# yaml-language-server: $schema=values.schema.json ## Default values for Penpot global: # -- Whether to deploy the Application Collection PostgreSQL chart as subchart. Check [the chart](https://apps.rancher.io/applications/postgresql) README for configuration. # @section -- Global parameters postgresqlEnabled: true # -- Whether to deploy the Application Collection Redis chart as subchart. Check [the chart](https://apps.rancher.io/applications/redis) README for configuration. # @section -- Global parameters redisEnabled: true # -- Global override for container image registry pull secrets # @section -- Global parameters imagePullSecrets: - name: application-collection # -- Global override for container image registry # @section -- Global parameters imageRegistry: "" # -- To partially override common.names.fullname # @section -- Common parameters nameOverride: "" # -- To fully override common.names.fullname # @section -- Common parameters fullnameOverride: "" serviceAccount: # -- Specifies whether a ServiceAccount should be created. # @section -- Common parameters enabled: true # -- Annotations for service account. Evaluated as a template. # @section -- Common parameters annotations: {} # -- The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. # @section -- Common parameters name: "penpot" config: # -- The public domain to serve Penpot on. # **IMPORTANT:** Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. # @section -- Configuration parameters publicUri: "http://penpot.example.com" # -- The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. # @section -- Configuration parameters flags: " enable-login-with-password disable-email-verification enable-smtp" # -- A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example. # @section -- Configuration parameters apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg" # -- The name of an existing secret. # @section -- Configuration parameters existingSecret: "" secretKeys: # -- The api secret key to use from an existing secret. # @section -- Configuration parameters apiSecretKey: "" # -- Comma separated list of allowed domains to register. Empty to allow all domains. # @section -- Configuration parameters registrationDomainWhitelist: "" # -- Whether to enable sending of anonymous telemetry data. # @section -- Configuration parameters telemetryEnabled: true # -- Add custom resolver for frontend. e.g. 192.168.1.1 # @section -- Configuration parameters internalResolver: "" # -- Url adress to Terms of Services (empty to hide the link) # @section -- Configuration parameters termsOfServicesUri: "" # -- Url adress to Privacy Policy (empty to hide the link) # @section -- Configuration parameters privacyPolicyUri: "" postgresql: # -- The PostgreSQL host to connect to. Empty to use dependencies. # @section -- Configuration parameters host: "penpot-postgresql" # -- The PostgreSQL host port to use. # @section -- Configuration parameters port: 5432 # -- The database username to use. # @section -- Configuration parameters username: "penpot" # -- The database password to use. # @section -- Configuration parameters password: "penpot" # -- The PostgreSQL database to use. # @section -- Configuration parameters database: "penpot" # -- The name of an existing secret. # @section -- Configuration parameters existingSecret: "" secretKeys: # -- The postgresql uri key to use from an existing secret. (postgresql://host:port/database). # @section -- Configuration parameters postgresqlUriKey: "" # -- The username key to use from an existing secret. # @section -- Configuration parameters usernameKey: "" # -- The password key to use from an existing secret. # @section -- Configuration parameters passwordKey: "" redis: # -- The Redis host to connect to. Empty to use dependencies # @section -- Configuration parameters host: "penpot-redis-headless" # -- The Redis host port to use. # @section -- Configuration parameters port: 6379 # -- The Redis database to connect to. # @section -- Configuration parameters database: "0" # -- The Redis password to use. # @section -- Configuration parameters password: "penpot-redis" # -- The name of an existing secret. # @section -- Configuration parameters existingSecret: "" secretKeys: # -- The redis uri key to use from an existing secret. (redis://:password@host:port/database). # @section -- Configuration parameters redisUriKey: "" objectsStorage: # -- The storage backend for different objects (assets, old data...) to use. Use `fs` for filesystem, and `s3` for S3. # @section -- Configuration parameters storageBackend: "s3" filesystem: # -- The storage directory to use if you chose the filesystem storage backend. # @section -- Configuration parameters directory: "/opt/data/assets" s3: # -- The S3 access key ID to use if you chose the S3 storage backend. # @section -- Configuration parameters accessKeyID: "penpot" # -- The S3 secret access key to use if you chose the S3 storage backend. # @section -- Configuration parameters secretAccessKey: "penpot-secret-key" # -- The S3 region to use if you chose the S3 storage backend. # @section -- Configuration parameters region: "us-east-1" # -- The name of the S3 bucket to use if you chose the S3 storage backend. # @section -- Configuration parameters bucket: "penpot-assets" # -- The S3 endpoint URI to use if you chose the S3 storage backend. # @section -- Configuration parameters endpointURI: "http://minio:9000" # -- The name of an existing secret. # @section -- Configuration parameters existingSecret: "" secretKeys: # -- The S3 access key ID to use from an existing secret. # @section -- Configuration parameters accessKeyIDKey: "" # -- The S3 secret access key to use from an existing secret. # @section -- Configuration parameters secretAccessKey: "" # -- The S3 endpoint URI to use from an existing secret. # @section -- Configuration parameters endpointURIKey: "" # -- Define the strategy (backend) for internal file data storage of Penpot. Use "legacy-db" (default) the current behaviour, "db" to use an specific table in the database (future default) and "storage" to use the predefined objects storage system (S3, file system,...) # @section -- Configuration parameters fileDataBackend: "legacy-db" smtp: # -- Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. # @section -- Configuration parameters enabled: false # -- The SMTP default email to send from. # @section -- Configuration parameters defaultFrom: "" # -- The SMTP default email to reply to. # @section -- Configuration parameters defaultReplyTo: "" # -- The SMTP host to use. # @section -- Configuration parameters host: "" # -- The SMTP host port to use. # @section -- Configuration parameters port: "" # -- The SMTP username to use. # @section -- Configuration parameters username: "" # -- The SMTP password to use. # @section -- Configuration parameters password: "" # -- Whether to use TLS for the SMTP connection. # @section -- Configuration parameters tls: true # -- Whether to use SSL for the SMTP connection. # @section -- Configuration parameters ssl: false # -- The name of an existing secret. # @section -- Configuration parameters existingSecret: "" secretKeys: # -- The SMTP username to use from an existing secret. # @section -- Configuration parameters usernameKey: "" # -- The SMTP password to use from an existing secret. # @section -- Configuration parameters passwordKey: "" providers: google: # -- Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. # @section -- Configuration parameters enabled: false # -- The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. # @section -- Configuration parameters clientID: "" # -- The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. # @section -- Configuration parameters clientSecret: "" github: # -- Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. # @section -- Configuration parameters enabled: false # -- The GitHub client ID to use. # @section -- Configuration parameters clientID: "" # -- The GitHub client secret to use. # @section -- Configuration parameters clientSecret: "" gitlab: # -- Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. # @section -- Configuration parameters enabled: false # -- The GitLab base URI to use. # @section -- Configuration parameters baseURI: "https://gitlab.com" # -- The GitLab client ID to use. # @section -- Configuration parameters clientID: "" # -- The GitLab client secret to use. # @section -- Configuration parameters clientSecret: "" oidc: # -- Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. # @section -- Configuration parameters enabled: false # -- The OpenID Connect base URI to use. # @section -- Configuration parameters baseURI: "" # -- The OpenID Connect client ID to use. # @section -- Configuration parameters clientID: "" # -- The OpenID Connect client secret to use. # @section -- Configuration parameters clientSecret: "" # -- Optional OpenID Connect auth URI to use. Auto discovered if not provided. # @section -- Configuration parameters authURI: "" # -- Optional OpenID Connect token URI to use. Auto discovered if not provided. # @section -- Configuration parameters tokenURI: "" # -- Optional OpenID Connect user URI to use. Auto discovered if not provided. # @section -- Configuration parameters userURI: "" # -- Optional OpenID Connect roles to use. If no role is provided, role checking is disabled (default role values are set below, to disable role verification, send an empty string). # @section -- Configuration parameters roles: "designer developer" # -- Optional OpenID Connect roles attribute to use. If not provided, the role checking will be disabled. # @section -- Configuration