global: image: # -- if set it will overwrite all registry entries registry: # -- if set it will overwrite all pullPolicy pullPolicy: # -- This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # -- This is to override the chart name. nameOverride: "" fullnameOverride: "" # -- replicas replicaCount: 1 image: # -- image registry (could be overwritten by global.image.registry) registry: "ghcr.io" # -- image repository repository: paperless-ngx/paperless-ngx # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) pullPolicy: IfNotPresent # -- image tag - Overrides the image tag whose default is the chart appVersion. tag: "" serviceAccount: # -- Specifies whether a service account should be created create: true # -- Automatically mount a ServiceAccount's API credentials? automount: true # -- Annotations to add to the service account annotations: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- This is for setting Kubernetes Annotations to a Pod. # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} # -- This is for setting Kubernetes Labels to a Pod. # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ podLabels: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 config: # -- default first ingress host url: apps: redis: url: "" prefix: "" database: engine: "postgresql" host: "" port: 5432 name: "paperless" user: "paperless" pass: "paperless" sslmode: "prefer" oidcProviders: env: # -- correct ip-address by X-Forwarded-For (example value for env) PAPERLESS_USE_X_FORWARD_HOST: true # -- start service for monitor background jobs e.g. for prometheus (example value for env) PAPERLESS_ENABLE_FLOWER: true # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ service: # -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: ClusterIP # -- This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports port: 80 # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http networkPolicy: # -- deploy networkpolicy # @section -- NetworkPolicy enabled: false ingress: # -- allow to http ports # should be your ingress-controller # @section -- NetworkPolicy http: [] # -- ingress for metrics port (e.g. prometheus) # @section -- NetworkPolicy metrics: [] egress: # -- activate egress no networkpolicy # @section -- NetworkPolicy enabled: true # -- rule to access DNS # @section -- NetworkPolicy dns: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system podSelector: matchLabels: k8s-app: kube-dns # -- rule to access Database (e.g. postgresql, redis) # @section -- NetworkPolicy database: [] # -- allow additinal egress (e.g. smtp, imap) # @section -- NetworkPolicy extra: [] persistence: enabled: true annotations: {} # -- Persistent Volume Storage Class # If defined, storageClassName: # If set to "-", storageClassName: "", which disables dynamic provisioning # If undefined (the default) or set to null, no storageClassName spec is # set, choosing the default provisioner. (gp2 on AWS, standard on # GKE, AWS & OpenStack) # storageClass: # -- A manually managed Persistent Volume and Claim # Requires persistence.enabled: true # If defined, PVC must be created manually before volume will be bound existingClaim: # -- Do not create an PVC, direct use hostPath in Pod hostPath: accessMode: ReadWriteOnce size: 5Gi # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 # Additional volumes on the output Deployment definition. volumes: [] # - name: foo # secret: # secretName: mysecret # optional: false # Additional volumeMounts on the output Deployment definition. volumeMounts: [] # - name: foo # mountPath: "/etc/foo" # readOnly: true nodeSelector: {} tolerations: [] affinity: {} prometheus: servicemonitor: # -- broken, Host need to be localhost on request (instatt of ip) # needs: https://github.com/prometheus-operator/prometheus-operator/pull/7003 enabled: false labels: {} # -- interval interval: # -- scrape timeout scrapeTimeout: rules: enabled: false labels: {} # current no default alertrules are provided additionalRules: [] grafana: dashboards: enabled: false labels: grafana_dashboard: "1" annotations: {} postgresql: enabled: true auth: database: pretix username: pretix password: pretix postgresPassword: supersecureadminpassword redis: enabled: true architecture: standalone auth: enabled: true password: 'changeme' # -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time existingSecret: "" # -- Password key to be retrieved from existing secret existingSecretPasswordKey: "" global: storageClass: "" master: persistence: enabled: true replica: persistence: enabled: true