forked from linuxfoundation/lfx-v2-mailing-list-service
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalues.yaml
More file actions
349 lines (309 loc) · 14.3 KB
/
values.yaml
File metadata and controls
349 lines (309 loc) · 14.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
# Copyright The Linux Foundation and each contributor to LFX.
# SPDX-License-Identifier: MIT
---
# image is the configuration for the container images
image:
# repository is the container image repository
repository: ghcr.io/linuxfoundation/lfx-v2-mailing-list-service/mailing-list-api
# tag is the container image tag (overrides appVersion from Chart.yaml)
tag: ""
# pullPolicy is the image pull policy
pullPolicy: IfNotPresent
# replicaCount is the number of replicas for the deployment
replicaCount: 3
# podAnnotations are additional annotations applied to the pod template.
# Example:
# prometheus.io/scrape: "true"
# prometheus.io/port: "8080"
podAnnotations: {}
# podLabels are additional labels applied to the pod template.
# Example:
# team: platform
# environment: production
podLabels: {}
# resources is the configuration for resource requests and limits
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
# traefik is the configuration for Traefik Gateway API routing
traefik:
# gateway specifies the platform Gateway to attach to
gateway:
# name is the name of the Gateway resource
name: lfx-platform-gateway
# namespace is the namespace of the Gateway resource
namespace: lfx
# lfx is the configuration for LFX platform
lfx:
# domain is the base domain for routing
domain: k8s.orb.local
# namespace is the target namespace for deployment
namespace: lfx
# service is the configuration for the Kubernetes service
service:
# port is the service port
port: 8080
# serviceAccount is the configuration for the Kubernetes service account
serviceAccount:
# create specifies whether a service account should be created
create: true
# name is the name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# annotations to add to the service account
annotations: {}
# automountServiceAccountToken is a boolean to determine if the service account token should be automatically mounted
automountServiceAccountToken: true
# nats is the configuration for the NATS server
nats:
# url is the URL of the NATS server
url: nats://lfx-platform-nats.lfx.svc.cluster.local:4222
# groupsio_services_kv_bucket is the configuration for the KV bucket for storing GroupsIO services
groupsio_services_kv_bucket:
# creation is a boolean to determine if the KV bucket should be created via the helm chart.
# set it to false if you want to use an existing KV bucket.
creation: true
# keep is a boolean to determine if the KV bucket should be preserved during helm uninstall
# set it to false if you want the bucket to be deleted when the chart is uninstalled
keep: true
# name is the name of the KV bucket for storing GroupsIO services
name: groupsio-services
# history is the number of history entries to keep for the KV bucket
history: 20
# storage is the storage type for the KV bucket
storage: file
# maxValueSize is the maximum size of a value in the KV bucket
maxValueSize: 10485760 # 10MB
# maxBytes is the maximum number of bytes in the KV bucket
maxBytes: 1073741824 # 1GB
# compression is a boolean to determine if the KV bucket should be compressed
compression: true
# groupsio_service_settings_kv_bucket is the configuration for the KV bucket for storing GroupsIO service settings
groupsio_service_settings_kv_bucket:
# creation is a boolean to determine if the KV bucket should be created via the helm chart.
# set it to false if you want to use an existing KV bucket.
creation: true
# keep is a boolean to determine if the KV bucket should be preserved during helm uninstall
# set it to false if you want the bucket to be deleted when the chart is uninstalled
keep: true
# name is the name of the KV bucket for storing GroupsIO service settings
name: groupsio-service-settings
# history is the number of history entries to keep for the KV bucket
history: 20
# storage is the storage type for the KV bucket
storage: file
# maxValueSize is the maximum size of a value in the KV bucket
maxValueSize: 1048576 # 1MB
# maxBytes is the maximum number of bytes in the KV bucket
maxBytes: 104857600 # 100MB
# compression is a boolean to determine if the KV bucket should be compressed
compression: true
# groupsio_mailing_lists_kv_bucket is the configuration for the KV bucket for storing GroupsIO mailing lists
groupsio_mailing_lists_kv_bucket:
