Files
planka-plankanban/charts/planka/values.yaml

329 lines
8.9 KiB
YAML

# Default values for planka.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: ghcr.io/plankanban/planka
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# Optional: specify the image digest for pinning by SHA256
# When set, the image reference will include the digest for enhanced security
# Example: "abc123def456..." (without sha256: prefix)
digest: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# Generate a secret using openssl rand -base64 45
secretkey: ""
## @param existingSecretkeySecret Name of an existing secret containing the session key string
## NOTE: Must contain key `key`
## NOTE: When it's set, the secretkey parameter is ignored
existingSecretkeySecret: ""
## @param existingAdminCredsSecret Name of an existing secret containing the admin username and password
## NOTE: Must contain keys `username` and `password`
## NOTE: When it's set, the `admin_username` and `admin_password` parameters are ignored
existingAdminCredsSecret: ""
admin_email: ""
admin_password: ""
admin_name: ""
admin_username: ""
# Base url for PLANKA. Will override `ingress.hosts[0].host`
# Defaults to `http://localhost:3000` if ingress is disabled.
baseUrl: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
# Annotations to add to the deployment
deploymentAnnotations: {}
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
annotations: {}
type: ClusterIP
port: 1337
## @param service.containerPort PLANKA HTTP container port
## If empty will default to 1337
##
containerPort: 1337
ingress:
enabled: false
className: ""
labels: {}
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
# Used to set planka BASE_URL if no `baseurl` is provided.
- host: planka.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: planka-tls
# hosts:
# - planka.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
postgresql:
global:
security:
allowInsecureImages: true
image:
repository: bitnamilegacy/postgresql
enabled: true
auth:
database: planka
username: planka
password: ""
postgresPassword: ""
replicationPassword: ""
# existingSecret: planka-postgresql
serviceBindings:
enabled: true
## Set this or existingDburlSecret if you disable the built-in postgresql deployment
dburl:
## @param existingDburlSecret Name of an existing secret containing a DBurl connection string
## NOTE: Must contain key `uri`
## NOTE: When it's set, the `dburl` parameter is ignored
##
existingDburlSecret: ""
## PVC-based data storage configuration
persistence:
enabled: false
# existingClaim: netbox-data
# storageClass: "-"
accessMode: ReadWriteOnce
size: 10Gi
## OpenID Identity Management configuration
##
## Example:
## ---------------
## oidc:
## enabled: true
## clientId: sxxaAIAxVXlCxTmc1YLHBbQr8NL8MqLI2DUbt42d
## clientSecret: om4RTMRVHRszU7bqxB7RZNkHIzA8e4sGYWxeCwIMYQXPwEBWe4SY5a0wwCe9ltB3zrq5f0dnFnp34cEHD7QSMHsKvV9AiV5Z7eqDraMnv0I8IFivmuV5wovAECAYreSI
## issuerUrl: https://auth.local/application/o/planka/
## admin:
## roles:
## - planka-admin
##
## ---------------
## NOTE: A minimal configuration requires setting `clientId`, `clientSecret` and `issuerUrl`. (plus `admin.roles` for administrators)
## ref: https://docs.planka.cloud/docs/configuration/oidc/
##
oidc:
## @param oidc.enabled Enable single sign-on (SSO) with OpenID Connect (OIDC)
##
enabled: false
## OIDC credentials
## @param oidc.clientId A string unique to the provider that identifies your app.
## @param oidc.clientSecret A secret string that the provider uses to confirm ownership of a client ID.
##
## NOTE: Either specify inline `clientId` and `clientSecret` or refer to them via `existingSecret`
##
clientId: ""
clientSecret: ""
## @param oidc.existingSecret Name of an existing secret containing OIDC credentials
## NOTE: Must contain key `clientId` and `clientSecret`
## NOTE: When it's set, the `clientId` and `clientSecret` parameters are ignored
##
existingSecret: ""
## @param oidc.issuerUrl The OpenID connect metadata document endpoint
##
issuerUrl: ""
## @param oidc.scopes A list of scopes required for OIDC client.
## If empty will default to `openid`, `profile` and `email`
## NOTE: PLANKA needs the email and name claims
##
scopes: []
## Admin permissions configuration
admin:
## @param oidc.admin.ignoreRoles If set to true, the admin roles will be ignored.
## It is useful if you want to use OIDC for authentication but not for authorization.
## If empty will default to `false`
##
ignoreRoles: false
## @param oidc.admin.rolesAttribute The name of a custom group claim that you have configured in your OIDC provider
## If empty will default to `groups`
##
rolesAttribute: groups
## @param oidc.admin.roles The names of the admin groups
##
roles: []
# - planka-admin
## Extra environment variables for planka deployment
## Supports hard coded and getting values from a k8s secret
## - name: test
## value: valuetest
## - name: another
## value: another
## - name: test-secret
## valueFrom:
## secretName: k8s-secret-name
## key: key-inside-the-secret
##
extraEnv: []
## Example extraEnv for configuring SMTP
## extraEnv:
## - name: SMTP_HOST
## value: "smtp.example.com"
## - name: SMTP_PORT
## value: "587"
## - name: SMTP_NAME
## value: "Your Name"
## - name: SMTP_SECURE
## value: "true"
## - name: SMTP_TLS_REJECT_UNAUTHORIZED
## value: "false"
## - name: SMTP_USER
## value: "your_email@example.com"
## - name: SMTP_PASSWORD
## value: "your_password"
## - name: SMTP_FROM
## value: "your_email@example.com"
## End User Terms of Service configuration
## Mount custom terms of service markdown files into the Planka deployment
##
terms:
enabled: false
# Provide individual language files as key-value pairs
# e.g.,
# customFiles:
# en-US.md: |
# # End User Terms of Service
# ...
# de-DE.md: |
# # Nutzungsbedingungen
# ...
customFiles: {}
## Extra volume mounts configuration
## Mount ConfigMaps, Secrets, and arbitrary volumes to the PLANKA container
## This allows mounting any pre-existing ConfigMaps, Secrets, or other volume types
##
extraMounts: []
## Example extraMounts:
## extraMounts:
## - name: ca-certs
## mountPath: /etc/ssl/certs/ca-certificates.crt
## subPath: ca-bundle.crt
## readOnly: true
## configMap:
## name: ca-certificates
## - name: tls-certs
## mountPath: /etc/ssl/private
## readOnly: true
## secret:
## secretName: planka-tls
## items:
## - key: tls.crt
## path: server.crt
## - key: tls.key
## path: server.key
## - name: temp-storage
## mountPath: /tmp/planka-temp
## readOnly: false
## emptyDir:
## sizeLimit: 1Gi
## Example configuration for OIDC with self-hosted Keycloak using custom CA
## (Requires pre-existing ConfigMap "ca-certificates")
## extraMounts:
## - name: keycloak-ca
## mountPath: /etc/ssl/certs/keycloak-ca.crt
## subPath: ca.crt
## readOnly: true
## configMap:
## name: ca-certificates
##
## extraEnv:
## - name: NODE_EXTRA_CA_CERTS
## value: "/etc/ssl/certs/keycloak-ca.crt"
extraContainers: []
## Extra sidecar containers
## Add additional containers to the PLANKA pod
##
## Example extraContainers:
## extraContainers:
## - name: nginx-sidecar
## image: nginx:latest
## ports:
## - containerPort: 8085
## name: nginx-http
## - name: log-collector
## image: busybox:latest
## command: ['sh', '-c', 'tail -f /var/log/app.log']
## volumeMounts:
## - name: planka
## mountPath: /var/log
## subPath: app-logs
##