1 files changed, 66 insertions, 7 deletions

diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml
index 52f1910a..3a1e41b9 100644
--- a/script/helm/garage/values.yaml
+++ b/script/helm/garage/values.yaml
@@ -4,8 +4,6 @@
 
 # Garage configuration. These values go to garage.toml
 garage:
-  metadataDir: "/mnt/meta"
-  dataDir: "/mnt/data"
   # Default to 3 replicas, see the replication_mode section at
   # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
   replicationMode: "3"
@@ -22,6 +20,41 @@ garage:
     web:
       rootDomain: ".web.garage.tld"
       index: "index.html"
+  # Template for the garage configuration
+  # Values can be templated
+  # ref: https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
+  garage.toml: |-
+    metadata_dir = "/mnt/meta"
+    data_dir = "/mnt/data"
+
+    replication_mode = "{{ .Values.garage.replicationMode }}"
+
+    rpc_bind_addr = "{{ .Values.garage.rpcBindAddr }}"
+    # rpc_secret will be populated by the init container from a k8s secret object
+    rpc_secret = "__RPC_SECRET_REPLACE__"
+
+    bootstrap_peers = {{ .Values.garage.bootstrapPeers }}
+
+    [kubernetes_discovery]
+    namespace = "{{ .Release.Namespace }}"
+    service_name = "{{ include "garage.fullname" . }}"
+    skip_crd = {{ .Values.garage.kubernetesSkipCrd }}
+
+    [s3_api]
+    s3_region = "{{ .Values.garage.s3.api.region }}"
+    api_bind_addr = "[::]:3900"
+    root_domain = "{{ .Values.garage.s3.api.rootDomain }}"
+
+    [s3_web]
+    bind_addr = "[::]:3902"
+    root_domain = "{{ .Values.garage.s3.web.rootDomain }}"
+    index = "{{ .Values.garage.s3.web.index }}"
+    
+    [admin]
+    api_bind_addr = "[::]:3903"
+    {{- if .Values.monitoring.tracing.sink }}
+    trace_sink = "{{ .Values.monitoring.tracing.sink }}"
+    {{- end }}
 
 # Data persistence
 persistence:
@@ -50,6 +83,11 @@ image:
   tag: ""
   pullPolicy: IfNotPresent
 
+initImage:
+  repository: busybox
+  tag: stable
+  pullPolicy: IfNotPresent
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@@ -65,18 +103,19 @@ serviceAccount:
 
 podAnnotations: {}
 
-podSecurityContext: {}
-  # fsGroup: 2000
+podSecurityContext:
+  runAsUser: 1000
+  runAsGroup: 1000
+  fsGroup: 1000
+  runAsNonRoot: true
 
 securityContext:
   # The default security context is heavily restricted
   # feel free to tune it to your requirements
   capabilities:
     drop:
-    - ALL
+      - ALL
   readOnlyRootFilesystem: true
-  runAsNonRoot: true
-  runAsUser: 1000
 
 service:
   # You can rely on any service to expose your cluster
@@ -90,6 +129,7 @@ service:
     web:
       port: 3902
     # NOTE: the admin API is excluded for now as it is not consistent across nodes
+
 ingress:
   s3:
     api:
@@ -153,3 +193,22 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+monitoring:
+  metrics:
+    # If true, a service for monitoring is created with a prometheus.io/scrape annotation
+    enabled: false
+    serviceMonitor:
+      # If true, a ServiceMonitor CRD is created for a prometheus operator
+      # https://github.com/coreos/prometheus-operator
+      enabled: false
+      path: /metrics
+      #  namespace: monitoring  (defaults to use the namespace this chart is deployed to)
+      labels: {}
+      interval: 15s
+      scheme: http
+      tlsConfig: {}
+      scrapeTimeout: 10s
+      relabelings: []
+  tracing:
+    sink: ""
\ No newline at end of file