Public Information
This commit is contained in:
3
ai/README.md
Normal file
3
ai/README.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# Ingest Formats
|
||||
|
||||
This directory contains the *nplus* documentation in formats, easily digestible for AI LLMs.
|
||||
4
ai/jsonl/README.md
Normal file
4
ai/jsonl/README.md
Normal file
@@ -0,0 +1,4 @@
|
||||
# Documentation in jsonl format
|
||||
|
||||
This directory contains the *nplus* documentation in an jsonl format to be injested into LLMs. This idea is to be able to create a support assistent, who can help with
|
||||
the *nplus* chart configuration.
|
||||
137
ai/jsonl/chart_administrator.jsonl
Normal file
137
ai/jsonl/chart_administrator.jsonl
Normal file
@@ -0,0 +1,137 @@
|
||||
{ "chart_name": "nplus-component-administrator", "chart_version": "1.2.1500-169", "chart_description": "nscale Administrator, providing the Web Version of the Administrator to be used in the Instance" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
116
ai/jsonl/chart_application.jsonl
Normal file
116
ai/jsonl/chart_application.jsonl
Normal file
@@ -0,0 +1,116 @@
|
||||
{ "chart_name": "nplus-application", "chart_version": "1.2.1500-169", "chart_description": "nplus Application, used to install Apps and Customizations into the nscale Application Layer." }
|
||||
{ "key": "docAreas", "description": "Provide a list of docareas to create. Please also see the example files", "default": "" }
|
||||
{ "key": "download", "description": "A list of URLs (Links) to Assets to download before anything else if the download is a .tar.gz, it is automatically untared to /pool/downloads", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "nstl.host", "description": "The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration", "default": "" }
|
||||
{ "key": "prerun", "description": "A list of scripts to run before the deployment of Apps", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "rs.host", "description": "The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration", "default": "" }
|
||||
{ "key": "run", "description": "A list of scripts to run after the deployment of Apps", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
140
ai/jsonl/chart_cmis.jsonl
Normal file
140
ai/jsonl/chart_cmis.jsonl
Normal file
@@ -0,0 +1,140 @@
|
||||
{ "chart_name": "nplus-component-cmis", "chart_version": "1.2.1500-169", "chart_description": "nscale CMIS Connector, provides a CMIS Interface to the Instance" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
117
ai/jsonl/chart_database.jsonl
Normal file
117
ai/jsonl/chart_database.jsonl
Normal file
@@ -0,0 +1,117 @@
|
||||
{ "chart_name": "nplus-component-database", "chart_version": "1.2.1500-169", "chart_description": "Postgres Database, deploys a DEV or TESTING environment DB" }
|
||||
{ "key": "database.account", "description": "the technical account to own the nscale database, if not set by secret", "default": "" }
|
||||
{ "key": "database.name", "description": "name of the nscale database", "default": "" }
|
||||
{ "key": "database.password", "description": "password of the technical account, if not set by secret", "default": "" }
|
||||
{ "key": "database.secret", "description": "the secret with credentials (account, password) for the nscale technical account. This setting has priority over account and password", "default": "" }
|
||||
{ "key": "dbAdmin.account", "description": "the database admin account, if not set by secret", "default": "" }
|
||||
{ "key": "dbAdmin.password", "description": "the database admin password, if not set by secret", "default": "" }
|
||||
{ "key": "dbAdmin.secret", "description": "the secret with credentials (account, password) for the database admin account. This setting has priority over adminAccount and adminPassword", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "priority", "description": "You can give a component a specific priorityClass to implement a quality of service. You can leave this empty, then no priority is set. If you set a class, this class is taken If you additionally enable create, the class is created for you with the value defined.", "default": "" }
|
||||
{ "key": "priority.className", "description": "Set the priority class for the Application Layer deployment if desired", "default": "" }
|
||||
{ "key": "priority.createClass", "description": "Creates an individual PriorityClass for this instance", "default": "" }
|
||||
{ "key": "priority.value", "description": "Sets the priorityValue", "default": "1000000" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
|
||||
139
ai/jsonl/chart_dmsapi.jsonl
Normal file
139
ai/jsonl/chart_dmsapi.jsonl
Normal file
@@ -0,0 +1,139 @@
|
||||
{ "chart_name": "eon-dms-api", "chart_version": "1.2.1500-169", "chart_description": "eon DMS-API provides a eon Standard Interface to the Instance" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
41
ai/jsonl/chart_envbackend.jsonl
Normal file
41
ai/jsonl/chart_envbackend.jsonl
Normal file
@@ -0,0 +1,41 @@
|
||||
{ "chart_name": "nplus-environment-backend", "chart_version": "1.2.1500-169", "chart_description": "Installs Namespace-Wide Resources such as the conf PVC and the ptemp PVC" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "storage.conf.name", "description": "this is the name of the common config storage. please see section \"Storage\" for more information", "default": "" }
|
||||
{ "key": "storage.conf.size", "description": "this is the size of the common config storage. please see section \"Storage\" for more information", "default": "" }
|
||||
{ "key": "storage.conf.volumeName", "description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner", "default": "" }
|
||||
{ "key": "storage.ptemp.name", "description": "this is the name of the common persistant temp storage. please see section \"Storage\" for more information", "default": "" }
|
||||
{ "key": "storage.ptemp.size", "description": "this is the size of the common ptemp storage. please see section \"Storage\" for more information", "default": "" }
|
||||
{ "key": "storage.ptemp.volumeName", "description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
|
||||
79
ai/jsonl/chart_envdav.jsonl
Normal file
79
ai/jsonl/chart_envdav.jsonl
Normal file
@@ -0,0 +1,79 @@
|
||||
{ "chart_name": "nplus-environment-dav", "chart_version": "1.2.1500-169", "chart_description": "Provides WebDAV access to environment resources such as the conf PVC and the ptemp PVC" }
|
||||
{ "key": "account", "description": "the dav user", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "password", "description": "password of the dav user", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "secret", "description": "Alternatively, define a secret", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
|
||||
13
ai/jsonl/chart_environment.jsonl
Normal file
13
ai/jsonl/chart_environment.jsonl
Normal file
@@ -0,0 +1,13 @@
|
||||
{ "chart_name": "nplus-environment", "chart_version": "1.2.1500-169", "chart_description": "Installs Namespace-Wide Resources such as the conf PVC, the toolbox and the nplus monitoring service" }
|
||||
{ "key": "components.dav", "description": "Enables WebDAV access to conf and ptemp", "default": "" }
|
||||
{ "key": "components.prepper", "description": "enables an optional prepper that you can use to deploy fonts, scripts etc. during environment setup", "default": "" }
|
||||
{ "key": "components.toolbox", "description": "enables the toolbox", "default": "" }
|
||||
{ "key": "environmentNameOverride", "description": "If you want to override the name of the Environment for display purposes, do it here.", "default": "" }
|
||||
{ "key": "global.environment.storage.conf.name", "description": "this is the name of the common config storage. please see section \"Storage\" for more information", "default": "" }
|
||||
{ "key": "global.environment.storage.conf.size", "description": "this is the size of the common config storage. please see section \"Storage\" for more information", "default": "" }
|
||||
{ "key": "global.environment.storage.conf.volumeName", "description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner", "default": "" }
|
||||
{ "key": "global.environment.storage.ptemp.name", "description": "this is the name of the common persistant temp storage. please see section \"Storage\" for more information", "default": "" }
|
||||
{ "key": "global.environment.storage.ptemp.size", "description": "this is the size of the common ptemp storage. please see section \"Storage\" for more information", "default": "" }
|
||||
{ "key": "global.environment.storage.ptemp.volumeName", "description": "you can set the volumeName to the value of a pre-existing volume to avoid having the PV created for you by the csi driver provisioner", "default": "" }
|
||||
{ "key": "global.meta.isEnvironment", "description": "specifies that this is deployment is part of an Environment. Used to determine the correct name of the deployment @internal -- Do not change", "default": "" }
|
||||
|
||||
74
ai/jsonl/chart_envoperator.jsonl
Normal file
74
ai/jsonl/chart_envoperator.jsonl
Normal file
@@ -0,0 +1,74 @@
|
||||
{ "chart_name": "nplus-environment-operator", "chart_version": "1.2.1500-169", "chart_description": "Installs the nplus operator managin the custom resource definitions for nplus and nscale" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "ui", "description": "Enables the web ui, default under /monitoring", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
|
||||
58
ai/jsonl/chart_envtoolbox.jsonl
Normal file
58
ai/jsonl/chart_envtoolbox.jsonl
Normal file
@@ -0,0 +1,58 @@
|
||||
{ "chart_name": "nplus-environment-toolbox", "chart_version": "1.2.1500-169", "chart_description": "Installs the environment toolbox with git and nstore downloader installed, also serving as target for pool copy actions in the pipeline" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "nstoreDownloader.enabled", "description": "enables the nstore downloader", "default": "" }
|
||||
{ "key": "nstoreDownloader.nstore", "description": "set the nstore URL", "default": "`https://nstore.ceyoniq.com...`" }
|
||||
{ "key": "nstoreDownloader.target", "description": "target directory in the conf pv", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
|
||||
157
ai/jsonl/chart_erpcmis.jsonl
Normal file
157
ai/jsonl/chart_erpcmis.jsonl
Normal file
@@ -0,0 +1,157 @@
|
||||
{ "chart_name": "nplus-component-erpcmis", "chart_version": "1.2.1500-169", "chart_description": "nscale ERP CMIS, providing SAP S/4 HANA Public Cloud Archive Access" }
|
||||
{ "key": "alien.doAppend", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.port", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.server", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.ssl", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.url", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.useSign", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "migration.checkDocuments", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.checkIgnoreTime", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.delay", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.doListMigration", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.enabled", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.fileDelimiter", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.viaFileSystem", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "sign.authID", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sign.keyAlias", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sign.keyPassword", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
{ "key": "xsap.useSign", "description": "Documentation pending until official release of the erp cmis image by *Ceyoniq*", "default": "" }
|
||||
|
||||
158
ai/jsonl/chart_erpproxy.jsonl
Normal file
158
ai/jsonl/chart_erpproxy.jsonl
Normal file
@@ -0,0 +1,158 @@
|
||||
{ "chart_name": "nplus-component-erpproxy", "chart_version": "1.2.1500-169", "chart_description": "nscale ERP Proxy, providing SAP Archive Link access to alien Archive Components" }
|
||||
{ "key": "alien.doAppend", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.port", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.server", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.ssl", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.url", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "alien.useSign", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "migration.checkDocuments", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.checkIgnoreTime", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.delay", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.doListMigration", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.enabled", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.fileDelimiter", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "migration.viaFileSystem", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "sign.authID", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sign.keyAlias", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sign.keyPassword", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
{ "key": "xsap.url", "description": "xsap url to use.", "default": "" }
|
||||
{ "key": "xsap.useSign", "description": "Documentation pending until official release of the erp proxy image by *Ceyoniq*", "default": "" }
|
||||
|
||||
140
ai/jsonl/chart_ilm.jsonl
Normal file
140
ai/jsonl/chart_ilm.jsonl
Normal file
@@ -0,0 +1,140 @@
|
||||
{ "chart_name": "nplus-component-ilm", "chart_version": "1.2.1500-169", "chart_description": "nscale ILM Connector, providing a certified SAP ILM interface" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
11
ai/jsonl/chart_instance-argo.jsonl
Normal file
11
ai/jsonl/chart_instance-argo.jsonl
Normal file
@@ -0,0 +1,11 @@
|
||||
{ "chart_name": "nplus-instance-argo", "chart_version": "1.2.1500-169", "chart_description": "nplus Instance ArgoCD Edition, supporting the deployment of npus Instances through ArgoCD" }
|
||||
{ "key": "argocd.chart", "description": "The name of the chart to use for the instance", "default": "" }
|
||||
{ "key": "argocd.destinationNamespace", "description": "ArgoCD can deploy to any Namespace on the destination Server. You have to specify it. Default is the release namespace", "default": "" }
|
||||
{ "key": "argocd.destinationServer", "description": "ArgoCD can also remote deploy Applications to alien clusters. The server specifies the API Endpoint of the Cluster, where the Application should be deployed", "default": "" }
|
||||
{ "key": "argocd.namespace", "description": "The ArgoCD Namespace within the cluster. The ArgoCD Application will be deployed to this namespace You will need write privileges for this namespace", "default": "" }
|
||||
{ "key": "argocd.project", "description": "ArgoCD organizes Applications in Projects. This is the name of the project, the application should be deployed to", "default": "" }
|
||||
{ "key": "argocd.prune", "description": "Toggle pruning for this Application", "default": "" }
|
||||
{ "key": "argocd.repo", "description": "Specifiy the helm repo, from which ArgoCD should load the chart. Please make sure ArgoCD gets access rights to this repo", "default": "" }
|
||||
{ "key": "argocd.selfHeal", "description": "Toggle self healing feature for this Application", "default": "" }
|
||||
{ "key": "global.meta.isArgo", "description": "specifies that this is an Argo Installation. Used to determine the correct handler in the chart @internal -- Do not change", "default": "" }
|
||||
|
||||
262
ai/jsonl/chart_instance.jsonl
Normal file
262
ai/jsonl/chart_instance.jsonl
Normal file
@@ -0,0 +1,262 @@
|
||||
{ "chart_name": "nplus-instance", "chart_version": "1.2.1500-169", "chart_description": "nplus Instance, an umbrella chart for orchestrating the components in a nplus Instance" }
|
||||
{ "key": "administrator.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "administrator.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "administrator.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "administrator.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "administrator.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "administrator.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "application.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "application.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "application.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "application.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "application.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "application.nstl.host", "description": "sets the dns of the *nscale Server Storage Layer*, that should be configured", "default": "" }
|
||||
{ "key": "application.rs.host", "description": "sets the dns of the *nscale Rendition Server*, that should be configured", "default": "" }
|
||||
{ "key": "application.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "backend.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "cmis.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "cmis.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "cmis.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "cmis.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "cmis.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "cmis.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "components.administrator", "description": "enable a *nscale Administrator Web* component in this instance", "default": "" }
|
||||
{ "key": "components.application", "description": "deploy any solution using GBA, Standard Apps or shell copy with this generic deployment chart", "default": "" }
|
||||
{ "key": "components.cmis", "description": "enable a *nscale CMIS Connector* component in this instance", "default": "" }
|
||||
{ "key": "components.database", "description": "enable an internal *Postgres Database* in this instance", "default": "" }
|
||||
{ "key": "components.erpcmis", "description": "enable a *nscale ERP CMIS Connector* component in this instance", "default": "" }
|
||||
{ "key": "components.erpproxy", "description": "enable a *nscale ERP Proxy Connector* component in this instance", "default": "" }
|
||||
{ "key": "components.ilm", "description": "enable a *nscale ILM Connector* component in this instance", "default": "" }
|
||||
{ "key": "components.mon", "description": "enable a *nscale Monitoring Console* component in this instance", "default": "" }
|
||||
{ "key": "components.nappl", "description": "enable a consumer *nscale Application Layer* component in this instance", "default": "" }
|
||||
{ "key": "components.nappljobs", "description": "enable a dedicated jobs *nscale Application Layer* component in this instance please also make sure to set the *jobs* setting", "default": "" }
|
||||
{ "key": "components.nstl", "description": "enable a *nscale Server Storage Layer* component in this instance If you are in a **High Availability** scenario, disable this", "default": "" }
|
||||
{ "key": "components.nstla", "description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.", "default": "" }
|
||||
{ "key": "components.nstlb", "description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.", "default": "" }
|
||||
{ "key": "components.nstlc", "description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.", "default": "" }
|
||||
{ "key": "components.nstld", "description": "enable an additional *nscale Server Storage Layer* node in this instance within a **High Availability** scenario.", "default": "" }
|
||||
{ "key": "components.pam", "description": "enable a *nscale Process Automation Modeler* component in this instance", "default": "" }
|
||||
{ "key": "components.pipeliner", "description": "enable *nscale Pipeliner* component in this instance", "default": "" }
|
||||
{ "key": "components.prepper", "description": "download, deploy and run any git asset or script prior to installation of the components", "default": "" }
|
||||
{ "key": "components.rms", "description": "enable a *nplus Remote Management Server* component in this instance If you are in a **High Availability** scenario, disable this", "default": "" }
|
||||
{ "key": "components.rmsa", "description": "enable an additional *nplus Remote Management Server* in this instance within a **High Availability** scenario.", "default": "" }
|
||||
{ "key": "components.rmsb", "description": "enable an additional *nplus Remote Management Server* in this instance within a **High Availability** scenario.", "default": "" }
|
||||
{ "key": "components.rs", "description": "enable a *nscale Rendition Server* component in this instance", "default": "" }
|
||||
{ "key": "components.sharepoint", "description": "enable a *nscale Sharepoint Connector* component in this instance", "default": "" }
|
||||
{ "key": "components.sharepointa", "description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters", "default": "" }
|
||||
{ "key": "components.sharepointb", "description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters", "default": "" }
|
||||
{ "key": "components.sharepointc", "description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters", "default": "" }
|
||||
{ "key": "components.sharepointd", "description": "enable an additional *nscale Sharepoint Connector* component in this instance for another set of configuration parameters", "default": "" }
|
||||
{ "key": "components.sim", "description": "This section is for the single-instance-mode in which all environement components are integrated into the instance", "default": "" }
|
||||
{ "key": "components.sim.backend", "description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. the backend components holds the common storages / PVCs for conf and ptemp umong other common environmental resources", "default": "" }
|
||||
{ "key": "components.sim.dav", "description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. DAV gives you WebDAV access to your conf and ptemp volumes", "default": "" }
|
||||
{ "key": "components.sim.operator", "description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. The Operator will let you query the Custom Resources for nscale, e.g. `kubectl get nscale`", "default": "" }
|
||||
{ "key": "components.sim.toolbox", "description": "This is for *Single-Instance-Mode* **only**. Read the docu before enabling this. the toolbox has a git client installed and is suitable for pulling, pushing, copying stuff into the pool, fonts, certificates, snippets and configuration files", "default": "" }
|
||||
{ "key": "components.web", "description": "enable a *nscale Web* component in this instance", "default": "" }
|
||||
{ "key": "components.webdav", "description": "enable a *nscale WebDAV Connector* component in this instance", "default": "" }
|
||||
{ "key": "database", "description": "For the Database, we use a postgres 16 Ceyoniq uses docker.io/bitnami/postgresql:16", "default": "" }
|
||||
{ "key": "database.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "database.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "database.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "database.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "database.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "dmsapi.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "dmsapi.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "erpcmis.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "erpcmis.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "erpcmis.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "erpcmis.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "erpcmis.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "erpcmis.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "erpproxy.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "erpproxy.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "erpproxy.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "erpproxy.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "erpproxy.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "erpproxy.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "global.database.account", "description": "DB account (if not using a secret)", "default": "" }
|
||||
{ "key": "global.database.dialect", "description": "nscale DB server dialect", "default": "" }
|
||||
{ "key": "global.database.driverclass", "description": "nscale DB server driverclass", "default": "" }
|
||||
{ "key": "global.database.name", "description": "name of the nscale DB", "default": "" }
|
||||
{ "key": "global.database.password", "description": "DB password (if not using a secret)", "default": "" }
|
||||
{ "key": "global.database.passwordEncoded", "description": "weather the password is stored encrypted", "default": "" }
|
||||
{ "key": "global.database.schema", "description": "DB schema name", "default": "" }
|
||||
{ "key": "global.database.secret", "description": "DB credential secret (account, password)", "default": "" }
|
||||
{ "key": "global.database.url", "description": "The URL to the database", "default": "" }
|
||||
{ "key": "global.ingress.appRoot", "description": "Sets the root for this instance, where incoming root traffic should be redirected to", "default": "" }
|
||||
{ "key": "global.ingress.class", "description": "sets the global ingressclass for all components to use - if they do not define a specific one, for example if there are separate controllers for internal and external traffic", "default": "`public``" }
|
||||
{ "key": "global.ingress.createSelfSignedCertificate", "description": "if you do not define an issuer to generate the tls secret for you, you still can have a self signed certificate generated for you, if you set this to true. The default is true, so either you have an issuer or not, you will always end up with a certificate. Set an empty issuer and createSelfSignedCertificate to false to have no certificate generated and use an external or existing secret. Then make sure the secret matches.", "default": "" }
|
||||
{ "key": "global.ingress.domain", "description": "Sets the global domain within the instance to be used, if the component does not define any domain. If this remains empty, no ingress is generated Example: `{{ .instance.group }}.lab.nplus.cloud`", "default": "" }
|
||||
