407 lines
19 KiB
YAML
407 lines
19 KiB
YAML
|
# yaml-language-server: $schema=values.schema.json
|
||
|
|
# -- Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)
|
||
|
|
ingress:
|
||
|
|
# -- You can toggle the ingress on wether you'd like this component
|
||
|
|
# to be reachable through an ingress or not.
|
||
|
|
enabled: false
|
||
|
|
# -- Overrides the default backend protocol. The default is http,
|
||
|
|
# unless in zeroTrust Mode, then it is switched to https automatically.
|
||
|
|
# @default -- `http` <br> `https` in zero trust mode
|
||
|
|
backendProtocol:
|
||
|
|
# -- defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason
|
||
|
|
# Example: `/nscalealinst1(/\|$)(.*)`
|
||
|
|
# @internal -- This is an alpha feature - do not use it.
|
||
|
|
inputPath:
|
||
|
|
# -- defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason
|
||
|
|
# Example: `/nscalealinst1/$2`
|
||
|
|
# @internal -- This is an alpha feature - do not use it.
|
||
|
|
rewriteTarget:
|
||
|
|
# -- deny is used to exclude specific paths from public access, such as
|
||
|
|
# administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is
|
||
|
|
# the burlap protocol. The configuration service is the endpoint used by
|
||
|
|
# the Admin client.
|
||
|
|
deny:
|
||
|
|
# -- on component level, set cookie affinity for the ingress
|
||
|
|
# example: `XtConLoadBalancerSession` for nscale Web
|
||
|
|
cookie:
|
||
|
|
# -- Sets the name of the tls secret to be used for this ingress, that contains
|
||
|
|
# the private and public key. These secrets can optionally be provided by the instance
|
||
|
|
# @default -- `{{ .this.ingress.domain }}-tls`
|
||
|
|
secret:
|
||
|
|
# -- Sets the domain to be used. This domain should be provided by the instance globally
|
||
|
|
# for all components, but you are free to override it here
|
||
|
|
domain:
|
||
|
|
# -- The ingressclass to use for this ingress. Most likely, this is provided globally by the
|
||
|
|
# instance, but you are free to override it here if this component should use a different class
|
||
|
|
# e.g. if you have separated ingress controllers, like a public and an internal one
|
||
|
|
# @default -- `public`
|
||
|
|
class:
|
||
|
|
# -- optionally sets a whitelist of ip ranges (CIDR format, comma separated)
|
||
|
|
# from which ingress is allowed. This is an annotation for nginx, so won't work with other
|
||
|
|
# ingress controllers
|
||
|
|
whitelist:
|
||
|
|
# -- Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy
|
||
|
|
# to allow traffic from this namespace to our pods. This may be a comma separated list
|
||
|
|
# @default -- "ingress, kube-system, ingress-nginx"
|
||
|
|
namespace:
|
||
|
|
# -- The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the
|
||
|
|
# most though this is only a constant used in the scripts.
|
||
|
|
contextPath:
|
||
|
|
# -- Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.
|
||
|
|
proxyReadTimeout:
|
||
|
|
# -- Adds extra Annotations to the ingress
|
||
|
|
annotations:
