-
Notifications
You must be signed in to change notification settings - Fork 3
/
values.yaml
311 lines (299 loc) · 10.3 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
#
# Copyright contributors to the Galasa project
#
# SPDX-License-Identifier: EPL-2.0
#
#
# The external hostname that the Galasa services can be accessed on via Ingress,
# must be a valid DNS hostname without a URL scheme (i.e. without "https://").
#
externalHostname: "example.com"
#
# The version of Galasa you want to run with, it is better that you do not use "latest" to ensure
# all the components are running the same version and a controlled upgrade can be performed
#
galasaVersion: "0.39.0"
#
#
#
# Name of the galasa service which will be shown as the title of the web user interface page.
# Any bookmarks taken by users in their browsers will also receive this name.
# Making this name distict helps users identify which Galasa service they are using.
# If they are all called the same thing, users with access to multiple systems may find that
# confusing.
# It is RECOMMENDED that this value is changed to be unique,
# For example: Galasa Service XYZ
#
galasaServiceName: Galasa Service
#
#
#
# The container registry the Galasa images can be found in
#
galasaRegistry: "icr.io/galasadev"
#
#
# The name of the Docker image that contains Galasa's boot.jar file to launch ecosystem services
#
galasaBootImage: "galasa-boot-embedded-amd64"
#
# The maximum number of automation engines the Engine Controller will start at one time
#
maxEngines: "10"
#
#
# The name of the Docker image that launches Galasa's web UI
#
galasaWebUiImage: "galasa-ui"
#
#
#
# Optional. The label of a Kubernetes node that the engine controller should
# have an affinity for. If possible, the engine controller will schedule
# Galasa runs on this node.
#
# Example value: "galasa-engines"
#
k8sNodePreferredAffinity: ""
#
#
#
# Optional. The definition of a Kubernetes node taint toleration behaviour.
# You may wish to prevent other workloads from being scheduled on your dedicated
# Galasa k8s nodes. This can be achieved by tainting the Galasa k8s nodes. If this
# has been done, you will need to define a toleration for your Galasa pods so that
# they can schedule on the tainted nodes.
#
# The value should define a node label, an operator and a condition.
#
# Example value: "galasa-engines=Exists:NoSchedule"
#
# In the above example, any node which has the label "galasa-engines" with a
# "NoSchedule" taint should be tolerated, resulting in the Galasa test pods
# having exclusive access to run on this node.
#
k8sNodeTolerations: ""
#
#
# The pull policy to be used for the Galasa images, only useful for Galasa development purposes
#
pullPolicy: "IfNotPresent"
#
#
# The architecture the pods will be run on, at the moment, only amd64 is supported
#
architecture: amd64
#
#
# Any nodeselectors you wish to use to restrict the nodes the pods will run on
#
nodeSelectors: {}
#
#
# The storage class to be used for persistent volumes
#
storageClass: ""
#
#
# The number of hours worth of etcd history to retain when etcd is compacted
#
etcdHistoryRetention: 10
#
#
# The size of the persistent volumes for the data stores
#
etcdDiskSize: "30Gi"
couchdbDiskSize: "10Gi"
catalogDiskSize: "1Gi"
#
#
# The image names and versions for the non-Galasa images
#
etcdImage: "quay.io/coreos/etcd:v3.2.25"
couchdbImage: "couchdb:3.3.3"
dexImage: "ghcr.io/dexidp/dex:v2.38.0"
kubectlImage: "bitnami/kubectl:1.28"
#
#
# Values related to the encryption of Galasa secrets
#
encryption:
# Optional. The name of an existing Kubernetes Secret that contains
# a set of encryption keys in the following YAML format:
#
# encryption-keys.yaml: |
# encryptionKey: <current-encryption-key>
# fallbackDecryptionKeys:
# - <fallback-key-1>
# - <fallback-key-2>
#
keysSecretName: ""
#
#
# Values to configure the API server
#
apiServer:
#
#
# The number of API server replicas to deploy. This value is overridden when autoscaling is enabled.
#
replicaCount: 2
#
#
# The requests and limits to apply to resources, like CPU and memory, that the API server container consumes.
# See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details on resource management in Kubernetes Pods.
#
# For example, to assign 2 CPU cores and 512MB of memory to the API server, with a limit of up to 3 CPU cores and 1024MB of memory:
# resources:
# requests:
# cpu: "2"
# memory: "512Mi"
# limits:
# cpu: "3"
# memory: "1024Mi"
#
resources: {}
#
#
# Values to configure autoscaling for the API server. Important: Resource requests must be defined via the `resources` value in order
# for autoscaling to work properly.
#
autoscaling:
#
# Enables or disables autoscaling
enabled: false
#
# The minimum number of API server replicas that should be deployed
minReplicas: 1
#
# The maximum number of API server replicas that should be deployed
maxReplicas: 10
#
# The target percentage of CPU utilization to consider when autoscaling.
# For example: `targetCPU: "50"` indicates that the autoscaler may increase the number of replicas when CPU utilization
# exceeds 50%. Similarly, when CPU utilization drops below 50%, the autoscaler may decrease the number of replicas.
targetCPUPercentageUsed: "50"
#
# The target percentage of memory utilization to consider when autoscaling.
# For example: `targetMemory: "50"` indicates that the autoscaler may increase the number of replicas when memory utilization
# exceeds 50%. Similarly, when memory utilization drops below 50%, the autoscaler may decrease the number of replicas.
targetMemoryPercentageUsed: "50"
#
#
# The Kubernetes annotations to apply to the Galasa API server's ingress resource alongside the global annotations provided via the `ingress.annotations` value.
