-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
478 lines (443 loc) · 15.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
## @section CTFd configuration parameters
## CTFd is configured using environment variables
## Official documentation : https://docs.ctfd.io/docs/deployment/configuration
##
## @param security.sessionCookie.httpOnly Value of the HttpOnly flag for session cookies
## @param security.sessionCookie.sameSite Value of the SameSite parameter of session cookies
## @param security.permanentSessionLifetime The Flask session lifetime, in seconds
##
security:
sessionCookie:
httpOnly: true
sameSite: "Lax"
permanentSessionLifetime: 604800
mail:
## @param mail.addressFrom A source address for sent emails
##
addressFrom: [email protected]
smtp:
## @param mail.smtp.enabled Enable to send emails through an SMTP server
##
enabled: false
## @param mail.smtp.server Address of the SMTP server
##
server: ""
## @param mail.smtp.port Port of the SMTP
##
port: 465
## @param mail.smtp.useAuth Whether CTFd should authenticate to the SMTP server
##
useAuth: false
## @param mail.smtp.username SMTP username for authentication
##
username: ""
## @param mail.smtp.password SMTP password for authentication
##
password: ""
## @param mail.smtp.tls Use TLS to communicate with the SMTP server
##
tls: true
## @param mail.smtp.ssl Use SSL to communicate with the SMTP server
##
ssl: false
## @param mail.smtp.addressSender SMTP SENDER field value
##
addressSender: ""
## @param mail.smtp.existingSecret Name of an existing secret with smtpUsername and smtpPassword keys
##
existingSecret: ""
mailgun:
## @param mail.mailgun.enabled Enable to send emails through a mailgun API
##
enabled: false
## @param mail.mailgun.apiKey A mailgun API key
##
apiKey: ""
## @param mail.mailgun.baseUrl Base url for the mailgun API
##
baseUrl: ""
## @param mail.mailgun.existingSecret Name of an existing secret with a mailgunApiKey key
##
existingSecret: ""
## @param logFolder A folder where CTFd should store logs for submissions, registrations and logins
##
logFolder: ""
optional:
## @param optional.reverseProxy Whether CTFd should trust X-Forwarded headers. Checkout the CTFd documentation for more details on the possible values.
##
reverseProxy: true
## @param optional.themeFallback Whether CTFd should fallback to the core theme for missing resources
##
themeFallback: true
## @param optional.swaggerUi Whether to enable the swagger endpoint at /api/v1
##
swaggerUi: false
## @param optional.updateCheck Whether to check for updates
##
updateCheck: true
## @param optional.serverSentEvents Whether to use server sent event notifications
##
serverSentEvents: true
## @param optional.htmlSanitization Whether CTFd should sanitize html content
##
htmlSanitization: false
## @param optional.sqlAlchemy.trackModifications Leave disabled to save memory
## @param optional.sqlAlchemy.maxOverflow SqlAlchemy max overflow engine setting
## @param optional.sqlAlchemy.poolPrePing SqlAlchemy pool pre ping engine setting
##
sqlAlchemy:
trackModifications: false
maxOverflow: ""
poolPrePing: ""
## @param optional.safeMode If enabled, CTFd will not load any plugins
safeMode: false
## @param oauth.enabled Whether to enable MajorLeagueCyber integration
## @param oauth.clientId MajorLeagueCyber oauth client ID
## @param oauth.clientSecret MajorLeagueCyber oauth client secret
oauth:
enabled: false
clientId: ""
clientSecret: ""
## @section CTFd deployment basic parameters
##
## @param image.image Full container image path for the CTFd deployment
## @param image.pullSecret A pull secret name for the CTFd image
## @param image.pullPolicy CTFd image pull policy
##
image:
image: "ghcr.io/ctfd/ctfd:3.5.3"
pullSecret: ""
pullPolicy: IfNotPresent
## @param httpPort The http port the CTFd container listens on
##
httpPort: 8000
## @param replicaCount Number of replicas for the CTFd deployment
##
replicaCount: 1
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param extraEnvVars Array with extra environment variables to add to the CTFd container
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars
##
extraEnvVarsSecret: ""
## @section CTFd deployment security contexts
##
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Enabled CTFd pods' Security Context
## @param podSecurityContext.fsGroup Set CTFd pod's Security Context fsGroup
## @param podSecurityContext.seccompProfile.type Set CTFd container's Security Context seccomp profile
##
podSecurityContext:
