| oci://registry.opencode.de/bmi/opendesk/components/external/charts/bitnami-charts | common | 2.14.1 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| additionalAnnotations | object | `{}` | Additional custom annotations to add to all deployed objects. |
| additionalLabels | object | `{}` | Additional custom labels to add to all deployed objects. |
| affinity | object | `{}` | Affinity for pod assignment. Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set. |
| image.imagePullPolicy | string | `"IfNotPresent"` | Define an ImagePullPolicy. Ref.: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy "IfNotPresent" => The image is pulled only if it is not already present locally. "Always" => Every time the kubelet launches a container, the kubelet queries the container image registry to resolve the name to an image digest. If the kubelet has a container image with that exact digest cached locally, the kubelet uses its cached image; otherwise, the kubelet pulls the image with the resolved digest, and uses that image to launch the container. "Never" => The kubelet does not try fetching the image. If the image is somehow already present locally, the kubelet attempts to start the container; otherwise, startup fails. |
| image.registry | string | `""` | Container registry address. This setting has higher precedence than global.registry. |
| ingress.pathType | string | `"Prefix"` | Each path in an Ingress is required to have a corresponding path type. Paths that do not include an explicit pathType will fail validation. There are three supported path types: "ImplementationSpecific" => With this path type, matching is up to the IngressClass. Implementations can treat this as a separate pathType or treat it identically to Prefix or Exact path types. "Exact" => Matches the URL path exactly and with case sensitivity. "Prefix" => Matches based on a URL path prefix split by /. Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types |
| ingress.tls | object | `{"enabled":true,"secretName":""}` | Secure an Ingress by specifying a Secret that contains a TLS private key and certificate. Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls |
| ingress.tls.secretName | string | `""` | The name of the kubernetes secret which contains a TLS private key and certificate. Hint: This secret is not created by this chart and must be provided. |
| lifecycleHooks | object | `{}` | Lifecycle to automate configuration before or after startup. |
| migrations.currentOdRelease | string | `"v0.0.0"` | The openDesk Release the Migrations are deployed with. |
| migrations.failOnUnexpectedState | bool | `true` | If the upfront checks of the migration script fail do not just issue a warning but stop the script processing with an exit code >0. |
| migrations.loglevel | string | `"DEBUG"` | The loglevel the migration should run with. Ref.: https://docs.python.org/3/library/logging.html#logging-levels |
| migrations.namespace | string | `"default"` | The stage the migrations are executed, supported values: PRE, POST |
| migrations.runId | int | `1` | The ID of the migration script that should be executed. |
| migrations.stage | string | `"PRE"` | The stage the migrations are executed, supported values: PRE, POST |
| migrations.urls.keycloakBase | string | `"https://id.domain.example"` | Keycloak Base URL. Please use internal URLs when possible. |
| podSecurityContext.fsGroup | int | `1000` | If specified, all processes of the container are also part of the supplementary group. |
| podSecurityContext.fsGroupChangePolicy | string | `"Always"` | Change ownership and permission of the volume before being exposed inside a Pod. |
| rbac.create | bool | `true` | Enable RBAC Role and RoleBinding creation. |
| resources.limits.memory | string | `"256Mi"` | The max number of RAM to consume. |
| resources.requests.cpu | string | `"100m"` | The number of CPUs which has to be available on the scheduled node. |
| resources.requests.memory | string | `"128Mi"` | The number of RAM which has to be available on the scheduled node. |
| serviceAccount.annotations | object | `{}` | Additional custom annotations for the ServiceAccount. |
| serviceAccount.automountServiceAccountToken | bool | `true` | Allows auto mount of ServiceAccountToken on the serviceAccount created. Can be set to false if pods using this serviceAccount do not need to use K8s API. |
| serviceAccount.create | bool | `true` | Enable creation of ServiceAccount for pod. |
| serviceAccount.labels | object | `{}` | Additional custom labels for the ServiceAccount. |
| terminationGracePeriodSeconds | string | `""` | In seconds, time the given to the pod needs to terminate gracefully. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods |
| tolerations | list | `[]` | Tolerations for pod assignment. Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
| topologySpreadConstraints | list | `[]` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: - maxSkew: 1 topologyKey: failure-domain.beta.kubernetes.io/zone whenUnsatisfiable: DoNotSchedule |
## Uninstalling the Chart
To install the release with name `my-release`:
```bash
helm uninstall my-release
```
## Signing
### Chart
Helm charts are signed with helm native signing method. You can verify the charts against this GPG key:
```
```
### Images
Container images are signed via [cosign](https://github.com/sigstore/cosign) and can be verified with:
