From feab63c773148dccf6b5e1f84ada0350fcd0be54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20Groothuis?= Date: Fri, 24 Oct 2025 10:34:42 +0200 Subject: [PATCH] chore(penpot): Added first deployment --- clusters/artemis/apps/kustomization.yaml | 1 + clusters/artemis/apps/penpot/app-project.yaml | 17 + clusters/artemis/apps/penpot/application.yaml | 24 + .../artemis/apps/penpot/kustomization.yaml | 7 + manifests/artemis/penpot/kustomization.yaml | 13 + manifests/artemis/penpot/values.yaml | 786 ++++++++++++++++++ 6 files changed, 848 insertions(+) create mode 100644 clusters/artemis/apps/penpot/app-project.yaml create mode 100644 clusters/artemis/apps/penpot/application.yaml create mode 100644 clusters/artemis/apps/penpot/kustomization.yaml create mode 100644 manifests/artemis/penpot/kustomization.yaml create mode 100644 manifests/artemis/penpot/values.yaml diff --git a/clusters/artemis/apps/kustomization.yaml b/clusters/artemis/apps/kustomization.yaml index bd583f0..95c6c49 100644 --- a/clusters/artemis/apps/kustomization.yaml +++ b/clusters/artemis/apps/kustomization.yaml @@ -14,3 +14,4 @@ resources: - vaultwarden - mailu - ntfy + - penpot diff --git a/clusters/artemis/apps/penpot/app-project.yaml b/clusters/artemis/apps/penpot/app-project.yaml new file mode 100644 index 0000000..ffa734a --- /dev/null +++ b/clusters/artemis/apps/penpot/app-project.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: penpot +spec: + description: Design tool + sourceRepos: + - '*' + sourceNamespaces: + - '*' + destinations: + - namespace: 'penpot' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' diff --git a/clusters/artemis/apps/penpot/application.yaml b/clusters/artemis/apps/penpot/application.yaml new file mode 100644 index 0000000..70945ee --- /dev/null +++ b/clusters/artemis/apps/penpot/application.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: penpot + namespace: penpot + labels: + platform.dgse.cloud/cluster: artemis + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: penpot + source: + repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git' + path: manifests/artemis/penpot + targetRevision: main + destination: + namespace: penpot + name: in-cluster + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true diff --git a/clusters/artemis/apps/penpot/kustomization.yaml b/clusters/artemis/apps/penpot/kustomization.yaml new file mode 100644 index 0000000..f9b2a4b --- /dev/null +++ b/clusters/artemis/apps/penpot/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - app-project.yaml + - application.yaml diff --git a/manifests/artemis/penpot/kustomization.yaml b/manifests/artemis/penpot/kustomization.yaml new file mode 100644 index 0000000..18d2f3c --- /dev/null +++ b/manifests/artemis/penpot/kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +metadata: + name: penpot + +helmCharts: + - name: penpot + repo: http://helm.penpot.app + version: 0.28.0 + releaseName: penpot + namespace: penpot + valuesFile: values.yaml diff --git a/manifests/artemis/penpot/values.yaml b/manifests/artemis/penpot/values.yaml new file mode 100644 index 0000000..1f8e058 --- /dev/null +++ b/manifests/artemis/penpot/values.yaml @@ -0,0 +1,786 @@ +# yaml-language-server: $schema=values.schema.json +## Default values for Penpot + +global: + # -- Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration. + # @section -- Global parameters + postgresqlEnabled: false + # -- Whether to deploy the Bitnami Valkey chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/valkey) for configuration. + # @section -- Global parameters + valkeyEnabled: false + # -- Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. + # *DEPRECATION WARNING: Since Penpot 2.8, Penpot has migrated from Redis to Valkey. Although migration is recommended, Penpot will work seamlessly with compatible Redis versions. + # @section -- Global parameters + redisEnabled: false + # -- Global Docker registry secret names. + # E.g. + # imagePullSecrets: + # - myRegistryKeySecretName + # @section -- Global parameters + imagePullSecrets: [] + +# -- To partially override common.names.fullname +# @section -- Common parameters +nameOverride: "" +# -- To fully override common.names.fullname +# @section -- Common parameters +fullnameOverride: "" +serviceAccount: + # -- Specifies whether a ServiceAccount should be created. + # @section -- Common parameters + enabled: true + # -- Annotations for service account. Evaluated as a template. + # @section -- Common parameters + annotations: {} + # -- The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. + # @section -- Common