parameters rolesAttribute: "" # -- Optional OpenID Connect scopes to use. These settings allow overwriting the required scopes, use with caution because penpot requires at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. # @section -- Configuration parameters scopes: "scope1 scope2" # -- Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. # @section -- Configuration parameters nameAttribute: "" # -- Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. # @section -- Configuration parameters emailAttribute: "" ldap: # -- Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. # @section -- Configuration parameters enabled: false # -- The LDAP host to use. # @section -- Configuration parameters host: "ldap" # -- The LDAP port to use. # @section -- Configuration parameters port: 10389 # -- Whether to use SSL for the LDAP connection. # @section -- Configuration parameters ssl: false # -- Whether to utilize StartTLS for the LDAP connection. # @section -- Configuration parameters startTLS: false # -- The LDAP base DN to use. # @section -- Configuration parameters baseDN: "ou=people,dc=planetexpress,dc=com" # -- The LDAP bind DN to use. # @section -- Configuration parameters bindDN: "uid=admin,ou=people,dc=planetexpress,dc=com" # -- The LDAP bind password to use. # @section -- Configuration parameters bindPassword: "GoodNewsEveryone" # -- The LDAP user query to use. # @section -- Configuration parameters userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))" # -- The LDAP attributes username to use. # @section -- Configuration parameters attributesUsername: "uid" # -- The LDAP attributes email to use. # @section -- Configuration parameters attributesEmail: "mail" # -- The LDAP attributes fullname to use. # @section -- Configuration parameters attributesFullname: "cn" # -- The LDAP attributes photo format to use. # @section -- Configuration parameters attributesPhoto: "jpegPhoto" # -- The name of an existing secret to use. # @section -- Configuration parameters existingSecret: "" secretKeys: # -- The Google client ID key to use from an existing secret. # @section -- Configuration parameters googleClientIDKey: "" # -- The Google client secret key to use from an existing secret. # @section -- Configuration parameters googleClientSecretKey: "" # -- The GitHub client ID key to use from an existing secret. # @section -- Configuration parameters githubClientIDKey: "" # -- The GitHub client secret key to use from an existing secret. # @section -- Configuration parameters githubClientSecretKey: "" # -- The GitLab client ID key to use from an existing secret. # @section -- Configuration parameters gitlabClientIDKey: "" # -- The GitLab client secret key to use from an existing secret. # @section -- Configuration parameters gitlabClientSecretKey: "" # -- The OpenID Connect client ID key to use from an existing secret. # @section -- Configuration parameters oidcClientIDKey: "" # -- The OpenID Connect client secret key to use from an existing secret. # @section -- Configuration parameters oidcClientSecretKey: "" # -- The LDAP admin bind password to use from an exsiting secret # @section -- Configuration parameters ldapBindPasswordKey: "" autoFileSnapshot: # -- How many changes before generating a new snapshot. You also need to add the 'auto-file-snapshot' flag to the PENPOT_FLAGS variable. # @section -- Configuration parameters every: 5 # Every 5 changes # -- If there isn't a snapshot during this time, the system will generate one automatically. You also need to add the 'auto-file-snapshot' flag to the PENPOT_FLAGS variable. # @section -- Configuration parameters timeout: "3h" # -- Specify any additional environment values you want to provide to all the containers (frontend, backend and exporter) in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) # @section -- Configuration parameters extraEnvs: [] assets: filesystem: # -- The storage directory to use if you chose the filesystem storage backend. # @section -- Configuration parameters directory: "/opt/data/assets" backend: image: # -- Image repository to use for the Backend container # @section -- Backend parameters repository: containers/penpot-backend # -- Image tag to use for the Backend container # @section -- Backend parameters tag: 2.11.1-6.33 # -- The image pull policy to use. # @section -- Backend parameters pullPolicy: IfNotPresent # -- Image registry to use for the Backend container # @section -- Backend parameters registry: dp.apps.rancher.io # -- The number of replicas to deploy. # @section -- Backend parameters replicaCount: 1 service: # -- The http service type to create. # @section -- Backend parameters type: ClusterIP # -- The http service port to use. # @section -- Backend parameters port: 6060 # -- Mapped annotations for the backend service # @section -- Backend