diff --git a/charts/openbas/README.md b/charts/openbas/README.md index b2c215f..8dba05c 100644 --- a/charts/openbas/README.md +++ b/charts/openbas/README.md @@ -77,86 +77,94 @@ helm show values openbas/openbas | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | Affinity for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | -| autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | -| caldera | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"config":{},"enabled":true,"env":{},"envFromSecrets":{},"image":{"pullPolicy":"IfNotPresent","repository":"openbas/caldera-server","tag":"5.0.0"},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"replicaCount":1,"resources":{},"securityContext":{},"service":{"port":8888,"targetPort":8888,"type":"ClusterIP"},"tolerations":[],"volumeMounts":[],"volumes":[]}` | OpenBAS caldera-server deployment configuration | -| caldera.affinity | object | `{}` | Affinity for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | -| caldera.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | -| caldera.config | object | `{}` | Caldera configuration
Ref: https://github.com/OpenBAS-Platform/docker/blob/master/caldera.yml | -| caldera.enabled | bool | `true` | Enable or disable Caldera server | -| caldera.env | object | `{}` | Environment variables to configure application
Ref: https://docs.openbas.io/latest/deployment/configuration/#platform | -| caldera.envFromSecrets | object | `{}` | Secrets from variables | -| caldera.image | object | See below | Image registry configuration for the base service | -| caldera.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | -| caldera.image.repository | string | `"openbas/caldera-server"` | Repository of the image | -| caldera.image.tag | string | `"5.0.0"` | Overrides the image tag whose default is the chart appVersion | -| caldera.ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | -| caldera.nodeSelector | object | `{}` | Node labels for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | -| caldera.podAnnotations | object | `{}` | Configure annotations on Pods | -| caldera.podLabels | object | `{}` | Configure labels on Pods | -| caldera.podSecurityContext | object | `{}` | Defines privilege and access control settings for a Pod
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | -| caldera.replicaCount | int | `1` | Number of replicas for the service | -| caldera.resources | object | `{}` | The resources limits and requested
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | -| caldera.securityContext | object | `{}` | Defines privilege and access control settings for a Container
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | -| caldera.service | object | `{"port":8888,"targetPort":8888,"type":"ClusterIP"}` | Kubernetes service to expose Pod
Ref: https://kubernetes.io/docs/concepts/services-networking/service/ | -| caldera.service.port | int | `8888` | Kubernetes Service port | -| caldera.service.targetPort | int | `8888` | Pod expose port | -| caldera.service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP | -| caldera.tolerations | list | `[]` | Tolerations for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | -| caldera.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition | -| caldera.volumes | list | `[]` | Additional volumes on the output Deployment definition | -| collectorGlobalEnv | object | `{}` | Collector Global environment | -| collectors | list | `[]` | Collectors
Ref: https://github.com/OpenBAS-Platform/collectors | -| env | object | `{"INJECTOR_CALDERA_API_KEY":"ChangeMe","INJECTOR_CALDERA_PUBLIC_URL":"http://release-name-caldera:8888","INJECTOR_CALDERA_URL":"http://release-name-caldera:8888","MINIO_ENDPOINT":"release-name-minio:9000","OPENBAS_ADMIN_EMAIL":"admin@openbas.io","OPENBAS_ADMIN_PASSWORD":"ChangeMe","OPENBAS_ADMIN_TOKEN":"ChangeMe","OPENBAS_AUTH-LOCAL-ENABLE":true,"OPENBAS_BASE-URL":"http://localhost:8080","OPENBAS_RABBITMQ_HOSTNAME":"release-name-rabbitmq","OPENBAS_RABBITMQ_MANAGEMENT-PORT":15672,"OPENBAS_RABBITMQ_PASS":"ChangeMe","OPENBAS_RABBITMQ_PORT":5672,"OPENBAS_RABBITMQ_USER":"user","SERVER_ADDRESS":"0.0.0.0","SERVER_PORT":8080,"SPRING_DATASOURCE_PASSWORD":"ChangeMe","SPRING_DATASOURCE_URL":"jdbc:postgresql://release-name-postgresql:5432/openbas","SPRING_DATASOURCE_USERNAME":"user"}` | Environment variables to configure application
