-
Notifications
You must be signed in to change notification settings - Fork 3
/
values.yaml
255 lines (243 loc) · 7.94 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
#
# Copyright contributors to the Galasa project
#
# SPDX-License-Identifier: EPL-2.0
#
#
# The external hostname that the Galasa services can be accessed on via Ingress,
# must be a valid DNS hostname without a URL scheme (i.e. without "https://").
#
externalHostname: "example.com"
#
# The version of Galasa you want to run with, it is better that you do not use "latest" to ensure
# all the components are running the same version and a controlled upgrade can be performed
#
galasaVersion: "0.38.0"
#
#
#
# Name of the galasa service which will be shown as the title of the web user interface page.
# Any bookmarks taken by users in their browsers will also receive this name.
# Making this name distict helps users identify which Galasa service they are using.
# If they are all called the same thing, users with access to multiple systems may find that
# confusing.
# It is RECOMMENDED that this value is changed to be unique,
# For example: Galasa Service XYZ
#
galasaServiceName: Galasa Service
#
#
#
# The container registry the Galasa images can be found in
#
galasaRegistry: "icr.io/galasadev"
#
#
# The name of the Docker image that contains Galasa's boot.jar file to launch ecosystem services
#
galasaBootImage: "galasa-boot-embedded-amd64"
#
# The maximum number of automation engines the Engine Controller will start at one time
#
maxEngines: "10"
#
#
# The name of the Docker image that launches Galasa's web UI
#
galasaWebUiImage: "galasa-ui"
#
#
#
# Optional. The label of a Kubernetes node that the engine controller should
# have an affinity for. If possible, the engine controller will schedule
# Galasa runs on this node.
#
# Example value: "galasa-engines"
#
k8sNodePreferredAffinity: ""
#
#
#
# Optional. The definition of a Kubernetes node taint toleration behaviour.
# You may wish to prevent other workloads from being scheduled on your dedicated
# Galasa k8s nodes. This can be achieved by tainting the Galasa k8s nodes. If this
# has been done, you will need to define a toleration for your Galasa pods so that
# they can schedule on the tainted nodes.
#
# The value should define a node label, an operator and a condition.
#
# Example value: "galasa-engines=Exists:NoSchedule"
#
# In the above example, any node which has the label "galasa-engines" with a
# "NoSchedule" taint should be tolerated, resulting in the Galasa test pods
# having exclusive access to run on this node.
#
k8sNodeTolerations: ""
#
#
# The pull policy to be used for the Galasa images, only useful for Galasa development purposes
#
pullPolicy: "IfNotPresent"
#
#
# The architecture the pods will be run on, at the moment, only amd64 is supported
#
architecture: amd64
#
#
# Any nodeselectors you wish to use to restrict the nodes the pods will run on
#
nodeSelectors: {}
#
#
# The storage class to be used for persistent volumes
#
storageClass: ""
#
#
# The number of hours worth of etcd history to retain when etcd is compacted
#
etcdHistoryRetention: 10
#
#
# The size of the persistent volumes for the data stores
#
etcdDiskSize: "30Gi"
couchdbDiskSize: "10Gi"
catalogDiskSize: "1Gi"
#
#
# The image names and versions for the non-Galasa images
#
etcdImage: "quay.io/coreos/etcd:v3.2.25"
couchdbImage: "couchdb:3.3.3"
dexImage: "ghcr.io/dexidp/dex:v2.38.0"
kubectlImage: "bitnami/kubectl:1.28"
#
#
# Values related to the encryption of Galasa secrets
#
encryption:
# Optional. The name of an existing Kubernetes Secret that contains
# a set of encryption keys in the following YAML format:
#
# encryption-keys.yaml: |
# encryptionKey: <current-encryption-key>
# fallbackDecryptionKeys:
# - <fallback-key-1>
# - <fallback-key-2>
#
keysSecretName: ""