# By default, a rate limit of 1000 requests from a given IP per second is applied to the API server's ingress, using the nginx ingress controller.
#
ingressAnnotations:
nginx.ingress.kubernetes.io/limit-rps: "1000"
#
#
# A list of origins that are allowed to receive responses from the Galasa API server.
# To limit the origins to a set of domains, you can use a wildcard (*) value.
#
# For example, to allow all subdomains of example.com, you can use the following value:
# allowedOrigins:
# - "*.example.com"
#
# By default, all origins are allowed.
#
allowedOrigins:
- "*"
#
# Values to configure global settings applied to all ingresses
# Note: The externalHostname value must be a valid DNS name for ingress to be used.
#
ingress:
# The IngressClass to use for ingresses
ingressClassName: "nginx"
# Values to configure the use of TLS in ingresses. For example:
# tls:
# - hosts:
# - "*.example.com"
# secretName: mysecret
tls: {}
# Optional - The name of the Secret containing root and intermediate CA certificates in a single .pem file.
caCertSecretName: ""
# Annotations to be added to all ingresses. For example:
# annotations:
# nginx.ingress.kubernetes.io/proxy-body-size: "0"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
annotations: {}
#
#
# Values to configure the ecosystem's use of Dex
#
dex:
# `configSecret` contains values as to whether a new Kubernetes Secret containing the Dex configuration
# should be created, or if an existing Secret containing should be used.
configSecret:
# Enables the creation of a Kubernetes Secret using the values provided in `config` if set to true.
# If set to false, you must provide a value for `secretName` that corresponds to an existing Secret.
create: true
# The name of the Kubernetes Secret containing the Dex configuration to mount within the Dex deployment.
# `secretName` must point to a Secret containing a "config.yaml" key and a valid Dex configuration in YAML format.
# If `secretName` is provided and `create` is set to true, then the given name will be ignored and a new Secret
# named "<release-name>-dex-config" will be created.
secretName: ""
# Optional - `envFrom` represents a list of additional environment variables mounted from Kubernetes Secrets or ConfigMaps
# into the Dex Deployment.
# If you would like to mount an additional environment variable from a Secret or ConfigMap, provide the name of the
# resource in the `envFrom` list. For example:
# envFrom:
# - secretRef:
# name: github-oauth-app-secret
# - configMapRef:
# name: my-env-configmap
envFrom: []
# An ordered list of JSON Web Token (JWT) claims to use when Galasa sets the requestor of a test.
# The first JWT claim that is matched will be used as the requestor of a test.
#
# For example, given a JWT that includes the following claims:
# {
# "iss": "https://example.com/dex",
# "sub": "my-user-id",
# "aud": "my-client",
# "exp": 1234567890,
# "iat": 1234567890,
# "name": "John Doe",
# "preferred_username": "johndoe"
# }
#
# If the `usernameClaims` value is set to:
#
# usernameClaims:
# - name
# - preferred_username
# - sub
#
# then the "name" claim will be matched first, and the value "John Doe" will be taken as the requestor of a test.
#
# By default, the order that will be applied is as follows:
# 1. "preferred_username"
# 2. "name"
# 3. "sub"
#
# Different Dex connectors may return different claims within issued JWTs. For details on which JWT claims are
# supported by Dex, refer to the [Dex documentation](https://dexidp.io/docs/custom-scopes-claims-clients).
usernameClaims:
- "preferred_username"
- "name"
- "sub"
# The Dex configuration - See the [Dex documentation](https://dexidp.io/docs) for more information.
# By default, etcd is used as the storage option for the Galasa Ecosystem.
config:
issuer: "http://example.com/dex"
# Connectors to upstream identity providers that users can authenticate with.
# See the [Dex documentation](https://dexidp.io/docs/connectors) for a list
# of connectors supported by Dex.
connectors: []
# OAuth 2.0 configuration values. By default, Dex has been configured to skip the additional
# access approval screen after logging in to the Galasa Ecosystem.
oauth2:
skipApprovalScreen: true
# Token expiry configuration
expiry:
idTokens: 24h
refreshTokens:
reuseInterval: 8760h # 1 year
validIfNotUsedFor: 8760h # 1 year
eventStreamsSecretName: "event-streams-token"