diff --git a/charts/scroll-stack/charts/bridge-history-api/values.yaml b/charts/scroll-stack/charts/bridge-history-api/values.yaml index 008880e6..5a738d8e 100644 --- a/charts/scroll-stack/charts/bridge-history-api/values.yaml +++ b/charts/scroll-stack/charts/bridge-history-api/values.yaml @@ -72,8 +72,6 @@ probes: startup: <<: *default_probes -# this api is a read-only service, it doesn't need to init and migrate again, since all db procedures are finished in fetcher - additionalContainers: redis: name: redis diff --git a/charts/scroll-stack/charts/bridge-history-fetcher/values.yaml b/charts/scroll-stack/charts/bridge-history-fetcher/values.yaml index d6bc34b8..ab431194 100644 --- a/charts/scroll-stack/charts/bridge-history-fetcher/values.yaml +++ b/charts/scroll-stack/charts/bridge-history-fetcher/values.yaml @@ -111,8 +111,6 @@ initContainers: secretKeyRef: name: db-secrets key: BRIDGE_HISTORY_PASSWORD - # command: ["bash", "-c", - # "psql -h $POSTGRES_URL -U $POSTGRES_USER -p 5432 -c \"CREATE DATABASE ${POSTGRES_DB};\""] command: ["bash", "-c", "./init-db.sh"] volumeMounts: - name: init-db diff --git a/charts/scroll-stack/charts/chain-monitor/values.yaml b/charts/scroll-stack/charts/chain-monitor/values.yaml index 609fd63b..f873b5bd 100644 --- a/charts/scroll-stack/charts/chain-monitor/values.yaml +++ b/charts/scroll-stack/charts/chain-monitor/values.yaml @@ -105,8 +105,6 @@ initContainers: secretKeyRef: name: db-secrets key: CHAIN_MONITOR_PASSWORD - # command: ["bash", "-c", - # "psql -h $POSTGRES_URL -U $POSTGRES_USER -p 5432 -c \"CREATE DATABASE ${POSTGRES_DB};\""] command: ["bash","-c","./init-db.sh"] volumeMounts: - name: init-db diff --git a/charts/scroll-stack/charts/coordinator-api/values.yaml b/charts/scroll-stack/charts/coordinator-api/values.yaml index f0e2b050..174fbf26 100644 --- a/charts/scroll-stack/charts/coordinator-api/values.yaml +++ b/charts/scroll-stack/charts/coordinator-api/values.yaml @@ -276,40 +276,6 @@ configMaps: echo "Download completed\n" if ! check_shasum "/data/assets/layer4.config" "$CFG4_SHASUM"; then exit 1; fi fi -# config: -# enabled: true -# data: -# config.json: | -# { -# "prover_manager": { -# "provers_per_session": 1, -# "session_attempts": 100, -# "chunk_collection_time_sec": 3600, -# "batch_collection_time_sec": 600, -# "verifier": { -# "fork_name": "bernoulli", -# "mock_mode": false, -# "params_path": "/verifier/params", -# "assets_path": "/verifier/assets" -# }, -# "max_verifier_workers": 4, -# "min_prover_version": "v4.3.41" -# }, -# "db": { -# "driver_name": "postgres", -# "dsn": "postgres://postgres:qwerty12345@postgresql:5432/scroll", -# "maxOpenNum": 200, -# "maxIdleNum": 20 -# }, -# "l2": { -# "chain_id": 222222 -# }, -# "auth": { -# "secret": "XXX", -# "challenge_expire_duration_sec": 10, -# "login_expire_duration_sec": 3600 -# } -# } serviceMonitor: main: diff --git a/charts/scroll-stack/charts/coordinator-cron/values.yaml b/charts/scroll-stack/charts/coordinator-cron/values.yaml index 3f66cf93..41b421f8 100644 --- a/charts/scroll-stack/charts/coordinator-cron/values.yaml +++ b/charts/scroll-stack/charts/coordinator-cron/values.yaml @@ -76,42 +76,6 @@ probes: startup: << : *default_probes -#configMaps: -# config: -# enabled: true -# data: -# config.json: | -# { -# "prover_manager": { -# "provers_per_session": 1, -# "session_attempts": 100, -# "chunk_collection_time_sec": 3600, -# "batch_collection_time_sec": 600, -# "verifier": { -# "fork_name": "bernoulli", -# "mock_mode": false, -# "params_path": "/verifier/params", -# "assets_path": "/verifier/assets" -# }, -# "max_verifier_workers": 4, -# "min_prover_version": "v4.3.41" -# }, -# "db": { -# "driver_name": "postgres", -# "dsn": "postgres://postgres:qwerty12345@postgresql:5432/scroll", -# "maxOpenNum": 200, -# "maxIdleNum": 20 -# }, -# "l2": { -# "chain_id": 222222 -# }, -# "auth": { -# "secret": "XXX", -# "challenge_expire_duration_sec": 10, -# "login_expire_duration_sec": 3600 -# } -# } - serviceMonitor: main: enabled: true diff --git a/charts/scroll-stack/charts/event-watcher/values.yaml b/charts/scroll-stack/charts/event-watcher/values.yaml index b0585212..154f714b 100644 --- a/charts/scroll-stack/charts/event-watcher/values.yaml +++ b/charts/scroll-stack/charts/event-watcher/values.yaml @@ -24,8 +24,6 @@ podLabels: dbaccess: "true" initContainers: - #Used to create the db. - #We do not use it to generate the users though, we use the admin by default. #see the config.json file init-db: image: postgres:latest env: @@ -58,8 +56,6 @@ initContainers: secretKeyRef: name: db-secrets key: EVENT_WATCHER_PASSWORD - # command: ["bash", "-c", - # "psql -h $POSTGRES_URL -U $POSTGRES_USER -p 5432 -c \"CREATE DATABASE ${POSTGRES_DB};\""] command: ["bash","-c","./init-db.sh"] volumeMounts: - name: init-db diff --git a/charts/scroll-stack/charts/gas-oracle/values.yaml b/charts/scroll-stack/charts/gas-oracle/values.yaml index 562f24e7..f6760819 100644 --- a/charts/scroll-stack/charts/gas-oracle/values.yaml +++ b/charts/scroll-stack/charts/gas-oracle/values.yaml @@ -3,10 +3,6 @@ global: nameOverride: &app_name gas-oracle fullnameOverride: *app_name -#controller: -# annotations: -# secret.reloader.stakater.com/reload: "gas-oracle,event-watcher-genesis" - image: repository: scrolltech/gas-oracle pullPolicy: Always @@ -124,8 +120,6 @@ initContainers: secretKeyRef: name: db-secrets key: GAS_ORACLE_PASSWORD - # command: ["bash", "-c", - # "psql -h $POSTGRES_URL -U $POSTGRES_USER -p 5432 -c \"CREATE DATABASE ${POSTGRES_DB};\""] command: ["bash","-c","./init-db.sh"] volumeMounts: - name: init-db diff --git a/charts/scroll-stack/charts/l2geth-bootnode/values.yaml b/charts/scroll-stack/charts/l2geth-bootnode/values.yaml index 617e62b7..9c40a1da 100644 --- a/charts/scroll-stack/charts/l2geth-bootnode/values.yaml +++ b/charts/scroll-stack/charts/l2geth-bootnode/values.yaml @@ -95,14 +95,6 @@ persistence: mountPath: /l2geth/data accessMode: ReadWriteOnce size: 10Gi -# config-toml: -# enabled: yes -# type: configMap -# mountPath: /l2geth/ -# name: scroll-smart-contracts-config -# items: -# - key: config.toml -# path: config.toml genesis: enabled: yes type: configMap diff --git a/charts/scroll-stack/grafana-bck b/charts/scroll-stack/grafana-bck deleted file mode 100644 index ae2080c4..00000000 --- a/charts/scroll-stack/grafana-bck +++ /dev/null @@ -1,996 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## @param nameOverride String to partially override grafana.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override grafana.fullname template -## -fullnameOverride: "" -## @param clusterDomain Default Kubernetes cluster domain -## -clusterDomain: cluster.local -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @section Grafana parameters - -## Bitnami Grafana image version -## ref: https://hub.docker.com/r/bitnami/grafana/tags/ -## @param image.registry [default: REGISTRY_NAME] Grafana image registry -## @param image.repository [default: REPOSITORY_NAME/grafana] Grafana image repository -## @skip image.tag Grafana image tag (immutable tags are recommended) -## @param image.digest Grafana image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy Grafana image pull policy -## @param image.pullSecrets Grafana image pull secrets -## -image: - registry: docker.io - repository: bitnami/grafana - tag: 10.4.3-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - ## pullSecrets: - ## - myRegistryKeySecretName - pullSecrets: [] -## Admin credentials configuration -## -admin: - ## @param admin.user Grafana admin username - ## - user: "admin" - ## @param admin.password Admin password. If a password is not provided a random password will be generated - ## - password: "" - ## @param admin.existingSecret Name of the existing secret containing admin password - ## - existingSecret: "" - ## @param admin.existingSecretPasswordKey Password key on the existing secret - ## - existingSecretPasswordKey: password -## SMTP configuration -## -smtp: - ## @param smtp.enabled Enable SMTP configuration - ## - enabled: false - ## @param smtp.user SMTP user - ## - user: user - ## @param smtp.password SMTP password - ## - password: password - ## @param smtp.host Custom host for the smtp server - ## e.g: - ## host: mysmtphost.com - ## - host: "" - ## @param smtp.fromAddress From address - ## - fromAddress: "" - ## @param smtp.fromName From name - ## - fromName: "" - ## @param smtp.skipVerify Enable skip verify - ## - skipVerify: "false" - ## @param smtp.existingSecret Name of existing secret containing SMTP credentials (user and password) - ## - existingSecret: "" - ## @param smtp.existingSecretUserKey User key on the existing secret - ## - existingSecretUserKey: user - ## @param smtp.existingSecretPasswordKey Password key on the existing secret - ## - existingSecretPasswordKey: password -## @param plugins Grafana plugins to be installed in deployment time separated by commas -## Specify plugins as a list separated by commas ( you will need to scape them when specifying from command line ) -## Example: -## plugins: grafana-kubernetes-app,grafana-example-app -## -plugins: "" -## Ldap configuration for Grafana -## -ldap: - ## @param ldap.enabled Enable LDAP for Grafana - ## - enabled: false - ## @param ldap.allowSignUp Allows LDAP sign up for Grafana - ## - allowSignUp: false - ## @param ldap.configuration Specify content for ldap.toml configuration file - ## e.g: - ## configuration: |- - ## [[servers]] - ## host = "127.0.0.1" - ## port = 389 - ## use_ssl = false - ## ... - ## - configuration: "" - ## @param ldap.configMapName Name of the ConfigMap with the ldap.toml configuration file for Grafana - ## NOTE: When it's set the ldap.configuration parameter is ignored - ## - configMapName: "" - ## @param ldap.secretName Name of the Secret with the ldap.toml configuration file for Grafana - ## NOTE: When it's set the ldap.configuration parameter is ignored - ## - secretName: "" - ## @param