# creation is a boolean to determine if the KV bucket should be created via the helm chart.
# set it to false if you want to use an existing KV bucket.
creation: true
# keep is a boolean to determine if the KV bucket should be preserved during helm uninstall
# set it to false if you want the bucket to be deleted when the chart is uninstalled
keep: true
# name is the name of the KV bucket for storing GroupsIO mailing lists
name: groupsio-mailing-lists
# history is the number of history entries to keep for the KV bucket
history: 20
# storage is the storage type for the KV bucket
storage: file
# maxValueSize is the maximum size of a value in the KV bucket
maxValueSize: 10485760 # 10MB
# maxBytes is the maximum number of bytes in the KV bucket
maxBytes: 1073741824 # 1GB
# compression is a boolean to determine if the KV bucket should be compressed
compression: true
# groupsio_mailing_list_settings_kv_bucket is the configuration for the KV bucket for storing GroupsIO mailing list settings
groupsio_mailing_list_settings_kv_bucket:
# creation is a boolean to determine if the KV bucket should be created via the helm chart.
# set it to false if you want to use an existing KV bucket.
creation: true
# keep is a boolean to determine if the KV bucket should be preserved during helm uninstall
# set it to false if you want the bucket to be deleted when the chart is uninstalled
keep: true
# name is the name of the KV bucket for storing GroupsIO mailing list settings
name: groupsio-mailing-list-settings
# history is the number of history entries to keep for the KV bucket
history: 20
# storage is the storage type for the KV bucket
storage: file
# maxValueSize is the maximum size of a value in the KV bucket
maxValueSize: 1048576 # 1MB
# maxBytes is the maximum number of bytes in the KV bucket
maxBytes: 104857600 # 100MB
# compression is a boolean to determine if the KV bucket should be compressed
compression: true
# groupsio_members_kv_bucket is the configuration for the KV bucket for storing GroupsIO members
groupsio_members_kv_bucket:
# creation is a boolean to determine if the KV bucket should be created via the helm chart.
# set it to false if you want to use an existing KV bucket.
creation: true
# keep is a boolean to determine if the KV bucket should be preserved during helm uninstall
# set it to false if you want the bucket to be deleted when the chart is uninstalled
keep: true
# name is the name of the KV bucket for storing GroupsIO members
name: groupsio-members
# history is the number of history entries to keep for the KV bucket
history: 20
# storage is the storage type for the KV bucket
storage: file
# maxValueSize is the maximum size of a value in the KV bucket
maxValueSize: 10485760 # 10MB
# maxBytes is the maximum number of bytes in the KV bucket
maxBytes: 1073741824 # 1GB
# compression is a boolean to determine if the KV bucket should be compressed
compression: true
# openfga is the configuration for the OpenFGA server
openfga:
# enabled is a boolean to determine if the OpenFGA server should be enabled for authorization
# Note: If it is disabled, then the mailing-list service will allow all requests
# (Disabling OpenFGA should only be used for local development).
enabled: true
# heimdall is the configuration for the heimdall middleware
heimdall:
enabled: true
url: http://heimdall.lfx.svc.cluster.local:4456
# jwksUrl is the URL to the JSON Web Key Set endpoint for JWT validation
jwksUrl: http://lfx-platform-heimdall.lfx.svc.cluster.local:4457/.well-known/jwks
# authelia is the configuration for the Authelia server
authelia:
# enabled is a boolean to determine if the Authelia authenticator is enabled
# Note: Disabling Authelia should only be used for local development
enabled: true
# global is the configuration for the global settings
global:
# awsRegion is the AWS region for the External Secrets Operator
awsRegion: us-west-2
# app is the configuration for the application
app:
# audience is the JWT audience required for authentication with this app
audience: lfx-v2-mailing-list-service
# use_oidc_contextualizer is a boolean to determine if the OIDC contextualizer should be used
use_oidc_contextualizer: true
# otel is the configuration for OpenTelemetry tracing
otel:
# serviceName is the service name for OpenTelemetry resource identification
# (default: "lfx-v2-mailing-list-service")
serviceName: ""
# serviceVersion is the service version for OpenTelemetry resource identification
# (default: build-time version from ldflags)
serviceVersion: ""
# protocol specifies the OTLP protocol: "grpc" or "http"
# (default: "grpc")
protocol: "grpc"
