You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
422 lines
16 KiB
422 lines
16 KiB
## @section Common parameters
|
|
##
|
|
|
|
## @param nameOverride Override release name
|
|
##
|
|
nameOverride: ""
|
|
## @param fullnameOverride Override release fullname
|
|
##
|
|
fullnameOverride: ""
|
|
|
|
## @section Infisical frontend parameters
|
|
## Documentation : https://infisical.com/docs/self-hosting/deployments/kubernetes
|
|
##
|
|
|
|
frontend:
|
|
## @param frontend.enabled Enable frontend
|
|
##
|
|
enabled: true
|
|
## @param frontend.name Backend name
|
|
##
|
|
name: frontend
|
|
## @param frontend.fullnameOverride Backend fullnameOverride
|
|
##
|
|
fullnameOverride: ""
|
|
## @param frontend.podAnnotations Backend pod annotations
|
|
##
|
|
podAnnotations: {}
|
|
## @param frontend.deploymentAnnotations Backend deployment annotations
|
|
##
|
|
deploymentAnnotations: {}
|
|
## @param frontend.replicaCount Backend replica count
|
|
##
|
|
replicaCount: 2
|
|
## Backend image parameters
|
|
##
|
|
image:
|
|
## @param frontend.image.repository Backend image repository
|
|
##
|
|
repository: infisical/frontend
|
|
## @param frontend.image.tag Backend image tag
|
|
##
|
|
tag: "latest"
|
|
## @param frontend.image.pullPolicy Backend image pullPolicy
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## @param frontend.kubeSecretRef Backend secret resource reference name (containing required [frontend configuration variables](https://infisical.com/docs/self-hosting/configuration/envars))
|
|
##
|
|
kubeSecretRef: ""
|
|
## Frontend service
|
|
##
|
|
service:
|
|
## @param frontend.service.annotations Backend service annotations
|
|
##
|
|
annotations: {}
|
|
## @param frontend.service.type Backend service type
|
|
##
|
|
type: ClusterIP
|
|
## @param frontend.service.nodePort Backend service nodePort (used if above type is `NodePort`)
|
|
##
|
|
nodePort: ""
|
|
|
|
## Frontend variables configuration
|
|
## Documentation : https://infisical.com/docs/self-hosting/configuration/envars
|
|
##
|
|
frontendEnvironmentVariables:
|
|
## @param frontendEnvironmentVariables.SITE_URL Absolute URL including the protocol (e.g. https://app.infisical.com)
|
|
##
|
|
SITE_URL: infisical.local
|
|
|
|
## @section Infisical backend parameters
|
|
## Documentation : https://infisical.com/docs/self-hosting/deployments/kubernetes
|
|
##
|
|
|
|
backend:
|
|
## @param backend.enabled Enable backend
|
|
##
|
|
enabled: true
|
|
## @param backend.name Backend name
|
|
##
|
|
name: backend
|
|
## @param backend.fullnameOverride Backend fullnameOverride
|
|
##
|
|
fullnameOverride: ""
|
|
## @param backend.podAnnotations Backend pod annotations
|
|
##
|
|
podAnnotations: {}
|
|
## @param backend.deploymentAnnotations Backend deployment annotations
|
|
##
|
|
deploymentAnnotations: {}
|
|
## @param backend.replicaCount Backend replica count
|
|
##
|
|
replicaCount: 2
|
|
## Backend image parameters
|
|
##
|
|
image:
|
|
## @param backend.image.repository Backend image repository
|
|
##
|
|
repository: infisical/backend
|
|
## @param backend.image.tag Backend image tag
|
|
##
|
|
tag: "latest"
|
|
## @param backend.image.pullPolicy Backend image pullPolicy
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## @param backend.kubeSecretRef Backend secret resource reference name (containing required [backend configuration variables](https://infisical.com/docs/self-hosting/configuration/envars))
|
|
##
|
|
kubeSecretRef: ""
|
|
## Backend service
|
|
##
|
|
service:
|
|
## @param backend.service.annotations Backend service annotations
|
|
##
|
|
annotations: {}
|
|
## @param backend.service.type Backend service type
|
|
##
|
|
type: ClusterIP
|
|
## @param backend.service.nodePort Backend service nodePort (used if above type is `NodePort`)
|
|
##
|
|
nodePort: ""
|
|
|
|
## Backend variables configuration
|
|
## Documentation : https://infisical.com/docs/self-hosting/configuration/envars
|
|
##
|
|
backendEnvironmentVariables:
|
|
