values.yaml を更新

values.yaml

@@ -1,3 +1,7 @@
+# Default values for phpmyadmin-nginx
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
 replicaCount: 1
 
 image:
@@ -6,55 +10,196 @@ image:
     repository: nginx
     tag: "1.29.3-alpine-perl"
     pullPolicy: IfNotPresent
-  wordpress:
+  phpmyadmin:
     registry: docker.io
-    repository: repo-name
+    repository: phpmyadmin
-    tag: "fpm-alpine"
+    tag: "5.2.3-fpm-alpine"
     pullPolicy: IfNotPresent
 
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: true
+  annotations: {}
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext:
+  fsGroup: 82
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault
+
+securityContext:
+  nginx:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - ALL
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+    runAsUser: 101
+  phpmyadmin:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+      - ALL
+    readOnlyRootFilesystem: false
+    runAsNonRoot: true
+    runAsUser: 82
+
 service:
  # type: ClusterIP
   type: LoadBalancer
   port: 80
+  targetPort: 8080
+  annotations: {}
 
 ingress:
   enabled: false
-  className: ""
+  className: "nginx"
   annotations: {}
   #  {
   #    acme.cert-manager.io/http01-ingress-class: "nginx",
   #    cert-manager.io/cluster-issuer: "letsencrypt-issuer",
   #    nginx.ingress.kubernetes.io/from-to-www-redirect: "true",
-  #    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
+  #    nginx.ingress.kubernetes.io/proxy-body-size: "100m",
+  #    nginx.ingress.kubernetes.io/rate-limit: "10"
   #  }
   hosts:
-    - host: example.tld
+    - host: phpmyadmin.local
       paths:
         - path: /
           pathType: Prefix
   tls: []
-  #  [
+  #  - secretName: phpmyadmin-tls
-  #    {
+  #    hosts:
-  #        hosts: [ "example.com" ],
+  #      - phpmyadmin.local
-  #        secretName: "example-tls"
-  #      }
-  #  ]
 
-persistence:
+resources:
-  enabled: true
+  nginx:
-  accessMode: ReadWriteOnce
+    limits:
-  size: 1Gi
+      cpu: 200m
+      memory: 128Mi
+    requests:
+      cpu: 100m
+      memory: 64Mi
+  phpmyadmin:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 250m
+      memory: 256Mi
 
+autoscaling:
+  enabled: false
+  minReplicas: 2
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 80
+  targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+    - weight: 100
+      podAffinityTerm:
+        labelSelector:
+          matchExpressions:
+          - key: app.kubernetes.io/name
+            operator: In
+            values:
+            - phpmyadmin-nginx
+        topologyKey: kubernetes.io/hostname
+
+# phpMyAdmin specific configuration
+phpmyadmin:
+  # MySQL/MariaDB server configuration
+  hosts:
+    - host: mysql.default.svc.cluster.local
+      port: 3306
+  
+  # Environment variables
+  env:
+    PMA_ARBITRARY: "0"
+    PMA_ABSOLUTE_URI: ""
+    UPLOAD_LIMIT: "128M"
+    MEMORY_LIMIT: "512M"
+    MAX_EXECUTION_TIME: "600"
+  
+  # Secret for blowfish secret (auto-generated if not provided)
+  blowfishSecret: ""
+  existingSecret: ""
+
+# Nginx configuration
 nginx:
-  customConfig:
+  config:
-    enabled: false
+    clientMaxBodySize: "128m"
-    snippet: |-
+    workerProcesses: "auto"
+    workerConnections: "1024"
 
-externalDatabase:
+# Persistence for sessions
-  host: mariadb-hostname
+persistence:
-  port: 3306
+  enabled: false
-  database: dbname
+  storageClass: ""
-  username: user
+  accessMode: ReadWriteMany
-  password: pass
+  size: 1Gi
+  annotations: {}
 
-resources: {}
+# Liveness and readiness probes
+livenessProbe:
+  enabled: true
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+readinessProbe:
+  enabled: true
+  initialDelaySeconds: 10
+  periodSeconds: 5
+  timeoutSeconds: 3
+  failureThreshold: 3
+  successThreshold: 1
+
+# Network Policy
+networkPolicy:
+  enabled: false
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            name: ingress-nginx
+      ports:
+      - protocol: TCP
+        port: 8080
+  egress:
+    - to:
+      - namespaceSelector: {}
+      ports:
+      - protocol: TCP
+        port: 3306
+    - to:
+      - namespaceSelector:
+          matchLabels:
+            name: kube-system
+      ports:
+      - protocol: UDP
+        port: 53
+
+# Pod Disruption Budget
+podDisruptionBudget:
+  enabled: true
+  minAvailable: 1
+  # maxUnavailable: 1