wg-portal/deploy/helm/values.yaml

# Default values for wg-portal.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# -- Partially override resource names (adds suffix)
nameOverride: ''
# -- Fully override resource names
fullnameOverride: ''
# -- Array of extra objects to deploy with the release
extraDeploy: []

# https://github.com/h44z/wg-portal/blob/master/README.md#configuration-options
config:
  # -- (tpl/object) Advanced configuration options.
  advanced: {}
  # -- (tpl/object) Auth configuration options.
  auth: {}
  # -- (tpl/object) Core configuration options.<br>
  # If external admins in `auth` are not defined and
  # there are no `admin_user` and `admin_password` defined here,
  # the default credentials will be generated.
  core: {}
  # -- (tpl/object) Database configuration options
  database: {}
  # -- (tpl/object) Mail configuration options
  mail: {}
  # -- (tpl/object) Statistics configuration options
  statistics: {}
  # -- (tpl/object) Web configuration options.<br>
  # `listening_address` will be set automatically from `service.web.port`.
  # `external_url` is required to enable ingress and certificate resources.
  web: {}

# -- The number of old ReplicaSets to retain to allow rollback.
# @default -- `10`
revisionHistoryLimit: ''
# -- Workload type - `Deployment` or `StatefulSet`
workloadType: Deployment
# -- Update strategy for the workload
# Valid values are:
#  `RollingUpdate` or `Recreate` for Deployment,
#  `RollingUpdate` or `OnDelete` for StatefulSet
strategy:
  type: RollingUpdate

image:
  # -- Image repository
  repository: ghcr.io/h44z/wg-portal
  # -- Image pull policy
  pullPolicy: IfNotPresent
  # -- Overrides the image tag whose default is the chart appVersion
  tag: ''

# -- Image pull secrets
imagePullSecrets: []
# -- (tpl/object) Extra annotations to add to the pod
podAnnotations: {}
# -- Extra labels to add to the pod
podLabels: {}
# -- Pod Security Context
podSecurityContext: {}
# Container Security Context
securityContext:
  capabilities:
    # -- Add capabilities to the container
    add:
      - NET_ADMIN

# -- (tpl/list) Pod init containers
initContainers: []
# -- (tpl/list) Pod sidecar containers
sidecarContainers: []
# -- Set DNS policy for the pod.
# Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`.
# @default -- `"ClusterFirst"`
dnsPolicy: ''
# -- Restart policy for all containers within the pod.
# Valid values are `Always`, `OnFailure` or `Never`.
# @default -- `"Always"`
restartPolicy: ''
# -- Use the host's network namespace.
# @default -- `false`.
hostNetwork: ''
# -- Resources requests and limits
resources: {}
# -- Overwrite pod command
command: []
# -- Additional pod arguments
args: []
# -- (tpl/list) Additional environment variables
env: []
# -- (tpl/list) Additional environment variables from a secret or configMap
envFrom: []
# -- Liveness probe configuration
livenessProbe: {}
# -- Readiness probe configuration
readinessProbe: {}
# -- Startup probe configuration
startupProbe: {}
# -- (tpl/list) Additional volumes
volumes: []
# -- (tpl/list) Additional volumeMounts
volumeMounts: []
# -- Node Selector configuration
nodeSelector:
  kubernetes.io/os: linux
# -- Tolerations configuration
tolerations: []
# -- Affinity configuration
affinity: {}

service:
  mixed:
    # -- Whether to create a single service for the web and wireguard interfaces
    enabled: false
    # -- Service type
    type: LoadBalancer
  web:
    # -- Annotations for the web service
    annotations: {}
    # -- Web service type
    type: ClusterIP
    # -- Web service port
    # Used for the web interface listener
    port: 8888
  wireguard:
    # -- Annotations for the WireGuard service
    annotations: {}
    # -- Wireguard service type
    type: LoadBalancer
    # -- Wireguard service ports.
    # Exposes the WireGuard ports for created interfaces.
    # Lowerest port is selected as start port for the first interface.
    # Increment next port by 1 for each additional interface.
    ports:
      - 51820

ingress:
  # -- Specifies whether an ingress resource should be created
  enabled: false
  # -- Ingress class name
  className: ''
  # -- Ingress annotations
  annotations: {}
  # -- Ingress TLS configuration.
  # Enable certificate resource or add ingress annotation to create required secret
  tls: false

certificate:
  # -- Specifies whether a certificate resource should be created
  enabled: false
  issuer:
    # -- Certificate issuer name
    name: ''
    # -- Certificate issuer kind (ClusterIssuer or Issuer)
    kind: ''
    # -- Certificate issuer group
    group: cert-manager.io
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  duration: ''
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  renewBefore: ''
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  commonName: ''
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  emailAddresses: []
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  ipAddresses: []
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  keystores: {}
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  privateKey: {}
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  secretTemplate: {}
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  subject: {}
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  uris: []
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  usages: []

