-
Notifications
You must be signed in to change notification settings - Fork 5
/
values.yaml
365 lines (336 loc) · 9.16 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
# Default values for wordpress-bedrock.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the release name
name:
#iamRoleArn:
podAnnotations: {}
podLabels: {}
podSecurityContext:
fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations:
alb.ingress.kubernetes.io/target-group-attributes: deregistration_delay.timeout_seconds=25,slow_start.duration_seconds=30 # deregistration_delay must be less or equal to preStop delay
alb.ingress.kubernetes.io/healthcheck-path: /nginx-ping
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "5"
alb.ingress.kubernetes.io/healthcheck-interval-seconds: "10"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
efs:
enabled: false
# fsid: fs-12345
# subPath: defaults to release name
awsRegion: eu-central-1
#storageClassName: efs
storageClassName: efs-dynamic
# if set to true data from app docker image (specifically directories listed in php.extraVolumeMounts) will be force copied into particular efs subdirectories
copyFromImage: false
# extra Dirs not needed anymore
extraDirs: []
# add karpenter specific optimizations. Remember disabling the optimization when using this helm chart on a k8s cluster without karpenter!
karpenter:
optimization: true
# valid values for arch are "amd64", "arm64" or "" (empty). An empty value represents multi-arch support.
arch: amd64
cron:
dedicatedNodePool: true
nodePoolPrefix: "cron-"
nginx:
image:
repository: public.ecr.aws/nginx/nginx
tag: 1.26
pullPolicy: IfNotPresent
resources: {}
disallow_robots: false
client_max_body_size: 10M
cors_origins: []
header: {}
rate_limit_login:
enabled: false
zone_memory_size: 10m
requests_per_second: 1
requests_burst: 2
cache_control:
expires: max
js_css_enabled: true
accessLog:
enabled: true
logUpstreamTime: true
fastcgi_buffer_size: 16k
fastcgi_buffers_number: 16
fastcgi_buffers_size: 8k
# this document will be attached to the nginx server block
additional_config:
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 101
extraVolumeMounts: []
livenessProbe:
httpGet:
path: /nginx-status
port: http
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
httpGet:
path: /wp/wp-login.php
port: http
failureThreshold: 3
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 3
php:
image:
repository: ghcr.io/arvatoaws-labs/php
tag: fpm
pullPolicy: IfNotPresent
resources: {}
fpm:
accessLog:
enabled: false
pm:
max_children: 10
start_servers: 2
min_spare_servers: 1
max_spare_servers: 3
process_idle_timeout: 10s
max_requests: 500
php_admin_value:
memory_limit: 64M
upload_max_filesize: 10M
post_max_size: 15M
date.timezone: Europe/Berlin
error_reporting: E_ALL
display_errors: 'Off'
log_errors: 'On'
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 82
readOnlyWebFilesystem: true
extraVolumeMounts: []
# additional environment variables passed directly to containers.
env: {}
# FOO: bar
# settings are used for WP Offload Media plugin
offload:
bucket: null
region: null
domain: null
cloudfront: null
local_domains: null
privateKey:
enabled: false
filePath: /var/local/
fileName: wpoffload_private.pem
# these plugins will be activated using the activate-wp-plugins hook
plugins:
- amazon-s3-and-cloudfront
- amazon-s3-and-cloudfront-pro
- amazon-s3-and-cloudfront-tweaks
wordpress:
# sample setting for office hours would be "Mon-Fri 07:30-18:30 Europe/Berlin"
uptime:
# this sections allows to configure different hooks at different stages of the helm deployment
hooks:
init:
resources:
requests:
cpu: 10m
memory: 64Mi
php:
memory_limit: 128M
date.timezone: Europe/Berlin
type:
pre-install:
- wait-for-mysql-root
- create-mysql-database
- create-mysql-user
- wait-for-mysql-user
- verify-wp-core-checksums
- install-wp-core
- update-wp-core-database
- activate-wp-plugins
post-install:
- report-versions
pre-upgrade:
- wait-for-mysql-user
- verify-wp-core-checksums
- update-wp-admin-user
post-upgrade:
- wait-for-mysql-user
- update-wp-core-database
- activate-wp-plugins
- migrate-amazon-s3
- report-versions
# this section allows to inject external secrets into the wordpress deployment
externalSecrets:
enabled: false
engine: external-secrets # kube-external-secrets
refreshInterval: "0"