parameters annotations: {} # -- An optional map of annotations to be applied to the controller Deployment # @section -- Backend parameters deploymentAnnotations: {} # -- An optional map of labels to be applied to the controller Pods # @section -- Backend parameters podLabels: {} # -- An optional map of annotations to be applied to the controller Pods # @section -- Backend parameters podAnnotations: {} # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) # @section -- Backend parameters podSecurityContext: fsGroup: 1001 # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) # @section -- Backend parameters containerSecurityContext: runAsUser: 1001 allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: false runAsNonRoot: true # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) # @section -- Backend parameters affinity: {} # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) # @section -- Backend parameters nodeSelector: {} # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) # @section -- Backend parameters tolerations: [] # -- Penpot backend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) # @section -- Backend parameters resources: # -- The resources limits for the Penpot backend containers # @section -- Backend parameters limits: {} # -- The requested resources for the Penpot backend containers # @section -- Backend parameters requests: {} # -- Startup probe for the Penpot backend containers. Tolerates up to 30 * 10 = 300 seconds = 5 Minutes. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes) # @section -- Backend parameters startupProbe: httpGet: path: /readyz port: http failureThreshold: 30 periodSeconds: 10 # -- Configure Pod Disruption Budget for the backend pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) # @section -- Backend parameters pdb: # -- Enable Pod Disruption Budget for the backend pods. # @section -- Backend parameters enabled: false # -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%"). # @section -- Backend parameters minAvailable: # -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%"). # @section -- Backend parameters maxUnavailable: # -- Specify any additional environment values you want to provide to the backend container in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) # @section -- Backend parameters extraEnvs: [] # -- Extra volumes to be made available. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) # @section -- Backend parameters volumes: [] # -- Extra volumes to be mounted in the countainer. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) # @section -- Backend parameters volumeMounts: [] frontend: image: # -- Image repository to use for the Frontend container # @section -- Frontend parameters repository: containers/penpot-frontend # -- Image tag to use for the Frontend container # @section -- Frontend parameters tag: 2.11.1-5.26 # -- The image pull policy to use. # @section -- Frontend parameters pullPolicy: IfNotPresent # -- Image registry to use for the Frontend container # @section -- Frontend parameters registry: dp.apps.rancher.io # -- The number of replicas to deploy. # @section -- Frontend parameters replicaCount: 1 service: # -- The service type to create. # @section -- Frontend parameters type: ClusterIP # -- The service port to use. # @section -- Frontend parameters port: 8080 # -- Mapped annotations for the frontend service # @section -- Frontend parameters annotations: {} # -- An optional map of annotations to be applied to the controller Deployment # @section -- Frontend parameters deploymentAnnotations: {} # -- An optional map of labels to be applied to the controller Pods # @section -- Frontend parameters podLabels: {} # -- An optional map of annotations to be applied to the controller Pods # @section -- Frontend parameters podAnnotations: {} # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) # @section -- Frontend parameters podSecurityContext: fsGroup: 1001 # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) # @section -- Frontend parameters containerSecurityContext: runAsUser: 1001 allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: false runAsNonRoot: true # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) # @section -- Frontend parameters affinity: {} # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) # @section -- Frontend parameters nodeSelector: {} # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) # @section -- Frontend parameters tolerations: [] # -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) # @section -- Frontend parameters resources: # -- The resources limits for the Penpot frontend containers # @section -- Frontend parameters limits: {} # -- The requested resources for the Penpot frontend containers # @section -- Frontend parameters requests: {} # -- Configure Pod Disruption Budget for the frontend pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) # @section -- Frontend parameters pdb: # -- Enable Pod Disruption Budget for the frontend pods. # @section -- Frontend parameters enabled: false # -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%"). # @section -- Frontend parameters minAvailable: # -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%"). # @section -- Frontend parameters maxUnavailable: # -- Specify any additional environment values you want to provide to the frontend container in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) # @section -- Frontend parameters extraEnvs: [] # -- Extra volumes to be made available. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) # @section -- Frontend parameters volumes: [] # -- Extra volumes to be mounted in the countainer. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) # @section -- Frontend parameters volumeMounts: [] exporter: image: # -- Image repository to use for the Exporter container # @section -- Exporter parameters repository: containers/penpot-exporter # -- Image tag to use for the Exporter container # @section -- Exporter parameters tag: 2.11.1-5.41 # -- The image pull policy to use. # @section -- Exporter parameters imagePullPolicy: IfNotPresent # -- Image registry to use for the Exporter container # @section -- Exporter parameters registry: dp.apps.rancher.io # -- The number of replicas to deploy. Enable persistence.exporter if you use more than 1 replicaCount # @section -- Exporter parameters replicaCount: 1 service: # -- The service type to create. # @section -- Exporter parameters type: ClusterIP # -- The service port to use. # @section -- Exporter parameters port: 6061 # -- Mapped annotations for the exporter service # @section -- Exporter parameters annotations: {} # -- An optional map of annotations to be applied to the controller Deployment # @section -- Exporter parameters deploymentAnnotations: {} # -- An optional map of labels to be applied to the controller Pods # @section -- Exporter parameters podLabels: {} # -- An optional map of annotations to be applied to the controller Pods # @section -- Exporter parameters podAnnotations: {} # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) # @section -- Exporter parameters podSecurityContext: fsGroup: 1001 # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) # @section -- Exporter parameters containerSecurityContext: runAsUser: 1001 allowPrivilegeEscalation: false capabilities: drop: - all readOnlyRootFilesystem: false runAsNonRoot: true # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) # @section -- Exporter parameters affinity: {} # -- Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) # @section -- Exporter parameters nodeSelector: {} # -- Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) # @section -- Exporter parameters tolerations: [] # -- Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) # @section -- Exporter parameters resources: # -- The resources limits for the Penpot frontend containers # @section -- Exporter parameters limits: {} # -- The requested resources for the Penpot frontend containers # @section -- Exporter parameters requests: {} # -- Configure Pod Disruption Budget for the exporter pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) # @section -- Exporter parameters pdb: # -- Enable Pod Disruption Budget for the exporter pods. # @section -- Exporter parameters enabled: false # -- (int,string) The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%"). # @section -- Exporter parameters minAvailable: # -- (int,string) The number or percentage of pods from that set that can be unavailable after the eviction (e.g.: 3, "10%"). # @section -- Exporter parameters maxUnavailable: # -- Specify any additional environment values you want to provide to the exporter container in the deployment according to the [specification](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables) # @section -- Exporter parameters extraEnvs: [] # -- Extra volumes to be made available. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) # @section -- Exporter parameters volumes: [] # -- Extra volumes to be mounted in the countainer. Check [the official doc](https://kubernetes.io/docs/concepts/storage/volumes/) # @section -- Exporter parameters volumeMounts: [] persistence: assets: # -- Enable Penpot objects persistence using Persistent Volume Claims. # @section -- Persistence parameters enabled: true # -- Penpot objects persistent Volume storage class. # If defined, storageClassName: . # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. # @section -- Persistence parameters storageClass: "" # -- Penpot objects persistent Volume size. # @section -- Persistence parameters size: 20Gi # -- The name of an