Ref: https://docs.openbas.io/latest/deployment/configuration/#platform | -| envFromSecrets | object | `{}` | Secrets from variables | -| fullnameOverride | string | `""` | String to fully override openbas.fullname template | -| global | object | `{"imagePullSecrets":[],"imageRegistry":""}` | Global section contains configuration options that are applied to all services @default - See below | -| global.imagePullSecrets | list | `[]` | Specifies the secrets to use for pulling images from private registries Leave empty if no secrets are required E.g. imagePullSecrets: - name: myRegistryKeySecretName | -| global.imageRegistry | string | `""` | Specifies the registry to pull images from. Leave empty for the default registry | -| image | object | See below | Image registry configuration for the base service | -| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | -| image.repository | string | `"openbas/platform"` | Repository of the image | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| imagePullSecrets | list | `[]` | Global Docker registry secret names as an array | -| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | -| injectorGlobalEnv | object | `{}` | Injector Global environment | -| injectors | list | `[]` | Injectors
Ref: https://github.com/OpenBAS-Platform/injectors | -| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | -| livenessProbeCustom | object | `{}` | Custom livenessProbe | -| minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml | +| affinity | object | `{}` | Affinity for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | +| autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | +| caldera | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"config":{},"enabled":true,"env":{},"envFromSecrets":{},"image":{"pullPolicy":"IfNotPresent","repository":"openbas/caldera-server","tag":"5.0.0"},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]},"networkPolicy":{"egress":[],"enabled":false,"ingress":[],"policyTypes":[]},"nodeSelector":{},"podAnnotations":{},"podDisruptionBudget":{"enabled":false,"maxUnavailable":1,"minAvailable":null},"podLabels":{},"podSecurityContext":{},"replicaCount":1,"resources":{},"securityContext":{},"service":{"port":8888,"targetPort":8888,"type":"ClusterIP"},"tolerations":[],"volumeMounts":[],"volumes":[]}` | OpenBAS caldera-server deployment configuration | +| caldera.affinity | object | `{}` | Affinity for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | +| caldera.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | +| caldera.config | object | `{}` | Caldera configuration
Ref: https://github.com/OpenBAS-Platform/docker/blob/master/caldera.yml | +| caldera.enabled | bool | `true` | Enable or disable Caldera server | +| caldera.env | object | `{}` | Environment variables to configure application
Ref: https://docs.openbas.io/latest/deployment/configuration/#platform | +| caldera.envFromSecrets | object | `{}` | Secrets from variables | +| caldera.image | object | `{"pullPolicy":"IfNotPresent","repository":"openbas/caldera-server","tag":"5.0.0"}` | Image registry configuration for the base service | +| caldera.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | +| caldera.image.repository | string | `"openbas/caldera-server"` | Repository of the image | +| caldera.image.tag | string | `"5.0.0"` | Overrides the image tag whose default is the chart appVersion | +| caldera.ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | +| caldera.networkPolicy | object | `{"egress":[],"enabled":false,"ingress":[],"policyTypes":[]}` | NetworkPolicy configuration
Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | +| caldera.networkPolicy.enabled | bool | `false` | Enable or disable NetworkPolicy | +| caldera.networkPolicy.policyTypes | list | `[]` | Policy types | +| caldera.nodeSelector | object | `{}` | Node labels for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | +| caldera.podAnnotations | object | `{}` | Configure annotations on Pods | +| caldera.podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":null}` | Pod Disruption Budget
Ref: https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/ | +| caldera.podLabels | object | `{}` | Configure labels on Pods | +| caldera.podSecurityContext | object | `{}` | Defines privilege and access control settings for a Pod
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | +| caldera.replicaCount | int | `1` | Number of replicas for the service | +| caldera.resources | object | `{}` | The resources limits and requested
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | +| caldera.securityContext | object | `{}` | Defines privilege and access control settings for a Container
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | +| caldera.service | object | `{"port":8888,"targetPort":8888,"type":"ClusterIP"}` | Kubernetes service to expose Pod
Ref: https://kubernetes.io/docs/concepts/services-networking/service/ | +| caldera.service.port | int | `8888` | Kubernetes Service port | +| caldera.service.targetPort | int | `8888` | Pod expose port | +| caldera.service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP | +| caldera.tolerations | list | `[]` | Tolerations for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | +| caldera.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition | +| caldera.volumes | list | `[]` | Additional volumes on the output Deployment definition | +| collectorGlobalEnv | object | `{}` | Collector Global environment | +| collectors | list | `[]` | Collectors