{ "key": "global.ingress.issuer", "description": "Sets the name of the issuer to create the tls secret. Very common is to have it created by cert-manager. Please see the documentation how to create a cert-manager cluster issuer for example. If no issuer is set, no certificate request will be generated", "default": "" }
|
||||
{ "key": "global.ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "`ingress, kube-system, ingress-nginx`" }
|
||||
{ "key": "global.ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. This secret is then either generated by cert-manager or self signed by helm - or not created", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "global.ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "global.instance.group", "description": "The group of the instance. This is used for the networkPolicies. Only Pods within one group are allowed to communicate if you enable the nplus Network Policies. By default, this is set the same as the instance name", "default": "" }
|
||||
{ "key": "global.instance.name", "description": "The name of the instance. Should this name be identical to the namespace name, then the prefix will be dropped. By default, this is the .Release.Name", "default": "" }
|
||||
{ "key": "global.license", "description": "Globally set the license secret name", "default": "" }
|
||||
{ "key": "global.logForwarderImage.name", "description": "defines the nplus toolbox name to be used for the *wait* feature", "default": "" }
|
||||
{ "key": "global.logForwarderImage.pullPolicy", "description": "defines the nplus toolbox pull policy to be used for the *wait* feature", "default": "" }
|
||||
{ "key": "global.logForwarderImage.repo", "description": "defines the nplus toolbox image to be used for the *wait* feature", "default": "" }
|
||||
{ "key": "global.logForwarderImage.tag", "description": "defines the tag for the logforwarder (FluentBit) @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "global.meta.nscaleVersion", "description": "Sets the nscale version of this deployment / instance. This is used by the operator to display the correct version e.g. in the Web UI. @internal -- this is set by the devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "global.nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "global.nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "global.nappl.host", "description": "sets the *nscale Server Application Layer* host to be used. As this is a global option, it can be overridden at component level.", "default": "" }
|
||||
{ "key": "global.nappl.instance", "description": "the instance of *nscale Server Application Layer* to be used @internal -- As this is depricated for nscale 10, you should never modify this.", "default": "" }
|
||||
{ "key": "global.nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "global.nappl.port", "description": "sets the *nscale Server Application Layer* port to be used. As this is a global option, it can be overridden at component level. if you switch to zero trus mode or change the nappl backend to https, you want to modify this port to 8443", "default": "" }
|
||||
{ "key": "global.nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "global.nappl.ssl", "description": "wether to use ssl or not for the advanced connector", "default": "" }
|
||||
{ "key": "global.security.cni.administratorInstance", "description": "sets the instance, from which Administration is allowed", "default": "" }
|
||||
{ "key": "global.security.cni.administratorNamespace", "description": "sets the namespace, from which Administration is allowed", "default": "" }
|
||||
{ "key": "global.security.cni.createNetworkPolicy", "description": "creates NetworkPolicies for each component.", "default": "" }
|
||||
{ "key": "global.security.cni.defaultEgressPolicy", "description": "if defined, creates a default NetworkPolicy to handle egress Traffic from the instance. Possible Values: deny, allow, none", "default": "" }
|
||||
{ "key": "global.security.cni.defaultIngressPolicy", "description": "if defined, creates a default NetworkPolicy to handle ingress Traffic to the instance. Possible Values: deny, allow, none", "default": "" }
|
||||
{ "key": "global.security.cni.monitoringInstance", "description": "sets the instance, from which Monitoring is allowed", "default": "" }
|
||||
{ "key": "global.security.cni.monitoringNamespace", "description": "sets the namespace, from which Monitoring is allowed", "default": "" }
|
||||
{ "key": "global.security.cni.pamInstance", "description": "sets the instance, from which Process Automation Modeling is allowed", "default": "" }
|
||||
{ "key": "global.security.cni.pamNamespace", "description": "sets the namespace, from which Process Automation Modeling is allowed", "default": "" }
|
||||
{ "key": "global.security.zeroTrust", "description": "enables zero trust on the instance. When enabled, no unencrypted http connection is allowed. This will remove all http ports from pods, services, network policies and ingress rules", "default": "" }
|
||||
{ "key": "global.telemetry.openTelemetry", "description": "if you use a OpenTelemetry as a telemetry collector, you can enable it here. This will add the annotations to some known pods for the injector to use agents inside the pods for telemetry collection. This often goes along with the `language` setting in the meta section to tell the telemetry collector which agent to inject.", "default": "" }
|
||||
{ "key": "global.waitImage.name", "description": "defines the nplus toolbox name to be used for the *wait* feature", "default": "" }
|
||||
{ "key": "global.waitImage.pullPolicy", "description": "defines the nplus toolbox pull policy to be used for the *wait* feature", "default": "" }
|
||||
{ "key": "global.waitImage.repo", "description": "defines the nplus toolbox image to be used for the *wait* feature", "default": "" }
|
||||
{ "key": "global.waitImage.tag", "description": "defines the nplus toolbox tag to be used for the *wait* feature @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "ilm.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "ilm.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "ilm.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "ilm.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "ilm.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "ilm.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "mon.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "mon.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "mon.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "mon.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "mon.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "nappl.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nappl.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "nappl.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nappl.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nappl.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "nappl.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "nappljobs.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nappljobs.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "nappljobs.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nappljobs.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nappljobs.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "nstl.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstl.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "nstl.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstl.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstl.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "nstla.clusterService.enabled", "description": "When using multiple nstl Instances with different configurations, you still might want to use a cluster service for HA access This will generate one for you.", "default": "" }
|
||||
{ "key": "nstla.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstla.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "nstla.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstla.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstla.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "nstlb.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstlb.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "nstlb.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstlb.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstlb.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "nstlc.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstlc.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "nstlc.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstlc.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstlc.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "nstld.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstld.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "nstld.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstld.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "nstld.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "pam.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "pam.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "pam.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "pam.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "pam.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "pam.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "pipeliner.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "pipeliner.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "pipeliner.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "pipeliner.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "pipeliner.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "pipeliner.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "prepper.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "prepper.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "prepper.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "prepper.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "prepper.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "rms", "description": "rms is not a Ceyoniq component, but a part of nplus", "default": "" }
|
||||
{ "key": "rms.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rms.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "rms.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rms.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rms.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "rmsa.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rmsa.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "rmsa.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rmsa.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rmsa.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "rmsb.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rmsb.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "rmsb.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rmsb.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rmsb.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "rs.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rs.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "rs.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rs.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "rs.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "sharepoint", "description": "For SharePoint Connector, there is no entry in Github yet, so we set it hardcoded TODO: 9.3: Test again later, if there is a valid github entry.", "default": "" }
|
||||
{ "key": "sharepoint.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepoint.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "sharepoint.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepoint.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepoint.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "sharepoint.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "sharepointa.clusterService.contextPath", "description": "Set the context Path for the cluster Ingress. Make sure also the members are listening to this path", "default": "" }
|
||||
{ "key": "sharepointa.clusterService.enabled", "description": "When using multiple SharePoint Connectors with different configurations, you still might want to use a retrieval cluster for HA so you can enable the clusterService and define the context path.", "default": "" }
|
||||
{ "key": "sharepointa.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointa.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "sharepointa.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointa.ingress.contextPath", "description": "Defines the context path of this sharepoint instance, in case you might have multiple instances. We do not want them to consume the same ingress path, because it would block the ingress from being created.", "default": "" }
|
||||
{ "key": "sharepointa.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointa.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "sharepointa.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "sharepointb.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointb.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "sharepointb.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointb.ingress.contextPath", "description": "Defines the context path of this sharepoint instance, in case you might have multiple instances. We do not want them to consume the same ingress path, because it would block the ingress from being created.", "default": "" }
|
||||
{ "key": "sharepointb.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointb.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "sharepointb.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "sharepointc.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointc.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "sharepointc.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointc.ingress.contextPath", "description": "Defines the context path of this sharepoint instance, in case you might have multiple instances. We do not want them to consume the same ingress path, because it would block the ingress from being created.", "default": "" }
|
||||
{ "key": "sharepointc.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointc.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "sharepointc.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "sharepointd.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointd.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "sharepointd.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointd.ingress.contextPath", "description": "Defines the context path of this sharepoint instance, in case you might have multiple instances. We do not want them to consume the same ingress path, because it would block the ingress from being created.", "default": "" }
|
||||
{ "key": "sharepointd.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "sharepointd.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "sharepointd.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "web.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "web.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "web.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "web.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "web.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "web.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
{ "key": "webdav.image.name", "description": "sets the name of the image to use for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "webdav.image.repo", "description": "sets the repo from where to load the image. This can be overridden on environment or instance level in case you have your own repo for caching and security reasons", "default": "" }
|
||||
{ "key": "webdav.image.tag", "description": "defines the tag for this component @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "webdav.meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "webdav.meta.wave", "description": "Defines the ArgoCD wave in which this component should be installed. This setting only applies to scenarios, where ArgoCD is used as handler", "default": "" }
|
||||
{ "key": "webdav.waitFor", "description": "Defines what condition needs to be met before this components starts", "default": "" }
|
||||
|
||||
130
ai/jsonl/chart_mon.jsonl
Normal file
130
ai/jsonl/chart_mon.jsonl
Normal file
@@ -0,0 +1,130 @@
|
||||
{ "chart_name": "nplus-component-mon", "chart_version": "1.2.1500-169", "chart_description": "nscale Monitoring Console, used to provide sensor information from all components to dashboards" }
|
||||
{ "key": "activateRmi", "description": "Activates the RMI Interface. Due to security concern, this defaults to `false`", "default": "" }
|
||||
{ "key": "activateSsl", "description": "Activates SSL / TLS communication", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
155
ai/jsonl/chart_nappl.jsonl
Normal file
155
ai/jsonl/chart_nappl.jsonl
Normal file
@@ -0,0 +1,155 @@
|
||||
{ "chart_name": "nplus-component-nappl", "chart_version": "1.2.1500-169", "chart_description": "nscale Server Application Layer, the central component in the nscale ecosystem" }
|
||||
{ "key": "database", "description": "If you define the database in your values, this DB settings are taken. If you leave this empty, the settings from the config file are used.", "default": "" }
|
||||
{ "key": "database.account", "description": "alternative 1: the account name of the technical DB user for nscale", "default": "" }
|
||||
{ "key": "database.dialect", "description": "the database dialect to use", "default": "" }
|
||||
{ "key": "database.driverclass", "description": "the driver class to use", "default": "" }
|
||||
{ "key": "database.name", "description": "the name of the database to use", "default": "" }
|
||||
{ "key": "database.password", "description": "alternative 1: the password of the technical DB user for nscale", "default": "" }
|
||||
{ "key": "database.passwordEncoded", "description": "weather the DB password is stored encrypted", "default": "" }
|
||||
{ "key": "database.schema", "description": "the database schema to use", "default": "" }
|
||||
{ "key": "database.secret", "description": "alternative 2: use a secret for the account and password", "default": "" }
|
||||
{ "key": "database.url", "description": "the DB URL", "default": "" }
|
||||
{ "key": "disableSessionReplication", "description": "enables/disables the session replication for these cluster members.", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.includeDefaultPaths", "description": "toggles default paths like index.html, res and engine.properties", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "jobs", "description": "enables/disables the job affinity / priority for these cluster members", "default": "" }
|
||||
{ "key": "kubePing", "description": "sets the serviceAccount for NAPPL. Up to 9.1.1100, this was needed for the cluster communication (kubePing). Starting 9.1.1201, this is not the case any more If it is left empty, also the automountServiceAccountToken is disabled. If you set Values, they are ignored in Versions > 9.1.1200", "default": "" }
|
||||
{ "key": "kubePing.create", "description": "Creates the ServiceAccount (only if Version < 9.1.1200) Later Versions use a Cluster Service and resolve the IP Adresses from the EndpointSlices", "default": "" }
|
||||
{ "key": "kubePing.name", "description": "Set the ServiceAccount Name for the kubePing Protocol", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "priority", "description": "You can give a component a specific priorityClass to implement a quality of service. You can leave this empty, then no priority is set. If you set a class, this class is taken If you additionally enable create, the class is created for you with the value defined.", "default": "" }
|
||||
{ "key": "priority.className", "description": "Set the priority class for the Application Layer deployment if desired", "default": "" }
|
||||
{ "key": "priority.createClass", "description": "Creates an individual PriorityClass for this instance", "default": "" }
|
||||
{ "key": "priority.value", "description": "Sets the priorityValue", "default": "1000000" }
|
||||
{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.cni.dbIpRange", "description": "defines the IP Range of out-of-cluster DB Servers, that the nappl is allowed to communicate with.", "default": "" }
|
||||
{ "key": "security.cni.sapIpRange", "description": "defines the IP Range of out-of-cluster SAP Servers, that the nappl is allowed to communicate with.", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "sessionCacheStorageType", "description": "Sets the Session Cache Storage Type to HEAP or OFF_HEAP", "default": "" }
|
||||
{ "key": "snc.enabled", "description": "Enables the NAPPL SNC to access SAP Systems. Since nscale 8, the configuration is done in the Administration Client.", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
111
ai/jsonl/chart_nstl.jsonl
Normal file
111
ai/jsonl/chart_nstl.jsonl
Normal file
@@ -0,0 +1,111 @@
|
||||
{ "chart_name": "nplus-component-nstl", "chart_version": "1.2.1500-169", "chart_description": "nscale Server Storage Layer, virtualizing the storage to be used by the nscale Server" }
|
||||
{ "key": "accounting", "description": "sets and enables / disables the accounting function. If enabled, it writes the csv files to *ptemp* (`<instance>/<component>/accounting`) The internal path is set to `/opt/ceyoniq/nscale-server/storage-layer/accounting` by `mounts.ptemp.paths`", "default": "" }
|
||||
{ "key": "checkHighestDocId", "description": "enables checking the highest DocID when starting the server. this only makes sense, if you also set a separate volume for the highest ID This is a backup / restore feature to avoid data mangling", "default": "" }
|
||||
{ "key": "dvCheckPath", "description": "sets the path of the highest ID file.", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.medium", "description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.cni.nstlIpRange", "description": "You might want to access storage layer outside the cluster (proxy concept) To do so, you can add a specific IP Range here, which is set within the network policy.", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
|
||||
137
ai/jsonl/chart_pam.jsonl
Normal file
137
ai/jsonl/chart_pam.jsonl
Normal file
@@ -0,0 +1,137 @@
|
||||
{ "chart_name": "nplus-component-pam", "chart_version": "1.2.1500-169", "chart_description": "nscale Process Automation Modeler, providing Web UI Modeler for PAP" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
130
ai/jsonl/chart_pipeliner.jsonl
Normal file
130
ai/jsonl/chart_pipeliner.jsonl
Normal file
@@ -0,0 +1,130 @@
|
||||
{ "chart_name": "nplus-component-pipeliner", "chart_version": "1.2.1500-169", "chart_description": "nscale Pipeliner, the mass import / export tool of nscale" }
|
||||
{ "key": "dav.account", "description": "the dav user", "default": "" }
|
||||
{ "key": "dav.image", "description": "the Image to use for the DAV server", "default": "" }
|
||||
{ "key": "dav.image.pullPolicy", "description": "the DAV server image pull policy", "default": "" }
|
||||
{ "key": "dav.password", "description": "password of the dav user", "default": "" }
|
||||
{ "key": "dav.secret", "description": "Alternatively, define a secret", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.defaultConfig", "description": "Sets a configMap with default configuration files that get copied to a new and empty container just before the template folder gets copied. Existing files are not overwritten.", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "replicaCount", "description": "Default ReplicaCount is 0 as the pipeliner requires a working cold.xml", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
115
ai/jsonl/chart_prepper.jsonl
Normal file
115
ai/jsonl/chart_prepper.jsonl
Normal file
@@ -0,0 +1,115 @@
|
||||
{ "chart_name": "nplus-prepper", "chart_version": "1.2.1500-169", "chart_description": "nplus Prepper, used to deploy assets prior to component deployment" }
|
||||
{ "key": "download", "description": "A list of URLs (Links) to Assets to download before anything else if the download is a .tar.gz, it is automatically untared to /pool/downloads", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "nstl.host", "description": "The dns of the *nscale Server Storage Layer*. This is used to add it to the nappl configuration", "default": "" }
|
||||
{ "key": "prerun", "description": "A list of scripts to run before the deployment of Apps", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "rs.host", "description": "The dns of the *nscale rendition Server*. This is used to add it to the nappl configuration", "default": "" }
|
||||
{ "key": "run", "description": "A list of scripts to run after the deployment of Apps", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
171
ai/jsonl/chart_rms.jsonl
Normal file
171
ai/jsonl/chart_rms.jsonl
Normal file
@@ -0,0 +1,171 @@
|
||||
{ "chart_name": "nplus-component-rms", "chart_version": "1.2.1500-169", "chart_description": "nplus Remote Management Server incl. RMS and Access Proxy" }
|
||||
{ "key": "comps.cmis.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.cmis.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
|
||||
{ "key": "comps.cmis.host", "description": "The host, where this component runs", "default": "" }
|
||||
{ "key": "comps.cmis.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.cmis.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.cmis.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.cmis.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.cmis.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.cmis.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
|
||||
{ "key": "comps.ilm.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.ilm.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
|
||||
{ "key": "comps.ilm.host", "description": "The host, where this component runs", "default": "" }
|
||||
{ "key": "comps.ilm.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.ilm.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.ilm.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.ilm.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.ilm.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.ilm.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
|
||||
