mirror of
https://github.com/CloudNebulaProject/barycenter.git
synced 2026-04-10 21:20:41 +00:00
2a865b2ba4
Add support for valueFrom in environment variables for both main container and user-sync init container. This enables injecting values from secrets, configMaps, fieldRefs, and resourceFieldRefs instead of only hardcoded values. Updated deployment template to use toYaml for env rendering, allowing full Kubernetes env var specifications. Added comprehensive documentation and examples in values.yaml. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
217 lines
4.5 KiB
YAML
217 lines
4.5 KiB
YAML
# Default values for barycenter Helm chart
|
|
|
|
replicaCount: 1
|
|
|
|
image:
|
|
repository: barycenter
|
|
pullPolicy: IfNotPresent
|
|
tag: "latest"
|
|
|
|
imagePullSecrets: []
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
serviceAccount:
|
|
create: true
|
|
annotations: {}
|
|
name: ""
|
|
|
|
podAnnotations: {}
|
|
|
|
podSecurityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
fsGroup: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
|
|
service:
|
|
type: ClusterIP
|
|
port: 8080
|
|
annotations: {}
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: "nginx"
|
|
annotations: {}
|
|
# cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
hosts:
|
|
- host: idp.example.com
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls: []
|
|
# - secretName: barycenter-tls
|
|
# hosts:
|
|
# - idp.example.com
|
|
|
|
# Kubernetes Gateway API support (alternative to Ingress)
|
|
# Requires Gateway API CRDs to be installed in the cluster
|
|
gatewayAPI:
|
|
enabled: false
|
|
annotations: {}
|
|
# Reference to the Gateway resource
|
|
parentRefs:
|
|
- name: gateway
|
|
namespace: gateway-system
|
|
# Optional: specify listener name
|
|
# sectionName: https
|
|
# Hostnames for the HTTPRoute
|
|
hostnames:
|
|
- idp.example.com
|
|
# Optional: backend weight for traffic splitting
|
|
# backendWeight: 100
|
|
# Optional: filters for request/response modification
|
|
filters: []
|
|
# - type: RequestHeaderModifier
|
|
# requestHeaderModifier:
|
|
# add:
|
|
# - name: X-Custom-Header
|
|
# value: custom-value
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 10
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|
|
|
|
# Barycenter-specific configuration
|
|
config:
|
|
server:
|
|
host: "0.0.0.0"
|
|
port: 8080
|
|
# publicBaseUrl: "https://idp.example.com"
|
|
|
|
database:
|
|
url: "sqlite:///app/data/barycenter.db?mode=rwc"
|
|
|
|
keys:
|
|
jwksPath: "/app/data/jwks.json"
|
|
privateKeyPath: "/app/data/private_key.pem"
|
|
alg: "RS256"
|
|
|
|
federation:
|
|
trustAnchors: []
|
|
|
|
# Environment variables for main container
|
|
# Supports full Kubernetes env var specification including valueFrom
|
|
env:
|
|
- name: RUST_LOG
|
|
value: "info"
|
|
# Simple value example:
|
|
# - name: BARYCENTER__SERVER__PUBLIC_BASE_URL
|
|
# value: "https://idp.example.com"
|
|
#
|
|
# ValueFrom secret example:
|
|
# - name: BARYCENTER__DATABASE__URL
|
|
# valueFrom:
|
|
# secretKeyRef:
|
|
# name: barycenter-db-secret
|
|
# key: database-url
|
|
#
|
|
# ValueFrom configMap example:
|
|
# - name: CONFIG_VALUE
|
|
# valueFrom:
|
|
# configMapKeyRef:
|
|
# name: app-config
|
|
# key: some-value
|
|
#
|
|
# Field reference example:
|
|
# - name: POD_NAME
|
|
# valueFrom:
|
|
# fieldRef:
|
|
# fieldPath: metadata.name
|
|
#
|
|
# Resource limits example:
|
|
# - name: MEMORY_LIMIT
|
|
# valueFrom:
|
|
# resourceFieldRef:
|
|
# containerName: barycenter
|
|
# resource: limits.memory
|
|
|
|
# Persistence for database and keys
|
|
persistence:
|
|
enabled: true
|
|
# storageClass: ""
|
|
accessMode: ReadWriteOnce
|
|
size: 10Gi
|
|
annotations: {}
|
|
|
|
# Liveness probe configuration
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /.well-known/openid-configuration
|
|
port: http
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 30
|
|
timeoutSeconds: 3
|
|
failureThreshold: 3
|
|
|
|
# Readiness probe configuration
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /.well-known/openid-configuration
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
timeoutSeconds: 3
|
|
failureThreshold: 3
|
|
|
|
# User synchronization from JSON file
|
|
userSync:
|
|
# Enable user sync init container
|
|
enabled: false
|
|
|
|
# Name of existing secret containing users.json
|
|
existingSecret: ""
|
|
# Example: barycenter-users
|
|
|
|
# Secret key containing the users.json file
|
|
secretKey: "users.json"
|
|
|
|
# Additional environment variables for user-sync init container
|
|
# Supports full Kubernetes env var specification (same as main container)
|
|
# RUST_LOG is already set to "info" by default
|
|
env: []
|
|
# Examples:
|
|
# - name: CUSTOM_VAR
|
|
# value: "custom-value"
|
|
# - name: SECRET_VALUE
|
|
# valueFrom:
|
|
# secretKeyRef:
|
|
# name: my-secret
|
|
# key: secret-key
|
|
|
|
# Init container resources
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 256Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|