image: repository: drumsergio/genieacs pullPolicy: IfNotPresent tag: "1.2.16.0" replicaCount: 1 service_http: type: ClusterIP port_http: 3000 service_cwmp: type: ClusterIP port_cwmp: 7547 service_nbi: type: ClusterIP port_nbi: 7557 service_fs: type: ClusterIP port_fs: 7567 ingress: enabled: false className: "" annotations: {} hosts: - host: genieacs.local paths: - path: / pathType: ImplementationSpecific tls: [] env: GENIEACS_UI_JWT_SECRET: changeme GENIEACS_CWMP_ACCESS_LOG_FILE: /var/log/genieacs/genieacs-cwmp-access.log GENIEACS_NBI_ACCESS_LOG_FILE: /var/log/genieacs/genieacs-nbi-access.log GENIEACS_FS_ACCESS_LOG_FILE: /var/log/genieacs/genieacs-fs-access.log GENIEACS_UI_ACCESS_LOG_FILE: /var/log/genieacs/genieacs-ui-access.log GENIEACS_DEBUG_FILE: /var/log/genieacs/genieacs-debug.yaml GENIEACS_EXT_DIR: /opt/genieacs/ext envFrom: [] # - secretRef: # name: genieacs-secrets extraEnvVars: [] # - name: GENIEACS_UI_JWT_SECRET # valueFrom: # secretKeyRef: # name: genieacs-jwt-secret # key: GENIEACS_UI_JWT_SECRET resources: limits: memory: 4Gi requests: cpu: 500m memory: 2Gi mongodb: enabled: true auth: enabled: false # When auth.enabled is true, the chart auto-constructs an authenticated URI. # If rootPassword is set here, the password is URL-encoded at template time # (safe for special characters like @, :, /, %). If left empty, the subchart # auto-generates an alphanumeric password resolved at runtime via secretKeyRef. # rootPassword: "" # existingSecret: "" # Use a pre-existing secret instead of the subchart's persistence: enabled: true size: 8Gi # Used when mongodb.enabled is false (bring your own MongoDB). # Recommended for production. The bundled MongoDB subchart is intended # for development and evaluation only. # # Provide connection details either: # a) directly via `url` (connection string includes credentials), or # b) via `existingSecret` + `secretKey`, which reads the connection # string from a Kubernetes Secret at pod start using valueFrom. # This is the right path for production because credentials stay # out of values files and out of the pod spec, and it integrates # with External Secrets Operator, Sealed Secrets, Vault, MongoDB # Atlas Operator, MongoDB Controllers for Kubernetes (MCK), the # Percona Operator, etc. # # If both are set, `existingSecret` takes precedence. externalMongodb: url: "" existingSecret: "" secretKey: "connectionString" persistence: enabled: true accessModes: - ReadWriteOnce size: 5Gi # storageClass: "" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podSecurityContext: fsGroup: 999 runAsNonRoot: false runAsUser: 0 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL add: - SETUID - SETGID readOnlyRootFilesystem: false # Note: Container starts as root for cron, then drops to genieacs via gosu runAsNonRoot: false runAsUser: 0 livenessProbe: enabled: true httpGet: path: / port: http initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: enabled: true httpGet: path: / port: http initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 podDisruptionBudget: enabled: false minAvailable: 1 # maxUnavailable: 1 nodeSelector: {} tolerations: [] affinity: {}