region: eu-central-1
backendType: systemManager
# additional environment variables passed directly to containers. Env values represent parameter store keys.
env:
# DB_ROOT_USERNAME: /dev/wordpress-1/DB/username
# DB_ROOT_PASSWORD: /dev/wordpress-1/DB/password
# DB_USERNAME: /dev/exampleblog/DB/username
# DB_PASSWORD: /dev/exampleblog/DB/password
# WORDPRESS_USERNAME: /dev/exampleblog/wordpress/username
# WORDPRESS_PASSWORD: /dev/exampleblog/wordpress/password
monitoring:
enabled: true
serviceMonitor:
# When set true and if Prometheus Operator is installed then use a ServiceMonitor to configure scraping
enabled: true
# Set the namespace the ServiceMonitor should be deployed
# namespace: monitoring
# Set how frequently Prometheus should scrape
# interval: 30s
init:
resources: {}
exporter:
nginx:
image:
repository: ghcr.io/arvatoaws-labs/nginx-exporter
tag: 1.0.0
pullPolicy: IfNotPresent
port: 9113
telemetry_path: /metrics
nginx_plus: false
scrape_uri: "http://127.0.0.1:8080/nginx-status"
ssl_verify: false
timeout: "5s"
nginx_retries: "0"
nginx_retry_interval: "5s"
resources: {}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
phpfpm:
image:
repository: ghcr.io/arvatoaws-labs/hipages/php-fpm_exporter
tag: 2.2.0
pullPolicy: IfNotPresent
port: 9253
metrics: /metrics
scrape_uri: "tcp://127.0.0.1:9000/fpm-status"
fix_process_count: false
log_level: warn
resources: {}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
wordpress:
enabled: false
image:
repository: ghcr.io/arvatoaws-labs/wordpress_exporter
tag: latest
pullPolicy: IfNotPresent
port: 9850
metrics: /metrics
resources: {}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
hpa:
enabled: true
engine: keda # prometheus-adapter
prometheus:
serverAddress: http://prometheus-operated.monitoring.svc.cluster.local:9090
maxReplicas: 10
targets:
cpu: 95
memory: 90
php: 7
nginx: 1000
# karpenter.optimization will force overwrite nodeSelector and tolerations
nodeSelector: {}
tolerations: []
affinity: {}
# this section allows to configure cron jobs
cron:
timeZone: Europe/Berlin
# this resources and php defaults will be applied if not get overwritten in the specific job
resources:
limits:
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
# karpenter.optimization will force overwrite nodeSelector and tolerations
nodeSelector: {}
tolerations: []
php:
memory_limit: 128M
date.timezone: Europe/Berlin
jobs:
wp-cron:
enabled: true
# either schedule or scheduleEveryHrs or scheduleEveryMin must be set.
# schedule has precedence over scheduleEveryHrs and scheduleEveryMin.
# schedule uses Cron syntax format.
#schedule: "*/5 * * * *"
# schedule every x hour using random offset.
# scheduleEveryHrs has precedence over scheduleEveryMin.
# valid values are 1, 2, 3, 4, 6, 8, 12.
#scheduleEveryHrs: 5
# schedule every x min using random offset.
# valid values are 1, 2, 3, 5, 6, 10, 15, 20, 30.
scheduleEveryMin: 5
# cron 'day of week' syntax format (default *)
# can only be used in conjunction with scheduleEveryHrs or scheduleEveryMin
#scheduleOnDay: 1-5
command: /scripts/run-cron.sh
concurrencyPolicy: Replace
restartPolicy: OnFailure
startingDeadlineSeconds: 1800
ttlSecondsAfterFinished: 600