## @param backendEnvironmentVariables.ENCRYPTION_KEY **Required** Backend encryption key (128-bit hex value, 32-characters hex, [example](https://stackoverflow.com/a/34329057))</br><kbd>auto-generated</kbd> variable (if not provided, and not found in an existing secret)
|
|
## Command to generate the required value (linux) : 'hexdump -vn16 -e'4/4 "%08X" 1 "\n"' /dev/urandom', 'openssl rand -hex 16'
|
|
##
|
|
ENCRYPTION_KEY: ""
|
|
## @param backendEnvironmentVariables.JWT_SIGNUP_SECRET **Required** Secrets to sign JWT tokens (128-bit hex value, 32-characters hex, [example](https://stackoverflow.com/a/34329057))</br><kbd>auto-generated</kbd> variable (if not provided, and not found in an existing secret)
|
|
## @param backendEnvironmentVariables.JWT_REFRESH_SECRET **Required** Secrets to sign JWT tokens (128-bit hex value, 32-characters hex, [example](https://stackoverflow.com/a/34329057))</br><kbd>auto-generated</kbd> variable (if not provided, and not found in an existing secret)
|
|
## @param backendEnvironmentVariables.JWT_AUTH_SECRET **Required** Secrets to sign JWT tokens (128-bit hex value, 32-characters hex, [example](https://stackoverflow.com/a/34329057))</br><kbd>auto-generated</kbd> variable (if not provided, and not found in an existing secret)
|
|
## @param backendEnvironmentVariables.JWT_SERVICE_SECRET **Required** Secrets to sign JWT tokens (128-bit hex value, 32-characters hex, [example](https://stackoverflow.com/a/34329057))</br><kbd>auto-generated</kbd> variable (if not provided, and not found in an existing secret)
|
|
## @param backendEnvironmentVariables.JWT_MFA_SECRET **Required** Secrets to sign JWT tokens (128-bit hex value, 32-characters hex, [example](https://stackoverflow.com/a/34329057))</br><kbd>auto-generated</kbd> variable (if not provided, and not found in an existing secret)
|
|
## @param backendEnvironmentVariables.JWT_PROVIDER_AUTH_SECRET **Required** Secrets to sign JWT OAuth tokens (128-bit hex value, 32-characters hex, [example](https://stackoverflow.com/a/34329057))</br><kbd>auto-generated</kbd> variable (if not provided, and not found in an existing secret)
|
|
## Command to generate the required value (linux) : 'hexdump -vn16 -e'4/4 "%08X" 1 "\n"' /dev/urandom', 'openssl rand -hex 16'
|
|
##
|
|
JWT_SIGNUP_SECRET: ""
|
|
JWT_REFRESH_SECRET: ""
|
|
JWT_AUTH_SECRET: ""
|
|
JWT_SERVICE_SECRET: ""
|
|
JWT_MFA_SECRET: ""
|
|
JWT_PROVIDER_AUTH_SECRET: ""
|
|
## @param backendEnvironmentVariables.SMTP_HOST **Required** Hostname to connect to for establishing SMTP connections
|
|
## @param backendEnvironmentVariables.SMTP_PORT Port to connect to for establishing SMTP connections
|
|
## @param backendEnvironmentVariables.SMTP_SECURE If true, use TLS when connecting to host. If false, TLS will be used if STARTTLS is supported
|
|
## @param backendEnvironmentVariables.SMTP_FROM_NAME Name label to be used in From field (e.g. Infisical)
|
|
## @param backendEnvironmentVariables.SMTP_FROM_ADDRESS **Required** Email address to be used for sending emails (e.g. dev@infisical.com)
|
|
## @param backendEnvironmentVariables.SMTP_USERNAME **Required** Credential to connect to host (e.g. team@infisical.com)
|
|
## @param backendEnvironmentVariables.SMTP_PASSWORD **Required** Credential to connect to host
|
|
##
|
|
SMTP_HOST: ""
|
|
SMTP_PORT: 587
|
|
SMTP_SECURE: false
|
|
SMTP_FROM_NAME: Infisical
|
|
SMTP_FROM_ADDRESS: ""
|
|
SMTP_USERNAME: ""
|
|
SMTP_PASSWORD: ""
|
|
## @param backendEnvironmentVariables.SITE_URL Absolute URL including the protocol (e.g. https://app.infisical.com)
|
|
##
|
|
SITE_URL: infisical.local
|
|
## @param backendEnvironmentVariables.INVITE_ONLY_SIGNUP To disable account creation from the login page (invites only)
|
|
##
|
|
INVITE_ONLY_SIGNUP: false
|
|
## @param backendEnvironmentVariables.MONGO_URL MongoDB connection string (external or internal)</br>Leave it empty for auto-generated connection string
|
|
## By default the backend will automatically be connected to a Mongo instance within the cluster
|
|
## However, it is recommended to add a managed document DB connection string for production-use (DBaaS)
|
|
## Learn about connection string type here https://www.mongodb.com/docs/manual/reference/connection-string/
|
