-
Notifications
You must be signed in to change notification settings - Fork 8
/
values.yaml
212 lines (194 loc) · 7.66 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
---
replicas: 1
# -- different name for the helm release
nameOverride: ""
service:
# -- The type of service to deploy for routing Coturn traffic.
# ClusterIP: Recommended for DaemonSet configurations. This will create a
# standard Kubernetes service for Coturn within the cluster.
# No external networking will be configured as the DaemonSet
# will handle binding to each Node's host networking
#
# NodePort: Recommended for Deployment configurations. This will open
# TURN ports on every node and route traffic on these ports to
# the Coturn pods. You will need to make sure your cloud
# provider supports the cluster config setting,
# apiserver.service-node-port-range, as this range must contain
# the ports defined above for the service to be created.
#
# LoadBalancer: This was what was originally set for this chart in the
# upstream of this fork, but with no details
type: ClusterIP
# -- I don't actually know what this is 🤔 open a PR if you know
# was originally "Local"
externalTrafficPolicy: ""
image:
# -- container registry and repo for coturn docker image
repository: "coturn/coturn"
# -- docker tag for coturn server
tag: ""
# -- image pull policy, set to Always if using image.tag: latest
pullPolicy: IfNotPresent
# -- ref: kubernetes.io/docs/concepts/configuration/manage-resources-containers
resources: {}
# -- Coturn specific labels
labels:
component: coturn
certificate:
# -- Enables auto issuing certificates over cert-manager certificates
# https://cert-manager.io/docs/concepts/certificate/
enabled: false
# -- name of secret to create for ssl cert
secret: "turn-tls"
# -- name of cert-manager issuer to use for cert generation.
# change to production issuer when you're stable
issuerName: "letsencrypt-staging"
externalDatabase:
# -- enables the use of postgresql instead of the default sqlite
# to use the bundled subchart, enable this, and postgresql.enable
enabled: false
# -- Currently postgresql and mysql are supported.
type: "postgresql"
# -- required if externalDatabase.enabled: true and postgresql.enabled: false
hostname: ""
# -- username for database, ignored if existingSecret is passed in
username: ""
# -- password for database, ignored if existingSecret is passed in
password: ""
# -- database to create, ignored if existingSecret is passed in
database: ""
# -- name of existing Secret to use for postgresql credentials
existingSecret: ""
# Names of the keys in existing secret to use for PostgreSQL credentials
secretKeys:
# -- key in existing Secret to use for the db user
username: ""
# -- key in existing Secret to use for db user's password
password: ""
# -- key in existing Secret to use for the database name
database: ""
# -- key in existing Secret to use for the db's hostname
hostname: ""
# PostgreSQL chart configuration
# see: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
postgresql:
# -- enables bitnami postgresql subchart, you can disable to use external db
enabled: false
global:
postgresql:
# global.postgresql.auth overrides postgresql.auth
auth:
# -- username for database, ignored if existingSecret is passed in
username: "coturn"
# -- password for db, autogenerated if empty & existingSecret empty
password: ""
# -- database to create, ignored if existingSecret is passed in
database: "coturn"
# -- name of existing Secret to use for postgresql credentials
existingSecret: ""
# Names of the keys in existing secret to use for PostgreSQL credentials
# all of these are ignored if existingSecret is empty
secretKeys:
# -- key in existingSecret for database to create
hostname: "hostname"
# -- key in existingSecret for database to create
database: "database"
# -- key in exsiting Secret to use for the coturn user
username: "username"
# -- key in existing Secret to use for postgres admin user's password
adminPasswordKey: "postgresPassword"
# -- key in existing Secret to use for coturn user's password
userPasswordKey: "password"
primary:
initdb:
# -- ConfigMap with scripts to be run at first boot
scriptsConfigMap: ""
# MySQL chart configuration
# see: https://github.com/bitnami/charts/tree/main/bitnami/mysql
mysql:
# -- enables bitnami mysql subchart, you can disable to use external db
enabled: false
auth:
# -- username for database, ignored if existingSecret is passed in
username: "coturn"
# -- password for db, autogenerated if empty & existingSecret empty
password: ""
# -- database to create, ignored if existingSecret is passed in
database: "coturn"
# -- Use existing secret for password details.
# The secret has to contain the keys mysql-root-password, mysql-replication-password and mysql-password
existingSecret: ""
# Names of the keys in existing secret to use for MySQL credentials
secretKeys:
# -- key in exsiting Secret to use for the coturn user
username: "username"
# -- key in existing Secret to use for coturn user's password
password: "password"
# -- ConfigMap with the initdb scripts (Note: Overrides initdbScripts)
initdbScriptsConfigMap: initdb-scripts-config
# most coturn config parameters that you really need
coturn:
# -- hostname for the coturn server realm
realm: "turn.example.com"
auth:
# -- username for the main user of the turn server
username: "coturn"
# -- password for the main user of the turn server
password: ""
# -- existing secret with keys username/password for coturn
existingSecret: ""
secretKeys:
# -- key in existing secret for turn server user
username: username
# -- key in existing secret for turn server user's password
password: password
# -- coturn's listening IP address
listeningIP: "0.0.0.0"
ports:
# -- minimum ephemeral port for coturn
min: 49152
# -- maximum ephemeral port for coturn
max: 65535
# -- insecure listening port
listening: 3478
# -- secure listening port
tlsListening: 5349
# -- set the logfile. Defaults to stdout for use with kubectl logs
logFile: "stdout"
# -- extra configuration for turnserver.conf
extraTurnserverConfiguration: |
verbose
initContainer:
image:
# -- registry and repository for init container config generator image
repository: mikefarah/yq
# -- tag for init container config generator image
tag: latest
# k8s pod security context:
# https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
podSecurityContext:
# -- Enables Pod Security Context
enabled: true
# -- for all Containers in the Pod, all processes run as non-root
runAsNonRoot: true
# -- for all Containers in the Pod, all processes run w/ this userID
runAsUser: 1000
# -- for all Containers in the Pod, all processes run w/ this GroupID
runAsGroup: 1000
# -- all processes of the container are also part of the supplementary groupID
fsGroup: 1000
seccompProfile:
# -- Filter a process's system calls
type: "RuntimeDefault"
containerSecurityContext:
# -- Enables Security Context
enabled: true
capabilities:
# -- linux cabilities to allow for the coturn k8s pod
add: ["NET_BIND_SERVICE"]
# -- linux cabilities to disallow for the coturn k8s pod
drop: ["ALL"]
# -- allow modificatin to root filesystem
readOnlyRootFilesystem: false
# -- allow priviledged access
allowPrivilegeEscalation: false