ansible/roles/chartmuseum/defaults/main.yaml

chartmuseum_enabled: true
chartmuseum_publish: false
chartmuseum_default_values:
  env:
    open:
      # storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle
      STORAGE: local
      # levels of nested repos for multitenancy. The default depth is 0 (singletenant server)
      DEPTH: 0
      # sets the base context path
      CONTEXT_PATH: /
      # show debug messages
      DEBUG: false
      # output structured logs as json
      LOG_JSON: true
      # disable use of index-cache.yaml
      DISABLE_STATEFILES: false
      # disable Prometheus metrics
      DISABLE_METRICS: true
      # disable all routes prefixed with /api
      DISABLE_API: false
      # allow chart versions to be re-uploaded
      ALLOW_OVERWRITE: true
      # allow anonymous GET operations when auth is used
      AUTH_ANONYMOUS_GET: true
    secret:
      # username for basic http authentication
      BASIC_AUTH_USER: "{{ chartmuseum_admin_login | default('admin') }}" 
      # password for basic http authentication
      BASIC_AUTH_PASS: "{{ chartmuseum_admin_pass | default(chartmuseum_admin_password) }}"
  
  persistence:
    enabled: true
    accessMode: "{{ chartmuseum_storage_mode | default('ReadWriteMany') }}"
    size: "{{ chartmuseum_size | default('10Gi') }}"
    labels: {}
    path: /storage
    storageClass: "{{ chartmuseum_storage | default('nfs-hdd') }}"
  
  ## Ingress for load balancer
  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      cert-manager.io/acme-dns01-provider: "rfc2136"
      cert-manager.io/acme-challenge-type: "dns01"
      kubernetes.io/ingress.class: "{{ external_ingress_class if chartmuseum_publish else internal_ingress_class }}"
      kubernetes.io/tls-acme: "true"
    hosts:
      - name: charts.{{ domain }}
        path: /
        tls: true
        tlsSecret: charts.{{ domain }}-tls

chartmuseum_readonly_ingress_definition: |
  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      cert-manager.io/acme-challenge-type: dns01
      cert-manager.io/acme-dns01-provider: rfc2136
      cert-manager.io/cluster-issuer: letsencrypt-prod
      kubernetes.io/ingress.class: "{{ external_ingress_class }}"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
      nginx.ingress.kubernetes.io/configuration-snippet: |-
        limit_except GET {
            deny all;
        }
    name: chartmuseum-public
    namespace: "{{ chartmuseum_namespace | default(namespace) }}"
  spec:
    rules:
    - host: "{{ chartmuseum_readonly_ingress }}"
      http:
        paths:
        - backend:
            serviceName: chartmuseum-chartmuseum
            servicePort: 8080
          path: /
    tls:
    - hosts:
      - "{{ chartmuseum_readonly_ingress }}"
      secretName: "{{ chartmuseum_readonly_ingress }}-tls"
GHP publish 2021-01-09 17:54:42 +00:00			`chartmuseum_enabled: true`
			`chartmuseum_publish: false`
			`chartmuseum_default_values:`
			`env:`
			`open:`
			`# storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle`
			`STORAGE: local`
			`# levels of nested repos for multitenancy. The default depth is 0 (singletenant server)`
			`DEPTH: 0`
			`# sets the base context path`
			`CONTEXT_PATH: /`
			`# show debug messages`
			`DEBUG: false`
			`# output structured logs as json`
			`LOG_JSON: true`
			`# disable use of index-cache.yaml`
			`DISABLE_STATEFILES: false`
			`# disable Prometheus metrics`
			`DISABLE_METRICS: true`
			`# disable all routes prefixed with /api`
			`DISABLE_API: false`
			`# allow chart versions to be re-uploaded`
			`ALLOW_OVERWRITE: true`
			`# allow anonymous GET operations when auth is used`
			`AUTH_ANONYMOUS_GET: true`
			`secret:`
			`# username for basic http authentication`
			`BASIC_AUTH_USER: "{{ chartmuseum_admin_login \| default('admin') }}"`
			`# password for basic http authentication`
			`BASIC_AUTH_PASS: "{{ chartmuseum_admin_pass \| default(chartmuseum_admin_password) }}"`

			`persistence:`
			`enabled: true`
			`accessMode: "{{ chartmuseum_storage_mode \| default('ReadWriteMany') }}"`
			`size: "{{ chartmuseum_size \| default('10Gi') }}"`
			`labels: {}`
			`path: /storage`
			`storageClass: "{{ chartmuseum_storage \| default('nfs-hdd') }}"`

			`## Ingress for load balancer`
			`ingress:`
			`enabled: true`
			`annotations:`
			`cert-manager.io/cluster-issuer: "letsencrypt-prod"`
			`cert-manager.io/acme-dns01-provider: "rfc2136"`
			`cert-manager.io/acme-challenge-type: "dns01"`
			`kubernetes.io/ingress.class: "{{ external_ingress_class if chartmuseum_publish else internal_ingress_class }}"`
			`kubernetes.io/tls-acme: "true"`
			`hosts:`
			`- name: charts.{{ domain }}`
			`path: /`
			`tls: true`
			`tlsSecret: charts.{{ domain }}-tls`

			`chartmuseum_readonly_ingress_definition: \|`
			`apiVersion: extensions/v1beta1`
			`kind: Ingress`
			`metadata:`
			`annotations:`
			`cert-manager.io/acme-challenge-type: dns01`
			`cert-manager.io/acme-dns01-provider: rfc2136`
			`cert-manager.io/cluster-issuer: letsencrypt-prod`
			`kubernetes.io/ingress.class: "{{ external_ingress_class }}"`
			`nginx.ingress.kubernetes.io/proxy-body-size: "0"`
			`nginx.ingress.kubernetes.io/proxy-read-timeout: "600"`
			`nginx.ingress.kubernetes.io/proxy-send-timeout: "600"`
			`nginx.ingress.kubernetes.io/configuration-snippet: \|-`
			`limit_except GET {`
			`deny all;`
			`}`
			`name: chartmuseum-public`
			`namespace: "{{ chartmuseum_namespace \| default(namespace) }}"`
			`spec:`
			`rules:`
			`- host: "{{ chartmuseum_readonly_ingress }}"`
			`http:`
			`paths:`
			`- backend:`
			`serviceName: chartmuseum-chartmuseum`
			`servicePort: 8080`
			`path: /`
			`tls:`
			`- hosts:`
			`- "{{ chartmuseum_readonly_ingress }}"`
			`secretName: "{{ chartmuseum_readonly_ingress }}-tls"`