{ "key": "comps.mon.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.mon.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
|
||||
{ "key": "comps.mon.host", "description": "The host, where this component runs", "default": "" }
|
||||
{ "key": "comps.mon.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.mon.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.mon.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.mon.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.mon.ports.tcp", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.mon.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.mon.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
|
||||
{ "key": "comps.nappl", "description": "Values for the nappl component", "default": "" }
|
||||
{ "key": "comps.nappl.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nappl.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
|
||||
{ "key": "comps.nappl.host", "description": "The host, where this component runs", "default": "" }
|
||||
{ "key": "comps.nappl.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nappl.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nappl.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nappl.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nappl.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nappl.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
|
||||
{ "key": "comps.nstl.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nstl.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
|
||||
{ "key": "comps.nstl.host", "description": "The host, where this component runs", "default": "" }
|
||||
{ "key": "comps.nstl.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nstl.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nstl.ports.tcp", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nstl.ports.tcps", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nstl.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.nstl.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
|
||||
{ "key": "comps.pipeliner.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.pipeliner.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
|
||||
{ "key": "comps.pipeliner.host", "description": "The host, where this component runs", "default": "" }
|
||||
{ "key": "comps.pipeliner.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.pipeliner.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.pipeliner.ports.tcp", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.pipeliner.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.pipeliner.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
|
||||
{ "key": "comps.rs.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.rs.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
|
||||
{ "key": "comps.rs.host", "description": "The host, where this component runs", "default": "" }
|
||||
{ "key": "comps.rs.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.rs.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.rs.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.rs.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.rs.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.rs.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
|
||||
{ "key": "comps.web.displayName", "description": "The displayName name of the component as it appears in the RMS Server Properties @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.web.enabled", "description": "Toggles if this component should be available through RMS", "default": "" }
|
||||
{ "key": "comps.web.host", "description": "The host, where this component runs", "default": "" }
|
||||
{ "key": "comps.web.name", "description": "The internal name of the component @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.web.ports", "description": "The ports exposed by the L4 Load Balancer / Reverse Proxy @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.web.ports.http", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.web.ports.https", "description": "proxied port @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.web.replicaSetType", "description": "The type of the replicaSet - important for the kubectl command @internal -- do not change", "default": "" }
|
||||
{ "key": "comps.web.restartReplicas", "description": "The amount of replicas to set when starting through the *nscale Administrator* client", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.medium", "description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.cni.adminIpRange", "description": "defines the IP Range of out-of-cluster Administrator Workplaces that are allowed to access the RMS Server.", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
|
||||
131
ai/jsonl/chart_rs.jsonl
Normal file
131
ai/jsonl/chart_rs.jsonl
Normal file
@@ -0,0 +1,131 @@
|
||||
{ "chart_name": "nplus-component-rs", "chart_version": "1.2.1500-169", "chart_description": "nscale Rendition Server, providing means to format-convert common file types" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
181
ai/jsonl/chart_sharepoint.jsonl
Normal file
181
ai/jsonl/chart_sharepoint.jsonl
Normal file
@@ -0,0 +1,181 @@
|
||||
{ "chart_name": "nplus-component-sharepoint", "chart_version": "1.2.1500-169", "chart_description": "nscale SharePoint Connector, providing SP archiving to the Instance" }
|
||||
{ "key": "clusterService.contextPath", "description": "set the contextPath (url) for the SharePoint Cluster Service (for GET requests to a group of sharepoint instances)", "default": "" }
|
||||
{ "key": "connector.cTagPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.eTagPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.idPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.listItemIdPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.nscaleExpirationPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.nscaleGdprRelevantPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.nscaleLegalHidePropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.nscaleLegalHoldPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.nscaleRetentionPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.parentIdPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.sharePointChangeTokenPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.sharePointCreatedPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.sharePointCreatorPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.sharePointEditedPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.sharePointEditorPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.stubIdPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.stubListItemIdPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "connector.webUrlPropertyName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "doInitialCrawl", "description": "toggle initial crawling. This value is mandatory.", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "management.port", "description": "see mail from Manuel, 30.7.2024", "default": "" }
|
||||
{ "key": "management.security", "description": "see mail from Manuel, 30.7.2024", "default": "" }
|
||||
{ "key": "management.ssl", "description": "see mail from Manuel, 30.7.2024", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.baseFolder", "description": "The base folder, this component should write to", "default": "" }
|
||||
{ "key": "nappl.docArea", "description": "The document area, this component should write to", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "parallelRequests", "description": "amount of parallel requests", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "sharepoint.clientCertPw", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.clientId", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.doCheckOut", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.secret", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.serviceBusConnectionString", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.serviceBusQueueName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.serviceBusRetentionConnectionString", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.serviceBusRetentionQueueName", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.serviceBusTopicNameConfigUpdate", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.spHost", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.tenantId", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.triggerProperty", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "sharepoint.webUserPw", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "ssl.keyAlias", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "ssl.keyPassword", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "ssl.keystore", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "ssl.keystorePassword", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "ssl.keystoreSecret", "description": "Documentation pending until official release of *nscale SharePoint Connector* by *Ceyoniq*", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
151
ai/jsonl/chart_web.jsonl
Normal file
151
ai/jsonl/chart_web.jsonl
Normal file
@@ -0,0 +1,151 @@
|
||||
{ "chart_name": "nplus-component-web", "chart_version": "1.2.1500-169", "chart_description": "nscale Web, providing a modern Web UI to nscale users" }
|
||||
{ "key": "authType", "description": "Set the authentication type login, basic, negotiate, implicit ntlmv2, kerberos", "default": "" }
|
||||
{ "key": "customizingMode", "description": "If this setting is enabled, layouts will update immediately when changes are made. It is no longer necessary to re-register or restart the service. If this setting is not activated, the automatic update of the metamodel is turned off. We recommend not using this setting in productive systems because it reduces system performance.", "default": "" }
|
||||
{ "key": "disableUsernamePassword", "description": "surpresses the login dialog", "default": "" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "immediateFederatedLogin", "description": "directly log in via identity providers", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "metamodelMode", "description": "Refreshes the metamodel mode", "default": "" }
|
||||
{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.defaultConfig", "description": "Sets a configMap with default configuration files that get copied to a new and empty container just before the template folder gets copied. Existing files are not overwritten.", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.medium", "description": "the medium for the emptyDisk volume if you unset it, it drops it from the manifest", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "oauthDomains", "description": "OAuth nscale domains", "default": "" }
|
||||
{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "sameSite", "description": "nscale SameSite Cookie Header", "default": "" }
|
||||
{ "key": "samlDomains", "description": "SAML nscale domains", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "smartCrossgrade", "description": "Enable Crossgrade for Smart Layouts", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
140
ai/jsonl/chart_webdav.jsonl
Normal file
140
ai/jsonl/chart_webdav.jsonl
Normal file
@@ -0,0 +1,140 @@
|
||||
{ "chart_name": "nplus-component-webdav", "chart_version": "1.2.1500-169", "chart_description": "nscale WebDAV Connector, providing a standard WebDAV interface to the Instance" }
|
||||
{ "key": "env", "description": "Sets additional environment variables for the configuration.", "default": "" }
|
||||
{ "key": "envMap", "description": "Sets the name of a configMap, which holds additional environment variables for the configuration. It is added as envFrom configMap to the container.", "default": "" }
|
||||
{ "key": "envSecret", "description": "Sets the name of a secret, which holds additional environment variables for the configuration. It is added as envFrom secretRef to the container.", "default": "" }
|
||||
{ "key": "fullnameOverride", "description": "This overrides the output of the internal fullname function", "default": "" }
|
||||
{ "key": "image", "description": "provide the image to be used for this component", "default": "" }
|
||||
{ "key": "image.name", "description": "the name of the image to use", "default": "" }
|
||||
{ "key": "image.pullSecrets", "description": "you can provide your own pullSecrets, in case you use a private repo.", "default": "" }
|
||||
{ "key": "image.repo", "description": "if you use a private repo, feel free to set it here", "default": "" }
|
||||
{ "key": "image.tag", "description": "the tag of the image to use", "default": "" }
|
||||
{ "key": "ingress", "description": "Ingress defines wether this component is reachable via an ingress controller, Layer 7, through http(s)", "default": "" }
|
||||
{ "key": "ingress.annotations", "description": "Adds extra Annotations to the ingress", "default": "" }
|
||||
{ "key": "ingress.backendProtocol", "description": "Overrides the default backend protocol. The default is http, unless in zeroTrust Mode, then it is switched to https automatically.", "default": "`http` <br> `https` in zero trust mode" }
|
||||
{ "key": "ingress.class", "description": "The ingressclass to use for this ingress. Most likely, this is provided globally by the instance, but you are free to override it here if this component should use a different class e.g. if you have separated ingress controllers, like a public and an internal one", "default": "`public`" }
|
||||
{ "key": "ingress.contextPath", "description": "The default service context path for this ingress. Some components allow to change this (e.g. SharePoint), for the most though this is only a constant used in the scripts.", "default": "" }
|
||||
{ "key": "ingress.cookie", "description": "on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web", "default": "" }
|
||||
{ "key": "ingress.deny", "description": "deny is used to exclude specific paths from public access, such as administrative paths. For Example, in nappl, webc ist the hessian protocol, webb is the burlap protocol. The configuration service is the endpoint used by the Admin client.", "default": "" }
|
||||
{ "key": "ingress.domain", "description": "Sets the domain to be used. This domain should be provided by the instance globally for all components, but you are free to override it here", "default": "" }
|
||||
{ "key": "ingress.enabled", "description": "You can toggle the ingress on wether you'd like this component to be reachable through an ingress or not.", "default": "" }
|
||||
{ "key": "ingress.inputPath", "description": "defines the path for a potential rewriting to `rewriteTarget`. Do not change unless you have a good reason Example: `/nscalealinst1(/\\|$)(.*)` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.namespace", "description": "Specify the namespace in which the ingress controller runs. This sets the firewall rule / networkPolicy to allow traffic from this namespace to our pods. This may be a comma separated list", "default": "\"ingress, kube-system, ingress-nginx\"" }
|
||||
{ "key": "ingress.proxyReadTimeout", "description": "Sets the annotation `nginx.ingress.kubernetes.io/proxy-read-timeout` on the ingress object, if set.", "default": "" }
|
||||
{ "key": "ingress.rewriteTarget", "description": "defines a rewriteTarget for a potential retriting of `inputPath`. Do not change unless you have a good reason Example: `/nscalealinst1/$2` @internal -- This is an alpha feature - do not use it.", "default": "" }
|
||||
{ "key": "ingress.secret", "description": "Sets the name of the tls secret to be used for this ingress, that contains the private and public key. These secrets can optionally be provided by the instance", "default": "`{{ .this.ingress.domain }}-tls`" }
|
||||
{ "key": "ingress.whitelist", "description": "optionally sets a whitelist of ip ranges (CIDR format, comma separated) from which ingress is allowed. This is an annotation for nginx, so won't work with other ingress controllers", "default": "" }
|
||||
{ "key": "javaOpts", "description": "Options for the Java VM", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxMem", "description": "set the maximum memory, java will consume. Attention: This is NOT the real maximum and it does not include any non Java memory. Please read google, as this is highly discussed", "default": "" }
|
||||
{ "key": "javaOpts.javaMaxRamPercentage", "description": "set the percentage of RAM, Java will use of the total. The total amount is the amount installed in the K8s Cluster Node, OR the Memory Limit set (see resources), if any.", "default": "" }
|
||||
{ "key": "javaOpts.javaMinMem", "description": "set the minimum memory, java will consume", "default": "" }
|
||||
{ "key": "javaOpts.javaMisc", "description": "Any misc Java Options that need to be passed to the container", "default": "" }
|
||||
{ "key": "meta", "description": "defines internal constants for nplus. do not change these values", "default": "" }
|
||||
{ "key": "meta.componentVersion", "description": "This is the version of the component, used for display @internal -- set by devOps pipeline, so do not modify", "default": "" }
|
||||
{ "key": "meta.language", "description": "Sets the language of the main service (in the *service* container). This is used for instance if you turn OpenTelemetry on, to know which Agent to inject into the container.", "default": "" }
|
||||
{ "key": "meta.ports", "description": "lists the ports this component exposes. This is important for zero trust mode and others.", "default": "" }
|
||||
{ "key": "meta.ports.http", "description": "The http port this component uses (if any). In zero trust mode, this will be disabled. @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.https", "description": "The tls / https port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.rmi", "description": "A potential rmi port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcp", "description": "A potential tcp port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.ports.tcps", "description": "A potential tls / tcps port, this component uses (if any) @internal -- this is a constant value of the component and should not be changed.", "default": "" }
|
||||
{ "key": "meta.provider", "description": "sets provider (partner, reseller) information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.serviceContainer", "description": "The container name of the main service for this component. This is used to define where to inject the telemetry agents, if any", "default": "" }
|
||||
{ "key": "meta.stage", "description": "A optional parameter to indicate the stage (DEV, QA, PROD, ...) this component, instance or environment runs in. This can be used in template functions to add the stage to for instance the service name of telemetry services like open telemetry. (see telemetry example)", "default": "" }
|
||||
{ "key": "meta.tenant", "description": "sets tenant information to be able to invoice per use in a cloud environment", "default": "" }
|
||||
{ "key": "meta.type", "description": "the type of the component. You should not change this value, except if you use a pipeliner in core mode. In core mode, it should be *core*, else *pipeliner* This type is used to create cluster communication for nappl and nstl and potentially group multiple replicaSets into one service.", "default": "" }
|
||||
{ "key": "meta.wave", "description": "Sets the wave in which this component should be deployed within an ArgoCD deployment if unset, it uses the default wave thus all components are installed in one wave, then relying on correct wait settings just like in a helm installation", "default": "" }
|
||||
{ "key": "minReplicaCount", "description": "if you set minReplicaCount, a podDesruptionBudget will be created with this value as minAvailable, using the full component as selector. This is useful for components, that are using multiple replicas.", "default": "" }
|
||||
{ "key": "minReplicaCountType", "description": "if you set minReplicaCountType, a podDesruptionBudget will be created with this value as minAvailable, using the component type as selector. This is useful for components, that are spread across multiple replicaSets, like sharepoint or storage layer", "default": "" }
|
||||
{ "key": "mounts.caCerts", "description": "You can add a file with trusted Root Certificates (e.g. Azure), to be able to connect to alien services via https. If you have a self-signed root certificate, you can also add it here.", "default": "" }
|
||||
{ "key": "mounts.caCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.caCerts.paths", "description": "Sets the path to the certs folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.caCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts", "description": "the java based nscale components have their own certificates, that you might want to upload. You can normally do so via the environment configuration, but should you want to use a secret, you can set it here", "default": "" }
|
||||
{ "key": "mounts.componentCerts.configMap", "description": "Alternative 2: the name of the configMap to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.componentCerts.paths", "description": "Sets the path to the component certs. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.componentCerts.secret", "description": "Alternative 1: the name of the secret to use. The Key has to be the File Name used in the path setting", "default": "" }
|
||||
{ "key": "mounts.conf", "description": "The conf volume is a RWX volume mounted by the environment, that holds all configurations of all instances and components in this environment", "default": "" }
|
||||
{ "key": "mounts.conf.path", "description": "Sets the path to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.conf.paths", "description": "Sets a list of paths to the conf files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.class", "description": "Sets the class of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.path", "description": "Sets the path to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.data.size", "description": "Sets the size of the data disk", "default": "" }
|
||||
{ "key": "mounts.data.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.disk.class", "description": "Sets the class of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.enabled", "description": "enables the use of the second data disk. If enabled, all paths defined will end up on this disk. In case of the (default) disabled, the paths will be added to the primaty data disk.", "default": "" }
|
||||
{ "key": "mounts.disk.migration", "description": "Enables the migration init container. This will copy the data in paths from the primary data disk to the newly enabled secondary disk. This is done only once and only if there is legacy data at all. No files are overwritten!", "default": "" }
|
||||
{ "key": "mounts.disk.path", "description": "Sets the path to the disk files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.paths", "description": "Sets a list of paths to the data files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.disk.size", "description": "Sets the size of the disk", "default": "" }
|
||||
{ "key": "mounts.disk.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.file.class", "description": "Sets the class of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.path", "description": "Sets the path to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.paths", "description": "Sets a list of paths to the shared files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.file.size", "description": "Sets the size of the shared disk", "default": "" }
|
||||
{ "key": "mounts.file.volumeName", "description": "If you do not want to have a Volume created by the provisioner, you can set the name of your volume here to attach to this pre-existing one", "default": "" }
|
||||
{ "key": "mounts.fonts", "description": "If you want to use additional fonts like the msttcorefonts (Microsoft Core Fonts). This mounts the fonts directory from the environment pool", "default": "" }
|
||||
{ "key": "mounts.fonts.path", "description": "Sets the path to the fonts folder. @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.generic", "description": "Allows to define generic mounts of pre-provisioned PVs into any container. This can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.", "default": "" }
|
||||
{ "key": "mounts.license", "description": "some nscale Components require a license file and this defines it's location", "default": "" }
|
||||
{ "key": "mounts.license.path", "description": "Sets the path to the license files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs", "description": "The log volume is used to take any left-over logging in the container. The container should log to stdout, but if any component still tries to log to disk this disk needs to be writeable", "default": "" }
|
||||
{ "key": "mounts.logs.path", "description": "Sets the path to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.paths", "description": "Sets a list of paths to the log files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.logs.size", "description": "Sets the size of the log disk (all paths)", "default": "" }
|
||||
{ "key": "mounts.pool.path", "description": "Sets the path to a directory, there the `pool` folder from the `conf` volume should be mounted. this is used to store scripts, apps and assets that are required to deploy an application / solution @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.ptemp.path", "description": "Sets the path for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.ptemp.paths", "description": "Sets a list of paths for temporary files that are persisted @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp", "description": "The temp volume is used to hold any superflues and temporary data. it is deleted when the pod terminates. However, it is extremely important as all pods filesystems are read only", "default": "" }
|
||||
{ "key": "mounts.temp.path", "description": "Sets the path to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.paths", "description": "Sets a list of paths to the temporary files @internal -- do not change this value", "default": "" }
|
||||
{ "key": "mounts.temp.size", "description": "Sets the size of the temporary disk (all paths)", "default": "" }
