diff --git a/README.md b/README.md index 1b5e78e..aaa9d75 100644 --- a/README.md +++ b/README.md @@ -2,119 +2,22 @@ ![Build Status](https://github.com/FusionAuth/charts/actions/workflows/release.yml/badge.svg) -[FusionAuth](https://fusionauth.io/) is a modern platform for Customer Identity and Access Management (CIAM). FusionAuth provides APIs and a responsive web user interface to support login, registration, localized email, multi-factor authentication, reporting and much more. +[FusionAuth](https://fusionauth.io/) is a modern platform for Customer Identity and Access Management (CIAM). FusionAuth provides APIs and a responsive web user interface to support login, registration, localized email, multi-factor authentication, reporting, and much more. -## Installing the Chart - -You can read the official instructions, including install steps for AWS, GCP, and Azure, in the [FusionAuth Kubernetes installation guide](https://fusionauth.io/docs/get-started/download-and-install/kubernetes/fusionauth-deployment). - -### Important Upgrade Info - -In `0.8.0` the `environment` value is now an array instead of an object. Make sure to reformat your values when you update. - -In `0.4.0`, the external postgresql and elasticsearch charts were dropped. You will need to maintain those dependencies on your own. - -To install the chart with the release name `my-release`: - -```console -$ helm repo add fusionauth https://fusionauth.github.io/charts -$ helm install my-release fusionauth/fusionauth -``` - -The command deploys FusionAuth. - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Chart Values - -| Key | Type | Default | Description | -| ------------------------------- | ------ | ---------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -| affinity | object | `{}` | | -| annotations | object | `{}` | Define annotations for fusionauth deployment. | -| app.memory | string | `"256M"` | Configures runtime mode for fusionauth. Should be 'development' or 'production' | -| app.runtimeMode | string | `"development"` | | -| autoscaling.enabled | bool | `false` | | -| database.existingSecret | string | `""` | The name of an existing secret that contains the database passwords | -| database.host | string | `""` | Port of the database instance | -| database.name | string | `"fusionauth"` | Name of the fusionauth database | -| database.password | string | `""` | Database password for fusionauth to use in normal operation - not required if database.existingSecret is configured | -| database.port | int | `5432` | | -| database.protocol | string | `"postgresql"` | Should either be postgresql or mysql. Protocol for jdbc connection to database | -| database.root.password | string | `""` | Database password for fusionauth to use during initial bootstrap - not required if database.existingSecret is configured | -| database.root.user | string | `""` | Database username for fusionauth to use during initial bootstrap - not required if you have manually bootstrapped your database | -| database.tls | bool | `false` | Configures whether or not to use tls when connecting to the database | -| database.tlsMode | string | `"require"` | If tls is enabled, this configures the mode | -| database.user | string | `""` | Database username for fusionauth to use in normal operation | -| dnsConfig | object | `{}` | Define dnsConfig for fusionauth pods. | -| dnsPolicy | string | `"ClusterFirst"` | Define dnsPolicy for fusionauth pods. | -| environment | list | `[]` | | -| extraVolumeMounts | list | `[]` | | -| extraContainers | list | `[]` | Create containers for the pods. Can be used for sidecars, ambassador and adapter patterns. | -| extraInitContainers | list | `[]` | Add extra init containers. Can be used for setup or wait for other dependent services. | -| extraVolumes | list | `[]` | Associate mountPath for each extraVolumes | -| fullnameOverride | string | `""` | Overrides full resource names | -| image.pullPolicy | string | `"IfNotPresent"` | Kubernetes image pullPolicy to use for fusionauth-app | -| image.repository | string | `"fusionauth/fusionauth-app"` | The docker tag to pull for fusionauth-app | -| image.tag | string | `"1.42.0"` | | -| imagePullSecrets | list | `[]` | Configures kubernetes secrets to use for pulling private images | -| ingress.annotations | object | `{}` | Configure annotations to add to the ingress object | -| ingress.enabled | bool | `false` | Enables ingress creation for fusionauth. | -| ingress.extraPaths | list | `[]` | Define complete path objects, will be inserted before regular paths. Can be useful for things like ALB Ingress Controller actions | -| ingress.hosts | list | `[]` | List of hostnames to configure the ingress with | -| ingress.ingressClassName | string | `""` | Specify the IngressClass to be used by the Ingress | -| ingress.paths | list | `[]` | | -| ingress.tls | list | `[]` | List of secrets used to configure TLS for the ingress. | -| initContainers.waitForDb | bool | `true` | Create an init container which waits for db to be ready | -| initContainers.waitForEs | bool | `true` | Create an init container which waits for ES to be ready | -| initContainers.image.repository | string | `"busybox"` | Tag to use for initContainers docker image | -| initContainers.image.tag | string | `"latest"` | | -| initContainers.resources | object | `{}` | Resource requests and limits to use for initContainers | -| kickstart.data | object | `{}` | | -| kickstart.enabled | bool | `false` | | -| lifecycle | object | `{}` | | -| livenessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/","port":"http"},"periodSeconds":30,"timeoutSeconds":5}` | Configures a livenessProbe to ensure fusionauth is running | -| nameOverride | string | `""` | Overrides resource names | -| nodeSelector | object | `{}` | Define nodeSelector for kubernetes to use when scheduling fusionauth pods. | -| podAnnotations | object | `{}` | Define annotations for fusionauth pods. | -| podDisruptionBudget.enabled | bool | `false` | Enables creation of a PodDisruptionBudget | -| readinessProbe | object | `{"failureThreshold":5,"httpGet":{"path":"/","port":"http"},"timeoutSeconds":5}` | Configures a readinessProbe to ensure fusionauth is ready for requests | -| replicaCount | int | `1` | The number of fusionauth-app instances to run | -| resources | object | `{}` | Define resource requests and limits for fusionauth-app. | -| search.engine | string | `"elasticsearch"` | Protocol to use when connecting to elasticsearch. Ignored when search.engine is NOT elasticsearch | -| search.host | string | `""` | Hostname or ip to use when connecting to elasticsearch. Ignored when search.engine is NOT elasticsearch | -| search.port | int | `9200` | Port to use when connecting to elasticsearch. Ignored when search.engine is NOT elasticsearch | -| search.protocol | string | `"http"` | | -| service.annotations | object | `{}` | Extra annotations to add to service object | -| service.port | int | `9011` | Port for the Kubernetes service to expose | -| service.spec | object | `{}` | Any extra fields to add to the service object spec | -| service.type | string | `"ClusterIP"` | Type of Kubernetes service to create | -| serviceAccount.annotations | object | `{}` | Extra annotations to add to the service account object | -| serviceAccount.create | bool | `false` | If set to `true` service account will be created. Otherwise, the default service account will be used | -| serviceAccount.name | string | `""` | Service account name to use. If not specified, defaults to the helm installation name | -| startupProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/","port":"http"},"periodSeconds":10,"timeoutSeconds":5}` | Configures a startupProbe to ensure fusionauth has finished starting up | -| tolerations | list | `[]` | Define tolerations for kubernetes to use when scheduling fusionauth pods. | -| topologySpreadConstraints | list | `[]` | Define topologySpreadConstraints for kubernetes to use when scheduling fusionauth pods. | +## Installation +See the [chart README](chart/README.md) for detailed information. ## Releasing the Chart -You can release the chart by bumping the git tag: +Release the chart by pushing a new tag. ``` -cd -git tag 0.11.0 +git tag 1.0.0 git push origin master --tags ``` -To default to a new version of FusionAuth, update these 4 files: +To default to a new version of FusionAuth, update these 4 files with the new version number: ``` README.md @@ -123,12 +26,4 @@ chart/examples/minikube/values.yaml chart/values.yaml ``` -with the new version number. - -However, the user can always override these by changing the `values.yaml` file to specify a certain FusionAuth release. - -### Versions - -The helm chart version will not directly track the