{{- if ne .Release.Namespace "kubesphere-system" }} {{- fail "This Helm release must be installed in the 'kubesphere-system' namespace." }} {{- end }} --- apiVersion: v1 kind: ConfigMap metadata: name: kubesphere-config data: kubesphere.yaml: | authentication: authenticateRateLimiterMaxTries: {{ .Values.authentication.authenticateRateLimiterMaxTries | default 10 }} authenticateRateLimiterDuration: {{ .Values.authentication.authenticationRateLimiterDuration | default "10m0s" }} loginHistoryRetentionPeriod: {{ .Values.authentication.loginHistoryRetentionPeriod | default "168h" }} multipleLogin: {{ .Values.authentication.enableMultiLogin | default true }} issuer: url: {{ include "portal.url" . | quote }} jwtSecret: {{ include "jwtSecret" . | quote }} maximumClockSkew: {{ .Values.authentication.issuer.maximumClockSkew | default "10s" }} {{- if eq (include "role" .) "member" }} accessTokenMaxAge: 0s {{- else }} accessTokenMaxAge: {{ .Values.authentication.issuer.accessTokenMaxAge }} {{- end }} accessTokenInactivityTimeout: {{ .Values.authentication.issuer.accessTokenInactivityTimeout }} {{- if .Values.s3 }} s3: endpoint: {{ .Values.s3.endpoint | quote }} region: {{ .Values.s3.region | default "us-east-1" }} disableSSL: {{ .Values.s3.disableSSL | default false }} forcePathStyle: {{ .Values.s3.forcePathStyle | default false }} accessKeyID: {{ .Values.s3.accessKeyID | default "admin" }} secretAccessKey: {{ .Values.s3.secretAccessKey | default "admin" }} bucket: {{ .Values.s3.bucket | default "uploads" }} {{- end }} multicluster: clusterRole: {{ include "role" . | quote }} hostClusterName: {{ include "hostClusterName" . | include "validateHostClusterName" | quote }} terminal: kubectl: image: {{ template "kubectl.image" . }} node: image: {{ template "nodeShell.image" . }} uploadFileLimit: 100Mi helmExecutor: image: {{ template "helm.image" . }} timeout: {{ .Values.helmExecutor.timeout }} historyMax: {{ .Values.helmExecutor.historyMax }} jobTTLAfterFinished: {{ .Values.helmExecutor.jobTTLAfterFinished }} {{- if .Values.helmExecutor.resources }} resources: {{- toYaml .Values.helmExecutor.resources | nindent 8 }} {{- end }} {{- if .Values.helmExecutor.affinity }} affinity: {{- toYaml .Values.helmExecutor.affinity | nindent 8 }} {{- end }} extension: imageRegistry: {{ default .Values.extension.imageRegistry "" | quote }} {{- if .Values.extension.nodeSelector }} nodeSelector: {{- toYaml .Values.extension.nodeSelector | nindent 8 }} {{- end }} {{- if and .Values.extension.ingress .Values.extension.ingress.domainSuffix }} ingress: ingressClassName: {{ .Values.extension.ingress.ingressClassName }} domainSuffix: {{ .Values.extension.ingress.domainSuffix }} httpPort: {{ .Values.extension.ingress.httpPort }} httpsPort: {{ .Values.extension.ingress.httpsPort }} {{- end }} experimental: {{- $validationDirective := (.Values.experimental).validationDirective | default "" }} {{- if not (or (eq $validationDirective "") (eq $validationDirective "Ignore") (eq $validationDirective "Strict") (eq $validationDirective "Warn")) }} {{- fail "Invalid value for validationDirective. Must be '', 'Ignore', 'Strict', or 'Warn'." }} {{- else }} validationDirective: {{ $validationDirective | quote }} {{- end }} composedApp: appSelector: {{ .Values.composedApp.appSelector | quote }} kubesphere: tls: {{ .Values.internalTLS }} {{- if and (eq (include "role" .) "host") .Values.ha.enabled -}} {{- if .Values.ha.cache }} cache: {{- toYaml .Values.ha.cache | nindent 6}} {{- else }} cache: type: redis options: host: redis.kubesphere-system.svc port: {{ if .Values.redisHA.enabled }}{{ .Values.redisHA.haproxy.servicePort | default 6379 }}{{ else }}{{ .Values.redis.port | default 6379 }}{{ end }} password: KUBESPHERE_CACHE_OPTIONS_PASSWORD db: 0 {{- end }} {{- end }} auditing: {{- toYaml .Values.auditing | nindent 6}}