-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalues.yaml
More file actions
121 lines (107 loc) · 3.15 KB
/
values.yaml
File metadata and controls
121 lines (107 loc) · 3.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# Default values for nebari-nebi-pack
# This is a YAML-formatted file.
# =============================================================================
# Nebari Integration
# =============================================================================
# Creates a NebariApp CRD that configures routing and auth via nebari-operator.
# Set to false when deploying outside of Nebari.
nebariapp:
enabled: true
# hostname: nebi.example.com # Required when enabled
service:
name: "" # Defaults to {{ fullname }}
port: 80
routing:
routes:
- pathPrefix: /
auth:
enabled: true
provider: keycloak
provisionClient: true
redirectURI: / # Nebi SPA handles the redirect internally
scopes:
- openid
- profile
- email
- groups
# =============================================================================
# Nebi Application
# =============================================================================
image:
repository: quay.io/nebari/nebi
tag: sha-d0766e3
pullPolicy: IfNotPresent
replicaCount: 1
# Deployment strategy – Recreate avoids Multi-Attach errors on RWO volumes
strategy:
type: Recreate
# Auth configuration (env vars on the Deployment)
auth:
# Keycloak/OIDC groups that grant Nebi admin role
proxyAdminGroups: "admin,nebi-admin"
# Direct OIDC authentication (Nebi authenticates with Keycloak directly)
oidc:
enabled: false
issuerURL: ""
clientID: ""
clientSecretName: ""
# Server configuration
server:
port: 8460
mode: production
# Logging
log:
format: json
level: info
# Queue configuration (single pod = in-memory)
queue:
type: memory
# Storage for workspace environments
persistence:
enabled: true
size: 20Gi
accessMode: ReadWriteOnce
storageClassName: "" # Leave empty to use cluster default
mountPath: /app/data/environments
# =============================================================================
# Embedded PostgreSQL
# =============================================================================
postgres:
enabled: true
image:
repository: postgres
tag: "16"
pullPolicy: IfNotPresent
storage:
size: 10Gi
storageClassName: "" # Leave empty to use cluster default
resources: {}
# =============================================================================
# Service
# =============================================================================
service:
type: ClusterIP
port: 80
targetPort: 8460
# =============================================================================
# Resources
# =============================================================================
resources: {}
# limits:
# cpu: 1000m
# memory: 1Gi
# requests:
# cpu: 250m
# memory: 256Mi
# =============================================================================
# Service Account
# =============================================================================
serviceAccount:
create: true
name: ""
annotations: {}
# =============================================================================
# Overrides
# =============================================================================
nameOverride: ""
fullnameOverride: ""