GuidesDiscussionsChangelogAPI ReferenceReport IssueSlack

Self-Managed Helm Values

Suggest Edits

For the self-hosted version of Shipa, the following shows an example of the vaules.yaml file to be used with the Helm chart. This version is from 1.7.0. You can override these values with the Helm CLI, etc. 

#Use Set as One Approach
helm upgrade --install shipa shipa-charts/shipa \
--set=shipaApi.debug=true

Sample Helm Values e.g values.yaml:

# Default values for shipa.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

auth:
  dummyDomain: "@shipa.io"

images:
  # The base directory for Shipa Corp images. For Shipa Corp images this value has repositoryBasename and tag appended to it to determine the location to pull images from
  # This does not affect non-Shipa Corp images, such as k8s.gcr.io/ingress-nginx/controller, docker.io/postgres, k8s.gcr.io/mongodb-install, docker.io/mongo, docker.io/busybox, and docker.io/traefik
  shipaRepositoryDirname: docker.io/shipasoftware

shipaApi:
  port: "8080"
  securePort: "8081"
  servicePorts:
    - "80"
  serviceSecurePorts:
    - "443"
  repositoryBasename: api
  tag: 8799edd8b9d78fcc6aa64437b367b8d9ec301a4a
  pullPolicy: Always
  debug: false
  cnames: []
  allowRestartIngressControllers: true
  allowMigrationDowntime: true
  appAutoDiscoveryEnabled: true
  isCAEndpointDisabled: false
  secureIngressOnly: false
  useInternalHost: true

  # if set this secret will be used for api ingress controller resources instead of default one
  # customSecretName: shipa-api-secret

  # if set these annotations will be appended for API ingress resources
  # customIngressAnnotations:
  #   aaa: "bbb"
  #   ccc: "ddd"

shipaCluster:
  # use debug logs in traefik ingress controller
  debug: false

  ingress:
    # ingress controller type
    # supported: (nginx, istio, traefik)
    type: nginx

    # NGINX ingress controller image
    # If the ingress controller type is nginx and no ingress controller ip address is provided, an ingress controller will be deployed using this image
    image: k8s.gcr.io/ingress-nginx/controller:v1.1.0

    # ingress controller serviceType
    # when using shipa managed nginx, we reconcile looking for the right Host of LoadBalancer or ClusterIP based on what is provided here
    # when using non user managed ingress controller we use this just to store it in DB
    serviceType: LoadBalancer

    # ingress controller ip address
    # if provided we assume user provided ingress controller should be used and create api resources for it
    # ip: 10.100.10.11

    # ingress controller class name.
    # If undefined, in most places we set default: nginx, traefik, istio. If we detect that it's shipa managed nginx, we default to shipa-nginx-ingress
    # className: shipa-nginx-ingress

    # if enabled we will create ingress controller resources to allow api to be accessible on root ip of ingress controller
    # NOTE: all ingresses require Host targeting instead of Path targeting for TLS
    # also if you use nginxinc/kubernetes-ingress, using Ingress without host is not allowed until this is resolved: https://github.com/nginxinc/kubernetes-ingress/issues/209
    apiAccessOnIngressIp: true

    # shipa managed nginx only configs:

    # ingress controller ClusterIp address
    # if provided it will be used for shipa managed nginx ingress controller
    # clusterIp: 10.100.10.11

    # ingress controller LoadBalancerIp address
    # if provided it will be used for shipa managed nginx ingress controller
    # loadBalancerIp: 10.100.10.11

    # if provided it will be used as node port for shipa managed nginx ingress controller
    # nodePort: 31000

    # if set these annotations will be appended for the Nginx ingress controller service resource
    # customNginxServiceAnnotations:
    #   aaa: "bbb"
    #   ccc: "ddd"
    # shipaCluster.ingress.customNginxServiceAnnotations example for configuring internet facing NLB in AWS:
    # customNginxServiceAnnotations:
    #   service.beta.kubernetes.io/aws-load-balancer-type: nlb
    #   service.beta.kubernetes.io/aws-load-balancer-eip-allocations: eipalloc-abcd1234

  clusterDomain: cluster.local

# populate with docker hub username to use authenticated user. Secrets should be added to cluster outside shipa helm chart
# imagePullSecrets: ""

dashboard:
  enabled: true
  repositoryBasename: dashboard
  tag: 70a41331dc778967d36ad2831f0bf63a836216c4

postgres:
  source:
    ## Leave blank to default to {{ template "shipa.fullname" . }}-postgres.{{ .Release.Namespace }} e.g. shipa-postgres.shipa-system
    host:
    port: 5432
    user: postgres
    ## Leave blank to generate a random value
    password:
    ## options for postgres.source.sslmode are "require", "verify-full", "verify-ca", or "disable
    sslmode: disable
  ## set postgres.create to false to avoid creating a postgres instance
  create: true
  ## If create is set to true, this is the image that will be used
  image: docker.io/postgres:13
  persistence:
    ## Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.
    ##
    ## storageClass: ""
    accessMode: "ReadWriteOnce"
    size: 10Gi

cli:
  repositoryBasename: cli
  tag: 4a023b65e6023d8949bdae76a8c22706c66bfe50
  pullPolicy: Always

metrics:
  repositoryBasename: metrics
  tag: v0.0.7
  pullPolicy: Always

  # Extra configuration to add to prometheus.yaml
  # extraPrometheusConfiguration: |
  #   remote_read:
  #      - url: http://localhost:9268/read
  #   remote_write:
  #      - url: http://localhost:9268/write
  extraPrometheusConfiguration:
  #password: hardcoded
  prometheusArgs: "--storage.tsdb.retention.time=1d"

busybody:
  repositoryBasename: bb
  tag: 75652d77c567e3693c8fe9196225cf7afeed414d

shipaController:
  repositoryBasename: shipa-controller
  tag: a7f265cd9787dd5b37cc094fe8ba16cd022af120

prometheusMetricsExporter:
  repositoryBasename: prometheus-metrics-exporter
  tag: b123eb79bdbe56f83812b5ad3cfb8bbb568b2e3d

clair:
  repositoryBasename: clair
  tag: v2.1.7

shipaNodeTraefik:
  # image: docker.io/traefik:v1.7.24
  user: admin

# --------------------------------------------------------------------------

nameOverride: ""
fullnameOverride: ""

