication parameters
##
auth:
## @param auth.adminPassword Admin password for Deploy. If user does not provide password, random 10 character alphanumeric string will be generated.
adminPassword:
ssl:
## @param ssl.enabled Enable SSL to be used on Deploy
enabled: false
## @param ssl.keystorePassword Keystore password with SSL key.
keystorePassword: changeme
## @param ssl.keystoreKeypassword Keystore key password with SSL key.
keystoreKeypassword: changeme
## @param ssl.keystoreType Keystore type, options pkcs12 or jks.
keystoreType: pkcs12
## @extra ssl.keystore Keystore content in base64 format or it can reference the existing secret.
## @param ssl.keystore.valueFrom.secretKeyRef.name Name of the secret where the keystore was stored.
## @param ssl.keystore.valueFrom.secretKeyRef.key Name of the key in the secret where the keystore was stored.
keystore:
valueFrom:
secretKeyRef:
name: '{{ include "common.tplvalues.render" ( dict "value" .Values.hooks.genSelfSigned.name "context" $ ) }}'
key: keystore.{{ .Values.ssl.keystoreType }}
## @section Deploy Central Configuration parameters
##
centralConfiguration:
## @param centralConfiguration.overrideName If set the template will override the STS name.
##
overrideName: ""
## @param centralConfiguration.useIpAsHostname Set IP address of the container as the hostname for the instance.
## If set to true then IP will be used instead of the container ID. This is useful
## when deploying XL Deploy as active-active cluster using docker compose as Pekko cannot resolve aliases within the docker network.
##
useIpAsHostname: false
## @param centralConfiguration.terminationGracePeriodSeconds Default duration in seconds k8s waits for container to exit before sending kill signal.
## Any time in excess of 10 seconds will be spent waiting for any synchronization necessary for cluster not to lose data.
##
terminationGracePeriodSeconds: 10
## @param centralConfiguration.encryptKey spring cloud config encryption key
encryptKey:
## @param centralConfiguration.migrateFromEmbedded Migrate to central configuration seprate server based setup
migrateFromEmbedded: false
## @param centralConfiguration.replicaCount Number of deploy replicas to deploy
##
replicaCount: 1
## @section deploy Central Configuration Image parameters
## deploy image version
## ref: https://hub.docker.com/r/xebialabs/xl-deploy/tags/
## @param centralConfiguration.image.registry deploy image registry
## @param centralConfiguration.image.repository deploy image repository
## @param centralConfiguration.image.tag deploy image tag (immutable tags are recommended)
## @param centralConfiguration.image.pullPolicy deploy image pull policy
## @param centralConfiguration.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: xebialabsunsupported/central-configuration
tag: "{{ .Chart.AppVersion }}"
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @section Central Configuration debug parameters
##
## Enable diagnostic mode in the deployment
##
diagnosticMode:
## @param centralConfiguration.diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param centralConfiguration.diagnosticMode.command Command to override all containers in the deployment
##
command:
- /opt/xebialabs/tini
## @param centralConfiguration.diagnosticMode.args Args to override all containers in the deployment
##
args:
- --
- sleep
- infinity
## Enable debug mode in the deployment
##
debugMode:
## @param centralConfiguration.debugMode.enabled Enable debug mode (it starts all process with debug agent)
##
enabled: false
## @param centralConfiguration.debugMode.remoteJvmParams Agent lib configuration line with port. Do port forwarding to the port you would like to use.
##
remoteJvmParams: "{{- if .Values.centralConfiguration.debugMode.enabled }} -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8001{{- end }}"
## @section Central configuration DNS parameters
##
## @param centralConfiguration.hostAliases Deployment pod host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: [ ]
## @param centralConfiguration.dnsPolicy DNS Policy for pod
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
## E.g.
## dnsPolicy: ClusterFirst
dnsPolicy: ""
