diff --git a/README.md b/README.md index b6b63f3..8fa4207 100644 --- a/README.md +++ b/README.md @@ -382,44 +382,69 @@ Credential References should contain one or more key/value pairs where each key helm install ... --set credentialReferences.MY_GITHUB_TOKEN= ``` -| Name | Description | Value | -| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `brokerClientUrl` | is the address of the broker. This needs to be the address of itself. In the case of Kubernetes, you need to ensure that you are pointing to the cluster ingress you have setup. | `""` | -| `region` | Optionally specify a Snyk Region - e.g. "eu" for "SNYK-EU-01". Defaults to "SNYK-US-01", app.snyk.io | `""` | -| `deploymentId` | Obtained by installing the Broker App | `""` | -| `clientId` | Obtained by installing the Broker App | `""` | -| `clientSecret` | Obtained by installing the Broker App | `""` | -| `platformAuthSecret.name` | Optionally provide an external secret containing three keys: `DEPLOYMENT_ID`, `CLIENT_ID` and `CLIENT_SECRET` | `""` | -| `credentialReferences` | Credential References to pass to Broker | `{}` | -| `credentialReferencesSecret.name` | Optionally provide a pre-existing secret with SCM credential reference data | `""` | -| `acceptCode` | Set to false to block Broker rules relating to Snyk Code analysis | `true` | -| `acceptAppRisk` | Set to false to block Broker rules relating to AppRisk | `true` | -| `acceptIaC` | Defaults to "tf,yaml,yml,json,tpl". Optionally remove any extensions not required. Must be comma separated. Set to "" to block Broker rules relating to Snyk IaC analysis | `""` | -| `acceptCustomPrTemplates` | Set to false to block Broker rules relating to Snyk Custom PR Templates | `true` | -| `acceptLargeManifests` | Set to false to block Broker rules relating to fetching of large files from GitHub/GitHub Enterprise | `true` | -| `commitSigning.enabled` | Set to true to sign any commits made to GitHub or GitHub Enterprise. Requires `name`, `email`, `passphrase`, `privateKey` _or_ `commitSigningSecret` | `false` | -| `commitSigning.name` | The name to associate with any signed commits | `""` | -| `commitSigning.email` | The email to associate with any signed commits | `""` | -| `commitSigning.gpgPrivateKey` | The GPG private key to sign commits with (ASCII armored version) | `""` | -| `commitSigning.passphrase` | The passphrase for the GPG key | `""` | -| `commitSigningSecret` | An external secret containing `GIT_COMMITTER_NAME`, `GIT_COMMITTER_EMAIL`, `GPG_PASSPHRASE` and `GPG_PRIVATE_KEY` | `""` | +| Name | Description | Value | +| ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `brokerClientUrl` | is the address of the broker. This needs to be the address of itself. In the case of Kubernetes, you need to ensure that you are pointing to the cluster ingress you have setup. | `""` | +| `region` | Optionally specify a Snyk Region - e.g. "eu" for "SNYK-EU-01". Defaults to "SNYK-US-01", app.snyk.io | `""` | +| `deploymentId` | Obtained by installing the Broker App | `""` | +| `clientId` | Obtained by installing the Broker App | `""` | +| `clientSecret` | Obtained by installing the Broker App | `""` | +| `platformAuthSecret.name` | Optionally provide an external secret containing three keys: `DEPLOYMENT_ID`, `CLIENT_ID` and `CLIENT_SECRET` | `""` | +| `credentialReferences` | Credential References to pass to Broker | `{}` | +| `credentialReferencesSecret.name` | Optionally provide a pre-existing secret with SCM credential reference data | `""` | +| `acceptCode` | Set to false to block Broker rules relating to Snyk Code analysis | `true` | +| `acceptAppRisk` | Set to false to block Broker rules relating to AppRisk | `true` | +| `acceptIaC` | Defaults to "tf,yaml,yml,json,tpl". Optionally remove any extensions not required. Must be comma separated. Set to "" to block Broker rules relating to Snyk IaC analysis | `""` | +| `acceptCustomPrTemplates` | Set to false to block Broker rules relating to Snyk Custom PR Templates | `true` | +| `acceptLargeManifests` | Set to false to block Broker rules relating to fetching of large