Configuration Guide
Parameter Files
This Helm Chart uses a special method for handling parameters. It employs dictionary merging for both .Values.global (parent chart) and .Values (child chart) parameters. This means that all parameters are declared under .Values.global (including both global parameters and child chart parameters).
Note: Despite this approach, some child chart parameters are still configured using the conventional mapping method. However, these parameters are not within the scope of user customization.
Detailed Instructions
Note: All adjustable parameters are located under the global section. The following does not list all configurable parameters, but highlights the key configuration options for this application. Some default resource configurations are omitted.
General Information
| Chart Scope | Parameter Name | Type | Default | Purpose |
|---|---|---|---|---|
| global | imagePullSecret | list | Null | Specifies the docker-registry credentials for private image repositories. |
| pdb.create | dict | true | Specifies whether to create a Pod Disruption Budget to maintain application availability. | |
| pdb.minAvailable | dict | 1 | Specifies the minimum number of available pods of the same type. | |
| pdb.maxUnavailable | dict | 0 | Specifies the maximum number of unavailable pods of the same type. | |
| global.ingress | enable | dict | true | Specifies whether to enable ingress. |
| className | dict | nginx | Uses the ingress-nginx as the default due to specific requirements. | |
| hosts | dict | example.com | The parent domain name to access the application, typically a subdomain. After deployment, you can check the specific access domain via the installation output or ingress resources. | |
| service.type | dict | NodePort | Select between NodePort or LoadBalancer. This is a reference anchor and should not be changed. | |
| service.nodePorts.http | dict | 30080 | Port 80 for exposing through ingress-nginx. This parameter is ignored for LoadBalancer, default is 80. | |
| service.nodePorts.https | dict | 30443 | Port 443 for exposing through ingress-nginx. This parameter is ignored for LoadBalancer, default is 443. | |
| service.nodePorts.tcp.[number] | dict | 2222 | Port 22 for exposing through ingress-nginx. If using LoadBalancer, modify the key as 22:32222. | |
| tls.enabled | dict | false | Controls whether ingress TLS encrypted access is enabled. | |
| tls.verify | dict | false | Controls whether to verify the SSL certificate of upstream servers when proxying through ingress. | |
| tls.autoGenerated | dict | false | Specifies whether to automatically generate certificates (self-signed). This parameter is not yet effective and will be added in the next version. | |
| tls.caSecretName | dict | Null | The name of the Secret created using a custom CA certificate. | |
| tls.secretName | dict | Null | The name of the Secret created using a certificate signed by a custom CA. | |
| annotations | dict | Null | Other annotations. | |
| global.server | replicas | dict | 1 | Sets the number of server pod replicas, the default is 1. |
| image.repository | dict | opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/csghub_server | The csghub_server image URL. | |
| image.tag | dict | vN.N.N | The image version. | |
| image.pullPolicy | dict | IfNotPresent | The image pull policy. | |
| image.pullSecret | list | Null | The Secret used for pulling images from a private repository. This has higher priority than global.imagePullSecret. | |
| service.type | dict | ClusterIP | Service type. | |
| service.port | dict | 8080 | The port for exposing the service. | |
| postgresql.host | dict | Null | Specifies the address of an external database. Effective only when global.postgresql.enabled=false. | |
| postgresql.port | dict | Null | Specifies the port of an external database. Effective only when global.postgresql.enabled=false. | |
| postgresql.user | dict | Null | Specifies the username for an external database. Effective only when global.postgresql.enabled=false. | |
| postgresql.password | dict | Null | Specifies the password for an external database. Effective only when global.postgresql.enabled=false. | |
| postgresql.database | dict | Null | Specifies the name of the external database. Effective only when global.postgresql.enabled=false. | |
| postgresql.timezone | dict | Null | Specifies the timezone for the external database (optional). Effective only when global.postgresql.enabled=false. | |
| objectStorage.endpoint | dict | Null | Specifies the endpoint of external object storage. Effective only when global.minio.enabled=false. | |
| objectStorage.accessKey | dict | Null | Specifies the accessKey for external object storage. Effective only when global.minio.enabled=false. | |
| objectStorage.accessSecret | dict | Null | Specifies the accessSecret for external object storage. Effective only when global.minio.enabled=false. | |
| objectStorage.bucket | dict | Null | Specifies the bucket for external object storage. Effective only when global.minio.enabled=false. | |
| objectStorage.region | dict | Null | Specifies the region for external object storage. Effective only when global.minio.enabled=false. | |
| timezone | dict | Asia/Shanghai | The default timezone for the service. | |
| global.portal | replicas | dict | 1 | Same as above. |
| image{} | dict | / | Same as above. | |
| postgresql{} | dict | / | Same as above. | |
| objectStorage{} | dict | / | Same as above. | |
| global.runner | replicas | dict | 1 | Same as above. |
| image{} | dict | / | Same as above. | |
| namespace | dict | space | The Kubernetes namespace for the space application. | |
| service{} | dict | / | Same as above. | |
| kubeConfig.secretName | dict | kube-configs | The Secret containing one or more target cluster .kube/config* files. | |
| global.proxy | replicas | dict | 1 | Same as above. |
| image{} | dict | / | Same as above. | |
| service{} | dict | / | Same as above. | |
| global.builder | replicas | dict | 1 | Same as above. |
| image{} | dict | / | Same as above. | |
| service{} | dict | / | Same as above. | |
| internal[n].domain | dict | app.internal | Specifies the internal domain name used by Knative Serving in the target cluster. | |