## @param centralConfiguration.dnsConfig DNS Configuration pod
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
## E.g.
## dnsConfig:
## options:
## - name: ndots
## value: "4"
dnsConfig: { }
## @section Central configuration resource parameters
##
## Deploy central configuration containers' resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param centralConfiguration.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
##
resourcesPreset: "micro"
## @param centralConfiguration.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## limits:
## cpu: 1000m
## memory: 2Gi
## requests:
## cpu: 1000m
## memory: 2Gi
##
resources: {}
## @section Central configuration Statefulset parameters
##
## Configure containers' extra options for liveness and readiness probe for the Deploy central configuration
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param centralConfiguration.health.enabled Enable probes
## @param centralConfiguration.health.periodScans Period seconds for probe
## @param centralConfiguration.health.probeFailureThreshold Failure threshold for probe
## @param centralConfiguration.health.probesLivenessTimeout Initial delay seconds for livenessProbe
## @param centralConfiguration.health.probesReadinessTimeout Initial delay seconds for readinessProbe
##
health:
enabled: true
periodScans: 10
probeFailureThreshold: 12
probesLivenessTimeout: 20
probesReadinessTimeout: 20
## @param centralConfiguration.schedulerName Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## deploy should be initialized one by one when building cluster.
## Therefore, the default value of podManagementPolicy is 'OrderedReady'
## @param centralConfiguration.podManagementPolicy Pod management policy
##
podManagementPolicy: OrderedReady
## @extra centralConfiguration.podLabels deploy Pod labels. Evaluated as a template
## @param centralConfiguration.podLabels.app.kubernetes.io/component Label with component name
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels:
"app.kubernetes.io/component": centralConfiguration
## @param centralConfiguration.podAnnotations deploy Pod annotations. Evaluated as a template
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param centralConfiguration.updateStrategy.type Update strategy type for deploy statefulset
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## StrategyType - for Deploy master is set OnDelete update strategy because Deploy master needs to start in incremental pod sequence
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## @extra centralConfiguration.statefulsetLabels deploy statefulset labels. Evaluated as a template
## @param centralConfiguration.statefulsetLabels.app.kubernetes.io/component Label with component name
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
statefulsetLabels:
"app.kubernetes.io/component": centralConfiguration
## @param centralConfiguration.statefulsetAnnotations Deploy central configuration statefulset annotations. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
statefulsetAnnotations: {}
## @param centralConfiguration.priorityClassName Name of the priority class to be used by deploy pods, priority class needs to be created beforehand
## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## @param centralConfiguration.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param centralConfiguration.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param centralConfiguration.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param centralConfiguration.nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param centralConfiguration.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param centralConfiguration.affinity Affinity for pod assignment. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: { }
## @param centralConfiguration.nodeSelector Node labels for pod assignment. Evaluated as a template
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: { }
## @param centralConfiguration.tolerations Tolerations for pod assignment. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: [ ]
## @param centralConfiguration.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: [ ]
## deploy pods' Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param centralConfiguration.podSecurityContext.enabled Enable deploy pods' Security Context
## @param centralConfiguration.podSecurityContext.runAsUser Set Deploy pod's Security Context runAsUser
## @param centralConfiguration.podSecurityContext.fsGroup Set deploy pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
runAsUser: 10001
fsGroup: 10001
## @param centralConfiguration.containerSecurityContext.enabled Enabled deploy containers' Security Context
## @param centralConfiguration.containerSecurityContext.runAsNonRoot Set deploy container's Security Context runAsNonRoot
## @param centralConfiguration.containerSecurityContext.allowPrivilegeEscalation Set deploy container's Security Context allowPrivilegeEscalation
## @param centralConfiguration.containerSecurityContext.readOnlyRootFilesystem Mounts the container's root filesystem as read-only
## @extra centralConfiguration.containerSecurityContext.capabilities Set deploy container's Security Context capabilities
## @skip centralConfiguration.containerSecurityContext.capabilities
## @extra centralConfiguration.containerSecurityContext.seccompProfile Set deploy container's Security Context seccompProfile
## @skip centralConfiguration.containerSecurityContext.seccompProfile
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## Example:
## containerSecurityContext:
## capabilities:
## drop: ["NET_RAW"]
## readOnlyRootFilesystem: true
##
containerSecurityContext:
enabled: true
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
## @param centralConfiguration.initContainers Add init containers to the deploy pod
## Example:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
## resources: {}
##
initContainers: []
## @param centralConfiguration.sidecars Add sidecar containers to the deploy pod
## Example:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
## resources: {}
##
sidecars: []
## @section Central Configuration Init Container parameters
##
## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component
## values from the securityContext section of the component
##
volumePermissions:
## @param centralConfiguration.volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`
##
enabled: false
## @param centralConfiguration.volumePermissions.image.registry Init container volume-permissions image registry
## @param centralConfiguration.volumePermissions.image.repository Init container volume-permissions image repository
## @param centralConfiguration.volumePermissions.image.tag Init container volume-permissions image tag
## @param centralConfiguration.volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param centralConfiguration.volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param centralConfiguration.volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r31
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param centralConfiguration.volumePermissions.script Script for changing the owner and group of the persistent volume(s). Paths are declared in the 'paths' variable.