|
||||
{ "key": "nameOverride", "description": "This overrides the output of the internal name function", "default": "" }
|
||||
{ "key": "nappl", "description": "The nscale Application Layer, this component should talk to", "default": "" }
|
||||
{ "key": "nappl.account", "description": "The technical account to login with", "default": "" }
|
||||
{ "key": "nappl.domain", "description": "The domain of the technical account", "default": "" }
|
||||
{ "key": "nappl.host", "description": "nappl host name", "default": "" }
|
||||
{ "key": "nappl.instance", "description": "instance of the Application Layer, likely `instance1`", "default": "" }
|
||||
{ "key": "nappl.password", "description": "The password of the technical accunt (if not set by secret)", "default": "" }
|
||||
{ "key": "nappl.port", "description": "nappl port (http 8080 or https 8443)", "default": "" }
|
||||
{ "key": "nappl.secret", "description": "An optional secret that holds the credentials (the keys must be `account` and `password`)", "default": "" }
|
||||
{ "key": "nappl.ssl", "description": "sets the Advanced Connect to tls", "default": "" }
|
||||
{ "key": "nodeSelector", "description": "select specific nodes for this component", "default": "" }
|
||||
{ "key": "replicaCount", "description": "Sets the number of replicas in this replicaSet. Some Components (like nstl or sharepoint) only allow a count of 1.", "default": "" }
|
||||
{ "key": "resources", "description": "Assigns hardware resources to container", "default": "" }
|
||||
{ "key": "resources.limits", "description": "Limits the maximum resources", "default": "" }
|
||||
{ "key": "resources.limits.cpu", "description": "The maximum allowed CPU for the container", "default": "" }
|
||||
{ "key": "resources.limits.memory", "description": "The maximum allowed RAM for the container", "default": "" }
|
||||
{ "key": "resources.requests", "description": "Requests are used to assign a minimum to a container. This is the guaranteed amount", "default": "" }
|
||||
{ "key": "resources.requests.cpu", "description": "Set the share of guaranteed CPU to the container.", "default": "" }
|
||||
{ "key": "resources.requests.memory", "description": "Set the share of guaranteed RAM to the container", "default": "" }
|
||||
{ "key": "security", "description": "Security Section defining default runtime environment for your container", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.allowPrivilegeEscalation", "description": "Some functionality may need the possibility to allow privilege escalation. This should be very restrictive @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.capabilities", "description": "Capabilities this container should have. Only allow the necessity, and drop as many as possible @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.containerSecurityContext.readOnlyRootFilesystem", "description": "sets the container root file system to read only. This should be the case in production environment @internal -- you should not change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroup", "description": "The file system group as which new files are created @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.fsGroupChangePolicy", "description": "Under which condition should the fsGroup be changed @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.podSecurityContext.runAsUser", "description": "The user under which the container ist run. Avoid 0 / root. The container should run in a non-root context for security @internal -- there is normally no need to change this", "default": "" }
|
||||
{ "key": "security.zeroTrust", "description": "turns on *Zero Trust* Mode, disabling *all* http communication, even the internal http probes", "default": "`false`" }
|
||||
{ "key": "service.annotations", "description": "adds extra Annotations to the service", "default": "" }
|
||||
{ "key": "service.enabled", "description": "enables the service to be consumed by group components and a potential ingress Disabling the service also disables the ingress.", "default": "" }
|
||||
{ "key": "service.selector", "description": "The selector can be `component` or `type` *component* selects only pods that are in the replicaset. *type* selects any pod that has the given type", "default": "" }
|
||||
{ "key": "telemetry", "description": "Settings for telemetry tools", "default": "" }
|
||||
{ "key": "telemetry.openTelemetry", "description": "turns Open Telemetry on", "default": "" }
|
||||
{ "key": "telemetry.serviceName", "description": "Sets the service name for the telemetry service to more convenient identify the displayed component Example: \"{{ .this.meta.type }}-{{ .instance.name }}\"", "default": "" }
|
||||
{ "key": "template", "description": "provide extra settings for pod templates", "default": "" }
|
||||
{ "key": "template.annotations", "description": "set additional annotations for pods", "default": "" }
|
||||
{ "key": "template.labels", "description": "set additional labels for pods", "default": "" }
|
||||
{ "key": "terminationGracePeriodSeconds", "description": "Sets the terminationGracePeriodSeconds for the component If not set, it uses the Kubernetes defaults", "default": "" }
|
||||
{ "key": "timezone", "description": "set the time zone for this component to make sure log output has a specific timestamp, internal dates and times are correct (like the creationDate in nappl) etc.", "default": "`Europe/Berlin`" }
|
||||
{ "key": "tolerations", "description": "Set tolerations for this component", "default": "" }
|
||||
{ "key": "updateStrategy", "description": "the update Strategy for this component. Normally, you can update all components rolling, except for nappl, where you need to follow the documented update procedures.", "default": "" }
|
||||
{ "key": "utils.debug", "description": "Turn debugging *on* will give you stack trace etc. Please check out the Chart Developer Guide", "default": "`false`" }
|
||||
{ "key": "utils.disableWait", "description": "in case you use the argoCD Wave feature, you might think about switching off the waitFor mechanism, that makes sure PODs are only started after pre-requisites are fulfilled. You can disable the starndard wait mechanism, but at your own risk, as this might start components even if they are not intended to run yet.", "default": "`false`" }
|
||||
{ "key": "utils.disableWave", "description": "If you use argoCD, you most likely want to use the argo Wave Feature as well, making sure the components of an instance are deployed ordered. However, in DEV you might want to disable this to allow live changing components while previous waves are not finished yet.", "default": "`false`" }
|
||||
{ "key": "utils.includeNamespace", "description": "By default, the namespace is rendered into the manifest. However, if you want to use `helm template` and store manifests for later applying them to multiple namespaces, you might want to turn this `false` to be able to use `kubectl apply -n <namespace> -f template.yaml` later", "default": "`true`" }
|
||||
{ "key": "utils.maintenance", "description": "in Maintenance Mode, all *waitFor* actions will be skipped, the *Health Checks* are ignored and the pods will start in idle, not starting the service at all. This will allow you to gain access to the container to perform recovery and maintenance tasks while having the real container up.", "default": "`false`" }
|
||||
{ "key": "utils.renderComments", "description": "You can turn Comment rendering *on* to get descriptive information inside the manifests. It will also fail on depricated functions and keys, so it is recommended to only switch it off in PROD", "default": "`true`" }
|
||||
{ "key": "waitFor", "description": "Defines a list of conditions that need to be met before this components starts. The condition must be a network port that opens, when the master component is ready. Mostly, this will be a service, since a component is only added to a service if the probes succeed.", "default": "" }
|
||||
|
||||
4
ai/jsonl/common.jsonl
Normal file
4
ai/jsonl/common.jsonl
Normal file
@@ -0,0 +1,4 @@
|
||||
{"chapter": "Timzone (Package tzdata) setting", "level": 2, "text": "You can set the timezone in the PODs by\n- per Component:\n`timezone: \"Europe/Berlin\"`\n- per Instance:\n`global.timezone: \"Europe/Berlin\"`\n- per Environment:\n`global.environment.timezone: \"Europe/Berlin\"`\nThis is compatible to the *tzdata* package. If the image you use uses a different timezone package und thus a environment variable other than `TZ`, you can also set any global ENV Variables by\n- per Component:\n`env.TZ: \"Europe/Berlin\"`\n- per Instance:\n`global.env.TZ: \"Europe/Berlin\"`\n- per Environment:\n`global.environment.env.TZ: \"Europe/Berlin\"`\nIf you do not set the timezone, **it defaults to `Europe/Berlin`** and the `TZ` env variable.\n"}
|
||||
{"chapter": "Placement", "level": 2, "text": "The inter pod anti-affinity is set by default to avoid a placement of two replicas of the same set to one node.\nThis is done for nappl, rs, ilm, cmis, web, webdav based on instance, component and type\nFor the nstl, this is handled by instance and type only, since the nstl does not use replicas and we are using different sets to ensure HA.\nAdditionally, you can set the scheduler to avoid or prefer specific nodes by setting *tolerations* and use *nodeSelectors*:\n- `tolerations`\nList of Kubernetes [`tolerations`](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to add to the component\n- `nodeSelector`\nKubernetes [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) to add to the component\n"}
|
||||
{"chapter": "Maintenance Mode", "level": 2, "text": "You can start the component in *Maintenance Mode*, starting the pod without starting the service, providing the possibility to gain access to the container to perform recovery tasks that need to be done offline.\nIn order to do this:\n- All *waitFor* definitions are ignored\n- All *Health Checks* are ignored\n- The container starts in idle\n"}
|
||||
{"chapter": "minReplicaCountType", "level": 2, "text": "If you set minReplicaCountType, a podDesruptionBudget will be created with this value as minReplicaCount. It will select pods based on the type of this component.\nThis is used for components, that do **not** support multiple replicas (for example sharepoint or storage layer).\nIf the component does in fact support replicas, it is better to use `minReplicaCount` instead.\nAlso pay attention to only set this on one ReplicaSet of this type, not all.\nPlease refer to the HA sample for more information.\n"}
|
||||
57
ai/jsonl/cookbook.jsonl
Normal file
57
ai/jsonl/cookbook.jsonl
Normal file
@@ -0,0 +1,57 @@
|
||||
{"chapter": "Preparing the K8s Cluster", "level": 1, "text": "*nplus* Charts bring some custom resources, *Application*, *Instance* and *Component*. they are created during deployment of a chart and then updated by the environment operator every time the status changes.\nTo make this work, you will need to have the *Custom Resource Definitions* applied to your cluster prior to deploying any environment or component. This deployment is handled by the *Cluster Chart*.\n```bash\nhelm install nplus/nplus-cluster\n```\nThe *CRDs* are grouped into *nscale* and *nplus* (both synonym), so that you can either query for\n```bash\nkubectl get instance\nkubectl get component\nkubectl get application\n```\nor simply all at once with\n```bash\nkubectl get nscale -A\n```\nthe output looks like this (shortened output, showing the installed samples):\n```bash\n$ kubectl get nscale -A\nNAMESPACE NAME INSTANCE COMPONENT TYPE VERSION STATUS\nempty-sim component.nplus.cloud/database empty-sim database database 16 healthy\nempty-sim component.nplus.cloud/nappl empty-sim nappl core 9.2.1302 healthy\nlab component.nplus.cloud/demo-centralservices-s3-nstl demo-centralservices-s3 nstl nstl 9.2.1302 healthy\nlab component.nplus.cloud/demo-ha-web demo-ha web web 9.2.1300 redundant\nlab component.nplus.cloud/demo-ha-webdav demo-ha webdav webdav 9.2.1000 redundant\nlab component.nplus.cloud/demo-ha-zerotrust-administrator demo-ha-zerotrust administrator administrator 9.2.1300 healthy\nlab component.nplus.cloud/no-provisioner-nstl no-provisioner nstl nstl 9.2.1302 healthy\nlab component.nplus.cloud/no-provisioner-rs no-provisioner rs rs 9.2.1201 starting\nlab component.nplus.cloud/no-provisioner-web no-provisioner web web 9.2.1300 healthy\nlab component.nplus.cloud/sbs-nappl sbs nappl core 9.2.1302 healthy\nNAMESPACE NAME INSTANCE APPLICATION VERSION STATUS\nempty-sim application.nplus.cloud/application empty-sim application 9.2.1303-123 healthy\nempty-sim application.nplus.cloud/prepper empty-sim prepper 1.2.1300 healthy\nlab application.nplus.cloud/demo-ha-zerotrust-application demo-ha-zerotrust application 9.2.1303-123 healthy\nlab application.nplus.cloud/demo-shared-application demo-shared application 9.2.1303-123 healthy\nlab application.nplus.cloud/sbs-sbs sbs SBS 9.2.1303-123 healthy\nlab application.nplus.cloud/tenant-application tenant application 9.2.1303-123 healthy\nNAMESPACE NAME HANDLER VERSION TENANT STATUS\nempty-sim instance.nplus.cloud/empty-sim manual 9.2.1302 healthy\nlab instance.nplus.cloud/default manual 9.2.1302 healthy\nlab instance.nplus.cloud/demo-centralservices manual 9.2.1302 healthy\nlab instance.nplus.cloud/rms manual 9.2.1302 healthy\nlab instance.nplus.cloud/sbs manual 9.2.1302 healthy\nlab instance.nplus.cloud/tenant manual 9.2.1302 healthy\n```\n"}
|
||||
{"chapter": "K8s namespace aka *nplus environment*", "level": 1, "text": "*nplus instances* are deployed into K8s namespaces. Always. even if you do not specify a namespace, it uses a namespace: `default`.\nIn order to use this namespace for *nplus instances*, you need to deploy some shared *nplus components* into it, which are used by the instances. This is done by the environment chart:\n```\nhelm install \\\n--values demo.yaml \\\ndemo nplus/nplus-environment\n```\nAfter that, the K8s namespace is a valid *nplus environment* that can house multiple *nplus instances*.\n"}
|
||||
{"chapter": "deploying assets into the environment", "level": 2, "text": "Most likely, you will need assets to be used by your instances. Fonts for example: The *nscale Rendition Server* and die *nscale Server Application Layer* both require the Microsoft fonts, that are not allowed to be distributed by neither nscale nor nplus. So this example shows how to upload some missing pieces into the environment:\n```\nkubectl cp ./apps/app-installer-9.0.1202.jar nplus-toolbox-0:/conf/pool\nkubectl cp ./fonts nplus-toolbox-0:/conf/pool\nkubectl cp ./copy-snippet.sh nplus-toolbox-0:/conf/pool/scripts\nkubectl cp ./test.md nplus-toolbox-0:/conf/pool/snippets\nkubectl cp ./snc nplus-toolbox-0:/conf/pool\n```\nAlternatively, you can also use a `prepper` component, that you can activate on the environment chart, to download assets from any web site and deploy them into the environment:\n```\ncomponents:\nprepper: true\nprepper:\ndownload:\n- \"https://git.nplus.cloud/public/nplus/raw/branch/master/assets/sample.tar.gz\"\n```\nPlease see the prepper [README.md](../../charts/prepper/README.md) for more information.\n"}
|
||||
{"chapter": "Operator Web UI", "level": 2, "text": "The environment comes with the operator, responsible for managing / controlling the [custom resources](../cluster/README.md). It has a Web UI, that can be enabled in the environment chart.\n\n"}
|
||||
{"chapter": "*namespace*-less manifests", "level": 2, "text": "Speaking of namespaces: Sometimes you want to drop the namespace from your manifest. This can be done by\n```yaml\nutils:\nincludeNamespace: false\n```\nwhen you then call\n```bash\nhelm template myInstance nplus/nplus-instance > myInstance.yaml\n```\nthe manifest in `myInstance.yaml` will **not** have a namespace set, so you can apply it to multiple namespaces later:\n```bash\nkubectl apply --namespace dev -f myInstance.yaml\nkubectl apply --namespace qa -f myInstance.yaml\nkubectl apply --namespace prod -f myInstance.yaml\n```\n"}
|
||||
{"chapter": "Installing Document Areas", "level": 1, "text": ""}
|
||||
{"chapter": "Creating an empty document area while deploying an Instance", "level": 2, "text": "This is the simplest sample, just the core services with an empty document area:\n```\nhelm install \\\n--values samples/application/empty.yaml \\\n--values samples/environment/demo.yaml \\\nempty nplus/nplus-instance\n```\nThe empty Document Area is created with\n```yaml\ncomponents:\napplication: true\nprepper: true\n\napplication:\ndocAreas:\n- id: \"Sample\"\nrun:\n- \"/pool/downloads/sample.sh\"\nprepper:\ndownload:\n- \"https://git.nplus.cloud/public/nplus/raw/branch/master/assets/sample.tar.gz\"\n```\nThis turns on the *prepper* component, used to download a sample tarball from git. It will also extract the tarball into the `downloads` folder that is created on the *pool* automatically.\nThen, after the Application Layer is running, a document area `Sample` is created. The content of the sample script will be executed.\nIf you use **argoCD** as deployment tool, you would go with\n```\nhelm install \\\n--values samples/application/empty.yaml \\\n--values samples/environment/demo.yaml \\\nempty-argo nplus/nplus-instance-argo\n```\n"}
|
||||
{"chapter": "Deploying the *SBS* Apps to a new document area", "level": 2, "text": "In the SBS scenario, some Apps are installed into the document area:\n```bash\nhelm install \\\n--values samples/applications/sbs.yaml \\\n--values samples/environment/demo.yaml \\\nsbs nplus/nplus-instance\n```\nThe values look like this:\n```yaml\ncomponents:\napplication: true\napplication:\nnameOverride: SBS\ndocAreas:\n- id: \"SBS\"\nname: \"DocArea with SBS\"\ndescription: \"This is a sample DocArea with the SBS Apps installed\"\napps:\n- \"/pool/nstore/bl-app-9.0.1202.zip\"\n- \"/pool/nstore/gdpr-app-9.0.1302.zip\"\n...\n- \"/pool/nstore/ts-app-9.0.1302.zip\"\n- \"/pool/nstore/ocr-base-9.0.1302.zip\"\n```\nThis will create a document area `SBS` and install the SBS Apps into it.\n"}
|
||||
{"chapter": "Accounting in nstl", "level": 1, "text": "To collect Accounting Data in *nscale Server Storage Layer*, you can enable the nstl accouting feature by setting `accounting: true`.\nThis will create the accounting csv files in *ptemp* under `<instance>/<component>/accounting`.\nAdditionally, you can enable a log forwarder printing it to stdout.\n```\nnstl:\naccounting: true\nlogForwarder:\n- name: Accounting\npath: \"/opt/ceyoniq/nscale-server/storage-layer/accounting/*.csv\"\n```\n"}
|
||||
{"chapter": "(auto-) certificates and the pitfalls of *.this*", "level": 1, "text": "*nplus* will automatically generate certificates for your ingress. It either uses an issuer like *cert-manager* or generates a *self-signed-certificate*.\nIn your production environment though, you might want to take more control over the certificate generation process and don't leave it to *nplus* to automatically take care of it.\nIn that case, you want to switch the automation *off*.\nTo do so, you need to understand what is happening internally:\n- if `.this.ingress.issuer` is set, the chart requests this issuer to generate a tls secret with the name `.this.ingress.secret`\nby creating a certificate resource with the name of the domain `.this.ingress.domain`\n- else, so no issuer is set, the chart checks wether the flag `.this.ingress.createSelfSignedCertificate` is set to `true` and\ngenerates a tls secret with the name `.this.ingress.secret`\n- else, so neither issuer nor createSelfSignedCertificate are set, the charts will not generate anything\nThe way how `.this` works is, that it gathers the key from `.Values.global.environment`, `.Values.global` and then `.Values` and flattens them merged into `.this`so that you can set your values\non different levels.\nHowever, the *merge* function overwrites non exising values and also boolean `true` overwrites a boolean `false`, not just the nil values. So to make sure we still can cancel functionality\nby setting `null`or `false`, there is a forth merge which is set to forcefully overwrite existing keys: `override`, which can also be set on *environment*, *global* or on the *component* level.\nSo the correct way to cancel the generation process is to force the issuer to null (which will cancel the *cert-manager* generation) and also force `createSelfSignedCertificate` to false (to cancel the *self-signed-certificate* generation):\n```yaml\nglobal:\noverride:\ningress:\nenabled: true\nsecret: myCertificate\nissuer: null\ncreateSelfSignedCertificate: false\n```\nThis makes sure, you will get an ingress, that uses the tls certificate in the secret `myCertificate` for encryption and does not generate anything.\n"}
|
||||
{"chapter": "Grouping Instances", "level": 1, "text": "Sometimes Instances become quite large with many components. If you work on them with multiple team members, you end up having to synchronize the deployment of the Instances.\nYou can easily rip large Instances apart using the `group` tag, joining multiple Instances into one group and making sure the NetworkPolicies are opened to pods from other Instances within the Instance Group.\n```yaml\nglobal:\ninstance:\n# -- despite the instance name, all components within this group will be prefixed\n# with the group (unless the group name and the environment name are not identical)\n# Also this makes sure the network policies are acting on the group, not on the instance.\ngroup: \"sample-group\"\n```\nYou can query the instance group in your code with `.instance.group`.\nExample: We build multiple Instances in one group:\n- sample-group-backend\n- Database\n- nstl\n- rs\n- sample-group-middleware\n- nappl\n- application(s)\n- sample-group-frontend\n- web\n- cmis\nPortainer is showing the group as if it were an single instance:\n\nThe nplus UI is showing the instances of the group:\n\nAnd the nplus CLI is also showing single instances:\n```\n% kubectl get nscale\nNAME INSTANCE COMPONENT TYPE VERSION STATUS\ncomponent.nplus.cloud/sample-group-cmis sample-group-frontend cmis cmis 9.2.1200 healthy\ncomponent.nplus.cloud/sample-group-database sample-group-backend database database 16 healthy\ncomponent.nplus.cloud/sample-group-nappl sample-group-middleware nappl core 9.2.1302 healthy\ncomponent.nplus.cloud/sample-group-rs sample-group-backend rs rs 9.2.1201 healthy\ncomponent.nplus.cloud/sample-group-web sample-group-frontend web web 9.2.1300 healthy\nNAME HANDLER VERSION TENANT STATUS\ninstance.nplus.cloud/sample-group-backend manual 9.2.1302 healthy\ninstance.nplus.cloud/sample-group-frontend manual 9.2.1302 healthy\ninstance.nplus.cloud/sample-group-middleware manual 9.2.1302 healthy\n```\n"}
|
||||
{"chapter": "Sharing Instances", "level": 1, "text": "Some organisations have multiple tenants that share common services, like *nscale Rendition Server* or\nhave a common IT department, thus using only a single *nscale Monitoring Console* acress all tenants.\nThis is the Central Services Part:\n```\nhelm install \\\n--values samples/shared/centralservices.yaml \\\n--values samples/environment/demo.yaml \\\nsample-shared-cs nplus/nplus-instance\n```\nAnd this is the tenant using the Central Services:\n```\nhelm install \\\n--values samples/shared/shared.yaml \\\n--values samples/environment/demo.yaml \\\nsample-shared nplus/nplus-instance\n```\nIf you enable security based on *Network Policies*, you need to add additional Policies to allow access. Please see `shared-networkpolicy.yaml` and `centralservices-networkpolicy.yaml` as an example.\nYou also want to set the *monitoringInstance* in the `global` section of the values file to enable the Network Policy for incoming monitoring traffic.\n```yaml\nglobal:\nsecurity:\ncni:\nmonitoringInstance: sample-shared-cs\n```\n"}
|
||||
{"chapter": "Using detached applications", "level": 1, "text": "All the other samples use an application that is deployed **inside of an instance**. However, you can also deploy an application **detached** from the instance as a solo chart.\nThe reason for this is, that you\n- can update the instance without running the application update\n- update the application without touching the instance\n- have multiple applications deployed within one instance\nThere are two major things you need to do:\n1. make sure the application charts sets the instance name of the instance, it should connect to\n2. take the default values of the application match the ones it would get by an instance deployment\nThis is a sample: (find the complete one in the [application.yaml](application.yaml))\n```yaml\nnameOverride: SBS\ndocAreas:\n- id: \"SBS\"\nname: \"DocArea with SBS\"\ndescription: \"This is a sample DocArea with the SBS Apps installed\"\napps:\n...\ninstance:\n# this is the name of the instance, it should belong to\nname: \"sample-detached\"\n"}
|
||||
{"chapter": "make sure it can wait for the nappl of the instance to be ready, before it deploys.", "level": 1, "text": "waitImage:\nrepo: cr.nplus.cloud/subscription\nname: toolbox2\ntag: 1.2.1300\npullPolicy: IfNotPresent\nwaitFor:\n- \"-service {{ .component.prefix }}nappl.{{ .Release.Namespace }}.svc.cluster.local:{{ .this.nappl.port }} -timeout 1800\"\n"}
|
||||
{"chapter": "Now we define where and what to deploy", "level": 1, "text": "nappl:\nhost: \"{{ .component.prefix }}nappl.{{ .Release.Namespace }}\"\nport: 8080\nssl: false\ninstance: \"nscalealinst1\"\naccount: admin\ndomain: nscale\npassword: admin\nsecret:\nnstl:\nhost: \"{{ .component.prefix }}nstl.{{ .Release.Namespace }}\"\nrs:\nhost: \"{{ .component.prefix }}rs.{{ .Release.Namespace }}\"\n```\n"}
|
||||