|
## e.g. "mongodb://<user>:<pass>@<host>:<port>/<database-name>"
|
|
##
|
|
MONGO_URL: ""
|
|
|
|
## @section MongoDB(®) parameters
|
|
## Documentation : https://github.com/bitnami/charts/blob/main/bitnami/mongodb/values.yaml
|
|
##
|
|
|
|
mongodb:
|
|
## @param mongodb.enabled Enable MongoDB(®)
|
|
##
|
|
enabled: true
|
|
## @param mongodb.name Name used to build variables (deprecated)
|
|
##
|
|
name: "mongodb"
|
|
## @param mongodb.fullnameOverride Fullname override
|
|
##
|
|
fullnameOverride: "mongodb"
|
|
## @param mongodb.nameOverride Name override
|
|
##
|
|
nameOverride: "mongodb"
|
|
## @param mongodb.podAnnotations Pod annotations
|
|
##
|
|
podAnnotations: {}
|
|
## @param mongodb.useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture: standalone`)
|
|
##
|
|
useStatefulSet: true
|
|
## @param mongodb.architecture MongoDB(®) architecture (`standalone` or `replicaset`)
|
|
##
|
|
architecture: "standalone"
|
|
## Bitnami MongoDB(®) image
|
|
## ref: https://hub.docker.com/r/bitnami/mongodb/tags/
|
|
## @param mongodb.image.repository MongoDB(®) image registry
|
|
## @param mongodb.image.tag MongoDB(®) image tag (immutable tags are recommended)
|
|
## @param mongodb.image.pullPolicy MongoDB(®) image pull policy
|
|
##
|
|
image:
|
|
repository: bitnami/mongodb
|
|
pullPolicy: IfNotPresent
|
|
tag: "6.0.4-debian-11-r0"
|
|
## Bitnami MongoDB(®) pods' liveness probe
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
## @param mongodb.livenessProbe.enabled Enable livenessProbe
|
|
## @param mongodb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param mongodb.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param mongodb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param mongodb.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param mongodb.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 20
|
|
timeoutSeconds: 10
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
## Bitnami MongoDB(®) pods' readiness probe. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
## @param mongodb.readinessProbe.enabled Enable readinessProbe
|
|
## @param mongodb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param mongodb.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param mongodb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param mongodb.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param mongodb.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
timeoutSeconds: 10
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
## @param mongodb.service.annotations Service annotations
|
|
##
|
|
service:
|
|
annotations: {}
|
|
## Infisical MongoDB custom authentication
|
|
##
|
|
auth:
|
|
## @param mongodb.auth.enabled Enable custom authentication
|
|
##
|
|
enabled: true
|
|
## @param mongodb.auth.usernames Custom usernames list ([special characters warning](https://www.mongodb.com/docs/manual/reference/connection-string/#standard-connection-string-format))
|
|
##
|
|
usernames:
|
|
- "infisical"
|
|
## @param mongodb.auth.passwords Custom passwords list, match the above usernames order ([special characters warning](https://www.mongodb.com/docs/manual/reference/connection-string/#standard-connection-string-format))
|
|
##
|
|
passwords:
|
|
- "infisical"
|
|
## @param mongodb.auth.databases Custom databases list ([special characters warning](https://www.mongodb.com/docs/manual/reference/connection-string/#standard-connection-string-format))
|
|
##
|
|
databases:
|
|
- "infisical"
|
|
## @param mongodb.auth.rootUser Database root user name
|
|
##
|
|
rootUser: root
|
|
## @param mongodb.auth.rootPassword Database root user password
|
|
##
|
|
rootPassword: root
|
|
## MongoDB persistence configuration
|
|
##
|
|
persistence:
|
|
## @param mongodb.persistence.enabled Enable database persistence
|
|
##
|
|
enabled: true
|
|
## @param mongodb.persistence.existingClaim Existing persistent volume claim name
|
|
##
|
|
existingClaim: ""
|
|
## @param mongodb.persistence.resourcePolicy Keep the persistent volume even on deletion (`keep` or `""`)
|
|
##
|
|
resourcePolicy: "keep"
|
|
