charts/backstage/values.yaml

# Default values for the Backstage chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# -- Global parameters
# Global Docker image parameters
# Please, note that this will override the image parameters, including dependencies, configured to use the global value
# Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
# @default -- See below
global:
  # -- Global Docker image registry
  imageRegistry: ""

  # -- Global Docker registry secret names as an array
  # </br> E.g. `imagePullSecrets: [myRegistryKeySecretName]`
  imagePullSecrets: []

# -- Common parameters

# -- Override Kubernetes version
kubeVersion: ""

# -- String to partially override common.names.fullname
nameOverride: ""

# -- String to fully override common.names.fullname
fullnameOverride: ""

# -- Default Kubernetes cluster domain
clusterDomain: cluster.local

# -- Labels to add to all deployed objects
commonLabels: {}

# -- Annotations to add to all deployed objects
commonAnnotations: {}

# -- Array of extra objects to deploy with the release
extraDeploy: []

# -- Enable diagnostic mode in the Deployment
diagnosticMode:

  # -- Enable diagnostic mode (all probes will be disabled and the command will be overridden)
  enabled: false

  # -- Command to override all containers in the Deployment
  command:
    - sleep

  # -- Args to override all containers in the Deployment
  args:
    - infinity

# -- Ingress parameters
ingress:

  # -- Enable the creation of the ingress resource
  enabled: false

  # -- Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx)
  className: ""

  # -- Additional annotations for the Ingress resource
  annotations: {}

  # -- Hostname to be used to expose the route to access the backstage application (e.g: backstage.IP.nip.io)
  host: ""

  # -- List of additional hostnames to be covered with this ingress record (e.g. a CNAME)
  # <!-- E.g.
  # extraHosts:
  #   - name: backstage.env.example.com
  #     path: / (Optional)
  #     pathType: Prefix (Optional)
  #     port: 7007 (Optional) -->
  extraHosts: []

  # -- Path to be used to expose the full route to access the backstage application (e.g: IP.nip.io/backstage)
  path: "/"

  # -- Ingress TLS parameters
  tls:

    # -- Enable TLS configuration for the host defined at `ingress.host` parameter
    enabled: false

    # -- The name to which the TLS Secret will be called
    secretName: ""

  # -- The TLS configuration for additional hostnames to be covered with this ingress record.
  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
  # <!-- E.g.
  # extraTls:
  #   - hosts:
  #     - backstage.env.example.com
  #     secretName: backstage-env -->
  extraTls: []

# -- Backstage parameters
# @default -- See below
backstage:

  # -- Number of deployment replicas
  replicas: 1

  # -- Define the [count of deployment revisions](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) to be kept.
  # May be set to 0 in case of GitOps deployment approach.
  revisionHistoryLimit: 10

  image:

    # -- Backstage image registry
    registry: ghcr.io

    # -- Backstage image repository
    repository: backstage/backstage

    # -- Backstage image tag (immutable tags are recommended)
    tag: latest

    # -- Backstage image digest (digest takes precedence over image tag)
    digest: ""

    # -- Specify a imagePullPolicy.
    # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    # <br /> Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
    pullPolicy: Always

    # -- Optionally specify an array of imagePullSecrets.
    #  Secrets must be manually created in the namespace.
    # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    # <br /> E.g: `pullSecrets: [myRegistryKeySecretName]`
    pullSecrets: []

  # -- Container ports on the Deployment
  containerPorts:
    backend: 7007

  # -- Backstage container command
  command: ["node", "packages/backend"]

  # -- Backstage container command arguments
  args: []

  # -- Extra app configuration files to inline into command arguments
  extraAppConfig: []

  # -- Deployment sidecars
  extraContainers: []

  # -- Backstage container environment variables
  extraEnvVars: []

  # -- Backstage container environment variables from existing ConfigMaps
  extraEnvVarsCM: []

  # -- Backstage container environment variables from existing Secrets
  extraEnvVarsSecrets: []

  # -- Backstage container additional volume mounts
  extraVolumeMounts: []

  # -- Backstage container additional volumes
  extraVolumes: []

  # -- Backstage container init containers
  initContainers: []

  # -- Directory containing the backstage installation
  installDir: /app

  # -- Resource requests/limits
  # <br /> Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container
  # <!-- E.g.
  # resources:
  #   limits:
  #     memory: 1Gi
  #     cpu: 1000m
  #   requests:
  #     memory: 250Mi
  #     cpu: 100m -->
  resources: {}