Ref: https://github.com/OpenBAS-Platform/collectors | +| env | object | `{"INJECTOR_CALDERA_API_KEY":"ChangeMe","INJECTOR_CALDERA_PUBLIC_URL":"http://release-name-caldera:8888","INJECTOR_CALDERA_URL":"http://release-name-caldera:8888","MINIO_ENDPOINT":"release-name-minio:9000","OPENBAS_ADMIN_EMAIL":"admin@openbas.io","OPENBAS_ADMIN_PASSWORD":"ChangeMe","OPENBAS_ADMIN_TOKEN":"ChangeMe","OPENBAS_AUTH-LOCAL-ENABLE":true,"OPENBAS_BASE-URL":"http://localhost:8080","OPENBAS_RABBITMQ_HOSTNAME":"release-name-rabbitmq","OPENBAS_RABBITMQ_MANAGEMENT-PORT":15672,"OPENBAS_RABBITMQ_PASS":"ChangeMe","OPENBAS_RABBITMQ_PORT":5672,"OPENBAS_RABBITMQ_USER":"user","SERVER_ADDRESS":"0.0.0.0","SERVER_PORT":8080,"SPRING_DATASOURCE_PASSWORD":"ChangeMe","SPRING_DATASOURCE_URL":"jdbc:postgresql://release-name-postgresql:5432/openbas","SPRING_DATASOURCE_USERNAME":"user"}` | Environment variables to configure application
Ref: https://docs.openbas.io/latest/deployment/configuration/#platform | +| envFromSecrets | object | `{}` | Secrets from variables | +| fullnameOverride | string | `""` | String to fully override openbas.fullname template | +| global | object | `{"imagePullSecrets":[],"imageRegistry":""}` | Global section contains configuration options that are applied to all services | +| global.imagePullSecrets | list | `[]` | Specifies the secrets to use for pulling images from private registries Leave empty if no secrets are required E.g. imagePullSecrets: - name: myRegistryKeySecretName | +| global.imageRegistry | string | `""` | Specifies the registry to pull images from. Leave empty for the default registry | +| image | object | `{"pullPolicy":"IfNotPresent","repository":"openbas/platform","tag":""}` | Image registry configuration for the base service | +| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | +| image.repository | string | `"openbas/platform"` | Repository of the image | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | +| imagePullSecrets | list | `[]` | Global Docker registry secret names as an array | +| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | +| injectorGlobalEnv | object | `{}` | Injector Global environment | +| injectors | list | `[]` | Injectors
Ref: https://github.com/OpenBAS-Platform/injectors | +| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | +| livenessProbeCustom | object | `{}` | Custom livenessProbe | +| minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml | | minio.enabled | bool | `true` | Enable or disable MinIO subchart | -| nameOverride | string | `""` | String to partially override openbas.fullname template (will maintain the release name) | -| nodeSelector | object | `{}` | Node labels for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | -| podAnnotations | object | `{}` | Configure annotations on Pods | -| podLabels | object | `{}` | Configure labels on Pods | -| podSecurityContext | object | `{}` | Defines privilege and access control settings for a Pod
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | -| postgresql | object | `{"auth":{"database":"openbas","password":"ChangeMe","username":"user"},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | PostgreSQL subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml | -| postgresql.enabled | bool | `true` | Enable or disable PostgreSQL subchart | -| rabbitmq | object | `{"auth":{"erlangCookie":"ChangeMe","password":"ChangeMe","username":"user"},"clustering":{"enabled":false},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | RabbitMQ subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml | -| rabbitmq.enabled | bool | `true` | Enable or disable RabbitMQ subchart | -| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Configure readinessProbe checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | -| readinessProbeCustom | object | `{}` | Custom readinessProbe | -| readyChecker | object | `{"enabled":true,"retries":30,"services":[{"name":"minio","port":9000},{"name":"postgresql","port":5432},{"name":"rabbitmq","port":5672}],"timeout":5}` | Enable or disable ready-checker | +| nameOverride | string | `""` | String to partially override openbas.fullname template (will maintain the release name) | +| networkPolicy | object | `{"egress":[],"enabled":false,"ingress":[],"policyTypes":[]}` | NetworkPolicy configuration
Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | +| networkPolicy.enabled | bool | `false` | Enable or disable NetworkPolicy | +| networkPolicy.policyTypes | list | `[]` | Policy types | +| nodeSelector | object | `{}` | Node labels for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | +| podAnnotations | object | `{}` | Configure annotations on Pods | +| podDisruptionBudget | object | `{"enabled":false,"maxUnavailable":1,"minAvailable":null}` | Pod Disruption Budget
Ref: https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/ | +| podLabels | object | `{}` | Configure labels on Pods | +| podSecurityContext | object | `{}` | Defines privilege and access control settings for a Pod