files from GitHub/GitHub Enterprise | `true` | +| `insecureDownstream` | Set to true to communicate with _all_ downstream integrations via http. Not recommended, as traffic will no longer be encrypted | `false` | +| `highAvailabilityMode.enabled` | snyk [default: true] Set to false to disable High Availability Mode for Broker | `true` | +| `highAvailabilityMode.replicaCount` | Number of Broker pods when running in HA mode (min 2, max 4) | `2` | -### Networking Parameters +### Logging + +| Name | Description | Value | +| ------------ | ---------------------------------------------------------------------------------- | ------- | +| `logLevel` | Set the Log Level for Universal Broker. Can be set to "debug" for more information | `info` | +| `logVerbose` | Enable to log request headers. Takes effect if log level is "info" | `false` | -| Name | Description | Value | -| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | ----------- | -| `insecureDownstream` | Set to true to communicate with _all_ downstream integrations via http. Not recommended, as traffic will no longer be encrypted | `false` | -| `containerPort` | The port the Broker container will expose | `8000` | -| `hostAliases` | Add host aliases to the Broker pod if required | `[]` | -| `service.type` | Set the included Service type | `ClusterIP` | -| `service.port` | Set the port the Service will expose | `8000` | -| `service.nodePort` | Optionally specify a nodePort (only takes effect if service.type=NodePort) | `nil` | -| `service.clusterIP` | Optionally specify an IP address (only takes effect if service.type=ClusterIP) | `nil` | -| `service.loadBalancerIP` | Optionally specify an IP address (only takes effect if service.type=LoadBalancer) | `nil` | -| `service.loadBalancerSourceRanges` | Specify an array of CIDR blocks to permit traffic from (only takes effect if service.type=LoadBalancer) | `[]` | -| `service.externalTrafficPolicy` | Set the externalTrafficPolicy of the service (only takes effect if service.type=LoadBalancer) | `Cluster` | -| `service.extraPorts` | Add extra ports to the Service | `[]` | -| `service.tls` | Enable TLS at the Service level | `[]` | +### Serving over HTTPS and Certificate Trust + +| Name | Description | Value | +| ---------------------------- | ---------------------------------------------------------------------------------------------- | --------------------- | +| `caCert` | Set caCert to read certificate content from the values.yaml file as a multiline string: | `""` | +| `caCertMount.path` | the path to mount a certificate bundle to | `"/home/node/cacert"` | +| `caCertMount.name` | the filename to write a certificate bundle to | `"cacert"` | +| `caCertSecret.name` | set to read a CA cert from an external secret | `""` | +| `caCertSecret.caCertKey` | set to read the ca cert from a different key | `ca.pem` | +| `disableAllCertificateTrust` | Set to `true` to disable trust of **all** certificates, including any provided CAs | `false` | +| `localWebServer.https` | enables Broker client to run a HTTPS server instead of the default HTTP server | `false` | +| `localWebServer.certificate` | Provide HTTPS cert | `""` | +| `localWebServer.key` | Provides HTTPS cert key | `""` | +| `localWebServerSecret.name` | the name of the secret to create or (if cert and key are empty) the existing TLS secret to use | `""` | + +### Proxy Configuration + +| Name | Description | Value | +| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----- | +| `httpProxy` | Set to proxy any http-only traffic. You probably need to use HTTPS proxy setting and leave this blank | `""` | +| `httpsProxy` | HTTPS Proxy URL. Optionally provide user/password auth in the url (http(s)://[username]:[password]@my.proxy:[port]). No other authentication schemes are supported | `""` | +| `noProxy` | A comma-separated list of hostnames that must not transit a proxy. Do not include protocol or port numbers | `""` | +| `proxySecret.name` | The name of a pre-existing secret containing up to three entries. If set, supersedes `.Values.httpProxy`, `.Values.httpsProxy` and `.Values.noProxy` | `""` | +| `proxySecret.httpProxyKey` | Specify the key within the pre-existing secret containing the value for HTTP_PROXY. If left empty, no value is set | `""` | +| `proxySecret.httpsProxyKey` | Specify the key within the pre-existing secret containing the value for HTTPS_PROXY. If left empty, no value is set | `""` | +| `proxySecret.noProxyKey` | Specify the key within the pre-existing secret containing the value for NO_PROXY. If left empty, no value is set | `""` | + +### Commit Signing + +| Name | Description | Value | +| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `commitSigning.enabled` | Set to true to sign any commits made to GitHub or GitHub Enterprise. Requires `name`, `email`, `passphrase`, `privateKey` _or_ `commitSigningSecret` | `false` | +| `commitSigning.name` | The name to associate with any signed commits | `""` | +| `commitSigning.email` | The email to associate with any signed commits | `""` | +| `commitSigning.gpgPrivateKey` | The GPG private key to sign commits with (ASCII armored version) | `""` | +| `commitSigning.passphrase` | The passphrase for the GPG key | `""` | +| `commitSigningSecret` | An external secret containing `GIT_COMMITTER_NAME`, `GIT_COMMITTER_EMAIL`, `GPG_PASSPHRASE` and `GPG_PRIVATE_KEY` | `""` | ### Broker Ingress @@ -439,18 +464,32 @@ helm install ... --set credentialReferences.MY_GITHUB_TOKEN= | `ingress.tls.enabled` | Set to true to enable TLS on the in-built ingress | `false` | | `ingress.tls.existingSecret` | Specify an existing TLS secret to use with this ingress | `""` | +### Networking Parameters + +| Name | Description | Value | +| ---------------------------------- | ------------------------------------------------------------------------------------------------------- | ----------- | +| `containerPort` | The port the Broker container will expose | `8000` | +| `hostAliases` | Add host aliases to the Broker pod if required | `[]` | +| `service.type` | Set the included Service type | `ClusterIP` | +| `service.port` | Set the port the Service will expose | `8000` | +| `service.nodePort` | Optionally specify a nodePort (only takes effect if service.type=NodePort) | `nil` | +| `service.clusterIP` | Optionally specify an IP address (only takes effect if service.type=ClusterIP) | `nil` | +| `service.loadBalancerIP` | Optionally specify an IP address (only takes effect if service.type=LoadBalancer) | `nil` | +| `service.loadBalancerSourceRanges` | Specify an array of CIDR blocks to permit traffic from (only takes effect if service.type=LoadBalancer) | `[]` | +| `service.externalTrafficPolicy` | Set the externalTrafficPolicy of the service (only takes effect if service.type=LoadBalancer) | `Cluster` | +| `service.extraPorts` | Add extra ports to the Service | `[]` | +| `service.tls` | Enable TLS at the Service level | `[]` | + ### Runtime -| Name | Description | Value | -| ----------------------------------- | ------------------------------------------------------------------------------ | -------- | -| `runtimeClassName` | Optionally specify a runtimeClassName for Broker to target | `""` | -| `priorityClassName` | Optionally specify a priorityClassName for Broker to target | `""` | -| `resources.requests.cpu` | Set CPU requests | `1` | -| `resources.requests.memory` | Set memory requests | `512Mi` | -| `resources.limits.cpu` | Set CPU limits | `2` | -| `resources.limits.memory` | Set memory limits | `1024Mi` | -| `highAvailabilityMode.enabled` | snyk [default: true] Set to false to disable High Availability Mode for Broker | `true` | -| `highAvailabilityMode.replicaCount` | Number of Broker pods when running in HA mode (min 2, max 4) | `2` | +| Name | Description | Value | +| --------------------------- | ----------------------------------------------------------- | -------- | +| `runtimeClassName` | Optionally specify a runtimeClassName for Broker to target | `""` | +| `priorityClassName` | Optionally specify a priorityClassName for Broker to target | `""` | +| `resources.requests.cpu` | Set CPU requests | `1` | +| `resources.requests.memory` | Set memory