  # -- Readiness Probe
  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
  # <!-- E.g.
  # readinessProbe:
  #   failureThreshold: 3
  #   httpGet:
  #     path: /.backstage/health/v1/readiness
  #     port: 7007
  #     scheme: HTTP
  #   initialDelaySeconds: 30
  #   periodSeconds: 10
  #   successThreshold: 2
  #   timeoutSeconds: 2
  readinessProbe:
    httpGet:
      path: /.backstage/health/v1/readiness
      port: 7007
      scheme: HTTP

  # -- Liveness Probe
  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
  # <!-- E.g.
  # livenessProbe:
  #   failureThreshold: 3
  #   httpGet:
  #     path: /.backstage/health/v1/liveness
  #     port: 7007
  #     scheme: HTTP
  #   initialDelaySeconds: 60
  #   periodSeconds: 10
  #   successThreshold: 1
  #   timeoutSeconds: 2
  livenessProbe:
    httpGet:
      path: /.backstage/health/v1/liveness
      port: 7007
      scheme: HTTP

  # -- Startup Probe
  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
  # <!-- E.g.
  # startupProbe:
  #   failureThreshold: 3
  #   httpGet:
  #     path: /.backstage/health/v1/liveness
  #     port: 7007
  #     scheme: HTTP
  #   initialDelaySeconds: 60
  #   periodSeconds: 10
  #   successThreshold: 1
  #   timeoutSeconds: 2
  startupProbe:
    httpGet:
      path: /.backstage/health/v1/liveness
      port: 7007
      scheme: HTTP

  # -- Security settings for a Pod.
  #  The security settings that you specify for a Pod apply to all Containers in the Pod.
  # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  podSecurityContext: {}

  # -- Security settings for a Container.
  # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
  containerSecurityContext: {}

  # Allows to define the appConfig as a multiline string that generates a ConfigMap
  # automatically, not requiring to have it pre provisioned as with the extraAppConfig key.
  # DO NOT USE if you need to put sensitive data in the appConfig.
  # E.g:
  # appConfig:
  #   app:
  #     baseUrl: https://somedomain.tld
  # -- Generates ConfigMap and configures it in the Backstage pods
  appConfig: {}

  # -- Affinity for pod assignment
  # <br /> Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  affinity: {}

  # -- Topology Spread Constraints for pod assignment
  # <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints
  topologySpreadConstraints: []

  # -- Node labels for pod assignment
  # <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
  nodeSelector: {}

  # -- Node tolerations for server scheduling to nodes with taints
  # <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
  tolerations: []
  #  - key: "key"
  #    operator: "Equal|Exists"
  #    value: "value"
  #    effect: "NoSchedule|PreferNoSchedule|NoExecute"

  # -- Host Aliases for the pod
  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
  hostAliases: []

  # -- Annotations to add to the backend deployment pods
  podAnnotations: {}

  # -- Labels to add to the backend deployment pods
  podLabels: {}

  # -- Additional custom annotations for the `Deployment` resource
  annotations: {}

## @section Traffic Exposure parameters

## Service parameters
##
# -- Service parameters
# @default -- See below
service:

  # -- Kubernetes Service type
  type: ClusterIP

  # -- Backstage svc port for client connections
  ports:
    backend: 7007

    # -- Backstage svc port name
    name: http-backend

    # -- Backstage svc target port referencing receiving pod container port
    targetPort: backend

  # -- Node port for the Backstage client connections
  # Choose port between `30000-32767`
  nodePorts:
    backend: ""

  # -- Control where client requests go, to the same pod or round-robin
  # (values: `ClientIP` or `None`)
  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness
  sessionAffinity: None

