kubesphere/config/ks-core/templates/kubesphere-config.yaml

{{- if ne .Release.Namespace "kubesphere-system" }}
{{- fail "This Helm release must be installed in the 'kubesphere-system' namespace." }}
{{- end }}

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: kubesphere-config
data:
  kubesphere.yaml: |
    authentication:
      authenticateRateLimiterMaxTries: {{ .Values.authentication.authenticateRateLimiterMaxTries | default 10 }}
      authenticateRateLimiterDuration: {{ .Values.authentication.authenticationRateLimiterDuration | default "10m0s" }}
      loginHistoryRetentionPeriod: {{ .Values.authentication.loginHistoryRetentionPeriod | default "168h"  }}
      multipleLogin: {{ .Values.authentication.enableMultiLogin | default true }}
      issuer:
        url: {{ include "portal.url" . | quote }}
        jwtSecret: {{ include "jwtSecret" . | quote }}
        maximumClockSkew: {{ .Values.authentication.issuer.maximumClockSkew | default "10s" }}
        {{- if eq (include "multicluster.role" .) "member" }}
        accessTokenMaxAge: 0s
        {{- else }}
        accessTokenMaxAge: {{ .Values.authentication.issuer.accessTokenMaxAge }}
        {{- end }}
        accessTokenInactivityTimeout: {{ .Values.authentication.issuer.accessTokenInactivityTimeout }}
    {{- if .Values.s3 }}
    s3:
      endpoint: {{ .Values.s3.endpoint | quote  }}
      region: {{ .Values.s3.region | default "us-east-1"  }}
      disableSSL: {{ .Values.s3.disableSSL | default false  }}
      forcePathStyle: {{ .Values.s3.forcePathStyle | default false  }}
      accessKeyID: {{ .Values.s3.accessKeyID | default "admin"  }}
      secretAccessKey: {{ .Values.s3.secretAccessKey | default "admin"  }}
      bucket: {{ .Values.s3.bucket | default "uploads"  }}
      {{- end }}
    multicluster:
      clusterRole: {{ include "multicluster.role" . | quote }}
      hostClusterName: {{ include "multicluster.hostClusterName" . | include "validateHostClusterName" | quote }}
    kubeconfig:
      # service-account-token client-certificate oidc-token webhook-token
      authMode: {{ (.Values.kubeconfig).authMode | default "client-certificate" }}
    terminal:
      kubectl:
        image: {{ include "kubectl.image" . | quote }}
      node:
        image: {{ include "nodeShell.image" . | quote }}
      uploadFileLimit: 100Mi
    helmExecutor:
      image: {{ include "helm.image" . | quote }}
      timeout: {{ .Values.helmExecutor.timeout }}
      historyMax: {{ .Values.helmExecutor.historyMax }}
      jobTTLAfterFinished: {{ .Values.helmExecutor.jobTTLAfterFinished }}
      {{- if .Values.helmExecutor.resources }}
      resources: {{- toYaml .Values.helmExecutor.resources | nindent 8 }}
      {{- end }}
      {{- if .Values.helmExecutor.affinity }}
      affinity: {{- toYaml .Values.helmExecutor.affinity | nindent 8 }}
      {{- end }}
    extension:
      imageRegistry: {{ default .Values.extension.imageRegistry "" | quote }}
      {{- if .Values.extension.nodeSelector }}
      nodeSelector: {{- toYaml .Values.extension.nodeSelector | nindent 8 }}
      {{- end }}
      {{- if and .Values.extension.ingress .Values.extension.ingress.domainSuffix }}
      ingress:
        ingressClassName: {{ .Values.extension.ingress.ingressClassName }}
        domainSuffix: {{ .Values.extension.ingress.domainSuffix }}
        httpPort: {{ .Values.extension.ingress.httpPort }}
        httpsPort: {{ .Values.extension.ingress.httpsPort }}
      {{- end }}
    experimental:
      {{- $validationDirective := (.Values.experimental).validationDirective | default ""  }}
      {{- if not (or (eq $validationDirective "") (eq $validationDirective "Ignore") (eq $validationDirective "Strict") (eq $validationDirective "Warn")) }}
        {{- fail "Invalid value for validationDirective. Must be '', 'Ignore', 'Strict', or 'Warn'." }}
      {{- else }}
      validationDirective: {{ $validationDirective | quote }}
      {{- end }}
    composedApp:
      appSelector: {{ .Values.composedApp.appSelector | quote }}
    kubesphere:
      tls: {{ .Values.internalTLS }}
    {{- if and (eq (include "multicluster.role" .) "host") .Values.ha.enabled -}}
    {{- if .Values.ha.cache }}
    cache: {{- toYaml .Values.ha.cache | nindent 6}}
    {{- else }}
    cache:
      type: redis
      options:
        host: redis.kubesphere-system.svc
        port: {{ if .Values.redisHA.enabled }}{{ .Values.redisHA.haproxy.servicePort | default 6379 }}{{ else }}{{ .Values.redis.port | default 6379 }}{{ end }}
        password: KUBESPHERE_CACHE_OPTIONS_PASSWORD
        db: 0
    {{- end }}
    {{- end }}
    auditing: {{- toYaml .Values.auditing | nindent 6}}