persistence:
  # -- Specifies whether an persistent volume should be created
  enabled: false
  # -- Persistent Volume Claim annotations
  annotations: {}
  # -- Persistent Volume storage class.
  # If undefined (the default) cluster's default provisioner will be used.
  storageClass: ''
  # -- Persistent Volume Access Mode
  accessMode: ReadWriteOnce
  # -- Persistent Volume size
  size: 1Gi

serviceAccount:
  # -- Specifies whether a service account should be created
  create: true
  # -- Service account annotations
  annotations: {}
  # -- Automatically mount a ServiceAccount's API credentials
  automount: false
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ''
Init Helm chart (#255) * Initial chart version * Add CI/CD for chart * Fix admin creds template * Add command, args, env, envFrom * Render volumes and volumeMounts with tpl * Change persistance accessMode type * Add update strategy config * Use custom types in docs * Add startup probe config * Fix web.external_url config 2024-07-04 20:37:30 +00:00			`# Default values for wg-portal.`
			`# This is a YAML-formatted file.`
			`# Declare variables to be passed into your templates.`

			`# -- Partially override resource names (adds suffix)`
			`nameOverride: ''`
			`# -- Fully override resource names`
			`fullnameOverride: ''`
			`# -- Array of extra objects to deploy with the release`
			`extraDeploy: []`

			`# https://github.com/h44z/wg-portal/blob/master/README.md#configuration-options`
			`config:`
			`# -- (tpl/object) Advanced configuration options.`
			`advanced: {}`
			`# -- (tpl/object) Auth configuration options.`
			`auth: {}`
			`# -- (tpl/object) Core configuration options.<br>`
			# If external admins in `auth` are not defined and
			# there are no `admin_user` and `admin_password` defined here,
			`# the default credentials will be generated.`
			`core: {}`
			`# -- (tpl/object) Database configuration options`
			`database: {}`
			`# -- (tpl/object) Mail configuration options`
			`mail: {}`
			`# -- (tpl/object) Statistics configuration options`
			`statistics: {}`
			`# -- (tpl/object) Web configuration options.<br>`
feat: TLS support for web (#301) * Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com> 2024-09-22 11:25:08 +00:00			# `listening_address` will be set automatically from `service.web.port`.
			# `external_url` is required to enable ingress and certificate resources.
Init Helm chart (#255) * Initial chart version * Add CI/CD for chart * Fix admin creds template * Add command, args, env, envFrom * Render volumes and volumeMounts with tpl * Change persistance accessMode type * Add update strategy config * Use custom types in docs * Add startup probe config * Fix web.external_url config 2024-07-04 20:37:30 +00:00			`web: {}`

			`# -- The number of old ReplicaSets to retain to allow rollback.`
			# @default -- `10`
			`revisionHistoryLimit: ''`
			# -- Workload type - `Deployment` or `StatefulSet`
			`workloadType: Deployment`
			`# -- Update strategy for the workload`
			`# Valid values are:`
			# `RollingUpdate` or `Recreate` for Deployment,
			# `RollingUpdate` or `OnDelete` for StatefulSet
			`strategy:`
			`type: RollingUpdate`

			`image:`
			`# -- Image repository`
			`repository: ghcr.io/h44z/wg-portal`
			`# -- Image pull policy`
			`pullPolicy: IfNotPresent`
			`# -- Overrides the image tag whose default is the chart appVersion`
			`tag: ''`

			`# -- Image pull secrets`
			`imagePullSecrets: []`
			`# -- (tpl/object) Extra annotations to add to the pod`
			`podAnnotations: {}`
			`# -- Extra labels to add to the pod`
			`podLabels: {}`
			`# -- Pod Security Context`
			`podSecurityContext: {}`
			`# Container Security Context`
			`securityContext:`
			`capabilities:`
			`# -- Add capabilities to the container`
			`add:`
			`- NET_ADMIN`