# endpoint is the OTLP collector endpoint
# For gRPC: typically "host:4317", for HTTP: typically "host:4318"
endpoint: ""
# insecure disables TLS for the OTLP connection
# Set to "true" for in-cluster communication without TLS
insecure: "false"
# tracesExporter specifies the traces exporter: "otlp" or "none"
# (default: "none")
tracesExporter: "none"
# tracesSampleRatio specifies the sampling ratio for traces (0.0 to 1.0)
# A value of 1.0 means all traces are sampled, 0.5 means 50% are sampled
# (default: "1.0")
tracesSampleRatio: "1.0"
# metricsExporter specifies the metrics exporter: "otlp" or "none"
# (default: "none")
metricsExporter: "none"
# logsExporter specifies the logs exporter: "otlp" or "none"
# (default: "none")
logsExporter: "none"
# propagators specifies the propagators to use, comma-separated
# Supported values: "tracecontext", "baggage", "jaeger"
# (default: "tracecontext,baggage,jaeger")
propagators: "tracecontext,baggage,jaeger"
# environment contains all application environment variables
# Each variable can have either a 'value' (for direct values) or 'valueFrom' (for secret references)
environment:
# NATS_URL is the URL of the NATS server (required)
NATS_URL:
value: nats://lfx-platform-nats.lfx.svc.cluster.local:4222
# LOG_LEVEL is the log level (debug, info, warn, error) - optional, defaults to info
LOG_LEVEL:
value: info
# LOG_ADD_SOURCE determines if log source should be added - optional, defaults to true
LOG_ADD_SOURCE:
value: true
# JWKS_URL is the URL to the JSON Web Key Set endpoint for JWT validation
# Required unless JWT_AUTH_DISABLED_MOCK_LOCAL_PRINCIPAL is set
JWKS_URL:
value: http://lfx-platform-heimdall.lfx.svc.cluster.local:4457/.well-known/jwks
# JWT_AUDIENCE is the intended audience for the JWT token (required)
JWT_AUDIENCE:
value: lfx-v2-mailing-list-service
# JWT_AUTH_DISABLED_MOCK_LOCAL_PRINCIPAL is used for local development to bypass JWT validation
# Optional, local dev only. Set to a principal name to enable mock authentication
JWT_AUTH_DISABLED_MOCK_LOCAL_PRINCIPAL:
value: ''
# AUTH_SOURCE is the authentication source: 'jwt' for production, 'mock' for local dev (optional, defaults to jwt)
AUTH_SOURCE:
value: jwt
# REPOSITORY_SOURCE is the repository implementation: 'nats' for production, 'mock' for local dev
# Optional, defaults to nats. Production should use 'nats', local development should use 'mock'
REPOSITORY_SOURCE:
value: nats
# GroupsIO Integration Configuration
# GROUPSIO_SOURCE determines the GroupsIO implementation: 'groupsio' for production, 'mock' for testing
# Use 'groupsio' for production, 'mock' for testing. Empty string defaults to production in code.
GROUPSIO_SOURCE:
value: groupsio
# GROUPSIO_BASE_URL is the Groups.io API base URL
GROUPSIO_BASE_URL:
value: "https://groups.io/api"
# GROUPSIO_EMAIL is the Groups.io account email for authentication
# WARNING: Do not commit actual credentials to this file - should be set via Kubernetes secrets using valueFrom
GROUPSIO_EMAIL:
value: null
# GROUPSIO_PASSWORD is the Groups.io account password for authentication
# WARNING: Do not commit actual credentials to this file - should be set via Kubernetes secrets using valueFrom
GROUPSIO_PASSWORD:
value: null
# GROUPSIO_TIMEOUT is the HTTP client timeout for Groups.io requests (e.g., "30s", "1m")
GROUPSIO_TIMEOUT:
value: "30s"
# GROUPSIO_MAX_RETRIES is the maximum number of retry attempts for failed requests
GROUPSIO_MAX_RETRIES:
value: "3"
# GROUPSIO_RETRY_DELAY is the delay between retry attempts (e.g., "1s", "500ms")
GROUPSIO_RETRY_DELAY:
value: "1s"
# GROUPSIO_WEBHOOK_SECRET is the secret for GroupsIO webhook validation
# WARNING: Do not commit actual credentials to this file - should be set via Kubernetes secrets using valueFrom
GROUPSIO_WEBHOOK_SECRET:
value: null
EVENTING_ENABLED:
value: "true"
# External Secrets Operator
externalSecretsOperator:
# Enable/disable External Secrets Operator integration
enabled: true
# ExternalSecret configuration
externalSecret:
# How often to refresh secrets from AWS
refreshInterval: "10m"
# Secret data mappings
# REQUIRED: Secrets must exist in AWS Secrets Manager (global.awsRegion)
data:
- secretKey: GROUPSIO_EMAIL
remoteRef:
key: /cloudops/managed-secrets/cloud/groupsio/lfx-v2-mailing-list-service
property: groupsio_email
- secretKey: GROUPSIO_PASSWORD
remoteRef:
key: /cloudops/managed-secrets/cloud/groupsio/lfx-v2-mailing-list-service
property: groupsio_password
- secretKey: GROUPSIO_WEBHOOK_SECRET
remoteRef:
key: /cloudops/managed-secrets/cloud/groupsio/lfx-v2-mailing-list-service
property: groupsio_webhook_secret