# Default values for kanidm. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 image: repository: docker.io/kanidm/server pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "1.5.0" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" kanidm: bindaddress: "[::]:8443" domain: "idm.example.com" #origin: "https://{{ .Values.kanidm.domain }}:8443 trust_x_forward_for: true db_path: "/data/kanidm.db" #db_fs_type: "zfs" #db_arc_size: "2048" tls_chain: "/data/chain.pem" tls_key: "/data/key.pem" log_level: "debug" kanidmLdap: enabled: false dapbindaddress: "[::]:3636" kanidmOnlineBackup: enabled: true path: "/data/kanidm/backups/" schedule: "00 22 * * *" versions: "7" serviceAccount: # Specifies whether a service account should be created create: true # Automatically mount a ServiceAccount's API credentials? automount: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podLabels: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 service: type: ClusterIP port: 8443 ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local persistence: enabled: true annotations: {} ## PeerTube data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## # storageClass: "-" ## A manually managed Persistent Volume and Claim ## Requires persistence.enabled: true ## If defined, PVC must be created manually before volume will be bound # existingClaim: accessMode: ReadWriteOnce size: 1Gi resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi livenessProbe: httpGet: scheme: HTTPS path: / port: http readinessProbe: httpGet: scheme: HTTPS path: / port: http autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 # Additional volumes on the output Deployment definition. volumes: [] # - name: foo # secret: # secretName: mysecret # optional: false # Additional volumeMounts on the output Deployment definition. volumeMounts: [] # - name: foo # mountPath: "/etc/foo" # readOnly: true nodeSelector: {} tolerations: [] affinity: {}