| internal[n].service.host | dict | Null | Specifies the external access address for the Kourier network component used by Knative Serving in the target cluster. | |
| internal[n].service.port | dict | Null | Specifies the external access port for the Kourier network component used by Knative Serving in the target cluster. | |
| redis.host | dict | Null | Specifies the host for external Redis. | |
| redis.port | dict | Null | Specifies the port for external Redis. | |
| redis.password | dict | Null | Specifies the password for external Redis. | |
| registry.repository | dict | Null | Specifies the address of the external registry repository, e.g., docker.io | |
| registry.namesace | dict | Null | Specifies the namespace of the external registry repository, e.g., csghub. Combined with the above parameter, it becomes docker.io/csghub. | |
| registry.username | dict | Null | Specifies the username for the external registry repository. | |
| registry.password | dict | Null | Specifies the password for the external registry repository. | |
| securityContext.runAsUser | dict | 0 | Runs the pod with root admin privileges. Please keep the default. | |
| securityContext.runAsGroup | dict | 0 | Runs the pod with root admin privileges. Please keep the default. | |
| securityContext.fsGroup | dict | 0 | Runs the pod with root admin privileges. Please keep the default. | |
| podSecurityContext.privileged | dict | true | Runs the pod with root admin privileges. Please keep the default. | |
| podSecurityContext.allowPrivilegeEscalation | dict | true | Runs the pod with root admin privileges. Please keep the default. | |
| podSecurityContext.readOnlyRootFilesystem | dict | false | Disable the read-only file system. Please keep the default. | |
| persistence.storageClass | dict | Null | Only StatefulSet resources are configured to request PVC currently. If your cluster does not have a default storageClass, please specify the storageClass type to be used with this parameter. | |
| persistence.accessMode | dict | ReadWriteOnce | Access mode for persistent storage. | |
| global.gitea | image{} | dict | / | Same as above. |
| service{} | dict | / | Same as above. | |
| authentication.username | dict | gitea | Specify the default administrator user for gitea. | |
| authentication.password | dict | Null | Randomly generate the password for the administrator user. | |
| authentication.email | dict | gitea@example.com | Specify the email address for the administrator user. (Currently has no actual significance.) | |
| postgresql{} | dict | Null | Specify the external PostgreSQL for storing Gitea metadata. The default is to use the built-in PostgreSQL. | |
| objectStorage{} | dict | Null | Specify the object storage for Gitea to store LFS files. The default is to use the built-in Minio. | |
| smtp.enabled | dict | false | Configure whether to enable smtp for gitea. | |
| smtp.from | dict | Null | Specify the smtp sender identifier. | |
| smtp.host | dict | Null | Specify the smtp sending server. | |
| smtp.port | dict | Null | Specify the smtp sending server port. | |
| smtp.user | dict | Null | Specify the smtp sender username. | |
| smtp.password | dict | Null | Specify the smtp sender user password. | |
| persistence{} | dict | Null | Same as above. | |
| global.postgresql | enabled | dict | true | Whether to enable the built-in postgresql. |
| image{} | dict | Null | Same as above. | |
| service{} | dict | Null | Same as above. | |
| database | list | csghub_portal csghub_server gitea casdoor | The databases that are created by default. | |
| persistence{} | dict | Null | Same as above. | |
| global.redis | enabled | dict | true | Whether to enable the built-in redis. |
| image{} | dict | Null | Same as above. | |
| service{} | dict | Null | Same as above. | |
| persistence{} | dict | Null | Same as above. | |
| global.minio | enabled | dict | true | Whether to enable the built-in redis. |
| image{} | dict | Null | Same as above. | |
| service.type | dict | ClusterIP | Specify the service type. | |
| service.ports.api | dict | 9000 | Minio API access port | |
| service.ports.console | dict | 9001 | Minio web console access port | |
| buckets | list | csghub-portal csghub-server csghub-git | Default created buckets. | |
| region | dict | cn-north-1 | The default region identified by Minio. | |
| authentication.username | dict | minio | Minio default administrator password. | |
| authentication。password | dict | Null | Minio default administrator password, randomly generated by default. | |
| persistence{} | dict | Null | 作Same as above. | |
| global.registry | enabled | dict | true | hether to enable the built-in registry. |
| image{} | dict | Null | Same as above. | |
| service{} | dict | Null | Same as above. | |
| namespace | dict | space | Specify the namespace used by the default registry. | |
| authentication.username | dict | registry | Default administrator for the registry. | |
| authentication.password | dict | Null | Registry default administrator password, randomly generated by default. | |
| persistence{} | dict | Null | Same as above. | |
| global.coredns | replicas | dict | 1 | Default number of coredns replicas. |
| image{} | dict | Null | Same as above. | |
| global.nats | image{} | dict | Null | Same as above. |
| global.account | image{} | dict | Null | Same as above. |
| global.casdoor | image{} | dict | Null | Same as above. |
| service{} | dict | Null | Same as above. | |
| Ingress{} | dict | Null | Same as above. | |
| global.user | image{} | dict | Null | Same as above. |
| global.fluent | elasticsearch.host | dict | Null | Specify the address of the Elasticsearch server for writing data. |
| elasticsearch.port | dict | 9200 | Specifies the port of the Elasticsearch service. | |
| elasticsearch.index | dict | Null | Configures the index name csghub for storing log data in Elasticsearch. | |
Additional Information
ingress.hostsTypically, this parameter needs to specify a valid second-level domain name. The application will automatically use the following domain names for external access to its components.
csghub.example.comMain application domaincasdoor.example.comCasdoor management page domainminio.example.comBuilt-in object storage domain