pub/charts
1
0
Fork 0
Code Issues Pull requests Releases Packages 19 Activity Actions

fix(penpot) cleanup and fix syntax errors. Add a little more to the docs.

Browse source
This commit is contained in:
Tommy 2023-12-25 20:05:17 +01:00
parent 4685f5d908
commit d0740f06f5
No known key found for this signature in database
5 changed files with 39 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.org
View file

@ -86,7 +86,8 @@ So what makes this repo different from others? It is KISS and Safe of course.
- We only support the current major version of Kubernetes and the application - We only support the current major version of Kubernetes and the application
- Always enable service accounts - Always enable service accounts
- Use semver for versioning - Use semver for versioning
- A chart should install on a small scale with default values
- All charts are validated for structure and syntax before compilation
If you see a chart that does not comply with these principles, please open an issue. If you see a chart that does not comply with these principles, please open an issue.
*** 🧑‍💻 Usage *** 🧑‍💻 Usage

22
charts/penpot/templates/deployment-backend.yaml
View file

@ -9,25 +9,21 @@ spec:
replicas: {{ .Values.backend.replicaCount }} replicas: {{ .Values.backend.replicaCount }}
selector: selector:
matchLabels: matchLabels:
{{- include "penpot.backendSelectorLabels" . | nindent 6 }} app: {{ include "penpot.fullname" . }}-backend
template: template:
metadata: metadata:
labels: labels:
{{- include "penpot.backendSelectorLabels" . | nindent 8 }} app: {{ include "penpot.fullname" . }}-backend
spec: spec:
serviceAccountName: {{ include "penpot.serviceAccountName" . }} serviceAccountName: {{ include "penpot.serviceAccountName" . }}
securityContext: securityContext:
podSecurityContext: fsGroup: 1001
enabled: true
fsGroup: 1001
containers: containers:
- name: {{ .Chart.Name }}-backend - name: {{ .Chart.Name }}-backend
image: image: "penpotapp/backend:{{ .Values.penpotVersion }}"
repository: "penpotapp/backend:{{ .Values.penpotVersion.tag }}" imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent securityContext:
containerSecurityContext:
enabled: true
runAsUser: 1001 runAsUser: 1001
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@ -41,11 +37,11 @@ spec:
readOnly: false readOnly: false
env: env:
- name: PENPOT_PUBLIC_URI - name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }} value: {{ .Values.publicURL | quote }}
- name: PENPOT_FLAGS - name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}" value: "$PENPOT_FLAGS {{ .Values.flags }}"
- name: PENPOT_TELEMETRY_ENABLED - name: PENPOT_TELEMETRY_ENABLED
value: false value: "false"
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.registrationDomainWhitelist | quote }} value: {{ .Values.registrationDomainWhitelist | quote }}
envFrom: envFrom:

28
charts/penpot/templates/deployment-exporter.yaml
View file

@ -7,35 +7,37 @@ metadata:
{{- include "penpot.labels" . | nindent 4 }} {{- include "penpot.labels" . | nindent 4 }}
spec: spec:
replicas: {{ .Values.exporter.replicaCount }} replicas: {{ .Values.exporter.replicaCount }}
selector:
matchLabels:
app: {{ include "penpot.fullname" . }}-exporter
template: template:
metadata:
labels:
app: {{ include "penpot.fullname" . }}-exporter
spec: spec:
serviceAccountName: {{ include "penpot.serviceAccountName" . }} serviceAccountName: {{ include "penpot.serviceAccountName" . }}
securityContext: securityContext:
podSecurityContext: fsGroup: 1001
enabled: true
fsGroup: 1001
readOnlyRootFilesystem: false
runAsNonRoot: true
containers: containers:
- name: {{ .Chart.Name }}-exporter - name: {{ .Chart.Name }}-exporter
image: image: "penpotapp/exporter:{{ .Values.penpotVersion }}"
repository: "penpotapp/exporter:{{ .Values.penpotVersion.tag }}" imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent securityContext:
containerSecurityContext:
enabled: true
runAsUser: 1001 runAsUser: 1001
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: drop:
- all - all
readOnlyRootFilesystem: false
runAsNonRoot: true
env: env:
- name: PENPOT_PUBLIC_URI - name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }} value: {{ .Values.publicURL | quote }}
- name: PENPOT_FLAGS - name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}" value: "$PENPOT_FLAGS {{ .Values.flags }}"
- name: PENPOT_TELEMETRY_ENABLED - name: PENPOT_TELEMETRY_ENABLED
value: false value: "false"
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.registrationDomainWhitelist | quote }} value: {{ .Values.registrationDomainWhitelist | quote }}
envFrom: envFrom:

21
charts/penpot/templates/deployment-frontend.yaml
View file

@ -7,19 +7,22 @@ metadata:
{{- include "penpot.labels" . | nindent 4 }} {{- include "penpot.labels" . | nindent 4 }}
spec: spec:
replicas: {{ .Values.frontend.replicaCount }} replicas: {{ .Values.frontend.replicaCount }}
selector:
matchLabels:
app: {{ include "penpot.fullname" . }}-frontend
template: template:
metadata:
labels:
app: {{ include "penpot.fullname" . }}-frontend
spec: spec:
serviceAccountName: {{ include "penpot.serviceAccountName" . }} serviceAccountName: {{ include "penpot.serviceAccountName" . }}
securityContext: securityContext:
podSecurityContext: fsGroup: 1001
enabled: true
fsGroup: 1001
containers: containers:
- name: {{ .Chart.Name }}-frontend - name: {{ .Chart.Name }}-frontend
image: "penpotapp/frontend:{{ .Values.penpotVersion.tag }}" image: "penpotapp/frontend:{{ .Values.penpotVersion }}"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
containerSecurityContext: securityContext:
enabled: true
runAsUser: 1001 runAsUser: 1001
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@ -29,11 +32,11 @@ spec:
runAsNonRoot: true runAsNonRoot: true
env: env:
- name: PENPOT_PUBLIC_URI - name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }} value: {{ .Values.publicURL | quote }}
- name: PENPOT_FLAGS - name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}" value: "$PENPOT_FLAGS {{ .Values.flags }}"
- name: PENPOT_TELEMETRY_ENABLED - name: PENPOT_TELEMETRY_ENABLED
value: false value: "false"
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.registrationDomainWhitelist | quote }} value: {{ .Values.registrationDomainWhitelist | quote }}
envFrom: envFrom:

2
charts/penpot/values.yaml
View file

@ -1,7 +1,7 @@
envFromSecret: penpot-secret envFromSecret: penpot-secret
penpotVersion: 1.19.3 penpotVersion: 1.19.3
publicURI: "http://localhost:8080" publicURL: "http://localhost:8080"
registrationDomainWhitelist: "localhost" registrationDomainWhitelist: "localhost"
flags: "enable-registration enable-login disable-demo-users disable-demo-warning disable-secure-session-cookies" flags: "enable-registration enable-login disable-demo-users disable-demo-warning disable-secure-session-cookies"