-
Notifications
You must be signed in to change notification settings - Fork 22
/
values.yaml
228 lines (227 loc) · 7.97 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
# scim configuration options
scim:
# name sets the name used for the various constructs used by the SCIM bridge setup
name: '{{ template "common.names.fullname" . }}'
# version of the SCIM bridge
version: "{{ .Chart.AppVersion }}"
# configure the credentials used by the SCIM bridge
credentials:
volume:
# setting enabled:true configures the SCIM bridge to access the credentials via a volume
enabled: true
# name of an existing volume to use for the credentials
name: '{{ template "common.names.fullname" . }}-credentials'
claimName: '{{ template "common.names.fullname" . }}-pvc'
# name of the file to mount within the volume
files:
scimsessionFile: scimsession
workspaceSettingsFile: workspace-settings.json
workspaceCredentialsFile: workspace-credentials.json
# accessModes for the volume
accessModes:
- ReadWriteOnce
# resources configuration for the volume
resources:
requests:
storage: 1Gi
# storageClass for the volume. do-block-storage is recommended for Digital Ocean. Set to "-" to set storageClass to "".
# storageClass:
secrets:
# Set to true if you are using Google Workspace as your identity provider
googleWorkspace: false
# setting enabled:true configures the SCIM bridge to access the credentials via a secret
enabled: false
# create the secret if it does not exist
create: false
# name of the secret
name: '{{ template "common.names.fullname" . }}-credentials'
scimsession:
# key of the secret
key: scimsession
# value_json is the JSON contents of the scimsession file
# value_base64 is the base64 encoded contents of the scimsession file
# value_base64: "base64-encoded scimsession file"
workspaceSettings:
# key of the secret
key: workspace-settings
# value_json is the JSON contents of the scimsession file
# value_json: '{}'
# value_base64 is the base64 encoded contents of the workspace settings file
# value_base64: "base64 encoded contents of the workspace settings file"
workspaceCredentials:
# key of the secret
key: workspace-credentials
# value_json is the JSON contents of the scimsession file
# value_json: '{}'
# value_base64 is the base64 encoded contents of the workspace key file
# value_base64: "base64 encoded contents of the workspace key file"
# imageRepository sets the 1Password SCIM bridge image to use
imageRepository: 1password/scim
# imagePullPolicy sets the image pull policy
imagePullPolicy: Always
# imagePullPolicy sets the image pull secret
imagePullSecrets: []
# httpPort sets the HTTP port used by the SCIM bridge
httpPort: 8080
# httpsPort sets the HTTPS port used by the SCIM bridge
httpsPort: 8443
# service defines the configuration for a service resource
service:
enabled: true
type: LoadBalancer
# ingress defines the configuration for an ingress resource
ingress:
enabled: false
className: ""
annotations: {}
hosts:
[]
# - host: chart-example.local
# paths:
# - path: /
# pathType: ImplementationSpecific
tls:
[]
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# probes configures the liveness probe used for the SCIM bridge pod
probes:
# liveness contains the liveness probe config
liveness:
# enabled determines whether to enable the liveness probe
enabled: true
# path sets the URL path to use for the liveness probe
path: "/ping"
# config sets the configuration options
config:
# redisURL sets the Redis connection URL
redisURL: "redis://{{ .Release.Name }}-redis-master:6379"
# domain sets the allowed 1Password sign in URL. Not set by default.
# domain: example.1password.com
# tlsDomain sets the domain to attempt to get a certificate for via Let's Encrypt.
# debug enables DEBUG log level instead of the default INFO level
# debug: false
# jsonLogs enables JSON log output
# jsonLogs: false
# prettyLogs enables colorized log output
# prettyLogs: false
tls:
enabled: false
secret: "{{ .Release.Name }}-tls"
# resource sets the requests and/or limits for the SCIM bridge pod
resources:
requests:
cpu: 125m
memory: 256M
limits:
cpu: 250m
memory: 512M
# annotations adds additional annotations
annotations: {}
# labels adds additional labels
labels: {}
# podAnnotations sets annotations for the SCIM bridge pod
podAnnotations: {}
# podLabels sets the labels for the SCIM bridge pod
podLabels: {}
# nodeSelector sets the node selector for the SCIM bridge pod
nodeSelector: {}
# affinity sets the affinity for the SCIM bridge pod
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- redis
topologyKey: "kubernetes.io/hostname"
# tolerations sets the tolerations for the SCIM bridge pod
tolerations: []
# replicaCount sets number of replicas to deploy
replicaCount: 1
# autoscaling if enabled creates a HorizontalPodAutoscaler resource. Will override replicaCount
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# podDisruptionBudget configuration. Requires more than 1 replica or
# autoscaling to be enabled to be effective.
podDisruptionBudget:
enabled: false
minAvailable: 1
# serviceAccount configuration. Default service account is used when disabled.
serviceAccount:
# create determines whether a service account should be created
create: true
# name of the service account to use
# If not set and create is true, a name is generated using the full name template.
name: ""
# serviceMonitor if enabled create prometheus ServiceMonitor for auto discovery
serviceMonitor:
enabled: false
# namespace to deploy the service monitor to
namespace: ""
# bearerTokenSecret specifies the secret that contains the SCIM bridge bearer token
bearerTokenSecret:
{}
# key: secret-key
# name: secret-name
# initContainers sets config options for the init containers
initContainers:
resources: {}
# redis configuration options (see upstream chart documentation and README.MD)
redis:
enabled: true
auth:
enabled: false
# this can be changed to "replication" if you wish to have more redis nodes; see bitnami chart documentation
architecture: standalone
image:
registry: docker.io
repository: bitnami/redis
tag: latest
pullPolicy: IfNotPresent
cluster:
enabled: false
usePassword: false
# redis config options applied to all instances in the configuration
commonConfiguration: |-
maxmemory 256mb
maxmemory-policy volatile-lru
# Disable RDB persistence
save ""
master:
kind: Deployment
# prefer to schedule redis and SCIM bridge pods on separate nodes
# this configuration should be duplicated for replica.affinity when not running redis as a standalone instance
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- op-scim-bridge
topologyKey: "kubernetes.io/hostname"
persistence:
enabled: false
resources:
requests:
cpu: 125m
memory: 256M
limits:
cpu: 250m
memory: 512M
# acceptanceTests is used by the tests run during CI (see templates/tests)
acceptanceTests:
enabled: false