43 lines
1.4 KiB
YAML
43 lines
1.4 KiB
YAML
# Default values for databunkerpro
|
|
image:
|
|
tag: 0.14.15
|
|
|
|
ingress:
|
|
enabled: false # Set to true to enable ingress
|
|
className: traefik
|
|
# Set host to enable ingress
|
|
host: databunker.example.com
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod" # or your cluster issuer
|
|
traefik.ingress.kubernetes.io/ssl-redirect: "true"
|
|
traefik.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
traefik.ingress.kubernetes.io/ssl-passthrough: "false"
|
|
# Security headers
|
|
traefik.ingress.kubernetes.io/configuration-snippet: |
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Frame-Options DENY always;
|
|
add_header X-Content-Type-Options nosniff always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
# TLS configuration
|
|
tls:
|
|
enabled: true # Set to true to enable TLS
|
|
secretName: "databunker-tls" # Name of the secret containing TLS certificate
|
|
|
|
# Pin PostgreSQL password — chart uses randAlphaNum without lookup,
|
|
# so each ArgoCD sync would regenerate the password while PVC keeps the old one.
|
|
# Same issue as Backstage PostgreSQL (see MEMORY.md).
|
|
internal:
|
|
postgresql:
|
|
auth:
|
|
password: "databunker-pg-pass-2026"
|
|
|
|
resources:
|
|
# Uncomment and adjust these values based on your requirements
|
|
# requests:
|
|
# memory: "512Mi"
|
|
# cpu: "250m"
|
|
# limits:
|
|
# memory: "1Gi"
|
|
# cpu: "500m"
|