forked from janus-idp/helm-backstage
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
118 lines (101 loc) · 4.39 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
global:
# -- Shorthand for users who do not want to specify a custom HOSTNAME. Used ONLY with the DEFAULT upstream.backstage.appConfig value and with OCP Route enabled.
clusterRouterBase: apps.example.com
# -- Custom hostname shorthand, overrides `global.clusterRouterBase`, `upstream.ingress.host`, `route.host`, and url values in `upstream.backstage.appConfig`
host: ""
# -- Upstream Backstage [chart configuration](https://github.com/backstage/charts/blob/main/charts/backstage/values.yaml)
# @default -- Use Openshift compatible settings
upstream:
nameOverride: backstage
backstage:
image:
registry: quay.io
repository: janus-idp/backstage-showcase
tag: latest
command: []
# FIXME (tumido): USE POSTGRES_PASSWORD and POSTGRES_USER instead of POSTGRES_ADMIN_PASSWORD
# This is a hack. In {fedora,rhel}/postgresql images, regular user is forbidden
# from creating DBs in runtime. A single DB can be created ahead of time via
# POSTGRESQL_DATABASE env variable (in this case via
# upstream.postgresql.primary.extraEnvVars value), but this doesn't allow us to
# create multiple DBs. Since Backstage requires by default 5 different DBs, we
# can't accommodate that properly.
appConfig:
app:
# Please update to match host in case you don't want to configure hostname via `global.clusterRouterBase` or `global.host`.
baseUrl: 'https://{{- include "janus-idp.hostname" . }}'
backend:
baseUrl: 'https://{{- include "janus-idp.hostname" . }}'
cors:
origin: 'https://{{- include "janus-idp.hostname" . }}'
database:
connection:
password: ${POSTGRESQL_ADMIN_PASSWORD}
user: postgres
extraEnvVars:
- name: POSTGRESQL_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: "{{ .Release.Name }}-postgresql"
postgresql:
enabled: true
postgresqlDataDir: /var/lib/pgsql/data/userdata
image:
registry: quay.io
repository: fedora/postgresql-15
tag: latest
auth:
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: password
primary:
securityContext:
enabled: false
podSecurityContext:
enabled: false
containerSecurityContext:
enabled: false
persistence:
enabled: true
size: 1Gi
mountPath: /var/lib/pgsql/data
extraEnvVars:
- name: POSTGRESQL_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: postgres-password
name: "{{ .Release.Name }}-postgresql"
ingress:
host: "{{ .Values.global.host }}"
# -- OpenShift Route parameters
route:
# -- Route specific annotations
annotations: {}
# -- Enable the creation of the route resource
enabled: true
# -- Set the host attribute to a custom value. If not set, OpenShift will generate it, please make sure to match your baseUrl
host: "{{ .Values.global.host }}"
# -- Path that the router watches for, to route traffic for to the service.
path: "/"
# -- Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.
wildcardPolicy: None
# -- Route TLS parameters
# <br /> Ref: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html
tls:
# -- Enable TLS configuration for the host defined at `route.host` parameter
enabled: true
# -- Specify TLS termination.
termination: "edge"
# -- Certificate contents
certificate: ""
# -- Key file contents
key: ""
# -- Cert authority certificate contents. Optional
caCertificate: ""
# -- Contents of the ca certificate of the final destination.
# <br /> When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.
destinationCACertificate: ""
# -- Indicates the desired behavior for insecure connections to a route.
# <br /> While each router may make its own decisions on which ports to expose, this is normally port 80. The only valid values are None, Redirect, or empty for disabled.
insecureEdgeTerminationPolicy: "Redirect"