## @param mongodb.persistence.accessModes Persistent volume access modes
|
|
##
|
|
accessModes: ["ReadWriteOnce"]
|
|
## @param mongodb.persistence.size Persistent storage request size
|
|
##
|
|
size: 8Gi
|
|
|
|
## @param mongodbConnection.externalMongoDBConnectionString Deprecated :warning: External MongoDB connection string</br>Use backendEnvironmentVariables.MONGO_URL instead
|
|
## By default the backend will be connected to a Mongo instance within the cluster
|
|
## However, it is recommended to add a managed document DB connection string for production-use (DBaaS)
|
|
## Learn about connection string type here https://www.mongodb.com/docs/manual/reference/connection-string/
|
|
## e.g. "mongodb://<user>:<pass>@<host>:<port>/<database-name>"
|
|
##
|
|
mongodbConnection:
|
|
externalMongoDBConnectionString: ""
|
|
|
|
## @section Ingress parameters
|
|
##
|
|
|
|
ingress:
|
|
## @param ingress.enabled Enable ingress
|
|
##
|
|
enabled: true
|
|
## @param ingress.ingressClassName Ingress class name
|
|
##
|
|
ingressClassName: nginx
|
|
## @param ingress.nginx.enabled Ingress controller
|
|
##
|
|
nginx:
|
|
enabled: false
|
|
## @param ingress.annotations Ingress annotations
|
|
##
|
|
annotations:
|
|
{}
|
|
# kubernetes.io/ingress.class: "nginx"
|
|
# cert-manager.io/issuer: letsencrypt-nginx
|
|
## @param ingress.hostName Ingress hostname (your custom domain name, e.g. `infisical.example.org`)
|
|
## Replace with your own domain
|
|
##
|
|
hostName: ""
|
|
## @skip ingress.frontend
|
|
##
|
|
frontend:
|
|
path: /
|
|
pathType: Prefix
|
|
## @skip ingress.backend
|
|
##
|
|
backend:
|
|
path: /api
|
|
pathType: Prefix
|
|
## @param ingress.tls Ingress TLS hosts (matching above hostName)
|
|
## Replace with your own domain
|
|
##
|
|
tls:
|
|
[]
|
|
# - secretName: letsencrypt-nginx
|
|
# hosts:
|
|
# - infisical.local
|
|
|
|
## @section Mailhog parameters
|
|
## Documentation : https://github.com/codecentric/helm-charts/blob/master/charts/mailhog/values.yaml
|
|
##
|
|
|
|
mailhog:
|
|
## @param mailhog.enabled Enable Mailhog
|
|
##
|
|
enabled: false
|
|
## @param mailhog.fullnameOverride Fullname override
|
|
##
|
|
fullnameOverride: "mailhog"
|
|
## @param mailhog.nameOverride Name override
|
|
##
|
|
nameOverride: ""
|
|
## @param mailhog.image.repository Image repository
|
|
## Why we use this version : https://github.com/mailhog/MailHog/issues/353#issuecomment-821137362
|
|
## @param mailhog.image.tag Image tag
|
|
## @param mailhog.image.pullPolicy Image pull policy
|
|
##
|
|
image:
|
|
repository: lytrax/mailhog
|
|
tag: "latest"
|
|
pullPolicy: IfNotPresent
|
|
|
|
containerPort:
|
|
## @param mailhog.containerPort.http.port Mailhog HTTP port (Web UI)
|
|
## @skip mailhog.containerPort.http.name
|
|
##
|
|
http:
|
|
name: http
|
|
port: 8025
|
|
## @param mailhog.containerPort.smtp.port Mailhog SMTP port (Mail)
|
|
## @skip mailhog.containerPort.smtp.name
|
|
##
|
|
smtp:
|
|
name: tcp-smtp
|
|
port: 1025
|
|
## @skip mailhog.service
|
|
##
|
|
service:
|
|
annotations: {}
|
|
extraPorts: []
|
|
clusterIP: ""
|
|
externalIPs: []
|
|
loadBalancerIP: ""
|
|
loadBalancerSourceRanges: []
|
|
type: ClusterIP
|
|
# Named target ports are not supported by GCE health checks, so when deploying on GKE
|
|
# and exposing it via GCE ingress, the health checks fail and the load balancer returns a 502.
|
|
namedTargetPort: true
|
|
port:
|
|
http: 8025
|
|
smtp: 1025
|
|
nodePort:
|
|
http: ""
|
|
smtp: ""
|
|
## Mailhog ingress
|
|
##
|
|
ingress:
|
|
## @param mailhog.ingress.enabled Enable ingress
|
|
##
|
|
enabled: true
|
|
## @param mailhog.ingress.ingressClassName Ingress class name
|
|
##
|
|
ingressClassName: nginx
|
|
## @param mailhog.ingress.annotations Ingress annotations
|
|
##
|
|
annotations:
|
|
{}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
## @param mailhog.ingress.labels Ingress labels
|
|
##
|
|
labels: {}
|
|
hosts:
|
|
## @param mailhog.ingress.hosts[0].host Mailhog host
|
|
##
|
|
- host: mailhog.infisical.local
|
|
## @skip mailhog.ingress.hosts[0].paths
|
|
##
|
|
paths:
|
|
- path: "/"
|
|
pathType: Prefix
|