enabled: true
fsGroup: 1001
seccompProfile:
type: "RuntimeDefault"
## Configure Container Security Context (only main container)
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enabled CTFd containers' Security Context
## @param containerSecurityContext.runAsUser Set CTFd container's Security Context runAsUser
## @param containerSecurityContext.runAsNonRoot Set CTFd container's Security Context runAsNonRoot
## @param containerSecurityContext.allowPrivilegeEscalation Set CTFd container's privilege escalation
## @param containerSecurityContext.capabilities.drop Set CTFd container's Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
## @section CTFd deployment probes parameters
## Reference: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
##
## Startup probe parameters
## @extra startupProbe a template for the startup probe
## @param startupProbe.enabled Whether to enable the probe
## @skip startupProbe.httpGet
## @skip startupProbe.initialDelaySeconds
## @skip startupProbe.periodSeconds
##
startupProbe:
enabled: false
httpGet:
path: /healthcheck
port: 'http'
initialDelaySeconds: 5
periodSeconds: 3
## Readiness probe parameters
## @extra startupProbe a template for the startup probe
## @param readinessProbe.enabled Whether to enable the probe
## @skip readinessProbe.httpGet
## @skip readinessProbe.initialDelaySeconds
## @skip readinessProbe.periodSeconds
##
readinessProbe:
enabled: true
httpGet:
path: /healthcheck
port: 'http'
initialDelaySeconds: 10
periodSeconds: 3
## Liveness probe parameters
## @extra livenessProbe a template for the startup probe
## @param livenessProbe.enabled Whether to enable the probe
## @skip livenessProbe.httpGet
## @skip livenessProbe.initialDelaySeconds
## @skip livenessProbe.periodSeconds
##
livenessProbe:
enabled: true
httpGet:
path: /healthcheck
port: 'http'
initialDelaySeconds: 10
periodSeconds: 60
## @section CTFd deployment resource requests and limits
##
## @extra resources A container resource template
##
resources:
requests:
## @param resources.requests.memory Requested amount of RAM for CTFd containers
##
memory: 200Mi
## @param resources.requests.cpu Requested amount of CPU for CTFd containers
##
cpu: 400m
## @param resources.limits Maximum resources for CTFd containers before they get restarted or killed
limits: {}
## @section CTFd service parameters
##
## @param service.type Kubernetes service type
## @param service.port Service port
##
service:
type: ClusterIP
port: 80
## @section CTFd ingress parameters
##
## @param ingress.enabled Whether to enable the CTFd ingress
## @param ingress.hostname Ingress hostname
## @param ingress.annotations [object] annotation to add to the ingress resource
ingress:
enabled: true
hostname: example.com
annotations: {}
## @section CTFd deployment autoscaling parameters
##
autoscaling:
## @param autoscaling.enabled Set this to true to deploy a horizontal pod autoscaler for CTFd
##
enabled: false
## @param autoscaling.minReplicas Minimum number of CTFd pods
##
minReplicas: 1
## @param autoscaling.maxReplicas Maximum number of CTFd pods
##
maxReplicas: 25
## @param autoscaling.targetCPU Target CPU usage for CTFd pods (in % of requested). Set to 0 to disable.
##
targetCPU: 65
## @param autoscaling.targetMemory Target RAM usage for CTFd pods (in % of requested). Set to 0 to disable.
##
targetMemory: 0
scaleDown:
## @param autoscaling.scaleDown.stabilizationWindowSeconds Scale down stabilization window
##
stabilizationWindowSeconds: 300
## @param autoscaling.scaleDown.periodSeconds Scale down period
##
periodSeconds: 15
## @param autoscaling.scaleDown.percent Maximum percent of pods to remove in the given period
##
percent: 100
## @param autoscaling.scaleDown.pods Maximum number of pods to remove in the given period
pods: 5
scaleUp:
## @param autoscaling.scaleUp.stabilizationWindowSeconds Scale up stabilization window
##
stabilizationWindowSeconds: 0
## @param autoscaling.scaleUp.periodSeconds Scale up period
##
periodSeconds: 15
## @param autoscaling.scaleUp.percent Maximum percent of pods to add in the given period
##
percent: 100
## @param autoscaling.scaleUp.pods Maximum number of pods to add in the given period
##
pods: 10
## @section Database Parameters
##
## MariaDB chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml
##
mariadb:
## @param mariadb.enabled Deploy a MariaDB server to satisfy the applications database requirements
## To use an external database set this to false and configure the `externalDatabase.*` parameters
## If neither this nor `externalDatabase.enabled` is set, CTFd will use a temporary SQLite database as a fallback
##
enabled: true
## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication`
##
architecture: standalone
## MariaDB Authentication parameters. If passwords are not provided, they will be generated randomly.
## @param mariadb.auth.database MariaDB custom database
## @param mariadb.auth.username MariaDB custom username
## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run
## https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run
## https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run
##
auth:
database: "ctfd"
username: "ctfd"
## MariaDB Primary configuration
##
primary:
## MariaDB Primary Persistence parameters
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
## @param mariadb.primary.persistence.enabled Enable persistence on MariaDB using PVC(s)
## @param mariadb.primary.persistence.storageClass Persistent Volume storage class
## @param mariadb.primary.persistence.accessModes [array] Persistent Volume access modes
## @param mariadb.primary.persistence.size Persistent Volume size
##
persistence:
enabled: true
storageClass: ""
accessModes:
- ReadWriteOnce
size: 8Gi
## External database configuration
## These values are ignored unless mariadb.enable is set to false
##
externalDatabase:
## @param externalDatabase.enabled Whether to use an external database
## CTFd will default to a temporary sqlite database if non is provided
##
enabled: false
## @param externalDatabase.protocol Protocol schema to use when connecting to the external database
##
protocol: "mysql+pymysql"
## @param externalDatabase.host External Database server host
##
host: "localhost"
## @param externalDatabase.port External Database server port
##
port: 3306
## @param externalDatabase.user External Database username
##
user: "ctfd"
## @param externalDatabase.password External Database user password
##
password: ""
## @param externalDatabase.database External Database database name
##
database: "ctfd"
## @param externalDatabase.existingSecret The name of an existing secret with database credentials. Evaluated as a template
## NOTE: Must contain key `mariadb-password`
## NOTE: When it's set, the `externalDatabase.password` parameter is ignored
##
existingSecret: ""
## @section Redis cache parameters
##
redis:
## @param redis.enabled Deploy a Redis server to satisfy the applications caching requirements
## To use an external cache set this to false and configure the `externalRedis.*` parameters
## If neither this nor `externalRedis.enabled` is set, CTFd will use its internal file-based cache.
##
enabled: true
## @param redis.architecture Redis chart architecture option
##
architecture: standalone
externalRedis:
## @param externalRedis.enabled Whether to use an external redis instance
##
enabled: false
## @param externalRedis.protocol Redis protocol scheme to use
##
protocol: "redis"
## @param externalRedis.host External Redis server host
##
host: "localhost"
## @param externalRedis.port External Redis server port
##
port: 6379
## @param externalRedis.user External Redis user
##
user: ""
## @param externalRedis.index External Redis index (database)
##
index: ""
## @param externalRedis.password External Redis password
##
password: ""
## @param externalRedis.existingSecret Name of an existing secret containing a redis-password key
##
existingSecret: ""
## @section MinIO S3 parameters
minio:
## @param minio.enabled Deploy a MinIO server to provide an upload provider
## To use an external S3 endpoint set this to false and configure the `externalS3.*` parameters
## If neither this nor `externalS3.enabled` is set, CTFd will use its internal file-based upload system.
##
enabled: true
## @param minio.mode MinIO® server mode (`standalone` or `distributed`)
## ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide
##
mode: standalone
## @param minio.defaultBuckets Bucket name to use for CTFd
## e.g:
## defaultBuckets: "my-bucket, my-second-bucket"
##
defaultBuckets: ctfd
## MinIO® authentication parameters
##
auth:
## @param minio.auth.rootUser MinIO® root username
##
rootUser: admin
## @param minio.auth.rootPassword Password for MinIO® root user
##
rootPassword: ""
## @param minio.auth.existingSecret Use existing secret for credentials details (`minio.auth.rootUser` and `minio.auth.rootPassword` will be ignored and picked up from this secret). The secret has to contain the keys `root-user` and `root-password`)
##
existingSecret: ""
## @param minio.externalEndpoint the external HTTP(S) S3 API endpoint MinIO will be accessible from (e.g. `https://s3.my-ctf.com`). This endpoint needs to be reachable by users. If this value is not set, MinIO's API ingress configuration will be used. If this is not set either, CTFd will use the API service name.
externalEndpoint: ""
## @section S3 parameters
##
externalS3:
## @param externalS3.enabled Whether to use an external S3 endpoint to store uploads
##
enabled: false
## @param externalS3.endpoint External S3 API endpoint URL
##
endpoint: https://s3.amazonaws.com
## @param externalS3.region External S3 API region
##
region: us-east-1
## @param externalS3.bucket External S3 bucket name
##
bucket: ctfd
## @param externalS3.accessKey External S3 API access key
##
accessKey: ""
## @param externalS3.secretKey External S3 API secret key
##
secretKey: ""
## @param externalS3.existingSecret Name of an existing secret containing a accessKey and secretKey keys
##
existingSecret: ""