script: |
#!/bin/bash
declare -a paths=( {{ range $path := .Values.centralConfiguration.persistence.paths }} "{{ $path }}"{{ end }} )
for path in "${paths[@]}"; do
echo "Changing ownership to {{ .Values.centralConfiguration.containerSecurityContext.runAsUser }}:{{ .Values.centralConfiguration.podSecurityContext.fsGroup }} for ${path}"
chown "{{ .Values.centralConfiguration.containerSecurityContext.runAsUser }}:{{ .Values.centralConfiguration.podSecurityContext.fsGroup }}" "${path}"
find "${path}" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
xargs -r chown -R "{{ .Values.centralConfiguration.containerSecurityContext.runAsUser }}:{{ .Values.centralConfiguration.podSecurityContext.fsGroup }}"
done
## Init Container resource requests and limits
## @extra centralConfiguration.volumePermissions.resources.limits Init container volume-permissions resource limits
## @skip centralConfiguration.volumePermissions.resources.limits
## @skextraip centralConfiguration.volumePermissions.resources.requests Init container volume-permissions resource requests
## @skip centralConfiguration.volumePermissions.resources.requests
##
resources:
limits:
cpu: "150m"
memory: "192Mi"
ephemeral-storage: "2Gi"
requests:
cpu: "100m"
memory: "128Mi"
ephemeral-storage: "50Mi"
## Init container' Security Context
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
## and not the below volumePermissions.containerSecurityContext.runAsUser
## @param centralConfiguration.volumePermissions.containerSecurityContext.allowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process
## @param centralConfiguration.volumePermissions.containerSecurityContext.readOnlyRootFilesystem Mounts the container's root filesystem as read-only
## @param centralConfiguration.volumePermissions.containerSecurityContext.runAsUser User ID for the init container
## @param centralConfiguration.volumePermissions.containerSecurityContext.runAsGroup Group ID for the init container
## @param centralConfiguration.volumePermissions.containerSecurityContext.runAsNonRoot Set volume permissions init container's Security Context runAsNonRoot
## @extra centralConfiguration.volumePermissions.containerSecurityContext.seccompProfile Set volume permissions init container's Security Context seccompProfile
## @skip centralConfiguration.volumePermissions.containerSecurityContext.seccompProfile
##
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
## @section Central Configuration Pod Disruption Budget configuration
##
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
##
pdb:
## @param centralConfiguration.pdb.create Enable/disable a Pod Disruption Budget creation
##
create: false
## @param centralConfiguration.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
##
minAvailable: 1
## @param centralConfiguration.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
##
maxUnavailable: ""
## @section Central Configuration Persistence parameters
##
persistence:
## @param centralConfiguration.persistence.enabled Enable deploy data persistence using PVC
##
enabled: false
## @param centralConfiguration.persistence.single Enable deploy data to use single PVC
##
single: false
## @param centralConfiguration.persistence.storageClass PVC Storage Class for deploy data volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param centralConfiguration.persistence.selector Selector to match an existing Persistent Volume
## selector:
## matchLabels:
## app: my-app
##
selector: { }
## @param centralConfiguration.persistence.accessModes PVC Access Modes for deploy data volume
##
accessModes:
- ReadWriteOnce
## @param centralConfiguration.persistence.existingClaim Provide an existing PersistentVolumeClaims
## The value is evaluated as a template
## So, for example, the name can depend on .Release or .Chart
##
existingClaim: ""
## @param centralConfiguration.persistence.size PVC Storage Request for deploy data volume
##
size: 1Gi