existing PVC to use for Penpot objects persistence. # @section -- Persistence parameters existingClaim: "" # -- Penpot objects persistent Volume access modes. # @section -- Persistence parameters accessModes: - ReadWriteOnce # -- Penpot objects persistent Volume Claim annotations. # @section -- Persistence parameters annotations: {} exporter: # -- Enable exporter persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it. # @section -- Persistence parameters enabled: false # -- Exporter persistent Volume storage class. Empty is choosing the default provisioner by the provider. # @section -- Persistence parameters storageClass: "" # -- Exporter persistent Volume size. # @section -- Persistence parameters size: 10Gi # -- The name of an existing PVC to use for persistence. # @section -- Persistence parameters existingClaim: "" # -- Exporter persistent Volume access modes. # @section -- Persistence parameters accessModes: - ReadWriteOnce # -- Exporter persistent Volume Claim annotations. # @section -- Persistence parameters annotations: {} ingress: # -- Enable (frontend) Ingress Controller. # @section -- Ingress parameters enabled: false # -- The Ingress className. # @section -- Ingress parameters className: "" # -- Mapped annotations for the ingress crontroller. # E.g. # annotations: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # @section -- Ingress parameters annotations: {} # -- Root path for every hosts. # @section -- Ingress parameters path: "/" # -- Array style hosts for the (frontend) ingress crontroller. # @section -- Ingress parameters hosts: # -- The default external hostname to access to the penpot app. # @section -- Ingress parameters - "penpot.example.com" # -- Array style TLS secrets for the (frontend) ingress crontroller. # E.g. # tls: # - secretName: penpot.example.com-tls # hosts: # - penpot.example.com # @section -- Ingress parameters tls: [] route: # -- Enable Openshift/OKD Route. Check [the official doc](https://docs.openshift.com/container-platform/4.16/networking/routes/route-configuration.html). When it is enabled, all fsGroup and runAsUser must be changed to null. # @section -- Route parameters enabled: false # -- An optional map of annotations to be applied to the route. # @section -- Route parameters annotations: {} # -- The default external hostname to access to the penpot app. # @section -- Route parameters host: penpot.example.com # -- Define a path to use Path-based routes. # @section -- Route parameters path: null # -- A Map with TLS configuration for the route. # E.g. # tls: # terminationType: edge # terminationPolicy: Redirect # @section -- Route parameters tls: {} # -- Define the wildcard policy (None, Subdomain, ...) # @section -- Route parameters wildcardPolicy: None # PostgreSQL configuration (Check for [more parameters here](https://apps.rancher.io/applications/postgresql)) postgresql: auth: # -- Name for a custom user to create. # @section -- PostgreSQL Dependencie parameters username: "penpot" # -- Password for the custom user to create. # @section -- PostgreSQL Dependencie parameters password: "penpot" # -- Name for a custom database to create. # @section -- PostgreSQL Dependencie parameters database: "penpot" images: postgresql: # -- Image registry to use for the PostgreSQL container # @section -- PostgreSQL Dependencies parameters registry: dp.apps.rancher.io # -- Image repository to use for the PostgreSQL container # @section -- PostgreSQL Dependencies parameters repository: containers/postgresql # -- Image tag to use for the PostgreSQL container # @section -- PostgreSQL Dependencies parameters tag: "18.1-contrib-4.10" # Redis configuration (Check for [more parameters here](https://apps.rancher.io/applications/redis)) redis: auth: # -- Whether to enable password authentication. # @section -- Redis Dependencie parameters enabled: true # -- The Redis password to use. # @section -- Redis Dependencie parameters password: "penpot-redis" # -- RedisĀ® architecture. Allowed values: `standalone` or `replication`. Penpot only needs a standalone RedisĀ® StatefulSet. # @section -- Redis Dependencie parameters architecture: standalone # -- Common configuration to be appended to redis.conf (as a block of configuration lines). # @section -- Redis Dependencie parameters commonConfiguration: | ## Recommended values for most Penpot instances. ## You can modify this value to follow your policies. # Set maximum memory Redis will use. # Accepted units: b, k, kb, m, mb, g, gb maxmemory 128mb # Choose an eviction policy (see Redis docs: # https://redis.io/docs/latest/develop/reference/eviction/) # Common choices: # noeviction, allkeys-lru, volatile-lru, allkeys-random, volatile-random, # volatile-ttl, volatile-lfu, allkeys-lfu # # For Penpot, volatile-lfu is recommended maxmemory-policy volatile-lfu