version of FusionAuth. - -You can and should override the `image.tag` field in `values.yaml` to run your desired version of the FusionAuth application. +⚠️ Users must always be able to override the default version in the chart by setting `image.tag`. diff --git a/chart/Chart.yaml b/chart/Chart.yaml index f15f355..8f5f73f 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: "1.42.0" +name: fusionauth description: Helm chart for FusionAuth type: application -name: fusionauth version: 0.0.0+dev +appVersion: "1.48.1" diff --git a/chart/README.md b/chart/README.md new file mode 100644 index 0000000..0d852cf --- /dev/null +++ b/chart/README.md @@ -0,0 +1,127 @@ +# FusionAuth Helm Chart + +![Build Status](https://github.com/FusionAuth/charts/actions/workflows/release.yml/badge.svg) + +[FusionAuth](https://fusionauth.io/) is a modern platform for Customer Identity and Access Management (CIAM). FusionAuth provides APIs and a responsive web user interface to support login, registration, localized email, multi-factor authentication, reporting, and much more. + +## Installing the Chart + +You can read the official instructions, including install steps for AWS, GCP, and Azure, in the [FusionAuth Kubernetes installation guide](https://fusionauth.io/docs/get-started/download-and-install/kubernetes/fusionauth-deployment). + +### Prerequisites + +* PostgreSQL or MySQL database +* ElasticSearch or OpenSearch instance (optional) + +⚠️ Though an ElasticSearch or OpenSearch instance is optional, it is strongly recommended for most use cases. + +### Installation + +To install the chart with the release name `my-fusionauth`: + +```console +$ helm repo add fusionauth https://fusionauth.github.io/charts +$ helm install my-fusionauth fusionauth/fusionauth \ + --set database.host=[database host] \ + --set database.user=[database username] \ + --set database.password=[database password] \ + --set search.host=[elasticsearch host] +``` + +📝 For test deployments, you can remove `--set search.host` and add `--set search.engine=database` to configure FusionAuth to use the database for search instead of a dedicated search host. This is **not recommended** for real-world use, as search performance will be greatly reduced. + +### Uninstallation + +To uninstall/delete the `my-fusionauth` release: + +```console +$ helm delete my-fusionauth +``` + +## Versions + +The helm chart is versioned independently from FusionAuth app releases. However, the latest version of the helm chart will default to the latest version of FusionAuth. + +📝 You can and probably should override the `image.tag` field in `values.yaml` to run your desired version of the FusionAuth application. + +## Important Upgrade Info + +* **In `1.0.0` and later, the FusionAuth app version will now default to the latest available.** Release notes will indicate if the chart includes a newer version of FusionAuth. If you wish to override this behavior, set `image.tag` when deploying. + +* **In `0.8.0`, the `environment` value is now an array instead of an object.** Make sure to reformat your values when you update. + +* **In `0.4.0`, the external postgresql and elasticsearch charts were dropped.** You will need to maintain those dependencies on your own. + +## Chart Values + +| Key | Type | Default | Description | +| ------------------------------- | ------ | ---------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | +| affinity | object | `{}` | Configure affinity rules for the fusionauth Deployment. | +| annotations | object | `{}` | Define annotations for fusionauth Deployment. | +| app.memory | string | `"256M"` | Configures the amount of memory to allocate to the Java VM (sets `FUSIONAUTH_APP_MEMORY`). | +| app.runtimeMode | string | `"development"` | Configures runtime mode (sets `FUSIONAUTH_APP_RUNTIME_MODE`). Must be `development` or `production`. | +| autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaling. See the values file for more HPA parameters. | +| autoscaling.minReplicas | int | `2` | Minimum number of running instances when HPA is enabled. Ignored when `autoscaling.enabled` is `false`. | +| autoscaling.maxReplicas | int | `5` | Maximum number of running instances when HPA is enabled. Ignored when `autoscaling.enabled` is `false`. | +| autoscaling.targetCPU | int | `50` | CPU use % threshold to trigger a HPA scale up. Ignored when `autoscaling.enabled` is `false`. | +| database.existingSecret | string | `""` | The name of an existing Kubernetes Secret that contains the database passwords. | +| database.host | string | `""` | Hostname or IP address of the fusionauth database. | +| database.name | string | `"fusionauth"` | Name of the fusionauth database. | +| database.password | string | `""` | Database password for fusionauth to use in normal operation - not required if `database.existingSecret` is configured. | +| database.port | int | `5432` | Port used by the fusionauth database. | +| database.protocol | string | `"postgresql"` | Should either be `postgresql` or `mysql`. Protocol for jdbc connection to database. | +| database.root.password | string | `""` | Database password for fusionauth to use during initial bootstrap - not required if `database.existingSecret` is configured. | +| database.root.user | string | `""` | Database username for fusionauth to use during initial bootstrap - not required if you have manually bootstrapped your database. | +| database.tls | bool | `false` | Configures whether or not to use tls when connecting to the database. | +| database.tlsMode | string | `"require"` | If tls is enabled, this configures the mode. | +| database.user | string | `""` | Database username for fusionauth to use in normal operation. | +| dnsConfig | object | `{}` | Define `dnsConfig` for fusionauth pods. | +| dnsPolicy | string | `"ClusterFirst"` | Define `dnsPolicy` for fusionauth pods. | +| environment | list | `[]` | Configure additional environment variables. | +| extraVolumeMounts | list | `[]` | Define mount paths for `extraVolumes`. | +| extraContainers | list | `[]` | Create containers for the pods. Can be used for sidecars, ambassador, and adapter patterns. | +| extraInitContainers | list | `[]` | Add extra init containers. Can be used for setup or wait for other dependent services. | +| extraVolumes | list | `[]` | Define extra volumes to mount in the deployment. | +| fullnameOverride | string | `""` | Overrides full resource names. | +| image.pullPolicy | string | `"IfNotPresent"` | Kubernetes image pullPolicy to use for fusionauth-app. | +| image.repository | string | `"fusionauth/fusionauth-app"` | The image repository to use for fusionauth-app. | +| image.tag | string | `"1.48.1"` | The image tag to pull for fusionauth-app (this is the fusionauth-app version). | +| imagePullSecrets | list | `[]` | Configures Kubernetes secrets to use for pulling images from private repositories. | +| ingress.annotations | object | `{}` | Configure annotations to add to the ingress object. | +| ingress.enabled | bool | `false` | Enables ingress creation for fusionauth. | +| ingress.extraPaths | list | `[]` | Define path objects which will be inserted before regular paths. Can be useful for things like ALB Ingress Controller actions. | +| ingress.hosts | list | `[]` | List of hostnames to configure the ingress with. | +| ingress.ingressClassName | string | `""` | Specify the `ingressClass` to be used by the Ingress. | +| ingress.paths | list | `[]` | Paths to be used by the Ingress. | +| ingress.tls | list | `[]` | List of secrets used to configure TLS for the ingress. | +| initContainers.waitForDb | bool | `true` | Create an init container which waits for the database to be ready. | +| initContainers.waitForEs | bool | `true` | Create an init container which waits for elasticsearch to be ready. | +| initContainers.image.repository | string | `"busybox"` | Image to use for `initContainers` docker image. | +| initContainers.image.tag | string | `"1.36.1"` | Tag to use for `initContainers` docker image. | +| initContainers.resources | object | `{}` | Resource requests and limits to use for `initContainers`. | +| kickstart.data | object | `{}` | Fusionauth [kickstart settings](https://fusionauth.io/docs/get-started/download-and-install/development/kickstart). | +| kickstart.enabled | bool | `false` | Enable fusionauth kickstart settings. | +| lifecycle | object | `{}` | Define custom `lifecycle` settings for the deployment. | +| livenessProbe | object | `{"failureThreshold":3,"httpGet":{"path":"/","port":"http"},"periodSeconds":30,"timeoutSeconds":5}` | Configures a `livenessProbe` to ensure fusionauth is running. | +| nameOverride | string | `""` | Overrides resource names. | +| nodeSelector | object | `{}` | Define `nodeSelector` for kubernetes