  # -- Backstage service Cluster IP
  #
  # <br /> E.g `clusterIP: None`
  clusterIP: ""

  # -- Backstage service Load Balancer IP
  #
  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
  loadBalancerIP: ""

  # -- Load Balancer sources
  #
  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
  # <br /> E.g `loadBalancerSourceRanges: [10.10.10.0/24]`
  loadBalancerSourceRanges: []

  # -- Backstage service external traffic policy
  #
  # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
  externalTrafficPolicy: Cluster

  # -- Additional custom annotations for Backstage service
  annotations: {}

  # -- Extra ports to expose in the Backstage service (normally used with the `sidecar` value)
  extraPorts: []

## @section NetworkPolicy parameters
##
networkPolicy:
  # -- Specifies whether a NetworkPolicy should be created
  enabled: false

  ## Ingress Rules
  ##
  ingressRules:

    # -- Namespace selector label allowed to access the Backstage instance
    namespaceSelector: {}

    # -- Pod selector label allowed to access the Backstage instance
    podSelector: {}

    # -- Additional custom ingress rules
    customRules: []
    #   - to:
    #       - namespaceSelector:
    #           matchLabels:
    #             label: example

  ## Egress Rules
  ##
  egressRules:

    # -- Deny external connections. Should not be enabled when working with an external database.
    denyConnectionsToExternal: false

    # -- Additional custom egress rules
    customRules: []
    #   - to:
    #       - namespaceSelector:
    #           matchLabels:
    #             label: example


# -- PostgreSQL [chart configuration](https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml)
# @default -- See below
postgresql:

  # -- Switch to enable or disable the PostgreSQL helm chart
  enabled: false

  # -- The authentication details of the Postgres database
  auth:

    # -- Name for a custom user to create
    username: bn_backstage

    # -- Password for the custom user to create
    password: ""

    # -- Name of existing secret to use for PostgreSQL credentials
    existingSecret: ""

    # -- The secret keys Postgres will look for to retrieve the relevant password
    secretKeys:

      # -- The key in which Postgres will look for, for the admin password, in the existing Secret
      adminPasswordKey: admin-password

      # -- The key in which Postgres will look for, for the user password, in the existing Secret
      userPasswordKey: user-password

      # -- The key in which Postgres will look for, for the replication password, in the existing Secret
      replicationPasswordKey: replication-password

  # -- PostgreSQL architecture (`standalone` or `replication`)
  architecture: standalone

# -- Service Account Configuration
# @default -- See below
serviceAccount:

  # -- Enable the creation of a ServiceAccount for Backstage pods
  create: false

  # -- Name of the ServiceAccount to use
  # If not set and `serviceAccount.create` is true, a name is generated
  name: ""

  # -- Additional custom labels to the service ServiceAccount.
  labels: {}

  # -- Additional custom annotations for the ServiceAccount.
  annotations: {}

  # -- Auto-mount the service account token in the pod
  automountServiceAccountToken: true

# -- Metrics configuration
metrics:

  # -- ServiceMonitor configuration
  # <br /> Allows configuring your backstage instance as a scrape target for [Prometheus](https://github.com/prometheus/prometheus) using a ServiceMonitor custom resource that [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) can understand.
  serviceMonitor:

    # -- If enabled, a ServiceMonitor resource for Prometheus Operator is created
    # <br /> Prometheus Operator must be installed in your cluster prior to enabling.
    enabled: false

    # -- ServiceMonitor annotations
    annotations: {}

    # -- Additional ServiceMonitor labels
    labels: {}

    # -- ServiceMonitor scrape interval
    interval: null

    # -- ServiceMonitor endpoint path
    # <br /> Note that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the [Prometheus metrics tutorial](https://github.com/backstage/backstage/blob/master/contrib/docs/tutorials/prometheus-metrics.md).
    path: /metrics

    # -- ServiceMonitor endpoint port
    # <br /> The port where the metrics are exposed. If using OpenTelemetry as [documented here](https://backstage.io/docs/tutorials/setup-opentelemetry/), then the port needs to be explicitely specificed. OpenTelemetry's default port is 9464.
    port: http-backend