-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalues.yaml
More file actions
78 lines (71 loc) · 2.63 KB
/
values.yaml
File metadata and controls
78 lines (71 loc) · 2.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# Default values for static-webhost.
# This is a YAML-formatted file.
nameOverride: ""
fullnameOverride: ""
# Persistent storage shared (RWX) between the code-server editor and the caddy webserver.
storage:
# Size of the shared volume.
size: 10Gi
# accessModes left fixed at ReadWriteMany; storageClassName intentionally unset
# so the cluster default RWX provisioner is used.
# Hostnames exposed via the IngressRoute. All domains route to Caddy unauthenticated;
# the first domain additionally exposes /admin → code-server behind OIDC.
domains:
- example.gewis.nl
# OIDC auth via traefik-oidc-auth plugin. "CBC - Application Hosting Team (ADM)"
# always has access (hardcoded in templates/middleware.yaml); any groups listed
# here are additionally allowed in.
oidc:
groups: []
provider:
url: https://auth.gewis.nl/realms/GEWISWG
clientId: traefik-auth
validAudience: traefik-auth
scopes:
- openid
- profile
- email
# The actual secret values are reflected in from shared-secrets/oidc-auth
# by emberstack reflector; this chart only mirrors the empty Secret shell.
secretReflectsFrom: shared-secrets/oidc-auth
# Default landing page seeded into an empty volume on first deploy.
# The seed init container writes index.html and a .initialized sentinel; once
# the sentinel exists it's a no-op, so user edits via code-server survive
# subsequent rollouts.
defaultPage:
logoUrl: https://github.com/GEWIS.png
# code-server (VS Code in the browser) — edits the shared volume.
codeServer:
image:
repository: codercom/code-server
tag: latest
pullPolicy: IfNotPresent
resources: {}
# Extensions pre-installed by an init container into a per-pod emptyDir.
# The marketplace UI is disabled at runtime (EXTENSIONS_GALLERY={}), so the
# user can only run what we ship here.
extensions:
- bmewburn.vscode-intelephense-client
- dbaeumer.vscode-eslint
- esbenp.prettier-vscode
# VS Code user settings rendered into settings.json. Defaults enforce dark
# theme, no AI/telemetry, and silence extension recommendations/auto-update.
# Override or add keys here.
settings:
workbench.colorTheme: Default Dark Modern
telemetry.telemetryLevel: "off"
chat.commandCenter.enabled: false
chat.agent.enabled: false
chat.editing.enabled: false
inlineChat.enabled: false
workbench.welcomePage.walkthroughs.openOnInstall: false
extensions.autoUpdate: false
extensions.autoCheckUpdates: false
extensions.ignoreRecommendations: true
# Caddy — serves the shared volume as static files.
caddy:
image:
repository: caddy
tag: 2-alpine
pullPolicy: IfNotPresent
resources: {}