requests | `512Mi` | +| `resources.limits.cpu` | Set CPU limits | `2` | +| `resources.limits.memory` | Set memory limits | `1024Mi` | ### Metadata @@ -472,7 +511,7 @@ helm install ... --set credentialReferences.MY_GITHUB_TOKEN= | `livenessProbe.config.initialDelaySeconds` | Initial delay in seconds | `3` | | `livenessProbe.config.periodSeconds` | Seconds between probes | `10` | | `livenessProbe.config.timeoutSeconds` | Elapsed second(s) for timeout | `1` | -| `livenessProbe.config.failureThreshold` | Number of consecutive probe failures to mark as unhealty | `3` | +| `livenessProbe.config.failureThreshold` | Number of consecutive probe failures to mark as unhealthy | `3` | | `readinessProbe.enabled` | Enable readinessProbe | `true` | | `readinessProbe.path` | Path for the readinessProbe | `/healthcheck` | | `readinessProbe.config.initialDelaySeconds` | Initial delay in seconds | `3` | @@ -480,40 +519,6 @@ helm install ... --set credentialReferences.MY_GITHUB_TOKEN= | `readinessProbe.config.timeoutSeconds` | Elapsed second(s) for timeout | `1` | | `readinessProbe.config.failureThreshold` | Number of consecutive probe failures to mark as not ready | `3` | -### Logging - -| Name | Description | Value | -| ------------ | ---------------------------------------------------------------------------------- | ------- | -| `logLevel` | Set the Log Level for Universal Broker. Can be set to "debug" for more information | `info` | -| `logVerbose` | Enable to log request headers. Takes effect if log level is "info" | `false` | - -### Serving over HTTPS and Certificate Trust - -| Name | Description | Value | -| ---------------------------- | ---------------------------------------------------------------------------------------------- | --------------------- | -| `localWebServer.https` | enables Broker client to run a HTTPS server instead of the default HTTP server | `false` | -| `localWebServer.certificate` | Provide HTTPS cert | `""` | -| `localWebServer.key` | Provides HTTPS cert key | `""` | -| `localWebServerSecret.name` | the name of the secret to create or (if cert and key are empty) the existing TLS secret to use | `""` | -| `caCert` | Set caCert to read certificate content from the values.yaml file as a multiline string: | `""` | -| `caCertMount.path` | the path to mount a certificate bundle to | `"/home/node/cacert"` | -| `caCertMount.name` | the filename to write a certificate bundle to | `"cacert"` | -| `caCertSecret.name` | set to read a CA cert from an external secret | `""` | -| `caCertSecret.caCertKey` | set to read the ca cert from a different key | `ca.pem` | -| `disableAllCertificateTrust` | Set to `true` to disable trust of **all** certificates, including any provided CAs | `false` | - -### Proxy Configuration - -| Name | Description | Value | -| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----- | -| `httpProxy` | Set to proxy any http-only traffic. You probably need to use HTTPS proxy setting and leave this blank | `""` | -| `httpsProxy` | HTTPS Proxy URL. Optionally provide user/password auth in the url (http(s)://[username]:[password]@my.proxy:[port]). No other authentication schemes are supported | `""` | -| `noProxy` | A comma-separated list of hostnames that must not transit a proxy. Do not include protocol or port numbers | `""` | -| `proxySecret.name` | The name of a pre-existing secret containing up to three entries. If set, supersedes `.Values.httpProxy`, `.Values.httpsProxy` and `.Values.noProxy` | `""` | -| `proxySecret.httpProxyKey` | Specify the key within the pre-existing secret containing the value for HTTP_PROXY. If left empty, no value is set | `""` | -| `proxySecret.httpsProxyKey` | Specify the key within the pre-existing secret containing the value for HTTPS_PROXY. If left empty, no value is set | `""` | -| `proxySecret.noProxyKey` | Specify the key within the pre-existing secret containing the value for NO_PROXY. If left empty, no value is set | `""` | - ### Image Registry | Name | Description | Value | diff --git a/snyk-universal-broker/values.yaml b/snyk-universal-broker/values.yaml index 