parameters + name: "penpot" + +config: + # -- The public domain to serve Penpot on. + # **IMPORTANT:** Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. + # @section -- Configuration parameters + publicUri: "http://penpot.dgse.cloud" + # -- The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. + # @section -- Configuration parameters + flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp" + # -- A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example. + # @section -- Configuration parameters + apiSecretKey: "" + # -- The name of an existing secret. + # @section -- Configuration parameters + existingSecret: "penpot-api" + secretKeys: + # -- The api secret key to use from an existing secret. + # @section -- Configuration parameters + apiSecretKey: "token" + # -- Comma separated list of allowed domains to register. Empty to allow all domains. + # @section -- Configuration parameters + registrationDomainWhitelist: "" + # -- Whether to enable sending of anonymous telemetry data. + # @section -- Configuration parameters + telemetryEnabled: true + # -- Add custom resolver for frontend. e.g. 192.168.1.1 + # @section -- Configuration parameters + internalResolver: "" + # -- Url adress to Terms of Services (empty to hide the link) + # @section -- Configuration parameters + termsOfServicesUri: "" + # -- Url adress to Privacy Policy (empty to hide the link) + # @section -- Configuration parameters + privacyPolicyUri: "" + + postgresql: + # -- The PostgreSQL host to connect to. Empty to use dependencies. + # @section -- Configuration parameters + host: "" # Ex.: "postgresql.penpot.svc.cluster.local" + # -- The PostgreSQL host port to use. + # @section -- Configuration parameters + port: 5432 + # -- The database username to use. + # @section -- Configuration parameters + username: "penpot" + # -- The database password to use. + # @section -- Configuration parameters + password: "penpot" + # -- The PostgreSQL database to use. + # @section -- Configuration parameters + database: "penpot" + # -- The name of an existing secret. + # @section -- Configuration parameters + existingSecret: "" + secretKeys: + # -- The postgresql uri key to use from an existing secret. (postgresql://host:port/database). + # @section -- Configuration parameters + postgresqlUriKey: "" + # -- The username key to use from an existing secret. + # @section -- Configuration parameters + usernameKey: "" + # -- The password key to use from an existing secret. + # @section -- Configuration parameters + passwordKey: "" + + redis: + # -- The Valkey host to connect to. Empty to use dependencies + # @section -- Configuration parameters + host: "" # Ex.: "redis-headless.penpot.svc.cluster.local" + # -- The Valkey host port to use. + # @section -- Configuration parameters + port: 6379 + # -- The Valkey database to connect to. + # @section -- Configuration parameters + database: "0" + # -- The name of an existing secret. + # @section -- Configuration parameters + existingSecret: "" + secretKeys: + # -- The redis uri key to use from an existing secret. (redis://:password@host:port/database). + # @section -- Configuration parameters + redisUriKey: "" + + assets: + # -- The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. + # @section -- Configuration parameters + storageBackend: "assets-fs" + filesystem: + # -- The storage directory to use if you chose the filesystem storage backend. + # @section -- Configuration parameters + directory: "/opt/data/assets" + s3: + # -- The S3 access key ID to use if you chose the S3 storage backend. + # @section -- Configuration parameters + accessKeyID: "" + # -- The S3 secret access key to use if you chose the S3 storage backend. + # @section -- Configuration parameters + secretAccessKey: "" + # -- The S3 region to use if you chose the S3 storage backend. + # @section -- Configuration parameters + region: "" + # -- The name of the S3 bucket to use if you chose the S3 storage backend. + # @section -- Configuration parameters + bucket: "" + # -- The S3 endpoint URI to use if you chose the S3 storage backend. + # @section -- Configuration parameters + endpointURI: "" + # -- The name of an existing secret. + # @section -- Configuration parameters + existingSecret: "" + secretKeys: + # -- The S3 access key ID to use from an existing secret. + # @section -- Configuration parameters + accessKeyIDKey: "" + # -- The S3 secret access key to use from an existing secret. + # @section -- Configuration parameters + secretAccessKey: "" + # -- The S3 endpoint URI to use from an existing secret. + # @section -- Configuration parameters + endpointURIKey: "" + + smtp: + # -- Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. + # @section -- Configuration parameters + enabled: false + # -- The SMTP default email to send from. + # @section -- Configuration parameters + defaultFrom: "" + # -- The SMTP default email to reply to. + # @section -- Configuration parameters + defaultReplyTo: "" + # -- The SMTP host to use. + # @section -- Configuration parameters + host: "" + # -- The SMTP host port to use. + # @section -- Configuration parameters + port: "" + # -- The SMTP username to use. + # @section -- Configuration parameters + username: "" + # -- The SMTP password to use. + # @section -- Configuration parameters + password: "" + # -- Whether to use TLS for the SMTP connection. + # @section -- Configuration parameters + tls: true + # -- Whether to use SSL for the SMTP connection. + # @section -- Configuration parameters + ssl: false + # -- The name of an existing secret. + # @section -- Configuration parameters + existingSecret: "" + secretKeys: + # -- The SMTP username to use from an existing secret. + # @section -- Configuration parameters + usernameKey: "" + # -- The SMTP password to use from an existing secret. + # @section -- Configuration parameters + passwordKey: "" + + providers: + google: + # -- Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. + # @section -- Configuration parameters + enabled: false + # -- The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. + # @section -- Configuration parameters + clientID: "" + # -- The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. + # @section -- Configuration parameters + clientSecret: "" + github: + # -- Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. + # @section -- Configuration parameters + enabled: false + # -- The GitHub client ID to use. + # @section -- Configuration parameters + clientID: "" + # -- The GitHub client secret to use. + # @section -- Configuration parameters + clientSecret: "" + gitlab: + # -- Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. + # @section -- Configuration parameters + enabled: false + # -- The GitLab base URI to use. + # @section -- Configuration parameters + baseURI: "https://gitlab.com" + # -- The GitLab client ID to use. + # @section -- Configuration parameters + clientID: "" + # -- The GitLab client secret to use. + # @section -- Configuration parameters + clientSecret: "" + oidc: + # -- Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. + # @section -- Configuration parameters + enabled: false + # -- The OpenID Connect base URI to use. + # @section -- Configuration parameters + baseURI: "" + # -- The OpenID Connect client ID to use. + # @section -- Configuration parameters + clientID: "" + # -- The OpenID Connect client secret to use. + # @section -- Configuration parameters + clientSecret: "" + # -- Optional OpenID Connect auth URI to use. Auto discovered if not provided. + # @section -- Configuration parameters + authURI: "" + # -- Optional OpenID Connect token URI to use. Auto discovered if not provided. + # @section -- Configuration parameters + tokenURI: "" + # -- Optional OpenID Connect user URI to use. Auto discovered if not provided. + # @section -- Configuration parameters + userURI: "" + # -- Optional OpenID Connect roles to use. If no role is provided, role checking is disabled (default role values are set below, to disable role verification, send an empty string). + # @section -- Configuration parameters + roles: "designer developer" + # -- Optional OpenID Connect roles attribute to use. If not provided, the role checking will be disabled. + # @section -- Configuration parameters + rolesAttribute: "" + # -- Optional OpenID Connect scopes to use. These settings allow overwriting the required scopes, use with caution because penpot requires at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. + # @section -- Configuration parameters + scopes: "scope1 scope2" + # -- Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. + # @section -- Configuration parameters + nameAttribute: "" + # -- Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. + # @section -- Configuration parameters + emailAttribute: "" + ldap: + # -- Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. + # @section -- Configuration parameters + enabled: false + # -- The LDAP host to use. + # @section -- Configuration parameters + host: "ldap" + # -- The LDAP port to use. + # @section -- Configuration parameters + port: 10389 + # -- Whether to use SSL for the LDAP connection. + # @section -- Configuration parameters + ssl: false + # -- Whether to utilize StartTLS for the LDAP connection. + # @section -- Configuration parameters + startTLS: false + # -- The LDAP base DN to use. + # @section -- Configuration parameters + baseDN: "ou=people,dc=planetexpress,dc=com" + # -- The LDAP bind DN to use. + # @section -- Configuration parameters + bindDN: "uid=admin,ou=people,dc=planetexpress,dc=com" + # -- The LDAP bind password to use. + # @section -- Configuration parameters + bindPassword: "GoodNewsEveryone" + # -- The LDAP user query to use. + # @section -- Configuration parameters + userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))" + # -- The LDAP attributes username to use. + # @section -- Configuration parameters + attributesUsername: "uid" + # -- The LDAP attributes email to use. + # @section -- Configuration parameters + attributesEmail: "mail" + # -- The LDAP attributes fullname to use. + # @section -- Configuration parameters + attributesFullname: "cn" + # -- The LDAP attributes photo format to use. + # @section -- Configuration parameters + attributesPhoto: "jpegPhoto" + # -- The name of an existing secret to use. + # @section -- Configuration parameters + existingSecret: "" + secretKeys: + # -- The Google client ID key to use from an existing secret. + # @section -- Configuration parameters + googleClientIDKey: "" + # -- The Google client secret key to use from an existing secret. + # @section -- Configuration parameters + googleClientSecretKey: "" + # -- The GitHub client ID key to use from an existing secret. + # @section -- Configuration parameters + githubClientIDKey: "" + # -- The GitHub client secret key to use from an existing secret. + # @section -- Configuration parameters + githubClientSecretKey: "" + # -- The GitLab client ID key to use from an existing secret. + # @section -- Configuration parameters + gitlabClientIDKey: "" + # -- The GitLab client secret key to use from an existing secret. + # @section -- Configuration parameters + gitlabClientSecretKey: "" + # -- The OpenID Connect client ID key to use from an existing secret. + # @section -- Configuration parameters + oidcClientIDKey: "" + # -- The OpenID Connect client secret key to use from an existing secret. + # @section -- Configuration parameters + oidcClientSecretKey: "" + # -- The LDAP admin bind password to use from an exsiting secret + # @section -- Configuration parameters + ldapBindPasswordKey: "" + + autoFileSnapshot: + # -- How many changes before generating a new snapshot. You also need to add the 'auto-file-snapshot' flag to the PENPOT_FLAGS variable. + # @section -- Configuration parameters + every: 5 # Every 5 changes + # -- If there isn't a snapshot during this time, the system will generate one automatically. You also need to add the 'auto-file-snapshot' flag to the PENPOT_FLAGS variable. + # @section -- Configuration parameters + timeout: "3h" + # -- Specify any additional environment values you want to provide to all the containers (frontend, backend and exporter) in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) + # @section -- Configuration parameters + extraEnvs: [] + +backend: + image: + # -- The Docker repository to pull the image from. + # @section -- Backend parameters + repository: penpotapp/backend + # -- The image tag to use. + # @section -- Backend parameters + tag: 2.10.1 + # -- The image pull policy to use. + # @section -- Backend parameters + pullPolicy: IfNotPresent + # -- The number of replicas to deploy. + # @section -- Backend parameters + replicaCount: 1 + service: + # -- The http service type to create. + # @section -- Backend parameters + type: ClusterIP + # -- The http service port to use. + # @section -- Backend parameters + port: 6060 + # -- Mapped annotations for the backend service + # @section -- Backend parameters + annotations: {} + # -- An optional map of annotations to be applied to the controller Deployment + # @section -- Backend parameters + deploymentAnnotations: {} + # -- An optional map of labels to be applied to the controller Pods + # @section -- Backend parameters + podLabels: {} + # -- An optional map of annotations to be applied to the controller Pods + # @section -- Backend parameters + podAnnotations: {} + # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Backend parameters + podSecurityContext: + fsGroup: 1001 + # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Backend parameters + containerSecurityContext: + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true + # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # @section -- Backend parameters + affinity: {} + # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) + # @section -- Backend parameters + nodeSelector: {} + # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) + # @section -- Backend parameters + tolerations: [] + # -- Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) + # @section -- Backend parameters + resources: + # -- The resources limits for the Penpot backend containers + # @section -- Backend parameters + limits: {} + # -- The requested resources for the Penpot backend containers + # @section -- Backend parameters + requests: {} + # -- Startup probe for the Penpot backend containers. Tolerates up to 30 * 10 = 300 seconds = 5 Minutes. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes) + # @section -- Backend parameters + startupProbe: + httpGet: + path: /readyz + port: http + failureThreshold: 30 + periodSeconds: 10 + # -- Configure Pod Disruption Budget for the backend pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) + # @section -- Backend parameters + pdb: + # -- Enable Pod Disruption Budget for the backend pods. + # @section -- Backend parameters + enabled: false + # -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%"). + # @section -- Backend parameters + minAvailable: + # -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%"). + # @section -- Backend parameters + maxUnavailable: + # -- Specify any additional environment values you want to provide to the backend container in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) + # @section -- Backend parameters + extraEnvs: [] + # -- Extra volumes to be made available. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) + # @section -- Backend parameters + volumes: [] + # -- Extra volumes to be mounted in the countainer. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) + # @section -- Backend parameters + volumeMounts: [] + +frontend: + image: + # -- The Docker repository to pull the image from. + # @section -- Frontend parameters + repository: penpotapp/frontend + # -- The image tag to use. + # @section -- Frontend parameters + tag: 2.10.1 + # -- The image pull policy to use. + # @section -- Frontend parameters + pullPolicy: IfNotPresent + # -- The number of replicas to deploy. + # @section -- Frontend parameters + replicaCount: 1 + service: + # -- The service type to create. + # @section -- Frontend parameters + type: ClusterIP + # -- The service port to use. + # @section -- Frontend parameters + port: 8080 + # -- Mapped annotations for the frontend service + # @section -- Frontend parameters + annotations: {} + # -- An optional map of annotations to be applied to the controller Deployment + # @section -- Frontend parameters + deploymentAnnotations: {} + # -- An optional map of labels to be applied to the controller Pods + # @section -- Frontend parameters + podLabels: {} + # -- An optional map of annotations to be applied to the controller Pods + # @section -- Frontend parameters + podAnnotations: {} + # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Frontend parameters + podSecurityContext: + fsGroup: 1001 + # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Frontend parameters + containerSecurityContext: + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true + # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # @section -- Frontend parameters + affinity: {} + # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) + # @section -- Frontend parameters + nodeSelector: {} + # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) + # @section -- Frontend parameters + tolerations: [] + # -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) + # @section -- Frontend parameters + resources: + # -- The resources limits for the Penpot frontend containers + # @section -- Frontend parameters + limits: {} + # -- The requested resources for the Penpot frontend containers + # @section -- Frontend parameters + requests: {} + # -- Configure Pod Disruption Budget for the frontend pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) + # @section -- Frontend parameters + pdb: + # -- Enable Pod Disruption Budget for the frontend pods. + # @section -- Frontend parameters + enabled: false + # -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%"). + # @section -- Frontend parameters + minAvailable: + # -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%"). + # @section -- Frontend parameters + maxUnavailable: + # -- Specify any additional environment values you want to provide to the frontend container in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) + # @section -- Frontend parameters + extraEnvs: [] + # -- Extra volumes to be made available. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) + # @section -- Frontend parameters + volumes: [] + # -- Extra volumes to be mounted in the countainer. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) + # @section -- Frontend parameters + volumeMounts: [] + +exporter: + image: + # -- The Docker repository to pull the image from. + # @section -- Exporter parameters + repository: penpotapp/exporter + # -- The image tag to use. + # @section -- Exporter parameters + tag: 2.10.1 + # -- The image pull policy to use. + # @section -- Exporter parameters + imagePullPolicy: IfNotPresent + # -- The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount + # @section -- Exporter parameters + replicaCount: 1 + service: + # -- The service type to create. + # @section -- Exporter parameters + type: ClusterIP + # -- The service port to use. + # @section -- Exporter parameters + port: 6061 + # -- Mapped annotations for the exporter service + # @section -- Exporter parameters + annotations: {} + # -- An optional map of annotations to be applied to the controller Deployment + # @section -- Exporter parameters + deploymentAnnotations: {} + # -- An optional map of labels to be applied to the controller Pods + # @section -- Exporter parameters + podLabels: {} + # -- An optional map of annotations to be applied to the controller Pods + # @section -- Exporter parameters + podAnnotations: {} + # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Exporter parameters + podSecurityContext: + fsGroup: 1001 + # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) + # @section -- Exporter parameters + containerSecurityContext: + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true + # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) + # @section -- Exporter parameters + affinity: {} + # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) + # @section -- Exporter parameters + nodeSelector: {} + # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) + # @section -- Exporter parameters + tolerations: [] + # -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) + # @section -- Exporter parameters + resources: + # -- The resources limits for the Penpot frontend containers + # @section -- Exporter parameters + limits: {} + # -- The requested resources for the Penpot frontend containers + # @section -- Exporter parameters + requests: {} + # -- Configure Pod Disruption Budget for the exporter pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) + # @section -- Exporter parameters + pdb: + # -- Enable Pod Disruption Budget for the exporter pods. + # @section -- Exporter parameters + enabled: false + # -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%"). + # @section -- Exporter parameters + minAvailable: + # -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%"). + # @section -- Exporter parameters + maxUnavailable: + # -- Specify any additional environment values you want to provide to the exporter container in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) + # @section -- Exporter parameters + extraEnvs: [] + # -- Extra volumes to be made available. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) + # @section -- Exporter parameters + volumes: [] + # -- Extra volumes to be mounted in the countainer. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) + # @section -- Exporter parameters + volumeMounts: [] + +persistence: + assets: + # -- Enable assets persistence using Persistent Volume Claims. + # @section -- Persistence parameters + enabled: true + # -- Assets persistent Volume storage class. + # If defined, storageClassName: . + # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. + # @section -- Persistence parameters + storageClass: "" + # -- Assets persistent Volume size. + # @section -- Persistence parameters + size: 20Gi + # -- The name of an existing PVC to use for assets persistence. + # @section -- Persistence parameters + existingClaim: "" + # -- Assets persistent Volume access modes. + # @section -- Persistence parameters + accessModes: + - ReadWriteOnce + # -- Assetsp ersistent Volume Claim annotations. + # @section -- Persistence parameters + annotations: {} + exporter: + # -- Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it. + # @section -- Persistence parameters + enabled: false + # -- Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider. + # @section -- Persistence parameters + storageClass: "" + # -- Exporter persistent Volume size. + # @section -- Persistence parameters + size: 10Gi + # -- The name of an existing PVC to use for persistence. + # @section -- Persistence parameters + existingClaim: "" + # -- Exporter persistent Volume access modes. + # @section -- Persistence parameters + accessModes: + - ReadWriteOnce + # -- Exporter persistent Volume Claim annotations. + # @section -- Persistence parameters + annotations: {} + +ingress: + # -- Enable (frontend) Ingress Controller. + # @section -- Ingress parameters + enabled: true + # -- The Ingress className. + # @section -- Ingress parameters + className: "traefik" + # -- Mapped annotations for the ingress crontroller. + # E.g. + # annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # @section -- Ingress parameters + annotations: + cert-manager.io/cluster-issuer: letsencrypt + # -- Root path for every hosts. + # @section -- Ingress parameters + path: "/" + # -- Array style hosts for the (frontend) ingress crontroller. + # @section -- Ingress parameters + hosts: + # -- The default external hostname to access to the penpot app. + # @section -- Ingress parameters + - "penpot.dgse.cloud" + # -- Array style TLS secrets for the (frontend) ingress crontroller. + # E.g. + # tls: + # - secretName: penpot.example.com-tls + # hosts: + # - penpot.example.com + # @section -- Ingress parameters + tls: + - hosts: + - penpot.dgse.cloud + secretName: penpot-tls + +route: + # -- Enable Openshift/OKD Route. Check [the official doc](https://docs.openshift.com/container-platform/4.16/networking/routes/route-configuration.html). When it is enabled, all fsGroup and runAsUser must be changed to null. + # @section -- Route parameters + enabled: false + # -- An optional map of annotations to be applied to the route. + # @section -- Route parameters + annotations: {} + # -- The default external hostname to access to the penpot app. + # @section -- Route parameters + host: penpot.example.com + # -- Define a path to use Path-based routes. + # @section -- Route parameters + path: null + # -- A Map with TLS configuration for the route. + # E.g. + # tls: + # terminationType: edge + # terminationPolicy: Redirect + # @section -- Route parameters + tls: {} + # -- Define the wildcard policy (None, Subdomain, ...) + # @section -- Route parameters + wildcardPolicy: None + +# PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql)) +postgresql: + image: + repository: bitnamilegacy/postgresql + tag: "16.4.0-debian-12-r14" + global: + compatibility: + openshift: + # -- Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + # @section -- PostgreSQL Dependencie parameters + adaptSecurityContext: "auto" + + auth: + # -- Name for a custom user to create. + # @section -- PostgreSQL Dependencie parameters + username: "penpot" + # -- Password for the custom user to create. + # @section -- PostgreSQL Dependencie parameters + password: "penpot" + # -- Name for a custom database to create. + # @section -- PostgreSQL Dependencie parameters + database: "penpot" + +# Valkey configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/valkey)) +valkey: + image: + repository: bitnamilegacy/valkey + tag: "8.1.3-debian-12-r3" + global: + compatibility: + openshift: + # -- Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + # @section -- Valkey Dependencie parameters + adaptSecurityContext: "auto" + auth: + # -- Whether to enable password authentication. + # @section -- Valkey Dependencie parameters + enabled: false + # -- Valkey architecture. Allowed values: `standalone` or `replication`. Penpot only needs a standalone Valkey StatefulSet. Check for [more info here](https://artifacthub.io/packages/helm/bitnami/vlakey#cluster-topologies) + # @section -- Valkey Dependencie parameters + architecture: standalone + +# Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) +# DEPRECATION WARNING: Since penpot 2.8, Penpot has migrated from Redis to Velkey. Although migration is recommended. Penpot will work seamlessly with compatible Redis versions. +redis: + image: + repository: bitnamilegacy/redis + tag: "7.2.5-debian-12-r4" + global: + compatibility: + openshift: + # -- Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + # @section -- Redis Dependencie parameters + adaptSecurityContext: "auto" + auth: + # -- Whether to enable password authentication. + # @section -- Redis Dependencie parameters + enabled: false + # -- RedisĀ® architecture. Allowed values: `standalone` or `replication`. Penpot only needs a standalone RedisĀ® StatefulSet. Check for [more info here](https://artifacthub.io/packages/helm/bitnami/redis#cluster-topologies) + # @section -- Redis Dependencie parameters + architecture: standalone +