-
Notifications
You must be signed in to change notification settings - Fork 26
/
values.yaml
254 lines (234 loc) · 9.08 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
# -- the name of the chart deployment (can be overridden)
nameOverride: ""
# -- the full name of the release (can be overridden)
fullnameOverride: ""
# -- A Package Manager version to override the "tag" for the RStudio Package Manager image. Necessary until https://github.com/helm/helm/issues/8194
versionOverride: ""
sharedStorage:
# -- whether to create the persistentVolumeClaim for shared storage
create: false
# -- The name of the pvc. By default, computes a value from the release name
name: ""
# -- Whether the persistentVolumeClaim should be mounted (even if not created)
mount: false
# -- the path to mount the sharedStorage claim within the pod
path: /var/lib/rstudio-pm
# -- storageClassName - the type of storage to use. Must allow ReadWriteMany
storageClassName: false
# -- accessModes defined for the storage PVC (represented as YAML)
accessModes:
- ReadWriteMany
requests:
# -- the volume of storage to request for this persistent volume claim
storage: "10Gi"
# -- Define the annotations for the Persistent Volume Claim resource
annotations:
helm.sh/resource-policy: keep
# -- selector for PVC definition
selector: {}
# -- the volumeName passed along to the persistentVolumeClaim. Optional
volumeName: ""
image:
# -- the repository to use for the main pod image
repository: rstudio/rstudio-package-manager
# -- A tag prefix for the server image (common selection: ubuntu2204-). Only used if tag is not defined
tagPrefix: ubuntu2204-
# -- the tag to use for the main pod image
tag: ""
# -- the imagePullPolicy for the main pod image
imagePullPolicy: IfNotPresent
# -- an array of kubernetes secrets for pulling the main pod image from private registries
imagePullSecrets: []
# -- The update strategy used by the main service pod.
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: "100%"
maxUnavailable: 0
license:
# -- key is the license to use
key: null
# -- server is the <hostname>:<port> for a license server
server: false
# -- the file section is used for licensing with a license file
file:
# -- contents is an in-line license file
contents: false
# -- mountPath is the place the license file will be mounted into the container
mountPath: "/etc/rstudio-licensing"
# -- mountSubPath is whether to mount the subPath for the file secret.
# -- It can be preferable _not_ to enable this, because then updates propagate automatically
mountSubPath: false
# -- secretKey is the key for the secret to use for the license file
secretKey: "license.lic"
# -- secret is an existing secret with a license file in it
secret: false
service:
# -- The service type, usually ClusterIP (in-cluster only) or LoadBalancer (to
# expose the service using your cloud provider's load balancer)
type: ClusterIP
# -- Annotations for the service, for example to specify [an internal load balancer](https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer)
annotations: {}
# -- The cluster-internal IP to use with `service.type` ClusterIP
clusterIP: ""
# -- The external IP to use with `service.type` LoadBalancer, when supported
# by the cloud provider
loadBalancerIP: ""
# -- The explicit nodePort to use for `service.type` NodePort. If not
# provided, Kubernetes will choose one automatically
nodePort: false
# -- The Service port. This is the port your service will run under.
port: 80
# -- replicas is the number of replica pods to maintain for this service
replicas: 1
# -- awsAccessKeyId is the access key id for s3 access, used also to gate file creation
awsAccessKeyId: false
# -- awsSecretAccessKey is the secret access key, needs to be filled if access_key_id is
awsSecretAccessKey:
# -- rstudioPMKey is the rstudio-pm key used for the RStudio Package Manager service
rstudioPMKey: false
# -- command is the pod's run command. By default, it uses the container's default
command: false
# -- args is the pod's run arguments. By default, it uses the container's default
args: false
# -- Enable sandboxing of Git builds, which requires elevated security
# privileges for the Package Manager container.
enableSandboxing: true
# -- Enable migrations for shared storage (if necessary) using Helm hooks.
enableMigration: true
# -- Whether the check for root accounts in the config file is fatal. This is meant to simplify migration to the new helm chart version.