			`# -- (tpl/list) Pod init containers`
			`initContainers: []`
			`# -- (tpl/list) Pod sidecar containers`
			`sidecarContainers: []`
			`# -- Set DNS policy for the pod.`
			# Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`.
			# @default -- `"ClusterFirst"`
			`dnsPolicy: ''`
			`# -- Restart policy for all containers within the pod.`
			# Valid values are `Always`, `OnFailure` or `Never`.
			# @default -- `"Always"`
			`restartPolicy: ''`
			`# -- Use the host's network namespace.`
			# @default -- `false`.
			`hostNetwork: ''`
			`# -- Resources requests and limits`
			`resources: {}`
			`# -- Overwrite pod command`
			`command: []`
			`# -- Additional pod arguments`
			`args: []`
			`# -- (tpl/list) Additional environment variables`
			`env: []`
			`# -- (tpl/list) Additional environment variables from a secret or configMap`
			`envFrom: []`
			`# -- Liveness probe configuration`
feat: TLS support for web (#301) * Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com> 2024-09-22 11:25:08 +00:00			`livenessProbe: {}`
Init Helm chart (#255) * Initial chart version * Add CI/CD for chart * Fix admin creds template * Add command, args, env, envFrom * Render volumes and volumeMounts with tpl * Change persistance accessMode type * Add update strategy config * Use custom types in docs * Add startup probe config * Fix web.external_url config 2024-07-04 20:37:30 +00:00			`# -- Readiness probe configuration`
feat: TLS support for web (#301) * Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com> 2024-09-22 11:25:08 +00:00			`readinessProbe: {}`
Init Helm chart (#255) * Initial chart version * Add CI/CD for chart * Fix admin creds template * Add command, args, env, envFrom * Render volumes and volumeMounts with tpl * Change persistance accessMode type * Add update strategy config * Use custom types in docs * Add startup probe config * Fix web.external_url config 2024-07-04 20:37:30 +00:00			`# -- Startup probe configuration`
feat: TLS support for web (#301) * Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com> 2024-09-22 11:25:08 +00:00			`startupProbe: {}`
Init Helm chart (#255) * Initial chart version * Add CI/CD for chart * Fix admin creds template * Add command, args, env, envFrom * Render volumes and volumeMounts with tpl * Change persistance accessMode type * Add update strategy config * Use custom types in docs * Add startup probe config * Fix web.external_url config 2024-07-04 20:37:30 +00:00			`# -- (tpl/list) Additional volumes`
			`volumes: []`
			`# -- (tpl/list) Additional volumeMounts`
			`volumeMounts: []`
			`# -- Node Selector configuration`
			`nodeSelector:`
			`kubernetes.io/os: linux`
			`# -- Tolerations configuration`
			`tolerations: []`
			`# -- Affinity configuration`
			`affinity: {}`

			`service:`
feat: TLS support for web (#301) * Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com> 2024-09-22 11:25:08 +00:00			`mixed:`
			`# -- Whether to create a single service for the web and wireguard interfaces`
			`enabled: false`
			`# -- Service type`
			`type: LoadBalancer`
Init Helm chart (#255) * Initial chart version * Add CI/CD for chart * Fix admin creds template * Add command, args, env, envFrom * Render volumes and volumeMounts with tpl * Change persistance accessMode type * Add update strategy config * Use custom types in docs * Add startup probe config * Fix web.external_url config 2024-07-04 20:37:30 +00:00			`web:`
			`# -- Annotations for the web service`
			`annotations: {}`
			`# -- Web service type`
			`type: ClusterIP`
			`# -- Web service port`
			`# Used for the web interface listener`
			`port: 8888`
			`wireguard:`
			`# -- Annotations for the WireGuard service`
			`annotations: {}`
			`# -- Wireguard service type`
			`type: LoadBalancer`
			`# -- Wireguard service ports.`
			`# Exposes the WireGuard ports for created interfaces.`
			`# Lowerest port is selected as start port for the first interface.`
			`# Increment next port by 1 for each additional interface.`
			`ports:`
			`- 51820`

			`ingress:`
			`# -- Specifies whether an ingress resource should be created`
			`enabled: false`
			`# -- Ingress class name`
			`className: ''`
			`# -- Ingress annotations`
			`annotations: {}`
feat: TLS support for web (#301) * Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com> 2024-09-22 11:25:08 +00:00			`# -- Ingress TLS configuration.`
			`# Enable certificate resource or add ingress annotation to create required secret`
			`tls: false`

			`certificate:`
			`# -- Specifies whether a certificate resource should be created`
			`enabled: false`
			`issuer:`
			`# -- Certificate issuer name`
			`name: ''`
			`# -- Certificate issuer kind (ClusterIssuer or Issuer)`
			`kind: ''`
			`# -- Certificate issuer group`
			`group: cert-manager.io`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`duration: ''`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`renewBefore: ''`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`commonName: ''`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`emailAddresses: []`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`ipAddresses: []`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`keystores: {}`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`privateKey: {}`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`secretTemplate: {}`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`subject: {}`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`uris: []`
			`# -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)`
			`usages: []`
Init Helm chart (#255) * Initial chart version * Add CI/CD for chart * Fix admin creds template * Add command, args, env, envFrom * Render volumes and volumeMounts with tpl * Change persistance accessMode type * Add update strategy config * Use custom types in docs * Add startup probe config * Fix web.external_url config 2024-07-04 20:37:30 +00:00
			`persistence:`
			`# -- Specifies whether an persistent volume should be created`
			`enabled: false`
			`# -- Persistent Volume Claim annotations`
			`annotations: {}`
			`# -- Persistent Volume storage class.`
			`# If undefined (the default) cluster's default provisioner will be used.`
			`storageClass: ''`
			`# -- Persistent Volume Access Mode`
			`accessMode: ReadWriteOnce`
			`# -- Persistent Volume size`
			`size: 1Gi`

			`serviceAccount:`
			`# -- Specifies whether a service account should be created`
			`create: true`
			`# -- Service account annotations`
			`annotations: {}`
			`# -- Automatically mount a ServiceAccount's API credentials`
			`automount: false`
			`# -- The name of the service account to use.`
			`# If not set and create is true, a name is generated using the fullname template`
			`name: ''`