ldap.uri Server URI, eg. ldap://ldap_server:389 - ## - uri: "" - ## @param ldap.binddn DN of the account used to search in the LDAP server. - ## - binddn: "" - ## @param ldap.bindpw Password for binddn account. - ## - bindpw: "" - ## @param ldap.basedn Base DN path where binddn account will search for the users. - ## - basedn: "" - ## @param ldap.searchAttribute Field used to match with the user name (uid, samAccountName, cn, etc). This value will be ignored if 'ldap.searchFilter' is set - ## - searchAttribute: "uid" - ## @param ldap.searchFilter User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(|(sAMAccountName=%s)(userPrincipalName=%s)" - ## - searchFilter: "" - ## @param ldap.extraConfiguration Extra ldap configuration. - ## Example: - ## extraConfiguration: |- - ## # set to true if you want to skip SSL cert validation - ## ssl_skip_verify = false - ## # group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" - ## # group_search_filter_user_attribute = "distinguishedName" - ## # group_search_base_dns = ["ou=groups,dc=grafana,dc=org"] - ## # Specify names of the LDAP attributes your LDAP uses - ## [servers.attributes] - ## # member_of = "memberOf" - ## # email = "email" - ## - extraConfiguration: "" - ## @param ldap.tls.enabled Enabled TLS configuration. - ## @param ldap.tls.startTls Use STARTTLS instead of LDAPS. - ## @param ldap.tls.skipVerify Skip any SSL verification (hostanames or certificates) - ## @param ldap.tls.certificatesMountPath Where LDAP certifcates are mounted. - ## @param ldap.tls.certificatesSecret Secret with LDAP certificates. - ## @param ldap.tls.CAFilename CA certificate filename. Should match with the CA entry key in the ldap.tls.certificatesSecret. - ## @param ldap.tls.certFilename Client certificate filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret. - ## @param ldap.tls.certKeyFilename Client Key filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret. - ## - tls: - enabled: false - startTls: false - skipVerify: false - certificatesMountPath: /opt/bitnami/grafana/conf/ldap/ - certificatesSecret: "" - CAFilename: "" - certFilename: "" - certKeyFilename: "" -## Grafana Image Renderer configuration for Grafana -## -imageRenderer: - ## @param imageRenderer.enabled Enable using a remote rendering service to render PNG images - ## - enabled: false - ## @param imageRenderer.serverURL URL of the remote rendering service - ## - serverURL: "" - ## @param imageRenderer.callbackURL URL of the callback service - ## - callbackURL: "" -## Parameters to override the default grafana.ini file. -## It is needed to create a configmap or a secret containing the grafana.ini file. -## @param config.useGrafanaIniFile Allows to load a `grafana.ini` file -## @param config.grafanaIniConfigMap Name of the ConfigMap containing the `grafana.ini` file -## @param config.grafanaIniSecret Name of the Secret containing the `grafana.ini` file -## -config: - useGrafanaIniFile: false - grafanaIniConfigMap: "" - grafanaIniSecret: "" -## Create dasboard provider to load dashboards, a default one is created to load dashboards -## from "/opt/bitnami/grafana/dashboards" -## @param dashboardsProvider.enabled Enable the use of a Grafana dashboard provider -## @param dashboardsProvider.configMapName Name of a ConfigMap containing a custom dashboard provider -## -dashboardsProvider: - enabled: false - ## Important to set the Path to "/opt/bitnami/grafana/dashboards" - ## Evaluated as a template. - ## - configMapName: "" -## @param dashboardsConfigMaps Array with the names of a series of ConfigMaps containing dashboards files -## They will be mounted by the default dashboard provider if it is enabled -## Use an array with the configMap names. -## In order to use subfolders, uncomment "#foldersFromFilesStructure: true" line in default provider config. or create your own dashboard provider. -## Example: -## dashboardsConfigMaps: -## - configMapName: mydashboard -## folderName: foo -## fileName: mydashboard.json -## - configMapName: myotherdashboard -## folderName: bar -## fileName: myotherdashboard.json -## -dashboardsConfigMaps: [] -## Import datasources from an externally-managed secret, or a secret definition set via Helm values. -## -datasources: - ## @param datasources.secretName The name of an externally-managed secret containing custom datasource files. - ## - secretName: "" - ## @param datasources.secretDefinition The contents of a secret defining a custom datasource file. Only used if datasources.secretName is empty or not defined. - ## Example: - ## secretDefinition: - ## apiVersion: 1 - ## datasources: - ## - name: Prometheus - ## type: prometheus - ## url: http://prometheus-prometheus-server - ## access: proxy - ## isDefault: true - ## - secretDefinition: {} -## Create notifiers from a configMap -## The notifiersName must contain the files -## @param notifiers.configMapName Name of a ConfigMap containing Grafana notifiers configuration -## -notifiers: - configMapName: "" -## Create alerting rules, contact points, notification policies, templates, and mute timings from a configMap -## @param alerting.configMapName Name of a ConfigMap containing Grafana alerting configuration -## -alerting: - configMapName: "" -## @section Grafana Deployment parameters -grafana: - ## @param grafana.replicaCount Number of Grafana nodes - ## - replicaCount: 1 - ## @param grafana.updateStrategy.type Set up update strategy for Grafana installation. - ## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first. - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## Example: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param grafana.automountServiceAccountToken Mount Service Account token in pod - ## - automountServiceAccountToken: false - ## @param grafana.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param grafana.schedulerName Alternative scheduler - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param grafana.terminationGracePeriodSeconds In seconds, time the given to the Grafana pod needs to terminate gracefully - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods - ## - terminationGracePeriodSeconds: "" - ## @param grafana.priorityClassName Priority class name - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param grafana.podLabels Extra labels for Grafana pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param grafana.podAnnotations Grafana Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param grafana.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param grafana.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## @param grafana.containerPorts.grafana Grafana container port - ## - containerPorts: - grafana: 3000 - ## @param grafana.extraPorts Extra ports for Grafana deployment - ## - extraPorts: [] - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## @param grafana.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## @param grafana.nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## @param grafana.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## - nodeAffinityPreset: - type: "" - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param grafana.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param grafana.nodeSelector Node labels for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - ## - nodeSelector: {} - ## @param grafana.tolerations Tolerations for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param grafana.topologySpreadConstraints Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - ## topologySpreadConstraints: - ## - maxSkew: 1 - ## topologyKey: failure-domain.beta.kubernetes.io/zone - ## whenUnsatisfiable: DoNotSchedule - ## - topologySpreadConstraints: [] - ## @param grafana.podSecurityContext.enabled Enable securityContext on for Grafana deployment - ## @param grafana.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param grafana.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param grafana.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param grafana.podSecurityContext.fsGroup Group to configure permissions for volumes - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param grafana.containerSecurityContext.enabled Enabled containers' Security Context - ## @param grafana.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param grafana.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param grafana.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param grafana.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param grafana.containerSecurityContext.privileged Set container's Security Context privileged - ## @param grafana.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param grafana.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param grafana.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param grafana.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## Grafana containers' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param grafana.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if grafana.resources is set (grafana.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param grafana.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Grafana containers' liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param grafana.livenessProbe.enabled Enable livenessProbe - ## @param grafana.livenessProbe.path Path for livenessProbe - ## @param grafana.livenessProbe.scheme Scheme for livenessProbe - ## @param grafana.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param grafana.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param grafana.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param grafana.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param grafana.