This is a Helm chart for deploying CTFd on Kubernetes. It deploys the official CTFd Docker image. HA and Autoscaling + MariaDB + Redis + S3 Storage. Also supports using external MariaDB/Redis/S3.
helm repo add ctfd https://scribblercoder.github.io/CTFd-Helm
helm install ctfd ctfd/ctfd
# OR
helm install ctfd ctfd/ctfd -f values.yaml
Build helm dependencies (MariaDB/Redis/SeaweedFS) before installing the chart.
helm dependency update
Set the values in values.yaml
to your desired configuration. Then install
helm install release-name . -f values.yaml --create-namespace --namespace ctfd
helm uninstall release-name --namespace ctfd
SECRET_KEY
is automatically generated during installation/upgrade. You can find it in the secret release-name-ctfd-secret-key
. This secret is injected as environment variable in all CTFd pods.seaweedfs.enabled
to false
and configure the external S3 provider in ctfd.uploadprovider.s3
.filesystem
uploadprovider. This needs ReadWriteMany
PVCs which are expensive in cloud providers and not recommended for production use. S3 is fast and cheap.ctfd:
image:
tag: "3.7.3"
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
mariadb:
enabled: true
architecture: standalone
primary:
size: 2Gi
redis:
enabled: true
seaweedfs:
enabled: true
s3:
enabled: true
ctfd:
image:
tag: "3.7.3"
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 10
uploadprovider:
s3:
bucket: ""
endpoint_url: ""
secret_access_key: ""
access_key_id: ""
mariadb:
enabled: false
external:
port: 3306
host: ""
username: ""
password: ""
database: ""
redis:
enabled: false
external:
port: 6379
host: ""
username: ""
password: ""
seaweedfs:
enabled: false
ctfd:
image:
tag: "3.7.3"
replicas: 2
autoscaling:
enabled: false
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: "1"
memory: 1Gi
Repository | Name | Version |
---|---|---|
https://charts.bitnami.com/bitnami | mariadb | 19.0.5 |
https://charts.bitnami.com/bitnami | redis | 20.0.5 |
https://seaweedfs.github.io/seaweedfs/helm | seaweedfs | 4.0.0 |
Key | Type | Default | Description |
---|---|---|---|
ctfd.affinity | object | {} |
CTFd affinity |
ctfd.autoscaling.enabled | bool | true |
Enables HPA autoscaling |
ctfd.autoscaling.maxReplicas | int | 10 |
Autoscaling max replicas |
ctfd.autoscaling.minReplicas | int | 2 |
Autoscaling min replicas |
ctfd.autoscaling.targetCPUUtilizationPercentage | int | 80 |
Autoscaling target CPU utilization percentage |
ctfd.autoscaling.targetMemoryUtilizationPercentage | int | 80 |
Autoscaling target memory utilization percentage |
ctfd.fullnameOverride | string | "" |
Chart fullname override |
ctfd.image.pullPolicy | string | "IfNotPresent" |
image pull policy. One of Always, Never, IfNotPresent |
ctfd.image.repository | string | "ghcr.io/ctfd/ctfd" |
repository link to the CTFd docker image |
ctfd.image.tag | string | latest |
CTFd image tag (check https://github.com/CTFd/CTFd/pkgs/container/ctfd) |
ctfd.imagePullSecrets | list | [] |
Image pull secrets (use this for private repos) |
ctfd.ingress.annotations | object | {} |
Ingress annotations |
ctfd.ingress.className | string | "" |
Ingress class |
ctfd.ingress.enabled | bool | false |
Enables ingress |
ctfd.initContainers | list | [] |
|
ctfd.livenessProbe | object | Check values.yaml |
CTFd readiness probe |
ctfd.nameOverride | string | "" |
Chart name override |
ctfd.nodeSelector | object | {} |
CTFd node selector |
ctfd.pdb.enabled | bool | true |
Deploy a [PodDisruptionBudget] for the application controller |
ctfd.pdb.maxUnavailable | string | "50%" |
Number of pods that are unavailable after eviction as number or percentage (eg.: 50%). # Has higher precedence over controller.pdb.minAvailable |
ctfd.pdb.minAvailable | string | "" (defaults to 0 if not specified) |
Number of pods that are available after eviction as number or percentage (eg.: 50%) |
ctfd.podAnnotations | object | {} |
CTFd pod annotations |
ctfd.podLabels | object | {} |
CTFd pod labels |
ctfd.podSecurityContext | object | {} |
CTFd pod security context |
ctfd.readinessProbe | object | Check values.yaml |
CTFd readiness probe |
ctfd.replicaCount | int | 2 |
CTFd replica count (If autoscaling is enabled, this value is ignored) |
ctfd.resources.limits.cpu | string | "2" |
CTFd pod CPU limit |
ctfd.resources.limits.memory | string | "2Gi" |
CTFd pod memory limit |
ctfd.resources.requests.cpu | string | "1" |
CTFd pod CPU request |
ctfd.resources.requests.memory | string | "1Gi" |
CTFd pod memory request |