{"chapter": "High Availability", "level": 1, "text": "To gain a higher level of availability for your Instance, you can\n- create more Kubernetes Cluster Nodes\n- create more replicas of the *nscale* and *nplus* components\n- distribute those replicas across multiple nodes using anti-affinities\nThis is how:\n```\nhelm install \\\n--values samples/ha/values.yaml\n--values samples/environment/demo.yaml \\\nsample-ha nplus/nplus-instance\n```\nThe essents of the values file is this:\n- We use three (3) *nscale Server Application Layer*, two dedicated to user access, one dedicated to jobs\n- if the jobs node fails, the user nodes take the jobs (handled by priority)\n- if one of the user nodes fail, the other one handles the load\n- Kubernetes takes care of restarting nodes should that happen\n- All components run with two replicas\n- Pod anti-affinities handle the distribution\n- any administration component only connects to the jobs nappl, leaving the user nodes to the users\n- PodDisruptionBudgets are defined for the crutial components. These are set via `minReplicaCount` for the components that can support multiple replicas, and `minReplicaCountType` for the **first** replicaSet of the components that do not support replicas, in this case nstla.\n```\nweb:\nreplicaCount: 2\nminReplicaCount: 1\nrs:\nreplicaCount: 2\nminReplicaCount: 1\nilm:\nreplicaCount: 2\nminReplicaCount: 1\ncmis:\nreplicaCount: 2\nminReplicaCount: 1\nwebdav:\nreplicaCount: 2\nminReplicaCount: 1\nnstla:\nminReplicaCountType: 1\nadministrator:\nnappl:\nhost: \"{{ .component.prefix }}nappljobs.{{ .Release.Namespace }}\"\nwaitFor:\n- \"-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:{{ .this.nappl.port }} -timeout 600\"\npam:\nnappl:\nhost: \"{{ .component.prefix }}nappljobs.{{ .Release.Namespace }}\"\nwaitFor:\n- \"-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:{{ .this.nappl.port }} -timeout 600\"\nnappl:\nreplicaCount: 2\nminReplicaCount: 1\njobs: false\nwaitFor:\n- \"-service {{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:{{ .this.nappl.port }} -timeout 600\"\nnappljobs:\nreplicaCount: 1\njobs: true\ndisableSessionReplication: true\ningress:\nenabled: false\nsnc:\nenabled: true\nwaitFor:\n- \"-service {{ .component.prefix }}database.{{ .Release.Namespace }}.svc.cluster.local:5432 -timeout 600\"\napplication:\nnstl:\nhost: \"{{ .component.prefix }}nstl-cluster.{{ .Release.Namespace }}\"\nnappl:\nhost: \"{{ .component.prefix }}nappljobs.{{ .Release.Namespace }}\"\n```\n"}
|
||||
{"chapter": "Assigning CPU and RAM", "level": 2, "text": "You **should** assign resources to your components, depending on the load that you expect.\nIn a dev environment, that might be very little and you may be fine with the defaults.\nin a qa or prod environment, this should be wisely controlled, like this:\n```yaml\nnappl:\nresources:\nrequests:\ncpu: \"100m\" # Minimum 1/10 CPU\nmemory: \"1024Mi\" # Minimum 1 GB\nlimits:\ncpu: \"2000m\" # Maximum 2 Cores\nmemory: \"4096Mi\" # Maximum 4 GB. Java will see this as total.\njavaOpts:\njavaMinMem: \"512m\" # tell Java to initialize the heap with 512 MB\njavaMaxMem: \"2048m\" # tell Java to use max 2 GB of heap size\n```\nThere are many discussions going on how much memory you should give to Java processes and how they react. Please see the internet for insight.\n"}
|
||||
{"chapter": "Our **current** opinion is:", "level": 4, "text": "Do not limit ram. You are not able to foresee how much Java is really consuming as the heap is only part of the RAM requirement. Java also needs *metaspace*, *code cache* and *thread stack*. Also the *GC* needs some memory, as well as the *symbols*.\nJava will crash when out of memory, so even if you set javaMaxMem == 1/2 limits.memory (what many do), that guarantees nothing and might be a lot of waste.\nSo what you can consider is:\n```yaml\nnappl:\nresources:\nrequests:\ncpu: \"1000m\" # 1 Core guaranteed\nmemory: \"4096Mi\" # 4GB guaranteed\nlimits:\ncpu: \"4000m\" # Maximum 4 Cores\n"}
|
||||
{"chapter": "memory: # No Limit but hardware", "level": 2, "text": "javaOpts:\njavaMinMem: \"1024m\" # Start with 1 GB\njavaMaxMem: \"3072m\" # Go up to 3GB (which is only part of it) but be able to take more (up to limit) without crash\n```\nDownside of this approach: If you have a memory leak, it might consume all of your nodes memory without being stopped by a hard limit.\n"}
|
||||
{"chapter": "A possible **Alternative**:", "level": 4, "text": "You can set the RAM limit equal to the RAM request and leave the java Memory settings to *automatic*, which basically simulates a server. Java will *see* the limit as being the size of RAM installed in the machine and act accordingly.\n```yaml\nnappl:\nresources:\nrequests:\ncpu: \"1000m\" # 1 Core guaranteed\nmemory: \"4096Mi\" # 4GB guaranteed\nlimits:\ncpu: \"4000m\" # Maximum 4 Cores\nmemory: \"4096Mi\" # No Limit but hardware\n"}
|
||||
{"chapter": "javaOpts:", "level": 1, "text": ""}
|
||||
{"chapter": "javaMinMem: # unset, leaving it to java", "level": 2, "text": ""}
|
||||
{"chapter": "javaMaxMem: # unset, leaving it to java", "level": 2, "text": "```\n"}
|
||||
{"chapter": "In a **DEV** environment,", "level": 4, "text": "you might want to do more **overprovisioning**. You could even leave it completely unlimited, as in **DEV** you want to see memory and cpu leaks, so a limit might hide them from your sight.\nSo this is a possible allocation for **DEV**, defining only the bare minimum requests:\n```yaml\nnappl:\nresources:\nrequests:\ncpu: \"1m\" # 1/1000 Core guaranteed,\n# but can consume all cores of the cluster node if required and available\nmemory: \"512Mi\" # 512MB guaranteed,\n# but can consume all RAM of the cluster node if required and available\n```\nIn this case, Java will see all node RAM as the limit and use whatever it needs. But as you are in a **dev** environment, there is no load and no users on the machine, so this will not require much.\n"}
|
||||
{"chapter": "Resources you should calculate", "level": 2, "text": "The default resources assigned by *nplus* are for demo / testing only and you should definitely assign more ressources to your components.\nHere is a very rough estimate of what you need:\n| Component | Minimum (Demo and Dev) | Small | Medium | Large | XL | Remark |\n| --------------- | ---------------------- | ---------------- | ----------------- | ------------------ | ---- | ----------------------------------------------------------- |\n| ADMIN | 1 GB RAM, 1 Core | 2 GB RAM, 1 Core | 2 GB RAM, 1 Core | 2 GB RAM, 1 Core | | |\n| **Application** | - | - | - | - | | Resources required during deployment only |\n| CMIS | 1 GB RAM, 1 Core | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | | |\n| **Database** | 2 GB RAM, 2 Core | 4 GB RAM, 4 Core | 8 GB RAM, 6 Core | 16 GB RAM, 8 Core | open | |\n| ILM | 1 GB RAM, 1 Core | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | | |\n| MON | 1 GB RAM, 1 Core | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | | quite fix |\n| **NAPPL** | 2 GB RAM, 2 Core | 4 GB RAM, 4 Core | 8 GB RAM, 6 Core | 16 GB RAM, 8 Core | open | CPU depending on Jobs / Hooks, RAM depending on amount user |\n| **NSTL** | 500 MB RAM, 1 Core | 1 GB RAM, 2 Core | 1 GB RAM, 2 Core | 1 GB RAM, 2 Core | | quite fix |\n| PAM | | 2 GB RAM, 1 Core | 2 GB RAM, 1 Core | 2 GB RAM, 1 Core | | |\n| PIPELINER | 2 GB RAM, 2 Core | 4 GB RAM, 4 Core | 4 GB RAM, 4 Core | 4 GB RAM, 4 Core | open | Depending on Core Mode *or* AC Mode, No Session Replication |\n| **RS** | 1 GB RAM, 1 Core | 8 GB RAM, 4 Core | 32 GB RAM, 8 Core | 64 GB RAM, 12 Core | open | CPU depending on format type, RAM depending on file size |\n| SHAREPOINT | | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | | |\n| WEB | 1 GB RAM, 1 Core | 2 GB RAM, 2 Core | 4 GB RAM, 4 Core | 8 GB RAM, 4 Core | open | |\n| WEBDAV | | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | 2 GB RAM, 2 Core | | |\n**Bold** components are required by a *SBS* setup, so here are some estimates per Application:\n| Component | Minimum (Demo and Dev) | Minimum (PROD) | Recommended (PROD) | Remark |\n| --------- | ---------------------- | ----------------- | ------------------ | ------------------ |\n| SBS | 6 GB RAM, 4 Core | 16 GB RAM, 8 Core | 24 GB RAM, 12 Core | Without WEB Client |\n| eGOV | TODO | TODO | TODO | eGOV needs much more CPU than a non eGOV system |\nA word on **eGOV**: The eGOV App brings hooks and jobs, that require much more resources than a *normal* nscale system even with other Apps installed.\n"}
|
||||
{"chapter": "Real Resources in DEV Idle", "level": 2, "text": "```\n% kubectl top pods\n...\nsample-ha-administrator-0 2m 480Mi\nsample-ha-argo-administrator-0 2m 456Mi\nsample-ha-argo-cmis-5ff7d78c47-kgxsn 2m 385Mi\nsample-ha-argo-cmis-5ff7d78c47-whx9j 2m 379Mi\nsample-ha-argo-database-0 2m 112Mi\nsample-ha-argo-ilm-58c65bbd64-pxgdl 2m 178Mi\nsample-ha-argo-ilm-58c65bbd64-tpxfz 2m 168Mi\nsample-ha-argo-mon-0 2m 308Mi\nsample-ha-argo-nappl-0 5m 1454Mi\nsample-ha-argo-nappl-1 3m 1452Mi\nsample-ha-argo-nappljobs-0 5m 2275Mi\nsample-ha-argo-nstla-0 4m 25Mi\nsample-ha-argo-nstlb-0 6m 25Mi\nsample-ha-argo-pam-0 5m 458Mi\nsample-ha-argo-rs-7d6888d9f8-lp65s 2m 1008Mi\nsample-ha-argo-rs-7d6888d9f8-tjxh8 2m 1135Mi\nsample-ha-argo-web-f646f75b8-htn8x 4m 1224Mi\nsample-ha-argo-web-f646f75b8-nvvjf 11m 1239Mi\nsample-ha-argo-webdav-d69549bd4-nz4wn 2m 354Mi\nsample-ha-argo-webdav-d69549bd4-vrg2n 3m 364Mi\nsample-ha-cmis-5fc96b8f89-cwd62 2m 408Mi\nsample-ha-cmis-5fc96b8f89-q4nr4 3m 442Mi\nsample-ha-database-0 2m 106Mi\nsample-ha-ilm-6b599bc694-5ht57 2m 174Mi\nsample-ha-ilm-6b599bc694-ljkl4 2m 193Mi\nsample-ha-mon-0 3m 355Mi\nsample-ha-nappl-0 3m 1278Mi\nsample-ha-nappl-1 4m 1295Mi\nsample-ha-nappljobs-0 6m 1765Mi\nsample-ha-nstla-0 4m 25Mi\nsample-ha-nstlb-0 4m 25Mi\nsample-ha-pam-0 2m 510Mi\nsample-ha-rs-7b5fc586f6-49qhp 2m 951Mi\nsample-ha-rs-7b5fc586f6-nkjqb 2m 1205Mi\nsample-ha-web-7bd6ffc96b-pwvcv 3m 725Mi\nsample-ha-web-7bd6ffc96b-rktrh 9m 776Mi\nsample-ha-webdav-9df789f8-2d2wn 2m 365Mi\nsample-ha-webdav-9df789f8-psh5q 2m 345Mi\n...\n```\n"}
|
||||
{"chapter": "Defaults", "level": 2, "text": "Check the file `default.yaml`. You can set default memory limits for a container. These defaults are applied if you do not specify any resources in your manifest.\n"}
|
||||
{"chapter": "Single-Instance-Mode", "level": 1, "text": "If you choose to separate tenants on your system not only by *nplus Instances* but also by *nplus Environments*, thus running each tenant in a separate Kubernetes *Namespace*, you do not need to create an *nplus Environment* first, but you can rather enable the *nplus Environment Components* within your instance:\n```yaml\ncomponents:\nsim:\ndav: true\nbackend: true\noperator: true\ntoolbox: true\n```\nSteps to run a SIM Instance:\n1. Create the namespace and the necessary secrets to access the repo, registry as well as the nscale license file\n```\nSIM_NAME=\"empty-sim\"\nkubectl create ns $SIM_NAME\nkubectl create secret docker-registry nscale-cr \\\n--namespace $SIM_NAME \\\n--docker-server=ceyoniq.azurecr.io \\\n--docker-username=$NSCALE_ACCOUNT \\\n--docker-password=$NSCALE_TOKEN\nkubectl create secret docker-registry nplus-cr \\\n--namespace $SIM_NAME \\\n--docker-server=cr.nplus.cloud \\\n--docker-username=$NPLUS_ACCOUNT \\\n--docker-password=$NPLUS_TOKEN\nkubectl create secret generic nscale-license \\\n--namespace $SIM_NAME \\\n--from-file=license.xml=$NSCALE_LICENSE\n```\n2. Deploy the Instance\n```\nhelm install \\\n--values lab.yaml \\\n--values single-instance-mode.yaml \\\n--namespace $SIM_NAME \\\n$SIM_NAME nplus/nplus-instance\n```\nIf you do not have any Application that requires assets such as scripts or apps, you are good to go with this.\nHowever, if your Application does require assets, the *problem* is to get them into your (not existing) environment before the Applications is trying to access them.\nThere are three possible solutions:\n1. You create an umbrella chart and have a job installing the assets into your Instance\n2. You pull / download assets from your git server or an asset server before the Application deployment\n3. You pull / download assets from your git server or an asset server before the Component deployment, including the Application\n**Solution 1** obiously involes some implementation on your end. That is not covered in this documentation.\n**Solution 2** can be achieved by defining a downloader in your application chart (see `empty-download.yaml`):\n```yaml\ncomponents:\napplication: true\napplication:\ndocAreas:\n- id: \"Sample\"\ndownload:\n- \"https://git.nplus.cloud/public/nplus/raw/branch/master/samples/assets/sample.sh\"\nrun:\n- \"/pool/downloads/sample.sh\"\n```\n**Solutions 3** should be used if you have any assets that need to be available **before** the nscale Components start, like snippets for the web client etc.\nYou can use the *Prepper* for that purpose. The *Prepper* prepares everything required for the Instance to work as intended. It is very much like the *Application*, except that it does not connect to any nscale component (as they do not yet run by the time the prepper executes). But just like the Application, the Prepper is able to download assets and run scripts.\nYou can add this to your deployment:\n```yaml\ncomponents:\nprepper: true\nprepper:\ndownload:\n- \"https://git.nplus.cloud/public/nplus/raw/branch/master/assets/sample.tar.gz\"\nrun:\n- \"/pool/downloads/sample/sample.sh\"\n```\n"}
|
||||
{"chapter": "Deploying with Argo", "level": 1, "text": ""}
|
||||
{"chapter": "the argo version of the instance", "level": 2, "text": "Deployin with argoCD is straight forward, as there is a ready-to-run instance chart version for argo, that takes **exactly** the same values as the *normal* chart:\n```bash\nhelm install \\\n--values samples/application/empty.yaml \\\n--values samples/environment/demo.yaml \\\nsample-empty-argo nplus/nplus-instance-argo\n```\n"}
|
||||
{"chapter": "Using Waves", "level": 2, "text": "The instance chart already comes with pre-defined waves. They are good to go with (can be modified though):\n```yaml\nnappl:\nmeta:\nwave: 15\n```\n**But**: You might be annoyed by ArgoCD, when some services do not come up preventing other services to not be started at all since ArgoCD operates in Waves, so later services might not be deployed at all if an early wave services fails.\nEspecially in DEV, this can become a testing problem.\nTo turn *off* Waves completely for a Stage, Environment or Instance, go\n```\nglobal:\nenvironment:\nutils:\ndisableWave: true\n```\n"}
|
||||
{"chapter": "Pinning Versions", "level": 1, "text": ""}
|
||||
{"chapter": "Old Version", "level": 2, "text": "If you like to test rolling updates and the updates to new minor versions, check out the *e90* sample:\nThis sample will install a version 9.0.1400 for you to test. Since the Cluster Node Discovery changed due to a new jGroups version in nscale, the chart will notice the old version and turn on the legacy discovery mechanism to allow the Pod to find its peers in Versions prior to 9.1.1200.\n```\nhelm install \\\n--values samples/empty.yaml \\\n--values samples/demo.yaml \\\n--values versions/9.0.1400.yaml \\\nsample-e90 nplus/nplus-instance\n```\n"}
|
||||
{"chapter": "New Version Sample", "level": 2, "text": "Some nscale Versions are License-Compatible, meaning that for example a Version 9.1 License File will also be able to run a nscale Version 9.0 Software. But that is not always the case.\nSo you might need to set individual licenses per instance:\n```\nkubectl create secret generic nscale-license-e10 \\\n--from-file=license.xml=license10.xml\n```\nCheck, if the license has been created:\n```\n"}
|
||||
{"chapter": "kubectl get secret | grep license", "level": 1, "text": "nscale-license Opaque 1 7d22h\nnscale-license-e10 Opaque 1 17s\n```\nNow, we install the instance:\n```\nhelm upgrade -i \\\n--values samples/empty.yaml \\\n--values samples/demo.yaml \\\n--values versions/10.0.yaml \\\n--set global.license=nscale-license-e10 \\\nsample-e10 nplus/nplus-instance\n```\n"}
|
||||
{"chapter": "Security", "level": 1, "text": ""}
|
||||
{"chapter": "All the standards", "level": 2, "text": "There are several features that will enhance the security of your system:\n- all components are running rootless by default\n- all components drop all privileges\n- all components deny escalation\n- all components have read only file systems\n- Access is restricted by NetworkPolicies\n"}
|
||||
{"chapter": "Additional: The backend Protocol", "level": 2, "text": "Additionally, you can increase security by encrypting communication in the backend. Depending on your network driver, this might already been done automatically beween the Kubernetes Nodes. But you can double that even within a single node by switching the backend Protocol to https:\n```yaml\nglobal:\nnappl:\nport: 8443\nssl: true\n"}
|
||||
{"chapter": "Web and PAM do not speak https by default yet, CRs have been filed.", "level": 1, "text": "nappl:\ningress:\nbackendProtocol: https\ncmis:\ningress:\nbackendProtocol: https\nilm:\ningress:\nbackendProtocol: https\nwebdav:\ningress:\nbackendProtocol: https\nrs:\ningress:\nbackendProtocol: https\nmon:\ningress:\nbackendProtocol: https\nadministrator:\ningress:\nbackendProtocol: https\n```\nThis will turn every communication to https, **but** leave the unencrypted ports (http) **open** for inter-pod communication.\n"}
|
||||
{"chapter": "Zero Trust Mode", "level": 2, "text": "This will basically do the same as above, **but** also turn **off** any unencrypted port (like http) and also implement NetworkPolicies to drop unencrypted packages.\nThis will also affect the way how *probes* are checking the pods health: *nplus* will switch them to use https instead, so even the very internal Healtch Check infrastructure will be encrypted in *zero trust mode*:\n```yaml\ncomponents:\npam: false #TODO: ITSMSD-8771: PAM does not yet support https backend.\nglobal:\nsecurity:\nzeroTrust: true\nnappl:\nport: 8443\nssl: true\n```\n"}
|
||||
{"chapter": "(virtual-) Remote Management Server", "level": 1, "text": "The *nplus RMS* creates a virtual IP Address in your subnet. On this IP, you will find an *nscale Remote Management Service* and a Layer 4 Proxy, forwarding the ports of the components to the\nbelonging pods.\nThe result is, that under this VIP, it looks as if there is a real server with a bunch of *nscale* components installed. So you can use the desktop admin client to connect to it and configure it. Including offline configuration.\nThe offline configuration writes settings to the configuration files of the components. These files are injected into the Pods by *nplus* making the legacy magic work again.\nAlso, Shotdown, Startup and Restart buttons in the Admin client will work, as that will by translated to Kubernetes commands by *nplus*\nAnyways, there are some restrictions:\n- In a HA scenario, you need multiple virtual server, as nscale does not allow some components to deploy more than one instance per server (like nstl) and they would then also block the default ports. So better to have more RMS\n- Log Files are not written, so the Admin cannot grab them. So no log file viewing in Admin\n> Please notice that this is a BETA Feature not released for Production use.\nThis is a sample of RMS in a HA environment with two virtual servers:\n```yaml\ncomponents:\nrmsa: true\nrmsb: true\nrmsa:\ningress:\ndomain: \"server1.{{ .instance.group | default .Release.Name }}.lab.nplus.cloud\"\ncomps:\nnappl:\nenabled: true\nrestartReplicas: 2\nnstl:\nenabled: true\nname: nstla\nrestartReplicas: 1\nhost: \"{{ .component.prefix }}nstla.{{ .Release.Namespace }}.svc.cluster.local\"\nrs:\nenabled: true\nrestartReplicas: 2\nweb:\nenabled: true\nrestartReplicas: 2\nrmsb:\ningress:\ndomain: \"server2.{{ .instance.group | default .Release.Name }}.lab.nplus.cloud\"\ncomps:\nnappl:\nenabled: true\nname: nappljobs\nrestartReplicas: 1\nreplicaSetType: StatefulSet\nhost: \"{{ .component.prefix }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local\"\nnstl:\nname: nstlb\nenabled: true\nrestartReplicas: 1\nhost: \"{{ .component.prefix }}nstlb.{{ .Release.Namespace }}.svc.cluster.local\"\n```\n"}
|
||||
{"chapter": "Using Object Stores", "level": 1, "text": "Blobstores aka Objectstores have a REST Interface that you can upload your Payload to and receive an ID for it. They are normally structured into *Buckets* or *Containers* to privide\nsome sort of pooling payload within the store.\nThe *nscale Server Storage Layer* supports multiple brands of objectstores, the most popular being Amazon S3 and Microsoft Azure Blobstore.\nIn order to use them, you need to\n- get an account for the store\n- configure the *nstl* with the url, credentials etc.\n- Add firewall rules to access to store\nHave a look at the sample files\n- s3-env.yaml\nfor Amazon S3 compatible storage, and\n- azureblob.yaml\nfor Azure Blobstore\nFor S3 compatible storage, there are multiple S3 flavours available.\n"}
|
||||
{"chapter": "Custom Environment Variables", "level": 1, "text": "There are multiple ways of how to set custom environment variables in addition to the named values, you set in helm:\n"}
|
||||
{"chapter": "Using `env`", "level": 2, "text": "Please have a look at `s3-env.yaml` to see how custom environment variables can be injected into a component:\n```\nnstl:\nenv:\n# Archivtyp\nNSTL_ARCHIVETYPE_900_NAME: \"S3\"\nNSTL_ARCHIVETYPE_900_ID: \"900\"\nNSTL_ARCHIVETYPE_900_LOCALMIGRATION: \"0\"\nNSTL_ARCHIVETYPE_900_LOCALMIGRATIONTYPE: \"NONE\"\nNSTL_ARCHIVETYPE_900_S3MIGRATION: \"1\"\n```\nThis will set the environment variables in the storage layer to add an archive type with id 900.\n"}
|
||||
{"chapter": "Using `envMap` and `envSecret`", "level": 2, "text": "Alternatively to the standard `env`setting, you can also use configmaps and secrets for additional environment variables.\nThe file `s3-envres.yaml` creates a configmap and a secret with the same variables as used in the `s3-env.yaml` sample. `s3-envfrom.yaml` shows how to import them.\nPlease be aware, that data in secrets need to be base64 encoded:\n```\necho \"xxx\" | base64\n```\nSo in order to use the envFrom mechanism,\n- prepare the resources (as in `s3-envres.yaml`)\n- upload the resources to your cluster\n```\nkubectl apply -f s3-envres.yaml\n```\n- add it to your configuration\n```\nnstl:\n# These resources are set in the s3-envres.yaml sample file\n# you can set single values (envMap or envSecret) or lists (envMaps or envSecrets)\nenvMaps:\n- env-sample-archivetype\n- env-sample-device\nenvSecret: env-sample-device-secret\n```\n"}
|
||||
{"chapter": "Specifics of the Sharepoint Connector", "level": 1, "text": "Normally, you will have different configurations if you want multiple Sharepoint Connectors. This makes the *nsp* somewhat special:\n"}
|
||||
{"chapter": "Multi Instance HA Sharepoint Connector", "level": 2, "text": "This sample shows how to setup a sharepoint connector with multiple instances having **different** configurations for archival, but with **High Availability** on the retrieval side.\nSharePoint is one of the few components for which is is quite common to have multiple instances instead of replicas. Replicas would include, that the configuration for all pods is identical. However, you might want to have multiple configurations as you also have multiple sharepoint sites you want to archive.\nRunning multiple instances with ingress enabled leads to the question, what the context path is for each instance. It cannot be the same as the load balancer would not be able to distinguish between them and thus refuses to add the configuration object - leading in a deadlock situation.\nSo *nplus* defined different context paths if you have multiple instances:\n- sharepointa on `/nscale_spca`\n- sharepointb on `/nscale_spcb`\n- sharepointc on `/nscale_spcc`\n- sharepointd on `/nscale_spcd`\nIf you only run one instance, it defaults to `/nscale_spc`.\n"}
|
||||
{"chapter": "HA on retrieval", "level": 2, "text": "Once archived, you might want to use all instances for retrieval, since they share a common retrieval configuration (same nappl, ...). So in order to gain High Availability even across multiple instances, there are two options:\n1. You turn off the services and ingresses on any sharepoint instance but sharepointa. Then you switch sharepointa's service selector to *type mode*, selecting all pods with type `sharepoint` instead of all pods of component `sharepointa`. Then you can access this one service to reach them all.\n2. You can turn on the *clusterService*, which is an additional service that selects all `sharepoint` type pods and then adds an extra ingress on this service with the default context path `nscale_spc`\nHowever, in both scenarios, beware that the sharepoint connector can only service one context path at a time, so you will need to change the context path accordingly.\n"}
|
||||
{"chapter": "Sample for solution 1", "level": 2, "text": "On the instance, define the following:\n```\ncomponents:\n# -- First, we switch the default SharePoint OFF\nsharepoint: false\n# -- Then we enable two sharepoint instances to be used with different configurations\nsharepointa: true\nsharepointb: true\nsharepointa:\nservice:\n# -- Switching the service to \"type\" makes sure we select not only the component pods (in this case all replicas of sharepointa)\n# but rather **any** pod of type sharepoint.\nselector: \"type\"\ningress:\n# -- The default contextPath for sharepointa is `nscale_spca` to make sure we have distinguishable paths for all sharepoint instances.\n# however, in this case we re-use the service as cluster service and die ingress as cluster ingress, so we switch to the general\n# contextPath, as if it was a single component deployment\ncontextPath: \"/nscale_spc\"\nsharepointb:\nservice:\n# -- The other SP Instance does not need a service any more, as it is selected by the cluster service above. So we switch off the component\n# service which also switches off the ingress as it would not have a backing service any more\nenabled: false\n# -- The default contextPath for sharepointb is `nscale_spcb` to make sure we have distinguishable paths for all sharepoint instances.\n# however, in this case we re-use the service as cluster service and die ingress as cluster ingress, so we switch to the general\n# contextPath, as if it was a single component deployment\ncontextPath: \"/nscale_spc\"\n```\n"}
|
||||
