ansible/roles/chartmuseum/defaults/main.yaml
2021-02-12 17:06:25 +03:00

84 lines
2.8 KiB
YAML

chartmuseum_enabled: true
chartmuseum_publish: false
chartmuseum_short_name: "charts"
chartmuseum_default_values:
env:
open:
# storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle
STORAGE: local
# levels of nested repos for multitenancy. The default depth is 0 (singletenant server)
DEPTH: 0
# sets the base context path
CONTEXT_PATH: /
# show debug messages
DEBUG: false
# output structured logs as json
LOG_JSON: true
# disable use of index-cache.yaml
DISABLE_STATEFILES: false
# disable Prometheus metrics
DISABLE_METRICS: true
# disable all routes prefixed with /api
DISABLE_API: false
# allow chart versions to be re-uploaded
ALLOW_OVERWRITE: true
# allow anonymous GET operations when auth is used
AUTH_ANONYMOUS_GET: true
secret:
# username for basic http authentication
BASIC_AUTH_USER: "{{ chartmuseum_admin_login | default('admin') }}"
# password for basic http authentication
BASIC_AUTH_PASS: "{{ chartmuseum_admin_pass | default(chartmuseum_admin_password) }}"
persistence:
enabled: true
accessMode: "{{ chartmuseum_storage_mode | default('ReadWriteMany') }}"
size: "{{ chartmuseum_size | default('10Gi') }}"
labels: {}
path: /storage
storageClass: "{{ chartmuseum_storage | default('nfs-hdd') }}"
## Ingress for load balancer
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/ingress.class: "{{ external_ingress_class if chartmuseum_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true"
hosts:
- name: "{{ chartmuseum_short_name }}.{{ domain }}"
path: /
tls: true
tlsSecret: "{{ chartmuseum_short_name }}.{{ domain }}-tls"
chartmuseum_readonly_ingress_definition: |
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class }}"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/configuration-snippet: |-
limit_except GET {
deny all;
}
name: chartmuseum-public
namespace: "{{ chartmuseum_namespace | default(namespace) }}"
spec:
rules:
- host: "{{ chartmuseum_readonly_ingress }}"
http:
paths:
- backend:
serviceName: chartmuseum-chartmuseum
servicePort: 8080
path: /
tls:
- hosts:
- "{{ chartmuseum_readonly_ingress }}"
secretName: "{{ chartmuseum_readonly_ingress }}-tls"