ctfd.securityContext.runAsNonRoot | bool | true |
|
ctfd.securityContext.runAsUser | int | 1001 |
|
ctfd.serviceAccount.annotations | object | {} |
CTFd service account annotations |
ctfd.serviceAccount.automount | bool | true |
CTFd service account mount API credentials |
ctfd.serviceAccount.create | bool | true |
creates a CTFd service account |
ctfd.serviceAccount.name | string | "" |
CTFd service account name |
ctfd.tolerations | list | [] |
CTFd tolerations |
ctfd.updateStrategy.maxSurge | int | 2 |
CTFd update strategy rolling update max surge (extra pods during rolling update) |
ctfd.updateStrategy.maxUnavailable | string | "25%" |
CTFd update strategy rolling update max unavailable pods count |
ctfd.uploadprovider.s3.access_key_id | string | "" |
AWS S3 bucket secret key id |
ctfd.uploadprovider.s3.bucket | string | "" |
AWS S3 bucket name |
ctfd.uploadprovider.s3.endpoint_url | string | "" |
AWS S3 bucket region |
ctfd.uploadprovider.s3.secret_access_key | string | "" |
AWS S3 bucket access key |
ctfd.volumeMounts | list | [] |
CTFd volumeMounts |
ctfd.volumes | list | [] |
CTFd volumes |
mariadb.architecture | string | "standalone" |
MariaDB Architecture (standalone , replication ) |
mariadb.auth.database | string | "ctfd" |
|
mariadb.auth.password | string | "ctfd" |
|
mariadb.auth.rootPassword | string | "ctfd" |
|
mariadb.auth.username | string | "ctfd" |
|
mariadb.enabled | bool | true |
Deploys bitnami's mariadb (set to false if you want to use an external database) |
mariadb.external | object | ignored | External database connection details. Takes effect if mariadb.enabled is set to false |
mariadb.metrics.enabled | bool | true |
|
mariadb.primary.extraFlags | string | Check values.yaml . Used by official CTFd docker-compose.yml |
MariaDB primary entrypoint extra flags |
mariadb.primary.persistence.enabled | bool | true |
|
mariadb.primary.persistence.size | string | "2Gi" |
|
mariadb.primary.resourcesPreset | string | "small" |
Check Bintami's documentation |
mariadb.secondary.extraFlags | string | Check values.yaml . Used by official CTFd docker-compose.yml |
MariaDB primary entrypoint extra flags |
mariadb.secondary.persistence.enabled | bool | true |
|
mariadb.secondary.persistence.size | string | "2Gi" |
|
mariadb.secondary.replicaCount | int | 1 |
|
mariadb.secondary.resourcesPreset | string | "small" |
Check Bintami's documentation |
mariadb.volumePermissions.enabled | bool | true |
|
redis.auth.enabled | bool | false |
|
redis.enabled | bool | true |
Deploys bitnami's redis (set to false if you want to use an external cache) |
redis.external | object | ignored | External redis cache connection details. Takes effect if redis.enabled is set to false |
redis.master.count | int | 1 |
|
redis.master.persistence.enabled | bool | false |
|
redis.master.resourcesPreset | string | "micro" |
Check Bintami's documentation |
redis.metrics.enabled | bool | true |
|
redis.replica.autoscaling.enabled | bool | true |
|
redis.replica.autoscaling.targetCPU | string | "80" |
|
redis.replica.persistence.enabled | bool | false |
|
redis.replica.resourcesPreset | string | "micro" |
Check Bintami's documentation |
redis.sysctl.enabled | bool | true |
|
redis.volumePermissions.enabled | bool | true |
|
seaweedfs.enabled | bool | true |
Deploys seaweedfs (set to false if you want to use an bucket) |
seaweedfs.filer.data.size | string | "5Gi" |
seaweedfs-filer storage size |
seaweedfs.filer.data.type | string | "persistentVolumeClaim" |
seaweedfs-filer data storage type |
seaweedfs.filer.enablePVC | bool | true |
seaweedfs-filer enable PVC for data persistence |
seaweedfs.filer.replicas | int | 1 |
seaweedfs-filer replicas |
seaweedfs.filer.s3.createBuckets | list | [{"name":"ctfd-bucket"}] |
seaweedfs-s3 create bucket upon deploying |
seaweedfs.filer.s3.enableAuth | bool | false |
seaweedfs-s3 enable authentication (no need since seaweed is private to the cluster) |
seaweedfs.filer.s3.enabled | bool | true |
seaweedfs-s3 enable. This enables S3 API (Should be left to true ) |
seaweedfs.filer.storage | string | "5Gi" |
seaweedfs-filer PVC storage size |
seaweedfs.master.data.size | string | "5Gi" |
seaweedfs storage size |
seaweedfs.master.data.type | string | "persistentVolumeClaim" |
seaweedfs data storage type |
seaweedfs.master.replicas | int | 1 |
seaweedfs-master replicas |
seaweedfs.volume.replicas | int | 1 |
seaweedfs-volume replicas |
Autogenerated from chart metadata using helm-docs