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | +| postgresql | object | `{"auth":{"database":"openbas","password":"ChangeMe","username":"user"},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | PostgreSQL subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml | +| postgresql.enabled | bool | `true` | Enable or disable PostgreSQL subchart | +| rabbitmq | object | `{"auth":{"erlangCookie":"ChangeMe","password":"ChangeMe","username":"user"},"clustering":{"enabled":false},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | RabbitMQ subchart deployment
Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml | +| rabbitmq.enabled | bool | `true` | Enable or disable RabbitMQ subchart | +| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Configure readinessProbe checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | +| readinessProbeCustom | object | `{}` | Custom readinessProbe | +| readyChecker | object | `{"enabled":true,"retries":30,"services":[{"name":"minio","port":9000},{"name":"postgresql","port":5432},{"name":"rabbitmq","port":5672}],"timeout":5}` | Enable or disable ready-checker | | readyChecker.enabled | bool | `true` | Enable or disable ready-checker | | readyChecker.retries | int | `30` | Number of retries before giving up | | readyChecker.services | list | `[{"name":"minio","port":9000},{"name":"postgresql","port":5432},{"name":"rabbitmq","port":5672}]` | List services | | readyChecker.timeout | int | `5` | Timeout for each check | -| replicaCount | int | `1` | Number of replicas for the service | -| resources | object | `{}` | The resources limits and requested
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | -| secrets | object | `{}` | Secrets values to create credentials and reference by envFromSecrets Generate Secret with following name: `-credentials`` | -| securityContext | object | `{}` | Defines privilege and access control settings for a Container
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | -| service | object | `{"port":80,"targetPort":8080,"type":"ClusterIP"}` | Kubernetes service to expose Pod
Ref: https://kubernetes.io/docs/concepts/services-networking/service/ | -| service.port | int | `80` | Kubernetes Service port | -| service.targetPort | int | `8080` | Pod expose port | -| service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP | -| serviceAccount | object | `{"annotations":{},"automountServiceAccountToken":false,"create":true,"name":""}` | Enable creation of ServiceAccount @default - See below | +| replicaCount | int | `1` | Number of replicas for the service | +| resources | object | `{}` | The resources limits and requested
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | +| secrets | object | `{}` | Secrets values to create credentials and reference by envFromSecrets Generate Secret with following name: `-credentials`` | +| securityContext | object | `{}` | Defines privilege and access control settings for a Container
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | +| service | object | `{"port":80,"targetPort":8080,"type":"ClusterIP"}` | Kubernetes service to expose Pod
Ref: https://kubernetes.io/docs/concepts/services-networking/service/ | +| service.port | int | `80` | Kubernetes Service port | +| service.targetPort | int | `8080` | Pod expose port | +| service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP | +| serviceAccount | object | `{"annotations":{},"automountServiceAccountToken":false,"create":true,"name":""}` | Enable creation of ServiceAccount | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.automountServiceAccountToken | bool | `false` | Specifies if you don't want the kubelet to automatically mount a ServiceAccount's API credentials | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| startupProbe | object | `{"enabled":true,"failureThreshold":30,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure startupProbe checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | -| startupProbeCustom | object | `{}` | Custom startupProbe | -| testConnection | bool | `false` | Enable or disable test connection | -| tolerations | list | `[]` | Tolerations for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | -| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition | -| volumes | list | `[]` | Additional volumes on the output Deployment definition | +| startupProbe | object | `{"enabled":true,"failureThreshold":30,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure startupProbe checker
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes | +| startupProbeCustom | object | `{}` | Custom startupProbe | +| testConnection | bool | `false` | Enable or disable test connection | +| tolerations | list | `[]` | Tolerations for pod assignment