8d0f59e..8aa6744 100644 --- a/snyk-universal-broker/values.yaml +++ b/snyk-universal-broker/values.yaml @@ -57,6 +57,86 @@ acceptIaC: "tf,yaml,yml,json,tpl" acceptCustomPrTemplates: true acceptLargeManifests: true +## @param insecureDownstream [default: false] Set to true to communicate with _all_ downstream integrations via http. Not recommended, as traffic will no longer be encrypted +insecureDownstream: false + +## @param highAvailabilityMode.enabled snyk [default: true] Set to false to disable High Availability Mode for Broker +## @param highAvailabilityMode.replicaCount [default: 2] Number of Broker pods when running in HA mode (min 2, max 4) + +highAvailabilityMode: + enabled: true + replicaCount: 2 + +## @section Logging +## @param logLevel Set the Log Level for Universal Broker. Can be set to "debug" for more information +## @param logVerbose [default: false] Enable to log request headers. Takes effect if log level is "info" + +logLevel: "info" +logVerbose: false + +## @section Serving over HTTPS and Certificate Trust +##### HTTPS Inspection ##### + +## @param caCert Set caCert to read certificate content from the values.yaml file as a multiline string: +## Include any/all certificates required for a full trust chain. +## +## caCert: |- +## ----- BEGIN CERTIFICATE ----- +## < certificate data > +## ----- END CERTIFICATE ----- +## ----- BEGIN CERTIFICATE ----- +## < another certificate > +## ----- END CERTIFICATE ----- +## +## or +## +## caCert: "----- BEGIN CERTIFICATE -----\n.....\n----- END CERTIFICATE -----" +caCert: "" + +## @param caCertMount.path [string, default:"/home/node/cacert"] the path to mount a certificate bundle to +## @param caCertMount.name [string, default:"cacert"] the filename to write a certificate bundle to +caCertMount: + path: /home/node/cacert + name: cacert + +## @param caCertSecret.name [string] set to read a CA cert from an external secret +## @param caCertSecret.caCertKey [default: ca.pem] set to read the ca cert from a different key +caCertSecret: + name: "" + caCertKey: ca.pem + +## @param disableAllCertificateTrust [default: false] Set to `true` to disable trust of **all** certificates, including any provided CAs +disableAllCertificateTrust: false + +## @param localWebServer.https [default: false] enables Broker client to run a HTTPS server instead of the default HTTP server +## @param localWebServer.certificate [string] Provide HTTPS cert +## @param localWebServer.key [string] Provides HTTPS cert key +localWebServer: + https: false + certificate: "" + key: "" +## @param localWebServerSecret.name the name of the secret to create or (if cert and key are empty) the existing TLS secret to use +localWebServerSecret: + name: "" + +## @section Proxy Configuration +## @param httpProxy Set to proxy any http-only traffic. You probably need to use HTTPS proxy setting and leave this blank +## @param httpsProxy HTTPS Proxy URL. Optionally provide user/password auth in the url (http(s)://[username]:[password]@my.proxy:[port]). No other authentication schemes are supported +## @param noProxy A comma-separated list of hostnames that must not transit a proxy. Do not include protocol or port numbers +## @param proxySecret.name The name of a pre-existing secret containing up to three entries. If set, supersedes `.Values.httpProxy`, `.Values.httpsProxy` and `.Values.noProxy` +## @param proxySecret.httpProxyKey Specify the key within the pre-existing secret containing the value for HTTP_PROXY. If left empty, no value is set +## @param proxySecret.httpsProxyKey Specify the key within the pre-existing secret containing the value for HTTPS_PROXY. If left empty, no value is set +## @param proxySecret.noProxyKey Specify the key within the pre-existing secret containing the value for NO_PROXY. If left empty, no value is set +httpProxy: "" +httpsProxy: "" +noProxy: "" +proxySecret: + name: "" + httpProxyKey: "" + httpsProxyKey: "" + noProxyKey: "" + +## @section Commit Signing ## @param commitSigning.enabled [default: false] Set to true to sign any commits made to GitHub or GitHub Enterprise. Requires `name`, `email`, `passphrase`, `privateKey` _or_ `commitSigningSecret` ## @param commitSigning.name [string] The name to associate with any signed commits ## @param commitSigning.email [string] The email to associate with any signed commits @@ -73,41 +153,6 @@ commitSigning: commitSigningSecret: name: "" -## @section Networking Parameters -## @param insecureDownstream [default: false] Set to true to communicate with _all_ downstream integrations via http. Not recommended, as traffic will no longer be encrypted -insecureDownstream: false - -## @param containerPort [default: 8000] The port the Broker container will expose -containerPort: 8000 - -## @param hostAliases [array] Add host aliases to the Broker pod if required -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## @param service.type [default: ClusterIP] Set the included Service type -## @param service.port [default: 8000] Set the port the Service will expose -## @param service.nodePort [nullable] Optionally specify a nodePort (only takes effect if service.type=NodePort) -## @param service.clusterIP [nullable] Optionally specify an IP address (only takes effect if service.type=ClusterIP) -## @param service.loadBalancerIP [nullable] Optionally specify an IP address (only takes effect if service.type=LoadBalancer) -## @param service.loadBalancerSourceRanges [array] Specify an array of CIDR blocks to permit traffic from (only takes effect if service.type=LoadBalancer) -## @param service.externalTrafficPolicy [string, default: Cluster] Set the externalTrafficPolicy of the service (only takes effect if service.type=LoadBalancer) -## @param service.extraPorts [array] Add extra ports to the Service -## @param service.tls [array] Enable TLS at the Service level -service: - type: ClusterIP - port: 8000 - nodePort: null - clusterIP: null - loadBalancerIP: null - loadBalancerSourceRanges: [] - externalTrafficPolicy: Cluster - extraPorts: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - ## @section Broker Ingress ## @param ingress.enabled [default: false] Set to true to create an Ingress @@ -142,6 +187,38 @@ ingress: enabled: false existingSecret: "" +## @section Networking Parameters +## @param containerPort [default: 8000] The port the Broker container will expose +containerPort: 8000 + +## @param hostAliases [array] Add host aliases to the Broker pod if required +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] + +## @param service.type [default: ClusterIP] Set the included Service type +## @param service.port [default: 8000] Set the port the Service will expose +## @param service.nodePort [nullable] Optionally specify a nodePort (only takes effect if service.type=NodePort) +## @param service.clusterIP [nullable] Optionally specify an IP address (only takes effect if service.type=ClusterIP) +## @param service.loadBalancerIP [nullable] Optionally specify an IP address (only takes effect if service.type=LoadBalancer) +## @param service.loadBalancerSourceRanges [array] Specify an array of CIDR blocks to permit traffic from (only takes effect if service.type=LoadBalancer) +## @param service.externalTrafficPolicy [string, default: Cluster] Set the externalTrafficPolicy of the service (only takes effect if service.type=LoadBalancer) +## @param service.extraPorts [array] Add extra ports to the Service +## @param service.tls [array] Enable TLS at the Service level +service: + type: ClusterIP + port: 8000 + nodePort: null + clusterIP: null + loadBalancerIP: null + loadBalancerSourceRanges: [] + externalTrafficPolicy: Cluster + extraPorts: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + ## @section Runtime ## @param runtimeClassName [string] Optionally specify a runtimeClassName for Broker to target @@ -162,13 +239,6 @@ resources: cpu: 2 memory: 1024Mi -## @param highAvailabilityMode.enabled snyk [default: true] Set to false to disable High Availability Mode for Broker -## @param highAvailabilityMode.replicaCount [default: 2] Number of Broker pods when running in HA mode (min 2, max 4) - -highAvailabilityMode: - enabled: true - replicaCount: 2 - ## @section Metadata ## @param commonLabels [object] Labels to add to all deployed objects @@ -196,7 +266,7 @@ tolerations: [] ## @param livenessProbe.config.initialDelaySeconds [default: 3] Initial delay in seconds ## @param livenessProbe.config.periodSeconds [default: 10] Seconds between probes ## @param livenessProbe.config.timeoutSeconds [default: 1] Elapsed second(s) for timeout -## @param livenessProbe.config.failureThreshold [default: 3] Number of consecutive probe failures to mark as unhealty +## @param livenessProbe.config.failureThreshold [default: 3] Number of consecutive probe failures to mark as unhealthy livenessProbe: enabled: true @@ -223,75 +293,6 @@ readinessProbe: timeoutSeconds: 1 failureThreshold: 3 -## @section Logging -## @param logLevel Set the Log Level for Universal Broker. Can be set to "debug" for more information -## @param logVerbose [default: false] Enable to log request headers. Takes effect if log level is "info" - -logLevel: "info" -logVerbose: false - -## @section Serving over HTTPS and Certificate Trust -## @param localWebServer.https [default: false] enables Broker client to run a HTTPS server instead of the default HTTP server -## @param localWebServer.certificate [string] Provide HTTPS cert -## @param localWebServer.key [string] Provides HTTPS cert key -localWebServer: - https: false - certificate: "" - key: "" -## @param localWebServerSecret.name the name of the secret to create or (if cert and key are empty) the existing TLS secret to use -localWebServerSecret: - name: "" - -##### HTTPS Inspection ##### - -## @param caCert Set caCert to read certificate content from the values.yaml file as a multiline string: -## Include any/all certificates required for a full trust chain. -## -## caCert: |- -## ----- BEGIN CERTIFICATE ----- -## < certificate data > -## ----- END CERTIFICATE ----- -## ----- BEGIN CERTIFICATE ----- -## < another certificate > -## ----- END CERTIFICATE ----- -## -## or -## -## caCert: "----- BEGIN CERTIFICATE -----\n.....\n----- END CERTIFICATE -----" -caCert: "" - -## @param caCertMount.path [string, default:"/home/node/cacert"] the path to mount a certificate bundle to -## @param caCertMount.name [string, default:"cacert"] the filename to write a certificate bundle to -caCertMount: - path: /home/node/cacert - name: cacert - -## @param caCertSecret.name [string] set to read a CA cert from an external secret -## @param caCertSecret.caCertKey [default: ca.pem] set to read the ca cert from a different key -caCertSecret: - name: "" - caCertKey: ca.pem - -## @param disableAllCertificateTrust [default: false] Set to `true` to disable trust of **all** certificates, including any provided CAs -disableAllCertificateTrust: false - -## @section Proxy Configuration -## @param httpProxy Set to proxy any http-only traffic. You probably need to use HTTPS proxy setting and leave this blank -## @param httpsProxy HTTPS Proxy URL. Optionally provide user/password auth in the url (http(s)://[username]:[password]@my.proxy:[port]). No other authentication schemes are supported -## @param noProxy A comma-separated list of hostnames that must not transit a proxy. Do not include protocol or port numbers -## @param proxySecret.name The name of a pre-existing secret containing up to three entries. If set, supersedes `.Values.httpProxy`, `.Values.httpsProxy` and `.Values.noProxy` -## @param proxySecret.httpProxyKey Specify the key within the pre-existing secret containing the value for HTTP_PROXY. If left empty, no value is set -## @param proxySecret.httpsProxyKey Specify the key within the pre-existing secret containing the value for HTTPS_PROXY. If left empty, no value is set -## @param proxySecret.noProxyKey Specify the key within the pre-existing secret containing the value for NO_PROXY. If left empty, no value is set -httpProxy: "" -httpsProxy: "" -noProxy: "" -proxySecret: - name: "" - httpProxyKey: "" - httpsProxyKey: "" - noProxyKey: "" - ## @section Image Registry ## @param image.registry [default: docker.io] Broker image registry ## @param image.repository [default: snyk/broker] Broker image repository