{"chapter": "Sample for Solution 2", "level": 2, "text": "On the instance, define the following:\n```\ncomponents:\n# -- First, we switch the default SharePoint OFF\nsharepoint: false\n# -- Then we enable two sharepoint instances to be used with different configurations\nsharepointa: true\nsharepointb: true\nsharepointa:\nclusterService:\n# -- This enabled the cluster service\nenabled: true\n# -- the cluster Ingress needs to know the context path it should react on.\ncontextPath: \"/nscale_spc\"\ningress:\n# -- we turn off the original ingress as the common context path would block the deployment\nenabled: false\n# -- The default contextPath for sharepointa is `nscale_spca` to make sure we have distinguishable paths for all sharepoint instances.\n# however, in this case we re-use the service as cluster service and die ingress as cluster ingress, so we switch to the general\n# contextPath, as if it was a single component deployment\ncontextPath: \"/nscale_spc\"\nsharepointb:\nclusterService:\n# -- on the second SharePoint Instance, we **disable** the cluster service, as it is already created by sharepointa.\nenabled: false\n# -- however, we need to set the context path, as this tells the networkPolicy to open up for ingress even though we switch die Ingress off in the\n# next step\ncontextPath: \"/nscale_spc\"\ningress:\n# -- we turn off the original ingress as the common context path would block the deployment\nenabled: false\n# -- The default contextPath for sharepointb is `nscale_spcb` to make sure we have distinguishable paths for all sharepoint instances.\n# however, in this case we re-use the service as cluster service and die ingress as cluster ingress, so we switch to the general\n# contextPath, as if it was a single component deployment\ncontextPath: \"/nscale_spc\"\n```\n"}
|
||||
{"chapter": "Static Volumes", "level": 1, "text": ""}
|
||||
{"chapter": "Assigning PVs", "level": 2, "text": "For security reasons, you might want to use a storage class that does not perform automatic provisioning of PVs.\nIn that case, you want to reference a pre-created volume in the PVC.\nIn nplus, you can do so by setting the volumeName in the values.\nPlease review `values.yaml` as an example:\n```yaml\ndatabase:\nmounts:\ndata:\nvolumeName: \"pv-{{ .component.fullName }}-data\"\nnstl:\nmounts:\ndata:\nvolumeName: \"pv-{{ .component.fullName }}-data\"\n```\nYou can also set the environment config volume. Please refer to the environment documentation for that.\n```\nhelm install \\\n--values samples/environment/demo.yaml \\\n--values samples/static/values.yaml\nsample-static nplus/nplus-instance\n```\n"}
|
||||
{"chapter": "Creating PVs", "level": 2, "text": "https://github.com/ceph/ceph-csi/blob/devel/docs/static-pvc.md\n"}
|
||||
{"chapter": "Data Disk:", "level": 3, "text": "1. Create a pool on your cep cluster\n```\nceph osd pool create k-lab 64 64\n```\n2. Create a block device pool\n```\nrbd pool init k-lab\n```\n3. Create an image\n```\nrbd create -s 50G k-lab/pv-sample-static-database-data\nrbd create -s 50G k-lab/pv-sample-static-nstl-data\nrbd ls k-lab | grep pv-sample-static-\n```\nResize:\n```\nrbd resize --size 50G k-lab/pv-no-provisioner-database-data --allow-shrink\n```\n"}
|
||||
{"chapter": "File Share:", "level": 3, "text": "1. Create a Subvolume (FS)\n```\nceph fs subvolume create cephfs pv-no-provisioner-rs-file --size 53687091200\n```\n2. Get the path of the subvolume\n```\nceph fs subvolume getpath cephfs pv-no-provisioner-rs-file\n```\n"}
|
||||
{"chapter": "Troubleshooting", "level": 3, "text": "```\nkubectl describe pv/pv-no-provisioner-rs-file pvc/no-provisioner-rs-file\nkubectl get volumeattachment\n```\n"}
|
||||
{"chapter": "PV Manifests", "level": 3, "text": "```yaml\napiVersion: v1\nkind: PersistentVolume\nmetadata:\nname: pv-no-provisioner-database-data\nspec:\naccessModes:\n- ReadWriteOnce\ncapacity:\nstorage: 50Gi\ncsi:\ndriver: rook-ceph.rbd.csi.ceph.com\nfsType: ext4\nnodeStageSecretRef:\n# node stage secret name\nname: rook-csi-rbd-node\n# node stage secret namespace where above secret is created\nnamespace: rook-ceph-external\nvolumeAttributes:\n# Required options from storageclass parameters need to be added in volumeAttributes\nclusterID: rook-ceph-external\npool: k-lab\nstaticVolume: \"true\"\nimageFeatures: layering\n#mounter: rbd-nbd\n# volumeHandle should be same as rbd image name\nvolumeHandle: pv-no-provisioner-database-data\npersistentVolumeReclaimPolicy: Retain\n# The volumeMode can be either `Filesystem` or `Block` if you are creating Filesystem PVC it should be `Filesystem`, if you are creating Block PV you need to change it to `Block`\nvolumeMode: Filesystem\nstorageClassName: ceph-rbd\n---\napiVersion: v1\nkind: PersistentVolume\nmetadata:\nname: pv-no-provisioner-nstl-data\nspec:\naccessModes:\n- ReadWriteOnce\ncapacity:\nstorage: 50Gi\ncsi:\ndriver: rook-ceph.cephfs.csi.ceph.com\nfsType: ext4\nnodeStageSecretRef:\n# node stage secret name\nname: rook-csi-rbd-node\n# node stage secret namespace where above secret is created\nnamespace: rook-ceph-external\nvolumeAttributes:\n# Required options from storageclass parameters need to be added in volumeAttributes\nclusterID: rook-ceph-external\npool: k-lab\nstaticVolume: \"true\"\nimageFeatures: layering\n#mounter: rbd-nbd\n# volumeHandle should be same as rbd image name\nvolumeHandle: pv-no-provisioner-nstl-data\npersistentVolumeReclaimPolicy: Retain\n# The volumeMode can be either `Filesystem` or `Block` if you are creating Filesystem PVC it should be `Filesystem`, if you are creating Block PV you need to change it to `Block`\nvolumeMode: Filesystem\nstorageClassName: ceph-rbd\n---\napiVersion: v1\nkind: PersistentVolume\nmetadata:\nname: pv-no-provisioner-rs-file\nspec:\naccessModes:\n- ReadWriteMany\ncapacity:\nstorage: 50Gi\ncsi:\ndriver: cephfs.csi.ceph.com\nnodeStageSecretRef:\nname: rook-csi-cephfs-secret\n#rook-csi-cephfs-node\nnamespace: rook-ceph-external\nvolumeAttributes:\n# Required options from storageclass parameters need to be added in volumeAttributes\nclusterID: rook-ceph-external\nfsName: cephfs\npool: cephfs_data\nstaticVolume: \"true\"\n# rootPath kriegt man per ceph fs subvolume getpath cephfs pv-no-provisioner-rs-file\nrootPath: \"/volumes/_nogroup/pv-no-provisioner-rs-file/3016f512-bc19-4bfb-8eb2-5118430fbbe5\"\n#mounter: rbd-nbd\n# volumeHandle should be same as rbd image name\nvolumeHandle: pv-no-provisioner-rs-file\npersistentVolumeReclaimPolicy: Retain\n# The volumeMode can be either `Filesystem` or `Block` if you are creating Filesystem PVC it should be `Filesystem`, if you are creating Block PV you need to change it to `Block`\nvolumeMode: Filesystem\nstorageClassName: cephfs\n```\n"}
|
||||
29
ai/jsonl/faq.jsonl
Normal file
29
ai/jsonl/faq.jsonl
Normal file
@@ -0,0 +1,29 @@
|
||||
{"question": "How do I add my custom Generic Base App (GBA) to the deployment?", "answer": "You can use the application chart to add your GBAs to a deployment. Please follow the instructions\nin the [chart README](../charts/application/README.md)."}
|
||||
{"question": "I do not find any of my custom objects (roles, classes, ...) from my GBA in the system. Is there an install log file that I can check?", "answer": "Yes. You can either check the log of the application job with\n```\nkubectl logs -l nplus/instance=sbs,nplus/component=application\n```\nor you can check the log at `/conf/<instance>/application/10init.log` from the environment toolbox.\nPlease check out the [chart README](../charts/application/README.md) for more information.\n> Please note, that the job/pod is automatically removed shortly after app installation, so the `kubectl logs` command might not find the ressource any more."}
|
||||
{"question": "Network Policies", "answer": "Kubernetes CNI supports the use of `NetworkPolicy` resources. Every resource, that has a NetworkPolicy attached is monitored by a compatible CNI driver such as Calico oder Cilium and Network Filter Rules are implemented.\nBy this means, one pod can only communicate with other pods, if a network rule has explicely been applied.\nnplus supports NetworkPolicies by the following control structures:\nsecurity.cni. (on component, instance or environment level)\n- defaultIngressPolicy\n can be set to *deny*, *allow* or none.\n *deny* will drop all undefined inbound packages,\n *allow* will forward all undefined inbound packages\n If not defined, the Policy will not be created.\n- defaultEgressPolicy\n can be set to *deny*, *allow* or none.\n *deny* will drop all undefined outbound packages,\n *allow* will forward all undefined outbound packages\n If not defined, the Policy will not be created.\n- createNetworkPolicy\n toggles the policy creation in general\nFor larger projects, it is likely to have a *Central Services* Instance that hold e.g. the *Administrator* and the *Monitoring Console*. If these services are in the same namespace and within the same instance, nothing need to be done (default).\nHowever, if you use *Central Services* you can define the Namespace and the Instance of these services in order to have NetworkPolicies created for inter-namespace and inter-instance traffic.\n- administratorNamespace\n- administratorInstance\n- monitoringNamespace\n- monitoringInstance\n- pamNamespace\n- pamInstance\n> If you use a centralized *Storage Layer* and *Rendition Server*, you will have to apply extra Policies to allow access. Please remember to write ingress and egress rules.\nExample:\n```\nglobal:\n environment:\n security:\n cni:\n defaultIngressPolicy: deny\n defaultEgressPolicy: deny\n createNetworkPolicy: true\n```"}
|
||||
{"question": "How can I use snc in NAPPL to access my SAP System?", "answer": "To use *snc* in NAPPL, you need to\n1. Enable it in NAPPL (`nappl.snc.enabled: true`)\n2. Add the IP Range of your SAP Systems to allow egress access (`nappl.snc.sapIpRange: \"0.0.0.0/0\"`)\n3. Copy the *snc* files to the nplus environment (`kubectl cp snc nplus-toolbox-0:/conf/pool`)\nPlease find more information in the [nappl chart README](../charts/nappl/README.md)"}
|
||||
{"question": "How can I use extra fonts for rendition or OCR?", "answer": "Extra fonts, like the *mscorefonts* can be installed by copying them into the *nplus environment*. The fonts are then automatically applied to all *rendition Server* and *Application Layer* components within all *nplus Instances* within this environment.\nTo copy fonts to the pool, use\n```\nkubectl cp test/fonts nplus-toolbox-0:/conf/pool\n```\nThis copies the local *fonts* directory to the environment pool.\nThe target is `pool/fonts`, where all extra fonts must reside.\nThis is then picked up by the components."}
|
||||
{"question": "How can I completely remove any trace of *nplus* from my cluster?", "answer": "1. Remove all *nplus Instances* from your *nplus Environment*:\nIf you installed with helm:\n```\nhelm uninstall myInstance\n```\nIf you installed using Argo:\n```\nhelm install myInstance-argo\n```\nor whatever the name of your instance is.\nIf you installed by kubectl:\n```\nkubectl delefe -f myInstance.yaml\n````\nDo this for all instances.\n2. Remove the *nplus Environment* from the Kubernetes Namespace\nif installed by helm:\n```\nhelm uninstall <name>\n```\nwhere *name* is the name you used when installing\n3. Remove the *nplus Cluster* from the Kubernetes Cluster\nif installed by helm:\n```\nhelm uninstall <name>\n```\nwhere *name* is the name you used when installing"}
|
||||
{"question": "I would like to connect to the environment dav server to access the config files", "answer": "You can access the *nplus Environment conf dav server* either\n- through an ingress, if you enable it. But you might want to keep it disabled for security reasons. Instead you can access it\n- via a port forwarding from your local machine, in case you have kubectl access to the cluster:\n```\nkubectl port-forward pods/nplus-davserver-0 8080:8080\n```\nThen, you can connect to the server via http://localhost:8080/dav"}
|
||||
{"question": "How can I manually delete all Resources belonging to a specific instance?", "answer": "To delete everything belonging to a specific instance, you can use:\n```\nkubectl delete $(kubectl get svc,sts,deployment,cm,secret,networkpolicy,ing,pvc,certificate,nscale -l nplus/instance=<instance> -o name)\n```"}
|
||||
{"question": "I changed the image tag of *nscale Web*, but when I apply, the component stays healthy", "answer": "Even though it might seem *nscale Web* would not restart, it actually does.\n*nscale Web* is configured as a *Rolling Update DeamonSet*, so it first creates a new Pod and waits till that is ready. Then it stops the old one.\nDuring the update cycle, the services stays healthy.\nNotice, that the *Application* job (if defined) runs as well. That is, because updating the Web component might require new Snippets etc. to be installed,\nto *nplus* is giving the *Application* the chance to do so."}
|
||||
{"question": "Can I check out a nappl image?", "answer": "Yes, you can:\n```sh\ndocker run --rm -it ceyoniq.azurecr.io/release/nscale/application-layer:ubi.9.2.1200.2024052713 /bin/bash\n```"}
|
||||
{"question": "Can I bash into my nappljobs?", "answer": "Indeed:\n```sh\nkubectl exec --stdin --tty demo-ha-nappljobs-0 -- /bin/bash\n```"}
|
||||
{"question": "I keep getting errors, that *chmod* is not allowed on the conf file system", "answer": "This might be because you might be using a CIFS / smb shared file system (like Microsoft Azure File).\nYou can switch off all internal chmod commands by setting `.Values.global.environment.storage.conf.cifs` to `true`."}
|
||||
{"question": "We use multiple ingress controllers in different namespaces. How do we set that?", "answer": "You can set the ingress class per enviroment, per instance or per component.\nComponent bein the highest priority.\nAdditionally, you might want to set the namespace of your controller to allow ingress traffic from that namespace to the pods. Since you probably have multiple namespaces, this is a comma separated list:\n```\n# Set Ingress namespace per component\ningress:\n namespace: \"nginx-ingress\"\n```\nor\n```\n# Set Ingress namespaces for all instances in an environment\nglobal:\n environment:\n ingress:\n namespace: \"ingress, kube-system, external-ingress, internal-ingress, backup-ingress\"\n```"}
|
||||
{"question": "How do I know which tags exist in the registry?", "answer": "You can use Skopeo:\n```\nskopeo list-tags docker://ceyoniq.azurecr.io/release/nscale/application-layer\n```\nThis lists all nappl tags in the registry"}
|
||||
{"question": "We use a forward proxy in our DMZ and have problems with OAuth (or others)", "answer": "If you use a forward proxy, such as in a DMZ Scenario, you will probably need to configure your cluster Load Balancer so it forwards the real IP adress of your clients.\nIn nginx, this is done by the setting `use-forwarded-headers` which needs to be put into the clusterwide config (this is a global option):\n```\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: nginx-load-balancer-microk8s-conf\n namespace: ingress\ndata:\n use-forwarded-headers: \"true\"\n proxy-real-ip-cidr: \"<Your Reverse Proxy IP>\"\n```\nApply this config map to your nginx LB namespace setting the IP Adress CIDR of your DMZ Reverse Proxy.\nIn the DMZ nginx configuration, make sure you submit all necessary information:\n```\nserver {\n server_name demo.nscale.cloud;\n client_max_body_size 10G;\n proxy_set_header X-Forwarded-For $remote_addr;\n proxy_set_header X-Forwarded-Host $host;\n proxy_set_header X-Forwarded-Proto $scheme;\n if ( $is_bot ) { return 410; }\n location = / { return 301 \"/nscale_web\"; }\n location = /me { return 301 \"/auth/realms/cloud/account\"; }\n location /robots.txt { return 200 \"User-agent: *\\nDisallow: /\"; }\n location /nscale_web { proxy_pass https://dmz.lan; }\n location ~ ^/(auth/realm|auth/login|auth/resources) { proxy_pass https://centralservices.lan; }\n location /nscalealinst1 { proxy_pass https://dms.lan; }\n listen 443 ssl;\n ssl_certificate fullchain.pem;\n ssl_certificate_key privkey.pem;\n}\n```"}
|
||||
{"question": "How yan I set Ressources (CPU / RAM) for the components?", "answer": "You can set the ressources in the Values:\n```yaml\nresources:\n requests:\n cpu: \"100m\" # Minimum 1/10 CPU\n memory: \"500Mi\" # Minimum 500 MB\n limits:\n cpu: \"2000m\" # Maximum 2 Cores\n memory: \"4096Mi\" # Maximum 4 GB. Java will see this as total.\n```\nIf you want to set Java Memory Options:\n```yaml\njavaOpts:\n javaMinMem: \"1024m\"\n javaMaxMem: \"2048m\"\n```"}
|
||||
{"question": "How can I bash into nappl?", "answer": "This is an example of how to bash into a nappl, in this case empty-nappl-0:\n```\nkubectl exec --stdin --tty empty-nappl-0 -- /bin/bash\n```"}
|
||||
{"question": "How can I set the timezone?", "answer": "You can set the timezone per component, instance and/or environment, using the `timezone` value. Please refer to the\ncomponent README.md for more information."}
|
||||
{"question": "How can I use priorityClasses for the components?", "answer": "You can use an existing priorityClass by setting `priority.className: <your class>` on the component, instance or environment.\nIf you want to have the class created for you, you can set `priority.createClass: true`.\nYou can also set the desired value.\nExample:\n```yaml\npriority:\n className: '{{ .component.fullName }}'\n createClass: true\n value: \"1000000\"\n```\n> If you omit the quotes for value, you will end up having a float64 like `1e+06` in your values, which will cause problems.\nTo forcefully switch off any previously set priority for a specific instance, you can override:\n```yaml\nglobal:\n override:\n priority:\n```\nThe **default** is to have no priorityClass at all."}
|
||||
{"question": "How can I enable and access the Web Administrator?", "answer": "To enable the nscale Administrator (Web, aka *RapAdmin*), you have to first enable the *administrator* chart in your instance:\n```yaml\ncomponents.administrator: true\n```\nBy default, the Administrator will use the standard Application Layer for login. You can change that by setting\n```yaml\nadministrator:\n nappl:\n host: '{{ include \"nplus.prefix\" . }}nappljobs.{{ .Release.Namespace }}'\n waitFor:\n - '-service {{ include \"nplus.prefix\" . }}nappljobs.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.nappl.port }} -timeout 600'\n```\nThis is an example, where we use multiple Application Layer and one designated Application Layer for Jobs. And we use this `nappljobs` for administration as well. So the above configuration changes the default and lets the admin client access nappljobs.\nIf you run the Administrator in another instance (Central Services or something alike), you can also cross namespaces and/or instances here to access multiple tenants if desired. But in that case you might need to add individual *networkPolicies* to allow access.\nOnce the Admin Client is running, you can reach it at `https://<Your Domain>/rapadm`."}
|
||||
{"question": "I want to use the same domain for my environment and my instance, so the certificates are created twice", "answer": "First of all, are you sure you want the same domain? Because the environment ingress is used by admins to access the config by dav or the monitoring data from the operator. You normally would not want that to use the same domain / ingress as the users of your services.\nHowever, if you decide to use the same domain, you can easily switch off certificate generation: Certificates are either generated by an issuer like cert-manager or are self-signed and generated by helm.\n- if `.this.ingress.issuer` is set, the chart requests this issuer to generate a tls secret with the name `.this.ingress.secret`\n by creating a certificate resource with the name of the domain `.this.ingress.domain`\n- else, so no issuer is set, the chart checks wether the flag `.this.ingress.createSelfSignedCertificate` is set to `true` and\n generates a tls secret with the name `.this.ingress.secret`\n- else, so neither issuer nor createSelfSignedCertificate are set, the charts will not generate anything\nAfter the instance or environment ran through the generation process, the components use the name of the tls\nsecret `.this.ingress.secret` for their ingresses, in case `.this.ingress.enabled` is `true`.\nSo to cut a long story short:\n1. You better not have the same domain for end users and admins. Please re-consider and try something like\n - `admin.my-domain.internal` for admin access and\n - `my-domain.cloud` for public access\n2. If you do want the same domain, you need to switch off the generation process in either the instance or the environment.\n You can still use the same secret. As the environment is deployed before the instance, it might be a good idea to switch off the instance:\n ```yaml\n global:\n ingress:\n issuer: null\n createSelfSignedCertificate: false\n ```"}
|
||||
{"question": "How can I access my services with a browser?", "answer": "Well, that of course depends on\n- which services you enabled\n- if these services gain access through a web interface\n- this access (ingress) is enabled.\nYou can check like this:\n```bash\nkubectl get ingress -l nplus/instance=<your instance>\n```\nExample using the *demo-ha* example:\n```bash\n% kubectl get ingress -l nplus/instance=demo-ha\nNAME CLASS HOSTS ADDRESS PORTS AGE\ndemo-ha-administrator public demo-ha.lab.nplus.cloud 127.0.0.1 80, 443 10h\ndemo-ha-cmis public demo-ha.lab.nplus.cloud 127.0.0.1 80, 443 10h\ndemo-ha-ilm public demo-ha.lab.nplus.cloud 127.0.0.1 80, 443 10h\ndemo-ha-mon public demo-ha.lab.nplus.cloud 127.0.0.1 80, 443 10h\ndemo-ha-nappl public demo-ha.lab.nplus.cloud 127.0.0.1 80, 443 10h\ndemo-ha-pam public demo-ha.lab.nplus.cloud 127.0.0.1 80, 443 10h\ndemo-ha-web public demo-ha.lab.nplus.cloud 127.0.0.1 80, 443 10h\ndemo-ha-webdav public demo-ha.lab.nplus.cloud 127.0.0.1 80, 443 10h\n```\nThen, you can drill into an ingress, to get the paths:\n```bash\nkubectl describe ingress <ingress>\n```\nYou can also get a list of all hosts + paths:\n```bash\n% kubectl get ingress -l nplus/instance=demo-ha -o json 2> /dev/null| jq -r '.items[] | .spec.rules[] | .host as $host | .http.paths[] | ( $host + .path)' | sort | grep -v ^/\ndemo-ha.lab.nplus.cloud/cmis\ndemo-ha.lab.nplus.cloud/dav\ndemo-ha.lab.nplus.cloud/engine.properties\ndemo-ha.lab.nplus.cloud/index.html\ndemo-ha.lab.nplus.cloud/modeler\ndemo-ha.lab.nplus.cloud/nscale_web\ndemo-ha.lab.nplus.cloud/nscalealinst1\ndemo-ha.lab.nplus.cloud/nscalealinst1/webb/configuration\ndemo-ha.lab.nplus.cloud/nscalealinst1/webc/configuration\ndemo-ha.lab.nplus.cloud/nscalemc\ndemo-ha.lab.nplus.cloud/rapadm\ndemo-ha.lab.nplus.cloud/res\ndemo-ha.lab.nplus.cloud/sap_ilm\n```"}
|
||||
{"question": "I would like to disable the ingress on the operator, but access it through a NodePort Service", "answer": "Sure. Just disable the ingress first on your environment deployment:\n```yaml\noperator:\n ingress:\n enabled: false\n```\nThen add a NodePort Service to access it:\n```bash\ncat << EOF | kubectl apply -f -\napiVersion: v1\nkind: Service\nmetadata:\n name: nplus-operator-nodeport-access\nspec:\n type: NodePort\n selector:\n nplus/component: operator\n ports:\n - port: 8080\n targetPort: 8080\n nodePort: 31976\nEOF\n```\nAccess it:\n- `http://<Your Cluster Node IP>:31976/monitoring`\n- `https://<Your Cluster Node IP>:31977/monitoring`\nhttps://10.17.1.31:31977/monitoring/index.html?page=overview"}
|
||||
{"question": "During Desaster Recovery tests we noticed that we cannot change the Document ID in runtime. What should we do?", "answer": "You can switch the component (in this case the Storage Layer as you mention the Document ID, but this method work for any component) into *Maintenance Mode*. Maintenance Mode will\n- start pods without starting the service, providing the possibility to gain access to the container to perform recovery tasks that need to be done offline. In order to do this:\n - All *waitFor* definitions are ignored\n - All *Health Checks* are ignored\n - The container starts in idle\n - Application Jobs are disabled\nYou can put a component, an instance or the whole environment into maintenance.\n```yaml\nutils:\n maintenance: true\n```\nor global for the instance:\n```yaml\nglobal:\n utils:\n maintenance: true\n```"}
|
||||
{"question": "Why can't I specify pullSecrets on the waitImage?", "answer": "pullSecrets are defined at pod level, not at container level. WaitFor is a container, so it doesn't have its own pullSecrets but rather takes the pod ones."}
|
||||
{"question": "We do not want to use argoCD Waves, can we switch it off?", "answer": "Yes, just add the following to the `values.yaml` to globally turn off the argoCD Wave feature:\n```yaml\nglobal:\n utils:\n disableWave: true\n```\nPlease also see the *nowaves* example"}
|
||||
{"question": "Out Instances became pretty large with lots of components and multiple team members working on parts of it. Can we somehow slices it into smaller chunks?", "answer": "Yes, you can. Simply create multiple Instances with the components you like and then join them all together using a common `.instance.group` tag.\nThis will open the firewall (Network Policies) to allow traffic within the group / between multiple Instances.\nPlease see the *group* example for details"}
|
||||
{"question": "I get frequent DV/DA HID check failures in nstl in my dev Environment", "answer": "In the lab / dev environment, you probably quite often throw away the data disk while keeping the conf folder. The default for the DA_HID.DAT is the conf folder, so they do not match any more. You can easily switch the check off:\n```yaml\nnstl:\n checkHighestDocId: \"0\"\nnstla:\n checkHighestDocId: \"0\"\nnstlb:\n checkHighestDocId: \"0\"\n```\nif you do this in the environment, you have globally switched all nstl da checks off."}
|
||||
{"question": "We use the postgres DB for DEV and would like to get a dump. How can we do that?", "answer": "You can call pg_dump from the command line. Make sure you have the right password and pod.\n```\nkubectl exec --stdin --tty sample-empty-database-0 -- env PGPASSWORD=\"postgres\" pg_dump -U postgres -w nscale > test.dump\n```"}
|
||||
23
ai/jsonl/history.jsonl
Normal file
23
ai/jsonl/history.jsonl
Normal file
File diff suppressed because one or more lines are too long
1
ai/jsonl/image.jsonl
Normal file
1
ai/jsonl/image.jsonl
Normal file
@@ -0,0 +1 @@
|
||||