rootCheckIsFatal: true
pod:
# -- env is an array of maps that is injected as-is into the "env:" component of the pod.container spec
env: []
# -- volumes is an array of maps that is injected as-is into the "volumes:" component of the pod spec
volumes: []
# -- volumeMounts is an array of maps that is injected as-is into the "volumeMounts" component of the pod spec
volumeMounts: []
# -- Deprecated, use `serviceAccount.name` instead
serviceAccountName: ""
# -- annotations is a map of keys / values that will be added as annotations to the pods
annotations: {}
# -- Additional labels to add to the rstudio-pm pods
labels: {}
# -- Container [lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/)
lifecycle: {}
# -- the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the pod
securityContext:
fsGroup: 999
fsGroupChangePolicy: "OnRootMismatch"
# -- the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for the main Package Manager container. Evaluated as a template.
containerSecurityContext:
runAsUser: 999
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "{{ if .Values.enableSandboxing }}Unconfined{{ else }}RuntimeDefault{{ end }}"
# -- The termination grace period seconds allowed for the pod before shutdown
terminationGracePeriodSeconds: 120
# -- Extra objects to deploy (value evaluated as a template)
extraObjects: []
# -- resources define requests and limits for the rstudio-pm pod
resources:
requests:
enabled: false
memory: "2Gi"
cpu: "100m"
ephemeralStorage: "100Mi"
limits:
enabled: false
memory: "4Gi"
cpu: "2000m"
ephemeralStorage: "200Mi"
# -- livenessProbe is used to configure the container's livenessProbe
livenessProbe:
enabled: false
httpGet:
path: /__ping__
port: 4242
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 10
# -- startupProbe is used to configure the container's startupProbe
startupProbe:
enabled: false
httpGet:
path: /__api__/status
port: 4242
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
# -- failureThreshold * periodSeconds should be strictly > worst case startup time
failureThreshold: 30
# -- readinessProbe is used to configure the container's readinessProbe
readinessProbe:
enabled: true
httpGet:
path: /__ping__
port: 4242
initialDelaySeconds: 3
periodSeconds: 3
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
# -- the initContainer spec that will be used verbatim
initContainers: false
ingress:
enabled: false
# -- The ingressClassName for the ingress resource. Only used for clusters that support
# networking.k8s.io/v1 Ingress resources
ingressClassName: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
# - host: chart-example.local
# paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
serviceAccount:
# -- Whether to create a [Service Account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/)
create: true
# -- ServiceAccount to use, if any, or an explicit name for the one we create
# @default -- When `serviceAccount.create` is `true` this defaults to the full name of the release
name: ""
# -- Annotations for the ServiceAccount, if any
annotations: {}
# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
# -- Labels for the ServiceAccount, if any
labels: {}
serviceMonitor:
# -- Whether to create a ServiceMonitor CRD for use with a Prometheus Operator
enabled: false
# -- Namespace to create the ServiceMonitor in (usually the same as the one in
# which the Operator is running). Defaults to the release namespace
namespace: ""
# -- additionalLabels normally includes the release name of the Prometheus
# Operator
additionalLabels: {}
# release: kube-prometheus-stack
# -- config is a nested map of maps that generates the rstudio-pm.gcfg file
config:
HTTP:
Listen: :4242
Metrics:
Enabled: true
# -- sidecar container list
extraContainers: []
# -- A map used verbatim as the pod's "affinity" definition
affinity: {}
# -- A map used verbatim as the pod's "nodeSelector" definition
nodeSelector: {}
# -- An array used verbatim as the pod's "topologySpreadConstraints" definition
topologySpreadConstraints: []
# -- An array used verbatim as the pod's "tolerations" definition
tolerations: []
# -- The pod's priorityClassName
priorityClassName: ""
# -- Pod disruption budget
podDisruptionBudget: {}