## @extra centralConfiguration.persistence.annotations Persistence annotations. Evaluated as a template
## @param centralConfiguration.persistence.annotations.helm.sh/resource-policy Persistence annotation for keeping created PVCs
## Example:
## annotations:
## example.io/disk-volume-type: SSD
##
annotations:
helm.sh/resource-policy: "keep"
## @param centralConfiguration.persistence.paths mounted paths for the Deploy master
paths: []
## @param centralConfiguration.persistence.emptyDirPaths mounted empty-dir mounts to have wrtieable paths
emptyDirPaths:
- /tmp
- /opt/xebialabs/central-configuration-server/centralConfiguration
- /opt/xebialabs/central-configuration-server/conf
- /opt/xebialabs/central-configuration-server/log
## @section Central Configuration Deploy runtime parameters
##
## @param centralConfiguration.jvmArgs Deploy centralConfiguration JVM arguments
##
jvmArgs: ""
## @param centralConfiguration.command Override default container command (useful when using custom images)
##
command:
- /opt/xebialabs/tini
## @param centralConfiguration.args Override default container args (useful when using custom images)
##
args:
- --
- /opt/xebialabs/central-configuration-server/bin/run-in-operator.sh
## @param centralConfiguration.lifecycleHooks Overwrite livecycle for the deploy container(s) to automate configuration before or after startup
##
lifecycleHooks: { }
## @extra centralConfiguration.ssl This section exists as placeholder, but the CC HTTPS is not yet supported.
ssl:
## @param centralConfiguration.ssl.enabled Enable SSL to be used on Deploy
enabled: false
## @param centralConfiguration.ssl.keystorePassword Keystore password with SSL key.
keystorePassword: changeme
## @param centralConfiguration.ssl.keystoreKeypassword Keystore key password with SSL key.
keystoreKeypassword: changeme
## @param centralConfiguration.ssl.keystoreType Keystore type, options pkcs12 or jks.
keystoreType: pkcs12
## @extra centralConfiguration.ssl.keystore Keystore content in base64 format or it can reference the existing secret.
## @param centralConfiguration.ssl.keystore.valueFrom.secretKeyRef.name Name of the secret where the keystore was stored.
## @param centralConfiguration.ssl.keystore.valueFrom.secretKeyRef.key Name of the key in the secret where the keystore was stored.
keystore:
valueFrom:
secretKeyRef:
name: '{{ include "common.tplvalues.render" ( dict "value" .Values.hooks.genSelfSigned.name "context" $ ) }}'
key: keystore.{{ .Values.ssl.keystoreType }}
## @param centralConfiguration.logback.globalLoggingLevel Global logging level. Possible values: "trace", "debug", "info", "warn", "error".
## @param centralConfiguration.logback.scanEnabled Enables scanning of logback.xml.
## @param centralConfiguration.logback.scanPeriod Interval for checking logback.xml configuration.
##
logback:
globalLoggingLevel: "info"
scanEnabled: true
scanPeriod: "30 seconds"
## @param centralConfiguration.extraEnvVars Extra environment variables to add to deploy pods
## E.g:
## extraEnvVars:
## - name: FOO
## value: BAR
##
extraEnvVars: [ ]
## @param centralConfiguration.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables
##
extraEnvVarsCM: ""
## @param centralConfiguration.extraEnvVarsSecret Name of existing Secret containing extra environment variables (in case of sensitive data)
##
extraEnvVarsSecret: ""
## Container Ports
## @param centralConfiguration.containerPorts.ccHttp Deploy central configuration HTTP port value exposed on the central configuration container
## @param centralConfiguration.containerPorts.ccHttps Deploy central configuration HTTPS port value exposed on the central configuration container
##
containerPorts:
ccHttp: 8888
ccHttps: 8843
## @param centralConfiguration.extraContainerPorts Extra ports to be included in container spec, primarily informational
## E.g:
## extraContainerPorts:
## - name: new_port_name
## containerPort: 1234
##
extraContainerPorts: [ ]
