# Default values for freeipa. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 hostname: freeipa.example.org image: repository: freeipa/freeipa-server pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "fedora-37-4.10.1" # # IPA Server must know it's own hostname to work properly.... # # These values will probs need to be overwritten or could use lookup function? # app_domain: apps.mycluster.example.com # admin_password: Passw0rd # realm: "-r redhatlabs.dev" # # sensible defaults # install_opts: "-U --setup-dns --no-forwarders --no-ntp" # container_args: "ipa-server-install" # volume: 5Gi # # this can be used if not using helm install to set the correct ns # # namespaceOverride: ipa # # this example is using the ldap admin user and password as the bind creds # # and expects a group in ldap called `student` # # disabled by default so as to not overwrite existing oauth configs in openshift-config ns # ocp_auth: # enabled: false # bind_dn: "uid=admin,cn=users,cn=accounts,dc=redhatlabs,dc=dev" # bind_password: Passw0rd # base: "cn=student,cn=groups,cn=accounts,dc=redhatlabs,dc=dev" # domain: "dc=redhatlabs,dc=dev" # machineconfig: # ignition_version: 3.1.0 command: {} args: realm: EXAMPLE.ORG domain: example.org dspassword: ASDF1poiu2QWER3mnbv4 # pragma: allowlist secret adminpassword: ASDF1poiu2QWER3mnbv4 # pragma: allowlist secret nohostdns: true nontp: true setupdns: false autoforwarders: true # if setup dns is true thiw will be applicable allowzoneoverlap: true # if setup dns is true thiw will be applicable sshtrustdns: false ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: ## @param persistence.enabled Enable HashiCorp Consul data persistence using PVC, use a Persistent Volume Claim, If false, use emptyDir ## enabled: true ## @param persistence.storageClass Persistent Volume storage class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" ## @param persistence.annotations Persistent Volume Claim annotations ## annotations: {} ## @param persistence.accessModes Persistent Volume Access Mode ## accessModes: - ReadWriteOnce ## @param persistence.size PVC Storage Request for HashiCorp Consul data volume ## size: 5Gi imagePullSecrets: [] nameOverride: "" fullnameOverride: "" extraEnv: {} podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 containerSecurityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 ## Container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled HashiCorp Consul Prometheus Exporter securityContext ## @param metrics.containerSecurityContext.runAsUser User ID for the HashiCorp Consul Prometheus Exporter ## @param metrics.containerSecurityContext.runAsNonRoot Force the container to be run as non root ## service: type: ClusterIP # clusterIP: 10.43.201.201 port: 80 ## Configure the ingress resource that allows you to access the Consul UI ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## @param ingress.enabled Enable ingress resource for Management console ## enabled: false ## @param ingress.path Path for the default host ## path: / ## @param ingress.apiVersion Override API Version (automatically detected if not set) ## apiVersion: "" ## @param ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## DEPRECATED: Use ingress.annotations instead of ingress.certManager ## certManager: false ## ## @param ingress.hostname Default host for the ingress resource, a host pointing to this will be created ## hostname: example.org ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param ingress.ingressClassName Set the ingerssClassName on the ingress record for k8s 1.18+ ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} ## or a custom one if you use the tls.existingSecret parameter ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## Example: ## existingSecret: name-of-existing-secret ## tls: false ## @param ingress.backendProtocol The backend serviceport which the ingress record will point at ## backendProtocol: "http" ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: consul-ui.local ## path: / ## extraHosts: [] ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. ## extraPaths: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - consul-ui.local ## secretName: rconsul-ui.local-tls ## extraTls: [] ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## Example: ## - name: consul-ui.local-tls ## key: ## certificate: ## secrets: [] ## @param ingress.existingSecret It is you own the certificate as secret. existingSecret: "" ## @param ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi nodeSelector: {} tolerations: [] affinity: {} ## Enable diagnostic mode in the deployment ## diagnosticMode: ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## enabled: false ## @param diagnosticMode.command Command to override all containers in the deployment ## command: - sleep ## @param diagnosticMode.args Args to override all containers in the deployment ## args: - infinity