This repository has been archived by the owner on Feb 12, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathvalues.yaml
216 lines (197 loc) · 6.81 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
---
## Set default image, imageTag, and imagePullPolicy.
## ref: https://hub.docker.com/_/postgres
##
image:
repository: postgres
tag: "11.5"
pullPolicy: IfNotPresent
## Optionally specify an imagePullSecret.
## Secret must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecret: myRegistrKeySecretName
## Expose the nifi service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
type: ClusterIP
annotations: {}
## clusterIP:
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
# loadBalancerIP:
## Load Balancer sources
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
# loadBalancerSourceRanges:
# - 10.10.10.0/24
## Postgresql values
postgresql:
username: postgres
password: postgres
database: postgres
port: 5432
# initdbArgs
# initdbWalDir
dataDir: /var/lib/postgresql/data/pgdata
# extraEnv
## PostgreSQL configuration
## Specify runtime configuration parameters as a dict, using camelCase, e.g.
## {"sharedBuffers": "500MB"}
## Alternatively, you can put your postgresql.conf under the configs/ directory
## ref: https://www.postgresql.org/docs/current/static/runtime-config.html
##
# config:
## PostgreSQL client authentication configuration
## Specify content for pg_hba.conf
## Default: do not create pg_hba.conf
## Alternatively, you can put your pg_hba.conf under the files/ directory
# pghba: |-
# local all all trust
# host all all localhost trust
# host mydatabase mysuser 192.168.0.0/24 md5
#initdbscripts: |-
#!/bin/sh
#echo "helloworld"
## ConfigMap with PostgreSQL configuration
## NOTE: This will override postgresql.config and postgresql.pghba
# configMap:
##
## Init containers parameters:
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
##
volumePermissions:
enabled: true
image:
registry: docker.io
repository: debian
tag: buster-slim
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Init container Security Context
securityContext:
runAsUser: 0
## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
enabled: true
fsGroup: 1001
runAsUser: 1001
ldap:
enabled: false
pgldapconfig: |-
# Reference: https://github.com/larskanis/pg-ldap-sync/blob/master/config/sample-config.yaml
# Connection parameters to LDAP server
ldap_connection:
host: example.com
port: 389
auth:
method: :simple
username: cn=admin,dc=example,dc=com
password: -password-goes-here-
# Search parameters for LDAP users which should be synchronized
ldap_users:
base: OU=People,dc=example,dc=com
# LDAP filter (according to RFC 2254)
# defines to users in LDAP to be synchronized
filter: (&(objectClass=person)(objectClass=organizationalPerson)(givenName=*)(sn=*))
# this attribute is used as PG role name
name_attribute: sAMAccountName
# lowercase name for use as PG role name
lowercase_name: true
ldap_groups:
base: OU=people,dc=example,dc=com
filter: (|(cn=group1)(cn=group2)(cn=group3))
# this attribute is used as PG role name
name_attribute: cn
# this attribute must reference to all member DN's of the given group
member_attribute: member
# Connection parameters to PostgreSQL server
# see also: http://rubydoc.info/gems/pg/PG/Connection#initialize-instance_method
pg_connection:
host:
dbname: postgres # the db name is usually "postgres"
user: postgres # the user name is usually "postgres"
password: postgres # kubectl get secret --namespace fadi <pod_name> -o jsonpath="{.data.postgresql-password}" | base64 --decode
pg_users:
# Filter for identifying LDAP generated users in the database.
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
filter: rolcanlogin AND NOT rolsuper
# Options for CREATE RULE statements
create_options: LOGIN
pg_groups:
# Filter for identifying LDAP generated groups in the database.
# It's the WHERE-condition to "SELECT rolname, oid FROM pg_roles"
filter: NOT rolcanlogin AND NOT rolsuper
# Options for CREATE RULE statements
create_options: NOLOGIN
grant_options:
cron:
schedule: "*/1 * * * *"
repo: ceticasbl/pg-ldap-sync
tag: latest
restartPolicy: Never
mountPath: /workspace
subPath: ""
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
enabled: true
mountPath: /var/lib/postgresql
subPath: ""
accessModes: [ReadWriteOnce]
## Storage Capacity for persistent volume
size: 10Gi
annotations: {}
## Configure liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
#readinessProbe:
# httpGet:
# path: /
# port: http
# initialDelaySeconds: 60
# periodSeconds: 15
# timeoutSeconds: 10
#livenessProbe:
# httpGet:
# path: /
# port: http
# initialDelaySeconds: 60
# periodSeconds: 30
# timeoutSeconds: 10
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
## initdb scripts
## Specify dictionary of scripts to be run at first boot
## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory
##
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
#priorityClassName: "high-priority"