{"chapter": "Common Image Configuration", "level": 2, "text": "The `image` configuration consists of\n- the Image Name\n- the Image Repository\n- the Image Tag\n- the Image Pull Policy\nIf the Pull Policy is not set, it is automatically `IfNotPresent`.\nThe `Repository` can be overridden at Instance Level and Environment Level to accomodate multiple stages:\n```\nimage:\nname: test\ntag: 1.0.0\nrepo: cr.nplus.cloud # Prio 3\npullPolicy: Always\nglobal:\nrepo: myrepo_i1 # Prio 4\nrepoOverride: myrepo_i2 # Prio 2\nenvironment:\nrepo: myrepo_e1 # Prio 5\nrepoOverride: myrepo_e2 # Prio 1\n```\nIn this example, finding the repo to use would be:\n```helm\n$repo := global.environment.repoOverride | default global.repoOverride | default image.repo | default global.repo | default global.environment.repo\n```\nOnce you override the repo, you might als want to override the `pullSecrets` globally to allow login to your private registry. Since you do not want to do that per image definition, you - just like the repos - can override that globally:\n```\nglobal:\npullSecretsOverride:\n- myPrivateRegistrySecret\n```\nThe override procedure is identical to the repo example above.\n**The Use Case** is to easily enable you to download the images to a private and secure registry. *nplus* by default uses the official registries, but\nthat is most likely not wanted by enterprise customers. So you can just set your own registry in the environment and keep dev, qa and prod apart and secured.\n"}
|
||||
2
ai/jsonl/ingress.jsonl
Normal file
2
ai/jsonl/ingress.jsonl
Normal file
@@ -0,0 +1,2 @@
|
||||
{"chapter": "Common Ingress Configuration", "level": 2, "text": "The Ingress Configuration can be performed at various levels:\n- Per Component / Chart\n`ingress.`\n- Per Instance\n`global.ingress.`\n- Per Environment\n`global.environment.ingress.`\nThis enables you to have configuration yaml files per environment (e.g. for DEV, QA and PROD) setting environment defaults.\nYou then do not have to touch the Instance configuration.\nExample:\n```\nhelm upgrade -i \\\n--values $SAMPLES/big-instance.yaml \\\n--values $SAMPLES/applications.yaml \\\n--values $SAMPLES/dev.yaml \\\ndemo nplus/instance-argo\n```\nYou might have your Instance values in the `big-instance` file, the Apps you want to have deployed to that instance\nin the `applications` file, and then you add your default setting for the `dev` stage, potentionally overwriting anything\nfrom the above. The priority in this is *last one wins*.\n> The Values are taken by the chart in the following order:\n> Component, then Instance, then Environment.\nIf no value is set, the configuration is dropped from the manifest.\nIn the following table, you see what value can be defined in which section:\n| Key | Component | Instance | Environment |\n| ---- | ----------- | ----------- | ----------- |\n| domain | ✔︎ | ✔︎ | ✔︎ |\n| issuer | ✔︎ | ✔︎ | ✔︎ |\n| class | ✔︎ | ✔︎ | `public` |\n| enabled | ✔︎ | - | - |\n| backendProtocol | ✔︎ | - | - |\n| cookie | ✔︎ | - | - |\n| inputPath | ✔︎ | - | - |\n| deny | ✔︎ | - | - |\n| whitelist | ✔︎ | ✔︎ | ✔︎ |\n| namespace | ✔︎ | ✔︎ | ✔︎ |\nFor the component ingress, you can specify the following values:\n| Key | Description | Default |\n|-----|-------------|---------|\n| backendProtocol | choose wether you want http or https as the backend protocol. This will encrypt traffic from the ingress controller to your pods if you set it to https. | `\"http\"` |\n| class | sets the ingressclass to use. e.g. `public` or `nginx` | `\"public\"` |\n| cookie | on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web | component dependent |\n| domain | sets the ingress domain, like `tenant1.mydomain.com`. If no domain is set, no ingress will be configured automatically | none |\n| enabled | on component level, enable or disable the ingress | component dependent |\n| inputPath | this defines the path (on component level) for this component Example: `nscale_web` for nscale Web | component dependent |\n| issuer | if you use *cert-manager* or any other certificate issuer, you can add the class here to hand certificate issuing requests to this issuer. if you do not set any issuer, the chart will generate a self-signed certificate for your ingress (if you defined a domain) | |\n| deny | you can specify specific paths to be denied by this ingress | component dependent |\n| whitelist | optionally specify a list of allowed ip ranges to use an ingress | not restricted |\n| namespace | when securing the instance with network policies, you can specify the source namespace of the ingress controller | \"ingress\" |\n| annotations | adds extra annotations\n> Please the the FAQ for information about using a DMZ, where additional cluster configuration will be necessary\n"}
|
||||
{"chapter": "Annotations", "level": 3, "text": "You can add extra Annotations to the ingress by adding\n```\nglobal:\ningress:\nannotations:\nnginx.org/proxy-connect-timeout: \"30s\"\nnginx.org/proxy-read-timeout: \"20s\"\nnginx.org/client-max-body-size: \"4m\"\nnginx.org/server-snippets: |\nlocation / {\nreturn 302 /coffee;\n}\n```\n"}
|
||||
1
ai/jsonl/java.jsonl
Normal file
1
ai/jsonl/java.jsonl
Normal file
@@ -0,0 +1 @@
|
||||
{"chapter": "Definig Java VM Resources", "level": 2, "text": "For those components implemented in Java, it is possible to set Java Options:\n- nscale CMIS Connector\n- nscale ILM Connector\n- nscale Application Layer\n- nscale Rendition Server\n- nscale Web\n| Key | Description | Default |\n|-----|-------------|---------|\n| javaOpts.javaMaxRamPercentage | Maximum memory given to Java in % | - |\n| javaOpts.javaMinMem | Minimum memory given to Java | - |\n| javaOpts.javaMaxMem | Maximum memory given to Java | - |\n| javaOpts.javaMisc | Additional Java Options | - |\n> **Note**: if you defined settings for *appDynamics*, the agent will automatically be added to the Java Options when the above components are run. Please refer to `global.appDynamics.agent` for more information.\n"}
|
||||
12
ai/jsonl/mounts.jsonl
Normal file
12
ai/jsonl/mounts.jsonl
Normal file
@@ -0,0 +1,12 @@
|
||||
{"chapter": "Common Storage Configuration", "level": 2, "text": "This works just the same way as the Ingress settings: The Configuration can be performed at various levels:\n- Per Component / Chart\n`storage.`\n- Per Instance\n`global.storage.`\n- Per Environment\n`global.environment.storage.`\nThis enables you to have configuration yaml files per environment (e.g. for DEV, QA and PROD) setting environment defaults.\nYou then do not have to touch the Instance configuration.\nFor storage, there are several volume types:\n- **conf**, Shared File, RWX, global per environment\n- **data**, Disk, RWO, optional per component\n- **file**, Shared File, RWX, optional per ReplicaSet\n- **temp**, EmptyDir\n- **ptemp**, Shared File, RWX, global per environment\n- **log**, EmptyDir, should be empty, so just in case\n- **pool**, optional path on the conf share mounted by some components\n- **generic**, allows to mount any pre-defined PV into a container\n"}
|
||||
{"chapter": "conf", "level": 3, "text": "The *conf* storage is a global PVC with RWX (file) shared by every component in the environment. The component creates a sub directory\non the share and mounts it to the config directory in the container.\n`storage.conf.name` sets the name of the PVC to be created and used.\n`mounts.conf.path` defines the target directory in the container.\nAs the environment normally provides the *conf* share, you can set the class and the size in the environment.\nIf you habe your RWX storage class provided by a CIFS / SMB shared file system, you need to disable linux commands like *chmod*.\nThis can be done in the storage environment settings:\n```\nglobal:\nenvironment:\nstorage:\nconf:\ncifs: true\n```\n"}
|
||||
{"chapter": "data", "level": 3, "text": "Every component can create a data PVC with RWO (disk). You can set the `class` for this disk directly at the mount definition `mounts.data.class`. If unset, it uses the definition for the data class from `global.storage.data.class` or from the environment definition at `global.environment.storage.data.class`.\nIf the class is not defined, it is not included in the manifest and so the cluster default is taken.\nSet the size at `mounts.data.size`. No default for the size.\n"}
|
||||
{"chapter": "file", "level": 3, "text": "Every component can create a file PVC with RWX (shared file). You can set the `class` for this share directly at the mount definition `mounts.file.class`. If unset, it uses the definition for the file class from `global.storage.file.class` or from the environment definition at `global.environment.storage.file.class`.\nIf the class is not defined, it is not included in the manifest and so the cluster default is taken.\nSet the size at `mounts.file.size`. No default for the size.\nThis file mount is used for example for the *nscale Rendition Server* to create a common workload directory for all PODs across cluster nodes.\n"}
|
||||
{"chapter": "temp", "level": 3, "text": "If a *temp* mount point is given in the values file, it creates an `emptyDir` volume with the `sizeLimit` of `mounts.temp.size`. If no limit is given, the volume will have no limit and the cluster node default is used.\nIf you want to back this volume by memory, specify `mounts.temp.medium: memory`. Be aware, that this will utilize a RAM disk and count against your PODs resources.\n> The *nscale Application Layer* caches fulltext data in temp. Please be aware of your component behaviour when setting medium and size. Your plugins might be requireing speed or size.\n"}
|
||||
{"chapter": "ptemp", "level": 3, "text": "*ptemp* is a shared, persistant version of temp. It is used to store temporary data, that needs to live beyond the life of a pod, like exports from the database or account logs from storage layer.\nThe ptemp is created by the environment and all pods are free to use it, just like conf.\n"}
|
||||
{"chapter": "logs", "level": 3, "text": "If a *logs* mount point is given in the values file, it creates an `emptyDir` volume with the `sizeLimit` of `mounts.logs.size`. If no limit is given, the volume will have no limit and the cluster node default is used.\nThe components are writing logs to `stdout` and `stderr`, so the logs directory should not be necessary. This is just in case any plugin writes something to the contaainers file system.\nAdditionally, if you use the *nplus Remote Management Server* component, you might want the legacy way of reading log files, and this would be the storage for that.\n"}
|
||||
{"chapter": "pool", "level": 3, "text": "You can define a path at `mount.pool`, then this component will have access. This is used to hand binary data to the components, such as plugins or *nscale Generic Base Apps* along with the *nscale App Installer*.\n"}
|
||||
{"chapter": "Pre-Created Persistent Volumes", "level": 3, "text": "For security reasons, Persistent Volumes can be pre-created and then referenced by the PVC. In order to do so, you can set\n- `storage.conf.volumeName` in the environment configuration to set a specific volume reference for the config share, and\n- `mounts.data.volumeName` in each components values to set a specific volume reference for the (optional) data volume, as well as\n- `mounts.file.volumeName` in each components values to set a specific volume reference for the (optional) file volume\nAs the volume is specific to a certain volume, it cannot be set globally.\n"}
|
||||
{"chapter": "Setting storage values", "level": 3, "text": "| Key | Component | Instance | Environment |\n| ---- | ----------- | ----------- | ----------- |\n| conf.name | ✔︎ | ✔︎ | `conf` |\n| data.class | ✔︎ | ✔︎ | ✔︎ |\n| data.size | ✔︎ | - | - |\n| data.paths | predefined list | - | - |\n| data.volumeName | ✔︎ | - | - |\n| file.class | ✔︎ | ✔︎ | ✔︎ |\n| file.size | ✔︎ | - | - |\n| file.paths | predefined list | - | - |\n| file.volumeName | ✔︎ | - | - |\n| temp.size | ✔︎ | - | - |\n| temp.medium | ✔︎ | - | - |\n| temp.path | predefined | - | - |\n| logs.size | ✔︎ | - | - |\n| logs.medium | ✔︎ | - | - |\n| logs.path | predefined | - | - |\nAvoid to change the values marked as *predefined*.\n"}
|
||||
{"chapter": "Working with Certificates", "level": 3, "text": "There are two types of certificates than you might want to customize in your deployment:\n- (Root-) Certificate Authorities\n- Private Certificates and Key Files\n**Root CA** extensions will be needed if you want to access other services via https (egress), that have certificates signed by a non-default authority.\nIn that case, you can upload the authority (public) certificate to trust it.\nThe process differs from component to component, as some are written in java (and require the certificate to be inside a keystore)\nand others are written in C++ or else and might require a PEM certificate store (like the Storage Layer).\nFirst thing is to create the store in whatever format it is needed and then upload it into a secret. Within the helm values, you can then\nset the destination path and file name next to the secret where you stored the certificate. There can be multiple certificates.\n```\nmounts:\ncaCerts:\npaths:\n- \"/etc/pki/tls/certs/ca-bundle.crt\"\n- \"/usr/lib/jvm/jre/lib/security/cacerts\"\nsecret: ca-secret\n```\nIn this example, the secret *ca-secret* needs to hold two files:\n- a cacerts file (under that key), which is a java keystore file and will\nbe placed as the cacerts file in the Java deployment of the component (In this case the NAPPL).\n- a *ca-bundle.crt* file which is a PEM format file that holds all trusted CAs you need.\nThe *paths* list defines the path and filename of the target as well as the key of the files within the secret.\nIn Storage Layer, this might look like this:\n```\nmounts:\ncaCerts:\npaths:\n- \"/opt/ceyoniq/nscale-server/storage-layer/etc/CA.CER\"\nsecret: ca-secret\n```\nIn this case, the Sorage Layer requires the root ca certs to be a file of exactly this name in the etc directory of the deployment.\nPlease consult the storage layer manual for more information.\n**component Certificates** and Key files are normally used to hold private tls certificates to encrypt https traffic (ingress).\nThe configuration of these keystores is identical to the ca stores:\n```\nmounts:\ncomponentCerts:\npaths:\n- \"/opt/ceyoniq/nscale-server/application-layer/conf/certificates.store\"\nsecret:\n```\nIn this case, the secret must have a key named *certificates.store* that holds the java keystore with the required certificates.\n> Please note, that alternatively, you can also upload this file to the conf directory of the application layer. If you do not specify a secret, this\nmount will not be implemented.\nUploading to this file to the conf would be like this:\n```\nkubectl cp certificates.store nplus-toolbox-0:/conf/<myInstance>/nappl\n```\n**Alternatively, you can also define a configMap** for the public CA certificates, then the configuration would be like this:\n```\nmounts:\ncaCerts:\npaths:\n- \"/opt/ceyoniq/nscale-server/storage-layer/etc/CA.CER\"\nconfigMap: ca-map\n```\n"}
|
||||
{"chapter": "Using the generic mount interface", "level": 3, "text": "This allows you to mount any pre-provisioned PVs, secret or configMap as a directory or single file into any container.\nIt can be used e.g. to mount migration nfs, cifs / samba shares into a pipeliner container.\nUse the following format:\n```\nmounts:\ngeneric:\n- name: <name>:\npath: <the path in the container, where you want to mount this>\nvolumeName: <the name of the PV to be mounted>\nconfigMap: <the name of the configMap to bemounted>\nsecret: <the name of the secret to bemounted>\nsubPath: [a (optional) subpath to be used inside the PV]\naccessMode: <ReadWriteMany|ReadWriteOnce|ReadOnlyMany|ReadWriteOncePod>\nsize: <size request>\n```\nPlease see the *generic* sample in the samples directory for detailes.\n"}
|
||||
2
ai/jsonl/operations1.jsonl
Normal file
2
ai/jsonl/operations1.jsonl
Normal file
@@ -0,0 +1,2 @@
|
||||
{"chapter": "Day 1 Ops: Install, Update, Uninstall", "level": 1, "text": "1. Install instance *sample*\nTo demonstrate, we use the sample-tenant chart we find in the samples directory. The main difference\nto the default instance chart is, that a domain is set to `*.sample.nplus.cloud`, so we will be able to\nlog into the web client right away if we redirected this domain correctly.\nYou can easily adopt the examples to your environment.\n```\nhelm install sample nplus/sample-tenant --version 9.0.1400\n```\n2. **Rolling update** of instance *sample* to a later monthly release\nAll nscale components support rolling updates, **but** the *nscale Application Layer*.\nAs the Application Layer has the connection to the database, and this depends on the DB scheme,\nonly cluster members with the same version can work with that DB at the same time.\nThere are no scheme updates in monthly releases, so we can use the default rolling updates here.\n```\nhelm upgrade sample nplus/sample-tenant --version 9.0.1501\n```\n3. **Minor / Major Update** of instance *sample*\nMinor or Major updates require the *nscale Application Layer* to have the same version on all cluster nodes. And since the *nscale Pipeliner* may also have an integrated *nappl* in core mode, we also need to update the pipeliner at the same time.\nWe first need to shut down all *nappl* cluster members, so set the *nscale Application Layer*, the potential *nappl Jobs Node* and the *nscale Pipeliner* stateful sets to replica 0.\nIn *nplus*, these replicaSets are labeled with `nplus/type=core`, so we can easily select them:\n```\nkubectl scale statefulset -l nplus/type=core,nplus/instance=sample --replicas=0\n```\nAfter that, the update is just like a monthly release:\n```\nhelm upgrade sample nplus/sample-tenant --version 9.1.1001\n```\n> As nplus does not know if you run the Pipeliner in core mode, make sure you change the default type `pipeliner` to `core` when installing, indicating that this pipeliner node needs to be scaled down as well.\n4. **Uninstall** the instance *sample*\n\n```\nhelm uninstall sample\n```\n"}
|
||||
{"chapter": "Install, Update, Uninstall *with argoCD*", "level": 1, "text": "1. Install instance *sample-argo*\n```\nhelm install sample-argo nplus/sample-tenant-argo --version 9.0.1400\n```\n2. **Rolling update** of instance *sample-argo* to a later monthly release\n```\nhelm upgrade sample-argo nplus/sample-tenant-argo --version 9.0.1501\n```\n3. **Minor / Major Update** of instance *sample-argo*\nThe difference to a deployment without argoCD is, that if we manually scale down the *nappl* cluster nodes,\nargoCD tries to immediately **heal** this discrepancy between the description and the status.\nSo we first switch off this healing mechanism, to be able to scale down:\n```\nkubectl -n argocd patch --type='merge' application sample-argo -p \"{\\\"spec\\\":{\\\"syncPolicy\\\":null}}\"\n```\nAfter that, it is the same update procedure as we have with a standard deployment:\n```\nkubectl scale statefulset -l nplus/type=core,nplus/instance=sample-argo --replicas=0\nhelm upgrade sample-argo nplus/sample-tenant-argo --version 9.1.1001\n```\nWhen done, we switch the healing back on which will start to re-sync and recreate all cluster members\nwith the new version:\n```\nkubectl -n argocd patch --type=merge application sample-argo -p \"{\\\"spec\\\":{\\\"syncPolicy\\\":{\\\"automated\\\":{\\\"prune\\\":true,\\\"selfHeal\\\":true}}}}\"\n```\n4. **Uninstall** the instance *sample-argo*\n\n```\nhelm uninstall sample-argo\n```\n"}
|
||||
11
ai/jsonl/operations2.jsonl
Normal file
11
ai/jsonl/operations2.jsonl
Normal file
@@ -0,0 +1,11 @@
|
||||
{"chapter": "Day 2 Ops: Tips & Tricks", "level": 1, "text": ""}
|
||||
{"chapter": "Re-Installation, re-using the former volumes", "level": 2, "text": "Whether with or without ArgoCD, the used volumes can be reattached during reinstallation. However, a few steps are required:\n1. **Before** deleting the instance, set the instance volumes to *Retain*:\n```bash\nkubectl get pv | grep Delete | grep demo-argo | cut -d' ' -f1 | xargs -I PV_NAME \\\nkubectl patch pv PV_NAME -p '{\"spec\":{\"persistentVolumeReclaimPolicy\":\"Retain\"}}'\n```\n2. **After** deletion, these volumes will be in *Released* state.\nHere, the ID of the old PVC must be deleted, but not the entire Ref, otherwise, the disk cannot be assigned to the instance and service later.\n```bash\nkubectl get pv -A | grep Released | grep demo-argo | cut -d' ' -f1 | xargs -I PV_NAME \\\nkubectl patch pv PV_NAME --type json -p '[{\"op\": \"remove\", \"path\": \"/spec/claimRef/uid\"}]'\n```\nNow, the volumes are in an *Available* state and still have the *claimRef* of the instance and the component. If you now recreate the instance, these disks/volumes will be correctly reused.\nExample:\n```bash\nhelm upgrade --install demo-argo nplus/instance-argo --version 9.1.1001\n```\nHowever, if you create an instance with a different name, the claimRefs won't match, and new volumes will be generated.\n"}
|
||||
{"chapter": "Cleanup / Completely remove an instance", "level": 2, "text": "1. **Uninstall** the helm charts\nDeletion is *Cascading*, meaning it deletes everything it installed.\n```bash\nhelm uninstall demo-argo\nhelm uninstall demo\n```\n2. The **configuration** is in the **git** of the Toolbox, and it needs to be removed\n```bash\nkubectl exec --stdin --tty nplus-0 -- rm -rf /conf/demo\nkubectl exec --stdin --tty nplus-0 -- rm -rf /conf/demo-argo\n```\n3. If the volumes were **not** on *Delete* but on *Retain*, they can be deleted:\n```bash\nkubectl get pv -A | grep Released | grep \"demo\" | cut -d' ' -f1 | xargs -n1 kubectl delete pv\n```\nNow you can start over.\n"}
|
||||
{"chapter": "Working with Persistent Volumes", "level": 2, "text": ""}
|
||||
{"chapter": "Delete all \"Released\" PV", "level": 3, "text": "```bash\nkubectl get pv -A | grep Released | cut -d' ' -f1 | xargs -n1 kubectl delete pv\n```\n"}
|
||||
{"chapter": "Delete all \"Available\" PV", "level": 3, "text": "```bash\nkubectl get pv -A | grep Available | cut -d' ' -f1 | xargs -n1 kubectl delete pv\n```\n"}
|
||||
{"chapter": "Make \"Released\" PVs available again", "level": 3, "text": "1. Switch Delete to Retain:\n```bash\nkubectl get pv | grep Delete | grep demo-argo | cut -d' ' -f1 | xargs -I PV_NAME \\\nkubectl patch pv PV_NAME -p '{\"spec\":{\"persistentVolumeReclaimPolicy\":\"Retain\"}}'\n```\n2. Delete ClaimRef UID\n```bash\nkubectl get pv -A | grep Released | grep demo-argo | cut -d' ' -f1 | xargs -I PV_NAME \\\nkubectl patch pv PV_NAME --type json -p '[{\"op\": \"remove\", \"path\": \"/spec/claimRef/uid\"}]'\n```\n"}
|
||||
{"chapter": "Monitoring", "level": 2, "text": "The Monitoring Console can be configured through the RAP Administrator. For each component to be monitored, an entry needs to be added in a component group (RMS doesn't exist!).\nAs a \"computer,\" FQDN, `<instance>.<service>.<namespace>` can be used, for example, `demo-ha-nappl-0.demo-ha-nappl.lab`.\n"}
|
||||
{"chapter": "Restart a pod", "level": 2, "text": "A Pod might be stuck and you might need to re-deploy this replicaset.\nThis example restarts the *web* component of instance *empty*:\n```\nkubectl rollout restart $(kubectl get deployment,statefulset -l nplus/component=web,nplus/instance=empty -o name)\n```\nTo restart all replicasets without available pods, use\n```\nkubectl get deployment,statefulset --field-selector=status.availableReplicas=0\n```\n"}
|
||||
{"chapter": "Delete pending pods to have them re-created by the replicasets", "level": 2, "text": "When a pod gets into pending state forever, that is due to a lack of resources, tolerations or missing PVs.\nYo should correct the cause and then you can simply delete the pod and have it re-created by the RS.\nThis is how you get all pending pods:\n```bash\nkubectl get pods --field-selector status.phase=Pending\n```\nYou can delete all of them by\n```bash\nkubectl delete $(kubectl get pods --field-selector status.phase=Pending -o name)\n```\n"}
|
||||
{"chapter": "Deleting all jobs", "level": 2, "text": "```bash\nkubectl delete $(kubectl get jobs -o name)\n```\n"}
|
||||
6
ai/jsonl/overview.jsonl
Normal file
6
ai/jsonl/overview.jsonl
Normal file
@@ -0,0 +1,6 @@
|
||||
{"chapter": "Setting up a demo / dev infrastructure", "level": 1, "text": "- If you do not have a running system yet, please see the [Infrastructure Guide](docs/infrastructure.md) to install a *microk8s* based demo system\n- If you like to run a full demo system incl. ArgoCD, MetalLb, and cert-manager, please see the [Add-On Guide](docs/addons.md) and read how to add the additional components to your demo *microk8s* cluster\n"}
|
||||
{"chapter": "Getting the first *nplus Instance* up and running", "level": 1, "text": "- In the [Quickstart Guide](docs/quickstart.md), you will learn how to install the first nplus system.\n- To check out the installation of an nplus Instance using ArgoCD, please see the [ArgoCD Quickstart Guide](docs/quickstart-argo.md).\n"}
|
||||
{"chapter": "Examples of more complex setups", "level": 1, "text": "- Have a look at the [samples directory](samples) to see how Instances get deployed in the *nplus Demo Environment*.\n"}
|
||||
{"chapter": "Operations", "level": 1, "text": "- [Day One Operations](docs/operations1) shows how to install, update and uninstall instances\n- [Day Two Operations](docs/operations2) explains how to re-use Persistent Volumes, Perform a proper cleanup after uninstall and tips on monitoring\n"}
|
||||
{"chapter": "Limitations, Cookbook & FAQ", "level": 1, "text": "- please note the [limitations](docs/limitations.md) of the system\n- there is a FAQ located [here](docs/faq.md)\n- *nplus* also has a [cookbook](docs/cookbook.md), which is an *easy reading* version of all the READMEs from the samples. So basically you will get all source files of the [cookbook](docs/cookbook.md) in the [samples directory](samples)\n"}
|
||||
{"chapter": "Further Reading", "level": 1, "text": "- For each component, there are corresponding instructions in the README of the chart.\nYou can always get the most up-to-date information via Helm, for example, for the Instance Chart:\n```\nhelm show readme nplus/nplus-instance\n```\nor here:\n**Environment**\n\n- [nplus Environment Chart README](charts/environment/README.md)\n\n**Instance**\n\n- [nplus Instance Chart README](charts/instance/README.md)\n- [nplus Instance ArgoCD Chart README](charts/instance-argo/README.md)\n\n**Components**\n\n- [nscale Application Layer Chart README](charts/nappl/README.md)\n- [nscale Storage Layer Chart README](charts/nstl/README.md)\n- [nscale Pipeliner Chart README](charts/pipeliner/README.md)\n- [nscale CMIS Connector Chart README](charts/cmis/README.md)\n- [nscale ILM Connector Chart README](charts/ilm/README.md)\n- [nscale Web Chart README](charts/web/README.md)\n- [nscale Monitoring Console Chart README](charts/mon/README.md)\n- [nscale Rendition Server Chart README](charts/rs/README.md)\n- [nscale Process Automation Modeler Chart README](charts/rms/README.md)\n- [nscale Sharepoint Connector Chart README](charts/sharepoint/README.md)\n- [nscale WebDAV Connector Chart README](charts/webdav/README.md)\n- [nplus Remote Management Server Chart README](charts/rms/README.md)\n- [Postgres Database Chart README](charts/database/README.md)\n\n**Application**\n\n- [nplus Application Chart README](charts/application/README.md)\n- Please see the [Version History](HISTORY.md) for a changelog\n"}