## @extra centralConfiguration.configuration deploy Configuration file content: required cluster configuration
## Do not override unless you know what you are doing.
## To add more configuration, use `extraConfiguration` of `advancedConfiguration` instead
##
configuration:
## @extra centralConfiguration.configuration.bin_run-in-operator-sh The script for starting the central configuration with K8S configuration
## @param centralConfiguration.configuration.bin_run-in-operator-sh.path The path for the script for starting the central configuration with K8S configuration
## @param centralConfiguration.configuration.bin_run-in-operator-sh.mode The access mode for the script for starting the central configuration with K8S configuration
## @param centralConfiguration.configuration.bin_run-in-operator-sh.content Content of the script for starting the central configuration with K8S configuration
"bin_run-in-operator-sh":
path: "bin/run-in-operator.sh"
mode: 0755
content: |
#!/bin/bash
echo "Delete empty files to replace them with latest configuration"
find /opt/xebialabs/central-configuration-server/centralConfiguration -maxdepth 1 -type f -empty -print -delete
{{- if .Values.oidc.enabled }}
if [[ ${GENERATE_XL_CONFIG,,} != "true" ]]; then
echo "Not generating deploy-oidc.yaml as GENERATE_XL_CONFIG != 'true'"
elif [[ -e ${APP_HOME}/central-conf/deploy-oidc.yaml.template && ! -f "${APP_HOME}/centralConfiguration/deploy-oidc.yaml" ]]; then
echo "Generate configuration file deploy-oidc.yaml from environment parameters"
sed -e "s#\${XL_DB_DRIVER}#${XL_DB_DRIVER}#g" \
-e "s#\${HOSTNAME_SUFFIX}#${HOSTNAME_SUFFIX}#g" \
-e "s#\${DNS_RESOLVER}#${DNS_RESOLVER}#g" \
-e "s#\${HOSTNAME}#${HOSTNAME}#g" \
-e "s#\${XLD_TASK_QUEUE_DRIVER_CLASS_NAME}#${JMS_DRIVER_CLASS_NAME}#g" \
-e "s#\${XL_CLUSTER_MODE}#${XL_CLUSTER_MODE}#g" \
-e "s#\${XL_DB_URL}#${XL_DB_URL}#g" \
-e "s#\${XL_DB_USERNAME}#${XL_DB_USERNAME}#g" \
-e "s#\${XL_DB_PASSWORD}#${XL_DB_PASSWORD}#g" \
-e "s#\${XL_DB_MAX_POOL_SIZE}#${XL_DB_MAX_POOL_SIZE}#g" \
-e "s#\${XL_REPORT_DB_URL}#${XL_REPORT_DB_URL}#g" \
-e "s#\${XL_REPORT_DB_USERNAME}#${XL_REPORT_DB_USERNAME}#g" \
-e "s#\${XL_REPORT_DB_PASSWORD}#${XL_REPORT_DB_PASSWORD}#g" \
-e "s#\${XL_REPORT_DB_MAX_POOL_SIZE}#${XL_REPORT_DB_MAX_POOL_SIZE}#g" \
-e "s#\${XL_METRICS_ENABLED}#${XL_METRICS_ENABLED}#g" \
-e "s#\${XLD_IN_PROCESS}#${XLD_IN_PROCESS}#g" \
-e "s#\${XLD_TASK_QUEUE_NAME}#${XLD_TASK_QUEUE_NAME}#g" \
-e "s#\${XLD_TASK_QUEUE_IN_PROCESS_MAX_DISK_USAGE}#${XLD_TASK_QUEUE_IN_PROCESS_MAX_DISK_USAGE}#g" \
-e "s#\${XLD_TASK_QUEUE_IN_PROCESS_SHUTDOWN_TIMEOUT}#${XLD_TASK_QUEUE_IN_PROCESS_SHUTDOWN_TIMEOUT}#g" \