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - path: /api/health - scheme: HTTP - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## Grafana containers' readinessProbe probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param grafana.readinessProbe.enabled Enable readinessProbe - ## @param grafana.readinessProbe.path Path for readinessProbe - ## @param grafana.readinessProbe.scheme Scheme for readinessProbe - ## @param grafana.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param grafana.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param grafana.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param grafana.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param grafana.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - path: /api/health - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param grafana.startupProbe.enabled Enable startupProbe - ## @param grafana.startupProbe.path Path for readinessProbe - ## @param grafana.startupProbe.scheme Scheme for readinessProbe - ## @param grafana.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param grafana.startupProbe.periodSeconds Period seconds for startupProbe - ## @param grafana.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param grafana.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param grafana.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - path: /api/health - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param grafana.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param grafana.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param grafana.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param grafana.lifecycleHooks for the Grafana container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param grafana.sidecars Attach additional sidecar containers to the Grafana pod - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param grafana.initContainers Add additional init containers to the Grafana pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## @param grafana.extraVolumes Additional volumes for the Grafana pod - ## Example: - ## extraVolumes: - ## - name: my-volume - ## emptyDir: {} - ## - extraVolumes: [] - ## @param grafana.extraVolumeMounts Additional volume mounts for the Grafana container - ## Example: - ## extraVolumeMounts: - ## - name: my-volume - ## mountPath: /opt/bitnami/grafana/my-stuff - ## - extraVolumeMounts: [] - ## @param grafana.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Grafana nodes - ## - extraEnvVarsCM: "" - ## @param grafana.extraEnvVarsSecret Name of existing Secret containing extra env vars for Grafana nodes - ## - extraEnvVarsSecret: "" - ## @param grafana.extraEnvVars Array containing extra env vars to configure Grafana - ## For example: - ## extraEnvVars: - ## - name: GF_DEFAULT_INSTANCE_NAME - ## value: my-instance - ## - extraEnvVars: [] - ## @param grafana.extraConfigmaps Array to mount extra ConfigMaps to configure Grafana - ## For example: - ## extraConfigmaps: - ## - name: myconfigmap - ## mountPath: /opt/bitnami/desired-path - ## subPath: file-name.extension (optional) - ## readOnly: true - ## - extraConfigmaps: [] - ## @param grafana.command Override default container command (useful when using custom images) - ## - command: [] - ## @param grafana.args Override default container args (useful when using custom images) - ## - args: [] -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ -## @param persistence.enabled Enable persistence -## @param persistence.annotations Persistent Volume Claim annotations -## @param persistence.accessMode Persistent Volume Access Mode -## @param persistence.accessModes Persistent Volume Access Modes -## @param persistence.storageClass Storage class to use with the PVC -## @param persistence.existingClaim If you want to reuse an existing claim, you can pass the name of the PVC using the existingClaim variable -## @param persistence.size Size for the PV -## -persistence: - enabled: true - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - annotations: {} - existingClaim: "" - accessMode: ReadWriteOnce - accessModes: [] - size: 10Gi -## @section RBAC parameters - -## @param serviceAccount.create Specifies whether a ServiceAccount should be created -## @param serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template -## @param serviceAccount.annotations Annotations to add to the ServiceAccount Metadata -## @param serviceAccount.automountServiceAccountToken Automount service account token for the application controller service account -serviceAccount: - create: true - name: "" - annotations: {} - automountServiceAccountToken: false -## @section Traffic exposure parameters - -## Service parameters -## -service: - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.clusterIP Grafana service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.ports.grafana Grafana service port - ## - ports: - grafana: 3000 - ## @param service.nodePorts.grafana Specify the nodePort value for the LoadBalancer and NodePort service types - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - grafana: "" - ## @param service.loadBalancerIP loadBalancerIP if Grafana