README.helm.md

Korifi Helm chart

This documents the Helm chart for Korifi.

The chart is a composition of subcharts, one per component, with each individual component configuration nested under a top-level key named after the component itself. Values under the top-level global key apply to all components. Each component can be excluded from the deployment by the setting its include value to false. See Customizing the Chart Before Installing for details on how to specify values when installing a Helm chart.

Here are all the values that can be set for the chart:

• global: Global values that are shared between Korifi and its subcharts.
  • containerRegistrySecret (String): Deprecated in favor of containerRegistrySecrets.
  • containerRegistrySecrets (Array): List of Secret names to use when pushing or pulling from package, droplet and kpack builder repositories. Required if eksContainerRegistryRoleARN not set. Ignored if eksContainerRegistryRoleARN is set.
  • containerRepositoryPrefix (String): The prefix of the container repository where package and droplet images will be pushed. This is suffixed with the app GUID and -packages or -droplets. For example, a value of index.docker.io/korifi/ will result in index.docker.io/korifi/<appGUID>-packages and index.docker.io/korifi/<appGUID>-droplets being pushed.
  • debug (Boolean): Enables remote debugging with Delve.
  • defaultAppDomainName (String): Base domain name for application URLs.
  • eksContainerRegistryRoleARN (String): Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set.
  • generateIngressCertificates (Boolean): Use cert-manager to generate self-signed certificates for the API and app endpoints.
  • logLevel (String): Sets level of logging for api and controllers components. Can be 'info' or 'debug'.
  • reconcilers:
    • app (String): ID of the workload runner to set on all AppWorkload objects. Defaults to statefulset-runner.
    • build (String): ID of the image builder to set on all BuildWorkload objects. Has to match api.builderName. Defaults to kpack-image-builder.
  • rootNamespace (String): Root of the Cloud Foundry namespace hierarchy.
• adminUserName (String): Name of the admin user that will be bound to the Cloud Foundry Admin role.
• api:
  • apiServer:
    • internalPort (Integer): Port used internally by the API container.
    • port (Integer): API external port. Defaults to 443.
    • timeouts: HTTP timeouts.
      • idle (Integer): Idle timeout.
      • read (Integer): Read timeout.
      • readHeader (Integer): Read header timeout.
      • write (Integer): Write timeout.
    • url (String): API URL.
  • authProxy: Needed if using a cluster authentication proxy, e.g. Pinniped.
    • caCert (String): Proxy's PEM-encoded CA certificate (not as Base64).
    • host (String): Must be a host string, a host:port pair, or a URL to the base of the apiserver.
  • builderName (String): ID of the builder used to build apps. Defaults to kpack-image-builder.
  • expose (Boolean): Expose the API component via Contour. Set to false if you want to expose the API using other means.
  • image (String): Reference to the API container image.
  • include (Boolean): Deploy the API component.
  • lifecycle: Default lifecycle for apps.
    • stack (String): Stack.
    • stagingRequirements:
      • buildCacheMB (Integer): Persistent disk in MB for caching staging artifacts across builds.
      • diskMB (Integer): Ephemeral Disk request in MB for staging apps.
      • memoryMB (Integer): Memory request in MB for staging.
    • type (String): Lifecycle type (only buildpack accepted currently).
  • replicas (Integer): Number of replicas.
  • resources: ResourceRequirements for the API.
    • limits: Resource limits.
      • cpu (String): CPU limit.
      • memory (String): Memory limit.
    • requests: Resource requests.
      • cpu (String): CPU request.
      • memory (String): Memory request.
  • userCertificateExpirationWarningDuration (String): Issue a warning if the user certificate provided for login has a long expiry. See time.ParseDuration for details on the format.
• contourRouter:
  • include (Boolean): Deploy the contour-router component.
• controllers:
  • extraVCAPApplicationValues: Key-value pairs that are going to be set in the VCAP_APPLICATION env var on apps. Nested values are not supported.
  • image (String): Reference to the controllers container image.
  • maxRetainedBuildsPerApp (Integer): How many staged builds to keep, excluding the app's current droplet. Older staged builds will be deleted, along with their corresponding container images.
  • maxRetainedPackagesPerApp (Integer): How many 'ready' packages to keep, excluding the package associated with the app's current droplet. Older 'ready' packages will be deleted, along with their corresponding container images.
  • namespaceLabels: Key-value pairs that are going to be set as labels on the namespaces created by Korifi.
  • processDefaults:
    • diskQuotaMB (Integer): Default disk quota for the web process.
    • memoryMB (Integer): Default memory limit for the web process.
  • replicas (Integer): Number of replicas.
  • resources: ResourceRequirements for the API.
    • limits: Resource limits.
      • cpu (String): CPU limit.
      • memory (String): Memory limit.
    • requests: Resource requests.
      • cpu (String): CPU request.
      • memory (String): Memory request.
  • taskTTL (String): How long before the CFTask object is deleted after the task has completed. See time.ParseDuration for details on the format, an additional d suffix for days is supported.
  • workloadsTLSSecret (String): TLS secret used when setting up an app routes.
• jobTaskRunner:
  • include (Boolean): Deploy the job-task-runner component.
  • jobTTL (String): How long before the Job backing up a task is deleted after completion. See time.ParseDuration for details on the format, an additional d suffix for days is supported.
  • replicas (Integer): Number of replicas.
  • resources: ResourceRequirements for the API.
    • limits: Resource limits.
      • cpu (String): CPU limit.
      • memory (String): Memory limit.
    • requests: Resource requests.
      • cpu (String): CPU request.
      • memory (String): Memory request.
• kpackImageBuilder:
  • builderReadinessTimeout (String): The time that the kpack Builder will be waited for if not in ready state, berfore the build workload fails. See time.ParseDuration for details on the format, an additional d suffix for days is supported.
  • builderRepository (String): Container image repository to store the ClusterBuilder image. Required when clusterBuilderName is not provided.
  • clusterBuilderName (String): The name of the ClusterBuilder Kpack has been configured with. Leave blank to let kpack-image-builder create an example ClusterBuilder.
  • clusterStackBuildImage (String): The image to use for building defined in the ClusterStack. Used when kpack-image-builder is blank.
  • clusterStackRunImage (String): The image to use for running defined in the ClusterStack. Used when kpack-image-builder is blank.
  • include (Boolean): Deploy the kpack-image-builder component.
  • replicas (Integer): Number of replicas.
  • resources: ResourceRequirements for the API.
    • limits: Resource limits.
      • cpu (String): CPU limit.
      • memory (String): Memory limit.
    • requests: Resource requests.
      • cpu (String): CPU request.
      • memory (String): Memory request.
• statefulsetRunner:
  • include (Boolean): Deploy the statefulset-runner component.
  • replicas (Integer): Number of replicas.
  • resources: ResourceRequirements for the API.
    • limits: Resource limits.
      • cpu (String): CPU limit.
      • memory (String): Memory limit.
    • requests: Resource requests.
      • cpu (String): CPU request.
      • memory (String): Memory request.