#
#
# A list of origins that are allowed to receive responses from the Galasa API server.
# To limit the origins to a set of domains, you can use a wildcard (*) value.
#
# For example, to allow all subdomains of example.com, you can use the following value:
# allowedOrigins:
# - "*.example.com"
#
# By default, all origins are allowed.
#
allowedOrigins:
- "*"
#
#
# Values to enable and configure the use of ingress
# Note: The externalHostname value must be a valid DNS name for ingress to be used.
#
ingress:
# The IngressClass to use for ingresses
ingressClassName: "nginx"
# Values to configure the use of TLS in ingresses. For example:
# tls:
# - hosts:
# - "*.example.com"
# secretName: mysecret
tls: {}
# Optional - The name of the Secret containing root and intermediate CA certificates in a single .pem file.
caCertSecretName: ""
# Annotations to be added to ingresses. For example:
# annotations:
# nginx.ingress.kubernetes.io/proxy-body-size: "0"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
annotations: {}
#
#
# Values to configure the ecosystem's use of Dex
#
dex:
# `configSecret` contains values as to whether a new Kubernetes Secret containing the Dex configuration
# should be created, or if an existing Secret containing should be used.
configSecret:
# Enables the creation of a Kubernetes Secret using the values provided in `config` if set to true.
# If set to false, you must provide a value for `secretName` that corresponds to an existing Secret.
create: true
# The name of the Kubernetes Secret containing the Dex configuration to mount within the Dex deployment.
# `secretName` must point to a Secret containing a "config.yaml" key and a valid Dex configuration in YAML format.
# If `secretName` is provided and `create` is set to true, then the given name will be ignored and a new Secret
# named "<release-name>-dex-config" will be created.
secretName: ""
# Optional - `envFrom` represents a list of additional environment variables mounted from Kubernetes Secrets or ConfigMaps
# into the Dex Deployment.
# If you would like to mount an additional environment variable from a Secret or ConfigMap, provide the name of the
# resource in the `envFrom` list. For example:
# envFrom:
# - secretRef:
# name: github-oauth-app-secret
# - configMapRef:
# name: my-env-configmap
envFrom: []
# An ordered list of JSON Web Token (JWT) claims to use when Galasa sets the requestor of a test.
# The first JWT claim that is matched will be used as the requestor of a test.
#
# For example, given a JWT that includes the following claims:
# {
# "iss": "https://example.com/dex",
# "sub": "my-user-id",
# "aud": "my-client",
# "exp": 1234567890,
# "iat": 1234567890,
# "name": "John Doe",
# "preferred_username": "johndoe"
# }
#
# If the `usernameClaims` value is set to:
#
# usernameClaims:
# - name
# - preferred_username
# - sub
#
# then the "name" claim will be matched first, and the value "John Doe" will be taken as the requestor of a test.
#
# By default, the order that will be applied is as follows:
# 1. "preferred_username"
# 2. "name"
# 3. "sub"
#
# Different Dex connectors may return different claims within issued JWTs. For details on which JWT claims are
# supported by Dex, refer to the [Dex documentation](https://dexidp.io/docs/custom-scopes-claims-clients).
usernameClaims:
- "preferred_username"
- "name"
- "sub"
# The Dex configuration - See the [Dex documentation](https://dexidp.io/docs) for more information.
# By default, etcd is used as the storage option for the Galasa Ecosystem.
config:
issuer: "http://example.com/dex"
# Connectors to upstream identity providers that users can authenticate with.
# See the [Dex documentation](https://dexidp.io/docs/connectors) for a list
# of connectors supported by Dex.
connectors: []
# OAuth 2.0 configuration values. By default, Dex has been configured to skip the additional
# access approval screen after logging in to the Galasa Ecosystem.
oauth2:
skipApprovalScreen: true
# Token expiry configuration
expiry:
idTokens: 24h
refreshTokens:
reuseInterval: 8760h # 1 year
validIfNotUsedFor: 8760h # 1 year
eventStreamsSecretName: "event-streams-token"