public/nplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
0bd2038c86a6dee3270856c2c1e2dc6a9c6cdee9
nplus/charts/nstl/values.yaml

422 lines
19 KiB
YAML
Raw Normal View History

Public Information
2025-01-24 16:18:47 +01:00
# yaml-language-server: $schema=values.schema.json
# -- Security Section defining default runtime environment for your container
security:
podSecurityContext:
# -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context
# for security
# @internal -- there is normally no need to change this
runAsUser: 1001
# -- The file system group as which new files are created
# @internal -- there is normally no need to change this
fsGroup: 1001
# -- Under which condition should the fsGroup be changed
# @internal -- there is normally no need to change this
fsGroupChangePolicy: OnRootMismatch
runAsNonRoot: true
containerSecurityContext:
# -- sets the container root file system to read only. This should be the case in production environment
# @internal -- you should not change this
readOnlyRootFilesystem: true
# -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive
# @internal -- you should not change this
allowPrivilegeEscalation: false
# -- Capabilities this container should have. Only allow the necessity, and drop as many as possible
# @internal -- you should not change this
capabilities:
drop:
- ALL
cni:
# -- You might want to access storage layer outside the cluster (proxy concept)
# To do so, you can add a specific IP Range here, which is set within the
# network policy.
nstlIpRange:
# -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes
# @default -- `false`
zeroTrust:
mounts:
# -- The temp volume is used to hold any superflues and temporary data.
# it is deleted when the pod terminates. However, it is extremely important
# as all pods filesystems are read only
temp:
# -- Sets the path to the temporary files
# @internal -- do not change this value
path:
# -- Sets a list of paths to the temporary files
# @internal -- do not change this value
paths:
- "/opt/ceyoniq/nscale-server/storage-layer/tmp"
# -- Sets the size of the temporary disk (all paths)
size: "500Mi"
# -- The conf volume is a RWX volume mounted by the environment, that holds
# all configurations of all instances and components in this environment
conf:
# -- Sets the path to the conf files
# @internal -- do not change this value
path: "/opt/ceyoniq/nscale-server/storage-layer/etc"
# -- Sets a list of paths to the conf files
# @internal -- do not change this value
paths:
# -- The log volume is used to take any left-over logging in the container.
# The container should log to stdout, but if any component still tries to log to disk
# this disk needs to be writeable
logs:
# -- Sets the path to the log files
# @internal -- do not change this value
path:
# -- Sets a list of paths to the log files
# @internal -- do not change this value
paths:
# -- Sets the size of the log disk (all paths)
size: "5Gi"
# -- the medium for the emptyDisk volume
# if you unset it, it drops it from the manifest
medium:
# -- some nscale Components require a license file and this
# defines it's location
license:
# -- Sets the path to the license files
# @internal -- do not change this value
path: "/opt/ceyoniq/nscale-server/storage-layer/etc/license.xml"
# -- If you want to use additional
# fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the
# fonts directory from the environment pool
fonts:
# -- Sets the path to the fonts folder.
# @internal -- do not change this value
path:
# -- You can add a file with trusted Root Certificates (e.g. Azure), to be able to
# connect to alien services via https. If you have a self-signed root certificate,
# you can also add it here.
caCerts:
# -- Sets the path to the certs folder.
# @internal -- do not change this value
paths:
- "/opt/ceyoniq/nscale-server/storage-layer/etc/CA.CER"
# -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
secret:
# -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
configMap:
# -- the java based nscale components have their own certificates, that you might want to upload.
# You can normally do so via the environment configuration, but should you want to use a secret,
# you can set it here
componentCerts:
# -- Sets the path to the component certs.
# @internal -- do not change this value
paths:
# -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
secret:
# -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
configMap:
data:
# -- Sets the size of the data disk
size: "50Gi"
# -- Sets the class of the data disk
class:
# -- Sets a list of paths to the data files
# @internal -- do not change this value
paths:
- "/opt/ceyoniq/nscale-server/storage-layer/da"
- "/opt/ceyoniq/nscale-server/storage-layer/hd"
- "/opt/ceyoniq/nscale-server/storage-layer/logsdb"
# -- If you do not want to have a Volume created by the provisioner,
# you can set the name of your volume here to attach to this pre-existing one
volumeName:
# -- Sets the path to the data files
# @internal -- do not change this value
path:
disk:
# -- Sets the size of the disk
size: "50Gi"
# -- Sets the class of the disk
class:
# -- Sets a list of paths to the data files
# @internal -- do not change this value
paths:
- "/opt/ceyoniq/nscale-server/storage-layer/arc"
- "/opt/ceyoniq/nscale-server/storage-layer/ret"
- "/opt/ceyoniq/nscale-server/storage-layer/hid"
# -- If you do not want to have a Volume created by the provisioner,
# you can set the name of your volume here to attach to this pre-existing one
volumeName:
# -- Sets the path to the disk files
# @internal -- do not change this value
path:
# -- enables the use of the second data disk. If enabled, all paths defined will end up on this disk.
# In case of the (default) disabled, the paths will be added to the primaty data disk.
enabled: false
# -- Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk.
# This is done only once and only if there is legacy data at all. No files are overwritten!
migration: false
file:
# -- If you do not want to have a Volume created by the provisioner,
# you can set the name of your volume here to attach to this pre-existing one
volumeName:
# -- Sets the size of the shared disk
size:
# -- Sets the class of the shared disk
class:
# -- Sets the path to the shared files
# @internal -- do not change this value
path:
# -- Sets a list of paths to the shared files
# @internal -- do not change this value
paths:
pool:
# -- Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted.
# this is used to store scripts, apps and assets that are required to deploy an application / solution
# @internal -- do not change this value
path:
# -- The temp volume is used to hold any superflues and temporary data.
# it is deleted when the pod terminates. However, it is extremely important
# as all pods filesystems are read only
ptemp:
# -- Sets the path for temporary files that are persisted
# @internal -- do not change this value
path:
# -- Sets a list of paths for temporary files that are persisted
# @internal -- do not change this value
paths:
- "/opt/ceyoniq/nscale-server/storage-layer/accounting"
- "/opt/ceyoniq/nscale-server/storage-layer/log"
- "/var/crash"
# -- Allows to define generic mounts of pre-provisioned PVs into any container.
# This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.
generic:
# -- provide the image to be used for this component
image:
# -- you can provide your own pullSecrets, in case you use
# a private repo.
pullSecrets:
- nscale-cr
- nplus-cr
# -- the name of the image to use
name: storage-layer
# -- the tag of the image to use
tag: latest
# -- if you use a private repo, feel free to set it here
repo: ceyoniq.azurecr.io/release/nscale
# -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl)
# etc.
# @default -- `Europe/Berlin`
timezone:
meta:
# -- the type of the component. You should not change this value, except if
# you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner*
# This type is used to create cluster communication for nappl and nstl and potentially
# group multiple replicaSets into one service.
type: nstl
# -- lists the ports this component exposes. This is important for zero trust mode and others.
ports:
# -- The http port this component uses (if any). In zero trust mode, this will be disabled.
# @internal -- this is a constant value of the component and should not be changed.
http:
# -- The tls / https port, this component uses (if any)
# @internal -- this is a constant value of the component and should not be changed.
https:
# -- A potential tcp port, this component uses (if any)
# @internal -- this is a constant value of the component and should not be changed.
tcp: 3005
# -- A potential tls / tcps port, this component uses (if any)
# @internal -- this is a constant value of the component and should not be changed.
tcps: 3006
# -- A potential rmi port, this component uses (if any)
# @internal -- this is a constant value of the component and should not be changed.
rmi:
# -- sets tenant information to be able to invoice per use in a cloud environment
tenant:
# -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment
provider:
# -- Sets the wave in which this component should be deployed within an ArgoCD deployment
# if unset, it uses the default wave thus all components are installed in one wave, then relying
# on correct wait settings just like in a helm installation
wave:
# -- Sets the language of the main service (in the *service* container). This is used for instance
# if you turn OpenTelemetry on, to know which Agent to inject into the container.
language: cpp
# -- The container name of the main service for this component. This is used to define where to
# inject the telemetry agents, if any
serviceContainer: storage-layer
# -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment
# runs in. This can be used in template functions to add the stage to for instance the service name of
# telemetry services like open telemetry. (see telemetry example)
stage:
# -- This is the version of the component, used for display
# @internal -- set by devOps pipeline, so do not modify
componentVersion:
# -- Set tolerations for this component
tolerations:
# -- select specific nodes for this component
nodeSelector:
# -- the replicaCount for the Storage Layer. This does not make sense, so
# leave this at 1 at any time, unless you know exactly what you are doing.
# @ignore
replicaCount: 1
# -- ingress settings.
# however, the nstl does not use http, so a layer 7 LB
# does not make any sense.
# @ignore
ingress:
# -- enables ingress on this component
# do not change this!
# @ignore
enabled: false
# -- enables checking the highest DocID when starting the server.
# this only makes sense, if you also set a separate volume for the highest ID
# This is a backup / restore feature to avoid data mangling
checkHighestDocId:
# -- sets the path of the highest ID file.
dvCheckPath:
# -- Sets the name of a secret, which holds additional environment variables for
# the configuration. It is added as envFrom secretRef to the container.
envSecret:
# -- Sets the name of a configMap, which holds additional environment variables for
# the configuration. It is added as envFrom configMap to the container.
envMap:
# -- Sets additional environment variables for
# the configuration.
env:
# -- Assigns hardware resources to container
resources:
# -- Requests are used to assign a minimum to a container. This is the guaranteed amount
requests:
# -- Set the share of guaranteed CPU to the container.
cpu:
# -- Set the share of guaranteed RAM to the container
memory:
# -- Limits the maximum resources
limits:
# -- The maximum allowed CPU for the container
cpu:
# -- The maximum allowed RAM for the container
memory:
# -- sets and enables / disables the accounting function.
# If enabled, it writes the csv files to *ptemp* (`<instance>/<component>/accounting`)
# The internal path is set to `/opt/ceyoniq/nscale-server/storage-layer/accounting` by `mounts.ptemp.paths`
accounting:
# -- This overrides the output of the internal name function
nameOverride:
# -- This overrides the output of the internal fullname function
fullnameOverride:
utils:
# -- Turn debugging *on* will give you stack trace etc.
# Please check out the Chart Developer Guide
# @default -- `false`
debug:
# -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It
# will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD
# @default -- `true`
renderComments:
# -- By default, the namespace is rendered into the manifest. However, if you want to use
# `helm template` and store manifests for later applying them to multiple namespaces, you might
# want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later
# @default -- `true`
includeNamespace:
# -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the
# pods will start in idle, not starting the service at all. This will allow you to gain access to the container
# to perform recovery and maintenance tasks while having the real container up.
# @default -- `false`
maintenance:
# -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components
# of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components
# while previous waves are not finished yet.
# @default -- `false`
disableWave:
# -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are
# only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might
# start components even if they are not intended to run yet.
# @default -- `false`
disableWait:
logForwarder:
service:
# -- enables the service to be consumed by group components and a potential ingress
# Disabling the service also disables the ingress.
enabled: true
# -- The selector can be `component` or `type`
# *component* selects only pods that are in the replicaset.
# *type* selects any pod that has the given type
selector: "component"
# -- adds extra Annotations to the service
annotations:
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# # <id>:
# # path: <the path in the container, where you want to mount this>
# # volumeName: <the name of the PV to be mounted>
# # subPath: <an (optional) subpath to be used inside the PV>
# -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as
# minAvailable, using the component type as selector. This is useful for components, that are spread
# across multiple replicaSets, like sharepoint or storage layer
minReplicaCountType:
# -- provide extra settings for pod templates
template:
# -- set additional annotations for pods
annotations:
# -- set additional labels for pods
labels:
# -- Settings for telemetry tools
telemetry:
# -- turns Open Telemetry on
openTelemetry:
# -- Sets the service name for the telemetry service to more convenient
# identify the displayed component
# Example: "{{ .this.meta.type }}-{{ .instance.name }}"
serviceName:
# -- Sets the terminationGracePeriodSeconds for the component
# If not set, it uses the Kubernetes defaults
terminationGracePeriodSeconds:
Reference in New Issue Copy Permalink