-e "s#\${XLD_TASK_QUEUE_DRIVER_CLASS_NAME}#${XLD_TASK_QUEUE_DRIVER_CLASS_NAME}#g" \
-e "s#\${XLD_TASK_QUEUE_URL}#${XLD_TASK_QUEUE_URL}#g" \
-e "s#\${XLD_TASK_QUEUE_USERNAME}#${XLD_TASK_QUEUE_USERNAME}#g" \
-e "s#\${XLD_TASK_QUEUE_PASSWORD}#${XLD_TASK_QUEUE_PASSWORD}#g" \
-e "s#\${HOSTNAME_SUFFIX}#${HOSTNAME_SUFFIX}#g" \
-e "s#\${XL_LICENSE_KIND}#${XL_LICENSE_KIND}#g" \
-e "s#\${GENERATE_XL_CONFIG}#${GENERATE_XL_CONFIG}#g" \
-e "s#\${USE_IP_AS_HOSTNAME}#${USE_IP_AS_HOSTNAME}#g" \
-e "s#\${ENABLE_SATELLITE}#${ENABLE_SATELLITE}#g" \
-e "s#\${CENTRAL_CONFIG_ENCRYPT_KEY}#${CENTRAL_CONFIG_ENCRYPT_KEY}#g" \
-e "s#\${USE_CACHE}#${USE_CACHE}#g" \
-e "s#\${OIDC_CLIENT_ID}#${OIDC_CLIENT_ID}#g" \
-e "s#\${OIDC_CLIENT_SECRET}#${OIDC_CLIENT_SECRET}#g" \
-e "s#\${OIDC_CLIENT_AUTH_JWT_KEYSTORE_PASSWORD}#${OIDC_CLIENT_AUTH_JWT_KEYSTORE_PASSWORD}#g" \
-e "s#\${OIDC_CLIENT_AUTH_JWT_KEY_PASSWORD}#${OIDC_CLIENT_AUTH_JWT_KEY_PASSWORD}#g" \
-e "s#\${OIDC_ACCESS_TOKEN_SECRET_KEY}#${OIDC_ACCESS_TOKEN_SECRET_KEY}#g" \
${APP_HOME}/central-conf/deploy-oidc.yaml.template > ${APP_HOME}/centralConfiguration/deploy-oidc.yaml
fi
{{- end }}
# copy central-conf files
cd ${APP_HOME}/central-conf
echo "... Copying default centralConfiguration from ${APP_HOME}/central-conf"
for f in *; do
if [[ $f == *.template ]]; then
continue
fi
if [ -f ${APP_HOME}/centralConfiguration/$f ]; then
echo "... Not copying $f because it already exists in the centralConfiguration directory"
else
echo "... Copying $f to the centralConfiguration directory"
cp -R $f ${APP_HOME}/centralConfiguration/
fi
done
cd ${APP_HOME}
exec /opt/xebialabs/central-configuration-server/bin/run-in-container.sh $@
## @extra centralConfiguration.configuration.central-conf_deploy-server-yaml-template The configuration file deploy-server.yaml.template
## @param centralConfiguration.configuration.central-conf_deploy-server-yaml-template.path The path to the configuration file deploy-server.yaml.template
## @param centralConfiguration.configuration.central-conf_deploy-server-yaml-template.mode The access mode for the configuration file deploy-server.yaml.template
## @param centralConfiguration.configuration.central-conf_deploy-server-yaml-template.content Content of the configuration file deploy-server.yaml.template
"central-conf_deploy-server-yaml-template":
path: "central-conf/deploy-server.yaml.template"
mode: 0660
content: |
deploy.server:
bind-hostname: 0.0.0.0
bind-port: {{ .Values.master.containerPorts.deployPekko }}
license:
daysBeforeWarning: 10
{{- if .Values.oidc.enabled }}
security:
auth:
provider: "oidc"
{{- end }}
pekko: