DGSE/kubernetes
1
0
Fork 0
Code Issues 3 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

chore(penpot): Added first deployment
All checks were successful
Validate K8s manifests / validate-manifests (push) Successful in 2m11s
Details

Browse Source
This commit is contained in:
Daniël Groothuis
2025-10-24 10:34:42 +02:00
parent e97a0bd896
commit feab63c773
6 changed files with 848 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
clusters/artemis/apps/kustomization.yaml
View File

@@ -14,3 +14,4 @@ resources:
- vaultwarden - vaultwarden
- mailu - mailu
- ntfy - ntfy
- penpot

17
clusters/artemis/apps/penpot/app-project.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: penpot
spec:
description: Design tool
sourceRepos:
- '*'
sourceNamespaces:
- '*'
destinations:
- namespace: 'penpot'
server: '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'

24
clusters/artemis/apps/penpot/application.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: penpot
namespace: penpot
labels:
platform.dgse.cloud/cluster: artemis
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: penpot
source:
repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
path: manifests/artemis/penpot
targetRevision: main
destination:
namespace: penpot
name: in-cluster
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: true

7
clusters/artemis/apps/penpot/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- app-project.yaml
- application.yaml

13
manifests/artemis/penpot/kustomization.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: penpot
helmCharts:
- name: penpot
repo: http://helm.penpot.app
version: 0.28.0
releaseName: penpot
namespace: penpot
valuesFile: values.yaml

786
manifests/artemis/penpot/values.yaml Normal file
View File

@@ -0,0 +1,786 @@
# yaml-language-server: $schema=values.schema.json
## Default values for Penpot
global:
# -- Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
# @section -- Global parameters
postgresqlEnabled: false
# -- Whether to deploy the Bitnami Valkey chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/valkey) for configuration.
# @section -- Global parameters
valkeyEnabled: false
# -- Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
# *DEPRECATION WARNING: Since Penpot 2.8, Penpot has migrated from Redis to Valkey. Although migration is recommended, Penpot will work seamlessly with compatible Redis versions.
# @section -- Global parameters
redisEnabled: false
# -- Global Docker registry secret names.
# E.g.
# imagePullSecrets:
# - myRegistryKeySecretName
# @section -- Global parameters
imagePullSecrets: []
# -- To partially override common.names.fullname
# @section -- Common parameters
nameOverride: ""
# -- To fully override common.names.fullname
# @section -- Common parameters
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a ServiceAccount should be created.
# @section -- Common parameters
enabled: true
# -- Annotations for service account. Evaluated as a template.
# @section -- Common parameters
annotations: {}
# -- The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
# @section -- Common parameters
name: "penpot"
config:
# -- The public domain to serve Penpot on.
# **IMPORTANT:** Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
# @section -- Configuration parameters
publicUri: "http://penpot.dgse.cloud"
# -- The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
# @section -- Configuration parameters
flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp"
# -- A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example.
# @section -- Configuration parameters
apiSecretKey: ""
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: "penpot-api"
secretKeys:
# -- The api secret key to use from an existing secret.
# @section -- Configuration parameters
apiSecretKey: "token"
# -- Comma separated list of allowed domains to register. Empty to allow all domains.
# @section -- Configuration parameters
registrationDomainWhitelist: ""
# -- Whether to enable sending of anonymous telemetry data.
# @section -- Configuration parameters
telemetryEnabled: true
# -- Add custom resolver for frontend. e.g. 192.168.1.1
# @section -- Configuration parameters
internalResolver: ""
# -- Url adress to Terms of Services (empty to hide the link)
# @section -- Configuration parameters
termsOfServicesUri: ""
# -- Url adress to Privacy Policy (empty to hide the link)
# @section -- Configuration parameters
privacyPolicyUri: ""
postgresql:
# -- The PostgreSQL host to connect to. Empty to use dependencies.
# @section -- Configuration parameters
host: "" # Ex.: "postgresql.penpot.svc.cluster.local"
# -- The PostgreSQL host port to use.
# @section -- Configuration parameters
port: 5432
# -- The database username to use.
# @section -- Configuration parameters
username: "penpot"
# -- The database password to use.
# @section -- Configuration parameters
password: "penpot"
# -- The PostgreSQL database to use.
# @section -- Configuration parameters
database: "penpot"
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: ""
secretKeys:
# -- The postgresql uri key to use from an existing secret. (postgresql://host:port/database).
# @section -- Configuration parameters
postgresqlUriKey: ""
# -- The username key to use from an existing secret.
# @section -- Configuration parameters
usernameKey: ""
# -- The password key to use from an existing secret.
# @section -- Configuration parameters
passwordKey: ""
redis:
# -- The Valkey host to connect to. Empty to use dependencies
# @section -- Configuration parameters
host: "" # Ex.: "redis-headless.penpot.svc.cluster.local"
# -- The Valkey host port to use.
# @section -- Configuration parameters
port: 6379
# -- The Valkey database to connect to.
# @section -- Configuration parameters
database: "0"
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: ""
secretKeys:
# -- The redis uri key to use from an existing secret. (redis://:password@host:port/database).
# @section -- Configuration parameters
redisUriKey: ""
assets:
# -- The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
# @section -- Configuration parameters
storageBackend: "assets-fs"
filesystem:
# -- The storage directory to use if you chose the filesystem storage backend.
# @section -- Configuration parameters
directory: "/opt/data/assets"
s3:
# -- The S3 access key ID to use if you chose the S3 storage backend.
# @section -- Configuration parameters
accessKeyID: ""
# -- The S3 secret access key to use if you chose the S3 storage backend.
# @section -- Configuration parameters
secretAccessKey: ""
# -- The S3 region to use if you chose the S3 storage backend.
# @section -- Configuration parameters
region: ""
# -- The name of the S3 bucket to use if you chose the S3 storage backend.
# @section -- Configuration parameters
bucket: ""
# -- The S3 endpoint URI to use if you chose the S3 storage backend.
# @section -- Configuration parameters
endpointURI: ""
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: ""
secretKeys:
# -- The S3 access key ID to use from an existing secret.
# @section -- Configuration parameters
accessKeyIDKey: ""
# -- The S3 secret access key to use from an existing secret.
# @section -- Configuration parameters
secretAccessKey: ""
# -- The S3 endpoint URI to use from an existing secret.
# @section -- Configuration parameters
endpointURIKey: ""
smtp:
# -- Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
# @section -- Configuration parameters
enabled: false
# -- The SMTP default email to send from.
# @section -- Configuration parameters
defaultFrom: ""
# -- The SMTP default email to reply to.
# @section -- Configuration parameters
defaultReplyTo: ""
# -- The SMTP host to use.
# @section -- Configuration parameters
host: ""
# -- The SMTP host port to use.
# @section -- Configuration parameters
port: ""
# -- The SMTP username to use.
# @section -- Configuration parameters
username: ""
# -- The SMTP password to use.
# @section -- Configuration parameters
password: ""
# -- Whether to use TLS for the SMTP connection.
# @section -- Configuration parameters
tls: true
# -- Whether to use SSL for the SMTP connection.
# @section -- Configuration parameters
ssl: false
# -- The name of an existing secret.
# @section -- Configuration parameters
existingSecret: ""
secretKeys:
# -- The SMTP username to use from an existing secret.
# @section -- Configuration parameters
usernameKey: ""
# -- The SMTP password to use from an existing secret.
# @section -- Configuration parameters
passwordKey: ""
providers:
google:
# -- Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
# @section -- Configuration parameters
clientID: ""
# -- The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
# @section -- Configuration parameters
clientSecret: ""
github:
# -- Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The GitHub client ID to use.
# @section -- Configuration parameters
clientID: ""
# -- The GitHub client secret to use.
# @section -- Configuration parameters
clientSecret: ""
gitlab:
# -- Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The GitLab base URI to use.
# @section -- Configuration parameters
baseURI: "https://gitlab.com"
# -- The GitLab client ID to use.
# @section -- Configuration parameters
clientID: ""
# -- The GitLab client secret to use.
# @section -- Configuration parameters
clientSecret: ""
oidc:
# -- Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The OpenID Connect base URI to use.
# @section -- Configuration parameters
baseURI: ""
# -- The OpenID Connect client ID to use.
# @section -- Configuration parameters
clientID: ""
# -- The OpenID Connect client secret to use.
# @section -- Configuration parameters
clientSecret: ""
# -- Optional OpenID Connect auth URI to use. Auto discovered if not provided.
# @section -- Configuration parameters
authURI: ""
# -- Optional OpenID Connect token URI to use. Auto discovered if not provided.
# @section -- Configuration parameters
tokenURI: ""
# -- Optional OpenID Connect user URI to use. Auto discovered if not provided.
# @section -- Configuration parameters
userURI: ""
# -- Optional OpenID Connect roles to use. If no role is provided, role checking is disabled (default role values are set below, to disable role verification, send an empty string).
# @section -- Configuration parameters
roles: "designer developer"
# -- Optional OpenID Connect roles attribute to use. If not provided, the role checking will be disabled.
# @section -- Configuration parameters
rolesAttribute: ""
# -- Optional OpenID Connect scopes to use. These settings allow overwriting the required scopes, use with caution because penpot requires at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
# @section -- Configuration parameters
scopes: "scope1 scope2"
# -- Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
# @section -- Configuration parameters
nameAttribute: ""
# -- Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
# @section -- Configuration parameters
emailAttribute: ""
ldap:
# -- Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
# @section -- Configuration parameters
enabled: false
# -- The LDAP host to use.
# @section -- Configuration parameters
host: "ldap"
# -- The LDAP port to use.
# @section -- Configuration parameters
port: 10389
# -- Whether to use SSL for the LDAP connection.
# @section -- Configuration parameters
ssl: false
# -- Whether to utilize StartTLS for the LDAP connection.
# @section -- Configuration parameters
startTLS: false
# -- The LDAP base DN to use.
# @section -- Configuration parameters
baseDN: "ou=people,dc=planetexpress,dc=com"
# -- The LDAP bind DN to use.
# @section -- Configuration parameters
bindDN: "uid=admin,ou=people,dc=planetexpress,dc=com"
# -- The LDAP bind password to use.
# @section -- Configuration parameters
bindPassword: "GoodNewsEveryone"
# -- The LDAP user query to use.
# @section -- Configuration parameters
userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))"
# -- The LDAP attributes username to use.
# @section -- Configuration parameters
attributesUsername: "uid"
# -- The LDAP attributes email to use.
# @section -- Configuration parameters
attributesEmail: "mail"
# -- The LDAP attributes fullname to use.
# @section -- Configuration parameters
attributesFullname: "cn"
# -- The LDAP attributes photo format to use.
# @section -- Configuration parameters
attributesPhoto: "jpegPhoto"
# -- The name of an existing secret to use.
# @section -- Configuration parameters
existingSecret: ""
secretKeys:
# -- The Google client ID key to use from an existing secret.
# @section -- Configuration parameters
googleClientIDKey: ""
# -- The Google client secret key to use from an existing secret.
# @section -- Configuration parameters
googleClientSecretKey: ""
# -- The GitHub client ID key to use from an existing secret.
# @section -- Configuration parameters
githubClientIDKey: ""
# -- The GitHub client secret key to use from an existing secret.
# @section -- Configuration parameters
githubClientSecretKey: ""
# -- The GitLab client ID key to use from an existing secret.
# @section -- Configuration parameters
gitlabClientIDKey: ""
# -- The GitLab client secret key to use from an existing secret.
# @section -- Configuration parameters
gitlabClientSecretKey: ""
# -- The OpenID Connect client ID key to use from an existing secret.
# @section -- Configuration parameters
oidcClientIDKey: ""
# -- The OpenID Connect client secret key to use from an existing secret.
# @section -- Configuration parameters
oidcClientSecretKey: ""
# -- The LDAP admin bind password to use from an exsiting secret
# @section -- Configuration parameters
ldapBindPasswordKey: ""
autoFileSnapshot:
# -- How many changes before generating a new snapshot. You also need to add the 'auto-file-snapshot' flag to the PENPOT_FLAGS variable.
# @section -- Configuration parameters
every: 5 # Every 5 changes
# -- If there isn't a snapshot during this time, the system will generate one automatically. You also need to add the 'auto-file-snapshot' flag to the PENPOT_FLAGS variable.
# @section -- Configuration parameters
timeout: "3h"
# -- Specify any additional environment values you want to provide to all the containers (frontend, backend and exporter) in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables)
# @section -- Configuration parameters
extraEnvs: []
backend:
image:
# -- The Docker repository to pull the image from.
# @section -- Backend parameters
repository: penpotapp/backend
# -- The image tag to use.
# @section -- Backend parameters
tag: 2.10.1
# -- The image pull policy to use.
# @section -- Backend parameters
pullPolicy: IfNotPresent
# -- The number of replicas to deploy.
# @section -- Backend parameters
replicaCount: 1
service:
# -- The http service type to create.
# @section -- Backend parameters
type: ClusterIP
# -- The http service port to use.
# @section -- Backend parameters
port: 6060
# -- Mapped annotations for the backend service
# @section -- Backend parameters
annotations: {}
# -- An optional map of annotations to be applied to the controller Deployment
# @section -- Backend parameters
deploymentAnnotations: {}
# -- An optional map of labels to be applied to the controller Pods
# @section -- Backend parameters
podLabels: {}
# -- An optional map of annotations to be applied to the controller Pods
# @section -- Backend parameters
podAnnotations: {}
# -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Backend parameters
podSecurityContext:
fsGroup: 1001
# -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Backend parameters
containerSecurityContext:
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
# -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# @section -- Backend parameters
affinity: {}
# -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
# @section -- Backend parameters
nodeSelector: {}
# -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
# @section -- Backend parameters
tolerations: []
# -- Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
# @section -- Backend parameters
resources:
# -- The resources limits for the Penpot backend containers
# @section -- Backend parameters
limits: {}
# -- The requested resources for the Penpot backend containers
# @section -- Backend parameters
requests: {}
# -- Startup probe for the Penpot backend containers. Tolerates up to 30 * 10 = 300 seconds = 5 Minutes. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes)
# @section -- Backend parameters
startupProbe:
httpGet:
path: /readyz
port: http
failureThreshold: 30
periodSeconds: 10
# -- Configure Pod Disruption Budget for the backend pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
# @section -- Backend parameters
pdb:
# -- Enable Pod Disruption Budget for the backend pods.
# @section -- Backend parameters
enabled: false
# -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%").
# @section -- Backend parameters
minAvailable:
# -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%").
# @section -- Backend parameters
maxUnavailable:
# -- Specify any additional environment values you want to provide to the backend container in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables)
# @section -- Backend parameters
extraEnvs: []
# -- Extra volumes to be made available. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/)
# @section -- Backend parameters
volumes: []
# -- Extra volumes to be mounted in the countainer. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/)
# @section -- Backend parameters
volumeMounts: []
frontend:
image:
# -- The Docker repository to pull the image from.
# @section -- Frontend parameters
repository: penpotapp/frontend
# -- The image tag to use.
# @section -- Frontend parameters
tag: 2.10.1
# -- The image pull policy to use.
# @section -- Frontend parameters
pullPolicy: IfNotPresent
# -- The number of replicas to deploy.
# @section -- Frontend parameters
replicaCount: 1
service:
# -- The service type to create.
# @section -- Frontend parameters
type: ClusterIP
# -- The service port to use.
# @section -- Frontend parameters
port: 8080
# -- Mapped annotations for the frontend service
# @section -- Frontend parameters
annotations: {}
# -- An optional map of annotations to be applied to the controller Deployment
# @section -- Frontend parameters
deploymentAnnotations: {}
# -- An optional map of labels to be applied to the controller Pods
# @section -- Frontend parameters
podLabels: {}
# -- An optional map of annotations to be applied to the controller Pods
# @section -- Frontend parameters
podAnnotations: {}
# -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Frontend parameters
podSecurityContext:
fsGroup: 1001
# -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Frontend parameters
containerSecurityContext:
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
# -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# @section -- Frontend parameters
affinity: {}
# -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
# @section -- Frontend parameters
nodeSelector: {}
# -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
# @section -- Frontend parameters
tolerations: []
# -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
# @section -- Frontend parameters
resources:
# -- The resources limits for the Penpot frontend containers
# @section -- Frontend parameters
limits: {}
# -- The requested resources for the Penpot frontend containers
# @section -- Frontend parameters
requests: {}
# -- Configure Pod Disruption Budget for the frontend pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
# @section -- Frontend parameters
pdb:
# -- Enable Pod Disruption Budget for the frontend pods.
# @section -- Frontend parameters
enabled: false
# -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%").
# @section -- Frontend parameters
minAvailable:
# -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%").
# @section -- Frontend parameters
maxUnavailable:
# -- Specify any additional environment values you want to provide to the frontend container in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables)
# @section -- Frontend parameters
extraEnvs: []
# -- Extra volumes to be made available. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/)
# @section -- Frontend parameters
volumes: []
# -- Extra volumes to be mounted in the countainer. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/)
# @section -- Frontend parameters
volumeMounts: []
exporter:
image:
# -- The Docker repository to pull the image from.
# @section -- Exporter parameters
repository: penpotapp/exporter
# -- The image tag to use.
# @section -- Exporter parameters
tag: 2.10.1
# -- The image pull policy to use.
# @section -- Exporter parameters
imagePullPolicy: IfNotPresent
# -- The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount
# @section -- Exporter parameters
replicaCount: 1
service:
# -- The service type to create.
# @section -- Exporter parameters
type: ClusterIP
# -- The service port to use.
# @section -- Exporter parameters
port: 6061
# -- Mapped annotations for the exporter service
# @section -- Exporter parameters
annotations: {}
# -- An optional map of annotations to be applied to the controller Deployment
# @section -- Exporter parameters
deploymentAnnotations: {}
# -- An optional map of labels to be applied to the controller Pods
# @section -- Exporter parameters
podLabels: {}
# -- An optional map of annotations to be applied to the controller Pods
# @section -- Exporter parameters
podAnnotations: {}
# -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Exporter parameters
podSecurityContext:
fsGroup: 1001
# -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod)
# @section -- Exporter parameters
containerSecurityContext:
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
# -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
# @section -- Exporter parameters
affinity: {}
# -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/)
# @section -- Exporter parameters
nodeSelector: {}
# -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/)
# @section -- Exporter parameters
tolerations: []
# -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/)
# @section -- Exporter parameters
resources:
# -- The resources limits for the Penpot frontend containers
# @section -- Exporter parameters
limits: {}
# -- The requested resources for the Penpot frontend containers
# @section -- Exporter parameters
requests: {}
# -- Configure Pod Disruption Budget for the exporter pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
# @section -- Exporter parameters
pdb:
# -- Enable Pod Disruption Budget for the exporter pods.
# @section -- Exporter parameters
enabled: false
# -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%").
# @section -- Exporter parameters
minAvailable:
# -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%").
# @section -- Exporter parameters
maxUnavailable:
# -- Specify any additional environment values you want to provide to the exporter container in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables)
# @section -- Exporter parameters
extraEnvs: []
# -- Extra volumes to be made available. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/)
# @section -- Exporter parameters
volumes: []
# -- Extra volumes to be mounted in the countainer. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/)
# @section -- Exporter parameters
volumeMounts: []
persistence:
assets:
# -- Enable assets persistence using Persistent Volume Claims.
# @section -- Persistence parameters
enabled: true
# -- Assets persistent Volume storage class.
# If defined, storageClassName: <storageClass>.
# If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
# @section -- Persistence parameters
storageClass: ""
# -- Assets persistent Volume size.
# @section -- Persistence parameters
size: 20Gi
# -- The name of an existing PVC to use for assets persistence.
# @section -- Persistence parameters
existingClaim: ""
# -- Assets persistent Volume access modes.
# @section -- Persistence parameters
accessModes:
- ReadWriteOnce
# -- Assetsp ersistent Volume Claim annotations.
# @section -- Persistence parameters
annotations: {}
exporter:
# -- Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it.
# @section -- Persistence parameters
enabled: false
# -- Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider.
# @section -- Persistence parameters
storageClass: ""
# -- Exporter persistent Volume size.
# @section -- Persistence parameters
size: 10Gi
# -- The name of an existing PVC to use for persistence.
# @section -- Persistence parameters
existingClaim: ""
# -- Exporter persistent Volume access modes.
# @section -- Persistence parameters
accessModes:
- ReadWriteOnce
# -- Exporter persistent Volume Claim annotations.
# @section -- Persistence parameters
annotations: {}
ingress:
# -- Enable (frontend) Ingress Controller.
# @section -- Ingress parameters
enabled: true
# -- The Ingress className.
# @section -- Ingress parameters
className: "traefik"
# -- Mapped annotations for the ingress crontroller.
# E.g.
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# @section -- Ingress parameters
annotations:
cert-manager.io/cluster-issuer: letsencrypt
# -- Root path for every hosts.
# @section -- Ingress parameters
path: "/"
# -- Array style hosts for the (frontend) ingress crontroller.
# @section -- Ingress parameters
hosts:
# -- The default external hostname to access to the penpot app.
# @section -- Ingress parameters
- "penpot.dgse.cloud"
# -- Array style TLS secrets for the (frontend) ingress crontroller.
# E.g.
# tls:
# - secretName: penpot.example.com-tls
# hosts:
# - penpot.example.com
# @section -- Ingress parameters
tls:
- hosts:
- penpot.dgse.cloud
secretName: penpot-tls
route:
# -- Enable Openshift/OKD Route. Check [the official doc](https://docs.openshift.com/container-platform/4.16/networking/routes/route-configuration.html). When it is enabled, all fsGroup and runAsUser must be changed to null.
# @section -- Route parameters
enabled: false
# -- An optional map of annotations to be applied to the route.
# @section -- Route parameters
annotations: {}
# -- The default external hostname to access to the penpot app.
# @section -- Route parameters
host: penpot.example.com
# -- Define a path to use Path-based routes.
# @section -- Route parameters
path: null
# -- A Map with TLS configuration for the route.
# E.g.
# tls:
# terminationType: edge
# terminationPolicy: Redirect
# @section -- Route parameters
tls: {}
# -- Define the wildcard policy (None, Subdomain, ...)
# @section -- Route parameters
wildcardPolicy: None
# PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
postgresql:
image:
repository: bitnamilegacy/postgresql
tag: "16.4.0-debian-12-r14"
global:
compatibility:
openshift:
# -- Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
# @section -- PostgreSQL Dependencie parameters
adaptSecurityContext: "auto"
auth:
# -- Name for a custom user to create.
# @section -- PostgreSQL Dependencie parameters
username: "penpot"
# -- Password for the custom user to create.
# @section -- PostgreSQL Dependencie parameters
password: "penpot"
# -- Name for a custom database to create.
# @section -- PostgreSQL Dependencie parameters
database: "penpot"
# Valkey configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/valkey))
valkey:
image:
repository: bitnamilegacy/valkey
tag: "8.1.3-debian-12-r3"
global:
compatibility:
openshift:
# -- Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
# @section -- Valkey Dependencie parameters
adaptSecurityContext: "auto"
auth:
# -- Whether to enable password authentication.
# @section -- Valkey Dependencie parameters
enabled: false
# -- Valkey architecture. Allowed values: `standalone` or `replication`. Penpot only needs a standalone Valkey StatefulSet. Check for [more info here](https://artifacthub.io/packages/helm/bitnami/vlakey#cluster-topologies)
# @section -- Valkey Dependencie parameters
architecture: standalone
# Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
# DEPRECATION WARNING: Since penpot 2.8, Penpot has migrated from Redis to Velkey. Although migration is recommended. Penpot will work seamlessly with compatible Redis versions.
redis:
image:
repository: bitnamilegacy/redis
tag: "7.2.5-debian-12-r4"
global:
compatibility:
openshift:
# -- Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
# @section -- Redis Dependencie parameters
adaptSecurityContext: "auto"
auth:
# -- Whether to enable password authentication.
# @section -- Redis Dependencie parameters
enabled: false
# -- Redis® architecture. Allowed values: `standalone` or `replication`. Penpot only needs a standalone Redis® StatefulSet. Check for [more info here](https://artifacthub.io/packages/helm/bitnami/redis#cluster-topologies)
# @section -- Redis Dependencie parameters
architecture: standalone