values.yaml

## Default values for Portus Helm Chart.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.

## Default values for Portus
##
portus:
  replicas: 1

  ## Image configuration.
  ##
  image:
    repository: "opensuse/portus"
    tag: "2.3"
    pullPolicy: "IfNotPresent"

  ## Service configuration.
  ##
  service:
    port: "3000"

  ## Resource configuration.
  ##
  resources:
    requests:
      memory: "512Mi"
      cpu: "300m"

  ## Portus database configuration.
  dbAdapter: "mysql2"

  ## only set db values if using existing database deployment
  ##
  # dbHost
  # dbDatabase:
  # dbUsername:
  # dbPassword:

  ## Defaults to a random 10-character alphanumeric string if not set
  ##
  # password:

  ## Defaults to a random 10-character alphanumeric string if not set
  ## Password used for mariadb connection
  # productionPassword: not-a-secure-password

  ## Defaults to a random 128-character alphanumeric string if not set
  ##
  # secretKeyBase:

  env:
    ## http://port.us.org/docs/debugging.html
    ## The available log levels are: debug, info, warn, error, fatal and unknown
    log_level: info

  ## config
  ##
  config:
    email:
      from: "portus@example.com"
      name: "Portus"
      reply_to: "no-reply@example.com"
      smtp:
        enabled: false
        address: smtp.example.com
        port: 587
        domain: example.com
        username: username@example.com
        password: not-a-password
    gravatar: true  # If enabled, then the profile picture will be picked from the Gravatar
    delete: true  # Allow admins and owners to delete images and tags

    ## LDAP support. If enabled, then only users of the specified LDAP server will
    ## be able to use Portus. Take a look at the documentation of LDAP support in our
    ## online docs: http://port.us.org/features/2_LDAP-support.html.
    ldap:
      enabled: false
      url:
      port:

      # Available options: "plain", "simple_tls" and "starttls". The default is
      # "plain", the recommended is "starttls".
      method: plain
      # The base where users are located (e.g. "ou=users,dc=example,dc=com").
      base:
      # User filter (e.g. "mail=george*").
      filter:
      # The LDAP attribute where to search for username. The default is 'uid'.
      uid:
      # LDAP credentials used to search for a user.
      authentication:
        enabled: false
        bind_dn:
        password:

      # Portus needs an email for each user, but there's no standard way to get
      # that from LDAP servers. You can tell Portus how to get the email from users
      # registered in the LDAP server with this configurable value. There are three
      # possibilities:
      #
      #   - disabled: this is the default value. It means that Portus won't do a
      #     thing when registering LDAP users (users will be redirected to their
      #     profile page until they setup an email account).
      #   - enabled where "attr" is empty: for this you need "ldap.base" to have
      #     some value. In this case, the hostname will be guessed from the domain
      #     component of the provided base string. For example, for the dn:
      #     "ou=users,dc=example,dc=com", and a user name "user", the resulting
      #     email is "user@example.com".
      #   - enabled where "attr" is not empty: with this you specify the attribute
      #     inside a LDIF record where the email is set.
      #
      # If something goes wrong when trying to guess the email, then it just falls
      # back to the default behavior (empty email).
      guess_email:
        enabled: false
        attr:

    first_user_admin: true # First user signing up will be admin
    signup: true  # If enabled, then users can signup with the signup form
    display_name: false  # Allow users to have different display names on the web site
    user_permission:
      change_visibility: true  # Allow users to change the visibility or their personal namespace
      create_team: true # Allow users to create teams
      manage_team: true  # Allow users to create/modify teams if they are an owner of it
      create_namespace: true # Allow users to create namespaces
      manage_namespace: true  # Allow users to create/modify namespaces if they are an owner of it

    oauth:
      # If enabled, users can authenticate with their Google Account.
      # Callback url: <host>/users/auth/google_oauth2/callback
      google_oauth2:
        enabled: false
        id:
        secret:
        domain:
        options:
          hd:

      # OpenID authentication support. If enabled, then users can authenticate with OpenID/Connect
      # Callback url: <host>/users/auth/open_id/callback
      open_id:
        enabled: false
        identifier:
        domain:

      # Github authentication support.
      # Callback url: <host>/users/auth/github/callback
      github:
        enabled: false
        client_id:
        client_secret:
        organization:
        team:
        domain:

      # Gitlab authentication support.
      # Callback url: <host>/users/auth/gitlab/callback
      gitlab:
        enabled: false
        application_id:
        secret:
        group:
        domain:
        server:

      # Bitbucket authentication support. Need permission to read email.
      # Callback url: <host>/users/auth/bitbucket/callback
      bitbucket:
        enabled: false
        key:
        secret:
        domain:
        options:
          team:

    security:
      clair:
        server: "" # This is only guaranteed to work for v2.0.x releases of Clair
        health_port: 6061 # Port being used by Clair to report its status
      zypper:
        server: "" #  support for this is experimental since this functionality has not been merged into master yet in zypper-docker
    anonymous_browsing: true # Allow anonymous (non-logged-in) users to explore the images available in your Docker Registry

  ## TLS configuration
  ## the internal host names of the portus, registry and nginx service must be covered by the key/cert in order for TLS to work properly
  ##
  tls:
    enabled: false

    ## must include key if using tls
    ##
    # key:

    ## must include certificate if using tls
    ##
    # cert:

    ## must include signing authority cert
    ##
    # cacert:

  ## background processing
  ##
  background:
    enabled: true
    resources:
      requests:
        memory: "512Mi"
        cpu: "300m"

## Default values for Docker Registry.
##
registry:
  replicas: 1
  mountPath: "/storage"

  ## persistence configuration.
  ##
  persistence:
    enabled: false
    accessMode: "ReadWriteOnce"
    size: "10Gi"

  ## image configuration.
  # #
  image:
    repository: "library/registry"
    tag: "2.6.2"
    pullPolicy: "IfNotPresent"

  ## Service configuration.
  ##
  service:
    port: "5000"
    debugPort: "5001"

  ## Resource configuration.
  ##
  resources:
    requests:
      memory: "512Mi"
      cpu: "300m"

## Default values for Ingress.
##
ingress:
  enabled: true

  host: registry.example.com
  port: 443
  
  ## Anntations to be added to the web ingress
  ##
  annotations: {}
## For NginxIngress
##    nginx.ingress.kubernetes.io/proxy-body-size: "0"
##    nginx.ingress.kubernetes.io/load-balance: "least_conn"
##    nginx.ingress.kubernetes.io/server-snippet: |
##      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
##      add_header X-Frame-Options DENY;
##      add_header X-Content-Type-Options nosniff;
##      add_header X-XSS-Protection "1; mode=block";
##      chunked_transfer_encoding on;      
##    nginx.ingress.kubernetes.io/configuration-snippet: if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { return 404; }
      

  ## TLS configuration
  ## the ingress host must be covered by the key/cert in order for TLS to work properly
  ##
  tls:
    enabled: false

    ## Secrets containing SSL key and cert must be manually created in the namespace
    ##
    # secretName: "portus-tls"

    ## must include key if using tls
    ##
    # key:

    ## must include certificate if using tls
    ##
    # cert:

    ## must include signing authority cert
    ##
    # cacert:
    



## Default values for Mariadb.
##
mariadb:
  ## Use Mariadb chart dependency
  ## Set to false if using your own Mariadb
  ##
  enabled: true

  ## persistence configuration.
  ##
  persistence:
    enabled: false
    # storageClass: "-"
    accessMode: "ReadWriteOnce"
    size: "8Gi"

  ## Configuration values for Mariadb.
  ## must match Portus database values.
  ##
  db:
    user: "portus"
    name: "portus"
    ## Defaults to 
    ##password: {}


## REdis cache for Registry
##
redis:
  enabled: true

  cluster:
    enabled: false
    
  usePassword: false

  persistance:
    enabled: true
    size: 6Gi

## Postgres For Clair    
postgresql:
  ## postgresUser:
  ## postgresPassword:
  postgresDatabase: clair
  persistence:
    enabled: true
    size: 10Gi
    accessMode: ReadWriteOnce
    
## 
clair:
  enabled: true
  image: 
    repository: quay.io/coreos/clair-git
    tag: latest
    pullPolicy: IfNotPresent

  resources:
    requests:
      memory: 256Mi
      cpu: 100m
  env: {}