to use when scheduling fusionauth pods. | +| podAnnotations | object | `{}` | Define `annotations` for fusionauth pods. | +| podDisruptionBudget.enabled | bool | `false` | Enables creation of a `PodDisruptionBudget`. | +| readinessProbe | object | `{"failureThreshold":5,"httpGet":{"path":"/","port":"http"},"timeoutSeconds":5}` | Configures a `readinessProbe` to ensure fusionauth is ready for requests. | +| replicaCount | int | `1` | The number of fusionauth-app instances to run. | +| resources | object | `{}` | Define resource requests and limits for fusionauth-app. | +| search.engine | string | `"elasticsearch"` | Protocol to use when connecting to elasticsearch. Ignored when `search.engine` is NOT `elasticsearch`. | +| search.host | string | `""` | Hostname or ip to use when connecting to elasticsearch. Ignored when `search.engine` is NOT `elasticsearch`. | +| search.port | int | `9200` | Port to use when connecting to elasticsearch. Ignored when `search.engine` is NOT `elasticsearch`. | +| search.protocol | string | `"http"` | Protocol to use when connecting to elasticsearch. Ignored when `search.engine` is NOT `elasticsearch`. | +| service.annotations | object | `{}` | Extra annotations to add to the service object. | +| service.port | int | `9011` | Port for the Kubernetes service to expose. | +| service.spec | object | `{}` | Any extra fields to add to the service object spec. | +| service.type | string | `"ClusterIP"` | Type of Kubernetes service to create. | +| serviceAccount.annotations | object | `{}` | Extra annotations to add to the service account object. | +| serviceAccount.automount | bool | `false` | Automatically mount a service account's API credentials. | +| serviceAccount.create | bool | `false` | If set to `true`, service account will be created. Otherwise, the `default` serviceaccount will be used. | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and `create` is `true`, a name is generated using the fullname template. | +| startupProbe | object | `{"failureThreshold":20,"httpGet":{"path":"/","port":"http"},"periodSeconds":10,"timeoutSeconds":5}` | Configures a `startupProbe` to ensure fusionauth has finished starting up. | +| tolerations | list | `[]` | Define `tolerations` for kubernetes to use when scheduling fusionauth pods. | +| topologySpreadConstraints | list | `[]` | Define `topologySpreadConstraints` for kubernetes to use when scheduling fusionauth pods. | diff --git a/chart/examples/minikube/values.yaml b/chart/examples/minikube/values.yaml index bc3dd9f..b706660 100644 --- a/chart/examples/minikube/values.yaml +++ b/chart/examples/minikube/values.yaml @@ -8,7 +8,7 @@ image: # image.repository -- The name of the docker repository for fusionauth-app repository: fusionauth/fusionauth-app # image.repository -- The docker tag to pull for fusionauth-app - tag: 1.42.0 + tag: 1.48.1 # image.pullPolicy -- Kubernetes image pullPolicy to use for fusionauth-app pullPolicy: IfNotPresent diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 8b22481..ac9819a 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -24,6 +24,18 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} +{{/* +Set apiVersion for HPA +*/}} +{{- define "fusionauth.HpaApiVersion" -}} +{{- if .Capabilities.APIVersions.Has "autoscaling/v2" -}} +autoscaling/v2 +{{- else -}} +autoscaling/v2beta2 +{{- end -}} +{{- end -}} + + {{/* Set apiVersion for ingress */}} diff --git a/chart/templates/hpa.yaml b/chart/templates/hpa.yaml index f731706..66219b8 100644 --- a/chart/templates/hpa.yaml +++ b/chart/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }} +apiVersion: {{ include "fusionauth.HpaApiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "fusionauth.fullname" . }} diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml index 3162dad..e9bbc60 100644 --- a/chart/templates/serviceaccount.yaml +++ b/chart/templates/serviceaccount.yaml @@ -5,6 +5,7 @@ metadata: name: {{ include "fusionauth.serviceAccountName" . }} {{- if .Values.serviceAccount.annotations }} annotations: -{{ .Values.serviceAccount.annotations | toYaml | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} {{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index de853c6..f33d543 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -4,16 +4,21 @@ # replicaCount -- The number of fusionauth-app instances to run replicaCount: 1 + image: # image.repository -- The name of the docker repository for fusionauth-app repository: fusionauth/fusionauth-app # image.repository -- The docker tag to pull for fusionauth-app - tag: 1.42.0 + tag: 1.48.1 # image.pullPolicy -- Kubernetes image pullPolicy to use for fusionauth-app pullPolicy: IfNotPresent # imagePullSecrets -- Configures kubernetes secrets to use for pulling private images imagePullSecrets: [] +# nameOverride -- Overrides resource names +nameOverride: "" +# fullnameOverride -- Overrides full resource names +fullnameOverride: "" # - spec for Container: # kubectl explain pod.spec.initContainers @@ -30,29 +35,23 @@ initContainers: # initContainers.image.repository -- Tag to use for initContainers docker image tag: 1.36.1 # initContainers.resources -- Resource requests and limits to use for initContainers - resources: - {} + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi # requests: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi # - spec for Container: # kubectl explain pod.spec.containers # kubectl explain pod.spec.containers --recursive extraContainers: [] -# nameOverride -- Overrides resource names -nameOverride: "" -# fullnameOverride -- Overrides full resource names -fullnameOverride: "" - service: # service.type -- Type of Kubernetes service to create type: ClusterIP @@ -113,8 +112,7 @@ app: runtimeMode: development # environment - Configure additional environment variables. Should only be used for things that are not explicitly set elsewhere in the chart. -environment: - [] +environment: [] # - name: POD_IP # valueFrom: # fieldRef: @@ -167,8 +165,7 @@ kickstart: # setup-password.txt: | # Hallo -lifecycle: - {} +lifecycle: {} # # lifecycle.postStart -- postStart lifecycle command for fusionauth container # postStart: # exec: @@ -186,8 +183,7 @@ ingress: # ingress.enabled -- Enables ingress creation for fusionauth. enabled: false # ingress.annotations -- Configure annotations to add to the ingress object - annotations: - {} + annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # ingress.ingressClassName since the kubernetes.io/ingress.class annotation @@ -200,8 +196,7 @@ ingress: # ingress.extraPaths -- Define complete path objects, will be inserted before regular paths. Can be useful for things like ALB Ingress Controller actions extraPaths: [] # ingress.hosts -- List of hostnames to configure the ingress with - hosts: - [] + hosts: [] # - chart-example.local # ingress.tls -- List of secrets used to configure TLS for the ingress. tls: [] @@ -210,25 +205,24 @@ ingress: # - chart-example.local # resources -- Define resource requests and limits for fusionauth-app. -resources: - {} +resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi # requests: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi ## Autoscaling parameters autoscaling: enabled: false - # minReplicas: 1 - # maxReplicas: 10 - # targetCPU: 50 + minReplicas: 2 + maxReplicas: 5 + targetCPU: 50 # targetMemory: 50 # nodeSelector -- Define nodeSelector for kubernetes to use when scheduling fusionauth pods. @@ -279,25 +273,26 @@ startupProbe: timeoutSeconds: 5 # extraVolumes -- Define extra Volumes. Allow to add existing claimName -extraVolumes: - [] +extraVolumes: [] # - name: custom-css-data # persistentVolumeClaim: # claimName: custom-css-data # extraVolumes -- Associate mountPath for each extraVolumes -extraVolumeMounts: - [] +extraVolumeMounts: [] # - name: custom-css-data # mountPath: /usr/local/fusionauth/fusionauth-app/web/custom serviceAccount: - # serviceAccount.create -- If set to true service account will be created. Otherwise, the default service account will be used + # serviceAccount.create - Specifies whether a service account should be created create: false - # serviceAccount.name -- Service account name to use. If not specified, defaults to the helm installation name - name: "" - # serviceAccount.annotations -- Extra annotations to add to the serviceAccount object + # serviceAccount.automount - Automatically mount a ServiceAccount's API credentials? + automount: true + # serviceAccount.annotation - Annotations to add to the service account annotations: {} + # serviceAccount.name - The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" # serviceMonitor -- Configures a Prometheus operator ServiceMonitor custom resource # Ref: https://fusionauth.io/docs/v1/tech/tutorials/prometheus