|
||||
1
ai/jsonl/priority.jsonl
Normal file
1
ai/jsonl/priority.jsonl
Normal file
@@ -0,0 +1 @@
|
||||
{"chapter": "Priority Class", "level": 2, "text": "You can select a specific *PriorityClass* which is then used for this component. If you enable `createClass`, it will be created.\n"}
|
||||
9
ai/jsonl/quickstart-argo.jsonl
Normal file
9
ai/jsonl/quickstart-argo.jsonl
Normal file
@@ -0,0 +1,9 @@
|
||||
{"chapter": "Adding ArgoCD", "level": 1, "text": "In order to be able to deploy *nplus instances* using ArgoCD, you need to add the Chart Repository to Argo:\n```\ncat << EOF | kubectl apply -f -\napiVersion: v1\nkind: Secret\nmetadata:\nname: nplus-repo\nnamespace: argocd\nlabels:\nargocd.argoproj.io/secret-type: repository\nstringData:\ntype: helm\nurl: https://git.nplus.cloud\npassword: $NPLUS_TOKEN\nusername: $NPLUS_ACCOUNT\nEOF\n```\n> This requires the Environment Variables for the *NPLUS_ACCOUNT* and *NPLUS_TOKE* to be set. Check the Quickstart Guide if you are uncertain\nNow you are good to go adding an instance using ArgoCD. We will re-use the myinstance.yaml we created during the Quickstart Guide. You will also find it in [Samples](../samples/myinstance.yaml).\n```\nhelm upgrade -i \\\n--values myinstance.yaml \\\nmyinstance-argo nplus/nplus-instance-argo\n```\nThe only difference with ArgoCD is, that we use a different Chart for the instance: *nplus-instance-argo*.\nThe settings / values file is identical.\n\nArgoCD will automatically pick up the new instance and start installing it.\nYou can check via command line\n```\n# kubectl get instance\nNAME HANDLER VERSION TENANT STATUS\nmyinstance Helm 9.1.1501 default healthy\nmyinstance-argo argoCD 9.1.1501 default healthy\n```\nOr via agroCD Web UI the current status of the deployment\n\n> The Instance will report *healthy* in argoCD as well as using command line, even though the SBS Installer is not ready yet (as Applications are installed asynchronously as soon as the instance is healthy)\nAs soon as the Application Installer is done, it looks like this:\n\n"}
|
||||
{"chapter": "Monitoring ArgoCD", "level": 1, "text": "ArgoCD also has a custom resource, called *application*. The nscale argoCD Resources are created in the *argocd* Namespace. You can get them by\n```\n"}
|
||||
{"chapter": "kubectl get app -n argocd", "level": 1, "text": "NAME SYNC STATUS HEALTH STATUS\nmyinstance-argo Synced Healthy\n```\nOf course you can also check with\n```\n"}
|
||||
{"chapter": "kubectl get instances", "level": 1, "text": "NAME HANDLER VERSION TENANT STATUS\nmyinstance Helm 9.1.1501 default healthy\nmyinstance-argo argoCD 9.1.1501 default healthy\n```\nBut if you require detailed information, the best is to start describing the argoCD App:\n```\n"}
|
||||
{"chapter": "kubectl describe app myinstance-argo -n argocd", "level": 1, "text": "```\nThis gives you a much higher level of detail.\n"}
|
||||
{"chapter": "Troubleshooting ArgoCD", "level": 1, "text": ""}
|
||||
{"chapter": "Cache", "level": 2, "text": "ArgoCD caches helm Chart content. This can be a problem especially during development, when you might now always increase version numbers.\nThen, you might want to hard reset an argoCD Appication to void the cache:\n```\nkubectl patch app/myinstance-argo -n argocd --type merge -p='{\"metadata\": {\"annotations\":{\"argocd.argoproj.io/refresh\": \"hard\"}}}'\n```\n"}
|
||||
{"chapter": "Finalizer", "level": 2, "text": "Finalizers in Kubernetes are taking care of cleanup tasks. Sometimes, these finalizers in argoCD get stuck on deleting complex nplus instances. As a last option, you might want to try removing the finalizer and then cleaning the instance up manually:\n```\nkubectl patch app/myinstance-argo -n argocd \\\n--type json \\\n--patch='[ { \"op\": \"remove\", \"path\": \"/metadata/finalizers\" } ]'\n```\nThen delete the argoCD Application:\n```\nkubectl delete app/myinstance-argo -n argocd\n```\nSince the finalizer did not clean up, all *nplus instance* parts are still there. Luckily, they are labeled, so easy to identify:\n```\nkubectl get all,pvc,ing -l nplus/instance=myinstance-argo\n```\nWe can now use this list to delete everything:\n```\nkubectl delete $(kubectl get all,pvc,ing -l nplus/instance=myinstance-argo -o name)\n```\n> ArgoCD does not use helm to install but rather get the helm template and renders it internally. So there is no need to clean up helm after removing the argo app.\n"}
|
||||
{"chapter": "Default Waves", "level": 1, "text": "The instance chart has some default waves defined. You can use them or overwrite the values with your own demands:\n- **wave 1**: prepper\n- **wave 2**: requirements: nstl, database\n- **wave 3**: essential services: rs, nappljobs, nappl (standalone, if jobs are enabled)\n- **wave 4**: hook: free to use for anything that needs to be done before the cluster starts\n- **wave 5**: consumer services: nappl (serving consumers) if jobs are disabled\n- **wave 6**: consumer services: web\n- **wave 7**: peripheral services: mon, pipeliner, ilm, cmis, webdav, sharepoint\n- **wave 8**: tools: administrator, pam\n- **wave 9**: tools: rms (Remote Management Server)\n- **wave 10**: solutions: application (incl. GBAs)\n"}
|
||||
17
ai/jsonl/quickstart.jsonl
Normal file
17
ai/jsonl/quickstart.jsonl
Normal file
@@ -0,0 +1,17 @@
|
||||
{"chapter": "*nplus* Quickstart Guide", "level": 1, "text": "The charts are built in a way that they provide minimal functionality without any configuration, using default values.\n- If you want ingress, you have to configure the domain. Without the domain set, your charts will not have any default way to access them. However, you can still forward traffic to them or configure a *NodePort* or *LoadBalancer* manually.\n- If you want proper TLS, you need a certificate. Without the certificate provided, a self-signed certificate will secure your connection.\n- If you want specific storage, configure the storage class to use. Without it, you will get the default class for RWO and RWX.\nThis Quick Start example has nothing configured, so you will get:\n- No ingress, and\n- Default storage.\n"}
|
||||
{"chapter": "Access to the *nplus* Subscription and the nscale License", "level": 1, "text": "You need access to:\n- The *nplus* Helm chart repository\n- The *nplus* container registry\n- The *nscale* license\n- The *nscale* container registry\nIn the next examples, we will use environment variables to access:\n```bash\nNPLUS_ACCOUNT=\"[your nplus subscription]\"\nNPLUS_TOKEN=\"[your nplus access token]\"\nNSCALE_ACCOUNT=\"[your account to access the Ceyoniq container registry]\"\nNSCALE_TOKEN=\"[the access token for above]\"\nNSCALE_LICENSE=\"[the path and license file to use]\"\n```\n"}
|
||||
{"chapter": "The nplus helm repository", "level": 2, "text": "You can register the *nplus* Helm registry:\n```bash\nhelm repo add nplus https://git.nplus.cloud \\\n--username $NPLUS_ACCOUNT \\\n--password $NPLUS_TOKEN\nhelm repo update\n```\nYou should now be able to access the charts:\n```bash\n% helm search repo nplus --versions --devel\nNAME CHART VERSION APP VERSION DESCRIPTION\ngitea/nplus-application 9.1.1201-16 0.2.2 Application Chart\ngitea/nplus-application 9.1.1201-15 0.2.2 Application Chart\ngitea/nplus-application 9.1.1201-14 0.2.2 Application Chart\n...\n```\n> The `--devel` option gives you beta versions as well. Otherwise, you will only see release versions.\n"}
|
||||
{"chapter": "The nscale license", "level": 2, "text": "Make sure you received an nscale license that fulfills the following criteria:\n- `Container: 1` - otherwise it will not allow to be run in a container environment\n- The Storage Layer `ServerID` *must not* be included in the license, as we cannot override it if it is fixed\n- `FullyQualifiedHostName: 0` - If this setting is *on*, the nstl will not work without the ServerID in the license\n- `DomainOnly: 1` - If this setting is *on*, the nstl will not work without the ServerID in the license\n- `hostname: \"*\"` - As hostnames are not really deterministic in Kubernetes, we need a license that allows the hosts to\nhave *any* name.\n- Make sure you have the storage adapter licensed, that you want to use (like S3, Azure BlobStore or Harddisk)\n- Optional: If you want High Availability with *nscale Server Storage Layer*, you need to have\n`DistributedService: 1`, otherwise the nstl instances can not communicate.\n"}
|
||||
{"chapter": "*nplus* Cluster Resources", "level": 1, "text": "*nplus* also includes Cluster Resources (independent of Namespaces). These need to be installed first and globally.\n```bash\nhelm install nplus nplus/nplus-cluster\n```\nYou only need to perform this step once per Cluster, regardless of Environments/Namespaces.\n> If you don't want the *nplus* Helm application to appear in the current Namespace, you can install it as follows:\n```bash\nhelm template nplus nplus/nplus-cluster | kubectl apply -f -\n```\nAfter installing the cluster chart, you can test it by asking your cluster for deployed nscale resources:\n```bash\n$ kubectl get instance,component\nNo resources found in lab namespace.\n```\n*Instances* (also accessible via *nscale* or *nplus*) and *components* are custom resource definitions. Every Instance/Component installed will add an instance/component resource, and an *nplus operator* (which comes with the environment chart) will continuously check the instance/component health and report it via this command line or a web interface (see below).\n"}
|
||||
{"chapter": "Create an *nplus* Environment", "level": 1, "text": "You can deploy *nplus* into a Kubernetes namespace. If you do not specify one, you will use the default one, which is fine for our test cluster. If you use namespaces, you can have multiple *nplus* environments in your cluster. Any environment can operate multiple *nplus* instances. Every *nplus* instance normally holds many components, each being *ReplicaSets* with multiple replicas.\nTo create a simple *nplus* environment without any additional features, deploy it into your new cluster:\n> By setting `--devel`, we are fetching the latest development version\n```bash\n% helm install --devel demo nplus/nplus-environment\nNAME: demo\nLAST DEPLOYED: Tue Dec 19 16:39:51 2023\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\nNOTES:\nnplus-environment 0.2.2-16 / 0.2.2\nThis Environment Chart provides a common config pool and administrative tools to operate all nplus instances in this namespace. There must be exactly one deployed instance of this environment chart. Without the environment, the instance and component charts will fail to deploy.\nTo uninstall, use\nhelm uninstall demo\nThe environment DAV Server is disabled.\nThe nstore Downloader is disabled.\nThe toolbox is disabled.\nProviding 10Gi of storage under the name \"conf\" of class \"default\"\n```\nNow you have an empty cluster ready to get a first instance deployment.\n"}
|
||||
{"chapter": "Single Instance Mode", "level": 1, "text": "If you want to separate tenants on your system not only by instance but also by environment / namespace, you can run *nplus* in *single instance mode*.\nSIM (Single Instance Mode) lets you deploy your instance including all components of the environment in one single chart. Please see the [Instance README.md](../charts/instance/README.md) file for more details. This Quickstart Guide however is **not** using SIM.\n"}
|
||||
{"chapter": "Deploy an *nplus* Instance", "level": 1, "text": "Before we can deploy the first *nplus* Instance, we need to add the Secrets for the registries and also the nscale license to the environment:\n```bash\nkubectl create secret docker-registry nscale-cr \\\n--docker-server=ceyoniq.azurecr.io \\\n--docker-username=$NSCALE_ACCOUNT \\\n--docker-password=$NSCALE_TOKEN\nkubectl create secret docker-registry nplus-cr \\\n--docker-server=cr.nplus.cloud \\\n--docker-username=$NPLUS_ACCOUNT \\\n--docker-password=$NPLUS_TOKEN\nkubectl create secret generic nscale-license \\\n--from-file=license.xml=$NSCALE_LICENSE\n```\n> Make sure the license key is called `license.xml` as that is used as the key in the charts.\nSecrets are namespace-dependent (one cannot access secrets from other namespaces), so we have to deploy them for every environment/namespace we use in our cluster.\nThere are multiple ways of deploying an *nplus* Instance, the easiest one is by simply calling the helm install on the command line:\n```bash\nhelm install --devel myinstance nplus/nplus-instance\n```\nYou can check the status of the instance using:\n```bash\n"}
|
||||
{"chapter": "kubectl get instance", "level": 1, "text": "NAME HANDLER VERSION TENANT STATUS\nmyinstance Helm 9.1.1501 default starting\n```\nAnd the component status with:\n```bash\n"}
|
||||
{"chapter": "kubectl get components", "level": 1, "text": "NAME INSTANCE COMPONENT TYPE VERSION STATUS\ncomponent.nplus.cloud/myinstance-nstl myinstance nstl nstl 9.1.1200 healthy\ncomponent.nplus.cloud/myinstance-rs myinstance rs rs 9.1.1300 healthy\ncomponent.nplus.cloud/myinstance-database myinstance database database 15 healthy\ncomponent.nplus.cloud/myinstance-nappl myinstance nappl\ncore 9.1.1501 healthy\ncomponent.nplus.cloud/myinstance-web myinstance web web 9.1.1500 healthy\ncomponent.nplus.cloud/myinstance-administrator myinstance administrator administrator 9.1.1500 healthy\n```\nYou can check the log files of the *Application Layer* for instance by typing:\n```bash\n"}
|
||||
{"chapter": "kubectl logs -l nplus/instance=myinstance,nplus/component=nappl", "level": 1, "text": "```\n> Notice the locator in the logs example: Instead of telling kubectl the name of the pod or rs, we use locators because there may be multiple instances of these pods later, and we want to see all logs in one go (or have ELK, EFK, Splunk, or anything similar to do that for us).\n"}
|
||||
{"chapter": "Adding an Ingress", "level": 1, "text": "We need to know the available ingressClasses in our new Kubernetes Cluster, so we check that:\n```bash\n"}
|
||||
{"chapter": "kubectl get ingressclass", "level": 1, "text": "NAME CONTROLLER PARAMETERS AGE\npublic k8s.io/ingress-nginx <none> 72m\nnginx k8s.io/ingress-nginx <none> 72m\n```\n*Microk8s* comes with the most common classes, which both point to the same controller (in this case, nginx). *public* is indeed the default class for *nplus*. So we do not need to set that; it is already configured. We just need to tell the *nplus* instance to use a Domain for the ingress:\n```bash\nhelm upgrade --devel \\\n--set global.ingress.domain=myinstance.demo.nplus.cloud \\\nmyinstance nplus/nplus-instance\n```\nThis now activates an ingress for [https://myinstance.demo.nplus.cloud/nscale_web](https://myinstance.mydomain.demo.nplus.cloud/nscale_web). The easiest and fastest is probably to add the IP to the server into your `/etc/hosts` file.\n"}
|
||||
{"chapter": "Adding a Certificate", "level": 1, "text": "After just adding the domain, the browser will complain about the self-signed certificate. You can easily add your certificate into the secret `myinstance.demo.nplus.cloud-tls`, which has been created for you.\nHowever, the canonical way is to have *cert-manager* or a similar tool take care of your certificates and have them generated by your CA or *Lets Encrypt* or similar.\nIf you have a running instance of cert-manager, you just need to specify the issuer:\n```bash\nhelm upgrade --devel \\\n--set global.ingress.domain=myinstance.demo.nplus.cloud \\\n--set global.ingress.issuer=nplus-issuer \\\nmyinstance nplus/nplus-instance\n```\nIn this example, *nplus-issuer* is the name of the issuer we created during the [Addons Guide](docs/addons.md).\nYou can now access your new instance with [https://myinstance.demo.nplus.cloud](https://myinstance.demo.nplus.cloud) or whatever domain you might have for it.\n"}
|
||||
{"chapter": "Adding an Application", "level": 1, "text": "Trying to log in to your new instance will probably give you an error message:\n\nSo we need to create the Document Area and maybe even add some Business App.\nBusiness Apps can be installed from the *pool*. The *pool* is a shared file system, the *nplus environment* exposes to the *nplus instances*. This is handled by the *toolbox* feature, which is disabled by default.\nSo first, we enable it:\n```bash\nhelm upgrade --devel \\\n--set toolbox.enabled=true \\\n--set nstoreDownloader.enabled=true \\\ndemo nplus/nplus-environment\n```\nAnd while we are at it, we also enable the *nstore downloader*, which is a job running in the background automatically downloading the latest business app installer from Ceyoniq.\nIt will take a couple of minutes before the apps are downloaded by the job. You can peek into the folder:\n```bash\nkubectl exec --stdin --tty nplus-toolbox-0 -- ls -lais /conf/pool\n```\nThe Business Apps alone will not install without a proper *App-Installer*. You can download it from the Ceyoniq Service Portal. Once you have it, upload it to the pool as well:\n```bash\nkubectl cp app-installer-9.0.1202.jar nplus-toolbox-0:/conf/pool\n```\nNow, you have everything you need to get an App up:\n- The App Installer\n- Apps\nThe Command Line for installing our *myinstance* Instance is getting quite large, so here is how to put all that into one (or more) yaml files. Create a yaml called *myinstance.yaml* and add the following (which is identical to the command lines above plus the App Install)\nNotice that the domain is using a template function in this example. This adds the ability to reuse the same yaml for multiple instances. We will reuse it for the ArgoCD sample during the [ArgoCD Quickstart Guide](quickstart-argo.md).\n```yaml\nglobal:\ningress:\ndomain: \"{{ .Release.Name }}.demo.nplus.cloud\"\nissuer: \"nplus-issuer\"\ncomponents:\napplication: true\napplication:\nappInstaller: \"/pool/app-installer-9.0.1202.jar\"\ndocAreas:\n- id: \"SBS\"\nname: \"DocArea with SBS\"\ndescription: \"This is a sample DocArea with the SBS Apps installed\"\napps:\n- \"/pool/nstore/bl-app-9.0.1202.zip\"\n- \"/pool/nstore/gdpr-app-9.0.1302.zip\"\n- \"/pool/nstore/sbs-base-9.0.1302.zip\"\n- \"/pool/nstore/sbs-app-9.0.1302.zip\"\n- \"/pool/nstore/tmpl-app-9.0.1302.zip\"\n- \"/pool/nstore/cm-base-9.0.1302.zip\"\n- \"/pool/nstore/cm-app-9.0.1302.zip\"\n- \"/pool/nstore/hr-base-9.0.1302.zip\"\n- \"/pool/nstore/hr-app-9.0.1302.zip\"\n- \"/pool/nstore/pm-base-9.0.1302.zip\"\n- \"/pool/nstore/pm-app-9.0.1302.zip\"\n- \"/pool/nstore/sd-base-9.0.1302.zip\"\n- \"/pool/nstore/sd-app-9.0.1302.zip\"\n- \"/pool/nstore/kon-app-9.0.1302.zip\"\n- \"/pool/nstore/kal-app-9.0.1302.zip\"\n- \"/pool/nstore/dok-app-9.0.1302.zip\"\n- \"/pool/nstore/ts-base-9.0.1302.zip\"\n- \"/pool/nstore/ts-app-9.0.1302.zip\"\n- \"/pool/nstore/ocr-base-9.0.1302.zip\"\n```\nThis yaml will:\n- Switch on the *application chart*, which will install Apps\n- Tell the application to use the App Installer we just uploaded\n- Define a new Document Area (*SBS*) to be created\n- And then finally, in this example, we install SBS completely based on the Apps we downloaded from *nstore*. Make\nsure your license covers SBS; otherwise, it will fail.\nThen, you can upgrade *myinstance* with the new settings:\n```bash\nhelm upgrade \\\n--values myinstance.yaml \\\nmyinstance nplus/nplus-instance\n```\n> You can specify multiple values files, so it is fine to have one for the environment settings, one for the instance settings, and a third one for the application settings. This way, you can easily create multiple instances with shared settings to have maximum re-usage among instances.\nYou can follow the application installer using:\n```bash\n"}
|
||||
{"chapter": "kubectl logs -l job-name=myinstance-application -f", "level": 1, "text": "...\nDefaulted container \"run\" out of: run, wait-for-myinstance-nappl (init), copy-conf (init)\n2024-03-11 16:08:33,918 [main] INFO com.ceyoniq.nscale.appconfig.NscaleServerWriter - updating CustomConfiguration Procurement to 9.0.1302\n2024-03-11 16:08:33,993 [main] INFO com.ceyoniq.nscale.appconfig.NscaleServerWriter - finished app configuration..\nApp '/pool/pm-app-9.0.1302.zip' successfully installed\ninstall App /pool/sd-base-9.0.1302.zip into SBS\nTry installation of app zip: /pool/sd-base-9.0.1302.zip\n2024-03-11 16:08:36,406 [main] INFO com.ceyoniq.nscale.businessapps.sd.base.Installer - App ('sd-app') not installed yet. Installing version 9.0.1302\n2024-03-11 16:08:43,031 [main] INFO com.ceyoniq.nscale.appconfig.NscaleMapper.Icons - Installing icons..\n2024-03-11 16:08:43,033 [main] INFO com.ceyoniq.nscale.appconfig.NscaleMapper.Folders - Installing Folders..\n2024-03-11 16:08:43,037 [main] INFO com.ceyoniq.nscale.appconfig.NscaleMapper.FolderTemplates - Installing FolderTemplates..\n...\ndone config scripts.\nrunning application scripts\nRunning /application/*.sh\ndone application scripts.\n```\nOnce it is done, close your browser (to make sure you open a fresh session) and try to log in again:\n\n> Admin does not have any SBS user roles by default; that is why you do not see any Apps after login.\n"}
|
||||
{"chapter": "Further Reading", "level": 1, "text": "- You will find more complex examples in the [samples directory](/samples).\n- Please have a look at the README.md of the charts to explore more configuration options:\n```bash\nhelm show readme nplus/nplus-environment\nhelm show readme nplus/nplus-instance\n```\n- There are also charts for every component used by the instance umbrella chart.\n- You can also start configuring your instance by retrieving and altering the values.yaml of the chart.\n```bash\nhelm show values --devel nplus/nplus-instance > myinstance.yaml\n```\nThen edit this file. When you are done, apply it:\n```bash\nhelm upgrade --devel \\\n-f myinstance.yaml \\\nmyinstance nplus/nplus-instance\n```\n> Please be aware that the umbrella `values.yaml` does **not** contain all possible configuration options of the child charts.\n"}
|
||||
1
ai/jsonl/resources.jsonl
Normal file
1
ai/jsonl/resources.jsonl
Normal file
@@ -0,0 +1 @@
|
||||
{"chapter": "Handing Resources to Components", "level": 2, "text": "By default, no resources are set on the container. Thus, Kubernetes handles the container with best effort.\nResources can be set at\n| Key | Description | Default |\n|-----|-------------|---------|\n| resources.requests.cpu | sets the request, which is the minimum guaranteed | - |\n| resources.requests.memory | sets the request, which is the minimum guaranteed | - |\n| resources.limits.cpu | sets the limit, which is the maximum allowed | - |\n| resources.limits.memory | sets the request, which is the maximum allowed | - |\n- if nothing is defined, Kubernetes handles it BestEffort\n- if requests are defined, but no limits, Kubernetes handles it Burstable\n- if both are defined, Kubernetes handles it Guaranteed\nPlease take caution when setting parameters and also have a look at this interesting article regarding resources and JVM resource handling:\nhttps://xebia.com/blog/kubernetes-and-the-jvm/\n"}
|
||||
6
ai/jsonl/security.jsonl
Normal file
6
ai/jsonl/security.jsonl
Normal file
@@ -0,0 +1,6 @@
|
||||
{"chapter": "Security settings", "level": 2, "text": "You can set the security options per *component*, per *instance* or per *environment*.\nThe priority is:\n1. component\n2. instance\n3. environment\nIt is recommended to set the security per environment to make sure you do not forget a component.\n"}
|
||||
{"chapter": "Illumio", "level": 3, "text": "Example `environment` setting for Illumio:\n```\nglobal:\nenvironment:\nsecurity:\nillumio:\nenabled: true\nloc: \"mylocation\"\nsupplier: \"mysupplier\"\nplatform: \"myplatform\"\nreadinessGates:\n- conditionType: \"com.illumio.policy-ready\"\n```\n"}
|
||||
{"chapter": "CNI, such as Calico or Cilium", "level": 3, "text": "Example `environment` setting for CNI:\n```\nglobal:\nenvironment:\nsecurity:\ncni:\ndefaultIngressPolicy: deny\ndefaultEgressPolicy: deny\ncreateNetworkPolicy: true\nexcludeUnusedPorts: false\n```\n**excludeUnusedPorts** can add a port config to your ingress rules. However, not every CNI is capable of all Attributes (like `EndPort` is currently not supported by cilium).\nSo you can switch this off, if your CNI does not support it.\n"}
|
||||
{"chapter": "zeroTrust Policy", "level": 3, "text": "Some Tools like Cilium transparently encrypt the Node to Node traffic in a Cluster. If you, however, want to aditionally deny all http traffic within a node, you can\nenable `zeroTrust` by setting:\n```\nglobal:\nsecurity:\nzeroTrust: true\n```\nPlease make sure you also set all backendProtocols to https. For a complete example, please see the sample values file `zerotrust.yaml` in the samples directory.\n"}
|
||||
{"chapter": "Encrypted backend", "level": 3, "text": "An optional approach to zeroTrust (see above) is to set the backenProtocol to http. This leaves the http ports available (zeroTrust would not),\nbut switches the component backend traffic to https (for ingress, probes, ...).\nIt is not as strict as zeroTrust and can be set per component like this:\n```\ningress:\nbackendProtocol: https\n```\nPlease see the example file `encrypt.yaml` in the samles directory for more information.\n"}
|
||||
{"chapter": "Security Context", "level": 3, "text": "You can add a `containerSecurityContext` to the component by adding it in the values file:\n```\nsecurity:\ncontainerSecurityContext:\ncapabilities:\ndrop: [\"ALL\"]\n```\nAdditionally, add a `podSecurityContext` if desired:\n```\nsecurity:\npodSecurityContext:\nrunAsNonRoot: true\nrunAsUser: 1000\nrunAsGroup: 1000\n```\n> **Note**: This setting can not be set on instance or environment level.\n"}
|
||||
Reference in New Issue
Block a user