service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerClass loadBalancerClass if Grafana service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerClass: "" - ## @param service.loadBalancerSourceRanges loadBalancerSourceRanges if Grafana service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.annotations Provide any additional annotations which may be required. - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - ## @param service.externalTrafficPolicy Grafana service external traffic policy - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.extraPorts Extra port to expose on Grafana service - ## - extraPorts: [] - ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} -## Network Policies -## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created - ## - enabled: true - ## @param networkPolicy.allowExternal Don't require server label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## server label will have network access to the ports server is listening - ## on. When true, server will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - extraIngress: [] - ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## Configure the ingress resource that allows you to access the -## Grafana installation. Set up the URL -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Set to true to enable ingress record generation - ## - enabled: false - ## DEPRECATED: Use ingress.annotations instead of ingress.certManager - ## certManager: false - ## - - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created - ## - hostname: grafana.local - ## @param ingress.path Default path for the ingress resource - ## The Path to Grafana. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: grafana.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - grafana.local - ## secretName: grafana.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## @param ingress.secrets It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: grafana.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ingressClassName: "" - ## @param ingress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: - ## extraRules: - ## - host: example.local - ## http: - ## path: / - ## backend: - ## service: - ## name: example-svc - ## port: - ## name: http - ## - extraRules: [] -## @section Metrics parameters - -## Prometheus metrics -## -metrics: - ## @param metrics.enabled Enable the export of Prometheus metrics - ## - enabled: false - ## Prometheus Operator ServiceMonitor configuration - ## @param metrics.service.annotations [object] Annotations for Prometheus metrics service - ## - service: - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "3000" - prometheus.io/path: "/metrics" - serviceMonitor: - ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels Labels to honor to add to the scrape endpoint - ## - honorLabels: false - ## DEPRECATED metrics.serviceMonitor.additionalLabels - It will be removed in a future release, please use metrics.serviceMonitor.labels instead - ## @param metrics.serviceMonitor.labels Additional custom labels for the ServiceMonitor - ## - labels: {} - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## Prometheus Operator PrometheusRule configuration - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) - ## - enabled: false - ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) - ## - namespace: "" - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.prometheusRule.rules PrometheusRule rules to configure - ## e.g: - ## - alert: Grafana-Down - ## annotations: - ## message: 'Grafana instance is down' - ## summary: Grafana instance is down - ## expr: absent(up{job="grafana"} == 1) - ## labels: - ## severity: warning - ## service: grafana - ## for: 5m - ## - rules: [] -## @section Volume permissions init Container Parameters - -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the `grafana:podSecurityContext`/`grafana:containerSecurityContext`` parameters -## May require setting `grafana:podSecurityContext:runAsNonRoot` to false -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## OS Shell + Utility image - ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ - ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry - ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository - ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy - ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r21 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser - ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the - ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) - ## - containerSecurityContext: - seLinuxOptions: {} - runAsUser: 0 -## @section Diagnostic Mode Parameters - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - diff --git a/charts/scroll-stack/templates/test.yml b/charts/scroll-stack/templates/test.yml deleted file mode 100644 index ab0bfe6e..00000000 --- a/charts/scroll-stack/templates/test.yml +++ /dev/null @@ -1,2 +0,0 @@ -#gas-oracle: -# enabled: false