|
||
|
|
# -- Sets the number of replicas in this replicaSet.
|
||
|
|
# Some Components (like nstl or sharepoint) only allow a count of 1.
|
||
|
|
replicaCount: 1
|
||
|
|
# -- the update Strategy for this component. Normally, you can update all components
|
||
|
|
# rolling, except for nappl, where you need to follow the documented update procedures.
|
||
|
|
updateStrategy:
|
||
|
|
# -- Security Section defining default runtime environment for your container
|
||
|
|
security:
|
||
|
|
podSecurityContext:
|
||
|
|
# -- The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context
|
||
|
|
# for security
|
||
|
|
# @internal -- there is normally no need to change this
|
||
|
|
runAsUser: 1001
|
||
|
|
# -- The file system group as which new files are created
|
||
|
|
# @internal -- there is normally no need to change this
|
||
|
|
fsGroup: 1001
|
||
|
|
# -- Under which condition should the fsGroup be changed
|
||
|
|
# @internal -- there is normally no need to change this
|
||
|
|
fsGroupChangePolicy: OnRootMismatch
|
||
|
|
containerSecurityContext:
|
||
|
|
# -- sets the container root file system to read only. This should be the case in production environment
|
||
|
|
# @internal -- you should not change this
|
||
|
|
readOnlyRootFilesystem: true
|
||
|
|
# -- Some functionality may need the possibility to allow privilege escalation. This should be very restrictive
|
||
|
|
# @internal -- you should not change this
|
||
|
|
allowPrivilegeEscalation: false
|
||
|
|
# -- Capabilities this container should have. Only allow the necessity, and drop as many as possible
|
||
|
|
# @internal -- you should not change this
|
||
|
|
capabilities:
|
||
|
|
drop:
|
||
|
|
- ALL
|
||
|
|
# -- turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes
|
||
|
|
# @default -- `false`
|
||
|
|
zeroTrust:
|
||
|
|
# # <id>:
|
||
|
|
# # path: <the path in the container, where you want to mount this>
|
||
|
|
# # volumeName: <the name of the PV to be mounted>
|
||
|
|
# # subPath: <an (optional) subpath to be used inside the PV>
|
||
|
|
|
||
|
|
mounts:
|
||
|
|
# -- The temp volume is used to hold any superflues and temporary data.
|
||
|
|
# it is deleted when the pod terminates. However, it is extremely important
|
||
|
|
# as all pods filesystems are read only
|
||
|
|
temp:
|
||
|
|
# -- Sets the path to the temporary files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path:
|
||
|
|
# -- Sets a list of paths to the temporary files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
paths:
|
||
|
|
- /tmp
|
||
|
|
# -- Sets the size of the temporary disk (all paths)
|
||
|
|
size: "10Gi"
|
||
|
|
# -- The conf volume is a RWX volume mounted by the environment, that holds
|
||
|
|
# all configurations of all instances and components in this environment
|
||
|
|
conf:
|
||
|
|
# -- Sets the path to the conf files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path: /opt/ceyoniq/nscale-rendition-server/conf
|
||
|
|
# -- Sets a list of paths to the conf files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
paths:
|
||
|
|
# -- The log volume is used to take any left-over logging in the container.
|
||
|
|
# The container should log to stdout, but if any component still tries to log to disk
|
||
|
|
# this disk needs to be writeable
|
||
|
|
logs:
|
||
|
|
# -- Sets the path to the log files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path: /opt/ceyoniq/nscale-rendition-server/logs
|
||
|
|
# -- Sets a list of paths to the log files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
paths:
|
||
|
|
# -- Sets the size of the log disk (all paths)
|
||
|
|
size: "5Gi"
|
||
|
|
# -- some nscale Components require a license file and this
|
||
|
|
# defines it's location
|
||
|
|
license:
|
||
|
|
# -- Sets the path to the license files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path: /opt/ceyoniq/nscale-rendition-server/conf/license.xml
|
||
|
|
# -- If you want to use additional
|
||
|
|
# fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the
|
||
|
|
# fonts directory from the environment pool
|
||
|
|
fonts:
|
||
|
|
# -- Sets the path to the fonts folder.
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path: /usr/share/fonts/truetype/nplus
|
||
|
|
# -- You can add a file with trusted Root Certificates (e.g. Azure), to be able to
|
||
|
|
# connect to alien services via https. If you have a self-signed root certificate,
|
||
|
|
# you can also add it here.
|
||
|
|
caCerts:
|
||
|
|
# -- Sets the path to the certs folder.
|
||
|
|
# @internal -- do not change this value
|
||
|
|
paths:
|
||
|
|
# -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
|
||
|
|
secret:
|
||
|
|
# -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
|
||
|
|
configMap:
|
||
|
|
# -- the java based nscale components have their own certificates, that you might want to upload.
|
||
|
|
# You can normally do so via the environment configuration, but should you want to use a secret,
|
||
|
|
# you can set it here
|
||
|
|
componentCerts:
|
||
|
|
# -- Sets the path to the component certs.
|
||
|
|
# @internal -- do not change this value
|
||
|
|
paths:
|
||
|
|
# -- Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting
|
||
|
|
secret:
|
||
|
|
# -- Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting
|
||
|
|
configMap:
|
||
|
|
file:
|
||
|
|
# -- Sets the size of the shared disk
|
||
|
|
size: "10Gi"
|
||
|
|
# -- Sets a list of paths to the shared files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
paths:
|
||
|
|
- /opt/ceyoniq/nscale-rendition-server/work
|
||
|
|
# -- If you do not want to have a Volume created by the provisioner,
|
||
|
|
# you can set the name of your volume here to attach to this pre-existing one
|
||
|
|
volumeName:
|
||
|
|
# -- Sets the class of the shared disk
|
||
|
|
class:
|
||
|
|
# -- Sets the path to the shared files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path:
|
||
|
|
data:
|
||
|
|
# -- If you do not want to have a Volume created by the provisioner,
|
||
|
|
# you can set the name of your volume here to attach to this pre-existing one
|
||
|
|
volumeName:
|
||
|
|
# -- Sets the size of the data disk
|
||
|
|
size:
|
||
|
|
# -- Sets the class of the data disk
|
||
|
|
class:
|
||
|
|
# -- Sets the path to the data files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path:
|
||
|
|
# -- Sets a list of paths to the data files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
paths:
|
||
|
|
pool:
|
||
|
|
# -- Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted.
|
||
|
|
# this is used to store scripts, apps and assets that are required to deploy an application / solution
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path:
|
||
|
|
# -- The temp volume is used to hold any superflues and temporary data.
|
||
|
|
# it is deleted when the pod terminates. However, it is extremely important
|
||
|
|
# as all pods filesystems are read only
|
||
|
|
ptemp:
|
||
|
|
# -- Sets the path for temporary files that are persisted
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path:
|
||
|
|
# -- Sets a list of paths for temporary files that are persisted
|
||
|
|
# @internal -- do not change this value
|
||
|
|
paths:
|
||
|
|
# -- Allows to define generic mounts of pre-provisioned PVs into any container.
|
||
|
|
# This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.
|
||
|
|
generic:
|
||
|
|
disk:
|
||
|
|
# -- Sets the size of the disk
|
||
|
|
size:
|
||
|
|
# -- Sets the class of the disk
|
||
|
|
class:
|
||
|
|
# -- Sets the path to the disk files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
path:
|
||
|
|
# -- Sets a list of paths to the data files
|
||
|
|
# @internal -- do not change this value
|
||
|
|
paths:
|
||
|
|
# -- If you do not want to have a Volume created by the provisioner,
|
||
|
|
# you can set the name of your volume here to attach to this pre-existing one
|
||
|
|
volumeName:
|
||
|
|
# -- enables the use of the second data disk. If enabled, all paths defined will end up on this disk.
|
||
|
|
# In case of the (default) disabled, the paths will be added to the primaty data disk.
|
||
|
|
enabled: false
|
||
|
|
# -- Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk.
|
||
|
|
# This is done only once and only if there is legacy data at all. No files are overwritten!
|
||
|
|
migration: false
|
||
|
|
# -- Options for the Java VM
|
||
|
|
javaOpts:
|
||
|
|
# -- set the percentage of RAM, Java will use of the total.
|
||
|
|
# The total amount is the amount installed in the K8s Cluster Node,
|
||
|
|
# OR the Memory Limit set (see resources), if any.
|
||
|
|
javaMaxRamPercentage:
|
||
|
|
# -- set the minimum memory, java will consume
|
||
|
|
javaMinMem:
|
||
|
|
# -- set the maximum memory, java will consume.
|
||
|
|
# Attention: This is NOT the real maximum and it does not include any non Java memory.
|
||
|
|
# Please read google, as this is highly discussed
|
||
|
|
javaMaxMem:
|
||
|
|
# -- Any misc Java Options that need to be passed to the container
|
||
|
|
javaMisc:
|
||
|
|
# -- provide the image to be used for this component
|
||
|
|
image:
|
||
|
|
# -- you can provide your own pullSecrets, in case you use
|
||
|
|
# a private repo.
|
||
|
|
pullSecrets:
|
||
|
|
- nscale-cr
|
||
|
|
- nplus-cr
|
||
|
|
# -- the name of the image to use
|
||
|
|
name: rendition-server
|
||
|
|
# -- the tag of the image to use
|
||
|
|
tag: latest
|
||
|
|
# -- if you use a private repo, feel free to set it here
|
||
|
|
repo: ceyoniq.azurecr.io/release/nscale
|
||
|
|
# -- set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl)
|
||
|
|
# etc.
|
||
|
|
# @default -- `Europe/Berlin`
|
||
|
|
timezone:
|
||
|
|
# -- defines internal constants for nplus.
|
||
|
|
# do not change these values
|
||
|
|
meta:
|
||
|
|
# -- the type of the component. You should not change this value, except if
|
||
|
|
# you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner*
|
||
|
|
# This type is used to create cluster communication for nappl and nstl and potentially
|
||
|
|
# group multiple replicaSets into one service.
|
||
|
|
type: rs
|
||
|
|
# -- lists the ports this component exposes. This is important for zero trust mode and others.
|
||
|
|
ports:
|
||
|
|
# -- The http port this component uses (if any). In zero trust mode, this will be disabled.
|
||
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
||
|
|
http: 8192
|
||
|
|
# -- The tls / https port, this component uses (if any)
|
||
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
||
|
|
https: 8193
|
||
|
|
# -- A potential tcp port, this component uses (if any)
|
||
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
||
|
|
tcp:
|
||
|
|
# -- A potential rmi port, this component uses (if any)
|
||
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
||
|
|
rmi:
|
||
|
|
# -- A potential tls / tcps port, this component uses (if any)
|
||
|
|
# @internal -- this is a constant value of the component and should not be changed.
|
||
|
|
tcps:
|
||
|
|
# -- sets tenant information to be able to invoice per use in a cloud environment
|
||
|
|
tenant:
|
||
|
|
# -- sets provider (partner, reseller) information to be able to invoice per use in a cloud environment
|
||
|
|
provider:
|
||
|
|
# -- Sets the wave in which this component should be deployed within an ArgoCD deployment
|
||
|
|
# if unset, it uses the default wave thus all components are installed in one wave, then relying
|
||
|
|
# on correct wait settings just like in a helm installation
|
||
|
|
wave:
|
||
|
|
# -- Sets the language of the main service (in the *service* container). This is used for instance
|
||
|
|
# if you turn OpenTelemetry on, to know which Agent to inject into the container.
|
||
|
|
language: java
|
||
|
|
# -- The container name of the main service for this component. This is used to define where to
|
||
|
|
# inject the telemetry agents, if any
|
||
|
|
serviceContainer: rendition-server
|
||
|
|
# -- A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment
|
||
|
|
# runs in. This can be used in template functions to add the stage to for instance the service name of
|
||
|
|
# telemetry services like open telemetry. (see telemetry example)
|
||
|
|
stage:
|
||
|
|
# -- This is the version of the component, used for display
|
||
|
|
# @internal -- set by devOps pipeline, so do not modify
|
||
|
|
componentVersion:
|
||
|
|
# -- Set tolerations for this component
|
||
|
|
tolerations:
|
||
|
|
# -- select specific nodes for this component
|
||
|
|
nodeSelector:
|
||
|
|
# -- Sets the name of a secret, which holds additional environment variables for
|
||
|
|
# the configuration. It is added as envFrom secretRef to the container.
|
||
|
|
envSecret:
|
||
|
|
# -- Sets the name of a configMap, which holds additional environment variables for
|
||
|
|
# the configuration. It is added as envFrom configMap to the container.
|
||
|
|
envMap:
|
||
|
|
# -- Sets additional environment variables for
|
||
|
|
# the configuration.
|
||
|
|
env:
|
||
|
|
# -- Assigns hardware resources to container
|
||
|
|
resources:
|
||
|
|
# -- Requests are used to assign a minimum to a container. This is the guaranteed amount
|
||
|
|
requests:
|
||
|
|
# -- Set the share of guaranteed CPU to the container.
|
||
|
|
cpu:
|
||
|
|
# -- Set the share of guaranteed RAM to the container
|
||
|
|
memory:
|
||
|
|
# -- Limits the maximum resources
|
||
|
|
limits:
|
||
|
|
# -- The maximum allowed CPU for the container
|
||
|
|
cpu:
|
||
|
|
# -- The maximum allowed RAM for the container
|
||
|
|
memory:
|
||
|
|
# -- This overrides the output of the internal name function
|
||
|
|
nameOverride:
|
||
|
|
# -- This overrides the output of the internal fullname function
|
||
|
|
fullnameOverride:
|
||
|
|
utils:
|
||
|
|
# -- Turn debugging *on* will give you stack trace etc.
|
||
|
|
# Please check out the Chart Developer Guide
|
||
|
|
# @default -- `false`
|
||
|
|
debug:
|
||
|
|
# -- You can turn Comment rendering *on* to get descriptive information inside the manifests. It
|
||
|
|
# will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD
|
||
|
|
# @default -- `true`
|
||
|
|
renderComments:
|
||
|
|
# -- By default, the namespace is rendered into the manifest. However, if you want to use
|
||
|
|
# `helm template` and store manifests for later applying them to multiple namespaces, you might
|
||
|
|
# want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later
|
||
|
|
# @default -- `true`
|
||
|
|
includeNamespace:
|
||
|
|
# -- in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the
|
||
|
|
# pods will start in idle, not starting the service at all. This will allow you to gain access to the container
|
||
|
|
# to perform recovery and maintenance tasks while having the real container up.
|
||
|
|
# @default -- `false`
|
||
|
|
maintenance:
|
||
|
|
# -- If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components
|
||
|
|
# of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components
|
||
|
|
# while previous waves are not finished yet.
|
||
|
|
# @default -- `false`
|
||
|
|
disableWave:
|
||
|
|
# -- in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are
|
||
|
|
# only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might
|
||
|
|
# start components even if they are not intended to run yet.
|
||
|
|
# @default -- `false`
|
||
|
|
disableWait:
|
||
|
|
service:
|
||
|
|
# -- enables the service to be consumed by group components and a potential ingress
|
||
|
|
# Disabling the service also disables the ingress.
|
||
|
|
enabled: true
|
||
|
|
# -- The selector can be `component` or `type`
|
||
|
|
# *component* selects only pods that are in the replicaset.
|
||
|
|
# *type* selects any pod that has the given type
|
||
|
|
selector: "component"
|
||
|
|
# -- adds extra Annotations to the service
|
||
|
|
annotations:
|
||
|
|
# -- Defines a list of conditions that need to be met before this components starts.
|
||
|
|
# The condition must be a network port that opens, when the master component is ready.
|
||
|
|
# Mostly, this will be a service, since a component is only added to a service if the
|
||
|
|
# probes succeed.
|
||
|
|
waitFor:
|
||
|
|
# -- if you set minReplicaCount, a podDesruptionBudget will be created with this value as
|
||
|
|
# minAvailable, using the full component as selector. This is useful for components, that are
|
||
|
|
# using multiple replicas.
|
||
|
|
minReplicaCount:
|
||
|
|
# -- if you set minReplicaCountType, a podDesruptionBudget will be created with this value as
|
||
|
|
# minAvailable, using the component type as selector. This is useful for components, that are spread
|
||
|
|
# across multiple replicaSets, like sharepoint or storage layer
|
||
|
|
minReplicaCountType:
|
||
|
|
# -- provide extra settings for pod templates
|
||
|
|
template:
|
||
|
|
# -- set additional annotations for pods
|
||
|
|
annotations:
|
||
|
|
# -- set additional labels for pods
|
||
|
|
labels:
|
||
|
|
# -- Settings for telemetry tools
|
||
|
|
telemetry:
|
||
|
|
# -- turns Open Telemetry on
|
||
|
|
openTelemetry:
|
||
|
|
# -- Sets the service name for the telemetry service to more convenient
|
||
|
|
# identify the displayed component
|
||
|
|
# Example: "{{ .this.meta.type }}-{{ .instance.name }}"
|
||
|
|
serviceName:
|
||
|
|
# -- Sets the terminationGracePeriodSeconds for the component
|
||
|
|
# If not set, it uses the Kubernetes defaults
|
||
|
|
terminationGracePeriodSeconds:
|