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | +| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition | +| volumes | list | `[]` | Additional volumes on the output Deployment definition | diff --git a/charts/openbas/ci/ci-common-values.yaml b/charts/openbas/ci/ci-common-values.yaml index 85c49ff..42b2a65 100644 --- a/charts/openbas/ci/ci-common-values.yaml +++ b/charts/openbas/ci/ci-common-values.yaml @@ -25,11 +25,18 @@ env: testConnection: true +networkPolicy: + enabled: true + +podDisruptionBudget: + enabled: true + autoscaling: enabled: true caldera: enabled: true + env: CALDERA_URL: http://openbas-ci-caldera:8888 config: @@ -79,6 +86,12 @@ caldera: - stockpile - training + networkPolicy: + enabled: true + + podDisruptionBudget: + enabled: true + collectors: - name: atomic-red-team enabled: true diff --git a/charts/openbas/templates/caldera/configmap.yaml b/charts/openbas/templates/caldera/configmap.yaml index 3d81bde..ff637a5 100644 --- a/charts/openbas/templates/caldera/configmap.yaml +++ b/charts/openbas/templates/caldera/configmap.yaml @@ -3,6 +3,7 @@ kind: ConfigMap metadata: name: {{ include "openbas.fullname" . }}-caldera-config labels: + openbas.component: caldera {{- include "openbas.labels" . | nindent 4 }} data: local.yml: | diff --git a/charts/openbas/templates/caldera/hpa.yaml b/charts/openbas/templates/caldera/hpa.yaml index 690206a..c072a7f 100644 --- a/charts/openbas/templates/caldera/hpa.yaml +++ b/charts/openbas/templates/caldera/hpa.yaml @@ -4,6 +4,7 @@ kind: HorizontalPodAutoscaler metadata: name: {{ include "openbas.fullname" . }}-caldera labels: + openbas.component: caldera {{- include "openbas.labels" . | nindent 4 }} spec: scaleTargetRef: diff --git a/charts/openbas/templates/caldera/networkpolicy.yaml b/charts/openbas/templates/caldera/networkpolicy.yaml new file mode 100644 index 0000000..f5fcf99 --- /dev/null +++ b/charts/openbas/templates/caldera/networkpolicy.yaml @@ -0,0 +1,50 @@ +{{- if .Values.caldera.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "openbas.fullname" . }}-caldera + labels: + openbas.component: caldera + {{- include "openbas.labels" . | nindent 4 }} +spec: + {{- if and (not .Values.caldera.networkPolicy.policyTypes) (not .Values.caldera.networkPolicy.ingress) (not .Values.caldera.networkPolicy.egress) }} + podSelector: {} + {{- else }} + podSelector: + matchLabels: + openbas.component: caldera + {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- end }} + + {{- if .Values.caldera.networkPolicy.policyTypes }} + {{- with .Values.caldera.networkPolicy.policyTypes }} + policyTypes: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + policyTypes: + - Ingress + - Egress + {{- end }} + + {{- if .Values.caldera.networkPolicy.ingress }} + {{- with .Values.caldera.networkPolicy.ingress }} + ingress: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + ingress: + - {} + {{- end }} + + {{- if .Values.caldera.networkPolicy.egress }} + {{- with .Values.caldera.networkPolicy.egress }} + egress: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + egress: + - {} + {{- end }} + +{{- end }} diff --git a/charts/openbas/templates/caldera/poddisruptionbudget.yaml b/charts/openbas/templates/caldera/poddisruptionbudget.yaml new file mode 100644 index 0000000..e49a2b2 --- /dev/null +++ b/charts/openbas/templates/caldera/poddisruptionbudget.yaml @@ -0,0 +1,20 @@ +{{- if .Values.caldera.podDisruptionBudget.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "openbas.fullname" . }}-caldera + labels: + openbas.component: caldera + {{- include "openbas.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + openbas.component: caldera + {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- if .Values.caldera.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.caldera.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.caldera.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.caldera.podDisruptionBudget.maxUnavailable }} + {{- end }} +{{- end -}} diff --git a/charts/openbas/templates/server/hpa.yaml b/charts/openbas/templates/server/hpa.yaml index ad651d9..869e84d 100644 --- a/charts/openbas/templates/server/hpa.yaml +++ b/charts/openbas/templates/server/hpa.yaml @@ -4,6 +4,7 @@ kind: HorizontalPodAutoscaler metadata: name: {{ include "openbas.fullname" . }}-server labels: + openbas.component: server {{- include "openbas.labels" . | nindent 4 }} spec: scaleTargetRef: diff --git a/charts/openbas/templates/server/networkpolicy.yaml b/charts/openbas/templates/server/networkpolicy.yaml new file mode 100644 index 0000000..002f93e --- /dev/null +++ b/charts/openbas/templates/server/networkpolicy.yaml @@ -0,0 +1,50 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "openbas.fullname" . }}-server + labels: + openbas.component: server + {{- include "openbas.labels" . | nindent 4 }} +spec: + {{- if and (not .Values.networkPolicy.policyTypes) (not .Values.networkPolicy.ingress) (not .Values.networkPolicy.egress) }} + podSelector: {} + {{- else }} + podSelector: + matchLabels: + openbas.component: server + {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- end }} + + {{- if .Values.networkPolicy.policyTypes }} + {{- with .Values.networkPolicy.policyTypes }} + policyTypes: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + policyTypes: + - Ingress + - Egress + {{- end }} + + {{- if .Values.networkPolicy.ingress }} + {{- with .Values.networkPolicy.ingress }} + ingress: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + ingress: + - {} + {{- end }} + + {{- if .Values.networkPolicy.egress }} + {{- with .Values.networkPolicy.egress }} + egress: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + egress: + - {} + {{- end }} + +{{- end }} diff --git a/charts/openbas/templates/server/poddisruptionbudget.yaml b/charts/openbas/templates/server/poddisruptionbudget.yaml new file mode 100644 index 0000000..031d40f --- /dev/null +++ b/charts/openbas/templates/server/poddisruptionbudget.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podDisruptionBudget.enabled -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "openbas.fullname" . }}-server + labels: + openbas.component: server + {{- include "openbas.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + openbas.component: server + {{- include "openbas.selectorLabels" . | nindent 6 }} + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} +{{- end -}} diff --git a/charts/openbas/templates/server/secret.yaml b/charts/openbas/templates/server/secret.yaml index ef30de7..c6a4ef5 100644 --- a/charts/openbas/templates/server/secret.yaml +++ b/charts/openbas/templates/server/secret.yaml @@ -5,6 +5,7 @@ type: Opaque metadata: name: {{ include "openbas.fullname" . }}-credentials labels: + openbas.component: server {{- include "openbas.labels" . | nindent 4 }} annotations: helm.sh/hook: "pre-install,pre-upgrade" diff --git a/charts/openbas/templates/server/serviceaccount.yaml b/charts/openbas/templates/server/serviceaccount.yaml index e857d86..3a2f725 100644 --- a/charts/openbas/templates/server/serviceaccount.yaml +++ b/charts/openbas/templates/server/serviceaccount.yaml @@ -4,6 +4,7 @@ kind: ServiceAccount metadata: name: {{ include "openbas.serviceAccountName" . }} labels: + openbas.component: server {{- include "openbas.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: diff --git a/charts/openbas/values.yaml b/charts/openbas/values.yaml index 4ab54f0..dead2d3 100644 --- a/charts/openbas/values.yaml +++ b/charts/openbas/values.yaml @@ -1,51 +1,36 @@ # -- Global section contains configuration options that are applied to all services -# @default - See below -# global: # -- Specifies the registry to pull images from. Leave empty for the default registry - # imageRegistry: "" # -- Specifies the secrets to use for pulling images from private registries # Leave empty if no secrets are required # E.g. # imagePullSecrets: # - name: myRegistryKeySecretName - # imagePullSecrets: [] # -- Number of replicas for the service -# replicaCount: 1 # -- Image registry configuration for the base service -# @default -- See below -# image: # -- Repository of the image - # repository: openbas/platform # -- Pull policy for the image - # pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion - # tag: "" # -- String to partially override openbas.fullname template (will maintain the release name) -# nameOverride: "" # -- String to fully override openbas.fullname template -# fullnameOverride: "" # -- Global Docker registry secret names as an array -# imagePullSecrets: [] # -- Enable creation of ServiceAccount -# @default - See below -# serviceAccount: # -- Specifies whether a service account should be created create: true @@ -59,12 +44,10 @@ serviceAccount: automountServiceAccountToken: false # -- Enable or disable test connection -# testConnection: false # -- Environment variables to configure application #
Ref: https://docs.openbas.io/latest/deployment/configuration/#platform -# env: # APP OPENBAS OPENBAS_ADMIN_EMAIL: admin@openbas.io @@ -92,7 +75,6 @@ env: OPENBAS_RABBITMQ_PASS: ChangeMe # -- Secrets from variables -# envFromSecrets: {} # MY_VARIABLE: # name: -credentials @@ -100,34 +82,59 @@ envFromSecrets: {} # -- Secrets values to create credentials and reference by envFromSecrets # Generate Secret with following name: `-credentials`` -# secrets: {} # -- Kubernetes service to expose Pod #
Ref: https://kubernetes.io/docs/concepts/services-networking/service/ -# service: # -- Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP - # type: ClusterIP # -- Kubernetes Service port - # port: 80 # -- NodePort port (only when type is NodePort) # nodePort: 32000 # -- Pod expose port - # targetPort: 8080 # -- Pod extra ports - # # extraPorts: # - name: metrics # port: 9080 # targetPort: 9080 +# -- NetworkPolicy configuration +#
Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ +networkPolicy: + # -- Enable or disable NetworkPolicy + enabled: false + # -- Policy types + policyTypes: [] + # - Ingress + # - Egress + ingress: [] + # - from: + # - ipBlock: + # cidr: 172.17.0.0/16 + # except: + # - 172.17.1.0/24 + # - namespaceSelector: + # matchLabels: + # project: myproject + # - podSelector: + # matchLabels: + # role: frontend + # ports: + # - protocol: TCP + # port: 6379 + egress: [] + # - to: + # - ipBlock: + # cidr: 10.0.0.0/24 + # ports: + # - protocol: TCP + # port: 5978 + # -- Configure liveness checker #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -# livenessProbe: enabled: true failureThreshold: 3 @@ -137,7 +144,6 @@ livenessProbe: timeoutSeconds: 5 # -- Custom livenessProbe -# livenessProbeCustom: {} # httpGet: # path: /dashboard @@ -150,7 +156,6 @@ livenessProbeCustom: {} # -- Configure readinessProbe checker #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -# readinessProbe: enabled: true failureThreshold: 3 @@ -160,7 +165,6 @@ readinessProbe: timeoutSeconds: 1 # -- Custom readinessProbe -# readinessProbeCustom: {} # httpGet: # path: /dashboard @@ -173,7 +177,6 @@ readinessProbeCustom: {} # -- Configure startupProbe checker #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -# startupProbe: enabled: true failureThreshold: 30 @@ -183,7 +186,6 @@ startupProbe: timeoutSeconds: 5 # -- Custom startupProbe -# startupProbeCustom: {} # httpGet: # path: /dashboard @@ -195,7 +197,6 @@ startupProbeCustom: {} # timeoutSeconds: 5 # -- Enable or disable ready-checker -# readyChecker: # -- Enable or disable ready-checker enabled: true @@ -213,24 +214,20 @@ readyChecker: port: 5672 # -- Configure annotations on Pods -# podAnnotations: {} # -- Configure labels on Pods -# podLabels: {} # -- Defines privilege and access control settings for a Pod #
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/ #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -# podSecurityContext: {} # fsGroup: 2000 # -- Defines privilege and access control settings for a Container #
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/ #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -# securityContext: {} # capabilities: # drop: @@ -241,7 +238,6 @@ securityContext: {} # -- Ingress configuration to expose app #
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -# ingress: enabled: false className: "" @@ -260,7 +256,6 @@ ingress: # -- The resources limits and requested #
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -# resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -273,9 +268,15 @@ resources: {} # cpu: 1 # memory: 256Mi +# -- Pod Disruption Budget +#
Ref: https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/ +podDisruptionBudget: + enabled: false + maxUnavailable: 1 + minAvailable: + # -- Autoscaling with CPU or memory utilization percentage #
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ -# autoscaling: enabled: false minReplicas: 1 @@ -284,7 +285,6 @@ autoscaling: # targetMemoryUtilizationPercentage: 80 # -- Additional volumes on the output Deployment definition -# volumes: [] # - name: foo # secret: @@ -292,7 +292,6 @@ volumes: [] # optional: false # -- Additional volumeMounts on the output Deployment definition -# volumeMounts: [] # - name: foo # mountPath: "/etc/foo" @@ -300,27 +299,22 @@ volumeMounts: [] # -- Node labels for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector -# nodeSelector: {} # -- Tolerations for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ -# tolerations: [] # -- Affinity for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity -# affinity: {} # -- Collector Global environment -# collectorGlobalEnv: {} # MY_VARIABLE: my_value # -- Collectors #
Ref: https://github.com/OpenBAS-Platform/collectors -# collectors: [] # - name: connector-name # enabled: true @@ -373,13 +367,11 @@ collectors: [] # affinity: {} # -- Injector Global environment -# injectorGlobalEnv: {} # MY_VARIABLE: my_value # -- Injectors #
Ref: https://github.com/OpenBAS-Platform/injectors -# injectors: [] # - name: connector-name # enabled: true @@ -432,33 +424,24 @@ injectors: [] # affinity: {} # -- OpenBAS caldera-server deployment configuration -# caldera: # -- Enable or disable Caldera server - # enabled: true # -- Number of replicas for the service - # replicaCount: 1 # -- Image registry configuration for the base service - # @default -- See below - # image: # -- Repository of the image - # repository: openbas/caldera-server # -- Pull policy for the image - # pullPolicy: IfNotPresent # -- Overrides the image tag whose default is the chart appVersion - # tag: 5.0.0 # -- Ingress configuration to expose app #
Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ - # ingress: enabled: false className: "" @@ -477,28 +460,54 @@ caldera: # -- Kubernetes service to expose Pod #
Ref: https://kubernetes.io/docs/concepts/services-networking/service/ - # service: # -- Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP - # type: ClusterIP # -- Kubernetes Service port - # port: 8888 # -- NodePort port (only when type is NodePort) # nodePort: 32000 # -- Pod expose port - # targetPort: 8888 + # -- NetworkPolicy configuration + #
Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + networkPolicy: + # -- Enable or disable NetworkPolicy + enabled: false + # -- Policy types + policyTypes: [] + # - Ingress + # - Egress + ingress: [] + # - from: + # - ipBlock: + # cidr: 172.17.0.0/16 + # except: + # - 172.17.1.0/24 + # - namespaceSelector: + # matchLabels: + # project: myproject + # - podSelector: + # matchLabels: + # role: frontend + # ports: + # - protocol: TCP + # port: 6379 + egress: [] + # - to: + # - ipBlock: + # cidr: 10.0.0.0/24 + # ports: + # - protocol: TCP + # port: 5978 + # -- Environment variables to configure application #
Ref: https://docs.openbas.io/latest/deployment/configuration/#platform - # env: {} # CALDERA_URL: "http://localhost:8080" # -- Secrets from variables - # envFromSecrets: {} # MY_VARIABLE: # name: release-name-credentials @@ -506,7 +515,6 @@ caldera: # -- Caldera configuration #
Ref: https://github.com/OpenBAS-Platform/docker/blob/master/caldera.yml - # config: {} # users: # red: @@ -562,24 +570,20 @@ caldera: # - training # -- Configure annotations on Pods - # podAnnotations: {} # -- Configure labels on Pods - # podLabels: {} # -- Defines privilege and access control settings for a Pod #
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/ #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # podSecurityContext: {} # fsGroup: 2000 # -- Defines privilege and access control settings for a Container #
Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/ #
Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # securityContext: {} # capabilities: # drop: @@ -590,7 +594,6 @@ caldera: # -- The resources limits and requested #
Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - # resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -603,9 +606,15 @@ caldera: # cpu: "100m" # memory: 56Mi + # -- Pod Disruption Budget + #
Ref: https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/ + podDisruptionBudget: + enabled: false + maxUnavailable: 1 + minAvailable: + # -- Autoscaling with CPU or memory utilization percentage #
Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ - # autoscaling: enabled: false minReplicas: 1 @@ -614,7 +623,6 @@ caldera: # targetMemoryUtilizationPercentage: 80 # -- Additional volumes on the output Deployment definition - # volumes: [] # - name: foo # secret: @@ -622,7 +630,6 @@ caldera: # optional: false # -- Additional volumeMounts on the output Deployment definition - # volumeMounts: [] # - name: foo # mountPath: "/etc/foo" @@ -630,118 +637,89 @@ caldera: # -- Node labels for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector - # nodeSelector: {} # -- Tolerations for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ - # tolerations: [] # -- Affinity for pod assignment #
Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity - # affinity: {} # -- MinIO subchart deployment #
Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml -# minio: # -- Enable or disable MinIO subchart enabled: true # mode Minio server mode (`standalone` or `distributed`) #
Ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide - # mode: standalone # Minio authentication parameters - # auth: # Minio root username - # rootUser: ChangeMe # Password for Minio root user - # rootPassword: ChangeMe # Enable persistence using Persistent Volume Claims #
Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - # persistence: # Enable MinIO data persistence using PVC. If false, use emptyDir - # enabled: false # -- PostgreSQL subchart deployment #
Ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml -# postgresql: # -- Enable or disable PostgreSQL subchart - # enabled: true # Number of PostgreSQL replicas to deploy - # replicaCount: 1 # PostgreSQL Authentication parameters - # auth: # PostgreSQL application username #
Ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#environment-variables - # username: user # PostgreSQL application password #
Ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#environment-variables - # password: ChangeMe # PostgreSQL application database #
Ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#environment-variables - # database: "openbas" # Persistence parameters - # persistence: # Enable PostgreSQL data persistence using PVC - # enabled: false # -- RabbitMQ subchart deployment #
Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml -# rabbitmq: # -- Enable or disable RabbitMQ subchart - # enabled: true # Number of RabbitMQ replicas to deploy - # replicaCount: 1 # Clustering settings - # clustering: # Enable RabbitMQ clustering - # enabled: false # RabbitMQ Authentication parameters - # auth: # RabbitMQ application username #
Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables - # username: user # RabbitMQ application password #
Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables - # password: ChangeMe erlangCookie: ChangeMe # Persistence parameters - # persistence: # Enable RabbitMQ data persistence using PVC - # enabled: false