public/nplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
nplus/charts/envoperator/values.yaml

231 lines
11 KiB
YAML
Raw Permalink Normal View History

Public Information
2025-01-24 16:18:47 +01:00
# yaml-language-server: $schema=values.schema.json
# -- provide the image to be used for this component
image:
# -- if you use a private repo, feel free to set it here
repo: cr.nplus.cloud/subscription
# -- the name of the image to use
name: operator
# -- the tag of the image to use
tag: latest
pullPolicy: IfNotPresent
# -- you can provide your own pullSecrets, in case you use
# a private repo.
pullSecrets:
- nscale-cr
- nplus-cr
# -- Enables the web ui, default under /monitoring
ui: true
meta:
# -- lists the ports this component exposes. This is important for zero trust mode and others.
ports:
# -- The http port this component uses (if any). In zero trust mode, this will be disabled.
# @internal -- this is a constant value of the component and should not be changed.
http: 8080
# -- The tls / https port, this component uses (if any)
# @internal -- this is a constant value of the component and should not be changed.
https: 8443
# -- A potential tcp port, this component uses (if any)
# @internal -- this is a constant value of the component and should not be changed.
tcp:
# -- A potential tls / tcps port, this component uses (if any)
# @internal -- this is a constant value of the component and should not be changed.
tcps:
# -- A potential rmi port, this component uses (if any)
# @internal -- this is a constant value of the component and should not be changed.
rmi:
# -- the type of the component. You should not change this value, except if
# you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner*
# This type is used to create cluster communication for nappl and nstl and potentially
# group multiple replicaSets into one service.
type: envoperator
# -- sets tenant information to be able to invoice per use in a cloud environment
tenant:
# -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment
provider:
# -- Sets the wave in which this component should be deployed within an ArgoCD deployment
# if unset, it uses the default wave thus all components are installed in one wave, then relying
# on correct wait settings just like in a helm installation
wave:
# -- Sets the language of the main service (in the *service* container). This is used for instance
# if you turn OpenTelemetry on, to know which Agent to inject into the container.
language:
# -- The container name of the main service for this component. This is used to define where to
# inject the telemetry agents, if any
serviceContainer:
# -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment
# runs in. This can be used in template functions to add the stage to for instance the service name of
# telemetry services like open telemetry. (see telemetry example)
stage:
# -- This is the version of the component, used for display
# @internal -- set by devOps pipeline, so do not modify
componentVersion:
# -- Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)
ingress:
# -- You can toggle the ingress on wether you'd like this component
# to be reachable through an ingress or not.
enabled: true
# -- Overrides the default backend protocol. The default is http,
# unless in zeroTrust Mode, then it is switched to https automatically.
# @default -- `http` <br> `https` in zero trust mode
backendProtocol:
# -- defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason
# Example: `/nscalealinst1(/\|$)(.*)`
# @internal -- This is an alpha feature - do not use it.
inputPath:
# -- defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason
# Example: `/nscalealinst1/$2`
# @internal -- This is an alpha feature - do not use it.
rewriteTarget:
# -- deny is used to exclude specific paths from public access, such as
# administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is
# the burlap protocol. The configuration service is the endpoint used by
# the Admin client.
deny:
# -- on component level, set cookie affinity for the ingress
# example: `XtConLoadBalancerSession` for nscale Web
cookie:
# -- Sets the name of the tls secret to be used for this ingress, that contains
# the private and public key. These secrets can optionally be provided by the instance
# @default -- `{{ .this.ingress.domain }}-tls`
secret:
# -- Sets the domain to be used. This domain should be provided by the instance globally
# for all components, but you are free to override it here
domain:
# -- The ingressclass to use for this ingress. Most likely, this is provided globally by the
# instance, but you are free to override it here if this component should use a different class
# e.g. if you have separated ingress controllers, like a public and an internal one
# @default -- `public`
class:
# -- optionally sets a whitelist of ip ranges (CIDR format, comma separated)
# from which ingress is allowed. This is an annotation for nginx, so won't work with other
# ingress controllers
whitelist:
# -- Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy
# to allow traffic from this namespace to our pods. This may be a comma separated list
# @default -- "ingress, kube-system, ingress-nginx"
namespace:
# -- The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the
# most though this is only a constant used in the scripts.
contextPath: "/monitoring"
# -- Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.
proxyReadTimeout:
# -- Adds extra Annotations to the ingress
annotations:
# -- Security Section defining default runtime environment for your container
security:
podSecurityContext:
# -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context
# for security
# @internal -- there is normally no need to change this
runAsUser: 1001
# -- The file system group as which new files are created
# @internal -- there is normally no need to change this
fsGroup: 1001
# -- Under which condition should the fsGroup be changed
# @internal -- there is normally no need to change this
fsGroupChangePolicy: OnRootMismatch
containerSecurityContext:
# -- sets the container root file system to read only. This should be the case in production environment
# @internal -- you should not change this
readOnlyRootFilesystem: true
# -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive
# @internal -- you should not change this
allowPrivilegeEscalation: false
# -- Capabilities this container should have. Only allow the necessity, and drop as many as possible
# @internal -- you should not change this
capabilities:
drop:
- ALL
# -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes
# @default -- `false`
zeroTrust:
# -- Assigns hardware resources to container
resources:
# -- Requests are used to assign a minimum to a container. This is the guaranteed amount
requests:
# -- Set the share of guaranteed CPU to the container.
cpu: "1m"
# -- Set the share of guaranteed RAM to the container
memory: "64Mi"
# -- Limits the maximum resources
limits:
# -- The maximum allowed CPU for the container
cpu: "1"
# -- The maximum allowed RAM for the container
memory: "512Mi"
# -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl)
# etc.
# @default -- `Europe/Berlin`
timezone:
# -- Set tolerations for this component
tolerations:
# -- select specific nodes for this component
nodeSelector:
# -- Sets the name of a secret, which holds additional environment variables for
# the configuration. It is added as envFrom secretRef to the container.
envSecret:
# -- Sets the name of a configMap, which holds additional environment variables for
# the configuration. It is added as envFrom configMap to the container.
envMap:
# -- Sets additional environment variables for
# the configuration.
env:
# -- This overrides the output of the internal name function
nameOverride:
# -- This overrides the output of the internal fullname function
fullnameOverride:
utils:
# -- Turn debugging *on* will give you stack trace etc.
# Please check out the Chart Developer Guide
# @default -- `false`
debug:
# -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It
# will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD
# @default -- `true`
renderComments:
# -- By default, the namespace is rendered into the manifest. However, if you want to use
# `helm template` and store manifests for later applying them to multiple namespaces, you might
# want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later
# @default -- `true`
includeNamespace:
# -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the
# pods will start in idle, not starting the service at all. This will allow you to gain access to the container
# to perform recovery and maintenance tasks while having the real container up.
# @default -- `false`
maintenance:
# -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components
# of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components
# while previous waves are not finished yet.
# @default -- `false`
disableWave:
# -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are
# only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might
# start components even if they are not intended to run yet.
# @default -- `false`
disableWait:
service:
# -- enables the service to be consumed by group components and a potential ingress
# Disabling the service also disables the ingress.
enabled: true
# -- The selector can be `component` or `type`
# *component* selects only pods that are in the replicaset.
# *type* selects any pod that has the given type
selector: "component"
# -- adds extra Annotations to the service
annotations:
# -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as
# minAvailable, using the component type as selector. This is useful for components, that are spread
# across multiple replicaSets, like sharepoint or storage layer
minReplicaCountType:
# -- Settings for telemetry tools
telemetry:
# -- turns Open Telemetry on
openTelemetry:
# -- Sets the service name for the telemetry service to more convenient
# identify the displayed component
# Example: "{{ .this.meta.type }}-{{ .instance.name }}"
serviceName:
# -- Sets the terminationGracePeriodSeconds for the component
# If not set, it uses the Kubernetes defaults
terminationGracePeriodSeconds:
Reference in New Issue Copy Permalink