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:

rbac:
  enabled: true

# Connect your own instance of mongodb
externalMongodb:
  # url must follow Standard Connection String Format as described here: https://docs.mongodb.com/manual/reference/connection-string/#standard-connection-string-format
  # For a sharded cluster it should be a comma separated list of hosts:
  # e.g. "mongos0.example.com:27017,mongos1.example.com:27017,mongos2.example.com:27017"
  # Due to some limitations of the dependencies, we currently do not support url with 'DNS Seed List Connection Format'.
  url: < database url >
  auth:
    username: < username >
    password: < password >
  # Enable/Disable TLS when connecting to external DB instance.
  tls:
    enable: true

# tags are standard way to handle chart dependencies.
tags:
  # Set defaultDB (and legacyMongoReplicaset) to 'false' when using external DB to not install default DB.
  # It will also prevent creating Persistent Volumes.
  # This cannot be used with tags.legacyMongoReplicaset
  defaultDB: true
  # Set legacyMongoReplicaset to 'true' in order to use the deprecated https://charts.helm.sh/stable/mongodb-replicaset chart as an internal MongoDB.
  # This cannot be used with tags.defaultDB
  legacyMongoReplicaset: false

certManager:
  installUrl: https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml

# Default DB config, enabled by setting tag.defaultDB to true. This is not intended for production use
# Full list of configuration values can be found at https://github.com/bitnami/charts/blob/d997058e6f9c99826242c0ae6d19ccc1cdc2106a/bitnami/mongodb/values.yaml
mongodb:
  global:
    imageRegistry: ""
    imagePullSecrets: []
  image:
    registry: docker.io
    repository: bitnami/mongodb
    tag: 5.0.6-debian-10-r29
    pullPolicy: IfNotPresent
    pullSecrets: []
  persistence:
    existingClaim: ""
    size: "10Gi"
  architecture: "standalone"
  useStatefulSet: true
  replicaSetName: rs0
  service:
    port: 27017
  nodeSelector:
    kubernetes.io/os: linux
  arbiter:
    podSecurityContext:
      enabled: true
      fsGroup: 999
    containerSecurityContext:
      enabled: true
      runAsUser: 999
    nodeSelector:
      kubernetes.io/os: linux
  auth:
    enabled: false
  tls:
    enabled: false
    image:
      registry: docker.io
      repository: bitnami/nginx
      tag: 1.21.6-debian-10-r30
      pullPolicy: IfNotPresent
      pullSecrets: []
  externalAccess:
    enabled: false
    autoDiscovery:
      enabled: false
      image:
        registry: docker.io
        repository: bitnami/kubectl
        tag: 1.23.4-debian-10-r7
        pullPolicy: IfNotPresent
        pullSecrets: []
  volumePermissions:
    enabled: false
    image:
      registry: docker.io
      repository: bitnami/bitnami-shell
      tag: 10-debian-10-r350
      pullPolicy: IfNotPresent
      pullSecrets: []
  metrics:
    enabled: false
    image:
      registry: docker.io
      repository: bitnami/mongodb-exporter
      tag: 0.30.0-debian-10-r83
      pullPolicy: IfNotPresent
      pullSecrets: []
  extraFlags: "--dbpath=/bitnami/mongodb"
  containerSecurityContext:
    enabled: true
    runAsUser: 999
    runAsNonRoot: true
  podSecurityContext:
    enabled: true
    fsGroup: 999

# Deprecated DB config (default DB for 1.6.2 and prior), enabled by setting tag.legacyMongoReplicaset to true. This is not intended for production use
mongodb-replicaset:
  replicaSetName: rs0
  replicas: 1
  port: 27017
  nodeSelector:
    kubernetes.io/os: linux
  auth:
    enabled: false
  installImage:
    repository: k8s.gcr.io/mongodb-install
    tag: 0.6
    pullPolicy: IfNotPresent
  image:
    repository: docker.io/mongo
    tag: 5.0
    pullPolicy: IfNotPresent
  copyConfigImage:
    repository: docker.io/busybox
    tag: 1.29.3
    pullPolicy: IfNotPresent
  persistentVolume:
    ## Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.
    ##
    ## storageClass: ""
    enabled: true
    size: 10Gi
  tls:
    enabled: false
  configmap:

shipaCloud:
  enabled: false
  shipaPayApi:
    host: ""
    token: ""
  googleRecaptcha:
    sitekey: ""
    secret: ""
  smartlook:
    projectKey: ""
  launchDarkly:
    sdkKey: ""

ketch:
  enabled: true
  repositoryBasename: ketch
  tag: 9af562941f859ce3b8dc5c17901bd9cbe61635d7
  metricsAddress: 127.0.0.1:8080

agent:
  repositoryBasename: shipa-cluster-agent
  tag: aee9eb9e8c513fb0bb32a731b641f8239e4a2a7d

Updated 2 months ago

Did this page help you?