-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathvalues.yaml
More file actions
184 lines (170 loc) · 7.53 KB
/
values.yaml
File metadata and controls
184 lines (170 loc) · 7.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
# Default values for Fides.
# fides is the main application that runs the Admin UI and API endpoints.
fides:
image:
repository: ethyca/fides
pullPolicy: IfNotPresent
# Overrides the Fides image tag whose default is the chart appVersion.
tag: ""
configuration:
# fides.configuration.dbSecretName is the name of the Kubernetes secret containing the Postgres connection information
# This secret should have at least the following keys: DB_HOST, DB_PORT, DB_USERNAME, DB_PASSWORD, DB_DATABASE. This value is required.
dbSecretName: ""
# fides.configuration.redisSecretName is the name of the Kubernetes secret containing the Redis connection information
# This secret should have at least the following keys: REDIS_HOST, REDIS_PORT, REDIS_PASSWORD. This value is required.
redisSecretName: ""
# fides.configure.additionalEnvVar adds arbitrary environment variables to the Fides configuration, in addition to those set
# by the Helm chart. See https://www.ethyca.com/docs/dev-docs/configuration/configuration#fides-configuration-variable-reference for all possible values.
additionalEnvVars:
- name: FIDES__LOGGING__LOG_PII
value: "false"
- name: FIDES__LOGGING__LEVEL # Accepted values include: DEBUG, INFO, WARNING, ERROR, and CRITICAL.
value: "INFO"
- name: FIDES__EXECUTION__SUBJECT_IDENTITY_VERIFICATION_REQUIRED
value: "false"
- name: FIDES__EXECUTION__REQUIRE_MANUAL_REQUEST_APPROVAL
value: "true"
- name: FIDES__USER__ANALYTICS_OPT_OUT
value: "true"
- name: FIDES__REDIS__SSL
value: "false"
- name: FIDES__REDIS__SSL_CERT_REQS # Accepted values include: none, optional and require.
value: "none"
- name: FIDES__EXECUTION__USE_DSR_3_0
value: "true"
# Additional environment variables may be declared here.
# fides.configuration.additionalEnvVarsSecret is an optional parameter representing the name of an existing secret containing environment variables to pass into the Fides containers.
additionalEnvVarsSecret: ""
# fides.configuration.fidesSecuritySecretName is an optional parameter that respresents the name of a Kubernetes secret containing sensitive Fides configuration elements. If set, this secret must have the following keys:
# FIDES__SECURITY__APP_ENCRYPTION_KEY, FIDES__SECURITY__OAUTH_ROOT_CLIENT_ID, FIDES__SECURITY__OAUTH_ROOT_CLIENT_SECRET, FIDES__SECURITY__DRP_JWT_SECRET
fidesSecuritySecretName: ""
# fides.configuration.additionalCORSOrigins is an optional parameter to configure allowed CORS origins in addition to the Fides and Privacy Center URLs.
additionalCORSOrigins: []
# fides.publicHostname is used to set the allowed CORS origins for Fides, e.g. fides.example.com
publicHostname: ""
fullnameOverride: ""
count: 1
service:
type: NodePort
port: 8080
annotations: {}
# fides.startupTimeSeconds configures the delay before liveness and readiness probes begin.
# For local kubernetes clusters, such as minikube & kind, you may need to increase this value to 60 seconds.
startupTimeSeconds: 30
# fides.healthCheckTimeoutSeconds configures the timeoutSeconds of the liveness and readiness probes.
healthCheckTimeoutSeconds: 5
# fides.workerConfiguration configures the Celery workers that process background tasks.
#
# DEFAULT WORKER CONFIGURATION:
# Both Fides and Fidesplus deployments automatically get:
# - 1 DSR worker
# - 1 other worker
#
# Fidesplus deployments additionally get:
# - 1 classification worker
# - 1 helios worker
# - 1 consent worker
#
# To override defaults, explicitly define workers below. To disable a worker, set count: 0.
# For more information, see: https://www.ethyca.com/docs/dev-docs/installation/workers#customizing-workers
workerConfiguration:
workers: []
# Example worker override:
# - name: other
# count: 1
# excludeQueues:
# - fides.dsr
# - fides.privacy_preferences
# resources:
# limits:
# cpu: 1000m
# memory: 2Gi
# requests:
# cpu: 500m
# memory: 1Gi
# privacyCenter is the end-user facing application where data subjects can submit privacy requests.
privacyCenter:
# privacyCenter.enabled determines whether a privacy center will be deployed.
enabled: true
image:
repository: ethyca/fides-privacy-center
pullPolicy: IfNotPresent
# Overrides the Fides Privacy Center image tag whose default is the chart appVersion.
tag: ""
configuration:
# privacyCenter.configuration.configJsonPath specifies the location of the config.json as described in https://ethyca.github.io/fides/ui/privacy_center/.
# Note: the value of server_url_production will be overwritten to use the hostname specified by ingress.hosts.fides
configJsonPath: config/privacyCenterConfig.json
# privacyCenter.configuration.configCSSPath specifies the location of the config.css file to override the default styles.
configCSSPath: config/privacyCenterConfig.css
# privacyCenter.configuration.configFilesOverride specifies the name of an existing configmap with the keys config.css and config.json containing the customization files.
configFilesOverrideConfigMap: ""
# privacyCenter.configuration.debug enables debug mode in the Fides Privacy Center.
debug: false
# privacyCenter.configuration.additionalEnvVars adds arbitrary environment variables to the Privacy Center configuration
# in addition to those set by the Helm chart. Each entry must have a key called "name" and a key called "value"
additionalEnvVars: []
nameOverride: ""
# privacyCenter.publicHostname is used to set the allowed CORS origins for Fides, e.g. privacy.example.com
publicHostname: ""
fullnameOverride: ""
count: 1
service:
type: NodePort
port: 3000
nameOverride: ""
imagePullSecrets: []
# useRollingUpdate helps to minimize upgrade downtime by running deployment upgrades with a RollingUpdate strategy.
# When useRollingUpdate is set to false, the Recreate strategy is used instead. For production deployments,
# useRollingUpdate should be set to true.
useRollingUpdate: true
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext:
{}
# fsGroup: 2000
securityContext:
{}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
ingress:
enabled: false
className: ""
installIngressController:
# installIngressController.awsLoadBalancerController is an option to install the AWS Load Balancer Controller
# as part of this chart.
awsLoadBalancerController: false
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
tls: []
# - secretName: fides-tls
# hosts:
# - privacy.example.com
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}